CN104243171A - Method and device for full-text protection and verification of feedback data - Google Patents
Method and device for full-text protection and verification of feedback data Download PDFInfo
- Publication number
- CN104243171A CN104243171A CN201410545141.1A CN201410545141A CN104243171A CN 104243171 A CN104243171 A CN 104243171A CN 201410545141 A CN201410545141 A CN 201410545141A CN 104243171 A CN104243171 A CN 104243171A
- Authority
- CN
- China
- Prior art keywords
- full
- string
- disturbance
- digital signature
- text
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention provides a method and a device for full-text protection and verification of feedback data. The method comprises the following steps: a server extracts the message abstract of full-text data requested by a client; hash operation is performed on a randomly generated disturbance string and the message abstract by use of a message abstract algorithm to obtain a digital signature; the asymmetrically encrypted disturbance string, the digital signature and the full-text data are combined into the feedback data for feeding back to the client; the client receives the feedback data and decrypts the disturbance string by use of an appointed key; the message abstract of the received full-text data by use of a method appointed with the server; hash operation is performed on the decrypted disturbance string and the message abstract by use of the message abstract algorithm to obtain a digital signature, and then the digital signature is compared with the digital signature in the feedback data, and then the comparison result indicates that the two digital signatures are the same, the full-text data are confirmed to be legal. The invention also provides a device corresponding to the method. The method for full-text protection and verification of feedback data is capable of performing quick and accurate verification on the authenticity of the full-text data.
Description
Technical field
The present invention relates to computer realm, specifically, the present invention relates to a kind of full text protection of feedback data, method of calibration and device.
Background technology
Along with the development of computer and network technologies, increasing application is Network Based to be provided, and the fail safe of network application becomes more and more important.Due to the objective reality of system vulnerability and the instability of transmission line, there is certain unsafe factor in the transfer of data between server end and client.
When client-requested server end sends data, the problems such as the data of server end feedback are replaced because artificial destruction exists, distort.Wherein, artificial destruction comprises: dns server is tampered, data interception is distorted.The replacement of data, distort the flow that can reduce requested server, bring safety problem also can to user self simultaneously.Therefore, the true and false of client reception data judges very necessary.
At present, the verification mode that the data true and false is commonly used has two kinds: one to be the safety being guaranteed data by rivest, shamir, adelman, if can decrypt expressly, then the data received are true.But this mode is encrypted, deciphering speed slow, consuming time many.Whether two be consistent with the digital signature after reception before being sent by hash algorithm comparing data, if unanimously, then the data received are true.The shortcoming of this mode is that data are easily tampered in transmitting procedure, and generate new digital signature to replace old digital signature, the digital signature causing the digital signature after data receiver and this newly-generated is consistent, the judgement of the obfuscated data true and false.
Summary of the invention
Object of the present invention is intended at least solve one of above-mentioned technological deficiency, particularly verifies fast and accurately the full-text data of the client-requested of server end feedback.
The invention provides a kind of full text guard method of feedback data, comprise the following steps: the eap-message digest extracting the full-text data that client is asked; Utilize Message Digest 5 to carry out hash operations to the disturbance string of stochastic generation and eap-message digest, obtain digital signature; Disturbance string, digital signature and full-text data after asymmetric encryption is combined into feedback data and feeds back to client.
The present invention also provides a kind of full text method of calibration of feedback data, comprises the following steps: the feedback data containing the disturbance string encrypted, digital signature and requested full-text data of reception server end feedback, with the secret key decryption disturbance string of arranging; The eap-message digest of the full-text data received is extracted by the method for arranging with server end; Utilize Message Digest 5 to carry out hash operations to the disturbance string after deciphering and eap-message digest, obtain digital signature; Digital signature in this digital signature and feedback data is compared, when comparative result is identical, confirms that full-text data is legal.
The invention provides a kind of method of calibration in full, comprise the full text guard method of feedback data and the full text method of calibration of feedback data, wherein, guard method is applied to server end in full, and method of calibration is applied to client in full.
The invention provides a kind of full text protective device of feedback data, comprising: the first abstraction module, for extracting the eap-message digest of the full-text data that client is asked; First computing module, for utilizing Message Digest 5 to carry out hash operations to the disturbance string of stochastic generation and eap-message digest, obtains digital signature; Feedback module, feeds back to client for disturbance string, digital signature and the full-text data after asymmetric encryption is combined into feedback data.
