A data transmission method
By dynamically generating keys, a unique key is used for each data transmission, which solves the problem of the wide impact of key leakage in existing encryption schemes and improves the security of data transmission and management efficiency.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- TECHNOLOGY (CHENGDU) CO LTD
- Filing Date
- 2026-03-03
- Publication Date
- 2026-06-16
Smart Images

Figure CN121887529B_ABST
Abstract
Description
Technical Field
[0001] This specification relates to the field of data transmission technology, and in particular to a data transmission method. Background Technology
[0002] In a digital society, secure data transmission is a systemic project involving privacy, business, law, and security. In the software industry, a common solution for secure data transmission is for the sender to encrypt the data and the receiver to decrypt it, ensuring that the data is not stolen, tampered with, or illegally accessed during transmission. Currently, commonly used data encryption and decryption schemes mainly include symmetric and asymmetric encryption schemes. The keys for both symmetric and asymmetric encryption schemes are typically long-term valid. Once a key used for a certain period is leaked, an attacker can decrypt all sensitive data encrypted with that key during that period, resulting in a significant impact. Summary of the Invention
[0003] To increase the difficulty of a single data breach and reduce the scope of data affected by a single breach, this invention proposes a data transmission method.
[0004] The invention includes a data transmission method executed by a data output end and a data receiving end, comprising: the data output end acquiring raw data; the data output end determining an initial dynamic factor based on the raw data, wherein the initial dynamic factor includes at least an algorithm bit, the value of which corresponds to at least one preset confidentiality algorithm; the data output end determining an initial key based on the initial dynamic factor; the data output end generating ciphertext data based on the initial key and the raw data; the data output end determining an actual key based on the ciphertext data and the initial key; the data output end transmitting the actual key and the ciphertext data to the data receiving end; and the data receiving end decrypting the ciphertext data based on the actual key to obtain the raw data.
[0005] In some embodiments, the initial dynamic factor further includes at least a parameter bit and a first loop bit, wherein the composition of the parameter bit is determined based on the at least one preset confidentiality algorithm corresponding to the value of the algorithm bit, and the value of the first loop bit is not less than a preset minimum number of loops.
[0006] In some embodiments, the preset confidentiality algorithm includes at least one of dynamic shifting and offset permutation; the components of the parameter bit include a first length bit and a first offset bit, wherein the value of the first length bit is determined based on the data length of the original data, and the value of the first offset bit is determined based on the data length of the original data and the value of the first length bit.
[0007] In some embodiments, the data output terminal determines the actual key based on the ciphertext data and the initial key, including: determining the actual number of cycles of the ciphertext data and the last cycle feature data of the ciphertext data based on the ciphertext data; and determining the actual key based on the initial dynamic factor, the actual number of cycles, and the last cycle feature data.
[0008] In some embodiments, the initial key further includes at least the initial dynamic factor, and the actual key includes at least the actual dynamic factor, the actual dynamic factor including a first extension bit; determining the actual key based on the initial dynamic factor, the actual number of loops, and the last loop feature data includes: determining a second loop bit of the actual dynamic factor based on the actual number of loops and the first loop bit of the initial dynamic factor; determining the first extension bit of the actual dynamic factor based on the last loop feature data; and determining the actual dynamic factor based on the algorithm bit, the parameter bit, the second loop bit, and the first extension bit, thereby determining the actual key.
[0009] In some embodiments, the initial key further includes a valid bit, the value of which corresponds to the number of bits in the valid data string; the data output terminal determines an initial dynamic factor based on the original data, including: selecting at least one preset dynamic factor that meets preset requirements from a dynamic factor library based on the original data; selecting one of the preset dynamic factors as the initial dynamic factor from the at least one preset dynamic factor; the data output terminal further determines an initial key based on the initial dynamic factor, including: determining the value of the valid bit of the initial key based on the initial dynamic factor.
[0010] In some embodiments, the actual key further includes a second extension bit and a third extension bit, and the data output terminal further determines the actual key based on the initial dynamic factor, the actual number of cycles, and the last cycle feature data, including: determining the second extension bit based on the actual number of cycles; and determining the third extension bit based on the last cycle feature data.
[0011] In some embodiments, the data output terminal determines the initial dynamic factor based on the original data, including: determining the number of bits of the algorithm bit and the at least one preset security algorithm used based on the data type of the original data; and determining the value of the algorithm bit based on the number of bits of the algorithm bit and the at least one preset security algorithm used.
[0012] In some embodiments, the initial dynamic factor further includes an indicator bit, which is used to indicate the number of bits in the algorithm bits; each preset security algorithm corresponds to an algorithm value; the data output terminal determines the initial dynamic factor based on the original data, including: determining the value of the indicator bit based on the number of the at least one preset security algorithm, and then determining the indicator bit; determining the initial dynamic factor based on the indicator bit, the algorithm bits, the parameter bits, and the first loop bit; determining the value of the algorithm bits based on the number of bits in the algorithm bits and the at least one preset security algorithm used includes: determining the order of each algorithm value in the algorithm bits based on the order of the at least one preset security algorithm, and then determining the value of the algorithm bits.
[0013] In some embodiments, the data output terminal determines an initial dynamic factor based on the original data, including: determining the initial dynamic factor based on the original data using a factor determination model, wherein the factor determination model is a machine learning model.
[0014] The beneficial effects of the above invention include, but are not limited to: (1) The use of a "one-time key" dynamic encryption mechanism (i.e., the key used for each data transmission is dynamically generated based on the encryption process of that data transmission and is only valid for that data transmission) means that even if the key of a certain transmission is cracked, the attacker can only infer the encryption logic of that transmission based on the key of that transmission. Since the encryption logic of other keys is different (such as the data structure of the key, the number and type of preset encryption algorithms used, etc.), the attacker cannot crack other keys based on the key that was leaked this time, so the impact of a single key leak is small. (2) Since each key corresponds to an independent encryption logic, even if the attacker obtains a small number of keys, it is difficult to determine the complete configuration information (i.e., the key generation algorithm is difficult to crack), further reducing the risk of leakage of other sensitive data. Even if the configuration information is completely determined by the attacker, the administrator can update the configuration information and change the way the configuration information is obtained (such as changing the location of the configuration information, the algorithm of the security channel, etc.), increasing the security of subsequent data transmission. Attached Figure Description
[0015] This specification will be further described by way of exemplary embodiments, which will be described in detail with reference to the accompanying drawings. These embodiments are not limiting; in these embodiments, the same reference numerals denote the same structures, wherein:
[0016] Figure 1 This is an exemplary flowchart of a data transmission method according to some embodiments of this specification;
[0017] Figure 2This is one of the exemplary schematic diagrams illustrating the determination of the actual key according to some embodiments of this specification;
[0018] Figure 3 This is a second exemplary schematic diagram illustrating the determination of the actual key according to some embodiments of this specification;
[0019] Figure 4 This is an exemplary schematic diagram illustrating the determination of algorithm bit values according to some embodiments of this specification;
[0020] Figure 5 This is an exemplary schematic diagram illustrating the determination of initial dynamic factors based on a factor determination model according to some embodiments of this specification. Detailed Implementation
[0021] To more clearly illustrate the technical solutions of the present invention, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the drawings described below are merely some examples or embodiments of this specification. For those skilled in the art, these drawings can be applied to other similar scenarios without creative effort. Unless obvious from the context or otherwise specified, the same reference numerals in the drawings represent the same structures or operations.
