CN102412967B - Data transmission system and method - Google Patents

Data transmission system and method Download PDF

Info

Publication number
CN102412967B
CN102412967B CN2011102940624A CN201110294062A CN102412967B CN 102412967 B CN102412967 B CN 102412967B CN 2011102940624 A CN2011102940624 A CN 2011102940624A CN 201110294062 A CN201110294062 A CN 201110294062A CN 102412967 B CN102412967 B CN 102412967B
Authority
CN
China
Prior art keywords
data
cryptographic algorithm
key
terminal
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2011102940624A
Other languages
Chinese (zh)
Other versions
CN102412967A (en
Inventor
杜宇
宋永强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yonyou Network Technology Co Ltd
Original Assignee
Yonyou Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yonyou Software Co Ltd filed Critical Yonyou Software Co Ltd
Priority to CN2011102940624A priority Critical patent/CN102412967B/en
Publication of CN102412967A publication Critical patent/CN102412967A/en
Application granted granted Critical
Publication of CN102412967B publication Critical patent/CN102412967B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a data transmission system and a data transmission method. Data to be transmitted is subjected to definition of the security level; and the data in different security levels are encrypted in different forms. In the encryption, a chain-type encrypting process combined by one or more encrypting algorithms is used, so the security of the data is guaranteed, and the process of the encrypting algorithms is suitable for the data to be transmitted and processing devices.

