CN106790223A - The method and apparatus and its system of a kind of data transfer - Google Patents
The method and apparatus and its system of a kind of data transfer Download PDFInfo
- Publication number
- CN106790223A CN106790223A CN201710023925.1A CN201710023925A CN106790223A CN 106790223 A CN106790223 A CN 106790223A CN 201710023925 A CN201710023925 A CN 201710023925A CN 106790223 A CN106790223 A CN 106790223A
- Authority
- CN
- China
- Prior art keywords
- server
- key
- equipment
- unit
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Abstract
The embodiment of the invention discloses the method and apparatus and its system of a kind of data transfer, the method includes:Equipment sends communication connection request to server, send after communication connection request public key and prestored to equipment, on server at least one set of public key and private key so that server is received;If equipment receives the public key of server transmission, equipment generates symmetric key according to current communication connection request, and symmetric key is also different when communication connection request is different;Equipment utilization public key is encrypted to local information, and local information includes symmetric key;Local information after encryption is sent to server by equipment, so that server decrypts the local information after encryption to obtain symmetric key according to the private key matched with public key;Equipment is encrypted communication using symmetric key and server, until current encryption communication channel interrupt.The embodiment of the present invention provides the symmetric key of dynamic change by the above method, and then improves the security of information transfer.
Description
Technical field
The present invention relates to Internet technical field, more particularly to a kind of data transfer method and apparatus and its system.
Background technology
With the development of internet communication technology, technology of Internet of things is applied in increasing scene, for example elevator thing
Networking.In existing technology of Internet of things, typically being entered by the way of symmetric cryptography or plaintext between equipment and server
Row data transfer, the key of symmetric cryptography is changeless when being transmitted using symmetric cryptography, once therefore symmetric cryptography it is close
Key is cracked, and will cause great potential safety hazard.
The content of the invention
The embodiment of the present invention provides the method and apparatus and system of a kind of data transfer, can provide the symmetrical of dynamic change
Key, i.e., current symmetric key therewith previous existence into symmetric key it is different, and then improve the security of information transfer.
In a first aspect, the embodiment of the invention provides a kind of method of data transfer, the method includes:
Equipment sends communication connection request to server, for server receive send after communication connection request public key to
Equipment, prestored at least one set of public key and private key on server;If equipment receive server transmission public key, equipment according to ought
Preceding communication connection request generation symmetric key, wherein, the different symmetric key of different communication connection request correspondences;Equipment profit
Local information is encrypted with public key, local information includes symmetric key;Local information after encryption is sent to clothes by equipment
Business device, so that server decrypts the local information after encryption to obtain symmetric key according to the private key matched with public key;Equipment
Communication is encrypted using symmetric key and server, until current encryption communication channel interrupt.
On the other hand, a kind of equipment is the embodiment of the invention provides, the equipment includes:First Transmit-Receive Unit, generation unit,
First ciphering unit, the first Transmit-Receive Unit and the first communication unit.
Wherein, the first Transmit-Receive Unit, for sending communication connection request to server, connects so that server receives communication
Connect and send public key after request and prestored to equipment, on server at least one set of public key and private key;Generation unit, if for receiving
The public key that server sends, symmetric key is generated according to current communication connection request, wherein, different communication connection requests pair
Answer different symmetric keys;First ciphering unit, for being encrypted to local information using public key, local information includes symmetrical
Key;First Transmit-Receive Unit, is additionally operable to for the local information after encryption to be sent to server, for server according to public key phase
The private key of matching decrypts the local information after encryption to obtain symmetric key;First communication unit, for using symmetric key with
Server is encrypted communication, until current encryption communication channel interrupt.
On the other hand, a kind of system of data transfer is the embodiment of the invention provides, the system includes server and equipment,
The equipment includes the first Transmit-Receive Unit, generation unit, the first ciphering unit, the first Transmit-Receive Unit and the first communication unit;
The server includes the second Transmit-Receive Unit, decryption unit and the second communication unit.
Wherein, the first Transmit-Receive Unit, communication connection request is sent to server for equipment;Second Transmit-Receive Unit, is used for
Server to receive and send public key after communication connection request and prestored to equipment, on server at least one set of public key and private key;It is raw
Into unit, if the public key for receiving server transmission, equipment generates symmetric key according to current communication connection request, its
In, the different symmetric key of different communication connection request correspondences;First ciphering unit, for equipment utilization public key to local letter
Breath is encrypted, and local information includes symmetric key;First Transmit-Receive Unit, is additionally operable to equipment and sends the local information after encryption
To server;Decryption unit, obtains for server according to the local information after the private key decryption encryption matched with public key
Symmetric key;First communication unit, is encrypted communication, until current encryption for equipment using symmetric key and server
Communication channel is interrupted;Second communication unit, is encrypted communication, until current for server using symmetric key and equipment
Encryption communication channel interrupt.