[0022] Unless the context explicitly indicates an exception, words such as "a," "an," "a kind," and / or "the" do not specifically refer to the singular and may also include the plural. Generally speaking, the terms "comprising" and "including" only indicate the inclusion of explicitly identified steps and elements, which do not constitute an exclusive list, and the method may also include other steps.
[0023] In the software industry, a common approach to secure data transmission is for the sender to encrypt the data and the receiver to decrypt it, thus ensuring data confidentiality during transmission. Currently, commonly used data encryption and decryption schemes mainly include symmetric encryption schemes and asymmetric encryption schemes.
[0024] Symmetric encryption schemes require both communicating parties to use the same key (which must be kept secret) and to encrypt and decrypt sensitive data using a publicly available and identical encryption / decryption algorithm. However, since all sensitive data within a given time period is encrypted using the same key, if the key is leaked, all sensitive data from that period is potentially vulnerable to unauthorized access, resulting in a wide-ranging impact. Furthermore, the secure distribution and management of keys themselves presents challenges.
[0025] Asymmetric encryption schemes require generating public and private key pairs, with the public key being made public and the private key kept secret. Communication uses either the public or private key for encryption, and decryption requires the corresponding public or private key. However, this scheme requires maintaining a public key certificate system, resulting in high update and management costs. Furthermore, this scheme also suffers from the problem of all sensitive data using the same key (or key pair) for a certain period; if the private key is leaked, the impact can be widespread.
[0026] Therefore, there is an urgent need to propose a data transmission method that increases the difficulty of a single leak and reduces the scope of data affected by a cracked key, thereby improving overall security.
[0027] This specification provides a data transmission method through some embodiments.
[0028] Figure 1 This is an exemplary flowchart illustrating a data transmission method according to some embodiments of this specification. In some embodiments, process 100 may be executed by a data output end and a data receiving end.
[0029] A data output terminal is a terminal that transmits data to a data receiving terminal. For example, a data output terminal may include a mobile phone, computer, tablet, etc. A data receiving terminal is a terminal that receives data transmitted from the data output terminal. For example, a data receiving terminal may include a mobile phone, computer, tablet, etc. In some embodiments, the data output terminal and the data receiving terminal can establish a communication connection via a network, Bluetooth, etc., thereby enabling data transmission.
[0030] In some embodiments, such as Figure 1 As shown, process 100 may include the following steps.
[0031] Step 110: Obtain the raw data from the data output terminal.
[0032] Raw data refers to the initial information or data content acquired by the data output terminal without encryption. In some embodiments, the data output terminal may acquire raw data input by the user, transmitted externally, or read locally.
[0033] In some embodiments, the raw data may include multiple data types, such as at least one of text, streaming media, and drawings. Here, data type refers to the content format of the raw data. In some embodiments, the data output terminal can read the attributes of the raw data to determine its file extension or protocol header, thereby determining the data type of the raw data.
[0034] Step 120: The data output end determines the initial dynamic factor based on the original data.
[0035] In some embodiments, before encrypting the original data (i.e. before constructing the initial dynamic factor), the data receiver and the data sender may predetermine the configuration information used to generate and parse the key to ensure that the configuration held by both parties is consistent (i.e., information alignment).
[0036] Configuration information refers to the key generation logic.
[0037] In some embodiments, the configuration information may include the key's data structure. For example, the key may contain multiple parameters, the order in which these parameters are arranged, and the data structure, number of bits, encoded value, and corresponding meaning of each parameter. Further details regarding the key are described below.
[0038] In some embodiments, the configuration information may also include various preset databases (such as algorithm libraries, dynamic factor libraries, etc.), which are used to map the relationship between the encoded values of each parameter (or the sub-parameters contained in the parameter) and the encryption logic. Further explanation of algorithm libraries and dynamic factor libraries is provided below.
[0039] In some embodiments, configuration information may be stored in a trusted configuration server, and the data receiver and data sender may access the configuration server to obtain the configuration information.
[0040] In some embodiments, the configuration information may also be pre-configured in the data receiver or data sender. Taking the configuration information stored in the data sender as an example, the data receiver can establish a secure channel with the data sender (e.g., using asymmetric encryption, secure transport layer protocol, Bluetooth pairing, etc.) to obtain the configuration information.
[0041] In some embodiments, the configuration information can be updated periodically. When the configuration information is updated, the data receiver and the data sender need to switch to the updated configuration information synchronously to ensure that encryption and decryption can be performed normally (i.e., the configuration information of the data receiver and the data sender needs to be the same in order to achieve decryption).
[0042] Dynamic factors refer to a set of parameters used to encrypt the original data. In some embodiments, dynamic factors may include multiple parameters (such as algorithm bits, parameter bits, loop bits, etc.), each parameter being used to characterize the logic of the confidentiality processing (such as the preset confidentiality algorithm used, the control parameters of the preset confidentiality algorithm, or the number of loops of the preset confidentiality algorithm, etc.).
[0043] An initial dynamic factor is used to construct an initial key. In some embodiments, the initial dynamic factor includes at least an algorithm bit, the value of which corresponds to at least one preset confidentiality algorithm.
[0044] The algorithm bits are used to determine the number, type, and order of preset encryption algorithms. A preset encryption algorithm refers to the algorithm used to encrypt the original data. In some embodiments, the preset encryption algorithm may include at least one of dynamic shifting, offset permutation, etc.
[0045] Dynamic shifting refers to an encryption operation that moves the data string to be processed. Offset permutation refers to an encryption operation that swaps the data string to be processed with a data string of the same length at an offset distance. A data string refers to one or more data units (bits, bytes, characters, or blocks of data) in the original data. The data string to be processed refers to the data string that needs to be processed using a preset security algorithm. Further explanation of dynamic shifting, offset permutation, and the data to be processed is provided below.
[0046] The value of the algorithm bit refers to the encoded information of the data string representing the algorithm bit. In some embodiments, the value of the algorithm bit can be mapped to one or more preset security algorithms. Different values of the algorithm bit correspond to different types of preset security algorithms and their order. The values of the algorithm bits and the corresponding preset security algorithms and their order can be pre-stored in the configuration information by technicians.
[0047] As an example only, when the value of the algorithm bit is code1, the default encryption algorithm is dynamic shift; when the value of the algorithm bit is code2, the default encryption algorithm is offset permutation; when the value of the algorithm bit is code3, the default encryption algorithms are dynamic shift and offset permutation in sequence; when the value of the algorithm bit is code4, the default encryption algorithms are offset permutation and dynamic shift in sequence.