Description

The data transmission system method of unifying
Technical field
The present invention relates to data transmission technology, in particular to the data transmission system method of unifying
Background technology
In existing software encryption system, most application program has all been used the fail safe of the mode protected data of fixed-encryption algorithm (combination) when using the encrypting and decrypting function.The benefit of doing like this is apparent: use the encrypting module simplicity of design of fixed-encryption algorithm (combination), after selecting the high strength encrypting algorithm, its data security performance is fine.But such design defect is also very obvious: no matter data characteristic how, the unified encrypting and decrypting method according to identical is processed, for top-secret data, likely Cipher Strength is inadequate, for public data, there is no need fully, likely waste computational resource; Simultaneously, use for a long time same cryptographic algorithm (and key set) also likely to the assailant, to facilitate, be unfavorable for data security.And especially in mobile device, this defect is more remarkable: a little less than computing capability, and be subject in network connects and battery electric quantity restricts system, how the balance quality power dissipation ratio is also very crucial characteristic index.
Therefore, need a kind of new data transmission technology, both can guarantee the fail safe of data, can guarantee that again the processing procedure of cryptographic algorithm is adapted to need the data and the processing unit that transmit.
Summary of the invention
The present invention just is being based on the problems referred to above, has proposed a kind of new data transmission technology, both can guarantee the fail safe of data, can guarantee that again the processing procedure of cryptographic algorithm is adapted to need the data and the processing unit that transmit.
In view of this, the present invention proposes a kind of data transmission system, comprise: storage device, server and terminal, wherein, described storage device, for storing a plurality of level of securitys and a plurality of cryptographic algorithm data splitting accordingly, in described cryptographic algorithm data splitting, comprise the sign of at least a algorithm and putting in order of described sign; Described server comprises: first communication module is connected to described storage device and described terminal, for described storage device or described terminal, communicating; Setting module, for the sign of the algorithm that comprises in the described level of security of setting described storage device and corresponding described cryptographic algorithm data splitting; Described terminal comprises: second communication module, for described server, communicating; Acquisition module, be used to obtaining the level of security of data; Enquiry module, the described level of security obtained according to described acquisition module, from inquiry described storage device corresponding to the cryptographic algorithm data splitting of described level of security; Encrypting module, putting in order of the sign comprised in the described cryptographic algorithm data splitting inquired according to described enquiry module, and utilize cryptographic algorithm corresponding to described sign to be encrypted described data, wherein, the output that is input as front a kind of cryptographic algorithm of rear a kind of cryptographic algorithm, and obtain final encrypted packets; Processing module, by described second communication module, to be sent to described server from described final encrypted packets or the key of described encrypting module, wherein, described key needs at least one group key corresponding to cryptographic algorithm the key exchanged, and described cryptographic algorithm is corresponding to the sign in described cryptographic algorithm combination; Deciphering module, receive described final encrypted packets or the described key from described server by described second communication module, and utilize described key to be decrypted described final encrypted packets, obtains described data.In this technical scheme, the cryptographic algorithm of using during encryption can be one or more, depends primarily on the significance level of corresponding data, can correspondingly revise.And during encryption, adopted the processing mode of chain type, namely the Output rusults of front a kind of algorithm is the input of rear a kind of algorithm, and compound mode can arbitrarily change, unrestricted, thereby can effectively improve the fail safe of transmission.In addition, before carrying out concrete transfer of data, also need the transmission both sides of data to exchange encrypting or deciphering needed key, this key can be the privacy key in symmetric key encryption algorithm, can be also public-key cryptography or the private key in asymmetric-key encryption (or data signature) algorithm, this be for not impact of the present invention.Key can be one or more groups, as long as can meet the needs of all cryptographic algorithm.
In technique scheme, preferably, comprising: described storage device is arranged in described server and/or is arranged in described server outside and/or is positioned at described terminal.In this technical scheme, can utilize the memory space in server to store, also can adopt independent storage device, this is for not impact of the present invention, and while being conducive to system building, takes full advantage of resource.In addition, can also directly storage device be placed in to terminal, thereby facilitate terminal obtain and utilize the data of storage.
In technique scheme, preferably, described server also comprises: key management module, be used to storing described user's described key, and, when described terminal is carried out the encryption of data or deciphered, by described first communication module, described key is sent to described terminal and carries out respective operations.In this technical scheme, the user can in server, be conducive to guarantee the fail safe of key like this by the key that obtains or oneself key storage after exchange, also facilitates the user to manage, and prevents that key from losing or finding in too much key the key of needs.Certainly, the user also can be kept at this locality or other places, can not impact for enforcement of the present invention.
In technique scheme, preferably, described cryptographic algorithm data splitting comprises the sign of Digital Signature Algorithm.In technique scheme, in the cryptographic algorithm of using, if use Digital Signature Algorithm, can prevent effectively that the malicious node data falsification of palming off identity from attacking, because in correlation technique, the probability that the Digital Signature Algorithm of some strength is cracked is minimum, thereby the source and destination both sides that solved data lack the problem that authentication may cause palming off identity.
In technique scheme, preferably, comprising: after described encrypting module utilized described cryptographic algorithm data to be encrypted described data, the head of the encrypted packets obtained was corresponding to described cryptographic algorithm; And described deciphering module obtains the cryptographic algorithm corresponding to this head, and utilizes the described cryptographic algorithm of corresponding secret key decryption by the head of the encrypted packets in the described final encrypted packets of identification or intermediate layer.In this technical scheme, owing to may adopting multiple encryption algorithms to process data, therefore, when being decrypted, also need to carry out corresponding method.Such as for having adopted multiple encryption algorithms, the encrypted packet that the cryptographic algorithm first adopted can be obtained is considered as the encrypted packet of " internal layer ", the encrypted packet that the cryptographic algorithm then adopted obtains is considered as the encrypted packet of " skin ", the encrypted packet obtained for the user, at first should be decrypted outer field encrypted packet.Here be mainly to analyze by the head to encrypted packet, thereby learn the kind of this infill layer algorithm, this is due to after adopting a kind of cryptographic algorithm to be encrypted data, the head of the encrypted packet obtained can stay the sign corresponding to this algorithm, thereby can pass through the sign of the head of identification encrypted packet, thereby recognize the cryptographic algorithm adopted, and utilize key to be decrypted, obtain the encrypted packet of the inside one deck.And then this encrypted packet is identified and deciphered to the head of the encrypted packet that newly obtains.Finally, by the deciphering to each infill layer bag, obtain the data that the user needs.
In technique scheme, preferably, comprising: the system of the compatible different platform of the cryptographic algorithm of use, described system comprises Windows, Linux, MacOS, IOS and/or Android; And described server also comprises modular converter, when the system of the target terminal of the initial terminal that sends data and reception data is different, will from the final data bag of described initial terminal, carry out by described first communication module, being sent to described target terminal after format conversion.In this technical scheme, data transmission scheme of the present invention can be for fixing PC platform, also can be for mobile platform, this is due to the storage device that has used in the present invention independent storage encryption algorithm combination data, thereby guarantee that each system can both carry out normal exchanges data, promote the user and experience.In addition, terminal, when the transmission that is encrypted packet, can directly send between terminal, also can forward by server, thereby realize the compatibility of different platform.
According to another aspect of the invention, also proposed a kind of data transmission method, having comprised: step 202, determine multiple encryption algorithms, and determine at least one group key for described cryptographic algorithm by a plurality of users that needs carry out transfer of data, and the described key of exchange between described a plurality of user; Step 204, set a plurality of level of securitys and a plurality of cryptographic algorithm data splitting, and described level of security and described cryptographic algorithm data splitting are stored accordingly, in described cryptographic algorithm data splitting, comprises the sign of algorithm; Step 206, initial terminal is obtained the level of security of data, according to described level of security, obtain corresponding cryptographic algorithm data splitting, according to putting in order of the sign comprised in described cryptographic algorithm data splitting, and utilize cryptographic algorithm corresponding to described sign to be encrypted described data, wherein, the output that is input as front a kind of cryptographic algorithm of rear a kind of cryptographic algorithm, and the final encrypted packets that will obtain is sent to target terminal; Step 208, described target terminal receives the described final encrypted packets from described initial terminal, and utilizes described key to be decrypted described final encrypted packets, obtains described data.In this technical scheme, the cryptographic algorithm of using during encryption can be one or more, depends primarily on the significance level of corresponding data, can correspondingly revise.And during encryption, adopted the processing mode of chain type, namely the Output rusults of front a kind of algorithm is the input of rear a kind of algorithm, and compound mode can arbitrarily change, unrestricted, thereby can effectively improve the fail safe of transmission.In addition, before carrying out concrete transfer of data, also need the transmission both sides of data to exchange encrypting or deciphering needed key, this key can be the privacy key in symmetric key encryption algorithm, can be also public-key cryptography or the private key in asymmetric-key encryption (or data signature) algorithm, this be for not impact of the present invention.Key can be one or more groups, as long as can meet the needs of all cryptographic algorithm.In addition, the key for obtaining after user's key and exchange, can be stored in server, is conducive to like this guarantee the fail safe of key, also facilitates the user to manage, and prevents that key from losing or in too much key, find the key needed.Certainly, the user also can be kept at this locality or other places, can not impact for enforcement of the present invention.
In technique scheme, preferably, described cryptographic algorithm data splitting comprises the sign of Digital Signature Algorithm.In technique scheme, in the cryptographic algorithm of using, if use Digital Signature Algorithm, can prevent effectively that the malicious node data falsification of palming off identity from attacking, because in correlation technique, the probability that the Digital Signature Algorithm of some strength is cracked is minimum, thereby the source and destination both sides that solved data lack the problem that authentication may cause palming off identity.
In technique scheme, preferably, comprising: after utilizing described cryptographic algorithm data to be encrypted described data, the head of the encrypted packets obtained is corresponding to described cryptographic algorithm; And described target terminal obtains the cryptographic algorithm corresponding to this head, and utilizes the described cryptographic algorithm of corresponding secret key decryption by the head of the encrypted packets in the described final encrypted packets of identification or intermediate layer.In this technical scheme, owing to may adopting multiple encryption algorithms to process data, therefore, when being decrypted, also need to carry out corresponding method.Such as for having adopted multiple encryption algorithms, the encrypted packet that the cryptographic algorithm first adopted can be obtained is considered as the encrypted packet of " internal layer ", the encrypted packet that the cryptographic algorithm then adopted obtains is considered as the encrypted packet of " skin ", the encrypted packet obtained for the user, at first should be decrypted outer field encrypted packet.Here be mainly to analyze by the head to encrypted packet, thereby learn the kind of this infill layer algorithm, this is due to after adopting a kind of cryptographic algorithm to be encrypted data, the head of the encrypted packet obtained can stay the sign corresponding to this algorithm, thereby can pass through the sign of the head of identification encrypted packet, thereby recognize the cryptographic algorithm adopted, and utilize key to be decrypted, obtain the encrypted packet of the inside one deck.And then this encrypted packet is identified and deciphered to the head of the encrypted packet that newly obtains.Finally, by the deciphering to each infill layer bag, obtain the data that the user needs.
In technique scheme, preferably, comprising: the system of the compatible different platform of the cryptographic algorithm of use, described system comprises Windows, Linux, MacOS, IOS and/or Android; And, when the system of the target terminal of the initial terminal that sends data and reception data is different, will from the final data bag of described initial terminal, carry out being sent to described target terminal after format conversion.In this technical scheme, data transmission scheme of the present invention can be for fixing PC platform, also can be for mobile platform, this is due to the cryptographic algorithm storehouse of having used in the present invention full compatibility, thereby and utilize server to carry out transfer to guarantee that each system can both carry out normal exchanges data, promote the user and experience.In addition, terminal, when the transmission that is encrypted packet, can directly send between terminal, also can forward by server, thereby realize the compatibility of different platform.
By above technical scheme, both can guarantee the fail safe of data, can guarantee that again the processing procedure of cryptographic algorithm is adapted to need the data and the processing unit that transmit.
The accompanying drawing explanation
Figure 1A shows the block diagram of data transmission system according to an embodiment of the invention;
Figure 1B shows the block diagram of data transmission system according to an embodiment of the invention;
Fig. 2 shows the flow chart of data transmission method according to an embodiment of the invention;
Fig. 3 shows the schematic diagram that exchanges according to an embodiment of the invention key;
Fig. 4 shows the schematic flow diagram of data encryption according to an embodiment of the invention;
Fig. 5 shows the schematic flow diagram of data deciphering according to an embodiment of the invention;
Fig. 6 shows the schematic diagram of exchanges data according to an embodiment of the invention;
Fig. 7 shows the flow chart of data encryption according to an embodiment of the invention;
Fig. 8 shows the schematic diagram of data encryption security strategy according to an embodiment of the invention; And
Fig. 9 shows the schematic diagram of transfer of data according to an embodiment of the invention.
Embodiment
In order more clearly to understand above-mentioned purpose of the present invention, feature and advantage, below in conjunction with the drawings and specific embodiments, the present invention is further described in detail.
Set forth in the following description a lot of details so that fully understand the present invention, still, the present invention can also adopt other to be different from other modes described here and implement, and therefore, the present invention is not limited to the restriction of following public specific embodiment.
Figure 1A shows the block diagram of data transmission system according to an embodiment of the invention; Figure 1B shows the block diagram of data transmission system according to an embodiment of the invention.
As shown in Figure 1A, data transmission system 100 according to an embodiment of the invention, comprise: storage device 102, server 104 and terminal 106, wherein, storage device 102, for storing a plurality of level of securitys and a plurality of cryptographic algorithm data splitting accordingly, in described cryptographic algorithm data splitting, comprise the sign of at least a algorithm and putting in order of sign; Server 104 comprises: first communication module 108 is connected to storage device 102 and terminal 106, for storage device 102 or terminal 106, communicating; Setting module 110, for the sign of the algorithm that comprises in the level of security of setting storage device 102 and corresponding cryptographic algorithm data splitting; Terminal comprises: second communication module 114, for server 104, communicating; Acquisition module 116, be used to obtaining the level of security of data; Enquiry module 118, the level of security obtained according to acquisition module 116, from inquiry storage device 102 corresponding to the cryptographic algorithm data splitting of level of security; Encrypting module 120, putting in order of the sign comprised in the cryptographic algorithm data splitting inquired according to enquiry module 118, and utilize cryptographic algorithm corresponding to sign to be encrypted data, wherein, the output that is input as front a kind of cryptographic algorithm of rear a kind of cryptographic algorithm, and obtain final encrypted packets; Processing module 122, by second communication module 114, to be sent to server 104 from final encrypted packets or the key of encrypting module 120, wherein, key needs at least one group key corresponding to cryptographic algorithm the key exchanged, and cryptographic algorithm is corresponding to the sign in the cryptographic algorithm combination; Deciphering module 124, by final encrypted packets or the key of second communication module 114 receptions from server 104, and utilize key to be decrypted final encrypted packets, obtains data.In this technical scheme, the cryptographic algorithm of using during encryption can be one or more, depends primarily on the significance level of corresponding data, can correspondingly revise.And during encryption, adopted the processing mode of chain type, namely the Output rusults of front a kind of algorithm is the input of rear a kind of algorithm, and compound mode can arbitrarily change, unrestricted, thereby can effectively improve the fail safe of transmission.In addition, before carrying out concrete transfer of data, also need the transmission both sides of data to exchange encrypting or deciphering needed key, this key can be the privacy key in symmetric key encryption algorithm, can be also public-key cryptography or the private key in asymmetric-key encryption (or data signature) algorithm, this be for not impact of the present invention.Key can be one or more groups, as long as can meet the needs of all cryptographic algorithm.
In technique scheme, comprising: storage device 102 is arranged in server 104 and/or is arranged in server 104 outsides and/or is positioned at terminal 106.In this technical scheme, can utilize the memory space in server 104 to store, also can adopt independent storage device 102, this is for not impact of the present invention, and when being conducive to system 100 and building, takes full advantage of resource.In addition, can also directly storage device 102 be placed in to terminal 106, thereby facilitate the data of 106 pairs of storages of terminal obtain and utilize.
In technique scheme, server 104 also comprises: key management module 112 be used to storing user's key, and, when terminal 106 is carried out the encryption of data or deciphered, is sent to terminal 106 by first communication module 108 by key and carries out respective operations.In this technical scheme, the user can be by the key that obtains or the key storage of oneself after exchange in server 104, be conducive to like this guarantee the fail safe of key, also facilitate the user to manage, prevent that key from losing or in too much key, find the key needed.Certainly, the user also can be kept at this locality or other places, can not impact for enforcement of the present invention.
In technique scheme, the cryptographic algorithm data splitting comprises the sign of Digital Signature Algorithm.In technique scheme, in the cryptographic algorithm of using, if use Digital Signature Algorithm, can prevent effectively that the malicious node data falsification of palming off identity from attacking, because in correlation technique, the probability that the Digital Signature Algorithm of some strength is cracked is minimum, thereby the source and destination both sides that solved data lack the problem that authentication may cause palming off identity.
In technique scheme, comprising: after encrypting module 120 utilized the cryptographic algorithm data to be encrypted data, the head of the encrypted packets obtained was corresponding to cryptographic algorithm; And deciphering module 124 obtains the cryptographic algorithm corresponding to this head, and utilizes corresponding secret key decryption cryptographic algorithm by the head of the encrypted packets in the final encrypted packets of identification or intermediate layer.In this technical scheme, owing to may adopting multiple encryption algorithms to process data, therefore, when being decrypted, also need to carry out corresponding method.Such as for having adopted multiple encryption algorithms, the encrypted packet that the cryptographic algorithm first adopted can be obtained is considered as the encrypted packet of " internal layer ", the encrypted packet that the cryptographic algorithm then adopted obtains is considered as the encrypted packet of " skin ", the encrypted packet obtained for the user, at first should be decrypted outer field encrypted packet.Here be mainly to analyze by the head to encrypted packet, thereby learn the kind of this infill layer algorithm, this is due to after adopting a kind of cryptographic algorithm to be encrypted data, the head of the encrypted packet obtained can stay the sign corresponding to this algorithm, thereby can pass through the sign of the head of identification encrypted packet, thereby recognize the cryptographic algorithm adopted, and utilize key to be decrypted, obtain the encrypted packet of the inside one deck.And then this encrypted packet is identified and deciphered to the head of the encrypted packet that newly obtains.Finally, by the deciphering to each infill layer bag, obtain the data that the user needs.
In technique scheme, comprising: the system of the compatible different platform of the cryptographic algorithm of use, this system comprises Windows, Linux, MacOS, IOS and/or Android; And server 104 also comprises modular converter 113, when the system of the target terminal of the initial terminal that sends data and reception data is different, will from the final data bag of initial terminal, carry out by described first communication module, being sent to described target terminal after format conversion.In this technical scheme, data transmission scheme of the present invention can be for fixing PC platform, also can be for mobile platform, this is the cryptographic algorithm storehouse that has full compatibility owing to having used in the present invention, and carry out data relay by server 104, thereby guarantee that each system can both carry out normal exchanges data, promote the user and experience.In addition, terminal 106, when the transmission that is encrypted packet, can directly send between terminal 106, also can forward by server 104, thereby realize the compatibility of different platform.
For storage device 102, be arranged in the situation of server 104, as shown in Figure 1B:
In data transmission system 1000, comprise server 1004 and terminal 1006, wherein, server 1004 has comprised storage device 1002, be conducive to like this take full advantage of the idle storage space resource in existing device or server 1004, thereby reduce the system building cost.
Fig. 2 shows the flow chart of data transmission method according to an embodiment of the invention.
As shown in Figure 2, data transmission method according to an embodiment of the invention comprises: step 202, determine multiple encryption algorithms, and determine at least one group key for this cryptographic algorithm by a plurality of users that needs carry out transfer of data, and exchange key between a plurality of user; Step 204, set a plurality of level of securitys and a plurality of cryptographic algorithm data splitting, and level of security and cryptographic algorithm data splitting are stored accordingly, in the cryptographic algorithm data splitting, comprises the sign of algorithm; Step 206, initial terminal is obtained the level of security of data, according to level of security, obtain corresponding cryptographic algorithm data splitting, according to putting in order of the sign comprised in the cryptographic algorithm data splitting, and utilize cryptographic algorithm corresponding to this sign to be encrypted data, wherein, the output that is input as front a kind of cryptographic algorithm of rear a kind of cryptographic algorithm, and the final encrypted packets that will obtain is sent to target terminal; Step 208, target terminal receives the final encrypted packets from initial terminal, and utilizes key to be decrypted final encrypted packets, obtains data.In this technical scheme, the cryptographic algorithm of using during encryption can be one or more, depends primarily on the significance level of corresponding data, can correspondingly revise.And during encryption, adopted the processing mode of chain type, namely the Output rusults of front a kind of algorithm is the input of rear a kind of algorithm, and compound mode can arbitrarily change, unrestricted, thereby can effectively improve the fail safe of transmission.In addition, before carrying out concrete transfer of data, also need the transmission both sides of data to exchange encrypting or deciphering needed key, this key can be the privacy key in symmetric key encryption algorithm, can be also public-key cryptography or the private key in asymmetric-key encryption (or data signature) algorithm, this be for not impact of the present invention.Key can be one or more groups, as long as can meet the needs of all cryptographic algorithm.In addition, the key for obtaining after user's key and exchange, can be stored in server, is conducive to like this guarantee the fail safe of key, also facilitates the user to manage, and prevents that key from losing or in too much key, find the key needed.Certainly, the user also can be kept at this locality or other places, can not impact for enforcement of the present invention.
In technique scheme, the cryptographic algorithm data splitting comprises the sign of Digital Signature Algorithm.In technique scheme, in the cryptographic algorithm of using, if use Digital Signature Algorithm, can prevent effectively that the malicious node data falsification of palming off identity from attacking, because in correlation technique, the probability that the Digital Signature Algorithm of some strength is cracked is minimum, thereby the source and destination both sides that solved data lack the problem that authentication may cause palming off identity.
In technique scheme, comprising: after utilizing the cryptographic algorithm data to be encrypted data, the head of the encrypted packets obtained is corresponding to cryptographic algorithm; And target terminal obtains the cryptographic algorithm corresponding to this head, and utilizes corresponding secret key decryption cryptographic algorithm by the head of the encrypted packets in the final encrypted packets of identification or intermediate layer.In this technical scheme, owing to may adopting multiple encryption algorithms to process data, therefore, when being decrypted, also need to carry out corresponding method.Such as for having adopted multiple encryption algorithms, the encrypted packet that the cryptographic algorithm first adopted can be obtained is considered as the encrypted packet of " internal layer ", the encrypted packet that the cryptographic algorithm then adopted obtains is considered as the encrypted packet of " skin ", the encrypted packet obtained for the user, at first should be decrypted outer field encrypted packet.Here be mainly to analyze by the head to encrypted packet, thereby learn the kind of this infill layer algorithm, this is due to after adopting a kind of cryptographic algorithm to be encrypted data, the head of the encrypted packet obtained can stay the sign corresponding to this algorithm, thereby can pass through the sign of the head of identification encrypted packet, thereby recognize the cryptographic algorithm adopted, and utilize key to be decrypted, obtain the encrypted packet of the inside one deck.And then this encrypted packet is identified and deciphered to the head of the encrypted packet that newly obtains.Finally, by the deciphering to each infill layer bag, obtain the data that the user needs.
In technique scheme, comprising: the system of the compatible different platform of the cryptographic algorithm of use, system comprises Windows, Linux, MacOS, IOS and/or Android; And, when the system of the target terminal of the initial terminal that sends data and reception data is different, will from the final data bag of initial terminal, carry out being sent to target terminal after format conversion.In this technical scheme, data transmission scheme of the present invention can be for fixing PC platform, also can be for mobile platform, this is due to the cryptographic algorithm storehouse of having used in the present invention full compatibility, thereby and utilize server to carry out transfer to guarantee that each system can both carry out normal exchanges data, promote the user and experience.In addition, terminal, when the transmission that is encrypted packet, can directly send between terminal, also can forward by server, thereby realize the compatibility of different platform.
Fig. 3 shows the schematic diagram that exchanges according to an embodiment of the invention key.
As shown in Figure 3, terminal A304, terminal B306 and terminal C308 are before carrying out transfer of data, at first need to obtain the key of all cryptographic algorithm of using corresponding to needs, and key is separately exchanged, in order to the enciphered data from other-end received is decrypted.Fail safe when improving cipher key change, carry out transfer by terminal A304, terminal B306 and terminal C308 by server 302, and namely server 302 receives the key that needs exchange, then this key is sent to corresponding terminal.While between terminal A304, terminal B306 and terminal C308 and server 302, carrying out cipher key delivery, the alternative of using the HTTPS agreement or completing said function completes, and server 302 has the server certificate identification of oneself, for the identity of terminal A304, terminal B306 and terminal C308 identified server 302, prevent that the server pretended from stealing key or other information.
For the chain type cipher mode in the present invention, below engage and be elaborated with Fig. 4 and Fig. 5, wherein, Fig. 4 shows the schematic flow diagram of data encryption according to an embodiment of the invention; Fig. 5 shows the schematic flow diagram of data deciphering according to an embodiment of the invention.
As shown in Figure 4, at first determine the data 402 that need to transmit, and determine the cryptographic algorithm combination of its use, such as the compound mode that adopts algorithm A+ algorithm B+......+ algorithm X for data 402, first data 402 use algorithm A are encrypted, obtain the first encrypted packets 404; Using the first encrypted packets 404 as input, use algorithm B to be encrypted, obtain the second encrypted packets 406, at this moment the second encrypted packets 406 obtained is based on the first encrypted packets 404 and processes and obtain, rather than directly based on initial data, obtain, thereby improved fail safe.Then, can continue, using the second encrypted packets 406 as input, to use follow-up cryptographic algorithm to be encrypted, to obtaining N encrypted packets 408, then using this N encrypted packets 408 as input, use algorithm X to process, obtain final encrypted packets 410.
In above-mentioned ciphering process, terminal is used one or more groups key to carry out, as long as key itself can adapt to the required algorithm of using, the usage quantity of its key is also unrestricted, but it is evident that, uses many group keys can increase fail safe.
As shown in Figure 5, for the terminal that has obtained final encrypted packets 510, its decryption step is as follows: terminal is used key X to be decrypted final encrypted packets 502, the key X here is corresponding to algorithm X, obtain N encrypted packets 504, then N encrypted packets 504 is decrypted, obtains the packet of internal layer.After obtaining the second encrypted packets 506, use key B to be decrypted this second encrypted packets 506, the key B here, corresponding to algorithm B, obtains the first encrypted packets 508, finally use key A to be decrypted this first encrypted packets 508, obtain data 510.
In above-mentioned decrypting process, for the selection of the key used, be by checking the head of encrypted packets, the head of the encrypted packets here is data are encrypted while obtaining this encrypted packets, the sign corresponding to this cryptographic algorithm can be produced, thereby the key that use can be learnt.
Fig. 6 shows the schematic diagram of exchanges data according to an embodiment of the invention.
As shown in Figure 6, in common communication process, may occur that terminal A602 sends data to terminal B604, terminal B604 receives the course of work of rear reply data.In this process, terminal A602 and terminal B604 do not need to use identical encrypted combination mode, such as, at first terminal A604 sends data to terminal B604, when data are encrypted, has used the cipher mode of algorithm X-algorithm Y, being about to data at first uses algorithm X to encrypt, after obtaining encrypted packets, then this encrypted packets is encrypted with algorithm Y, the encrypted packets obtained is be used to sending to terminal B604.
And terminal B604 return data is during to terminal A602, when data are encrypted, used the cipher mode of algorithm M-algorithm X, being about to data at first uses algorithm M to encrypt, after obtaining encrypted packets, this encrypted packets is encrypted with algorithm X, the encrypted packets obtained is be used to sending to terminal A602 again.
Fig. 7 shows the flow chart of data encryption according to an embodiment of the invention.
As shown in Figure 7, after in terminal, choosing the data that need to transmit, the step be encrypted is as follows:
Step 702, obtain the level of security of data, and the level of security here can be the sign that data itself comprise, and also can be inputted by the user;
Step 704, the query safe strategy, the security strategy here is prior and level of security corresponding stored, such as comprising level of security A and B, wherein, level of security A is corresponding to the security strategy of algorithm X+ algorithm Y, and level of security B is corresponding to the security strategy of algorithm M+ algorithm X;
Step 706, obtain encipherment scheme, here just refer to concrete scheme corresponding to security strategy that obtaining step 704 inquires, as algorithm X+ algorithm Y, certainly, in step 704, may sometimes not inquire corresponding security strategy or original just not corresponding security strategy, at this moment can manually input and wish the security strategy of using by the user;
Step 708, the combination of initialization cryptographic algorithm, for encryption is prepared;
Step 710, encryption, when needs were used multiple encryption algorithms, the mode that adopts chain type to encrypt was encrypted data, obtains encrypted packets.
For above-mentioned security strategy, below in conjunction with Fig. 8, describe, Fig. 8 shows the schematic diagram of data encryption security strategy according to an embodiment of the invention.
As shown in Figure 8, now comprise three groups of security strategies, comprising top secret 802, confidential 804 and open level 806.For top secret 802, its corresponding cryptographic algorithm is combined as cryptographic algorithm A+ cryptographic algorithm B+ cryptographic algorithm C, for confidential 802, its corresponding cryptographic algorithm is combined as cryptographic algorithm L+ cryptographic algorithm M+ cryptographic algorithm N, for open level 806, its corresponding cryptographic algorithm is combined as cryptographic algorithm X.The cryptographic algorithm here may comprise many algorithms, such as the cryptographic algorithm A+ cryptographic algorithm B+ cryptographic algorithm C for top secret 802, might not adopt exactly from cryptographic algorithm A to cryptographic algorithm B again the order of cryptographic algorithm C, but can adopt random sequence, or often change sequentially, thereby further improve fail safe.
Here by the selection of the different security strategies to the data of different level of securitys, can be in guaranteeing data security property, powerful in mobile terminal not for some terminal capabilitiess, in the strong not situation of the operational capability of itself, for the lower data of level of security, if adopt corresponding security strategy, obviously can promote the user and experience.
Fig. 9 shows the schematic diagram of transfer of data according to an embodiment of the invention.
As shown in Figure 9, the terminal of carrying out transfer of data may adopt different operating system, as adopt the first operating system terminal 902 of the first operating system, adopt the second operating system terminal 904 of the second operating system and adopt the 3rd operating system terminal 906 of the 3rd operating system.Therefore, in order to ensure the terminal under different operating system, can complete smoothly the transmission of data, compatibility issue is just very important.
In the present invention, the first operating system terminal 902, the second operating system terminal 904 and the 3rd operating system terminal 906 are connected to server 910 by the Internet 908.On the one hand, the cryptographic algorithm storehouse of having adopted full compatibility in the first operating system terminal 902, the second operating system terminal 904 and the 3rd operating system terminal 906, namely wherein cryptographic algorithm can compatible various operating system, so just can guarantee that each terminal, after receiving the encrypted packets that other-end sends, can successfully decipher without restriction.Simultaneously, transfer by server 910, even the form difference of the encrypted packets obtained under different operating system, also can be by the operating system of server 910 according to the target terminal employing, the encrypted packets received is carried out to format conversion, obtain the encrypted packets corresponding to the operating system of target terminal.
More than be described with reference to the accompanying drawings technical scheme of the present invention, likely Cipher Strength is not or the waste computational resource to consider unified encrypting and decrypting method, and use for a long time the same cryptographic algorithm also likely to the assailant, to facilitate, in addition for the consideration of balance quality power dissipation ratio, the invention provides a kind of data transmission device and a kind of data transmission method, both can guarantee the fail safe of data, can guarantee again that the processing procedure of cryptographic algorithm was adapted to need the data and the processing unit that transmit.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.

Claims (10)

1. a data transmission system, is characterized in that, comprising: storage device, server and terminal, wherein,
Described storage device, for storing accordingly a plurality of level of securitys and a plurality of cryptographic algorithm data splitting, comprise the sign of at least a algorithm and putting in order of described sign in described cryptographic algorithm data splitting;
Described server comprises:
First communication module, be connected to described storage device and described terminal, for described storage device or described terminal, communicating;
Setting module, for the sign of the algorithm that comprises in the described level of security of setting described storage device and corresponding described cryptographic algorithm data splitting;
Described terminal comprises:
Second communication module, for communicating with described server;
Acquisition module, be used to obtaining the level of security of data;
Enquiry module, the described level of security obtained according to described acquisition module, from inquiry described storage device corresponding to the cryptographic algorithm data splitting of described level of security;
Encrypting module, putting in order of the sign comprised in the described cryptographic algorithm data splitting inquired according to described enquiry module, and utilize cryptographic algorithm corresponding to described sign to be encrypted described data, wherein, the output that is input as front a kind of cryptographic algorithm of rear a kind of cryptographic algorithm, and obtain final encrypted packets;
Processing module, by described second communication module, to be sent to described server from described final encrypted packets or the key of described encrypting module, wherein, described key needs at least one group key corresponding to cryptographic algorithm the key exchanged, and described cryptographic algorithm is corresponding to the sign in described cryptographic algorithm combination;
Deciphering module, receive described final encrypted packets or the described key from described server by described second communication module, and utilize described key to be decrypted described final encrypted packets, obtains described data.
2. data transmission system according to claim 1, is characterized in that, comprising:
Described storage device is arranged in described server and/or is arranged in described server outside and/or is positioned at described terminal.
3. data transmission system according to claim 1, is characterized in that, described server also comprises:
Key management module, be used to storing user's described key, and, when described terminal is carried out the encryption of data or deciphered, be sent to described terminal by described first communication module by described key and carry out respective operations.
4. data transmission system according to claim 1, is characterized in that,
Described cryptographic algorithm data splitting comprises the sign of Digital Signature Algorithm.
5. data transmission system according to claim 1, is characterized in that, comprising:
After described encrypting module utilized described cryptographic algorithm data to be encrypted described data, the head of the encrypted packets obtained was corresponding to described cryptographic algorithm; And
Described deciphering module, by the head of the encrypted packets in the described final encrypted packets of identification or intermediate layer, obtains the cryptographic algorithm corresponding to this head, and utilizes the described cryptographic algorithm of corresponding secret key decryption.
6. according to the described data transmission system of any one in claim 1 to 5, it is characterized in that, comprising:
The system of the compatible different platform of the cryptographic algorithm of using, described system comprises Windows, Linux, MacOS, IOS and/or Android; And
Described server also comprises modular converter, when the system of the target terminal of the initial terminal that sends data and reception data is different, will from the final data bag of described initial terminal, carry out by described first communication module, being sent to described target terminal after format conversion.
7. a data transmission method, is characterized in that, comprising:
Step 202, determine multiple encryption algorithms, and by needs, carried out the definite at least one group key for described cryptographic algorithm of a plurality of users of transfer of data, and the described key of exchange between described a plurality of user;
Step 204, set a plurality of level of securitys and a plurality of cryptographic algorithm data splitting, and described level of security and described cryptographic algorithm data splitting are stored accordingly, in described cryptographic algorithm data splitting, comprises the sign of algorithm;
Step 206, initial terminal is obtained the level of security of data, according to described level of security, obtain corresponding cryptographic algorithm data splitting, according to putting in order of the sign comprised in described cryptographic algorithm data splitting, and utilize cryptographic algorithm corresponding to described sign to be encrypted described data, wherein, the output that is input as front a kind of cryptographic algorithm of rear a kind of cryptographic algorithm, and the final encrypted packets that will obtain is sent to target terminal;
Step 208, described target terminal receives the described final encrypted packets from described initial terminal, and utilizes described key to be decrypted described final encrypted packets, obtains described data.
8. data transmission method according to claim 7, is characterized in that,
Described cryptographic algorithm data splitting comprises the sign of Digital Signature Algorithm.
9. data transmission method according to claim 7, is characterized in that, comprising:
After utilizing described cryptographic algorithm data to be encrypted described data, the head of the encrypted packets obtained is corresponding to described cryptographic algorithm; And
Described target terminal, by the head of the encrypted packets in the described final encrypted packets of identification or intermediate layer, obtains the cryptographic algorithm corresponding to this head, and utilizes the described cryptographic algorithm of corresponding secret key decryption.
10. according to the described data transmission method of any one in claim 7 to 9, it is characterized in that, comprising:
The system of the compatible different platform of the cryptographic algorithm of using, described system comprises Windows, Linux, MacOS, IOS and/or Android; And
When the system of the target terminal of the initial terminal that sends data and reception data is different, will from the final data bag of described initial terminal, carry out being sent to described target terminal after format conversion.
CN2011102940624A 2011-09-29 2011-09-29 Data transmission system and method Active CN102412967B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011102940624A CN102412967B (en) 2011-09-29 2011-09-29 Data transmission system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011102940624A CN102412967B (en) 2011-09-29 2011-09-29 Data transmission system and method

Publications (2)

Publication Number Publication Date
CN102412967A CN102412967A (en) 2012-04-11
CN102412967B true CN102412967B (en) 2013-11-27

Family

ID=45914832

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011102940624A Active CN102412967B (en) 2011-09-29 2011-09-29 Data transmission system and method

Country Status (1)

Country Link
CN (1) CN102412967B (en)

Families Citing this family (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103856539A (en) * 2012-12-06 2014-06-11 海尔集团公司 Private cloud system, intelligent home system and home data protection method
CN103281183B (en) * 2013-04-27 2016-04-13 天地融科技股份有限公司 Conversion equipment and display system
CN103680111B (en) * 2014-01-09 2017-01-25 西安电子科技大学 Method and system capable of verifying intelligent sensing terminal data aggregation
CN105306515B (en) * 2014-07-31 2018-12-25 中国石油天然气股份有限公司 It is a kind of obtain different operating system terminal on the method and apparatus using data
CN104182501B (en) * 2014-08-18 2018-01-02 曾蔚峰 Remote reserved clinic system
CN105471829A (en) * 2014-09-05 2016-04-06 深圳市同盛绿色科技有限公司 Signal transmission method and system
CN104579627B (en) * 2014-12-06 2018-06-05 上海移远通信技术股份有限公司 A kind of data ciphering method and system
CN104468621B (en) * 2014-12-22 2018-04-06 上海斐讯数据通信技术有限公司 A kind of method and its encryption device for improving cryptosecurity degree
CN104618338B (en) * 2014-12-31 2018-10-19 北京航天测控技术有限公司 A kind of Industrial Ethernet encryption of communicated data transparent transmission module
CN105357003B (en) * 2015-11-19 2018-10-16 广东小天才科技有限公司 A kind of method and device of encryption data
CN105515760A (en) * 2015-12-09 2016-04-20 小米科技有限责任公司 Information encryption method, information decryption method and information encryption and decryption system
CN107666386B (en) * 2016-07-27 2021-05-28 复凌科技(上海)有限公司 Data secure transmission method and device
CN106411865A (en) * 2016-09-14 2017-02-15 广东欧珀移动通信有限公司 Data transmission method and device, and terminal
CN106528334A (en) * 2016-10-25 2017-03-22 广东欧珀移动通信有限公司 Data backup method and apparatus
CN106789972A (en) * 2016-12-06 2017-05-31 郑州云海信息技术有限公司 Secret protection and secure access implementation based on distributed heterogeneous mass data
CN106657142A (en) * 2017-01-19 2017-05-10 深圳市金立通信设备有限公司 Data transmission method and terminal and system
SG10201700811VA (en) * 2017-02-01 2018-09-27 Huawei Int Pte Ltd System and method for efficient and secure communications between devices
CN107508796B (en) * 2017-07-28 2019-01-04 北京明朝万达科技股份有限公司 A kind of data communications method and device
CN109658545A (en) * 2018-04-02 2019-04-19 深圳中泰智丰物联网科技有限公司 A kind of cipher set-up method and network access system of network lock
CN108712388B (en) * 2018-04-20 2020-09-15 广州市玄武无线科技股份有限公司 Data secure transmission method and device based on HTTP
CN108900511B (en) * 2018-06-29 2022-05-06 中兴通讯股份有限公司 File encryption and decryption method, device and equipment
CN108965292A (en) * 2018-07-12 2018-12-07 江苏慧学堂系统工程有限公司 A kind of Computer Data Security Transmission system
CN109815715A (en) * 2019-01-04 2019-05-28 平安科技(深圳)有限公司 A kind of data ciphering method and relevant apparatus
CN110351289B (en) * 2019-07-17 2021-09-14 宜人恒业科技发展(北京)有限公司 Data encryption method and device
CN111988132A (en) * 2020-08-10 2020-11-24 上海中通吉网络技术有限公司 Automatic encryption and decryption device, method, equipment and storage medium
CN112733160A (en) * 2020-12-30 2021-04-30 武汉海昌信息技术有限公司 Encryption read-write method and device based on database and storage medium
CN113114621B (en) * 2021-03-04 2023-01-03 海信集团控股股份有限公司 Communication method for bus dispatching system and bus dispatching system
CN113554776A (en) * 2021-06-23 2021-10-26 广东润建电力科技有限公司 Power distribution room intelligent inspection and operation and maintenance method, system and device based on 5G message
CN115065566A (en) * 2022-08-18 2022-09-16 广州万协通信息技术有限公司 Security chip encryption method and device for multi-channel data encryption processing
CN115208705B (en) * 2022-09-16 2022-12-20 广州万协通信息技术有限公司 Encryption and decryption method and device based on link data self-adaptive adjustment
CN115664799B (en) * 2022-10-25 2023-06-06 江苏海洋大学 Data exchange method and system applied to information technology security

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101005352A (en) * 2007-01-23 2007-07-25 华为技术有限公司 Method, system, server and terminal device for preventing network game external store
CN101030858A (en) * 2007-02-09 2007-09-05 华中科技大学 Trust protocol based on hidden certificate
CN101242629A (en) * 2007-02-05 2008-08-13 华为技术有限公司 Method, system and device for selection algorithm of user plane
CN101272381A (en) * 2008-03-13 2008-09-24 沈沛意 System for providing mobile terminal with active safety service and its safety data information analysis processing method
EP2150082A1 (en) * 2008-07-31 2010-02-03 Canon Kabushiki Kaisha Communication apparatus, method for controlling communication apparatus, and program

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101005352A (en) * 2007-01-23 2007-07-25 华为技术有限公司 Method, system, server and terminal device for preventing network game external store
CN101242629A (en) * 2007-02-05 2008-08-13 华为技术有限公司 Method, system and device for selection algorithm of user plane
CN101030858A (en) * 2007-02-09 2007-09-05 华中科技大学 Trust protocol based on hidden certificate
CN101272381A (en) * 2008-03-13 2008-09-24 沈沛意 System for providing mobile terminal with active safety service and its safety data information analysis processing method
EP2150082A1 (en) * 2008-07-31 2010-02-03 Canon Kabushiki Kaisha Communication apparatus, method for controlling communication apparatus, and program

Also Published As

Publication number Publication date
CN102412967A (en) 2012-04-11

Similar Documents

Publication Publication Date Title
CN102412967B (en) Data transmission system and method
Sridhar et al. Intelligent security framework for iot devices cryptography based end-to-end security architecture
US9008312B2 (en) System and method of creating and sending broadcast and multicast data
CN105553951A (en) Data transmission method and data transmission device
CN104253694B (en) A kind of time slot scrambling for network data transmission
CN105162772A (en) IoT equipment authentication and key agreement method and device
CN104023013A (en) Data transmission method, server side and client
CN104506483A (en) Method for encrypting and decrypting information and managing secret key as well as terminal and network server
CN101800738B (en) Realization system and method for safely visiting and storing intranet data by mobile equipment
CN103797830A (en) Systems and methods for encoding exchanges with a set of shared ephemeral key data
CN107465665A (en) A kind of file encryption-decryption method based on fingerprint identification technology
CN104202158A (en) Symmetric and asymmetric hybrid data encryption/decryption method based on cloud computing
CN101707767B (en) Data transmission method and devices
CN104065485A (en) Power grid dispatching mobile platform safety guaranteeing and controlling method
CN101895882A (en) Data transmission method, system and device in WiMAX system
CN107454590A (en) A kind of data ciphering method, decryption method and wireless router
CN104270242A (en) Encryption and decryption device used for network data encryption transmission
CN101808089A (en) Secret data transmission protection method based on isomorphism of asymmetrical encryption algorithm
CN204180095U (en) A kind of ciphering and deciphering device for network data encryption transmission
CN102571321A (en) Data encryption transmission method and device
CN104901803A (en) Data interaction safety protection method based on CPK identity authentication technology
CN109600374A (en) Secure user data sending method and its system based on block chain
CN107094138A (en) A kind of smart home safe communication system and communication means
CN101127597A (en) Data transmission encryption method of MANET network
CN104168565A (en) Method for controlling safe communication of intelligent terminal under undependable wireless network environment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C56 Change in the name or address of the patentee

Owner name: YONYOU NETWORK TECHNOLOGY CO., LTD.

Free format text: FORMER NAME: UFIDA SOFTWARE CO., LTD.

CP03 Change of name, title or address

Address after: 100094 Haidian District North Road, Beijing, No. 68

Patentee after: Yonyou Network Technology Co., Ltd.

Address before: 100094 Beijing city Haidian District North Road No. 68, UFIDA Software Park

Patentee before: UFIDA Software Co., Ltd.