CN102394749A - Line protection method, system, information safety equipment and application equipment for data transmission - Google Patents
Line protection method, system, information safety equipment and application equipment for data transmission Download PDFInfo
- Publication number
- CN102394749A CN102394749A CN2011102890748A CN201110289074A CN102394749A CN 102394749 A CN102394749 A CN 102394749A CN 2011102890748 A CN2011102890748 A CN 2011102890748A CN 201110289074 A CN201110289074 A CN 201110289074A CN 102394749 A CN102394749 A CN 102394749A
- Authority
- CN
- China
- Prior art keywords
- session
- information safety
- safety devices
- application apparatus
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses line protection method, system, information safety equipment and application equipment for data transmission. The method is used for data encryption transmission between the information safety equipment and the application equipment, and comprises the following steps: the information safety equipment receives the setting of at least one public and private key pair, and the application equipment is provided with an information safety equipment public key; when the application equipment sends a session request to the information safety equipment when requiring a session with the information safety equipment; the information safety equipment sets the session identifiers including the session request information of the application equipment after receiving the session request from the application equipment and achieves session sharing and acquires the session secret key according to the session identifiers; the information safety equipment encrypts the session secret key and sends the encrypted session secret key to the application equipment through a private key signature; and the information safety equipment and the application equipment utilize the session secret key to achieve data encryption and decryption, so as to realize communication. The session identifiers including the session request information of the application equipment are encrypted to further improve the session security.
Description
Technical field
The present invention relates to information security field, specially refer to a kind of route protection method, system, information safety devices and application apparatus of transfer of data.
Background technology
Information safety devices is used for storing some sensitive informations, and accomplishes certain cryptographic algorithm function; When using said sensitive information and cryptographic algorithm; The requirement safe coefficient is higher; Especially now the U shield (USB Key) or the smart card device that use in information interactive process, can obtain the information in the reciprocal process through monitoring USB port; If do not adopt encipherment protection on the transmission line, just there is very big potential safety hazard.
Transmit with the form of ciphertext in order to make the data in the information interactive process; The method that generally adopts now is in equipment, to solidify one or more symmetric key, and the application apparatus that carries out information interaction with said information safety devices adopts the key that solidifies to carry out encryption and decryption.There is very big deficiency in the mode of said fixing key, such as, if a side is the PC end; Can obtain password through internal memory decomposition or code decompiling, thereby can crack the enciphered data in the circuit, even pretend to be smart card device; Usurp user's sensitive information, the user is sustained a loss.
Summary of the invention
Main purpose of the present invention is the route protection method that a kind of transfer of data is provided, and has promoted safety of data transmission.
The present invention proposes a kind of route protection method of transfer of data, is applied to the data encryption transmission between information safety devices and the application apparatus, comprises step:
Information safety devices is accepted the setting of at least one public private key pair, and makes application apparatus have the information safety devices PKI;
Application apparatus sends conversation request to information safety devices;
Information safety devices is provided with the Session ID of the conversation request information that comprises application apparatus after the conversation request and assign sessions that receive application apparatus, and obtains session key according to Session ID;
Information safety devices is with said session key, and the use private key signature sends application apparatus to;
Information safety devices and application apparatus utilize said session key encryption and decryption data to communicate.
Preferably, said application apparatus also comprises step before information safety devices sends the step of conversation request:
Application apparatus dynamically generates public private key pair and cryptographic key factor SeedKeyA; Said conversation request comprises application apparatus PKI and application key factor S eedKeyA.
Preferably, also comprise step before the said method:
The information safety devices initialization dynamically generates the session root key.
Preferably, said information safety devices initialization also comprises step after the step of generation session root key:
Information safety devices dynamically generates cryptographic key factor SeedKeyB.
Preferably, said session key is that information safety devices utilizes the session root key that the session identifier is encrypted acquisition; Said Session ID is the combination of cryptographic key factor SeedKeyA or cryptographic key factor SeedKeyA and SeedKeyB.
Preferably, said information safety devices and the application apparatus step of utilizing said session key encryption and decryption data to communicate specifically comprises:
When said application apparatus when said information safety devices transmits data, said application apparatus is encrypted the data that will transmit with session key, obtains giving said information safety devices ciphertext and cryptographic key factor SeedKeyA together after the ciphertext;
Said information safety devices utilizes root key encryption session identifier, generates said session key, utilizes the session key decrypting ciphertext again, obtains data.
Preferably, said information safety devices is to utilize the PKI of application apparatus to carry out with said session key.
The present invention also proposes a kind of information safety devices, comprising:
Session identification is provided with the unit, is used for after the conversation request and assign sessions that receive application apparatus, the Session ID of the conversation request information that comprises application apparatus being set, and obtains session key according to Session ID;
The secret key encryption unit is used for said session key, and uses private key signature to send application apparatus to;
The first encryption communication unit is used for utilizing said session key encryption and decryption data to communicate with application apparatus.