A kind of method of the data transfer disclosed in the embodiment of the present invention, sends communication and connects to server every time by equipment
When connecing request, public key is got from server, and generates symmetric key, using be then forwarded to after public key encryption symmetric key service
Device end, and then set up encryption communication passage and be encrypted communication.Transmission symmetric key is improve using public key encryption symmetric key
The symmetric key generated when sending communication connection request to server every time to the security of server process, and equipment is not
Together, further increasing the transmission security of data.
Brief description of the drawings
Technical scheme in order to illustrate more clearly the embodiments of the present invention, embodiment will be described below needed for be used
Accompanying drawing is briefly described, it should be apparent that, drawings in the following description are some embodiments of the present invention, general for this area
For logical technical staff, on the premise of not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of indicative flowchart of the method for data transfer provided in an embodiment of the present invention;
Fig. 2 is the local flow chart of Fig. 1 provided in an embodiment of the present invention;
Fig. 3 is the local flow chart of Fig. 1 provided in an embodiment of the present invention;
Fig. 4 is a kind of schematic block diagram of the system of data transfer provided in an embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is a part of embodiment of the invention, rather than whole embodiments.Based on this hair
Embodiment in bright, the every other implementation that those of ordinary skill in the art are obtained under the premise of creative work is not made
Example, belongs to the scope of protection of the invention.
It should be appreciated that when using in this specification and in the appended claims, term " including " and "comprising" instruction
The presence of described feature, entirety, step, operation, element and/or component, but be not precluded from one or several further features,
The presence or addition of entirety, step, operation, element, component and/or its set.It is also understood that in this description of the invention
The term for being used is not intended to limit the present invention merely for the sake of the purpose of description specific embodiment.Such as in explanation of the invention
As used in book and appended claims, unless context clearly indicates other situations, otherwise singulative
" one ", " one " and " being somebody's turn to do " are intended to include plural form.
The system that a kind of method of data transfer provided in an embodiment of the present invention runs on data transfer, the embodiment of the present invention
Described in data transmission system be commonly applied to Internet of things system, Internet of things system includes server and equipment, server and sets
Communicated by network between standby.The method of above-mentioned data transfer is embodied as the information transfer between server and equipment
Method, by providing the symmetric key of dynamic change and using asymmetric-key encryption symmetric key improving server and set
The security of information transfer between standby.But Internet of Things in the embodiment of the present invention includes is not limited to elevator Internet of Things, intelligence
Household Internet of Things etc., therefore equipment is not limited to elevator, smart home etc..The embodiment of the present invention will be entered by taking elevator Internet of Things as an example
Row is illustrated.
1 is please see Figure, is a kind of indicative flowchart of the method for data transfer provided in an embodiment of the present invention, such as figure institute
Show, a kind of method of data transfer includes step S101~S107:
Step S101, equipment sends communication connection request to server, after receiving communication connection request for server
Public key is sent to equipment.
If specifically, equipment detects the current encryption communication passage not set up between server, sending communication and connecting
Request is connect to server.It should be appreciated that encryption communication passage represents the interface channel that can be encrypted communication.
Step S102, server sends public key to equipment.
Specifically, the unsymmetrical key that prestored on server, i.e., including at least one set of public key and private key, use public key encryption
Data could only be decrypted when using corresponding private key.
Step S103, if equipment receives the public key of server transmission, equipment is generated according to current communication connection request
Symmetric key, the different symmetric key of different communication connection request correspondences.
The different symmetric key of different communication connection request correspondences is embodied as:Current communications connection request it is symmetrical
Key be it is unique, it is different from symmetric key had been generated before.Therefore in the present embodiment preferred equipment according to current communication
Connection request generates symmetric key, including:
Equipment obtains the identification marking of current communication connection request, and wherein identification marking is intended to indicate that the communication connects
Connect the unique mark of request;And equipment generates symmetric key according to identification marking.
Preferred identification marking includes current time or random number or their combination in the present embodiment.It is feasible at other
Embodiment in, identification marking include current time or random number while, identification marking also include mac addresses or mainboard
Numbering or their combination.It should be appreciated that the current time of different communication connection requests ought to be different, different communications connect
The random number for connecing request ought to be different, and then ensure that the uniqueness that symmetric key is generated according to identification marking.Mac addresses or
Mainboard numbering is for distinguishing distinct device, being further ensured that the uniqueness and uniqueness of identification marking.
Step S104, equipment utilization public key is encrypted to local information, and local information includes symmetric key.
Specifically, symmetric key is equipment generation, belong to the local information of equipment.Can using public key encryption local information
To improve the level of security of information, prevent man-in-the-middle attack and get symmetric key in a network.
