CN1151629C - High-security multi-class data transmission method - Google Patents

High-security multi-class data transmission method

Info

Publication number
CN1151629C
CN1151629C CNB011093080A CN01109308A CN1151629C CN 1151629 C CN1151629 C CN 1151629C CN B011093080 A CNB011093080 A CN B011093080A CN 01109308 A CN01109308 A CN 01109308A CN 1151629 C CN1151629 C CN 1151629C
Authority
CN
China
Prior art keywords
data
session key
encryption
aes
encryption type
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB011093080A
Other languages
Chinese (zh)
Other versions
CN1373585A (en
Inventor
龚智辉
陈朝光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SHENZHEN LIMING NETWORK SYSTEMS CO Ltd
Original Assignee
SHENZHEN LIMING NETWORK SYSTEMS CO Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHENZHEN LIMING NETWORK SYSTEMS CO Ltd filed Critical SHENZHEN LIMING NETWORK SYSTEMS CO Ltd
Priority to CNB011093080A priority Critical patent/CN1151629C/en
Publication of CN1373585A publication Critical patent/CN1373585A/en
Application granted granted Critical
Publication of CN1151629C publication Critical patent/CN1151629C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention relates to a high-security multi-class data transmission method. Business participants transmit a data packet. The business participants include an initiator for transmission business, a mediator and a recipient. The method comprises the following steps: the business data packet is divided into a plurality of data fields; an encryption algorithm which aims at the content of business and a session key are defined; an encryption algorithm which aims at the session key and a key are defined; an encryption type is set according to the access right of the participant; the content of each data field is encrypted by the initiator and is defined into a plurality of encryption data fields; the session key which processes the content of data is encrypted and defined into a plurality of encryption information fields; the encryption data fields and the encryption information fields form an encryption data packet, and the encryption data packet is transmitted.