Preferably, said information safety devices also comprises:
The root key generation unit is used for when the information safety devices initialization, dynamically generating the session root key.
Preferably, said information safety devices also comprises:
The cryptographic key factor generation unit is used for dynamically generating cryptographic key factor SeedKeyB.
The present invention also proposes a kind of application apparatus, comprising:
The conversation request unit is used for sending conversation request to information safety devices;
The key-parsing unit is used for the session key that the resolving information safety means are encrypted the back and used private key signature; Said session key obtains according to the Session ID of the conversation request information that comprises application apparatus;
The second encryption communication unit is used for utilizing said session key encryption and decryption data to communicate with information safety devices.
Preferably, said application apparatus also comprises:
Dynamically generation unit is used for dynamically generating public private key pair and cryptographic key factor SeedKeyA; Said conversation request comprises application apparatus PKI and application key factor S eedKeyA.
The present invention also proposes a kind of route protection system of transfer of data, comprises above-mentioned information safety devices and application apparatus.
The route protection method of above-mentioned transfer of data; The Session ID that comprises the conversation request information of application apparatus through encryption; Produce the session key session of the variation corresponding with application apparatus; Can prevent that the third party from pretending to be application apparatus, can realize that also information safety devices simultaneously carries out session with the different application apparatus or the different processes of application apparatus; When information safety devices transmits session key to application apparatus, sign, can prevent that the third party from pretending to be information safety devices, make that transmission is safer with private key.
Description of drawings
Fig. 1 is the steps flow chart sketch map of route protection method one embodiment of transfer of data of the present invention;
Fig. 2 is the steps flow chart sketch map of another embodiment of route protection method of transfer of data of the present invention;
Fig. 3 is the steps flow chart sketch map of the another embodiment of route protection method of transfer of data of the present invention;
Fig. 4 is the structural representation of information safety devices one embodiment of the present invention;
Fig. 5 is the structural representation of another embodiment of information safety devices of the present invention;
Fig. 6 is the structural representation of application apparatus one embodiment of the present invention;
Fig. 7 is the structural representation of another embodiment of application apparatus of the present invention;
Fig. 8 is the structural representation of one embodiment of route protection system of transfer of data of the present invention.
The realization of the object of the invention, functional characteristics and advantage will combine embodiment, further specify with reference to accompanying drawing.
Embodiment
Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
With reference to Fig. 1, the present invention proposes the route protection method of a kind of transfer of data of first embodiment, makes the transfer of data between information safety devices and the application apparatus safer, and said method can comprise:
Step S10, information safety devices are accepted the setting of at least one public private key pair, and make application apparatus have PKI;
Step S11, application apparatus send conversation request to information safety devices;
Step S12, information safety devices are provided with the Session ID of the conversation request information that comprises application apparatus after the conversation request and assign sessions that receive application apparatus, and obtain session key according to Session ID;
Step S13, information safety devices are with above-mentioned session key, and the use private key signature sends application apparatus to;
Step S14, information safety devices and application apparatus utilize above-mentioned session key encryption and decryption data to communicate.
In the present embodiment, above-mentioned information safety devices can be the equipment that U shield, card reader or smart card etc. have the crypto-operation function; Above-mentioned application apparatus can be to carry out other equipment of exchanges data or the process of equipment with above-mentioned information safety devices.
S10 is said like step, at first, at least one public private key pair need be set in above-mentioned information safety devices, and make application apparatus have PKI; Present embodiment and the corresponding AES of this public private key pair can use RSA, ECC (Elliptic Curves Cryptography, elliptic curve cipher) scheduling algorithm.This step can be disposable setting at the beginning of information safety devices uses, and also can after use, repeatedly be provided with.
S11 is said like step, in information safety devices, set have PKI in public private key pair and the application apparatus after, when application apparatus need carry out exchanges data with information safety devices, will send conversation request to this information safety devices.
S12 is said like step, after above-mentioned information safety devices receives above-mentioned conversation request, will be above-mentioned application apparatus assign sessions, and will Session ID be set for the session that distributes, and obtains session key according to this Session ID.This Session ID comprises the conversation request information of application apparatus, can carry out unique identification to above-mentioned session, and this session key can encryption session.
S13 is said like step; Above-mentioned information safety devices uses above-mentioned session key the mode of encrypting; Send above-mentioned application apparatus to; And the private key in the use information safety devices signs, and makes this application apparatus can utilize the PKI of the information safety devices of reception to verify, strengthens secure session property.
S14 is said like step, and above-mentioned information safety devices and above-mentioned application apparatus use above-mentioned session key encryption and decryption data information, carry out exchanges data.When this application apparatus need obtain data message from information safety devices, after the data message that information safety devices needs application apparatus utilizes session key to encrypt, send this application apparatus to; Application apparatus utilizes session key decrypting ciphertext information to obtain needed data message.When above-mentioned application apparatus need after application apparatus utilizes the data of session key, send this information safety devices to when above-mentioned information safety devices sends data message; This information safety devices utilizes session key decrypting ciphertext information to obtain the data message that this application apparatus transmits, and makes data exchange safety carry out.