Local information after encryption is sent to server by step S105, equipment, for server according to public key phase
The private key matched somebody with somebody decrypts the local information after encryption to obtain symmetric key.
Step S106, if server receives encrypted local information, server is according to the private key matched with public key
The local information after encryption is decrypted to obtain symmetric key.
Specifically, based on the local information after encryption be equipment utilization receive public key encryption local information and obtain, therefore
The private key that server by utilizing matches with public key can be decrypted.
Step S107, equipment is encrypted communication with server using symmetric key, until current encryption communication passage
Interrupt.
It should be noted that equipment is encrypted communication with server using symmetric key, then it represents that encryption communication passage
It has been established that and after current encryption communication channel interrupt, when needing to set up encryption communication passage again next time, repeat step
S101~S107.And then ensure that current encryption communication passage is separate with follow-up encryption communication passage, even if current
Symmetric key in encryption communication is cracked, and the symmetric key in follow-up encryption communication is not cracked, and improves data biography
Defeated security.
In certain embodiments, if equipment or server detect current information when being transmitted, interrupt current
Encryption communication passage;In further embodiments, if equipment or server detect under attack, the current encryption of interruption
Communication channel;In some feasible embodiments, Preset Time is spaced, server or the current encryption communication of device interrupt are logical
Road.The foundation and interruption of multiple encryption communication passage are realized in current transformation task, and then is appointed in current transmission
Symmetric key is dynamically have updated in business, the security of information transfer is improved.It should be appreciated that current in Network Abnormal Shi Yejiang roads
Encryption communication channel interrupt.
In sum, step S101, step S103, step S104, step S105 and step S107 are operate in equipment,
Step S102, step S106 and step S107 are operate in server.The side of the data transfer described in the embodiment of the present invention
The symmetric key of the dynamic change that method is generated by equipment improves the security of information transfer, and on the other hand, equipment is by clothes
The public key that business device sends carrys out encrypted symmetric key, can prevent man-in-the-middle attack, prevents go-between from being got from network symmetrically
Key, further improves the security of information transfer.
It should be noted that in other implementations, in order to improve security performance, preventing server with unauthorized equipment
Communicated, the local information in equipment also includes device authentication code, please see Figure 2, on the basis of above-described embodiment, step
Before S107 equipment is encrypted communication with server using symmetric key, the method for data transfer also comprises the following steps:
Step S201, server obtains equipment and reflects according to the local information after the private key decryption encryption matched with public key
Weighted code;
Whether step S202, server is authorisation device according to device authentication code identification equipment, if authorisation device, then hold
Row step S107;If not authorisation device, performs S203;
Step S203, interrupts communication connection.
It should be appreciated that the step of server obtains device authentication code S201 and step S106 can be considered as same step and hold
OK, it is also possible to successively perform.Device authentication code is the unique mark of equipment, and it includes mainboard numbering, mac addresses, Internet of Things network interface card
Deng or their any combination.Additionally, the data matched with the authentication code of authorisation device that prestored on server, if service
There are data on device to be matched with device authentication code-phase, then it represents that server is authorisation device;If on server in the absence of data with
Device authentication code-phase is matched, then it represents that server is not authorisation device.
Also, it should be noted that the security in order to further improve information transfer, prevents go-between's crack servers
Public key and private key, public key and private key in preferred server are to carry out dynamic change according to time change, and then improve information biography
Defeated security.In some feasible embodiments, it is each that above-mentioned time change is expressed as Server Restart time, i.e. server
Public key and private key will be updated when restarting.In some feasible embodiments, above-mentioned time change is expressed as encryption communication passage
Break period, i.e. encryption communication passage will update public key and private key after interrupting every time, for being used when communicating connection next time.
If the public key and private key on server are changed over time and dynamic change, in certain embodiments, then service
Public key and private key on device are generated according to server current information, such as current time;In further embodiments, then take
What public key and private key on business device can also be randomly generated, every group of public key and private key have matched a random number, difference group
Public key is different with the random number of private key.
Also, it should be noted that the security in order to further improve information transfer, prevents go-between in network transmission mistake
The public key that journey crack servers send, please see Figure 3, on the basis of above-described embodiment, if having prestored some groups of public affairs on server
Key and private key, the method for data transfer also comprise the following steps:
Step S301, server selects one group of public key and private key from some groups of public keys and private key;
Step S302, server by remaining public key in some groups of public keys and private key encrypt successively selected one group of public key and
Public key in private key.
Step S102 is performed again, and now step S102 is specially:Encrypted public key is sent to equipment by server, for
The encrypted public key encryption local information of equipment utilization.Server receive it is encrypted after local information after, if successively using
Private key in dry group public key and private key is decrypted to get symmetric key and device authentication code.