Description

A kind of high-security multi-class data transmission method
The present invention relates to the method for the Security Data Transmission in a kind of computer network, specifically relate to a kind of method of utilizing the data field encryption technology to realize multistage interim data safe transmission.
In today that electronic data interchange develops rapidly, the operation flow of carrying out electronic data transfer by computer network become get over complicated, especially in information system and e-commerce transaction, often exist the professional participant of a plurality of service data transmissions, these professional participants generally include promoter, recipient and several data relays person of transfer of data, business datum a plurality of professional participants that then flow through, by these professional participants the business datum of transmission is processed, analyzed and transmits, arrive at last the destination, form the framework of promoter's---transfer mechanism---recipient's communication.
Yet, this promoter---transfer mechanism---recipient's transfer of data system has than the simple promoter---demand for security that recipient's trade system is more harsh, on the basis of satisfying recipient's security requirement, the transfer mechanism that also need guarantee to conclude the business can't know that this transfer mechanism does not have the important information of authority understanding.
At present, to the realization of this multi-service participant's business data transmission system security, way is the data transmission security that ensures between every couple of adjacent professional participant usually. Its implementation is: the business datum that professional participant spreads out of is transmitted through sending to communication line after the safe handling, locate reduction the next professional participant of arrival, constantly repeat above data transmission and processing mechanism, until information arrives the transaction recipient. In said method, transfer person can obtain total data information, and transfer person is except simple transmission of transaction data work, the safe handling work of the data of also participating in business, therefore not only the security of business datum is difficult to be guaranteed, when dispute occurring, transfer person also will bear certain legal liabilities. As seen, traditional data transmission method is not suitable for the requirement of high-security multi-class data transmission.
For the situation of above-mentioned prior art, the purpose of this invention is to provide a kind of method of more reliable, suitable multi-stage data safe transmission.
For achieving the above object, the technical solution used in the present invention is:
A kind of high-security multi-class data transmission method, wherein, whole transfer of data system is transmitted a plurality of professional packets that form by professional participant, and this business participant comprises the promoter of a data transmission service; At least one transfer of data transfer person; And a data recipient, the method is to comprise following processing:
H) will need the business data packet transmitted according to the different traffic performance of described business, different safety requirements and different business tines are divided into several data fields Di
I) definition is for AES and the session key of described business tine;
J) definition is for session key algorithm and the used key of this session key of encryption of described session key;
K) according to described professional participant's different access rights, multiple different encryption type C is setj, in order to described different data field is encrypted respectively processing, and corresponding to this each encryption type CjDefine respectively an encryption type identification number;
L) the professional promoter of described transfer of data is encrypted processing to the content of each data field respectively, is defined as several enciphered data territories Cj(D i);
M) the used session key of processing said data content is encrypted processing, is defined as some enciphered messages territory;
N) will send after described enciphered data territory and the described enciphered message territory composition encrypted packets.
High-security multi-class data transmission method of the present invention, wherein said steps d) encryption type identification number in respectively corresponding described each described unique AES and session key for described business tine, and the AES of described unique described session key and encrypt the used key of described session key.
High-security multi-class data transmission method of the present invention, wherein encrypting the used described key of described session key and be by authentication center is the public-key cryptography that the professional participant that has the right to decipher issues.
High-security multi-class data transmission method of the present invention is wherein encrypted the used described key of described session key and is the privacy key that described professional promoter and the professional transfer person who has the right to decipher decide through consultation in advance.
High-security multi-class data transmission method of the present invention, wherein step e) comprise following processing:
Ea) described transfer of data promoter is according to described some data fields safety requirements separately, from described encryption type CjCarry out encryption behind the described AES that middle selection is suitable and the described session key;
Eb) described AES is determined a unique AES sign;