The route protection method of above-mentioned transfer of data; The Session ID that comprises the conversation request information of application apparatus through encryption; Produce the session key session of the variation corresponding with application apparatus; Can prevent that the third party from pretending to be application apparatus, can realize that also information safety devices simultaneously carries out session with the different application apparatus or the different processes of application apparatus; When information safety devices transmits session key to application apparatus, sign, can prevent that the third party from pretending to be information safety devices, make that transmission is safer with private key.
With reference to Fig. 2, in another embodiment of the present invention, the route protection method of above-mentioned a kind of transfer of data can comprise:
Step S10, information safety devices are accepted the setting of at least one public private key pair, and make application apparatus have PKI;
Step S100, information safety devices initialization dynamically generate the session root key;
Step S101, application apparatus dynamically generate public private key pair and cryptographic key factor SeedKeyA;
Step S110, application apparatus send the conversation request that comprises application apparatus PKI and cryptographic key factor SeedKeyA to information safety devices;
Step S120, information safety devices receive conversation request and assign sessions, and it is Session ID that cryptographic key factor SeedKeyA is set, and obtain session key with session root key encryption session identifier;
Step S130, information safety devices utilize the PKI of application apparatus to encrypt above-mentioned session key, and use private key signature to send application apparatus to;
Step S14, information safety devices and application apparatus utilize above-mentioned session key encryption and decryption data to communicate.
S10 is said like step, at first, at least one public private key pair need be set in above-mentioned information safety devices, and make application apparatus have PKI.
S100 is said like step, and above-mentioned information safety devices initialization dynamically generates the session root key; This session root key can the encryption session identifier, produces session key.
S101 is said like step, and above-mentioned application apparatus can dynamically generate public private key pair and cryptographic key factor SeedKeyA; This public private key pair can the encryption and decryption session key, and this cryptographic key factor SeedKeyA can be used as Session ID.
S110 is said like step, and above-mentioned application apparatus sends the conversation request that comprises application apparatus PKI and cryptographic key factor SeedKeyA to information safety devices; This application apparatus PKI can encrypted session key.
S120 is said like step, after above-mentioned information safety devices receives above-mentioned conversation request, is above-mentioned application apparatus assign sessions.It is Session ID that this information safety devices is provided with cryptographic key factor SeedKeyA, obtains session key with session root key encryption session identifier.
S130 is said like step, and above-mentioned information safety devices uses the public key encryption of application apparatus generation with above-mentioned session key, and uses the private key signature of information safety devices to send this application apparatus to; Application apparatus uses this private key signature of public key verifications of information safety devices, and uses the private key that self produces to decipher, and obtains session key.
S140 is said like step; When above-mentioned application apparatus need be to above-mentioned information safety devices data information; Application apparatus is encrypted the data that will transmit with session key, obtains after the ciphertext ciphertext and cryptographic key factor SeedKeyA being sent to information safety devices together.This information safety devices utilizes root key encryption session identifier, generates session key, utilizes the session key decrypting ciphertext again, the data that the equipment that is applied transmits.This information safety devices is handled data that application apparatus the transmits data that can meet with a response, and with this response data of session key, the ciphertext that meets with a response also sends application apparatus to; This application apparatus meets with a response expressly with session key deciphering response cyphertext.
The route protection method of above-mentioned transfer of data forms session key through adopting transformable root key encryption session identifier, has further promoted the randomness of session key; In conversation procedure, information safety devices is not preserved session key, but when replying the information of application apparatus, just generates session key by root key encryption session identifier temporarily, and so Session ID is difficult for being stolen, thereby makes session safer; Simultaneously, reduced the memory space of this information safety devices.
With reference to Fig. 3, in further embodiment of this invention, the route protection method of above-mentioned a kind of transfer of data can comprise:
Step S10, information safety devices are accepted the setting of at least one public private key pair, and make application apparatus have PKI;
Step S100, information safety devices initialization dynamically generate the session root key;
Step S1000, information safety devices dynamically generate cryptographic key factor SeedKeyB;
Step S101, application apparatus dynamically generate public private key pair and cryptographic key factor SeedKeyA;
Step S110, application apparatus send the conversation request that comprises application apparatus PKI and cryptographic key factor SeedKeyA to information safety devices;
Step S121, information safety devices receive conversation request and assign sessions, and it is Session ID that cryptographic key factor SeedKeyA and SeedKeyB are set, and obtain session key with session root key encryption session identifier;
Step S130, information safety devices utilize the PKI of application apparatus to encrypt above-mentioned session key, and use private key signature to send application apparatus to;
Step S14, information safety devices and application apparatus utilize above-mentioned session key encryption and decryption data to communicate.