On the other hand, if having prestored some groups of public keys and private key on server, when preferably generating public key and private key, every group public
Key is different with the generating algorithm of private key, and then improves the security of public key and private key.
If specifically, server include first group of public key and private key and second group of public key and private key, by second group
The public key that first group of public key encryption, then by encryption after first group of public key be sent to equipment;Server receives equipment utilization
After public key encryption after local information, first it is decrypted with second group of private key.
4 are please see Figure, is a kind of schematic block diagram of the system of data transfer provided in an embodiment of the present invention, as illustrated,
The system 40 includes equipment 41 and server 42.Server 42 and equipment 41 pass through network connection.
Wherein, equipment 41 includes that the first Transmit-Receive Unit 410, generation unit 411, the first ciphering unit 412 and first are logical
News unit 413.
First Transmit-Receive Unit 410, sends communication connection request to server 42, so that server 42 is received for equipment 41
Public key is sent to equipment 41 after to communication connection request.
Generation unit 411, if receiving the public key of the transmission of server 42 for equipment 41, equipment 41 is according to current communication
Connection request generates symmetric key, the different symmetric key of different communication connection request correspondences.
Specifically, the different symmetric key of different communication connection request correspondences is embodied as:Current communications connection please
The symmetric key asked be it is unique, it is different from symmetric key had been generated before.Therefore unit 411 is preferably generated in the present embodiment
Including acquiring unit and processing unit.
Wherein, acquiring unit, the identification marking of current communication connection request, wherein identification marking are obtained for equipment 41
It is intended to indicate that the unique mark of the communication connection request;Processing unit, it is symmetrical according to identification marking generation for equipment 41
Key.
Preferred identification marking includes current time or random number or their combination in the present embodiment.It is feasible at other
Embodiment in, identification marking include current time or random number while, identification marking also include mac addresses or mainboard
Numbering or their combination.It should be appreciated that the current time of different communication connection requests ought to be different, different communications connect
The random number for connecing request ought to be different, and then ensure that the uniqueness that symmetric key is generated according to identification marking.Mac addresses or
Mainboard numbering is for distinguishing distinct device, being further ensured that the uniqueness and uniqueness of identification marking.
First ciphering unit 412, is encrypted using public key for equipment 41 to local information, and local information includes symmetrical
Key.
Specifically, symmetric key is equipment 41 generating, belong to the local information of equipment 41.Locally believed using public key encryption
Breath can improve the level of security of information, prevent man-in-the-middle attack and get symmetric key in a network.
First Transmit-Receive Unit 410, is additionally operable to equipment 41 and the local information after encryption is sent into server 42, for service
Device 42 obtains symmetric key according to the local information after the private key decryption encryption matched with public key.
First communication unit 413, is encrypted communication, until currently for equipment 41 using symmetric key and server 42
Encryption communication channel interrupt.
On the other hand, server 42 includes the second Transmit-Receive Unit 420, decryption unit 421, the second communication unit 422.
Wherein, the second Transmit-Receive Unit 420, for the communication connection request that receiving device 41 sends, and transmission public key
To equipment 41.
Specifically, the unsymmetrical key that prestored on server 42, i.e., including at least one set of public key and private key, using public key plus
Close data could only be decrypted when using corresponding private key.
Second Transmit-Receive Unit 420, is additionally operable to the encrypted local information of the transmission of receiving device 41.
Decryption unit 421, for server 42 according to the local information after the private key decryption encryption matched with public key come
Obtain symmetric key.
Second communication unit 422, is encrypted communication, until currently for server 42 using symmetric key and equipment 41
Encryption communication channel interrupt.
It should be noted that encryption communication passage represents the interface channel that can be encrypted communication.In some embodiments
In, the first communication unit 413 is additionally operable to equipment 41 and interrupts current encryption communication passage.Such as equipment 41 detects current letter
When breath has been transmitted, current encryption communication passage is interrupted.Or equipment 41 detects under attack, current encryption is interrupted
Communication channel.Or Preset Time is spaced, equipment 41 interrupts current encryption communication passage
Second communication unit 422, is additionally operable to server 42 and interrupts current encryption communication passage.For example server 42 is detected
When being transmitted to current information, current encryption communication passage is interrupted.Or server 42 detects under attack, interrupt
Current encryption communication passage.Or Preset Time is spaced, server 42 interrupts current encryption communication passage.
It should be appreciated that also leading to current encryption communication channel interrupt during Network Abnormal.
It should be noted that in other implementations, in order to improve security performance, preventing server with unauthorized equipment
Communicated, the local information in equipment 41 also includes device authentication code, server 42 also includes authenticating unit.
Wherein, decryption unit 421, it is local after being additionally operable to server 42 according to the private key decryption encryption matched with public key
Information come obtain device authentication code.