The present invention also provides a kind of full text calibration equipment of feedback data, comprising: receiver module, for the feedback data containing the disturbance string encrypted, digital signature and requested full-text data of reception server end feedback, with the secret key decryption disturbance string of arranging; Second abstraction module, for extracting the eap-message digest of the full-text data received by the method for arranging with server end; Second computing module, for utilizing Message Digest 5 to carry out hash operations to the disturbance string after deciphering and eap-message digest, obtains digital signature; Comparison module, for the digital signature in this digital signature and feedback data being compared, when comparative result is identical, confirms that full-text data is legal.
In the present invention, the full-text data of server end to client-requested processes, and is specially: the byte composition eap-message digest extracting full-text data; Utilize Message Digest 5 to carry out hash operations to the disturbance string of stochastic generation and eap-message digest, obtain digital signature; Disturbance string, digital signature and full-text data after asymmetric encryption is combined into feedback data and feeds back to client.Client is decrypted with the double secret key disturbance string of arranging after receiving feedback data; And then form eap-message digest by the byte that the method for arranging with server end extracts the full-text data received; Utilize Message Digest 5 to carry out hash operations to the disturbance string after deciphering and eap-message digest, obtain digital signature; Digital signature in this digital signature and feedback data is compared, determines the true and false of the full-text data fed back, when comparative result is identical, confirm that full-text data is legal.
Such scheme can verify fast and accurately to the full-text data of the client-requested of server end feedback, guarantees that the source of full-text data is legal.The concrete advantage of the program is: only carry out hash operations to the byte extracted in full-text data and disturbance string, can reduce the time of hash operations, simultaneously due to the existence of random perturbation string and the mode of extraction byte, makes the fail safe of digital signature higher; Disturbance is serially added close after transmit, can improve the fail safe of disturbance string, the simultaneously decryption oprerations of disturbance string also can be used as the whether legal foundation of verification full-text data.
Utilize such scheme, correct cloud killing feedback result can be obtained, also can prevent the infection of webpage abduction, malicious websites simultaneously.
The such scheme that the present invention proposes, very little to the change of existing system, can not the compatibility of influential system, and realize simple, efficient.
The aspect that the present invention adds and advantage will part provide in the following description, and these will become obvious from the following description, or be recognized by practice of the present invention.
Accompanying drawing explanation
The present invention above-mentioned and/or additional aspect and advantage will become obvious and easy understand from the following description of the accompanying drawings of embodiments, wherein:
Fig. 1 is the schematic flow sheet of full text guard method one embodiment of feedback data of the present invention;
Fig. 2 is the schematic flow sheet of full text method of calibration one embodiment of feedback data of the present invention;
Fig. 3 is the schematic flow sheet of the present invention's full text check system one embodiment;
Fig. 4 is the structural representation of full text protective device one embodiment of feedback data of the present invention;
Fig. 5 is the structural representation of full text calibration equipment one embodiment of feedback data of the present invention.
Embodiment
Be described below in detail embodiments of the invention, the example of described embodiment is shown in the drawings, and wherein same or similar label represents same or similar element or has element that is identical or similar functions from start to finish.Being exemplary below by the embodiment be described with reference to the drawings, only for explaining the present invention, and can not limitation of the present invention being interpreted as.
Those skilled in the art of the present technique are appreciated that unless expressly stated, and singulative used herein " ", " one ", " described " and " being somebody's turn to do " also can comprise plural form.Should be further understood that, the wording used in specification of the present invention " comprises " and refers to there is described feature, integer, step, operation, element and/or assembly, but does not get rid of and exist or add other features one or more, integer, step, operation, element, assembly and/or their group.Should be appreciated that, when we claim element to be " connected " or " coupling " to another element time, it can be directly connected or coupled to other elements, or also can there is intermediary element.In addition, " connection " used herein or " coupling " can comprise wireless connections or wirelessly to couple.Wording "and/or" used herein comprises one or more whole or arbitrary unit listing item be associated and all combinations.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, and all terms used herein (comprising technical term and scientific terminology), have the meaning identical with the general understanding of the those of ordinary skill in field belonging to the present invention.It should also be understood that, those terms defined in such as general dictionary, should be understood to that there is the meaning consistent with the meaning in the context of prior art, unless and by specific definitions as here, otherwise can not explain by idealized or too formal implication.