[0048] In some embodiments, the data output terminal can determine at least one applicable preset security algorithm based on the data type of the original data, determine the value of the algorithm bit based on the at least one preset security algorithm, and thus determine the algorithm bit. The data type of the original data and the applicable preset security algorithm can be preset by a technician.
[0049] In some embodiments, the initial dynamic factor further includes at least a parameter bit and a first loop bit. The composition of the parameter bit is determined based on at least one preset confidentiality algorithm corresponding to the value of the algorithm bit, and the value of the first loop bit is not less than a preset minimum number of loops.
[0050] The parameter bits are used to determine the control parameters of the preset security algorithm corresponding to the algorithm bits. The components of the parameter bits refer to the control parameters required to execute the preset security algorithm corresponding to the algorithm bits. For example, when the preset security algorithm includes at least one of dynamic shifting and offset permutation, the components of the parameter bits include a first length bit and a first offset bit; see the description below for further details. In some embodiments, different combinations and sequences of preset security algorithms correspond to parameter bits with different components, and the data output terminal can determine the components of the parameter bits based on configuration information.
[0051] In some embodiments, after the components of the parameter bits are determined, the data output terminal can provide a preset database in the configuration information to randomly generate or select values that meet the preset requirements for each component.
[0052] The first loop bit is used to determine the planned number of iterations for executing the preset encryption algorithm. The value of the first loop bit refers to the encoded information of the data string representing the first loop bit. In some embodiments, the value of the first loop bit can map the planned number of iterations for executing the preset encryption algorithm on the original data at the data output end. For example, a value of 2 for the first loop bit means that the expected number of times the preset encryption algorithm needs to be executed on the original data is 2.
[0053] The preset minimum number of loops refers to the minimum number of times the preset encryption algorithm is executed at the data output end. In some embodiments, the preset minimum number of loops can be determined by technical personnel based on actual needs.
[0054] In some embodiments, the data output terminal may determine the value range of the first loop bit based on a preset minimum number of loops and the number of bits, and randomly select a value between the preset minimum number of loops and the maximum value of the first loop bit as the value of the first loop bit.
[0055] Here, the number of bits refers to the number of data units in a data string. For example, the number of bits in the first cycle bit refers to the number of data units in the data string of the first cycle bit. In some embodiments, the number of bits for a parameter can be determined based on configuration information. In some embodiments, the number of bits can constrain the value range of the corresponding data string. For example, when the number of bits in the data string is 3, the value range of the data string is 001~999.
[0056] As an example only, when the preset minimum number of cycles is 8 and the number of bits in the first cycle is 2, the data output terminal can randomly select any value between 08 and 99 as the value of the first cycle bit.
[0057] In some embodiments of this specification, the composition of the parameter bits is dynamically determined by the selected algorithm. This solves the problem in traditional encryption methods where fixed parameters or a limited range of choices lead to a single encryption mode that is easily analyzed and predicted. By limiting the first cycle bit, the low encryption level can be avoided due to an insufficient number of cycles in the pre-defined encryption algorithm.
[0058] In some embodiments, the preset confidentiality algorithm includes at least one of dynamic shifting and offset permutation; the parameter bits are composed of a first length bit and a first offset bit, the value of the first length bit is determined based on the data length of the original data, and the value of the first offset bit is determined based on the data length of the original data and the value of the first length bit.
[0059] The first length bit is used to determine the length of the data string to be processed. The length of a data item refers to the number of data units contained in that data.
[0060] The value of the first length bit refers to the encoded information representing the data string of the first length bit. In some embodiments, the value of the first length bit can map the data length of the data string to be processed in each round of encryption processing. In some embodiments, the data output terminal can take the data string consisting of the first N data units after the data string to be processed in the t-th round of the encrypted data output in the t-th round as the data to be processed in the (t+1)-th (t≥1)-th round.
[0061] Encrypted data refers to the intermediate data output during the encryption process. The data string to be processed in the first round is a data string composed of the first N data units in the original data.
[0062] In some embodiments, the data output terminal may randomly generate a value for the first length bit that satisfies a first preset requirement based on the number of bits in the first length bit and the data length of the original data.
[0063] In some embodiments, the first preset requirement may include: the value of the first length bit is not less than 1, and the ratio of the value of the first length bit to the data length of the original data is not greater than a preset threshold. The preset threshold is set based on actual needs.
[0064] As an example only, when the length of the original data is 20, the preset threshold is 20%, and the number of bits in the first length bit is 2, the value of the first length bit must be less than 4, and the data output terminal can randomly select any one of 01 to 03 as the value of the first length bit.
[0065] The first offset bit is used to determine the offset distance of the data string to be processed. The value of the first offset bit refers to the encoded information of the data string representing the first offset. In some embodiments, the value of the first offset bit can map the offset distance of the data string to be processed in each round of encryption processing.
[0066] For example, the offset distance of the (t+1)th round of encryption processing can be the sum of the offset distance of the tth round and the first threshold. In some embodiments, the first threshold can be a fixed value (such as 0, 1, etc.) or a variable value (such as a preset threshold that increases with the number of rounds). In some embodiments, the first threshold corresponding to different preset encryption algorithms can be the same or different.
[0067] In some embodiments, the offset distance of the first round is determined based on the value of a first length bit. For example, the offset distance of the first round can be the value of the first length bit or the sum (or product) of the value of the first length bit and a second threshold, the second threshold being set based on actual needs.
[0068] In some embodiments, the data output terminal may randomly generate a value for the first length bit that satisfies a second preset requirement based on the value of the first length bit, the number of bits of the first offset bit, and the data length of the original data.
[0069] In some embodiments, the second preset requirement may include: the sum of the value of the first offset bit and the value of the first length bit is less than the data length of the original data.
[0070] Continuing with the previous example, when the value of the first length bit is 03 and the number of bits of the first offset bit is 2, the value of the first offset bit must be less than 17. The data output terminal randomly selects any one of 01 to 16 as the value of the first offset bit.
[0071] In some embodiments of this specification, the first length bit and the first offset bit are dynamically determined based on the data length of the original data, so that the value of the parameter bit (i.e. the parameter of the encryption operation) can only be effective for the original data transmitted in this instance, thereby reducing the scope of impact after a single leak.
[0072] In some embodiments, the data output terminal can determine the values and arrangement order of the algorithm bit, parameter bit, and first loop bit to construct an initial dynamic factor. The arrangement order of the algorithm bit, parameter bit, and first loop bit can be set based on configuration information. For example, the arrangement order can be algorithm bit, parameter bit, and first loop bit in sequence.
[0073] Step 130: The data output end determines the initial key based on the initial dynamic factor.