Authenticating unit, for server 42 according to device authentication code identification equipment 41 whether be authorisation device, if authorize
Equipment, the first communication unit 413 is encrypted communication using symmetric key and server 42 and the second communication unit 422 is used
Symmetric key is encrypted communication with equipment 41, until current encryption communication channel interrupt;If not authorisation device, first leads to
413 and second communication unit of news unit 422 interrupts communication connection.
Device authentication code for equipment unique mark, it including mainboard numbering, mac addresses, Internet of Things network interface card etc. or they
Any combination.Additionally, the data matched with the authentication code of authorisation device that prestored on server 42, if being deposited on server 42
Matched with device authentication code-phase in data, then it represents that server 42 is authorisation device;If not existing data and setting on server 42
Standby authentication code matches, then it represents that server 42 is not authorisation device.
Also, it should be noted that the security in order to further improve information transfer, prevents go-between's crack servers 42
The public key and private key at end, public key and private key in preferred server 42 are to carry out dynamic change according to time change, and then are improved
The security of information transfer.Therefore, updating block is also included on server 42, updating block is dynamic with the time for server 42
State updates public key and private key.In some feasible embodiments, above-mentioned time change is expressed as the reboot time of server 42, that is, take
Business device 42 will update public key and private key when restarting every time.In some feasible embodiments, above-mentioned time change is expressed as adding
Close communication channel break period, i.e. encryption communication passage will update public key and private key after interrupting every time, for communicating next time
Used during connection.
If the public key and private key on server 42 are with time dynamic, in certain embodiments, then server 42
On public key and private key be according to the current information of server 42 generate, such as current time;In further embodiments, then take
What public key and private key on business device 42 can also be randomly generated, every group of public key and private key have matched a random number, different groups
Public key it is different with the random number of private key.
Also, it should be noted that the security in order to further improve information transfer, prevents go-between in network transmission mistake
The public key that journey crack servers send, if having prestored some groups of public keys and private key on server 42, preferred server 42 also includes
Select unit and the second ciphering unit.
Select unit, one group of public key and private key are selected for server 42 from some groups of public keys and private key.
Second ciphering unit, encrypts remaining public key in some groups of public keys and private key for server 42 selected successively
Public key in one group of public key and private key.
Second Transmit-Receive Unit 420, is sent to equipment 41, so that equipment 41 is utilized for server 42 by encrypted public key
Encrypted public key encryption local information.
On the other hand, if having prestored some groups of public keys and private key on server, when preferably generating public key and private key, every group public
Key is different with the generating algorithm of private key, and then improves the security of public key and private key.
It should be noted that the step in present invention method can according to actual needs carry out order adjustment, close
And and delete.
Unit in the embodiment of the present invention can according to actual needs be merged, divides and deleted.
It is apparent to those skilled in the art that, for convenience of description and succinctly, foregoing description sets
The specific work process of standby, server, system and unit, may be referred to the corresponding process in preceding method embodiment, herein not
Repeat again.In several embodiments provided herein, it should be understood that disclosed equipment, server, system and side
Method, can realize by another way.For example, device embodiment described above is only schematical, for example, described
The division of unit, only a kind of division of logic function, can there is other dividing mode when actually realizing, for example several lists
Unit or component can be combined or be desirably integrated into another system, or some features can be ignored, or not performed.In addition, institute
Display or the coupling each other for discussing or direct-coupling or communication connection can be by some interfaces, device or unit
INDIRECT COUPLING or communication connection, or electricity, machinery or other forms connections.
In addition, during each functional unit in each embodiment of the invention can be integrated in a first processing units,
Can be that unit is individually physically present, or two or more units are integrated in a unit.Above-mentioned collection
Into unit can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.It is described integrated
If unit is to realize in the form of SFU software functional unit and as independent production marketing or when using, can store in a meter
In calculation machine read/write memory medium.Based on such understanding, technical scheme is substantially done to prior art in other words
Go out the part of contribution, or all or part of the technical scheme can be embodied in the form of software product, the computer
Software product is stored in a storage medium, including some instructions are used to so that a computer equipment (can be personal meter
Calculation machine, server, or network equipment etc.) perform all or part of step of each embodiment methods described of the invention.And it is preceding
The storage medium stated includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), random access memory
(RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
The above, is specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any ripe
Know those skilled in the art the invention discloses technical scope in, various equivalent modifications can be readily occurred in or replaced
Change, these modifications or replacement should all be included within the scope of the present invention.Therefore, protection scope of the present invention should be with right
It is required that protection domain be defined.
Claims (10)
1. a kind of method of data transfer, it is characterised in that including:
Equipment sends communication connection request to server, sends public after receiving the communication connection request for the server
To equipment, prestored key at least one set of public key and private key on the server;
If equipment receives the public key of server transmission, equipment generates symmetric key according to the current communication connection request,
Wherein, the different symmetric key of different communication connection request correspondences;
Public key is encrypted to local information described in equipment utilization, and the local information includes the symmetric key;
Equipment by encryption after the local information be sent to the server, for the server according to the public key phase
The private key of matching decrypts the local information after encryption to obtain the symmetric key;
Equipment is encrypted communication using the symmetric key with the server, until current encryption communication channel interrupt.
2. method according to claim 1, it is characterised in that the equipment is generated according to the current communication connection request
Symmetric key, including:
Equipment obtains the identification marking of the current communication connection request, and the identification marking is intended to indicate that the communication connects
Connect the unique mark of request;
Equipment generates the symmetric key according to the identification marking.
3. method according to claim 1, it is characterised in that if having prestored some groups of public keys and private on the server
Key, methods described also includes:
The server selects one group of public key and private key from some groups of public keys and private key;
The server by the remaining public key in some groups of public keys and private key encrypt successively selected one group of public key and
Public key in private key;
Encrypted public key is sent to equipment by the server, for sheet described in public key encryption encrypted described in equipment utilization
Ground information.
4. method according to claim 1, it is characterised in that the local information also includes device authentication code, the side
Method also includes:
The server sets described in being obtained according to the local information after the private key decryption encryption matched with the public key
Standby authentication code;
Whether the server is authorisation device according to the device authentication code identification equipment;
If authorisation device, the server and the equipment are encrypted communication again using the symmetric key respectively;
If not authorisation device, the server interruption communication connection.
5. method according to claim 1, it is characterised in that the public key and private key prestored on the server are according to the time
Change carries out dynamic change.
6. a kind of equipment, it is characterised in that the equipment includes:
First Transmit-Receive Unit, for sending communication connection request to server, connects so that the server receives the communication
Public key is sent to equipment after connecing request, and prestored at least one set of public key and private key on the server;
Generation unit, it is symmetrical according to current communication connection request generation if the public key for receiving server transmission
Key, wherein, the different symmetric key of different communication connection request correspondences;
First ciphering unit, for being encrypted to local information using the public key, the local information includes described symmetrical
Key;
First Transmit-Receive Unit, the local information after being additionally operable to encryption is sent to the server, for the server
The symmetric key is obtained according to the local information after the private key decryption encryption matched with the public key;
First communication unit, for being encrypted communication with the server using the symmetric key, until current encryption
Communication channel is interrupted.
7. equipment according to claim 6, it is characterised in that the generation unit includes:
Acquiring unit, the identification marking for obtaining the current communication connection request, the identification marking is intended to indicate that
The unique mark of the communication connection request;
Processing unit, for generating the symmetric key according to the identification marking.
8. a kind of system of data transfer, it is characterised in that server and equipment, the equipment includes the first Transmit-Receive Unit, life
Into unit, the first ciphering unit, the first Transmit-Receive Unit and the first communication unit;The server include the second Transmit-Receive Unit,
Decryption unit and the second communication unit,
First Transmit-Receive Unit, communication connection request is sent to server for equipment;
Second Transmit-Receive Unit, sends public key to equipment, the clothes after receiving the communication connection request for server
Prestored at least one set of public key and private key on business device;
Generation unit, if the public key for receiving server transmission, equipment is generated according to the current communication connection request
Symmetric key, wherein, the different symmetric key of different communication connection request correspondences;
First ciphering unit, is encrypted for public key described in equipment utilization to local information, and the local information includes described
Symmetric key;
First Transmit-Receive Unit, the local information after being additionally operable to equipment by encryption is sent to the server;
The decryption unit, it is described local after being encrypted according to the private key decryption matched with the public key for the server
Information obtains the symmetric key;
First communication unit, communication is encrypted for equipment using the symmetric key with the server, until current
Encryption communication channel interrupt;
Second communication unit, communication is encrypted for server using the symmetric key with the equipment, until working as
Preceding encryption communication channel interrupt.
9. system according to claim 8, it is characterised in that if having prestored some groups of public keys and private on the server
Key, the server includes select unit and the second ciphering unit:
The select unit, for selecting one group of public key and private key from some groups of public keys and private key;
Second ciphering unit, it is selected for the remaining public key in some groups of public keys and private key to be encrypted successively
Public key in one group of public key and private key.
Second Transmit-Receive Unit, for encrypted public key to be sent into equipment, for the public affairs being encrypted described in equipment utilization
Key encrypts the local information.
10. system according to claim 8, it is characterised in that described if the local information also includes device authentication code
Server also includes decryption unit and authenticating unit,
Decryption unit, described in being obtained according to the local information after the private key decryption encryption matched with the public key
Device authentication code;
Authenticating unit, for whether being authorisation device according to the device authentication code identification equipment;
If authorisation device, the second communication unit is encrypted communication, described first using the symmetric key and the equipment
Communication unit is encrypted communication using the symmetric key with the server;
If not authorisation device, first communication unit and second communication unit interrupt communication connection.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710023925.1A CN106790223B (en) | 2017-01-13 | 2017-01-13 | Data transmission method, equipment and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710023925.1A CN106790223B (en) | 2017-01-13 | 2017-01-13 | Data transmission method, equipment and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106790223A true CN106790223A (en) | 2017-05-31 |
| CN106790223B CN106790223B (en) | 2020-10-20 |
Family
ID=58948083
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710023925.1A Active CN106790223B (en) | 2017-01-13 | 2017-01-13 | Data transmission method, equipment and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106790223B (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108200019A (en) * | 2017-12-21 | 2018-06-22 | 广东汇泰龙科技有限公司 | A kind of safe and efficient app Encryption Algorithm based on cloud lock |
| CN108683627A (en) * | 2018-03-23 | 2018-10-19 | 深圳市超算科技开发有限公司 | Communication encrypting method and system between a kind of Internet of things node |
| CN108833452A (en) * | 2018-09-13 | 2018-11-16 | 国云科技股份有限公司 | A method of it is encrypted for front and back end mask data |
| CN109218266A (en) * | 2017-07-04 | 2019-01-15 | 百度在线网络技术(北京)有限公司 | Travelling data acquisition methods and device |
| CN109274488A (en) * | 2018-09-04 | 2019-01-25 | 广州众诺电子技术有限公司 | Integrated circuit burning program method, storage medium and system |
| CN110213041A (en) * | 2019-04-26 | 2019-09-06 | 五八有限公司 | Data ciphering method, decryption method, device, electronic equipment and storage medium |
| CN110677382A (en) * | 2019-08-20 | 2020-01-10 | 中国平安财产保险股份有限公司 | Data security processing method, device, computer system and storage medium |
| CN111343131A (en) * | 2018-12-19 | 2020-06-26 | 中国移动通信集团湖南有限公司 | Data transmission method and device |
| CN111641446A (en) * | 2020-04-21 | 2020-09-08 | 山东省科学院海洋仪器仪表研究所 | Iridium-based deep sea intelligent buoy data communication system and communication method |
| CN114189356A (en) * | 2021-11-12 | 2022-03-15 | 珠海大横琴科技发展有限公司 | Data transmission method and device |
| CN115225352A (en) * | 2022-06-30 | 2022-10-21 | 厦门职行力信息科技有限公司 | Hybrid encryption method and system |
| CN115967905A (en) * | 2021-10-12 | 2023-04-14 | 北京三快在线科技有限公司 | Data transmission system and method |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1567288A (en) * | 2003-09-02 | 2005-01-19 | 四川大学 | Method for multiple encryption of file and simultaneous sealing/unsealing |
| CN102394749A (en) * | 2011-09-26 | 2012-03-28 | 深圳市文鼎创数据科技有限公司 | Line protection method, system, information safety equipment and application equipment for data transmission |
| CN104023013A (en) * | 2014-05-30 | 2014-09-03 | 上海帝联信息科技股份有限公司 | Data transmission method, server side and client |
| WO2016116890A1 (en) * | 2015-01-22 | 2016-07-28 | Visa International Service Association | Method and system for establishing a secure communication tunnel |
| CN105959105A (en) * | 2016-04-25 | 2016-09-21 | 乐视控股(北京)有限公司 | Data transmission method and data transmission device |
| EP3082356A1 (en) * | 2015-04-17 | 2016-10-19 | Gemalto SA | Method to check and prove the authenticity of an ephemeral public key |
-
2017
- 2017-01-13 CN CN201710023925.1A patent/CN106790223B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1567288A (en) * | 2003-09-02 | 2005-01-19 | 四川大学 | Method for multiple encryption of file and simultaneous sealing/unsealing |
| CN102394749A (en) * | 2011-09-26 | 2012-03-28 | 深圳市文鼎创数据科技有限公司 | Line protection method, system, information safety equipment and application equipment for data transmission |
| CN104023013A (en) * | 2014-05-30 | 2014-09-03 | 上海帝联信息科技股份有限公司 | Data transmission method, server side and client |
| WO2016116890A1 (en) * | 2015-01-22 | 2016-07-28 | Visa International Service Association | Method and system for establishing a secure communication tunnel |
| EP3082356A1 (en) * | 2015-04-17 | 2016-10-19 | Gemalto SA | Method to check and prove the authenticity of an ephemeral public key |
| CN105959105A (en) * | 2016-04-25 | 2016-09-21 | 乐视控股(北京)有限公司 | Data transmission method and data transmission device |
Non-Patent Citations (1)
| Title |
|---|
| 周彦伟: ""可证安全的移动互联网可信匿名漫游协议"", 《计算机学报》 * |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109218266A (en) * | 2017-07-04 | 2019-01-15 | 百度在线网络技术(北京)有限公司 | Travelling data acquisition methods and device |
| CN109218266B (en) * | 2017-07-04 | 2021-07-30 | 百度在线网络技术(北京)有限公司 | Driving data acquisition method and device |
| CN108200019A (en) * | 2017-12-21 | 2018-06-22 | 广东汇泰龙科技有限公司 | A kind of safe and efficient app Encryption Algorithm based on cloud lock |
| CN108683627A (en) * | 2018-03-23 | 2018-10-19 | 深圳市超算科技开发有限公司 | Communication encrypting method and system between a kind of Internet of things node |
| CN109274488A (en) * | 2018-09-04 | 2019-01-25 | 广州众诺电子技术有限公司 | Integrated circuit burning program method, storage medium and system |
| CN108833452B (en) * | 2018-09-13 | 2021-01-19 | 国云科技股份有限公司 | Method for encrypting front-end and back-end separated data |
| CN108833452A (en) * | 2018-09-13 | 2018-11-16 | 国云科技股份有限公司 | A method of it is encrypted for front and back end mask data |
| CN111343131B (en) * | 2018-12-19 | 2022-06-14 | 中国移动通信集团湖南有限公司 | Data transmission method and device |
| CN111343131A (en) * | 2018-12-19 | 2020-06-26 | 中国移动通信集团湖南有限公司 | Data transmission method and device |
| CN110213041A (en) * | 2019-04-26 | 2019-09-06 | 五八有限公司 | Data ciphering method, decryption method, device, electronic equipment and storage medium |
| CN110677382A (en) * | 2019-08-20 | 2020-01-10 | 中国平安财产保险股份有限公司 | Data security processing method, device, computer system and storage medium |
| CN111641446A (en) * | 2020-04-21 | 2020-09-08 | 山东省科学院海洋仪器仪表研究所 | Iridium-based deep sea intelligent buoy data communication system and communication method |
| CN115967905A (en) * | 2021-10-12 | 2023-04-14 | 北京三快在线科技有限公司 | Data transmission system and method |
| CN114189356A (en) * | 2021-11-12 | 2022-03-15 | 珠海大横琴科技发展有限公司 | Data transmission method and device |
| CN115225352A (en) * | 2022-06-30 | 2022-10-21 | 厦门职行力信息科技有限公司 | Hybrid encryption method and system |
| CN115225352B (en) * | 2022-06-30 | 2024-04-23 | 厦门职行力信息科技有限公司 | Hybrid encryption method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106790223B (en) | 2020-10-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106790223A (en) | The method and apparatus and its system of a kind of data transfer | |
| CN103067401B (en) | Method and system for key protection | |
| US6920559B1 (en) | Using a key lease in a secondary authentication protocol after a primary authentication protocol has been performed | |
| CN101772024B (en) | User identification method, device and system | |
| CN102752115B (en) | Challenge code generating method and device, dynamic password authentication method and system | |
| CN106535184A (en) | Key management method and system | |
| CN108667791B (en) | Identity authentication method | |
| CN106571915A (en) | Terminal master key setting method and apparatus | |
| RU2573212C2 (en) | Method of accessing services, systems and devices based on wlan access authentication | |
| CN112565265B (en) | Authentication method, authentication system and communication method between terminal devices of Internet of things | |
| CN103067160A (en) | Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD) | |
| CN111259026B (en) | Block chain-based anti-counterfeiting method, system and storage medium | |
| CN108243176A (en) | Data transmission method and device | |
| CN108667784B (en) | System and method for protecting internet identity card verification information | |
| CN106899584A (en) | Management method and its device that a kind of hardware device is accessed | |
| CN112560015A (en) | Password updating method, device, equipment and storage medium of electronic equipment | |
| CN104539420A (en) | General intelligent hardware safe secret key management method | |
| CN104125239B (en) | A kind of method for network authorization transmitted based on data link encryption and system | |
| CN106657002A (en) | Novel crash-proof base correlation time multi-password identity authentication method | |
| CN108965279A (en) | Data processing method, device, terminal device and computer readable storage medium | |
| CN117118763B (en) | Method, device and system for data transmission | |
| CN110519222A (en) | Outer net access identity authentication method and system based on disposable asymmetric key pair and key card | |
| CN106790036A (en) | A kind of information tamper resistant method, device, server and terminal | |
| CN113992427A (en) | Data encryption sending method and device based on adjacent nodes | |
| CN111585998B (en) | Audit data secure transmission method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |