CN106921630A - Method for interchanging data and equipment - Google Patents
Method for interchanging data and equipment Download PDFInfo
- Publication number
- CN106921630A CN106921630A CN201510998005.2A CN201510998005A CN106921630A CN 106921630 A CN106921630 A CN 106921630A CN 201510998005 A CN201510998005 A CN 201510998005A CN 106921630 A CN106921630 A CN 106921630A
- Authority
- CN
- China
- Prior art keywords
- data
- recipient
- sender
- link passage
- secure link
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
Abstract
The present invention relates to field of data encryption, a kind of method for interchanging data and equipment are disclosed.Wherein, method includes:Exchange information is received from sender, the exchange information includes at least one of person:The address of sender, time, the address of recipient of request exchange data;According to the address of the recipient, send exchange data to the recipient and ask;In response to the response that the recipient is asked the exchange data, secure link passage is set up between described sender and the recipient;And sent to the recipient from described sender reception data and by received data by the secure link passage.By above-mentioned technical proposal, secure link passage is set up between sender and recipient and by the secure link passage by the data is activation from sender to recipient, ensure that the security of data is activation.
Description
Technical field
The present invention relates to field of data encryption, in particular it relates to a kind of method for interchanging data and equipment.
Background technology
During Information System configuration, the operation system of different departments is often using different technologies mark
Accurate, different soft and hard part platform is simultaneously developed by different software provider, and these systems are cannot be directly real
Now interconnect, and completely replace and be also to connect by the newly-built all operation systems of same software supplier
Receive.If using according to specific connection requirement, meeting particular problem, the mode for carrying out specific development is same
Sample can bring interface exploitation to be difficult to the burden born, and interface exploitation is yet considerably complicated, high cost
It is high.Therefore, in the urgent need to a middleware platform, unified mode can be used, is realized between each system not
Mutually changed with the picture of structure and the data of form, and each portion is coordinated according to the unified definition of service procedure
Data transfer and message communicating between door operation system.This connected mode realizes the seamless exchange of data
And share and access, it is ensured that effective collaboration of each operation system, while can guarantee that the phase of each application system again
Mutual independence and lower coupling, improve the efficiency and security of System Operation on the whole.
The appearance of the Web service technology based on expandable mark language XML can be existing various different
General, a technology layer that language unrelated unrelated with platform are constructed on the basis of structure platform.It is various not
With on platform application by this technology layer come realize it is mutual connection and it is integrated, change and open at present
Hair pattern and the expense and scale of application deployment, therefore XML language has become solution isomery number now
According to the transmission medium in switching plane.The safety problem of thing followed XML data treatment becomes to be worked as
One of bottleneck in preceding data exchange application.
Data interchange platform has many potential safety hazards in the process of running, and such as altered data and malice is repaiied
Change data, the XML data information that two switching computers of modification are transmitted by open network;Exchange
In sensitivity, confidential data by unauthorized entity intercept and capture etc..
Regarding to the issue above, good solution is there is no in the prior art.
The content of the invention
It is an object of the invention to provide a kind of method for interchanging data and equipment, the method for interchanging data and equipment
Ensure that safety of the data in the whole exchange process from sender to recipient.
To achieve these goals, the present invention provides a kind of method for interchanging data, and the method includes:From hair
The side of sending receives exchange information, and the exchange information includes at least one of person:The address of sender, please
Ask time, the address of recipient of exchange data;According to the address of the recipient, to the recipient
Send exchange data request;In response to the response that the recipient is asked the exchange data, described
Secure link passage is set up between sender and the recipient;And by the secure link passage from
Described sender receives data and sends to the recipient received data.
Further, after the secure link passage is set up, the method also includes:It is public and private by one group
The public key of cipher key pair is sent to described sender by the secure link passage;And the group is public and private
The private key of cipher key pair is sent to the recipient by the secure link passage.
Further, the step of receiving data from described sender by the secure link passage includes:
Received using the data of the public key encryption from described sender by the secure link passage.
Further, the public and private key includes SM2 or RSA to the algorithm of institute's foundation.
Further, the secure link passage is set up based on SSL ssl protocol.
