CN103200170A - Data exchange method - Google Patents
Data exchange method Download PDFInfo
- Publication number
- CN103200170A CN103200170A CN2013100450668A CN201310045066A CN103200170A CN 103200170 A CN103200170 A CN 103200170A CN 2013100450668 A CN2013100450668 A CN 2013100450668A CN 201310045066 A CN201310045066 A CN 201310045066A CN 103200170 A CN103200170 A CN 103200170A
- Authority
- CN
- China
- Prior art keywords
- switch
- data
- storage area
- data storage
- subscription client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
A data exchange method comprises the following steps: data exchange equipment reads setting information from a parameter memory and carries out initialization operations; when authentication for input password of a user is successful, the data exchange equipment builds connection with a client terminal; after the data exchange equipment receives data sent from the client terminal, the connection between the data exchange equipment and the client terminal is disconnected; the data exchange equipment deciphers cipher text, and builds connection with an opposite terminal device; after the cipher text is encrypted by a secret key of the opposite terminal device, the cipher text is sent to the opposite terminal device, and the connection between the data exchange equipment and the opposite terminal device is disconnected. The data exchange method achieves safe and accurate data exchange between the data exchange equipment.
Description
Technical field
The present invention relates to the transfer of data in the computer network, saying so exactly is applied to guarantee the accurately method for interchanging data of exchange of information security between data exchange service device and the data receiver.
Background technology
The extensive use of computer network is a revolution of current information-intensive society.The development of network applications such as e-commerce and e-government and popularize not only brings great convenience to life, and creating great riches, the global IT wave that with Internet is representative is deep day by day, the application of information network technique is popularized just day by day and is extensive, application level deepens continuously, application especially from traditional, small-sized operation system gradually to large-scale, key business system extension.
When the application of network brings great convenience for our live and work, also exist many potential safety hazards, widely the hacker's behavior known to the network user and attack activity are just with annual 10 times speed increment, network and information security issue become increasingly conspicuous, and have become the major issue that influences national security, social stability and people's lives.In the existing diverse network safe practice, firewall technology can solve some network security problems to a certain extent, but firewall product exists limitation.Its maximum limitation is exactly that fire compartment wall self can not guarantee whether safety of its data of permit letting pass, and can not defend the attack from inside, can not defend to walk around the attack of fire compartment wall, can not defend new threat fully.
So attacking, new operating system leak and network layer emerge in an endless stream, the event of breaking through fire compartment wall, attack computer network is also more and more, therefore, how to guarantee between DEU data exchange unit, to carry out safety, exchanges data exactly, become each network security manufacturer and user's joint demand and target.
Summary of the invention
Technical problem to be solved by this invention is to overcome the deficiencies in the prior art, and the next effective protecting network of more perfect network security crime prevention system system is provided.
This technical scheme realizes that by subscription client, switch and opposite equip. this method may further comprise the steps:
A. log-on data switching equipment;
B. include in the switch and receive the data storage area, send data storage area and parameter storage, preserve configuration information in the parameter storage, in the configuration information to receive the data storage area and send the data storage area respectively shared ratio define, configuration information also includes the key information of subscription client and opposite equip.;
After switch starts, from parameter storage, read configuration information and carry out initialization operation, and each log-on data switching equipment can only read once, wherein said initialization operation comprise according to the reception data storage area that defines in the configuration information and send the data storage area respectively shared ratio carry out subregion and format manipulation;
C. after the load operation that detects the user password dish, subscription client is entered password by interactive interface prompting user; After the user correctly entered password, subscription client read address, user name and the password of the switch of storing in the user password dish, and foundation is connected with switch, and carries out identification authentication; After the authentication success, switch and subscription client connect;
Subscription client uses the key in the user password dish that the data that needs transmit are encrypted, and the ciphertext after will encrypting is kept in the transmission memory block of subscription client, and to switch transmission solicited message, in this solicited message, comprised the size information of ciphertext;
D. switch is after the request of receiving, obtain the size information that comprises in the solicited message, and compare with the size of receiving area, if less than the size of receiving area, then the ciphertext in the transmission memory block of subscription client is read to the reception data storage area in the switch;
If greater than the size that receives the data storage area, then described size information and reception data storage area and transmission data storage area sum are compared, if greater than, then return the refusal response to subscription client, in this refusal response, carried the size information of receiving area in the switch, after receiving the refusal response, subscription client will send data and split according to the size information in the response, and the data after will splitting send to switch, and switch is kept at the data that receive and receives in the data storage area; If less than, the described size information that in configuration information, comprises in the record request information of switch then, ciphertext in the transmission memory block of subscription client is read to reception data storage area in the switch, the part that will exceed is stored in and sends in the data storage area, and return response message to the family client, in this response message, carried the size information of receiving area in the switch;
Disconnect with subscription client between be connected;
E. switch judges to receive whether the data that do not send are arranged in the data storage area, if the data that do not send are arranged, then switch uses the key information of subscription client included in the configuration information that ciphertext is decrypted;
Switch sends connecting request to opposite equip., and carries authentication information in solicited message, and after opposite equip. is received connection request, obtain authentication information, and carry out authentication, after authentication is passed through, being connected between foundation and the switch;
F. switch uses the key of opposite equip. that the data that receive in the data storage area are encrypted, if send the data that do not send arranged in the memory block, then use the key of opposite equip. that the data that send in the memory block are encrypted simultaneously, and the ciphertext that generates sent to opposite equip., after opposite equip. receives ciphertext, use the key of self that ciphertext is decrypted, and after deciphering is finished, return to switch and finish response, switch receive finish response after, disconnection is connected with opposite equip., if be not empty in the transmission memory block, then upgrade receiving the data storage area in the configuration information and sending the shared size of data storage area difference according to the described size information that comprises in the solicited message, format the memory block afterwards;
G. carry out power-off operation;
Wherein, at synchronization, switch can only be connected with subscription client or opposite equip. one side.
The invention has the beneficial effects as follows: because at synchronization, switch can only be connected with subscription client or opposite equip. one side, the transmit leg of data can not directly be connected with the recipient, has guaranteed transmit leg and the recipient safety of data separately; Simultaneously, after data are encrypted processing, send again, further improved the fail safe of exchanges data; In addition, because switch is only finished data exchange operation one time after startup, and after data exchange operation runs succeeded, processing and shutdown are formatd in the memory block, so just prevent the possibility of leak data from switch, further improved safety of data transmission.
Preferably, further may further comprise the steps after the described step D: subscription client carries out format manipulation to sending the memory block.
The present invention is a kind of method of transfer of data, and this method has adopted following multiple measure effectively to guarantee the safety of user data in conjunction with isolating transmission and two kinds of technology of file encryption:
1) user data uploads to switch again behind local cipher, can illegally not stolen when transmitting and store to guarantee user data, makes the user can use this business to carry out the strange land storage of critical data relievedly.
2) switch uses transmit leg and recipient's key-pair file to be encrypted respectively, and does not carry the key of ciphertext in transfer files, has improved the fail safe of data in transmission course.
Description of drawings
Fig. 1 is the operating process block diagram of a kind of method for interchanging data of the present invention.
Fig. 2 is system architecture diagram of the present invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with accompanying drawing.
Referring to Fig. 1 and Fig. 2, the present invention is a kind of method for interchanging data, mainly carries out associative operation by subscription client, switch and opposite equip., comprises the following steps:
A. log-on data switching equipment;
B. include in the switch and receive the data storage area, send data storage area and parameter storage, preserve configuration information in the parameter storage, in the configuration information to receive the data storage area and send the data storage area respectively shared ratio define, configuration information also includes the key information of subscription client and opposite equip.;
After switch starts, from parameter storage, read configuration information and carry out initialization operation, and each log-on data switching equipment can only read once, wherein initialization operation comprise according to the reception data storage area that defines in the configuration information and send the data storage area respectively shared ratio carry out subregion and format manipulation;
C. after the load operation that detects the user password dish, wherein, user password dish herein can be the packet that is stored in the subscription client, perhaps preserved the PnP device of user password information etc., subscription client is entered password by interactive interface prompting user, and the soft keyboard that shows on the external connection keyboard that the user can be by being connected to subscription client or the subscription client screen is finished input operation; After the user correctly entered password, subscription client read address, user name and the password of the switch of storing in the user password dish, and foundation is connected with switch, and carries out identification authentication; After the authentication success, switch and subscription client connect; If identification authentication is unsuccessful, the switch disconnection is connected with subscription client, and carries out power-off operation;
Subscription client uses the key in the user password dish that the data that needs transmit are encrypted, cryptographic algorithm comprises at least, Digital Signature Algorithm DSA, RSA public key algorithm by Rivest, Shamir and Adlernan three people invention, data symmetric encipherment algorithm DES, Secure Hash Algorithm SHA-1, Message Digest 5 MD5 etc., and the ciphertext after will encrypting is kept in the transmission memory block of subscription client, and to switch transmission solicited message, in this solicited message, comprised the size information of ciphertext;
D. switch is after the request of receiving, obtain the size information that comprises in the solicited message, and compare with the size of receiving area, if less than the size of receiving area, then the ciphertext in the transmission memory block of subscription client is read to the reception data storage area in the switch;
If greater than the size that receives the data storage area, then described size information and reception data storage area and transmission data storage area sum are compared, if greater than, then return the refusal response to subscription client, in this refusal response, carried the size information of receiving area in the switch, after receiving the refusal response, subscription client will send data and split according to the size information in the response, and the data after will splitting send to switch, and switch is kept at the data that receive and receives in the data storage area; If less than, the described size information that in configuration information, comprises in the record request information of switch then, ciphertext in the transmission memory block of subscription client is read to reception data storage area in the switch, the part that will exceed is stored in and sends in the data storage area, and return response message to the family client, in this response message, carried the size information of receiving area in the switch;
Disconnect with subscription client between be connected;
E. switch judges to receive whether the data that do not send are arranged in the data storage area, if the data that do not send are arranged, then switch uses the key information of subscription client included in the configuration information that ciphertext is decrypted;
Switch sends connecting request to opposite equip., and carries authentication information in solicited message, and after opposite equip. is received connection request, obtain authentication information, and carry out authentication, after authentication is passed through, being connected between foundation and the switch;
F. switch uses the key of opposite equip. that the data that receive in the data storage area are encrypted, if send the data that do not send arranged in the memory block, then use the key of opposite equip. that the data that send in the memory block are encrypted simultaneously, and the ciphertext that generates sent to opposite equip., after opposite equip. receives ciphertext, use the key of self that ciphertext is decrypted, and after deciphering is finished, return to switch and finish response, switch receive finish response after, disconnection is connected with opposite equip., if be not empty in the transmission memory block, then upgrade receiving the data storage area in the configuration information and sending the shared size of data storage area difference according to the described size information that comprises in the solicited message, format the memory block afterwards;
G. carry out power-off operation;
Obviously, those skilled in the art should be understood that, above-mentioned each step of the present invention can realize with the general calculation device, they can concentrate on the single calculation element, perhaps be distributed on the network that a plurality of calculation elements form, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in the storage device and be carried out by calculation element, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (2)
1. a method for interchanging data is characterized in that: comprise the following steps: at least
A. log-on data switching equipment;
B. include in the switch and receive the data storage area, send data storage area and parameter storage, preserve configuration information in the parameter storage, in the configuration information to receive the data storage area and send the data storage area respectively shared ratio define, configuration information also includes the key information of subscription client and opposite equip.;
After switch starts, from parameter storage, read configuration information and carry out initialization operation, and each log-on data switching equipment can only read once, wherein said initialization operation comprise according to the reception data storage area that defines in the configuration information and send the data storage area respectively shared ratio carry out subregion and format manipulation;
C. after the load operation that detects the user password dish, subscription client is entered password by interactive interface prompting user; After the user correctly entered password, subscription client read address, user name and the password of the switch of storing in the user password dish, and foundation is connected with switch, and carries out identification authentication; After the authentication success, switch and subscription client connect;
Subscription client uses the key in the user password dish that the data that needs transmit are encrypted, and the ciphertext after will encrypting is kept in the transmission memory block of subscription client, and to switch transmission solicited message, in this solicited message, comprised the size information of ciphertext;
D. switch is after the request of receiving, obtain the size information that comprises in the solicited message, and compare with the size of receiving area, if less than the size of receiving area, then the ciphertext in the transmission memory block of subscription client is read to the reception data storage area in the switch;
If greater than the size that receives the data storage area, then described size information and reception data storage area and transmission data storage area sum are compared, if greater than, then return the refusal response to subscription client, in this refusal response, carried the size information of receiving area in the switch, after receiving the refusal response, subscription client will send data and split according to the size information in the response, and the data after will splitting send to switch, and switch is kept at the data that receive and receives in the data storage area; If less than, the described size information that in configuration information, comprises in the record request information of switch then, ciphertext in the transmission memory block of subscription client is read to reception data storage area in the switch, the part that will exceed is stored in and sends in the data storage area, and return response message to the family client, in this response message, carried the size information of receiving area in the switch;
Disconnect with subscription client between be connected;
E. switch judges to receive whether the data that do not send are arranged in the data storage area, if the data that do not send are arranged, then switch uses the key information of subscription client included in the configuration information that ciphertext is decrypted;
Switch sends connecting request to opposite equip., and carries authentication information in solicited message, and after opposite equip. is received connection request, obtain authentication information, and carry out authentication, after authentication is passed through, being connected between foundation and the switch;
F. switch uses the key of opposite equip. that the data that receive in the data storage area are encrypted, if send the data that do not send arranged in the memory block, then use the key of opposite equip. that the data that send in the memory block are encrypted simultaneously, and the ciphertext that generates sent to opposite equip., after opposite equip. receives ciphertext, use the key of self that ciphertext is decrypted, and after deciphering is finished, return to switch and finish response, switch receive finish response after, disconnection is connected with opposite equip., if be not empty in the transmission memory block, then upgrade receiving the data storage area in the configuration information and sending the shared size of data storage area difference according to the described size information that comprises in the solicited message, format the memory block afterwards;
G. carry out power-off operation;
Wherein, at synchronization, switch can only be connected with subscription client or opposite equip. one side.
2. according to the data transmission method described in the claim 1, it is characterized in that, further may further comprise the steps after the described step D:
Subscription client carries out format manipulation to sending the memory block.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2013100450668A CN103200170A (en) | 2013-02-01 | 2013-02-01 | Data exchange method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2013100450668A CN103200170A (en) | 2013-02-01 | 2013-02-01 | Data exchange method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN103200170A true CN103200170A (en) | 2013-07-10 |
Family
ID=48722528
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2013100450668A Pending CN103200170A (en) | 2013-02-01 | 2013-02-01 | Data exchange method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103200170A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106921630A (en) * | 2015-12-25 | 2017-07-04 | 航天信息股份有限公司 | Method for interchanging data and equipment |
CN107979481A (en) * | 2016-10-25 | 2018-05-01 | 航天信息股份有限公司 | A kind of transmitting terminal, receiving terminal, data interchange platform and its method for execution |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1376924A2 (en) * | 2002-06-27 | 2004-01-02 | Nokia Corporation | End-to-end encryption key management in mobile communications system |
CN101841411A (en) * | 2005-10-28 | 2010-09-22 | 北京书生数字技术有限公司 | Data resource anti-copying encrypted transmission method and device system |
CN102118311A (en) * | 2011-01-21 | 2011-07-06 | 宁波市胜源技术转移有限公司 | Data transmission method |
-
2013
- 2013-02-01 CN CN2013100450668A patent/CN103200170A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1376924A2 (en) * | 2002-06-27 | 2004-01-02 | Nokia Corporation | End-to-end encryption key management in mobile communications system |
CN101841411A (en) * | 2005-10-28 | 2010-09-22 | 北京书生数字技术有限公司 | Data resource anti-copying encrypted transmission method and device system |
CN102118311A (en) * | 2011-01-21 | 2011-07-06 | 宁波市胜源技术转移有限公司 | Data transmission method |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106921630A (en) * | 2015-12-25 | 2017-07-04 | 航天信息股份有限公司 | Method for interchanging data and equipment |
CN107979481A (en) * | 2016-10-25 | 2018-05-01 | 航天信息股份有限公司 | A kind of transmitting terminal, receiving terminal, data interchange platform and its method for execution |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106656476B (en) | Password protection method and device and computer readable storage medium | |
EP3289723B1 (en) | Encryption system, encryption key wallet and method | |
CN111448779B (en) | System, device and method for hybrid secret sharing | |
US9166793B2 (en) | Efficient authentication for mobile and pervasive computing | |
CN105553951A (en) | Data transmission method and data transmission device | |
CN105162772A (en) | IoT equipment authentication and key agreement method and device | |
EP3300328B1 (en) | Network monitoring device and method, apparatus and system for resetting password thereof, and server | |
CN103414682A (en) | Method for cloud storage of data and system | |
CN112822177B (en) | Data transmission method, device, equipment and storage medium | |
CN104753953A (en) | Access control system | |
CN102118311B (en) | Data transmission method | |
CN112187757A (en) | Multilink privacy data circulation system and method | |
US20220247729A1 (en) | Message transmitting system with hardware security module | |
CN102227106A (en) | Method and system for intelligent secret key equipment to communicate with computer | |
CN103577763A (en) | Mobile terminal device with data protection function and data protection method | |
KR101760376B1 (en) | Terminal and method for providing secure messenger service | |
CN112020037A (en) | Domestic communication encryption method suitable for rail transit | |
CN103200170A (en) | Data exchange method | |
CN106972928B (en) | Bastion machine private key management method, device and system | |
CN109412799A (en) | System and method for generating local key | |
CN111698263B (en) | Beidou satellite navigation data transmission method and system | |
GB2579884A (en) | Methods and systems of securely transferring data | |
CN103139208A (en) | Data exchanging method | |
CN102780812B (en) | Method and system for achieving safe input by using mobile terminal | |
US11818109B1 (en) | Secure synchronization of data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130710 |