Those skilled in the art of the present technique are appreciated that, here used " terminal ", " terminal equipment " had both comprised the equipment of wireless signal receiver, it only possesses the equipment of the wireless signal receiver without emissivities, comprise again the equipment receiving and launch hardware, it has and on bidirectional communication link, can perform the reception of two-way communication and launch the equipment of hardware.This equipment can comprise: honeycomb or other communication equipments, its honeycomb or other communication equipment of having single line display or multi-line display or not having multi-line display; PCS (Personal Communications Service, PCS Personal Communications System), it can combine voice, data processing, fax and/or its communication ability; PDA (Personal Digital Assistant, personal digital assistant), it can comprise radio frequency receiver, beep-pager, the Internet/intranet access, web browser, notepad, calendar and/or GPS (Global Positioning System, global positioning system) receiver; Conventional laptop and/or palmtop computer or other equipment, it has and/or comprises the conventional laptop of radio frequency receiver and/or palmtop computer or other equipment.Here used " terminal ", " terminal equipment " can be portable, can transport, be arranged in the vehicles (aviation, sea-freight and/or land), or be suitable for and/or be configured at local runtime, and/or with distribution form, any other position operating in the earth and/or space is run.Here used " terminal ", " terminal equipment " can also be communication terminal, access terminals, music/video playback terminal, can be such as PDA, MID (Mobile Internet Device, mobile internet device) and/or there is the mobile phone of music/video playing function, also can be the equipment such as intelligent television, Set Top Box.
Those skilled in the art of the present technique are appreciated that used remote network devices here, and it includes but not limited to the cloud that computer, network host, single network server, multiple webserver collection or multiple server are formed.At this, cloud is formed by based on a large amount of computer of cloud computing (Cloud Computing) or the webserver, and wherein, cloud computing is the one of Distributed Calculation, the super virtual machine be made up of a group loosely-coupled computer collection.In embodiments of the invention, realize communicating by any communication mode between remote network devices, terminal equipment with WNS server, include but not limited to, the mobile communication based on 3GPP, LTE, WIMAX, the computer network communication based on TCP/IP, udp protocol and the low coverage wireless transmission method based on bluetooth, infrared transmission standard.
Refer to Fig. 1, Fig. 1 is the schematic flow sheet of full text guard method one embodiment of feedback data of the present invention, and the method is implemented at server end, as shown in Figure 1, comprises the following steps:
S11, extracts the eap-message digest of the full-text data that client is asked.
Under the state that server end and client connect, client sends a request message to server end, and server end can feed back corresponding full-text data to client according to request message.Wherein, common request message comprises: open webpage, download software and cloud killing etc.Consistent with the full-text data that client is asked for guaranteeing the full-text data that server end feeds back, full-text data is encrypted.
Wherein, the full-text data that client is asked comprise following any one or multiple:
The cloud killing result of unknown program, the cloud killing result of website information, web data and software data etc.
First server end proceeds as follows:
A. from full-text data, extract some byte composition eap-message digests determining position with the algorithm of specifying, specifically comprise the following steps:
A. full-text data is divided into a specified quantity position by its length.
In the present embodiment, full-text data is divided into 100 regions.
B. in each position, extract at least one byte that quantity is determined.
In the present embodiment, extract full-text data position and be positioned at 1%, 2%, 3% ... byte, a byte is extracted in each position, totally 100 bytes.
B. random perturbation string is generated, i.e. Salt value.
Wherein, steps A and step B are in no particular order.
S12, utilizes Message Digest 5 to carry out hash operations to the disturbance string of stochastic generation and eap-message digest, obtains digital signature.
In the present embodiment, adopt the combination of MD5 algorithm to eap-message digest and disturbance string to carry out hash calculating, obtain digital signature.
S13, is combined into feedback data by disturbance string, digital signature and the full-text data after asymmetric encryption and feeds back to client.
Before disturbance string and digital signature feed back to client with full-text data, need be handled as follows:
A. disturbance string is carried out asymmetric encryption.
In the present embodiment, disturbance string is with encrypted private key.
B. disturbance string, digital signature and full-text data after asymmetric encryption are combined into feedback data.
In the present embodiment, the disturbance string after asymmetric encryption and digital signature are placed in the ad-hoc location of full-text data, are specially the head position of full-text data.The full-text data of the present embodiment is web data, and the head position of web data is http header.
In other embodiments, the disturbance string after asymmetric encryption and digital signature also can be placed in other positions of full-text data.
In other embodiments, the disturbance string after asymmetric encryption and digital signature can be placed in before whole full-text data or below.
The method of the present embodiment not only can be used for the protection of web data, also can protect full-text data in the application such as mobile phone assistant, cloud killing, as long as the request feedback full-text data of server end customer in response end, the method can be used to carry out data protection.
The above, the present embodiment is to random perturbation string and adopt the byte of certain algorithm extraction to carry out hash operations, can improve the fail safe of digital signature.Adopt private key to be encrypted disturbance string, disturbance string can be prevented to be tampered.
Refer to Fig. 2, Fig. 2 is the schematic flow sheet of full text method of calibration one embodiment of feedback data of the present invention, and the method, in client implementation, as shown in Figure 1, comprises the following steps:
S21, the feedback data containing the disturbance string encrypted, digital signature and requested full-text data of reception server end feedback, with the secret key decryption disturbance string of arranging.
The feedback data that client receives is the feedback data that server end embodiment illustrated in fig. 1 sends, and does not repeat them here.
Disturbance string act as in the present embodiment and carries out hash operations, therefore needs first to be decrypted it.Because the disturbance string of the encryption received is encrypted private key, the PKI corresponding to private key is utilized to be decrypted.If do not have the disturbance string of disturbance string or the encryption of encrypting to be replaced by the disturbance string of other encryption in the feedback data that server end sends, then client does not have decryption oprerations maybe cannot be decrypted, this result also can show that the full-text data of reception is illegal, and namely feedback data has been tampered or has replaced.
Disturbance string carries out encrypted private key before being sent to client, can increase the fail safe of disturbance string further.If utilize PKI to be encrypted, due to PKI for disclosed in, no matter whether disturbance string is tampered, client all can be decrypted, waste calculation resources.
S22, extracts the eap-message digest of the full-text data received by the method for arranging with server end.
The principle of client full text method of calibration is that the digital signature sent by server end and the digital signature self produced compare, and therefore, client needs to adopt the algorithm identical with server end to extract the byte of the full-text data received.
S23, utilizes Message Digest 5 to carry out hash operations to the disturbance string after deciphering and eap-message digest, obtains digital signature.
Client adopts MD5 algorithm to carry out hash operations equally.
S24, compares the digital signature in this digital signature and feedback data, when comparative result is identical, confirms that full-text data is legal.
This is legal refers to that full-text data is for being modified or replacing, also not because network reason occurs mistakes and omissions in transmitting procedure.
If comparative result is not identical, full-text data is illegal, and client can be further processed, as: send miscue, again request etc.
The above, client verifies, and both can protect the network security of user, can prevent again illegal website from stealing flow, the interests of protection operator.
Refer to Fig. 3, Fig. 3 is the schematic flow sheet of the present invention's full text check system one embodiment, and check system comprises server end and client, the two acting in conjunction in full, completes the verification of full-text data.As shown in Figure 3, comprise the following steps:
S31, server end extracts the eap-message digest of the full-text data that client is asked.
S32, utilizes Message Digest 5 to carry out hash operations to the disturbance string of stochastic generation and eap-message digest, obtains digital signature.
S33, is combined into feedback data by disturbance string, digital signature and the full-text data after asymmetric encryption and feeds back to client.
S34, the feedback data containing the disturbance string encrypted, digital signature and requested full-text data of client reception server end feedback, with the secret key decryption disturbance string of arranging.
S35, extracts the eap-message digest of the full-text data received by the method for arranging with server end.
S36, utilizes Message Digest 5 to carry out hash operations to the disturbance string after deciphering and eap-message digest, obtains digital signature.
S37, compares the digital signature in this digital signature and feedback data, when comparative result is identical, confirms that full-text data is legal.
Said method is Fig. 1 and method embodiment illustrated in fig. 2, and concrete operations mode is all described later in detail in fig. 1 and 2, does not repeat them here.
The present embodiment method can verify fast and accurately to the full-text data of the client-requested of server end feedback, and the method can be applicable in following scene:
A. based on the rogue program killing one of cloud security
This killing process relates to client and cloud server end.The scans content instruction that client sends according to server end scans, and when scanning unknown program file, extracting the characteristic of unknown program file, then the characteristic of unknown program file being transferred to server end.Characteristic can have a variety of, such as: the data and filename etc. that calculate according to specific algorithm (as MD5, SHA1 or other algorithms) all or part of key content of unknown program file.