[0074] A key refers to parameter information used to control encryption and / or decryption. In some embodiments, the key may consist of dynamic factors. In some embodiments, the key may also consist of dynamic factors and obfuscation data. Obfuscation data refers to a data string that does not participate in the encryption or decryption process. In some embodiments, obfuscation data is used to increase the level of security.
[0075] An initial key refers to a key generated based on an initial dynamic factor. In some embodiments, the data output end can generate an initial key in various ways. For example, the data output end can construct an initial key based on the initial dynamic factor. Another example is that the data output end can randomly generate invalid bits and construct an initial key using the invalid bits and the initial dynamic factor.
[0076] Step 140: The data output end generates ciphertext data based on the initial key and the original data.
[0077] Ciphertext data is data that cannot be directly deciphered after the original data is encrypted using an initial key at the data output end.
[0078] In some embodiments, the data output terminal may determine the data string to be processed based on the first length bit; perform multiple encryption processes on the data string to be processed in each round based on at least one preset confidentiality algorithm corresponding to the algorithm bit, the first offset bit and the first cycle bit; when the dynamic termination condition is met, the encryption process terminates and the encrypted data of the previous round that met the dynamic termination condition is used as the ciphertext data.
[0079] In some embodiments, the dynamic termination condition may include either the total number of encryption processes reaching the maximum number of loops, or the total number of encryption processes reaching the expected number (i.e., the value of the first loop bit).
[0080] In some embodiments, when the offset distance of the (t+1)th (t≥1)th round of encryption processing is greater than the data length of the buffer data string of the (t+1)th round, the (t+1)th round of encryption processing cannot be executed (i.e., the last round of encryption processing is the tth round). The data output terminal can use t as the maximum number of loops, and the ciphertext data is the encrypted data of the tth round.
[0081] The buffered data string can be understood as the unprocessed data string in the encrypted data output from the previous round. For example, the buffered data string in round t+1 could be the data string following the unprocessed data string in round t within the encrypted data output from round t. The buffered data string in the first round is the data string composed of the first data unit to the last data unit of the original data (i.e., the entire frequency band).
[0082] The following examples illustrate three scenarios, with the following encoding values: dynamic displacement value 1, offset permutation value 2, operation one (dynamic offset and offset permutation) value 3, operation two (dynamic offset and offset permutation) value 3, first length bit value 2 (indicating the data string to be processed includes 2 data units), first offset bit value 2 (indicating the offset distance is 2 data units), first loop bit value 8, initial dynamic factor data structure as: algorithm bit (1 bit) + first length bit (2 bits) + first offset bit (2 bits) + first loop bit (1 bit), original data Data1 as {abcdefghijklmn}, original data Data2 as {abcdefghijklmnopq}, and dynamic termination condition as the total number of encryption processes equals the maximum number of loops.
[0083] Example 1: When the original data Data1 is encrypted using dynamic shifting, the initial dynamic factor is 103028.
[0084] For the first round of encryption processing, the data output terminal reads the first three data units from the original data {abcdefghijklmn} as the first round of data string to be processed {abc}, and the first round of buffered data string is {abcdefghijklmn}. The first round of data string to be processed {abc} is shifted two units to the right to obtain the first round of encrypted data {deabcfghijklmn}.
[0085] For the second round of encryption, the data output end takes the first three data units after the first round's unprocessed data string {abc} in the first round's encrypted data {deabcfghijklmn} as the second round's unprocessed data string {fgh}, and takes the data string after the second round's unprocessed data string {fgh} as the second round's buffered data string {ijklmn}. Since the second round's buffered data string {ijklmn} has a data length of 6 and is greater than the second round's offset distance of 2, the second round of encryption can be executed. The second round's unprocessed data string {fgh} is shifted two units to the right to obtain the second round's encrypted data {deabcijfghklmn}.
[0086] For the third round of encryption processing, the data output end takes the first three data units after the second round's unprocessed data string {fgh} from the second round's encrypted data {deabcijfghklmn} as the third round's unprocessed data string {klmn}, and takes the data string after the third round's unprocessed data string {klmn} as the third round's unprocessed data string {n}. Since the data length of the third round's buffered data string {n} is 1 and less than the third round's offset distance of 2, the third round cannot be executed.
[0087] Therefore, the maximum number of loops in the first embodiment above is 2, and the output ciphertext data is the encrypted data {deabcijfghklmn} of the second round.
[0088] Example 2: When the original data Data2 is encrypted using offset permutation, the initial dynamic factor is 203028.
[0089] For the first round of encryption processing, the data output terminal reads the first three data units from the original data {abcdefghijklmnopq} as the first round of data string to be processed {abc}. Then, it reads the last two units of the first round of data string {abc}, which is the same length as the first round of data string {abc}. The data string {fgh} is then swapped with {abc} to obtain the first round of encrypted data {fghdeabcijklmnopq}.
[0090] For the second round of encryption, the data output terminal reads the second round of data to be processed as {ijk} and the second round of buffered data as {ijklmnopq}. The length of the second round of buffered data as {ijklmnopq} is 9 and greater than 2. The second round of encryption can be executed. Read the data string {nop}, which is two units after the second round of data to be processed {ijk} and has the same length as the second round of data to be processed {ijk}. Swap {ijk} with {nop} to obtain the second round of encrypted data {fghdeabcnoplmijkq}.
[0091] For the third round of encryption, the buffered data string for the third round is {q}. Since the data length of the buffered data string {q} for the third round is 1, which is less than the offset distance of 2 for the third round, the third round cannot be executed.
[0092] Therefore, the maximum number of cycles in the above embodiment two is 2, and the output ciphertext data is the encrypted data of the second round {fghdeabcnoplmijkq}.
[0093] Example 3: When using multiple preset security algorithms (such as offset permutation and dynamic shift in sequence), the data output terminal can select one of operation one and operation two.
[0094] When operation one is selected, the initial dynamic factor is 303028.
[0095] Operation 1: Starting from the first round, perform offset permutation until the offset distance of the offset permutation in round t+1 is greater than the data length of the buffered data string in round t+1. Use the encrypted data of round t as the input of round t+1. Starting from round t+1, perform dynamic shift until the offset distance of the dynamic shift in round t+n (n is greater than 1) is greater than the data length of the buffered data string in round t+n. Use t+n-1 as the maximum number of iterations, and the ciphertext data is the encrypted data of round t+n-1.
[0096] When operation two is selected, the initial dynamic factor is 403028.
[0097] Operation 2: For the first round of encryption, the data string to be processed in the first round is first offset and dynamically offset in sequence; then the data string to be processed in the second round is offset and dynamically offset in sequence; until the offset distance of the dynamic displacement in the (t+1)th round is greater than the data length of the buffered data string in the (t+1)th round, t is taken as the maximum number of loops, and the ciphertext data is the encrypted data of the tth round.
[0098] Step 150: The data output end determines the actual key based on the ciphertext data and the initial key.
[0099] The actual key refers to the key that needs to be sent to the data receiving end. In some embodiments, the data output end can determine the actual key in various ways.