Another aspect of the present invention, there is provided a kind of switch, the equipment includes:First connects
Receiving apparatus, for receiving exchange information from sender, the exchange information includes at least one of person:
The address of sender, time, the address of recipient of request exchange data;First dispensing device, is used for
According to the address of the recipient, send exchange data to the recipient and ask;Path Setup device,
For the response asked the exchange data in response to the recipient, in described sender and described connect
Secure link passage is set up between debit;And retransmission unit, for by the secure link passage from
Described sender receives data and sends to the recipient received data.
Further, the equipment also includes:Second dispensing device, for by one group of public and private key centering
Public key is sent to described sender by the secure link passage;And by this group of public and private key centering
Private key is sent to the recipient by the secure link passage.
Further, the retransmission unit, for being connect from described sender by the secure link passage
Receive using the data of the public key encryption.
Further, the public and private key includes SM2 or RSA to the algorithm of institute's foundation.
Further, the Path Setup device, connects for setting up the theft-resistant link chain based on ssl protocol
Road.
By above-mentioned technical proposal, secure link passage is set up between sender and recipient and by being somebody's turn to do
Data is activation from sender to recipient ensure that the safety of data is activation by secure link passage
Property.
Other features and advantages of the present invention will be described in detail in subsequent specific embodiment part.
Brief description of the drawings
Accompanying drawing is, for providing a further understanding of the present invention, and to constitute the part of specification, with
Following specific embodiment is used to explain the present invention together, but is not construed as limiting the invention.
In accompanying drawing:
Fig. 1 is the method for interchanging data flow chart that embodiment of the present invention is provided;
Fig. 2 is the method for interchanging data flow chart that example embodiment of the present invention is provided;
Fig. 3 is the method for interchanging data usage scenario figure that example embodiment of the present invention is provided;And
Fig. 4 is the switch composition schematic diagram that embodiment of the present invention is provided.
Specific embodiment
Specific embodiment of the invention is described in detail below in conjunction with accompanying drawing.It should be appreciated that
Specific embodiment described herein is merely to illustrate and explain the present invention, and is not limited to this hair
It is bright.
Fig. 1 is the method for interchanging data flow chart that embodiment of the present invention is provided.As shown in figure 1, this hair
Bright to provide a kind of method for interchanging data, the method may comprise steps of:
Step 101:Exchange information is received from sender, the exchange information includes at least one of person:
The address of sender, time, the address of recipient of request exchange data;
Step 102:According to the address of the recipient, send exchange data to the recipient and ask;
Step 103:In response to the response that the recipient is asked the exchange data, in the transmission
Secure link passage is set up between square and described recipient;And
Step 104:Data from described sender are received by the secure link passage and will be received
Data is activation is to the recipient.
By above-mentioned technical proposal, secure link passage is set up between sender and recipient and by being somebody's turn to do
Data is activation from sender to recipient ensure that the safety of data is activation by secure link passage
Property.
In embodiments, the parameter that exchange information includes can also include the number that sender will transmit
According to amount, data receiver can judge whether according to the data volume of the time of request exchange data and/or transmission
Response is carried out to exchange data request.If recipient has fed back the response to exchange data request, excellent
In the implementation method of choosing, after the secure link passage is set up, for example, being set up by ssl protocol
The secure link passage, the method can also include:By one group of public key of public and private key centering by described
Secure link passage is sent to described sender;And by this group of private key of public and private key centering by described
Secure link passage is sent to the recipient.By public and private key pair, the sender of data can utilize
Public key is encrypted to sent data, and then the recipient of data can utilize paired with the public key
The data of private key pair encryption are decrypted, to obtain initial data.In embodiments, public and private key pair
The algorithm of institute's foundation includes SM2 or RSA.
Wherein, SM2 algorithms are that national Password Management office is bent in the ellipse of the issue of on December 17th, 2010
Line public key algorithm.SM2 algorithms and RSA Algorithm are all public key algorithms, and SM2 algorithms are
A kind of safe algorithm more advanced than RSA.The particular content of SM2 algorithms is in December 17 in 2010
Day is announced by national commercial cipher management office in national Password Management office's bulletin (No. 21),
Will not be repeated here.
To being encrypted to sent data, can be further ensured that data are passed by using public and private key
The security sent, and data keep encrypted state in repeating process, just can be with only at recipient
It is decrypted, it is ensured that data are all safe during the entire process of transmission.