The characteristic of the unknown program file of reception is mated by server end in known rogue program killing database, if the match is successful, then illustrates that this unknown program is rogue program.This killing result feedback to client, is carried out killing by client by server end.Wherein, killing result comprises judged result and repairs logic accordingly.
In this killing process, when server end returns killing result, extract the eap-message digest of killing result, Message Digest 5 is utilized to carry out hash operations to the disturbance string of stochastic generation and eap-message digest, obtain digital signature, the disturbance string after asymmetric encryption, digital signature and killing result are combined into feedback data and feed back to client.
After the feedback data of client reception server end feedback, carry out following operation: with the secret key decryption disturbance string of arranging, and extract the eap-message digest of the killing result received by the method for arranging with server end; Utilize Message Digest 5 to carry out hash operations to the disturbance string after deciphering and eap-message digest, obtain digital signature; Digital signature in this digital signature and feedback data compared, when comparative result is identical, confirm that killing result is legal, namely the killing result of server end feedback is not tampered or replaces.
B. based on the rogue program killing two of cloud security
This killing process relates to client and cloud server end.First client judges local unknown program file, and according to the signature-related information of unknown program file, generates the signature uniquely corresponding with unknown program file and identify.Client sends inquiry request to server end, and this inquiry request carries the signature mark of unknown program file and the part or all of file characteristic of this unknown program file.
After received server-side to inquiry request, in a database the signature mark in inquiry request is mated, obtain and identify corresponding checking and killing method with signature, and this checking and killing method is sent to client.
Client is downloaded for the testing conditions of unknown program file from server end according to checking and killing method, judges whether unknown program file meets testing conditions, and testing result is sent to server end.Wherein, testing conditions at least comprises following one:
1) whether the specific file that PE loads has effective signature of specific company.2) whether PE loads the inside title of specific file, name of product and Business Name are the title of specifying.3) specific hook whether is hung with in system.4) in specific process, whether there is specific padding data.5) whether have specific driver module or device object to exist in system, wherein, specific driver module or device object refer to the driver module or device object that are loaded by local unknown program.6) whether specific registration table points to specific file or specific CLSID or mates specific pattern, wherein, specific registration table, specific file, specific CLSID and specific pattern generate when loading by unknown program, when this program is run, this specific file and specific CLSID is utilized to run this program under specific pattern by specific registration table.7) whether there is local unknown file (fail to judge whether safe class is believable file, mainly corresponding according to each file file security grade judges) etc. in the chain of processes that PE loads.The chain of processes mainly Water demand chain of processes information that PE loads.
After received server-side to testing result, send corresponding killing result to client.Killing result is specially: when server judges this unknown program file as malicious file according to the testing result received, and killing result is the reminder message of unknown program file PI rogue program or this unknown program file is carried out to the instruction of killing; When server judges this unknown program file as secure file according to the testing result received, killing result is the instruction that secure file is let pass.
In B scene, when server end is to client feedback checking and killing method or killing result, the method shown in Fig. 3 can be utilized to verify checking and killing method or killing result, concrete with reference to the method for calibration in A scene.The correctness of the data that server end feeds back can be guaranteed by verification.
C. the network information security based on cloud detection is identified
This authentication method relates to client and server end, and wherein, server end is cloud server or cloud killing server, and server end is equipped with Qihoo's SVMs (Qihoo Support Vector Machine, QVM) artificial intelligence engine.
The secure authentication request carrying the network information and client identification of received server-side client upload, and judge client identification whether in default mark blacklist, if do not exist, then security authentication is carried out to the network information, and qualification result is fed back to client.
Wherein, the network information is unknown file sample characteristics information or website information, the network information in secure authentication request is corresponding with client identification, the network information is the malicious websites of the rogue program that produces of client that client identification is corresponding or establishment, or the rogue program of other clients report or malicious websites.
Wherein, security authentication is specially: when the network information is unknown file sample characteristics information, and server end is according to unknown file sample characteristics information, and whether inquiry file sample is in default file sample white list; If, then generate secure authentication result, and by secure authentication result feedback to client; If do not exist, then according to unknown file sample characteristics information, paper sample is identified, and feed back qualification result to client.When the network information is website information, whether server end referral web site information is in the malice URL library preset; If, then generate malice network address qualification result, and malice network address qualification result is fed back to client; If do not exist, security authentication is carried out to website information, and qualification result is fed back to client.