[0100] For example, the data output end can determine the actual number of cycles and the last cycle characteristic data of the ciphertext data based on the ciphertext data; and determine the actual key based on the initial dynamic factor, the actual number of cycles, and the last cycle characteristic data. See also: [link to related content] Figure 2 The description in the text.
[0101] For example, the data output end can also determine the second cycle bit of the actual dynamic factor based on the actual number of cycles and the first cycle bit of the initial dynamic factor; determine the first extension bit of the actual dynamic factor based on the feature data of the last cycle; and determine the actual dynamic factor based on the algorithm bit, parameter bit, second cycle bit, and first extension bit, thereby determining the actual key. See also [link to relevant content] for more details. Figure 3 The description in the text.
[0102] Step 160: The data output end transmits the actual key and ciphertext data to the data receiving end.
[0103] In some embodiments, the data output end can transmit the actual key and ciphertext data to the data receiving end via a network, Bluetooth, or other means. It is worth noting that both the ciphertext data and the actual key are public data, but because unauthorized personnel do not know the meaning of each data unit of the actual key, they maintain confidentiality.
[0104] Step 170: The data receiving end decrypts the ciphertext data based on the actual key to obtain the original data.
[0105] In some embodiments, the data receiver may determine at least one preset confidentiality algorithm based on the algorithm bits (also known as the second algorithm bits) of the actual key; determine the data length and offset distance of the data string to be processed during encryption based on the parameter bits (also known as the second parameter bits) of the actual key; and determine the actual number of encryption attempts based on the second cycle bit, thereby decrypting the ciphertext data.
[0106] The keys for both symmetric and asymmetric encryption schemes are typically long-term valid; for example, a single key might be used for all transmissions of sensitive data over months or years. If a key used for a particular period is leaked, an attacker can decrypt all sensitive data encrypted with that key during that period, resulting in a significant and widespread impact.
[0107] The data transmission method proposed in this invention, due to the confidentiality of configuration information, makes the key merely a code string that is difficult for attackers to discover the rules of, and thus makes it impossible to reconstruct the encryption process of sensitive data. Therefore, it is difficult for sensitive data to be leaked in a single instance.
[0108] Furthermore, due to the use of a dynamic "one-time pad" encryption mechanism (meaning the key used for each data transmission is dynamically generated based on the encryption process of that transmission and is only valid for that transmission), even if the key for a particular transmission is cracked, an attacker can only deduce the encryption logic for that transmission based on that key. Because the encryption logic for other keys is different (such as different key data structures, different numbers and types of preset encryption algorithms used, etc.), attackers cannot crack other keys based on the key that was leaked in this transmission. Therefore, the impact of a single key leak is relatively small.
[0109] Furthermore, due to the independent encryption logic corresponding to each key, even if an attacker obtains a small number of keys, it is difficult to determine the complete configuration information (i.e., the configuration information is difficult to crack), further reducing the risk of leakage of other sensitive data. Even if the configuration information is completely determined by an attacker, the administrator can update the configuration information and change the way the configuration information is obtained (such as changing the location of the configuration information, the algorithm of the secure channel, etc.), increasing the security of subsequent data transmission.
[0110] It should be noted that the above description of process 100 is for illustrative purposes only and does not limit the scope of this specification. Those skilled in the art can make various modifications and changes to process 100 under the guidance of this specification. However, these modifications and changes remain within the scope of this specification.
[0111] Figure 2 This is one of the exemplary schematic diagrams illustrating the determination of the actual key according to some embodiments of this specification.
[0112] In some embodiments, such as Figure 2 As shown, the data output end can determine the actual cycle number 220 and the last cycle feature data 230 of the ciphertext data based on the ciphertext data 210; and determine the actual key 250 based on the initial dynamic factor 240, the actual cycle number 220 and the last cycle feature data 230.
[0113] The actual number of loops refers to the actual number of times the preset encryption algorithm is executed. The last loop feature data refers to the length of the unchanged data at the end of the ciphertext data. The unchanged data at the end can be understood as the data string in the ciphertext data that, compared to the original data, starts from the last data unit whose position changed and continues to the last data unit of the ciphertext data.
[0114] In some embodiments, the data output terminal may record the actual number of cycles and the feature data of the last cycle during the encryption process.
[0115] catch Figure 1In Example 1 of step 140, the actual number of iterations is 2, the tail-end unchanged data is {klmn}, and its data length is 4. Therefore, the feature data of the last iteration is 4. In Example 2, the actual number of iterations is 2, the tail-end unchanged data is {ijkq}, and its data length is 4. Therefore, the feature data of the last iteration is 4.
[0116] In some embodiments, the data output terminal can generate the actual key in various ways. For example, the data output terminal can modify the initial key based on the actual number of loops and the feature data of the last loop, thereby generating the actual key. As another example, the data output terminal can determine the actual dynamic factor based on the actual number of loops and the feature data of the last loop, thereby generating the actual key.
[0117] In some embodiments of this specification, based on the ciphertext data, the actual number of cycles and the last cycle characteristic data of the ciphertext data are determined. Based on the initial dynamic factor, the actual number of cycles, and the last cycle characteristic data, the actual key is determined, which enables the data receiving end to quickly determine the decryption method flow through the actual key.
[0118] In some embodiments, the initial key may include at least an initial dynamic factor, and the actual key may include at least an actual dynamic factor, wherein the actual dynamic factor includes a first extension bit.
[0119] In some embodiments, the initial key may include an initial dynamic factor. In some embodiments, the initial key may also include an initial dynamic factor and obfuscation data.
[0120] The actual dynamic factor is used to construct the actual key. In some embodiments, the actual key may include the actual dynamic factor. In some embodiments, the actual key may also include the actual dynamic factor and obfuscation data.
[0121] The first extension bit is used to characterize the feature data of the last cycle. In some embodiments, the first extension bit may be located after the second cycle bit.
[0122] Figure 3 This is a second exemplary schematic diagram illustrating the determination of the actual key according to some embodiments of this specification.
[0123] In some embodiments, such as Figure 3As shown, the data output terminal can also determine the second cycle bit 320 of the actual dynamic factor based on the actual cycle count 220 and the first cycle bit 310 of the initial dynamic factor; determine the first extension bit 330 of the actual dynamic factor based on the last cycle feature data 230; and determine the actual dynamic factor 360 based on the algorithm bit 340, parameter bit 350, second cycle bit 320, and first extension bit 330, thereby determining the actual key 250. For further explanation regarding the actual cycle count, first cycle bit, algorithm bit, and parameter bit, please refer to the above text.
[0124] The second loop bit is used to represent the actual number of loops. In some embodiments, the data output terminal may retain the number of bits in the first loop bit and replace the value of the first loop bit with the actual number of loops to determine the second loop bit. For example, when the value of the first loop bit is 005 and the actual number of loops is 11, the second loop bit is 011.
[0125] In some embodiments, the data output terminal may use the last cycle feature data as the first extension bit.
[0126] In some embodiments, the data output terminal can use the algorithm bits of the initial dynamic factor as the algorithm bits of the actual dynamic factor, use the parameter bits of the initial dynamic factor as the parameter bits of the actual dynamic factor, and construct the actual dynamic factor based on the algorithm bits, parameter bits, second loop bits, and first extension bits of the actual dynamic factor.
[0127] In some embodiments, the data output terminal can generate the actual key in various ways. For example, the data output terminal can construct the actual key based on the actual dynamic factor. Another example is that the data output terminal can randomly generate invalid bits and construct the actual key using the invalid bits and the actual dynamic factor.
[0128] If the first extension bit has 3 bits, then Figure 1 Taking the first embodiment of step 140 as an example, when the initial dynamic factor is 103028, since the actual number of loops is 2 and the feature data of the last loop is 4, the actual dynamic factor can be 103022004. Figure 1 Taking the second embodiment of step 140 as an example, when the initial dynamic factor is 203028, since the actual number of cycles is 2 and the feature data of the last cycle is 4, the actual dynamic factor can be 203022004.
[0129] In some embodiments of this specification, the preset target before encryption is combined with the execution result after encryption to generate an actual key that depends entirely on the dynamic result of this encryption execution. This ensures that the data receiving end only needs to read the actual key to achieve decryption.
[0130] Taking Example 1 as an example, the ciphertext data is {fghdeabcnoplmijkq}. Based on the configuration information, the data structure of the actual dynamic factor is determined. The actual dynamic factor determined based on the actual key is 103022004. The data receiver can first determine the last cycle feature data (i.e., 004) based on the first extension bit, quickly determine that the data length of the unchanged data at the end of the ciphertext data is 4, which is {klmn}, and determine that the data string that needs to be decrypted in the ciphertext data {deabcijfghklmn} is {deabcijfgh}. Based on the second algorithm bit (i.e., 1) and the second cycle bit (i.e., 2), it is determined that two rounds of encryption processing are performed using dynamic displacement. Based on the second length bit (i.e., 03), it is determined that the number of bits of the data to be processed in the last cycle is 3, and thus the data string to be processed in the first round of inverse decryption is {fgh}. Based on the second offset bit (i.e., 02), the offset distance of each round is determined to be 2. After determining the necessary values, the first round of reverse decryption is performed. {fgh} is shifted forward by two units to obtain the decrypted data {deabcfghij} from the first round of reverse decryption. The second round of reverse decryption is then performed. The three data units preceding {fgh} from the first round of reverse decryption are used as the data string {abc} from the second round of reverse decryption. {abc} is shifted forward by two units to obtain the decrypted data {abcdefghij} from the second round of reverse decryption. Finally, the unchanged data {klmn} is appended to the decrypted data {abcdefghij} from the second round of reverse decryption to obtain the original data {abcdefghijklmn}.
[0131] The reverse decryption process in Examples 2 and 3 is similar to that in Example 1, and will not be described again here.
[0132] In some embodiments, the initial key further includes a valid bit, the value of which corresponds to the number of bits in the valid data string; the data output terminal may select at least one preset dynamic factor that meets preset requirements from the dynamic factor library based on the original data; select one preset dynamic factor as the initial dynamic factor from the at least one preset dynamic factor; the data output terminal may determine the value of the valid bit of the initial key based on the initial dynamic factor.
[0133] The valid bit is used to indicate the position of the valid data string, which refers to the data string participating in the encryption and decryption process. The value of the valid bit refers to the encoded information of the data string representing the valid bit. In some embodiments, the valid bit can be located at the beginning of the initial key. A value of M for the valid bit can indicate that the M data following the valid bit are valid data strings.
[0134] In some embodiments, the initial key also includes an invalid bit. An invalid bit is a data string that does not carry information about the encryption process and can be used to align the data length of the initial key and enhance security. In some embodiments, the invalid bit can be randomly generated.
[0135] A dynamic factor library refers to a database that stores multiple preset dynamic factors. In some embodiments, the dynamic factor library includes multiple preset dynamic factors with different values for algorithm bits, parameter bits, and first loop bits, and different preset dynamic factors correspond to different encoded values. In some embodiments, the dynamic factor library can be pre-built by technicians and stored in configuration information.
[0136] The preset dynamic factor refers to the dynamic factor used for encryption processing in the candidate.
[0137] The preset requirements refer to the requirements for selecting preset dynamic factors that can be encrypted. In some embodiments, the data transmission end can determine the applicable preset encryption algorithm based on the data type of the original data, and then determine the value range of the algorithm bits (i.e., the first value range); determine the value range of the parameter bits (i.e., the second value range) based on the data length of the original data; and select one or more preset dynamic factors from the dynamic factor library whose algorithm bit values are in the first value range and whose parameter bit values are in the second value range.
[0138] In some embodiments, the data transmission end may randomly select one of one or more preset dynamic factors as the initial dynamic factor, and use the encoded value of the preset dynamic factor as the valid value of the initial dynamic factor.
[0139] In some embodiments, the actual key also includes a second extension bit and a third extension bit. The data output terminal can also determine the second extension bit based on the actual number of cycles and determine the third extension bit based on the feature data of the last cycle.
[0140] The second extension bit is used to represent the actual number of loops. In some embodiments, the data output terminal may retain the number of bits in the first loop bit and replace the value of the first loop bit with the actual number of loops to determine the second extension bit.
[0141] The third extension bit is used to characterize the last loop feature data. In some embodiments, the data output terminal can use the last loop feature data as the third extension bit.
[0142] In some embodiments, the actual key may also include valid bits and invalid bits. The data output terminal can use the valid bits and invalid bits of the initial key as the valid bits and invalid bits of the actual key; the actual key is constructed based on the initial dynamic factor, the valid bits and invalid bits of the actual key, the second extension bit, and the third extension bit.
[0143] In some embodiments of this specification, by constructing a dynamic factor library, the data output end can dynamically select the most suitable strategy based on the characteristics of the original data, thereby achieving fine-grained encryption. By constructing valid bits, invalid bits, second extension bits, and third extension bits, which indicate the encryption process, it can be ensured that the data receiving end can quickly read the initial dynamic factors in the actual encryption key. The invalid bits increase the data length, thereby enhancing the confidentiality effect.
[0144] For example, when the initial key's data structure is: indicator bit + valid bit + initial dynamic factor, the actual key's data structure is: first valid bit + indicator bit + initial dynamic factor + invalid bit. The actual key's data structure can be: second valid bit + indicator bit + initial dynamic factor + second extension bit + third extension bit + invalid bit. The first valid bit can represent the sum of the number of bits in the indicator bit and the initial dynamic factor. During encryption, based on replacing the value of the second extension bit with the actual loop count, the last loop feature data is used as the value of the third extension bit, and the sum of the number of bits in the first indicator bit, second extension bit, and third extension bit is used as the second valid bit to construct the actual key. After receiving the actual key, the data receiver can locate and remove invalid bits based on the first valid bit, and determine the number of bits and structure of the initial dynamic factor based on the indicator bit, thereby determining the preset encryption algorithm and parameters to be used, and then quickly performing reverse decryption based on the second and third extension bits.
[0145] Figure 4 This is an exemplary schematic diagram illustrating the determination of algorithm bit values according to some embodiments of this specification.
[0146] In some embodiments, such as Figure 4 As shown, the data output terminal can determine the number of bits 420 of the algorithm bits and the at least one preset security algorithm 430 used based on the data type 410 of the original data; and determine the value 440 of the algorithm bits based on the number of bits 420 of the algorithm bits and the at least one preset security algorithm 430 used.
[0147] For information on the data type of the original data, please refer to [link / reference]. Figure 1 The description in step 110.
[0148] In some embodiments, the raw data of each data type corresponds to a preset encryption algorithm, and different preset encryption algorithms have different encoding values.
[0149] In some embodiments, the number of algorithm bits may be greater than or equal to the number of preset encryption algorithms.
[0150] In some embodiments, when the original data includes a data type, the data transmission end can determine the preset security algorithm corresponding to the data type and use the encoded value corresponding to the preset security algorithm as the value of the algorithm bit.
[0151] In some embodiments, when the original data includes multiple data types, the data transmission end can determine the preset security algorithm corresponding to each data type; based on the execution order of the multiple preset security algorithms and the encoding value of each preset security algorithm, the value of the algorithm bit is determined. The execution order of the preset security algorithms can be randomly determined.
[0152] In some embodiments, the preset encryption algorithm in the first bit can be executed first. In some embodiments, the preset encryption algorithm in the last bit can also be executed first. As an example only, taking the original data as including data type T1 and data type T2, the preset encryption algorithm corresponding to data type T1 is algorithm-1 (encoded value 1), the preset encryption algorithm corresponding to data type T2 is algorithm-2 (encoded value 2), and the execution order of the preset encryption algorithms is algorithm-2 and algorithm-1 respectively, when the number of algorithm bits is 2, the value of the algorithm bit is 21; when the number of algorithm bits is 3, the value of the algorithm bit is 021.
[0153] In some embodiments, the initial dynamic factor further includes an indicator bit, which is used to indicate the number of bits in the algorithm bits; each preset security algorithm corresponds to an algorithm value; the data output terminal can determine the value of the indicator bit based on the number of at least one preset security algorithm, and thus determine the indicator bit; the initial dynamic factor is determined based on the indicator bit, algorithm bits, parameter bits and the first loop bit; the data output terminal can determine the order of each algorithm value in the algorithm bits based on the order of at least one preset security algorithm, and thus determine the value of the algorithm bits.
[0154] The indicator bit can indicate the number of preset encryption algorithms used. The value of the indicator bit refers to the encoded information of the data string representing the indicator bit. In some embodiments, the data output terminal can use the number of preset encryption algorithms as the value of the indicator bit.
[0155] In some embodiments, the data output terminal can construct an initial dynamic factor based on the arrangement order of the indicator bit, algorithm bit, parameter bit, and first loop bit. The arrangement order of the indicator bit, algorithm bit, parameter bit, and first loop bit can be set based on actual needs. For example, the arrangement order can be indicator bit, algorithm bit, parameter bit, and first loop bit in sequence.
[0156] The algorithm value refers to the encoded value of a preset security algorithm. In some embodiments, the data transmission end can determine the algorithm value in various ways.
[0157] For example, the data transmission end can use the encoded value corresponding to the preset security algorithm as the algorithm value of the preset security algorithm.
[0158] For example, each data type corresponds to an algorithm library, and each algorithm library includes multiple preset encryption algorithms. Different algorithm libraries correspond to different encoding values, and different preset encryption algorithms within the same algorithm library correspond to different encoding values. The algorithm libraries are pre-built and stored in the configuration information.
[0159] In some embodiments, the data output terminal can combine the encoded value of the database containing the preset confidentiality algorithm with the encoded value of the preset confidentiality algorithm itself as the algorithm value. For example, the preset confidentiality algorithm algorithm-3 (encoded value 3) is located in algorithm library D1 (encoded value 1), and the algorithm value of the preset confidentiality algorithm is 13. In this case, the number of bits in the algorithm is more than twice the number of preset confidentiality algorithms.
[0160] The order of the algorithm values represents the execution order of the preset security algorithm. In some embodiments, the data output terminal can preset the execution order of the security algorithm, determine the order of the algorithm values, and thus determine the value of the algorithm bits.
[0161] For example, when the execution order is the preset secret algorithm algorithm-2 (algorithm value 32) in algorithm library D3 and the preset secret algorithm algorithm-1 (algorithm value 21) in algorithm library D2, the value of the algorithm bit is 3221.
[0162] In some embodiments, the number of algorithm bits can also be a constant value, determined based on the maximum number of data types. It is worth noting that the maximum number of data types refers to the theoretical upper limit of the number of data types that the original data can theoretically include, rather than the actual number of data types. The maximum number of data types can be pre-input by technical personnel.
[0163] As an example only, when the maximum number of data types in the algorithm bit is 3 (i.e., corresponding to three algorithm libraries) and the actual number of data types is 2, the number of algorithm bits is 6. The data output terminal determines to first use the preset encryption algorithm 22 in algorithm library D2, then use the preset encryption algorithm 14 in algorithm library D1, and not use the preset confidentiality algorithm in algorithm library D3. Then the value of the algorithm bit can be 220014 or 221400.
[0164] In some embodiments of this specification, the preset confidentiality algorithm is determined by the data type of the original data, enabling the security policy to fit the data characteristics. By setting indicator bits and assigning a unique algorithm value to each preset confidentiality algorithm, and determining the value of the algorithm bits based on the execution order of the preset confidentiality algorithms, a standardized and parsable algorithm instruction encoding protocol can be formed, enabling the data receiving end to accurately and efficiently parse the algorithm bits and achieve data decryption.
[0165] Figure 5This is an exemplary schematic diagram illustrating the determination of initial dynamic factors based on a factor determination model according to some embodiments of this specification.
[0166] In some embodiments, such as Figure 5 As shown, the data output end can determine the initial dynamic factor 530 based on the original data 510 through the factor determination model 520.
[0167] The factor determination model is used to determine initial dynamic factors. In some embodiments, the factor determination model is a machine learning model. For example, the factor determination model may be one or more combinations of a deep neural network (DNN) model or other custom models.
[0168] In some embodiments, the factor determination model can be obtained by training an initial machine learning model using multiple training samples with training labels. The initial machine learning model can be an untrained machine learning model or a trained factor determination model (the training samples differ from each other at least partially, also referred to as the initial factor determination model). For example, multiple training samples with training labels can be input into the initial machine learning model, and a loss function can be constructed using the training labels and the results of the initial factor determination model. Based on the loss function, the parameters of the initial machine learning model are iteratively updated using gradient descent or other methods. The model training is complete when preset conditions are met, resulting in a trained factor determination model. These preset conditions may include loss function convergence, the number of iterations reaching a threshold, etc.
[0169] In some embodiments, training samples may include original sample data of different data types and lengths; training labels may include initial dynamic factors corresponding to the training samples. Training samples and training labels can be determined based on historical data, and the first training label can be manually labeled. For example, for uploaded original sample data of the same data type and length (i.e., training samples), the initial dynamic factor corresponding to the best-performing encrypted transmission in subsequent transmissions is used as the training label. Here, "best-performing" can be understood as having the highest similarity between the decrypted data and the original data, the fastest encryption or decryption speed, or the lowest success rate in simulated attacks (i.e., being illegally obtained), etc.
[0170] In some embodiments of this specification, initial dynamic factors are generated dynamically in real time based on a factor determination model. This eliminates the need for data transmission to rely on a large dynamic factor library and complex selection rules to generate initial dynamic factors, reducing the risk of human error and allowing the data transmission method to be applied to more complex business needs. Furthermore, the machine learning model can continuously adjust its internal parameters to improve encryption strategies and achieve proactive defense.
[0171] The basic concepts have been described above. Obviously, for those skilled in the art, the detailed disclosure above is merely illustrative and does not constitute a limitation of this specification. Although not explicitly stated herein, those skilled in the art may make various modifications, improvements, and corrections to this specification. Such modifications, improvements, and corrections are suggested in this specification and therefore remain within the spirit and scope of the exemplary embodiments described herein.
[0172] Finally, it should be understood that the embodiments in this specification are merely illustrative of the principles of the invention. Other variations may also fall within the scope of this specification. Therefore, alternative configurations of the invention are considered as examples rather than limitations, and are regarded as consistent with the teachings of this specification. Accordingly, the embodiments in this specification are not limited to those explicitly described and illustrated herein.
Claims
1. A data transmission method, characterized in that, This is executed by the data output end and the data receiving end, including: The data output terminal acquires the raw data; The data output terminal determines an initial dynamic factor based on the data type and data length of the original data. The initial dynamic factor includes at least an algorithm bit and a parameter bit. The value of the algorithm bit corresponds to at least one preset security algorithm. The at least one preset security algorithm is determined based on the data type of the original data. The composition of the parameter bit is determined based on the at least one preset security algorithm. The value of the parameter bit is determined based on the data length of the original data. The data output terminal determines the initial key based on the initial dynamic factor; The data output terminal generates ciphertext data based on the initial key and the original data; The data output terminal determines the actual key based on the ciphertext data and the initial key; The data output terminal transmits the actual key and the ciphertext data to the data receiving terminal; and The data receiving end decrypts the ciphertext data based on the actual key to obtain the original data.
2. The data transmission method according to claim 1, characterized in that, The initial dynamic factor further includes at least a first loop bit, the value of which is not less than a preset minimum number of loops.
3. The data transmission method according to claim 2, characterized in that, The preset confidentiality algorithm includes at least one of dynamic shift and offset permutation; the components of the parameter bit include a first length bit and a first offset bit, the value of the first length bit is not less than 1, and the ratio of the value of the first length bit to the data length of the original data is not greater than 20%, and the sum of the value of the first offset bit and the value of the first length bit is less than the data length of the original data.
4. The data transmission method according to claim 2, characterized in that, The data output terminal determines the actual key based on the ciphertext data and the initial key, including: determining the actual number of cycles of the ciphertext data and the last cycle feature data of the ciphertext data based on the ciphertext data; and determining the actual key based on the initial dynamic factor, the actual number of cycles, and the last cycle feature data.
5. The data transmission method according to claim 4, characterized in that, The initial key includes at least the initial dynamic factor, and the actual key includes at least the actual dynamic factor, the actual dynamic factor including a first extension bit; The step of determining the actual key based on the initial dynamic factor, the actual number of loops, and the feature data of the last loop includes: Based on the actual number of cycles and the first cycle position of the initial dynamic factor, determine the second cycle position of the actual dynamic factor; Based on the last cycle feature data, determine the first extension bit of the actual dynamic factor; and, Based on the algorithm bits, the parameter bits, the second loop bits, and the first extension bits, the actual dynamic factor is determined, and then the actual key is determined.
6. The data transmission method according to claim 4, characterized in that, The initial key also includes a valid bit, the value of which corresponds to the number of bits in the valid data string; The data output terminal determines the initial dynamic factor based on the original data, including: Based on the original data, at least one preset dynamic factor that meets the preset requirements is selected from the dynamic factor library; Select one of the preset dynamic factors from at least one preset dynamic factor as the initial dynamic factor; The data output terminal also determines the initial key based on the initial dynamic factor, including: Based on the initial dynamic factor, the value of the valid bit of the initial key is determined.
7. The data transmission method according to claim 6, characterized in that, The actual key also includes a second extension bit and a third extension bit. The data output terminal further determines the actual key based on the initial dynamic factor, the actual number of loops, and the feature data of the last loop, including: Based on the actual number of loops, determine the second extension bit; and, The third extension bit is determined based on the last cycle feature data.
8. The data transmission method according to claim 2, characterized in that, The data output terminal determines the initial dynamic factor based on the original data, including: Based on the data type of the original data, determine the number of bits in the algorithm and the at least one preset confidentiality algorithm used; The value of the algorithm bit is determined based on the number of bits in the algorithm bit and the at least one preset confidentiality algorithm used.
9. The data transmission method according to claim 8, characterized in that, The initial dynamic factor also includes an indicator bit, which is used to indicate the number of bits in the algorithm; each preset confidentiality algorithm corresponds to an algorithm value; The data output terminal determines the initial dynamic factor based on the original data, including: Based on the number of the at least one preset security algorithm, the value of the indicator bit is determined, and then the indicator bit is determined; The initial dynamic factor is determined based on the indicator bit, the algorithm bit, the parameter bit, and the first loop bit; Determining the value of the algorithm bit based on the number of bits in the algorithm bit and the at least one preset confidentiality algorithm used includes: determining the order of each algorithm value in the algorithm bit based on the order of the at least one preset confidentiality algorithm, and then determining the value of the algorithm bit.
10. The data transmission method according to claim 1, characterized in that, The data output terminal determines the initial dynamic factor based on the original data, including: Based on the original data, the initial dynamic factors are determined using a factor determination model, wherein the factor determination model is a machine learning model; The factor determination model is obtained through the following steps: Multiple training samples with training labels are input into an initial factor determination model; a loss function is constructed using the training labels and the results of the initial factor determination model; the parameters of the initial factor determination model are iteratively updated using gradient descent based on the loss function, and training is completed when preset conditions are met, resulting in a trained factor determination model; wherein the training samples include original data of different data types and data lengths; the training labels include the initial dynamic factors corresponding to the training samples.