Data encryption method and system based on glink bus
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- TIANJIN RUISHENG ELECTRONIC TECH CO LTD
- Filing Date
- 2026-04-03
- Publication Date
- 2026-06-19
Smart Images

Figure CN122247712A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of data encryption, and in particular to a data encryption method and system based on the Glink bus. Background Technology
[0002] In the field of high-speed bus communication, data encryption is a key technology for ensuring system security. Existing bus encryption methods are mostly concentrated at the link layer or application layer, achieving data confidentiality protection by embedding encryption fields in data frames or using end-to-end encryption protocols. In terms of key management, traditional solutions mostly use pre-set static keys or dynamic key negotiation mechanisms based on software protocols.
[0003] For example, Chinese Patent Publication No. CN118158021A discloses a data transmission processing method and system based on the Glink bus protocol. The method involves: determining multiple data messages to be transmitted under the Glink bus protocol; for each data message, obtaining and randomly generating multiple first masks and generating multiple second masks according to pre-set fixed rules; masking each data message using the multiple first masks and the multiple second masks to generate a masked message; encrypting the masked message to obtain an encrypted message, and sending the encrypted message to a receiving end for decryption to obtain the masked message; and then decoding the masked message using the multiple first masks and the multiple second masks to obtain the multiple data messages. The technical solution provided by this application can improve the security of the data transmission process.
[0004] However, the following problems still exist in the existing technology. Existing key management mechanisms are relatively static, lacking dynamic correlation with the link layer state. Key generation and updates largely rely on preset cycles or external commands, failing to bind to the real-time physical characteristics of the bus interface, resulting in insufficient encryption security. Furthermore, the single method of key material storage makes it vulnerable to cracking or hijacking, further impacting the overall system security. Summary of the Invention
[0005] To address these issues, this invention provides a data encryption method and system based on the Glink bus. This overcomes the limitations of existing technologies where key management mechanisms are relatively static, lack dynamic correlation with the link layer state, and rely heavily on preset cycles or external commands for key generation and updates, failing to bind to the real-time physical characteristics of the bus interface, resulting in insufficient encryption security. Furthermore, the single storage method for key materials makes them vulnerable to cracking or hijacking, further impacting the overall system security.
[0006] To achieve the above objectives, in one aspect, the present invention provides a data encryption method based on the Glink bus, which includes: The interface fingerprint features of the bus link are collected in real time, and the interface fingerprint features with timestamps are sent to the neutral terminal at predetermined intervals. The neutral terminal determines the extraction time within a predetermined period and sends the interface fingerprint feature set within the time domain segment where the extraction time is located to the transceiver. The neutral terminal modifies the extraction time multiple times based on the first element of the interface fingerprint feature set, determines the data storage link to be activated based on the interface fingerprint features corresponding to several modified times, determines the generation method of interference segments, and inserts each interference segment into the interface fingerprint feature segments arranged in time sequence to form an interference fingerprint feature sequence. The neutral terminal stores the interference fingerprint feature sequence to each node of the data storage link. The data stored at each node flows according to the flow time interval, which is determined based on the corresponding interface fingerprint feature. The transceiver determines the extraction time based on the interface fingerprint feature set and makes multiple corrections. Based on the several interface fingerprint features corresponding to the correction time, it determines the data storage link to be accessed and generates an initial number sequence. Based on the flow time interval, it performs data flow time sequence deduction and deduces each node to be accessed in order to extract interface fingerprint feature fragments. The sending end determines the encryption algorithm based on the extracted interface fingerprint feature fragments and encrypts the data to be sent in segments. The receiving end determines the decryption algorithm based on the extracted interface fingerprint feature fragments and decrypts the received data in segments.
[0007] Furthermore, the process by which the neutral terminal and the transceiver modify the extraction time multiple times based on the first element of the interface fingerprint feature set includes: Extract the first interface fingerprint feature from the interface fingerprint feature set, including the equalizer's main tap coefficient and phase coefficient; The interface fingerprint features are digitized, and the delay step is determined based on the mapping relationship between the processed value and the delay step. Based on the aforementioned delay step, the extraction time is repeatedly delayed to obtain several correction times until the correction times exceed the time domain segment. The digitization process includes normalizing the interface fingerprint features and recombining them into different digits to obtain a recombined number, and determining the recombined number as the processing value; the time domain segment is a time period with the correction time as the intermediate time and a predetermined duration.
[0008] Furthermore, the process of determining the required data storage link to be activated based on the interface fingerprint features corresponding to several correction times, and determining the generation method of the interference fragment, includes: Extract the interface fingerprint features corresponding to several correction times, digitize them, and determine several processing values. After performing a modulo operation on each of the processed values, they are matched with the sequence number of the data storage link to determine the number of data storage links that need to be activated if the sequence number matches successfully. The interface fingerprint features within the predetermined period are divided into several interface fingerprint feature segments, and several insertion intervals are determined based on the mapping relationship between the processed values and the insertion interval. For the temporally arranged interface fingerprint feature segments, interference segments are inserted at corresponding insertion intervals to obtain the interference fingerprint feature sequence; The number of interface fingerprint feature fragments is the difference between the number of nodes in the activated data storage link and the number of processed values.
[0009] Furthermore, the process by which the neutral terminal stores the interfering fingerprint feature sequence to each node of the data storage link includes, The nodes are sorted in ascending order based on their corresponding serial numbers in the data storage link. Based on the order of each node, the interface fingerprint feature fragments or interference fragments in the interference fingerprint feature sequence are stored to each node in turn; After storage is complete, record the storage timestamp and send it to the receiving end; Each node in the data storage link is assigned a unique number.
[0010] Furthermore, the process of data flow based on the flow time intervals stored in each node includes... The interface fingerprint features corresponding to the extraction time are digitized, and the flow time interval is determined based on the mapping relationship between the processed values and the flow time interval. Control the data flow of each node at corresponding flow time intervals; For the tail node, data flows to the head node; For the remaining nodes, the flow proceeds from the node with the smaller number to the adjacent node with the larger number; The tail node is the node with the highest number in the activated data storage link. Data flow includes copying the data that is about to flow in and deleting the data that is about to flow out.
[0011] Furthermore, the process of determining the required data storage link based on several interface fingerprint features corresponding to the correction time and generating an initial number sequence includes, Extract the interface fingerprint features corresponding to several correction times, digitize them, and determine several processing values. After performing a modulo operation on each of the processed values, they are matched with the sequence number of the data storage link to determine the number of data storage links that need to be activated if the sequence number matches successfully. Arrange the corresponding numbers of each node in each of the data storage links in ascending order, and determine several insertion intervals based on the mapping relationship between the processed values and the insertion intervals; The numbers are marked according to the insertion interval in the numbering sorting process to obtain the initial numbering sequence.
[0012] Furthermore, the process of performing data flow time-series deduction based on the stated flow time interval, and deducing the nodes that need to be accessed in order to extract a complete interference fingerprint feature sequence includes, The flow time interval is determined based on the mapping relationship between the interface fingerprint features corresponding to the extraction time and the flow time interval. Determine the number of flow time intervals between the current time and the stored timestamp, so that the initial numbering sequence undergoes a corresponding number of marked flows to obtain the derived numbering sequence, and determine the unmarked nodes that need to be accessed; For the tail-end numbering, the marker will flow to the head-end numbering; For the remaining numbers, the markers corresponding to the smaller numbers are moved to the adjacent larger numbers; The tail number is the tail number in the initial numbering sequence, and the mark flow includes transferring the mark of the number to the number that needs to be flowed.
[0013] Furthermore, the sending end performs digitization processing on the extracted interface fingerprint feature fragments, determines the average value of the processed values, and selects the corresponding encryption algorithm based on the mapping relationship between the processed values and the encryption algorithm. The data to be sent is divided into data segments based on the number of interface fingerprint segments, and each segment is encrypted according to the encryption algorithm described above. The resulting encrypted data segments are then combined and sent to the receiving end. The receiving end performs digitization processing on the extracted interface fingerprint feature fragments, determines the average value of the processed values, and selects the corresponding decryption algorithm based on the mapping relationship between the processed values and the decryption algorithm. The data to be sent is divided into segments based on the number of interface fingerprint segments. Each segment is then decrypted using the aforementioned decryption algorithm to obtain several decrypted data segments, which are then combined to obtain the decrypted data.
[0014] Furthermore, it also includes the neutral terminal detecting in real time whether the node storing the interference fragment is accessed, and issuing a warning signal based on the access result, wherein, If a node storing interference fragments is accessed, an early warning signal is issued, and the access port of the neutral terminal is locked.
[0015] On the other hand, a system applying a data encryption method based on the Glink bus is also provided, which includes: A neutral terminal includes several data storage links, each of which consists of several nodes for storage; The data acquisition module is used to collect the interface fingerprint features of the bus link in real time and send the interface fingerprint features with timestamps to the neutral terminal at predetermined intervals. An interference module, deployed on the neutral terminal, is used to insert each interference fragment into a time-sequentially arranged interface fingerprint feature fragment to form an interference fingerprint feature sequence. A switching module, deployed on the neutral terminal, is used to store the interference fingerprint feature sequence to each node of the data storage link, and the data stored at each node is circulated according to the flow time interval. The extraction module, deployed at the transceiver end, is used to deduce the nodes to be accessed in order to extract interface fingerprint feature fragments. An encryption module, deployed at the sending end, is used to determine the encryption algorithm based on the extracted interface fingerprint feature fragments and encrypt the data to be sent in segments. The decryption module, deployed at the receiving end, is used to determine the decryption algorithm based on the extracted interface fingerprint feature fragments to decrypt the received data in segments.
[0016] Compared with existing technologies, this invention collects interface fingerprint features of bus links in real time and transmits them periodically to neutral terminals. The neutral terminal extracts interface fingerprint features within a local time segment based on the extraction time and sends them to the transceiver. It also dynamically determines the data storage link to be activated and generates corresponding interference fragments to insert into the interface fingerprint feature fragments, forming an interference fingerprint feature sequence. This sequence is stored at each node of the data storage link, allowing each node to switch according to a switching rule. The transceiver uses the received partial interface fingerprint feature set to determine the required access node and extracts all interface fingerprint feature fragments to determine the encryption and decryption algorithms. This invention utilizes the unpredictability of interface fingerprint features to dynamically store key materials, using the acquisition process of the key materials itself as an encryption method, and updating the encryption and decryption algorithms in a correlated manner. This reduces the risk of key materials being cracked or hijacked, thereby improving encryption security.
[0017] In particular, interface fingerprint features are attributes of bus links and change unpredictably over time. This invention uses interface fingerprint features as key material. First, it collects a set of interface fingerprint features within a local time period and sends it to the transceiver end to determine the access node. It uses a neutral terminal to store the interface fingerprint features. The neutral terminal pre-constructs multiple data storage links and dynamically determines the data storage link that needs to be stored using the interface fingerprint feature set. This makes the addresses of the interface fingerprint features stored each time different and unpredictable. The remaining storage links can share the burden of malicious attacks. Furthermore, it dynamically determines the generation method of interference fragments based on the interface fingerprint features. This allows interference fragments to be dynamically inserted into the original interface fingerprint features, and the insertion method is affected by the interface fingerprint features, making the generation method of interference fragments different each time, thus increasing the camouflage of the real interface fingerprint features.
[0018] In particular, this invention, based on the generation of interference fingerprint feature sequences, segments and stores them at nodes of the data storage link, allowing the data stored at each node to switch. The switching pattern is determined based on the interface fingerprint features, thereby enabling data to flow between nodes. Subsequently, the transceiver needs to determine the data storage link based on the received partial interface fingerprint feature set and generate an initial number sequence for time-series deduction. This simulates how data flows within nodes in a neutral terminal and deduces the nodes that need to be accessed. If there are spoofed fragments in the nodes that the transceiver needs to access, the neutral terminal will be locked. Based on this, the determination of data to facilitate the data storage link, the determination of the generation method of interference fragments, and the determination of data switching between nodes are indirectly used as encryption methods, improving the security of encrypted materials and the security of the entire data transmission.
[0019] In particular, this invention enables the encryption and decryption algorithms to dynamically change based on accurate interface fingerprint characteristics, based on the accurate identification of access nodes at the transceiver end. Thus, during data transmission and reception, multiple dimensions of verification are performed. Both the transceiver end and the transceiver end need to accurately determine the data storage link, the initial number sequence, and the timing deduction to accurately determine the matching encryption and decryption algorithms. Furthermore, through multi-dimensional nested dynamic encryption, the process of acquiring the key material itself serves as an encryption method, and the encryption and decryption algorithms are updated in a correlated manner, thereby reducing the risk of key material being cracked and hijacked, and improving encryption security. Attached Figure Description
[0020] Figure 1 This is a schematic diagram illustrating the steps of a data encryption method based on the Glink bus according to an embodiment of the invention. Figure 2 This is a schematic diagram illustrating the insertion of interference deviations into the timing sequence of interface fingerprint feature segments, as an embodiment of the invention. Figure 3 This is a schematic diagram illustrating how the data stored in each node of an embodiment of the invention is switched according to a switching rule; Figure 4 This is a logic block diagram illustrating how an alert is issued based on the access results, as described in an embodiment of the invention. Detailed Implementation
[0021] To make the objectives and advantages of the present invention clearer, the present invention will be further described below with reference to embodiments; it should be understood that the specific embodiments described herein are merely for explaining the present invention and are not intended to limit the present invention.
[0022] Preferred embodiments of the present invention will now be described with reference to the accompanying drawings. Those skilled in the art should understand that these embodiments are merely illustrative of the technical principles of the present invention and are not intended to limit the scope of protection of the present invention.
[0023] Please see Figure 1 The diagram illustrates the steps of a data encryption method based on the Glink bus according to an embodiment of the invention. The data encryption method based on the Glink bus according to this embodiment includes: Step S1: Collect the interface fingerprint features of the bus link in real time, and send the interface fingerprint features with timestamps to the neutral terminal every predetermined period. Step S2: The neutral terminal determines the extraction time within a predetermined period and sends the interface fingerprint feature set within the time domain segment where the extraction time is located to the transceiver. Step S3: The neutral terminal modifies the extraction time multiple times based on the first element of the interface fingerprint feature set, determines the data storage link to be activated based on the interface fingerprint features corresponding to several modified times, determines the generation method of the interference fragments, and inserts each interference fragment into the interface fingerprint feature fragments arranged in time sequence to form an interference fingerprint feature sequence. Step S4: The neutral terminal stores the interference fingerprint feature sequence to each node of the data storage link. The data stored at each node flows according to the flow time interval, which is determined based on the corresponding interface fingerprint feature. Step S5: The transceiver determines the extraction time based on the interface fingerprint feature set and makes multiple corrections. Based on the interface fingerprint features corresponding to the correction time, it determines the data storage link to be accessed and generates an initial number sequence. Based on the flow time interval, it performs data flow time sequence deduction and deduces each node to be accessed in order to extract interface fingerprint feature fragments. Step S6: The sending end determines the encryption algorithm based on the extracted interface fingerprint feature fragments and encrypts the data to be sent in segments. The receiving end determines the decryption algorithm based on the extracted interface fingerprint feature fragments and decrypts the received data in segments.
[0024] Specifically, the Glink bus link refers to a physical transmission channel established based on a high-speed serial communication protocol. Its physical layer adopts a serializer / deserializer architecture. In implementation, there is no limitation on the specific method of obtaining interface fingerprint characteristics. For example, it can be achieved by reading the status and control registers of the SerDes unit of the Glink bus physical layer. The registers in the SerDes unit that store the link training results and real-time running parameters are mapped to the system address space. The value of the specified register is read through the standard bus interface. The registers include at least a register group that stores equalizer coefficients and a register that stores clock phase control words. The sampling interval for the main tap coefficient and the phase coefficient is set to 0.1s.
[0025] The main tap coefficient of the equalizer refers to the tap weight value of the equalizer in the SerDes unit corresponding to the current symbol time. Its value ranges from 0.5 to 1.0, and it is stored in a register in the form of a fixed-point integer, dynamically drifting with changes in the physical state of the link. This coefficient is the one with the largest absolute value among all tap coefficients and determines the correct decision criterion for the current bit.
[0026] The phase coefficient refers to the digital control word of the Clock Data Recovery (CDR) module in the SerDes unit. It is used to characterize the phase offset of the sampling clock relative to the data unit interval (UI). Its value ranges from 0 to 1 unit interval and is stored in the SerDes register as a fixed-point integer. During link operation, the phase coefficient fluctuates continuously due to factors such as power supply ripple, thermal noise, and crosstalk. Its fluctuation frequency can reach the microsecond level, making it an important parameter characterizing the dynamic physical state of the link.
[0027] Specifically, there are no restrictions on the form of the neutral terminal. For example, it can be a cloud server, a physical storage device that can communicate with the transceiver, or other forms, as long as it can provide multi-node storage and identity authentication functions. This will not be elaborated further.
[0028] Specifically, the neutral terminal determines the extraction time as the midpoint of the predetermined period.
[0029] Specifically, the process by which the neutral terminal and the transceiver modify the extraction time multiple times based on the first element of the interface fingerprint feature set includes: Extract the first interface fingerprint feature from the interface fingerprint feature set, including the equalizer's main tap coefficient and phase coefficient; The interface fingerprint features are digitized, and the delay step is determined based on the mapping relationship between the processed value and the delay step. Based on the aforementioned delay step, the extraction time is repeatedly delayed to obtain several correction times until the correction times exceed the time domain segment. The digitization process includes normalizing the interface fingerprint features and recombining them into different digits to obtain a recombined number, and determining the recombined number as the processing value; the time domain segment is a time period with the correction time as the intermediate time and a predetermined duration.
[0030] Specifically, the main tap coefficient and the phase coefficient are both normalized to the interval (0, 1). The normalized main tap coefficient is rounded down to the tens digit and the normalized phase coefficient is rounded down to the units digit to form the recombinant number.
[0031] In practice, a mapping relationship between the processed values and the delay step size is pre-set, and each processed value is mapped to a delay step size. For example, a random mapping method can be used to randomly map all possible processed values to a delay step size in the range of [0.1s, 1s]. The delay step size is an integer multiple of the sampling interval, and this mapping relationship is recorded. Different processed values can be mapped to the same delay step size, which will not be elaborated further.
[0032] The length of the predetermined period determines the replacement period of the encryption / decryption algorithm. In practice, the replacement period can be set to 1 minute.
[0033] The predetermined duration determines the number of interface fingerprint features extracted. The purpose of setting the predetermined duration is to use only the local interface fingerprint features within the transmission cycle for timing deduction at the transceiver end. It is usually set to 0.1 times the predetermined period.
[0034] Specifically, the process of determining the data storage link to be activated based on the interface fingerprint features corresponding to several correction times, and determining the generation method of the interference fragment, includes: Extract the interface fingerprint features corresponding to several correction times, digitize them, and determine several processing values. After performing a modulo operation on each of the processed values, they are matched with the sequence number of the data storage link to determine the number of data storage links that need to be activated if the sequence number matches successfully. The interface fingerprint features within the predetermined period are divided into several interface fingerprint feature segments, and several insertion intervals are determined based on the mapping relationship between the processed values and the insertion interval. For the temporally arranged interface fingerprint feature segments, interference segments are inserted at corresponding insertion intervals to obtain the interference fingerprint feature sequence; The number of interface fingerprint feature fragments is the difference between the number of nodes in the activated data storage link and the number of processed values.
[0035] In practice, data storage links that are equal in number to the number of processed values can be created and assigned a corresponding serial number. The serial number can be an integer in the range [1, 99]. When the processed value is equal to the serial number, it can be determined as a match.
[0036] It is understandable that the number of determined processing values is equal to the number of interference fragments, and both interference fragments and interface fingerprint feature fragments need to be stored in different nodes of the data storage link.
[0037] In practice, the mapping relationship between the processed values and the insertion interval can be preset, and each processed value can be mapped to an insertion interval. For example, a random mapping method can be used to randomly map all possible processed values to an insertion interval in the integer range of [1, 3] and record this mapping relationship. The purpose of setting the range of the insertion interval to [1, 3] is to ensure that the insertion interval is not too large, so as to ensure that all interference fragments can be inserted into the interface fingerprint feature fragment.
[0038] Please see Figure 2 As shown, Figure 2 This is a schematic diagram illustrating the insertion of interference deviations into the timing sequence of interface fingerprint feature segments, as an embodiment of the invention. For example, with an insertion interval of 2, an interference fragment is inserted every 2 interface fingerprint feature fragments.
[0039] Specifically, the interference fragment is interference data generated based on the interface fingerprint features. There are no restrictions on how it is generated. For example, historical interface fingerprint features that are not in the current period can be randomly extracted and spliced to the same length as the interface fingerprint feature fragment to generate the interference fragment. Of course, it is also possible to construct a random number of the same order of magnitude as the interface fingerprint features and then construct the interference fragment. This will not be elaborated further.
[0040] Specifically, interface fingerprint features are attributes of bus links and change unpredictably over time. This invention uses interface fingerprint features as key material. First, it collects a set of interface fingerprint features within a local time period and sends it to the transceiver end to determine the access node. It uses a neutral terminal to store the interface fingerprint features. The neutral terminal pre-constructs multiple data storage links and dynamically determines the data storage link that needs to be stored using the interface fingerprint feature set. This makes the addresses of the interface fingerprint features stored each time different and unpredictable. The remaining storage links can also share the burden of malicious attacks. Furthermore, it dynamically determines the generation method of interference fragments based on the interface fingerprint features. This allows interference fragments to be dynamically inserted into the original interface fingerprint features, and the insertion method is affected by the interface fingerprint features, making the generation method of interference fragments different each time, thus increasing the camouflage of the real interface fingerprint features.
[0041] Specifically, the process by which the neutral terminal stores the interfering fingerprint feature sequence to each node of the data storage link includes: The nodes are sorted in ascending order based on their corresponding serial numbers in the data storage link. Based on the order of each node, the interface fingerprint feature fragments or interference fragments in the interference fingerprint feature sequence are stored to each node in turn; After storage is complete, record the storage timestamp and send it to the receiving end; Each node in the data storage link is assigned a unique number.
[0042] Specifically, in implementation, each node of the data storage link can be assigned a unique number in advance. The number can be an integer to facilitate comparison and sorting.
[0043] In practice, starting from the beginning of the interfering fingerprint feature sequence, the interface fingerprint feature fragments or interfering fragments are stored one by one. The storage is based on the sorting order of each node in ascending order, that is, the nodes with smaller numbers are stored first.
[0044] Specifically, please refer to Figure 3 As shown, Figure 3 This diagram illustrates how the data stored at each node is switched according to a switching pattern. The process of data flow between the nodes based on the flow time interval includes... The interface fingerprint features corresponding to the extraction time are digitized, and the flow time interval is determined based on the mapping relationship between the processed values and the flow time interval. Control the data flow of each node at corresponding flow time intervals; For the tail node, data flows to the head node; For the remaining nodes, the flow proceeds from the node with the smaller number to the adjacent node with the larger number; The tail node is the node with the highest number in the activated data storage link. Data flow includes copying the data that is about to flow in and deleting the data that is about to flow out.
[0045] In practice, a mapping relationship between the processed values and the flow time interval is pre-set. Each processed value is mapped to a flow time interval. For example, a random mapping method can be used to randomly map all possible processed values to a flow time interval within the integer range of [5s, 10s] and record this mapping relationship.
[0046] Specifically, this invention, based on the generation of interference fingerprint feature sequences, segments and stores them at nodes of the data storage link, allowing the data stored at each node to switch. The switching pattern is determined based on the interface fingerprint features, thereby enabling data to flow between nodes. Subsequently, the transceiver needs to determine the data storage link based on the received partial interface fingerprint feature set and generate an initial number sequence for time-series deduction. This simulates how data flows within nodes in a neutral terminal and deduces the nodes that need to be accessed. If there are spoofed fragments in the nodes that the transceiver needs to access, the neutral terminal will be locked. Based on this, the determination of data to facilitate the data storage link, the determination of the generation method of interference fragments, and the determination of data switching between nodes are indirectly used as encryption methods, improving the security of encrypted materials and the security of the entire data transmission.
[0047] Specifically, the process of determining the required data storage link to be accessed and generating an initial number sequence based on several interface fingerprint features corresponding to the correction time includes, Extract the interface fingerprint features corresponding to several correction times, digitize them, and determine several processing values. After performing a modulo operation on each of the processed values, they are matched with the sequence number of the data storage link to determine the number of data storage links that need to be activated if the sequence number matches successfully. Arrange the corresponding numbers of each node in each of the data storage links in ascending order, and determine several insertion intervals based on the mapping relationship between the processed values and the insertion intervals; The numbers are marked according to the insertion interval in the numbering sorting process to obtain the initial numbering sequence.
[0048] In practice, the first number is used as the reference, and the numbers are marked at each corresponding insertion interval; Understandably, the purpose of this is to identify nodes that stored interfering fragments and nodes that stored interface fingerprint feature fragments during the initial storage process.
[0049] Specifically, the process of performing data flow time-series deduction based on the stated flow time interval, and deducing the nodes that need to be accessed in order to extract a complete interference fingerprint feature sequence includes, The flow time interval is determined based on the mapping relationship between the interface fingerprint features corresponding to the extraction time and the flow time interval. Determine the number of flow time intervals between the current time and the stored timestamp, so that the initial numbering sequence undergoes a corresponding number of marked flows to obtain the derived numbering sequence, and determine the unmarked nodes that need to be accessed; For the tail-end numbering, the marker will flow to the head-end numbering; For the remaining numbers, the markers corresponding to the smaller numbers are moved to the adjacent larger numbers; The tail number is the tail number in the initial numbering sequence, and the mark flow includes transferring the mark of the number to the number that needs to be flowed.
[0050] Understandably, the purpose of marking the flow is to simulate the data flow within each node of the neutral terminal after a certain period of time at the transmitting and receiving ends, thereby determining the storage objects of each node in the current neutral terminal.
[0051] Specifically, the sending end performs digitization processing on the extracted interface fingerprint feature fragments, determines the average value of the processed values, and selects the corresponding encryption algorithm based on the mapping relationship between the processed values and the encryption algorithm. The data to be sent is divided into data segments based on the number of interface fingerprint segments, and each segment is encrypted according to the encryption algorithm described above. The resulting encrypted data segments are then combined and sent to the receiving end. The receiving end performs digitization processing on the extracted interface fingerprint feature fragments, determines the average value of the processed values, and selects the corresponding decryption algorithm based on the mapping relationship between the processed values and the decryption algorithm. The data to be sent is divided into segments based on the number of interface fingerprint segments. Each segment is then decrypted using the aforementioned decryption algorithm to obtain several decrypted data segments, which are then combined to obtain the decrypted data.
[0052] Specifically, there are no restrictions on the types of encryption and decryption algorithms. For example, symmetric encryption can be used, and those skilled in the art can prepare several pairs of encryption and decryption algorithms in advance.
[0053] When constructing the mapping relationship between encryption and decryption algorithms and the processed values, each processed value is randomly mapped to a pair of prepared encryption and decryption algorithms, and all mapping relationships are recorded.
[0054] It is understandable that, since the interface fingerprint feature fragment contains interface fingerprint features at multiple times, the average of the processed values is calculated after determining the processed values for the interface fingerprint features at each time.
[0055] In practice, the processing value whose mean is closest to the processing value can be determined, and a pair of encryption and decryption algorithms mapped to that processing value can be selected.
[0056] In practice, the sending end encrypts the data to be sent in segments before sending it to the receiving end, and the receiving end decrypts the segments to obtain the corresponding data to be sent.
[0057] This invention, based on the accurate identification of access nodes at the transceiver end, enables the encryption and decryption algorithms to dynamically change according to accurate interface fingerprint characteristics. Furthermore, during data transmission and reception, multiple dimensions of verification are performed. Both the transceiver and the data receiving end must accurately determine the matching encryption and decryption algorithms based on accurate identification of the data storage link, accurate determination of the initial number sequence, and accurate timing deduction. Through multi-dimensional nested dynamic encryption, the key material acquisition process itself serves as an encryption method, and the encryption and decryption algorithms are updated in a correlated manner, thereby reducing the risk of key material being cracked or hijacked and improving encryption security.
[0058] Specifically, please refer to Figure 4 As shown, it is a logical block diagram of an embodiment of the invention for issuing a warning result based on the access result. It also includes the neutral terminal detecting in real time whether the node storing the interference fragment has been accessed, and issuing a warning signal based on the access result. If a node storing interference fragments is accessed, an early warning signal is issued, and the access port of the neutral terminal is locked.
[0059] This embodiment also provides a system for applying a data encryption method based on the Glink bus, which includes: A neutral terminal includes several data storage links, each of which consists of several nodes for storage; The data acquisition module is used to collect the interface fingerprint features of the bus link in real time and send the interface fingerprint features with timestamps to the neutral terminal at predetermined intervals. An interference module, deployed on the neutral terminal, is used to insert each interference fragment into a time-sequentially arranged interface fingerprint feature fragment to form an interference fingerprint feature sequence. A switching module, deployed on the neutral terminal, is used to store the interference fingerprint feature sequence to each node of the data storage link, and the data stored at each node is circulated according to the flow time interval. The extraction module, deployed at the transceiver end, is used to deduce the nodes to be accessed in order to extract interface fingerprint feature fragments. An encryption module, deployed at the sending end, is used to determine the encryption algorithm based on the extracted interface fingerprint feature fragments and encrypt the data to be sent in segments. The decryption module, deployed at the receiving end, is used to determine the decryption algorithm based on the extracted interface fingerprint feature fragments to decrypt the received data in segments.
[0060] It should be noted that the multiple functional modules involved in this application are merely a logical division based on the functions implemented according to the present invention, and are not a strict limitation on the physical structure; in practical applications, the above functional modules can be implemented by one or more integrated circuits, a processor executing program code in memory, or a combination of the above devices. The technical solution of the present invention has been described above with reference to the preferred embodiments shown in the accompanying drawings. However, it will be readily understood by those skilled in the art that the scope of protection of the present invention is obviously not limited to these specific embodiments. Without departing from the principles of the present invention, those skilled in the art can make equivalent changes or substitutions to the relevant technical features, and the technical solutions after these changes or substitutions will all fall within the scope of protection of the present invention.
Claims
1. A data encryption method based on the Glink bus, characterized in that, include: The interface fingerprint features of the bus link are collected in real time, and the interface fingerprint features with timestamps are sent to the neutral terminal at predetermined intervals. The neutral terminal determines the extraction time within a predetermined period and sends the interface fingerprint feature set within the time domain segment where the extraction time is located to the transceiver. The neutral terminal modifies the extraction time multiple times based on the first element of the interface fingerprint feature set, determines the data storage link to be activated based on the interface fingerprint features corresponding to several modified times, determines the generation method of interference segments, and inserts each interference segment into the interface fingerprint feature segments arranged in time sequence to form an interference fingerprint feature sequence. The neutral terminal stores the interference fingerprint feature sequence to each node of the data storage link. The data stored at each node flows according to the flow time interval, which is determined based on the corresponding interface fingerprint feature. The transceiver determines the extraction time based on the interface fingerprint feature set and makes multiple corrections. Based on the several interface fingerprint features corresponding to the correction time, it determines the data storage link to be accessed and generates an initial number sequence. Based on the flow time interval, it performs data flow time sequence deduction and deduces each node to be accessed in order to extract interface fingerprint feature fragments. The sending end determines the encryption algorithm based on the extracted interface fingerprint feature fragments and encrypts the data to be sent in segments. The receiving end determines the decryption algorithm based on the extracted interface fingerprint feature fragments and decrypts the received data in segments.
2. The data encryption method based on the Glink bus according to claim 1, characterized in that, The process by which the neutral terminal and the transceiver modify the extraction time multiple times based on the first element of the interface fingerprint feature set includes: Extract the first interface fingerprint feature from the interface fingerprint feature set, including the equalizer's main tap coefficient and phase coefficient; The interface fingerprint features are digitized, and the delay step is determined based on the mapping relationship between the processed value and the delay step. Based on the aforementioned delay step, the extraction time is repeatedly delayed to obtain several correction times until the correction times exceed the time domain segment. The digitization process includes normalizing the interface fingerprint features and recombining them into different digits to obtain a recombined number, and determining the recombined number as the processing value; the time domain segment is a time period with the correction time as the intermediate time and a predetermined duration.
3. The data encryption method based on the Glink bus according to claim 2, characterized in that, The process of determining the required data storage link to be activated based on the interface fingerprint features corresponding to several correction times, and determining the generation method of the interference fragment, includes: Extract the interface fingerprint features corresponding to several correction times, digitize them, and determine several processing values. After performing a modulo operation on each of the processed values, they are matched with the sequence number of the data storage link to determine the number of data storage links that need to be activated if the sequence number matches successfully. The interface fingerprint features within the predetermined period are divided into several interface fingerprint feature segments, and several insertion intervals are determined based on the mapping relationship between the processed values and the insertion interval. For the temporally arranged interface fingerprint feature segments, interference segments are inserted at corresponding insertion intervals to obtain the interference fingerprint feature sequence; The number of interface fingerprint feature fragments is the difference between the number of nodes in the activated data storage link and the number of processed values.
4. The data encryption method based on the Glink bus according to claim 3, characterized in that, The process by which the neutral terminal stores the interfering fingerprint feature sequence to each node of the data storage link includes: The nodes are sorted in ascending order based on their corresponding serial numbers in the data storage link. Based on the order of each node, the interface fingerprint feature fragments or interference fragments in the interference fingerprint feature sequence are stored to each node in turn; After storage is complete, record the storage timestamp and send it to the receiving end; Each node in the data storage link is assigned a unique number.
5. The data encryption method based on the Glink bus according to claim 4, characterized in that, The process of data flow based on the flow time intervals stored in each node includes: The interface fingerprint features corresponding to the extraction time are digitized, and the flow time interval is determined based on the mapping relationship between the processed values and the flow time interval. Control the data flow of each node at corresponding flow time intervals; For the tail node, data flows to the head node; For the remaining nodes, the flow proceeds from the node with the smaller number to the adjacent node with the larger number; The tail node is the node with the highest number in the activated data storage link. Data flow includes copying the data that is about to flow in and deleting the data that is about to flow out.
6. The data encryption method based on the Glink bus according to claim 3, characterized in that, The process of determining the required data storage link based on the interface fingerprint features corresponding to the correction time and generating an initial number sequence includes, Extract the interface fingerprint features corresponding to several correction times, digitize them, and determine several processing values. After performing a modulo operation on each of the processed values, they are matched with the sequence number of the data storage link to determine the number of data storage links that need to be activated if the sequence number matches successfully. Arrange the corresponding numbers of each node in each of the data storage links in ascending order, and determine several insertion intervals based on the mapping relationship between the processed values and the insertion intervals; The numbers are marked according to the insertion interval in the numbering sorting process to obtain the initial numbering sequence.
7. The data encryption method based on the Glink bus according to claim 5, characterized in that, The process of performing data flow time-series deduction based on the stated flow time interval, and deducing the nodes that need to be accessed in order to extract a complete interference fingerprint feature sequence includes the following: The flow time interval is determined based on the mapping relationship between the interface fingerprint features corresponding to the extraction time and the flow time interval. Determine the number of flow time intervals between the current time and the stored timestamp, so that the initial numbering sequence undergoes a corresponding number of marked flows to obtain the derived numbering sequence, and determine the unmarked nodes that need to be accessed; For the tail-end numbering, the marker will flow to the head-end numbering; For the remaining numbers, the markers corresponding to the smaller numbers are moved to the adjacent larger numbers; The tail number is the tail number in the initial numbering sequence, and the mark flow includes transferring the mark of the number to the number that needs to be flowed.
8. The data encryption method based on the Glink bus according to claim 2, characterized in that, The sending end performs digitization processing on the extracted interface fingerprint feature fragments, determines the average value of the processed values, and selects the corresponding encryption algorithm based on the mapping relationship between the processed values and the encryption algorithm. The data to be sent is divided into data segments based on the number of interface fingerprint segments, and each segment is encrypted according to the encryption algorithm described above. The resulting encrypted data segments are then combined and sent to the receiving end. The receiving end performs digitization processing on the extracted interface fingerprint feature fragments, determines the average value of the processed values, and selects the corresponding decryption algorithm based on the mapping relationship between the processed values and the decryption algorithm. The data to be sent is divided into segments based on the number of interface fingerprint segments. Each segment is then decrypted using the aforementioned decryption algorithm to obtain several decrypted data segments, which are then combined to obtain the decrypted data.
9. The data encryption method based on the Glink bus according to claim 1, characterized in that, It also includes the neutral terminal's real-time detection of whether the node storing interference fragments is accessed, and issuing a warning signal based on the access result, wherein, If a node storing interference fragments is accessed, an early warning signal is issued, and the access port of the neutral terminal is locked.
10. A system applying the data encryption method based on the Glink bus according to any one of claims 1-9, characterized in that, include: A neutral terminal includes several data storage links, each of which consists of several nodes for storage; The data acquisition module is used to collect the interface fingerprint features of the bus link in real time and send the interface fingerprint features with timestamps to the neutral terminal at predetermined intervals. An interference module, deployed on the neutral terminal, is used to insert each interference fragment into a time-sequentially arranged interface fingerprint feature fragment to form an interference fingerprint feature sequence. A switching module, deployed on the neutral terminal, is used to store the interference fingerprint feature sequence to each node of the data storage link, and the data stored at each node is circulated according to the flow time interval. The extraction module, deployed at the transceiver end, is used to deduce the nodes to be accessed in order to extract interface fingerprint feature fragments. An encryption module, deployed at the sending end, is used to determine the encryption algorithm based on the extracted interface fingerprint feature fragments and encrypt the data to be sent in segments. The decryption module, deployed at the receiving end, is used to determine the decryption algorithm based on the extracted interface fingerprint feature fragments to decrypt the received data in segments.