Principle of the invention is further illustrated below in conjunction with Fig. 2 and Fig. 3.Fig. 2 is example reality of the present invention
The method for interchanging data flow chart that the mode of applying is provided.Fig. 3 is the data that example embodiment of the present invention is provided
Exchange method usage scenario figure.Can be by following steps in implementation method as shown in Figures 2 and 3
Realize data exchange process:
Step 201:Data sender constructs exchange information.
Step 202:After being connected with switch (for example, data interchange platform) foundation,
Sender is sent infomational message is exchanged to data interchange platform, and the ground of sender is contained in message content
Location, time, the address of recipient of request exchange data.Wherein switch can include main frame
And encrypted card, wherein main frame can be used for perform data receiver send and link establishment.
Step 203:Recipient address information of the data interchange platform in the message for receiving, to reception
The request of Fang Faqi exchange datas, recipient will send response message after solicited message is received and be handed over to data
Change platform.
Step 204:The response message that data interchange platform feeds back according to recipient, judges whether to perform hair
The data exchange request of the side of sending, if not performing data exchange request, data interchange platform will be constructed and responded
Message feedback is to data sender;If performing data exchange request, data interchange platform will be sent out with data
The side of sending, recipient set up the secure link passage based on ssl protocol respectively, and platform will take from encrypted card
One group of public and private key pair is obtained, and public key binding response message is sent to data sender in the lump, will correspondence
Private key binds another group of response message and is sent to data receiver.Wherein, encrypted card can be used for storage public affairs
Private key pair, or for generating public and private key pair.
Step 205:Data sender is parsed after receiving the response message of switching plane.
Step 206:Whether the response message of parsing is judged wherein comprising key information, if not comprising close
Key, then according to the strategy of sender itself, timing or immediately continue with to data interchange platform send data hand over
Solicited message is changed, step 202 is gone to;If comprising key, going to step 207 carries out data pick-up.
Step 207:Data sender completes the extraction work of data according to the configuration relevant information of user.
Step 208:For the content for extracting, sender is by with the public affairs included in switching plane response message
Key is encrypted, and for the field information for extracting, does not encrypt;
Step 209:By extracting with after cryptographic operation, sender's construction sends message and sends to number data
According to switching plane.
Step 210:After data interchange platform receives the data of data sender, data receiver is parsed
Address, and by the cipher-text information of data sender send to correspondence recipient.
Step 211:Data receiver parses private key from the response message of data interchange platform, and with
The cipher-text information that this decryption is sended over from data interchange platform.
Step 212:The data that data receiver will decrypt write local data base.
Fig. 4 is the switch composition schematic diagram that embodiment of the present invention is provided.It is of the invention another
Individual aspect, there is provided a kind of switch (for example, data interchange platform) 400, the equipment can
To include:First receiving device 401, for receiving exchange information from sender, wraps in the exchange information
Include at least one of person:The address of sender, time, the address of recipient of request exchange data;
First dispensing device 402, for the address according to the recipient, sends to the recipient and exchanges number
According to request;Path Setup device 403, for what is asked the exchange data in response to the recipient
Response, sets up secure link passage between described sender and the recipient;And retransmission unit
404, for receiving data and by received data from described sender by the secure link passage
Send to the recipient.
In embodiments, the equipment can also include:Second dispensing device 405, for public by one group
The public key of private key centering is sent to described sender by the secure link passage;And the group is public
The private key of private key centering is sent to the recipient by the secure link passage.In implementation method
In, retransmission unit 404 can be also used for being received from described sender by the secure link passage and utilize
The data of the public key encryption.
The technical scheme provided by the present invention, data interchange platform is sent to the both sides of data exchange request
During public and private key pair, SSL escape ways are based on, it is ensured that the safety of key.The data of sender are bright
Text is before data interchange platform is sent to, it is necessary to be encrypted with the public key that platform is provided, platform is at this
Ground is not decrypted, but is directly forwarded to recipient, is locally being decrypted by recipient, really
It is all safe during the entire process of exchange to have protected data.The advantage of the method for interchanging data and platform is also
Have and a pair of secret keys is just produced from encrypted card by data interchange platform when each data exchange request occurs
It is right, can be destroyed in time when exchanging and completing, the security of data interchange platform has been effectively ensured.
The preferred embodiment of the present invention is described in detail above in association with accompanying drawing, but, the present invention is not limited
Detail in above-mentioned implementation method, in range of the technology design of the invention, can be to the present invention
Technical scheme carry out various simple variants, these simple variants belong to protection scope of the present invention.
It is further to note that each particular technique described in above-mentioned specific embodiment is special
Levy, in the case of reconcilable, can be combined by any suitable means.In order to avoid need not
The repetition wanted, the present invention is no longer separately illustrated to various possible combinations.
Additionally, can also be combined between a variety of implementation methods of the invention, as long as its
Without prejudice to thought of the invention, it should equally be considered as content disclosed in this invention.
Claims (10)
1. a kind of method for interchanging data, it is characterised in that the method includes:
Exchange information is received from sender, the exchange information includes at least one of person:Sender's
Address, time, the address of recipient of request exchange data;
According to the address of the recipient, send exchange data to the recipient and ask;
In response to the response that the recipient is asked the exchange data, in described sender and described connect
Secure link passage is set up between debit;And
Sent from described sender reception data and by received data by the secure link passage
To the recipient.
2. method for interchanging data according to claim 1, it is characterised in that setting up the peace
After full link passage, the method also includes:
One group of public key of public and private key centering is sent to described sender by the secure link passage;
And
This group of private key of public and private key centering is sent to the recipient by the secure link passage.
3. method for interchanging data according to claim 2, it is characterised in that by the safety
The step of link passage receives data from described sender includes:By the secure link passage from described
Sender is received using the data of the public key encryption.
4. the method for interchanging data according to any one of claim 1-3 claim, its feature
It is that the public and private key includes SM2 or RSA to the algorithm of institute's foundation.
5. method for interchanging data according to claim 4, it is characterised in that based on safe socket
Layer ssl protocol sets up the secure link passage.
6. a kind of switch, it is characterised in that the equipment includes:
First receiving device, for from sender receive exchange information, the exchange information include it is following extremely
Few one:The address of sender, time, the address of recipient of request exchange data;
First dispensing device, for the address according to the recipient, sends to the recipient and exchanges number
According to request;
Path Setup device, for the response asked the exchange data in response to the recipient,
Secure link passage is set up between described sender and the recipient;And
Retransmission unit, for receiving data from described sender by the secure link passage and will be connect
The data is activation of receipts is to the recipient.
7. switch according to claim 6, it is characterised in that the equipment also includes:
Second dispensing device, for by one group of public key of public and private key centering by the secure link passage
Send to described sender;And
This group of private key of public and private key centering is sent to the recipient by the secure link passage.
8. switch according to claim 7, it is characterised in that the retransmission unit,
For being received using the data of the public key encryption from described sender by the secure link passage.
9. the switch according to any one of claim 6-8 claim, its feature
It is that the public and private key includes SM2 or RSA to the algorithm of institute's foundation.
10. switch according to claim 9, it is characterised in that the Path Setup
Device, for setting up the secure link passage based on ssl protocol.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510998005.2A CN106921630A (en) | 2015-12-25 | 2015-12-25 | Method for interchanging data and equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510998005.2A CN106921630A (en) | 2015-12-25 | 2015-12-25 | Method for interchanging data and equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106921630A true CN106921630A (en) | 2017-07-04 |
Family
ID=59455109
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510998005.2A Pending CN106921630A (en) | 2015-12-25 | 2015-12-25 | Method for interchanging data and equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106921630A (en) |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101141616A (en) * | 2007-10-18 | 2008-03-12 | 华为技术有限公司 | Video session method and system, application server and media resource server |
CN101359998A (en) * | 2007-07-30 | 2009-02-04 | 大唐移动通信设备有限公司 | Network element route establishing method and apparatus |
CN101437036A (en) * | 2008-12-22 | 2009-05-20 | 北京中企开源信息技术有限公司 | Document transmission method and system capable of supporting NAT/firewall traversing |
CN101808361A (en) * | 2009-02-12 | 2010-08-18 | 中兴通讯股份有限公司 | Data transmission method |
CN101964802A (en) * | 2010-10-25 | 2011-02-02 | 西安西电捷通无线网络通信股份有限公司 | Centralized safety connection establishing system and method |
CN102315918A (en) * | 2010-07-06 | 2012-01-11 | 大唐移动通信设备有限公司 | Method and device for intercommunicating TCP (Transmission Control Protocol) connection with SCTP (Stream Control Transmission Protocol) connection |
CN103200170A (en) * | 2013-02-01 | 2013-07-10 | 宁波市胜源技术转移有限公司 | Data exchange method |
CN104168565A (en) * | 2014-08-13 | 2014-11-26 | 韩洪慧 | Method for controlling safe communication of intelligent terminal under undependable wireless network environment |
-
2015
- 2015-12-25 CN CN201510998005.2A patent/CN106921630A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101359998A (en) * | 2007-07-30 | 2009-02-04 | 大唐移动通信设备有限公司 | Network element route establishing method and apparatus |
CN101141616A (en) * | 2007-10-18 | 2008-03-12 | 华为技术有限公司 | Video session method and system, application server and media resource server |
CN101437036A (en) * | 2008-12-22 | 2009-05-20 | 北京中企开源信息技术有限公司 | Document transmission method and system capable of supporting NAT/firewall traversing |
CN101808361A (en) * | 2009-02-12 | 2010-08-18 | 中兴通讯股份有限公司 | Data transmission method |
CN102315918A (en) * | 2010-07-06 | 2012-01-11 | 大唐移动通信设备有限公司 | Method and device for intercommunicating TCP (Transmission Control Protocol) connection with SCTP (Stream Control Transmission Protocol) connection |
CN101964802A (en) * | 2010-10-25 | 2011-02-02 | 西安西电捷通无线网络通信股份有限公司 | Centralized safety connection establishing system and method |
CN103200170A (en) * | 2013-02-01 | 2013-07-10 | 宁波市胜源技术转移有限公司 | Data exchange method |
CN104168565A (en) * | 2014-08-13 | 2014-11-26 | 韩洪慧 | Method for controlling safe communication of intelligent terminal under undependable wireless network environment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6263437B1 (en) | Method and apparatus for conducting crypto-ignition processes between thin client devices and server devices over data networks | |
CN101667916B (en) | Method of identifying user identity by digital certificate based on separating mapping network | |
CN105915342A (en) | Application program communication processing system, an application program communication processing device, an application program communication processing apparatus and an application program communication processing method | |
CN108881224A (en) | A kind of encryption method and relevant apparatus of electrical power distribution automatization system | |
CN101335615B (en) | Method used in key consultation of USB KEY audio ciphering and deciphering device | |
CN106656510A (en) | Encryption key acquisition method and system | |
CN108400867A (en) | A kind of authentication method based on public encryption system | |
CN108173644A (en) | Data transfer encryption method, device, storage medium, equipment and server | |
CN106452739A (en) | Quantum network service station and quantum communication network | |
CN107516196A (en) | A kind of mobile-payment system and its method of mobile payment | |
CN108683501A (en) | Based on quantum communication network using timestamp as the multiple identity authorization system and method for random number | |
CN108566273A (en) | Identity authorization system based on quantum network | |
CN106411926A (en) | Data encryption communication method and system | |
US20110320359A1 (en) | secure communication method and device based on application layer for mobile financial service | |
CN104917807A (en) | Resource transfer method, apparatus and system | |
CN103974255B (en) | A kind of vehicle access system and method | |
CN104424446A (en) | Safety verification and transmission method and system | |
CN112491550B (en) | Mobile terminal equipment credibility authentication method and system based on Internet of vehicles | |
CN109257347A (en) | Communication means and relevant apparatus, storage medium suitable for data interaction between bank | |
CN103118363A (en) | Method, system, terminal device and platform device of secret information transmission | |
CN106911663A (en) | One kind sells bank's full message encryption system and method for mixed mode directly to households | |
CN108650028A (en) | Multiple identity authorization system and method based on quantum communication network and true random number | |
CN102088352B (en) | Data encryption transmission method and system for message-oriented middleware | |
CN108964895B (en) | User-to-User identity authentication system and method based on group key pool and improved Kerberos | |
CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170704 |