Ec) content of the data field after the described encryption and the described encryption type identification number corresponding with described encryption type are formed some enciphered datas territory.
High-security multi-class data transmission method of the present invention, wherein step f) comprise following processing:
Fa) utilize AES and the used described key of described encrypted session key of described session key, the described session key that the processing said data content is used is encrypted processing;
Fb) described session key algorithm is determined unique AES sign;
Fc) session key after the method sign of described encryption type identification number, described data content, the described encryption and the used AES sign of described encrypted session key are formed the encryption type information field.
High-security multi-class data transmission method of the present invention, wherein said professional transfer person accepts by step g) the described encrypted packets that sends, and carry out following processing:
H) according to its described encryption type that has, from described encrypted packets, take out described enciphered data territory and the described encryption type information field with identification number corresponding with this encryption type;
I) described enciphered data territory is decrypted.
High-security multi-class data transmission method of the present invention, wherein step I) comprise following processing:
Ia) described AES sign corresponding described AES and the described encrypted session key used key used according to the described session key of encryption in the described encryption type information field, session key after the encryption in the described encryption type information field is decrypted, takes out the described session key that described data content is encrypted processing;
Ib) according to the described AES corresponding to described AES sign of the described data content in the described encryption type information field, utilize the described session key of this decrypted taking-up, described enciphered data territory is decrypted processing, take out described data field Di
Ic) transmit described whole encrypted packets.
High-security multi-class data transmission method of the present invention, wherein said transfer of data transfer person reformulates a new encrypted packets with the relevant described enciphered data territory in the described encrypted packets and described encryption type information field, and sends.
Data safe transmission method of the present invention, wherein said AES are the DEAs of the standard of symmetry algorithm or asymmetric arithmetic.
According to an aspect of the present invention, because the business datum that the present invention will need to transmit is divided into a plurality of data fields, simultaneously according to the different access rights of each professional participant multiple encryption type is set, and each encryption type comprises AES and session key, so that contain the data field that the different AESs of a plurality of employings are encrypted in the business data packet of transmission. Like this, in the transmittance process of a business data packet, its data content can offer different professional participants according to the difference of the encryption type that adopts. Therefore, for each professional participant, except allowing its data of checking, although participated in the transmission work of other data fields, but can't know the content of other data fields, so just realized that particular data can successfully be transferred to intended destination, and can in transmission course, do not had professional participant or the illegal wiretapping person of authority to know. So the method that the present invention adopts makes the multi-stage data transmission more safe and reliable, thereby be more suitable for the safe transmission in multi-stage data.
By the description to preferred embodiment of the present invention, will make technique scheme of the present invention and other advantage apparent below in conjunction with accompanying drawing.
Fig. 1 is the high-security multi-class data transmission topological diagram that the present invention adopts;
Fig. 2 is the schematic diagram of the high-security multi-class data transmission of employing of the present invention;
Fig. 3 is the data transmission relations schematic diagram of the first preferred embodiment of the present invention;
Fig. 4 is the data transmission relations schematic diagram of the second preferred embodiment of the present invention.
At first the technical solution used in the present invention and enforcement thereof are described with reference to the accompanying drawings 1. Among the figure, alphabetical A represents professional participant, and subscript represents with alphabetical k, and in order to distinguishing different professional participants, its total number represents with alphabetical l, wherein, and numeral 1 expression transfer of data promoter, and the alphabetical l recipient that represents to conclude the business; Letter C represents encryption type, and subscript represents that with alphabetical j in order to distinguish different encryption types, symbol IC represents target set under all encryption types, and symbol IC (Ak) indexed set of the encryption type known of the professional participant k of expression; Letter D representative data territory, data field refers to the data content of a certain particular community in the whole business data packet, and subscript represents with alphabetical i, in order to distinguish the different pieces of information territory in the whole packet, symbol ID represents target set under all data fields, and symbol ID (Ak) indexed set of the professional participant k of the expression data field of having the right to obtain; Symbol Cj(D i) expression encryption type CjTo data field DiEnciphered data territory after the encryption.
Suppose a total l professional participant in the transfer of data system that this many transfer of data transfer person participates in, comprising a transfer of data promoter, a l-2 transfer of data transfer person and a data recipient are arranged, professional participant is with AkExpression, k=1~l. These professional participants are in advance according to the safety requirements of concrete data in the body series, different professional participants has been set respectively authority to concrete data access, so that professional participant can be known the data content that it needs, to its data content of having no right to understand, this participant can't be known.
According to the above, the present invention processes in the specific implementation according to the following steps:
(1) at first in whole transfer of data system, the business data packet of needs transmission according to different traffic performances and different safety requirements, is divided into several data fields Di, i ∈ ID, each data field has different business tines.
(2) according to professional participant AkDifferent access rights arrange multiple different encryption type Cj, j ∈ IC in order to concrete data field is encrypted processing, and determines an encryption type identification number (Encryption-Type-Identifier) to each encryption type, each encryption type CjAES and the session key of corresponding unique data content, and unique session key algorithm and the used key of encrypted session key, wherein, the used key of encrypted session key is to be the public-key cryptography (public key) that the professional participant that has the right to decipher issues by the ca authentication center, or the privacy key (secret key) decided through consultation in advance of professional promoter and the professional participant who has the right to decipher. For the different access rights of each professional participant in the transfer of data system, make it know the encryption type C of appropriate sectionj,j∈IC(A k), in case certain professional participant AkKnow certain encryption type Cj, it can be to all with this encryption type CjThereby the data field of processing is decrypted the particular content of knowing this data field. Needs according to business datum, the different business participant can obtain some the common data territory in the business data packet, therefore they can know that in order to the encryption type to this this common data territory encryption, namely different participants can know encryption type of the same race.
(3) transfer of data promoter A1According to above-mentioned ready-portioned several data fields safety requirements separately, from encryption type CjSelect suitable AES and session key to each data field D in (j ∈ IC)iThe content of (i ∈ ID) is encrypted processing, and this AES determined unique AES sign (Content-Encryption-Algorithm-Identifier), the encryption type identification number (Encryption-Type-Identifier) that the data field content (Encrypted-Content) after the encryption is corresponding with used encryption type forms several enciphered data territories C againj(D i)。
(4) utilize the used key of session key algorithm and encrypted session key, the session key used to the deal with data content is encrypted processing, and the session key algorithm is determined unique AES sign (Key-Encryption-Algorithm-Identifier). Session key (Encrypted-Key) after the AES of encryption type identification number, data content sign, the encryption and the used AES sign of encrypted session key are formed the encryption type information field; The used key of encrypted session key that each encryption type information field is corresponding unique. Again with this encryption type information field and enciphered data territory Cj(D i) composition encrypted packets and transmission; For the data field that does not need encryption, can be used as the enciphered data territory of a kind of need after special encryption type encryption and treat.
(5) transfer of data transfer person Ak(k=2~l-2) receive encrypted packets, at first according to its encryption type C that hasj(j ∈ IC) takes out the data field C that all utilize its encryption type that has to process from encrypted packetsj(D i),i=1~n,j∈IC(A k) and the encryption type information field, namely from encrypted packets, take out enciphered data territory and the encryption type information field with this encryption type identification number; Then the enciphered data territory of taking out is decrypted processing, concrete processing procedure is as follows: AES corresponding to AES sign used according to the encrypted session key in the encryption type information field, and with this transfer of data transfer person AkOwned that issued by CA authentication center or with professional promoter A1The key that the encrypted session key of deciding through consultation in advance is used is decrypted the session key after the encryption in the encryption type information field, takes out the session key that the data content is encrypted processing; AES according to the data content in the encryption type information field identifies corresponding AES again, and the session key that takes out with deciphering is decrypted processing to the enciphered data territory, takes out this data field; Described transfer of data transfer person AkTake out after the required business datum, whole encrypted packets can be transmitted, perhaps according to the needs of business a new encrypted packets is reformulated in the relevant enciphered data territory in the described encrypted packets and encryption type information field, and transmitted to the professional participant of the next one.
(6) the final recipient of data receives packet, at first according to its encrypting set of types IC (A that has1), from encrypted packets, take out the enciphered data territory that all utilize its encryption type that has to process, and carry out the A with transfer of data transfer personkIdentical decryption work.
Schematic diagram with reference to data multilevel transmission shown in Figure 2 can find out that the promoter arranges D1~D pData field, wherein use algorithm C1~C qTo this data field D1~D pEncrypt, for example: data field D1And D4Use algorithm C1Encrypt data field D2Use algorithm C2Encrypt ..., and DpUse algorithm CqEncrypt, form whole packet Q, q<p then has some data field D herei, C for example3Deng, will become without encryption the public data territory. In the time of promoter's the transmission of data bag Q, Business Entity 1, i.e. transfer of data transfer person is owing to have AES C1And can obtain to use algorithm C1The data field D that encrypts1、D 4And public data territory D3, shown in the solid line arrow; Then, transfer person------Business Entity 1 continues transmission downwards with packet Q. In like manner, Business Entity 2, i.e. transfer of data transfer person, receiving can be according to its algorithm C that has behind the packet Q2The data field D that encrypts2And public data territory D3, shown in the solid line arrow, certainly, this Business Entity 2 also can reconfigure data; The rest may be inferred, last Business Entity q, i.e. and the final recipient of transfer of data is with the data D that obtains encrypting according to algorithm qqWith public data territory D3, referring to solid arrow.
Carry out in the data transmission procedure at the foundation said method, if the illegal wiretapping person on the network has intercepted and captured the packet that transmits in network, unless then they can know encryption type C in advancej, perhaps can crack this encryption type Cj, it can learn the data that this type of encryption type was processed. Certainly, the data of not encrypting are represented with a kind of special encryption type that then the attack tolerant of this encryption type is zero. So, as long as select suitable encryption type and the Protection of carrying out encryption type that illegal wiretapping person can't be known in advance, just can ensure the safety of data.
It is that above-mentioned encryption type identification number is used for identifying what adopt for which kind of encryption type; The AES of data content sign is any AES in order to indicate what encrypt that the notebook data content adopts, for example can be symmetry algorithm, also can be asymmetric arithmetic; The session key of encrypting comprise encryption in order to the session key to the data content-encrypt; Session key algorithm sign is encrypted the AES of processing to the reply session key; Comprise original data field particular content in the data content of encrypting.
Must be pointed out that for the concrete grammar that each data field is encrypted recited above, and enciphered message corresponding to encryption type is not limited to above-mentioned form.
Embodiment 1:
The below is with the example that is transmitted as of a business data packet of electronic business transaction transaction, and the invention will be further described. Utilize extending mark language (being called for short XML, i.e. eXtensible Markup Language) to come organising data in this example.
Whole trading environment is comprised of user, online electronic mall, three transaction participants of goods provider, and the user utilizes the electronic transaction prepaid card of buying at this goods provider place to pay the bill; After Transaction Success, goods provider provides goods to the user on time by its promise, and online electronic mall extracts a certain proportion of commission from turnover. The notebook data bag is sent by the user, processes and transfer through online electronic mall, submits to goods provider. In this example, above-mentioned three dealers are the transfer of data participant, and wherein, the user is the transfer of data promoter, and online electronic mall is transfer of data transfer person, and goods provider is the final recipients of data. Its data transmission relations as shown in Figure 3.
This transaction data package provides following information:
1) user informs the Description of Goods that goods provider oneself need to buy, quantity, and the turnover of calculating according to the price of goods, prepaid card card number, password;
2) online electronic mall also needs to know Description of Goods, quantity, and total turnover, Description of Goods and quantity offer the statistics of carrying out whole electronic mall and use; Total turnover is used for collecting the transaction commission to goods provider;
3) user's prepaid card card number, password can only be obtained by goods provider, and online electronic mall haves no right to know the particular content of card number and password as transfer mechanism.
The packet that makes up by the method for the invention is divided into enciphered data territory and two parts of encryption type information field, and its structure is as follows:
<?xml version=″1.0″encoding=″UTF-8″?>
<!DOCTYPE i-Switch SYSTEM″http:\\www.iSwitch.com\XML\dtd\stix.dtd″>
<iSwitch>
   <Message>/**/

      <Encrypt>/**/

        <Encryption Type>/*,*/

           /*,ID=1*/

             <EncryptedTypeIdentifier>1</EncryptedTypeIdentifier>

           /**/

            <ContentEncryptionAlgorithmIdentifier>IDEA</ContentEncryptionAlgorithmIdentifier>

           /**/

         <EncryptedKey>GHboBpWIAem8uIWCZi4=</EncryptedKey>

          /**/

       <KeyEncryptionAlgorithmIdentifier>RSA1024</KeyEncryptionAlgorithmIdentifier>

       </EncryptionType>

       <EncryptionType>

               /*,ID=2*/

               <EncryptedTypeIdentifier>2</EncryptedTypeIdentifier>

              /**/

               <ContentEncryptionAlgorithmIdentifier>IDEA</ContentEncryptionAlgorithmIdentifier>

             /**/

             <EncryptedKey>rDgMCHQUAMEYxDDA</EncryptedKey>

             /**/

             <KeyEncryptionAlgorithmIdentifier>RSA1024</KeyEncryptionAlgorithmIdentifier>

        </EncryptionType>

      </Encrypt>
				<!-- SIPO <DP n="11"> -->
				<dp n="d11"/>
    <Object>/**/

         /**/

         <PrepayCardID>/**/

               <EncryptionTypeIdentifier>1<EncryptionTypeIdentifier>

               /*,。*/

                <Value>CDKxKlpO</Value>

            </PrepayCardID>

            <PrepayCardPassword>   /**/

                 <EncryptionTypeIdentifier>1<EncryptionTypeIdentifier>

                 <Value>b2Z8+MwTmZgX12==</Value>

            </PrepayCardPassword>

            <ProductName>/**/

                <EncryptionTypeIdentifier>2<EncryptionTypeIdentifier>

                <Value>CDKxKlpO</Value>

            </PruductName>

            <PruductCount>/**/

                 <EncryptionTypeIdentifier>2<EncryptionTypeIdentifier>

                 <Value>d3E4wfht</Value>

            </ProductCount>

            <PruductSum>/**/

                 <EncryptionTypeIdentifier>2<EncryptionTypeIdentifier>

                 <Value>rk58EJ84RD3=</Value>

            </PruductSum>

       </Object>

    </Message>
</iSwitch>
In the present embodiment, the concrete data pin in the information content has adopted different safe handling modes to difference transaction participant's authority. For example, Description of Goods (ProductName), quantity (ProductCount), and turnover (ProductSum) is transfer person------the common care of online electronic mall and institute of recipient's------goods provider, wish again simultaneously to protect these information not known by bad attempt person, therefore the encipherment scheme that has adopted electronic mall and goods to provide the commercial city to decipher: random key is adopted in the encryption of data, the session key that the while random key has adopted electronic mall and goods to provide the commercial city to know comes encipherment protection, and the enciphered message block number (EncryptionType) of its use is 2; Prepaid card card number (PrepayCardID); password (PrepayCardPassword) has adopted only has the recipient, and-----session key that goods provider and promoter------user just knows carries out protected data, and the enciphered message block number (EncryptionType) of its use is 1. The account of prepaid card and password can only be known by goods provider like this, electronic mall and assailant all do not decipher the session key of these data, thereby have reached that electronic mall participates in the transfer of data of card number, password but the purpose of having no right to resolve its particular content.
Embodiment 2:
With the example that is transmitted as of a business data packet of securities trading, the present invention will be described again for the below. Utilize XML to come organising data in this example.
Whole trading environment is comprised of user, ecommerce comprehensive service platform, three transaction participants of securities dealer, the ecommerce comprehensive service platform realizes that the user is with various access waies such as phone, mobile phone, Web browsers etc. are enjoyed the service that the service provider that is connected with platform such as securities dealer, bank etc. provide. In this example, above-mentioned three dealers are the transfer of data participant, and wherein, the user is the transfer of data promoter, and the ecommerce comprehensive service platform is transfer of data transfer person, and the securities dealer is the final recipients of data. Its data transmission relations as shown in Figure 4.
This example is the business data packet that the user carries out stock exchange, and following information is provided:
1) user informs its user account number at platform of e-commerce platform, password;
2) user informs his shareholder's account number of securities dealer, shareholder's password;
3) user and securities dealer indicate the envelope place at packet;
The packet that makes up by the method for the invention is divided into enciphered data territory and two parts of encryption type information field, and its structure is as follows:
<?xml version=″1.0″encoding=″UTF-8″?>
<!DOCTYPE i-Switch SYSTEM″http:\\www.iSwitch.com\XML\dtd\stix.dtd″>
<iSwitch>
<Message>/**/

         <Encrypt>/**/

           <EncryptionType>

             /*,ID=1*/

               <EncryptedTypeIdentifier>1</EncryptedTypeIdentifier>

               /**/

               <KeyEncryptionAlgorithmIdentifier>>Data_Cipher_1</KeyEncryptionAlgorithmIdentifier>

               /**/

               <EncryptedKey>RIMgRmlsZSBFbmNy</EncryptedKey>

               /**/

               <KeyEncryptionAlgorithmIdentifier>Key_Cipher_1</KeyEncryptionAlgorithmIdentifier>

         </EncryptionType>

          <EncrypionType>

             /*,ID=2*/

              <EncryptedTypeIdentifier>2</EncryptedTypeIdentifier>

              /**/

              <KeyEncryptionAlgorithmIdentifier>Data_Cipher_2</KeyEncryptionAlgorithmIdentifier>

              /**/

              <EncryptedKey>bUKHXbbVseBXOFI=</EncryptedKey>

              /**/

              <KeyEncryptionAlgorithmIdentifier>Key_Cipher-2</KeyEncryptionAlgorithmIdentifier>

            </EncryptionType>

       </Encrypt>

       <Object>/**/

           <Platform>/**/

                <PlatformLogonID Encryption Type=1>CDKxKlpO</PlatformLogonID>

                /**/
                <PlatformLogonPassword Encryption Type=1>     /**/

                       b2Z8+MwTmZgX12=

                </PlatformLogonPassword>

           </Platform>
				<!-- SIPO <DP n="14"> -->
				<dp n="d14"/>
              <Service>/**/

                 <StockLogonID EncryptionType=2>CDKxKlpO</StockLogonID>/**/

                  <StockLogonPassword Encryption Type=2>/**/

                        *GTNWEDSmZgX

                    </StockLogonPassword>

              </Service>

          </Object>

     </Message>
</iSwitch>
In the present embodiment, the concrete data pin in the information content has adopted different safe handling modes to difference transaction participant's authority. For example: platform user account number and password are that e-commerce platform is concerned about, therefore the encipherment scheme that has adopted e-commerce platform to decipher: random key is adopted in the encryption of data, the session key that the while random key has adopted electronic mall and goods to provide the commercial city to know comes encipherment protection, and the enciphered message block number (EncryptionType) of its use is 1; Shareholder's account number (StockLogonID) and password (StockLogonPassword) are that the securities dealer is concerned about, therefore the encipherment scheme that has adopted the securities dealer to decipher: random key is adopted in the encryption of data, the session key that the while random key has adopted electronic mall and goods to provide the commercial city to know comes encipherment protection, and the enciphered message block number (EncryptionType) of its use is 2;
Carry out the data multilevel transmission by method of the present invention, reached the purpose that e-commerce platform and securities dealer enjoy alone its data and do not obtained by other transaction participants.
As seen, the data field of dividing of the present invention refers to describe in the business data packet data content of a professional specific object. The Description of Goods (ProductName) of for example carrying among the embodiment 1, quantity (ProductCount), and turnover (ProductSum) etc. all is the one by one data field in the packet.
Secondly, encryption type of the present invention is to have comprised to encrypt algorithm and key two parts of using. Algorithm can be the DEA of standard, such as DES, and IDEA, the asymmetric arithmetic such as the symmetry algorithm such as RC2 or RSA also can be covert algorithm; Key is to be the both parties that ensure information security or session key as offered and that have in many ways, or the digital certificates of being signed and issued by authenticating authority mechanism (CA center). In a word, because the fast development of ecommerce and the diversification of transfer of data more transfer mechanism will inevitably occur and participate in data transfer in transfer of data. The method of transfer of data of the present invention is in whole transfer of data system, and the data that needs are transmitted are divided into a plurality of data fields, and different data fields is processed according to the cipher mode that difference requires. Adopt this scheme, make and both contained the routing iinformation that each transfer mechanism can be read in the packet, the sensitive data that has again special recipient to decipher, processing in this way, can adopt simultaneously multiple safe practice, can correctly obtain this data with the transfer mechanism of guaranteeing the specify data transfer stage, although and other transfer mechanisms participate in the transmission of this packet, can't know to have no right the data field content explained in the packet. So method of the present invention has solved the data security of the electronic transaction that a plurality of participants exist and participant's mutual trust problem, simultaneously can be well just the Transaction Disputes of appearance carry out technically the division of responsibility.

Claims (10)

1, a kind of high-security multi-class data transmission method, wherein, whole transfer of data system is transmitted a plurality of professional packets that form by professional participant, and this business participant comprises the promoter of data transmission service; At least one transfer of data transfer person; And the data recipient, the method is characterized in that it comprises following processing:
A) will need the business data packet transmitted according to the different traffic performance of described business, different safety requirements and different business tines are divided into several data fields;
B) definition is for AES and the session key of described business tine;
C) definition is for session key algorithm and the used key of this session key of encryption of described session key;
D) according to described professional participant's different access rights, multiple different encryption type is set, in order to described different data field is encrypted respectively processing, and define respectively an encryption type identification number corresponding to this each encryption type;
E) the professional promoter of described transfer of data is encrypted processing to the content of each data field respectively, is defined as several enciphered data territories;
F) the used session key of processing said data content is encrypted processing, is defined as some enciphered messages territory;
G) will send after described enciphered data territory and the described enciphered message territory composition encrypted packets.
2, high-security multi-class data transmission method according to claim 1, it is characterized in that, described steps d) encryption type identification number in respectively corresponding described each described unique AES and session key for described business tine, and the AES of described unique described session key and encrypt the used key of described session key.
3, high-security multi-class data transmission method according to claim 2 is characterized in that, encrypting the used described key of described session key and be by authentication center is the public-key cryptography that the professional participant that has the right to decipher issues.
4, high-security multi-class data transmission method according to claim 2 is characterized in that, encrypts the used described key of described session key and be the privacy key that described professional promoter and the professional transfer person who has the right to decipher decide through consultation in advance.
5, high-security multi-class data transmission method according to claim 2 is characterized in that, step e) comprise following processing:
Ea) described transfer of data promoter selects to carry out encryption behind suitable described AES and the described session key from described encryption type according to described some data fields safety requirements separately;
Eb) described AES is determined a unique AES sign;
Ec) content of the data field after the described encryption and the described encryption type identification number corresponding with described encryption type are formed some enciphered datas territory.
6, high-security multi-class data transmission method according to claim 5 is characterized in that, step f) comprise following processing:
Fa) utilize AES and the used described key of described encrypted session key of described session key, the described session key that the processing said data content is used is encrypted processing;
Fb) described session key algorithm is determined unique AES sign;
Fc) session key after the AES sign of described encryption type identification number, described data content, the described encryption and the used AES sign of described encrypted session key are formed the encryption type information field.
7, high-security multi-class data transmission method according to claim 6 is characterized in that, described professional transfer person accepts by step g) the described encrypted packets that sends, and carry out following processing:
H) according to its described encryption type that has, from described encrypted packets, take out described enciphered data territory and the described encryption type information field with identification number corresponding with this encryption type;
I) described enciphered data territory is decrypted.
8, high-security multi-class data transmission method according to claim 7 is characterized in that, step I) comprise following processing:
Ia) described AES sign corresponding described AES and the described encrypted session key used key used according to the described session key of encryption in the described encryption type information field, session key after the encryption in the described encryption type information field is decrypted, takes out the described session key that described data content is encrypted processing;
Ib) according to the described AES corresponding to described AES sign of the described data content in the described encryption type information field, utilize the described session key of this decrypted taking-up, described enciphered data territory is decrypted processing, take out described data field;
Ic) transmit described whole encrypted packets.
9, high-security multi-class data transmission method according to claim 8, it is characterized in that, described transfer of data transfer person reformulates a new encrypted packets with the relevant described enciphered data territory in the described encrypted packets and described encryption type information field, and sends.
10, data safe transmission method according to claim 1 is characterized in that, described AES is the DEA of the standard of symmetry algorithm or asymmetric arithmetic.
CNB011093080A 2001-02-28 2001-02-28 High-security multi-class data transmission method Expired - Fee Related CN1151629C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB011093080A CN1151629C (en) 2001-02-28 2001-02-28 High-security multi-class data transmission method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB011093080A CN1151629C (en) 2001-02-28 2001-02-28 High-security multi-class data transmission method

Publications (2)

Publication Number Publication Date
CN1373585A CN1373585A (en) 2002-10-09
CN1151629C true CN1151629C (en) 2004-05-26

Family

ID=4657853

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB011093080A Expired - Fee Related CN1151629C (en) 2001-02-28 2001-02-28 High-security multi-class data transmission method

Country Status (1)

Country Link
CN (1) CN1151629C (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007016867A1 (en) * 2005-08-11 2007-02-15 Beijing Watch Data System Co., Ltd. A method of physical authentication and a digital device
CN102223229A (en) * 2011-06-21 2011-10-19 航天科工深圳(集团)有限公司 Method for safe transmission of data in public network
CN109328348B (en) * 2016-09-30 2023-03-03 华为技术有限公司 Service authentication method, system and related equipment
WO2018214061A1 (en) * 2017-05-24 2018-11-29 深圳市乃斯网络科技有限公司 Terminal-based network link encryption method and system

Also Published As

Publication number Publication date
CN1373585A (en) 2002-10-09

Similar Documents

Publication Publication Date Title
KR101964254B1 (en) Person to person trading method and apparatus by using blockchain and distributed hash table
US20190297062A1 (en) Precomputed and transactional mixing
US7209560B1 (en) Data communications
CN1218261C (en) Electronic transaction
CN101662469B (en) Method and system based on USBKey online banking trade information authentication
US7254232B2 (en) Method and system for selecting encryption keys from a plurality of encryption keys
US20080101598A1 (en) Separating Control and Data Operations to Support Secured Data Transfers
WO2019227225A1 (en) Systems and methods for establishing communications via blockchain
CN1906886A (en) Establishing a secure context for communicating messages between computer systems
NZ323140A (en) Unified end-to-end security methods and systems for operating on insecure networks
CN1453718A (en) Method for discriminating invited latent member to take part in group
CN114448730B (en) Packet forwarding method and device based on block chain network and transaction processing method
CN113691512B (en) Data hiding transmission system and method combining block chain and onion network
CN102088352B (en) Data encryption transmission method and system for message-oriented middleware
WO2001099387A2 (en) Multi-session secured digital transmission process
CN1151629C (en) High-security multi-class data transmission method
WO2009018510A1 (en) Systems and methods for implementing a mutating internet protocol security
CN1615036A (en) Electronic paymenting service system and realizing method based on fixed telephone net short message
CN110996132A (en) Video image splitting, encrypting and transmitting method, device and system
Curry An Introduction to Cryptography and Digital Signatures
Nosrati et al. Security assessment of mobile-banking
CN1829134A (en) Method and system for providing for security in communication
CN112384939B (en) Computer-implemented system and method for out-of-chain exchange of distributed ledger-related transactions
US7542570B2 (en) Information encryption transmission/reception method
CN107169912A (en) A kind of improved method of Image Chaos encryption technology

Legal Events

Date Code Title Description
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C19 Lapse of patent right due to non-payment of the annual fee
CF01 Termination of patent right due to non-payment of annual fee