For malice network address qualification result, server end extracts the eap-message digest of malice network address qualification result, Message Digest 5 is utilized to carry out hash operations to the disturbance string of stochastic generation and eap-message digest, obtain digital signature, the disturbance string after asymmetric encryption, digital signature and malice network address qualification result are combined into feedback data and feed back to client.
Client comprises following operation: with the secret key decryption disturbance string of arranging after receiving feedback data; The eap-message digest of the malice network address qualification result received is extracted by the method for arranging with server end; Utilize Message Digest 5 to carry out hash operations to the disturbance string after deciphering and eap-message digest, obtain digital signature; Digital signature in this digital signature and feedback data compared, when comparative result is identical, confirm that malice network address qualification result is legal, namely the qualification result of server end feedback is not tampered or replaces, and guarantees the safety of server feedback data.
D. prevent webpage from kidnapping
After client sends web access requests, server end returns the info web of request by the method for calibration shown in Fig. 3, client is verified the info web returned by the method for calibration shown in Fig. 3, by the way, can avoid the problem that webpage is kidnapped.
Refer to Fig. 4; Fig. 4 is the structural representation of full text protective device one embodiment of feedback data of the present invention; this device is placed in server end; as shown in Figure 4; comprise: the first abstraction module 41, first computing module 42 and feedback module 43; wherein, the first abstraction module 41 comprises the first subdivision such as grade 411 and the first extracting unit 412.
The function of above-mentioned each module is as follows:
The eap-message digest of full-text data of the first abstraction module 41 for extracting client and asking, be specially, first subdivision such as grade 411 for full-text data is divided into a specified quantity position by its length, at least one byte that the first extracting unit 412 is determined for extracting quantity in each position.
First computing module 42 carries out hash operations for utilizing Message Digest 5 to the disturbance string of stochastic generation and eap-message digest, obtains digital signature.
Feedback module 43 feeds back to client for disturbance string, digital signature and the full-text data after asymmetric encryption is combined into feedback data.
In the present embodiment, Message Digest 5 is MD5 algorithm, disturbance string adopts encrypted private key, and the disturbance string after encryption and digital signature are placed in the ad-hoc location (as head position) of full-text data, form feedback data feed back to client with full-text data.
Refer to Fig. 5, Fig. 5 is the structural representation of full text calibration equipment one embodiment of feedback data of the present invention, and this device is placed in client, as shown in Figure 5, comprising: receiver module 51, second abstraction module 52, second computing module 53 and comparison module 54.Wherein, the second abstraction module 52 comprises the second subdivision such as grade 521 and the second extracting unit 522.
The function of above-mentioned each module is as follows:
The feedback data of the disturbance string containing encryption, digital signature and requested full-text data that receiver module 51 feeds back for reception server end, with the secret key decryption disturbance string of arranging.
Second abstraction module 52 is for extracting the eap-message digest of the full-text data received by the method for arranging with server end, be specially, second subdivision such as grade 521 for full-text data is divided into a specified quantity position by its length, at least one byte that the second extracting unit 522 is determined for extracting quantity in each position.
Second computing module 53 carries out hash operations for utilizing Message Digest 5 to the disturbance string after deciphering and eap-message digest, obtains digital signature.
Comparison module 54, for the digital signature in this digital signature and feedback data being compared, when comparative result is identical, confirms that full-text data is legal.
To it is pointed out that shown in Fig. 4 protective device and the calibration equipment of full text shown in Fig. 5 in full, cooperatively interact, complete the verification of full-text data, the comparison of method of calibration mainly digital signature.Receiver module 51 shown in Fig. 5 receives the data of the feedback of feedback module 43 shown in Fig. 4.
Because full text protective device obtains digital signature according to the byte extracted in full-text data and random perturbation string, therefore calibration equipment also needs identical byte extraction mode and hash operations method to obtain digital signature in full.
There is random perturbation string due in the digital signature that full text protective device obtains, therefore also need this random perturbation string to be transferred to calibration equipment in full, for full text calibration equipment computing digital signature.Wherein, extract mode and the random perturbation string of byte, all can improve the fail safe of digital signature, relative to the hash operations of whole full-text data, also can reduce operation time.Wherein, random perturbation string utilizes encrypted private key to transfer to calibration equipment in full, can improve the fail safe of disturbance string, also can be used as the foundation whether verification full-text data is legal.
The above is only some embodiments of the present invention; it should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (10)
1. a full text guard method for feedback data, is characterized in that, comprise the following steps:
Extract the eap-message digest of the full-text data that client is asked;
Utilize Message Digest 5 to carry out hash operations to the disturbance string of stochastic generation and described eap-message digest, obtain digital signature;
Disturbance string, digital signature and full-text data after asymmetric encryption is combined into feedback data and feeds back to client.
2. the full text guard method of feedback data according to claim 1, is characterized in that, extracts the eap-message digest of the full-text data that client is asked, comprising:
Extract from full-text data with the algorithm of specifying and somely determine that the byte of position forms described eap-message digest.
3. the full text guard method of feedback data according to claim 2, is characterized in that, extracts and somely determines that the byte of position forms described eap-message digest, comprising with the algorithm of specifying from full-text data:
Full-text data is divided into a specified quantity position by its length;
At least one byte that quantity is determined is extracted in each position.
4. the full text guard method of feedback data according to claim 1, is characterized in that, the disturbance string of asymmetric encryption is with encrypted private key.
5. a full text method of calibration for feedback data, is characterized in that, comprise the following steps:
The feedback data containing the disturbance string encrypted, digital signature and requested full-text data of reception server end feedback, with disturbance string described in the secret key decryption of arranging;
The eap-message digest of the full-text data received is extracted by the method for arranging with server end;
Utilize Message Digest 5 to carry out hash operations to the disturbance string after deciphering and described eap-message digest, obtain digital signature;
Digital signature in this digital signature and feedback data is compared, when comparative result is identical, confirms that full-text data is legal.
6. the full text method of calibration of feedback data according to claim 5, it is characterized in that, the feedback data containing the disturbance string encrypted, digital signature and requested full-text data of reception server end feedback, with disturbance string described in the secret key decryption of arranging, comprising:
Reception server end feedback with the disturbance string of encrypted private key, with disturbance string described in the public key decryptions of arranging.
7. a full text protective device for feedback data, is characterized in that, comprising:
First abstraction module, for extracting the eap-message digest of the full-text data that client is asked;
First computing module, for utilizing Message Digest 5 to carry out hash operations to the disturbance string of stochastic generation and described eap-message digest, obtains digital signature;
Feedback module, feeds back to client for disturbance string, digital signature and the full-text data after asymmetric encryption is combined into feedback data.
8. the full text protective device of feedback data according to claim 7, is characterized in that, described first abstraction module comprises:
First subdivision such as grade, for being divided into a specified quantity position by full-text data by its length;
First extracting unit, for extracting at least one byte that quantity is determined in each position.
9. a full text calibration equipment for feedback data, is characterized in that, comprising:
Receiver module, for the feedback data containing the disturbance string encrypted, digital signature and requested full-text data of reception server end feedback, with disturbance string described in the secret key decryption of arranging;
Second abstraction module, for extracting the eap-message digest of the full-text data received by the method for arranging with server end;
Second computing module, for utilizing Message Digest 5 to carry out hash operations to the disturbance string after deciphering and described eap-message digest, obtains digital signature;
Comparison module, for the digital signature in this digital signature and feedback data being compared, when comparative result is identical, confirms that full-text data is legal.
10. the full text calibration equipment of feedback data according to claim 9, is characterized in that, described second abstraction module comprises:
Second subdivision such as grade, for being divided into a specified quantity position by full-text data by its length;
Second extracting unit, for extracting at least one byte that quantity is determined in each position.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410545141.1A CN104243171A (en) | 2014-10-15 | 2014-10-15 | Method and device for full-text protection and verification of feedback data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410545141.1A CN104243171A (en) | 2014-10-15 | 2014-10-15 | Method and device for full-text protection and verification of feedback data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104243171A true CN104243171A (en) | 2014-12-24 |
Family
ID=52230577
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410545141.1A Pending CN104243171A (en) | 2014-10-15 | 2014-10-15 | Method and device for full-text protection and verification of feedback data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104243171A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104917752A (en) * | 2015-05-04 | 2015-09-16 | 北京奇艺世纪科技有限公司 | Abnormality detection method and abnormality detection system based on communication |
| WO2016116003A1 (en) * | 2015-01-23 | 2016-07-28 | 中兴通讯股份有限公司 | Method and device for processing digital signature |
| CN110557353A (en) * | 2018-05-31 | 2019-12-10 | 北京京东尚科信息技术有限公司 | Terminal data verification method, device, medium and electronic equipment |
| CN112118572A (en) * | 2020-11-23 | 2020-12-22 | 北京中超伟业信息安全技术股份有限公司 | Data safety transmission system and method based on 5G communication in industrial network scene |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1304602A (en) * | 1998-05-05 | 2001-07-18 | 杰伊·C·陈 | Cryptographic system and method for electronic transactions |
| CN101964786A (en) * | 2010-09-17 | 2011-02-02 | 中山大学 | Set-top box-based secure information transmission system and method |
-
2014
- 2014-10-15 CN CN201410545141.1A patent/CN104243171A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1304602A (en) * | 1998-05-05 | 2001-07-18 | 杰伊·C·陈 | Cryptographic system and method for electronic transactions |
| CN101964786A (en) * | 2010-09-17 | 2011-02-02 | 中山大学 | Set-top box-based secure information transmission system and method |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016116003A1 (en) * | 2015-01-23 | 2016-07-28 | 中兴通讯股份有限公司 | Method and device for processing digital signature |
| CN105871791A (en) * | 2015-01-23 | 2016-08-17 | 中兴通讯股份有限公司 | Method and device for processing digital signatures |
| CN104917752A (en) * | 2015-05-04 | 2015-09-16 | 北京奇艺世纪科技有限公司 | Abnormality detection method and abnormality detection system based on communication |
| CN104917752B (en) * | 2015-05-04 | 2019-03-12 | 北京奇艺世纪科技有限公司 | A kind of method for detecting abnormality and system based on communication |
| CN110557353A (en) * | 2018-05-31 | 2019-12-10 | 北京京东尚科信息技术有限公司 | Terminal data verification method, device, medium and electronic equipment |
| CN110557353B (en) * | 2018-05-31 | 2023-08-08 | 北京京东尚科信息技术有限公司 | Terminal data verification method and device, medium and electronic equipment |
| CN112118572A (en) * | 2020-11-23 | 2020-12-22 | 北京中超伟业信息安全技术股份有限公司 | Data safety transmission system and method based on 5G communication in industrial network scene |
| CN112118572B (en) * | 2020-11-23 | 2021-02-05 | 北京中超伟业信息安全技术股份有限公司 | Data safety transmission system and method based on 5G communication in industrial network scene |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5925335B2 (en) | Network security protection method, apparatus and system | |
| CN104255009B (en) | System and method for the fragment integrity and authenticity of adaptive stream media | |
| US11804967B2 (en) | Systems and methods for verifying a route taken by a communication | |
| CN103634114B (en) | The verification method and system of intelligent code key | |
| KR101754308B1 (en) | Method for management sensitive data of mobile and escrow server for performing the method | |
| CN101404576B (en) | Network resource query method and system | |
| KR20180029695A (en) | System and method for transmitting data using block-chain | |
| CN110990827A (en) | Identity information verification method, server and storage medium | |
| KR101744747B1 (en) | Mobile terminal, terminal and method for authentication using security cookie | |
| CN102891843A (en) | Method for authorizing application program at android client side through local service unit | |
| CN102299930A (en) | Method for ensuring security of client software | |
| CN105025019A (en) | Data safety sharing method | |
| CN105072125A (en) | HTTP communication system and method | |
| US9118483B2 (en) | Communication system, relay device, and non-transitory computer readable medium | |
| CN112422500B (en) | Cross-platform data transmission method and device, storage medium and electronic device | |
| CN104065485A (en) | Power grid dispatching mobile platform safety guaranteeing and controlling method | |
| CN104009842A (en) | Communication data encryption and decryption method based on DES encryption algorithm, RSA encryption algorithm and fragile digital watermarking | |
| CN106161444A (en) | Secure storage method of data and subscriber equipment | |
| GB2560047A (en) | Electronic device verification | |
| CN104243171A (en) | Method and device for full-text protection and verification of feedback data | |
| CN105791274A (en) | Distributed encrypted storage and authentication method based on local area network | |
| CN104468074A (en) | Method and equipment for authentication between applications | |
| CN100499453C (en) | Method of the authentication at client end | |
| CN108509799A (en) | A kind of template document acquisition methods, apparatus and system | |
| CN104811421A (en) | Secure communication method and secure communication device based on digital rights management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20141224 |
|
| RJ01 | Rejection of invention patent application after publication |