S10 is said like step, at first, at least one public private key pair need be set in above-mentioned information safety devices, and make application apparatus have PKI.
S100 is said like step, and above-mentioned information safety devices initialization dynamically generates the session root key; This session root key can the encryption session identifier, produces session key.
S1000 is said like step, and above-mentioned information safety devices dynamically generates cryptographic key factor SeedKeyB.This cryptographic key factor SeedKeyB can be used as Session ID.
S101 is said like step, and above-mentioned application apparatus dynamically generates public private key pair and cryptographic key factor SeedKeyA; This public private key pair can the encryption and decryption session key, and this cryptographic key factor SeedKeyA also can be used as Session ID.
S110 is said like step, and above-mentioned application apparatus sends the conversation request that comprises application apparatus PKI and cryptographic key factor SeedKeyA to information safety devices; This application apparatus PKI can encrypted session key.
S121 is said like step, after above-mentioned information safety devices receives above-mentioned conversation request, is above-mentioned application apparatus assign sessions.Cryptographic key factor SeedKeyA is set this information safety devices and SeedKeyB is a Session ID, obtains session key with session root key encryption session identifier.
S130 is said like step, and above-mentioned information safety devices uses the public key encryption of application apparatus generation with above-mentioned session key, and uses the private key signature of information safety devices to send this application apparatus to; Application apparatus uses this private key signature of public key verifications of information safety devices, and uses the private key that self produces to decipher, and obtains session key.
S14 is said like step; When above-mentioned application apparatus need be to above-mentioned information safety devices data information; Application apparatus is encrypted the data that will transmit with session key, obtains after the ciphertext ciphertext and cryptographic key factor SeedKeyA being sent to information safety devices together.This information safety devices utilizes root key encryption session identifier, generates session key, utilizes the session key decrypting ciphertext again, the data that the equipment that is applied transmits.This information safety devices is handled data that application apparatus the transmits data that can meet with a response, and with this response data of session key, the ciphertext that meets with a response also sends application apparatus to; This application apparatus meets with a response expressly with session key deciphering response cyphertext.
The route protection method of above-mentioned transfer of data; Encrypt the Session ID of forming by the cryptographic key factor of the cryptographic key factor of information safety devices and application apparatus through adopting transformable root key; Form session key, further promoted the randomness of session key, thereby made session safer.
With reference to Fig. 4, the present invention proposes an a kind of embodiment of information safety devices 20.This information safety devices 20 can comprise: session identification is provided with unit 21, secret key encryption unit 22 and the first encryption communication unit 23 etc.; This session identification is provided with unit 21, is used for after the conversation request and assign sessions that receive application apparatus, the Session ID of the conversation request information that comprises application apparatus being set, and obtains session key according to Session ID; This secret key encryption unit 22 is used for above-mentioned session key, and uses private key signature to send application apparatus to; This first encryption communication unit 23 is used for utilizing above-mentioned session key encryption and decryption data to communicate with application apparatus.
At first, need in above-mentioned information safety devices 20, at least one public private key pair be set, and make application apparatus have PKI; Present embodiment and the corresponding AES of this public private key pair can use RSA, ECC (Elliptic Curves Cryptography, elliptic curve cipher) scheduling algorithm.This step can be disposable setting at the beginning of information safety devices 20 uses, and also can after use, repeatedly be provided with.
In information safety devices 20, set have PKI in public private key pair and the application apparatus after, when application apparatus need carry out exchanges data with information safety devices 20, will send conversation request to this information safety devices 20.
Above-mentioned session identification is provided with unit 21 after information safety devices 20 receives above-mentioned conversation request, will be above-mentioned application apparatus assign sessions, and will Session ID be set for the session that distributes, and obtains session key according to this Session ID.This Session ID comprises the conversation request information of application apparatus, can carry out unique identification to above-mentioned session, and this session key can encryption session.
Above-mentioned secret key encryption unit 22 uses above-mentioned session key the mode of encrypting; Send above-mentioned application apparatus to; And use the private key in the information safety devices 20 to sign, and make this application apparatus can utilize the PKI of the information safety devices 20 of reception to verify, strengthen secure session property.
The above-mentioned first encryption communication unit 23 can carry out exchanges data using above-mentioned session key encryption and decryption data information with application apparatus.When this application apparatus need obtain data message from information safety devices 20, after the data message that this first encryption communication unit 23 needs application apparatus utilizes session key to encrypt, send this application apparatus to; Application apparatus utilizes session key decrypting ciphertext information to obtain needed data message.When above-mentioned application apparatus need after application apparatus utilizes the data of session key, send this first encryption communication unit 23 to when above-mentioned information safety devices 20 sends data message; This first encryption communication unit 23 utilizes session key decrypting ciphertext information to obtain the data message that this application apparatus transmits, and makes data exchange safety carry out.
With reference to Fig. 5, in another embodiment of the present invention, above-mentioned information safety devices 20 also can comprise: root key generation unit 24 is used for when information safety devices 20 initialization, dynamically generating the session root key.Above-mentioned information safety devices 20 also comprises: cryptographic key factor generation unit 25 is used for dynamically generating cryptographic key factor SeedKeyB.
Above-mentioned application apparatus can dynamically generate public private key pair and cryptographic key factor SeedKeyA; This public private key pair can the encryption and decryption session key, and this cryptographic key factor SeedKeyA can be used as Session ID.Above-mentioned application apparatus sends the conversation request that comprises application apparatus PKI and cryptographic key factor SeedKeyA to information safety devices 20; This application apparatus PKI can encrypted session key.After above-mentioned information safety devices 20 receives above-mentioned conversation request, be above-mentioned application apparatus assign sessions.It is Session ID that this information safety devices 20 is provided with cryptographic key factor SeedKeyA, obtains session key with session root key encryption session identifier.
Above-mentioned information safety devices 20 dynamically generates cryptographic key factor SeedKeyB.This cryptographic key factor SeedKeyB can be used as Session ID.Above-mentioned application apparatus dynamically generates public private key pair and cryptographic key factor SeedKeyA; This public private key pair can the encryption and decryption session key, and this cryptographic key factor SeedKeyA also can be used as Session ID.This application apparatus sends the conversation request that comprises application apparatus PKI and cryptographic key factor SeedKeyA to information safety devices 20; This application apparatus PKI can encrypted session key.After this information safety devices 20 receives above-mentioned conversation request, be above-mentioned application apparatus assign sessions.Cryptographic key factor SeedKeyA is set this information safety devices 20 and SeedKeyB is a Session ID, obtains session key with session root key encryption session identifier.
Above-mentioned information safety devices 20 is encrypted through adopting transformable root key; And by the cryptographic key factor of this information safety devices 20; The perhaps Session ID formed of the cryptographic key factor of the cryptographic key factor of this information safety devices 20 and application apparatus; Form session key, further promoted the randomness of session key, thereby made session safer.
With reference to Fig. 6, the present invention also proposes an a kind of embodiment of application apparatus 30.This application apparatus 30 can comprise: conversation request unit 31, key-parsing unit 32 and the second encryption communication unit 33 etc.; This conversation request unit 31 is used for sending conversation request to information safety devices 20; This key-parsing unit 32 is used for the session key that resolving information safety means 20 are encrypted the back and used private key signature; Said session key obtains according to the Session ID of the conversation request information that comprises application apparatus 30; This second encryption communication unit 33 is used for utilizing said session key encryption and decryption data to communicate with information safety devices 20.
With reference to Fig. 7, in another embodiment of the present invention, above-mentioned application apparatus 30 also comprises: dynamic generation unit 34 is used for dynamically generating public private key pair and cryptographic key factor SeedKeyA; This conversation request comprises application apparatus 30 PKIs and application apparatus 30 cryptographic key factor SeedKeyA.
Above-mentioned application apparatus 30 can dynamically generate public private key pair and cryptographic key factor SeedKeyA; This public private key pair can the encryption and decryption session key, and this cryptographic key factor SeedKeyA can be used as Session ID.Above-mentioned application apparatus 30 sends the conversation request that comprises application apparatus 30 PKIs and cryptographic key factor SeedKeyA to information safety devices 20; These application apparatus 30 PKIs can encrypted session key.After above-mentioned information safety devices 20 receives above-mentioned conversation request, be above-mentioned application apparatus 30 assign sessions.It is Session ID that this information safety devices 20 is provided with cryptographic key factor SeedKeyA, obtains session key with session root key encryption session identifier.
Above-mentioned application apparatus 30 can dynamically generate public private key pair and cryptographic key factor SeedKeyA; This public private key pair can the encryption and decryption session key, and this cryptographic key factor SeedKeyA can be used as Session ID.Above-mentioned application apparatus 30 sends the conversation request that comprises application apparatus 30 PKIs and cryptographic key factor SeedKeyA to information safety devices 20; These application apparatus 30 PKIs can encrypted session key.After above-mentioned information safety devices 20 receives above-mentioned conversation request, be above-mentioned application apparatus 30 assign sessions.It is Session ID that this information safety devices 20 is provided with cryptographic key factor SeedKeyA, obtains session key with session root key encryption session identifier.
With reference to Fig. 8, the present invention proposes an a kind of embodiment of route protection system of transfer of data.This system can comprise information safety devices 20 and application apparatus 30.This information safety devices 20 can comprise: session identification is provided with unit 21, secret key encryption unit 22 and the first encryption communication unit 23 etc.; This session identification is provided with unit 21, is used for after the conversation request and assign sessions that receive application apparatus 30, the Session ID of the conversation request information that comprises application apparatus 30 being set, and obtains session key according to Session ID; This secret key encryption unit 22 is used for above-mentioned session key, and uses private key signature to send application apparatus 30 to; This first encryption communication unit 23 is used for utilizing above-mentioned session key encryption and decryption data to communicate with application apparatus 30.
This application apparatus 30 can comprise: conversation request unit 31, key-parsing unit 32 and the second encryption communication unit 33 etc.; This conversation request unit 31 is used for sending conversation request to information safety devices 20; This key-parsing unit 32 is used for the session key that resolving information safety means 20 are encrypted the back and used private key signature; Said session key obtains according to the Session ID of the conversation request information that comprises application apparatus 30; This second encryption communication unit 33 is used for utilizing said session key encryption and decryption data to communicate with information safety devices 20.
Above-mentioned information safety devices 20 and application apparatus 30 can be described in above-mentioned embodiment.
The above is merely the preferred embodiments of the present invention; Be not so limit claim of the present invention; Every equivalent structure or equivalent flow process conversion that utilizes specification of the present invention and accompanying drawing content to be done; Or directly or indirectly be used in other relevant technical fields, all in like manner be included in the scope of patent protection of the present invention.
Claims (13)
1. the route protection method of a transfer of data is applied to the data encryption transmission between information safety devices and the application apparatus, it is characterized in that, comprises step:
Information safety devices is accepted the setting of at least one public private key pair, and makes application apparatus have the information safety devices PKI;
Application apparatus sends conversation request to information safety devices;
Information safety devices is provided with the Session ID of the conversation request information that comprises application apparatus after the conversation request and assign sessions that receive application apparatus, and obtains session key according to Session ID;
Information safety devices is with said session key, and the use private key signature sends application apparatus to;
Information safety devices and application apparatus utilize said session key encryption and decryption data to communicate.
2. the route protection method of transfer of data according to claim 1 is characterized in that, said application apparatus also comprises step before information safety devices sends the step of conversation request:
Application apparatus dynamically generates public private key pair and cryptographic key factor SeedKeyA; Said conversation request comprises application apparatus PKI and application key factor S eedKeyA.
3. the route protection method of transfer of data according to claim 2 is characterized in that, also comprises step before the said method:
The information safety devices initialization dynamically generates the session root key.
4. the route protection method of transfer of data according to claim 3 is characterized in that, said information safety devices initialization also comprises step after the step of generation session root key:
Information safety devices dynamically generates cryptographic key factor SeedKeyB.
5. the route protection method of transfer of data according to claim 4 is characterized in that, said session key is that information safety devices utilizes the session root key that the session identifier is encrypted acquisition; Said Session ID is the combination of cryptographic key factor SeedKeyA or cryptographic key factor SeedKeyA and SeedKeyB.
6. the route protection method of transfer of data according to claim 5 is characterized in that, the step that said information safety devices and application apparatus utilize said session key encryption and decryption data to communicate specifically comprises:
When said application apparatus when said information safety devices transmits data, said application apparatus is encrypted the data that will transmit with session key, obtains giving said information safety devices ciphertext and cryptographic key factor SeedKeyA together after the ciphertext;
Said information safety devices utilizes root key encryption session identifier, generates said session key, utilizes the session key decrypting ciphertext again, obtains data.
7. the route protection method of transfer of data according to claim 3 is characterized in that, said information safety devices is to utilize the PKI of application apparatus to carry out with said session key.
8. an information safety devices is characterized in that, comprising:
Session identification is provided with the unit, is used for after the conversation request and assign sessions that receive application apparatus, the Session ID of the conversation request information that comprises application apparatus being set, and obtains session key according to Session ID;
The secret key encryption unit is used for said session key, and uses private key signature to send application apparatus to;
The first encryption communication unit is used for utilizing said session key encryption and decryption data to communicate with application apparatus.
9. information safety devices according to claim 8 is characterized in that, said information safety devices also comprises:
The root key generation unit is used for when the information safety devices initialization, dynamically generating the session root key.
10. information safety devices according to claim 9 is characterized in that, said information safety devices also comprises:
The cryptographic key factor generation unit is used for dynamically generating cryptographic key factor SeedKeyB.
11. an application apparatus is characterized in that, comprising:
The conversation request unit is used for sending conversation request to information safety devices;
The key-parsing unit is used for the session key that the resolving information safety means are encrypted the back and used private key signature; Said session key obtains according to the Session ID of the conversation request information that comprises application apparatus;
The second encryption communication unit is used for utilizing said session key encryption and decryption data to communicate with information safety devices.
12. information safety devices according to claim 11 is characterized in that, said application apparatus also comprises:
Dynamically generation unit is used for dynamically generating public private key pair and cryptographic key factor SeedKeyA; Said conversation request comprises application apparatus PKI and application key factor S eedKeyA.
13. the route protection system of a transfer of data comprises like each described information safety devices in the claim 8 to 10 and the application apparatus described in claim 11 or 12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110289074.8A CN102394749B (en) | 2011-09-26 | 2011-09-26 | Line protection method, system, information safety equipment and application equipment for data transmission |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110289074.8A CN102394749B (en) | 2011-09-26 | 2011-09-26 | Line protection method, system, information safety equipment and application equipment for data transmission |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102394749A true CN102394749A (en) | 2012-03-28 |
| CN102394749B CN102394749B (en) | 2014-03-05 |
Family
ID=45861958
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110289074.8A Active CN102394749B (en) | 2011-09-26 | 2011-09-26 | Line protection method, system, information safety equipment and application equipment for data transmission |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102394749B (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014005534A1 (en) * | 2012-07-06 | 2014-01-09 | 中国银联股份有限公司 | Method and system for transmitting data from data provider to smart card |
| WO2014139411A1 (en) * | 2013-03-15 | 2014-09-18 | 福建联迪商用设备有限公司 | Secure downloading method and system for terminal master key (tmk) |
| CN104468126A (en) * | 2014-12-26 | 2015-03-25 | 北京深思数盾科技有限公司 | Safety communication system and method |
| WO2016146013A1 (en) * | 2015-03-19 | 2016-09-22 | 阿里巴巴集团控股有限公司 | Method, device and system for online writing application key in digital content device |
| CN106790223A (en) * | 2017-01-13 | 2017-05-31 | 无锡英威腾电梯控制技术有限公司 | The method and apparatus and its system of a kind of data transfer |
| CN106878016A (en) * | 2017-04-27 | 2017-06-20 | 上海木爷机器人技术有限公司 | Data is activation, method of reseptance and device |
| CN107210912A (en) * | 2014-12-29 | 2017-09-26 | 维萨国际服务协会 | Mandate to application library is accessed |
| CN108377495A (en) * | 2016-10-31 | 2018-08-07 | 华为技术有限公司 | A kind of data transmission method, relevant device and system |
| CN108521419A (en) * | 2018-04-04 | 2018-09-11 | 广州赛姆科技资讯股份有限公司 | Access processing method, device and the computer equipment of observation system file |
| CN109688581A (en) * | 2017-10-18 | 2019-04-26 | 中国移动通信集团吉林有限公司 | A kind of safe transmission method and device of data |
| CN111541690A (en) * | 2020-04-21 | 2020-08-14 | 北京智芯微电子科技有限公司 | Safety protection method for communication between intelligent terminal and server |
| CN112699374A (en) * | 2020-12-28 | 2021-04-23 | 山东鲁能软件技术有限公司 | Integrity checking vulnerability security protection method and system |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101022455A (en) * | 2006-12-26 | 2007-08-22 | 北京大学 | Web communication encrypting method |
| CN101056166A (en) * | 2007-05-28 | 2007-10-17 | 北京飞天诚信科技有限公司 | A method for improving the data transmission security |
| JP2009181311A (en) * | 2008-01-30 | 2009-08-13 | Hitachi Computer Peripherals Co Ltd | Data comparison device |
| CN101789861A (en) * | 2009-01-22 | 2010-07-28 | 深圳市文鼎创数据科技有限公司 | Secure information transmission method |
| CN101789863A (en) * | 2009-01-22 | 2010-07-28 | 深圳市文鼎创数据科技有限公司 | Safe data information transmission method |
| CN201656997U (en) * | 2010-04-28 | 2010-11-24 | 中国工商银行股份有限公司 | Device for generating transmission key |
| CN101964786A (en) * | 2010-09-17 | 2011-02-02 | 中山大学 | Set-top box-based secure information transmission system and method |
-
2011
- 2011-09-26 CN CN201110289074.8A patent/CN102394749B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101022455A (en) * | 2006-12-26 | 2007-08-22 | 北京大学 | Web communication encrypting method |
| CN101056166A (en) * | 2007-05-28 | 2007-10-17 | 北京飞天诚信科技有限公司 | A method for improving the data transmission security |
| JP2009181311A (en) * | 2008-01-30 | 2009-08-13 | Hitachi Computer Peripherals Co Ltd | Data comparison device |
| CN101789861A (en) * | 2009-01-22 | 2010-07-28 | 深圳市文鼎创数据科技有限公司 | Secure information transmission method |
| CN101789863A (en) * | 2009-01-22 | 2010-07-28 | 深圳市文鼎创数据科技有限公司 | Safe data information transmission method |
| CN201656997U (en) * | 2010-04-28 | 2010-11-24 | 中国工商银行股份有限公司 | Device for generating transmission key |
| CN101964786A (en) * | 2010-09-17 | 2011-02-02 | 中山大学 | Set-top box-based secure information transmission system and method |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103532714A (en) * | 2012-07-06 | 2014-01-22 | 中国银联股份有限公司 | Method and system for transmitting data from data provider to intelligent card |
| WO2014005534A1 (en) * | 2012-07-06 | 2014-01-09 | 中国银联股份有限公司 | Method and system for transmitting data from data provider to smart card |
| WO2014139411A1 (en) * | 2013-03-15 | 2014-09-18 | 福建联迪商用设备有限公司 | Secure downloading method and system for terminal master key (tmk) |
| CN104468126A (en) * | 2014-12-26 | 2015-03-25 | 北京深思数盾科技有限公司 | Safety communication system and method |
| CN104468126B (en) * | 2014-12-26 | 2018-08-21 | 北京深思数盾科技股份有限公司 | A kind of safe communication system and method |
| CN107210912A (en) * | 2014-12-29 | 2017-09-26 | 维萨国际服务协会 | Mandate to application library is accessed |
| WO2016146013A1 (en) * | 2015-03-19 | 2016-09-22 | 阿里巴巴集团控股有限公司 | Method, device and system for online writing application key in digital content device |
| CN108377495A (en) * | 2016-10-31 | 2018-08-07 | 华为技术有限公司 | A kind of data transmission method, relevant device and system |
| CN108377495B (en) * | 2016-10-31 | 2021-10-15 | 华为技术有限公司 | Data transmission method, related equipment and system |
| US11228908B2 (en) | 2016-10-31 | 2022-01-18 | Huawei Technologies Co., Ltd. | Data transmission method and related device and system |
| CN106790223A (en) * | 2017-01-13 | 2017-05-31 | 无锡英威腾电梯控制技术有限公司 | The method and apparatus and its system of a kind of data transfer |
| CN106790223B (en) * | 2017-01-13 | 2020-10-20 | 无锡英威腾电梯控制技术有限公司 | Data transmission method, equipment and system |
| CN106878016A (en) * | 2017-04-27 | 2017-06-20 | 上海木爷机器人技术有限公司 | Data is activation, method of reseptance and device |
| CN109688581A (en) * | 2017-10-18 | 2019-04-26 | 中国移动通信集团吉林有限公司 | A kind of safe transmission method and device of data |
| CN108521419A (en) * | 2018-04-04 | 2018-09-11 | 广州赛姆科技资讯股份有限公司 | Access processing method, device and the computer equipment of observation system file |
| CN108521419B (en) * | 2018-04-04 | 2021-06-01 | 广州赛姆科技资讯股份有限公司 | Access processing method and device for monitoring system file and computer equipment |
| CN111541690A (en) * | 2020-04-21 | 2020-08-14 | 北京智芯微电子科技有限公司 | Safety protection method for communication between intelligent terminal and server |
| CN111541690B (en) * | 2020-04-21 | 2022-05-20 | 北京智芯微电子科技有限公司 | Safety protection method for communication between intelligent terminal and server |
| CN112699374A (en) * | 2020-12-28 | 2021-04-23 | 山东鲁能软件技术有限公司 | Integrity checking vulnerability security protection method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102394749B (en) | 2014-03-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102394749B (en) | Line protection method, system, information safety equipment and application equipment for data transmission | |
| CN101789865B (en) | Dedicated server used for encryption and encryption method | |
| CN101075874B (en) | Certifying method and system | |
| CN106789042B (en) | Authentication key negotiation method for user in IBC domain to access resources in PKI domain | |
| CN105162599B (en) | A kind of data transmission system and its transmission method | |
| CN108768930A (en) | A kind of encrypted transmission method of data | |
| CN101917710A (en) | Method, system and related device for mobile internet encryption communication | |
| CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
| CN102664898A (en) | Fingerprint identification-based encrypted transmission method, fingerprint identification-based encrypted transmission device and fingerprint identification-based encrypted transmission system | |
| CN101789863B (en) | Safe data information transmission method | |
| CN101789068B (en) | Card reader safety certification device and method | |
| CN101286849A (en) | Authentication system and method of a third party based on engagement arithmetic | |
| CN110120939A (en) | A kind of encryption method and system of the deniable authentication based on heterogeneous system | |
| CN102572817A (en) | Method and intelligent memory card for realizing mobile communication confidentiality | |
| CN109150897A (en) | A kind of communication encrypting method and device end to end | |
| CN102082790A (en) | Method and device for encryption/decryption of digital signature | |
| CN106685969A (en) | Hybrid-encrypted information transmission method and transmission system | |
| CN103905388A (en) | Authentication method, authentication device, smart card, and server | |
| CN113630407A (en) | Method and system for enhancing transmission security of MQTT protocol by using symmetric cryptographic technology | |
| CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
| CN110402560A (en) | System and method in the authentication key exchange scheme of identity-based with forward security for calculating publicly-owned session key | |
| CN103414559A (en) | Identity authentication method based on IBE-like system in cloud computing environment | |
| CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
| CN105142134A (en) | Parameter obtaining and transmission methods/devices | |
| KR101351110B1 (en) | Apparatus and method of transmitting/receiving encrypted data in a communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |