CN101247232B - Encryption technique method based on digital signature in data communication transmission - Google Patents
Encryption technique method based on digital signature in data communication transmission Download PDFInfo
- Publication number
- CN101247232B CN101247232B CN200810035274A CN200810035274A CN101247232B CN 101247232 B CN101247232 B CN 101247232B CN 200810035274 A CN200810035274 A CN 200810035274A CN 200810035274 A CN200810035274 A CN 200810035274A CN 101247232 B CN101247232 B CN 101247232B
- Authority
- CN
- China
- Prior art keywords
- module
- file
- agent side
- data
- certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
An electric products service method relating to information technology region, is particularly for implementing encryption techniques of digital signing in data interchange transmission process between different structure systems, and is mainly applied to encryption techniques method of digital signing in data interchange transmission of network service. The method access agreement SOAP processing network service filtering and data interchange to obtain message level safe between end to end by network service using simple object; digital signing and ciphering work are executed for expandable making language XML to implementing data safety by data ciphering, digital certificate and safe network service in data sharing exchange process; is mainly used for resolving relative technical problems such as confidentiality, integrality and consistency in information transfer process. Active effect of the present invention is: adopting encryption techniques based on digital signing can secure confidentiality, integrality and consistency in the process of information transfer; having advantages such as convenient use, improving service quality.
Description
Technical field
The present invention relates to a kind of electronic product method of servicing of areas of information technology.Especially be intended between the heterogeneous system in the exchanges data transmission course realization based on the encryption technology of digital signature; Be mainly used in the network service; Use simple object access protocol SOAP (SIMPLE OBJECTACCESS PROTOCOL) when carrying out exchanges data; Expandable mark language XML (EXTENSIBLE MARKUP LANGUAGE) is expressly to encode under default situations; Information confidentiality in transmission course is on the hazard, therefore takes encryption technology, can guarantee confidentiality in the information exchanging process, integrality and consistency based on digital signature.
Background technology
The network service of safety is the successful necessary guarantee of network service.But well-knownly be; Simple object access protocol SOAP (SIMPLE OBJECT ACCESSPROTOCOL) is used in the network service; (EXTENSIBLE MARKUP LANGUAGE) carries out exchanges data based on expandable mark language XML, and XML expressly encodes; Simultaneously, most of network service uses host-host protocol HTTP (HYPERTEXT TRANSPORT PROTOCOL) agreement as host-host protocol, and is same, and host-host protocol HTTP also is to use clear-text way to transmit data.The confidentiality of message transmission is on the hazard, can not satisfies the fail safe basic demand:
The confidentiality is guaranteed the confidentiality of data.Typically use and encrypt to realize, use AES to convert plaintext into ciphertext, and use corresponding decipherment algorithm that ciphertext is changed back plaintext.
The data integrity guarantees that data avoid unexpected or intentional distorting of (malice).Integrality is normally provided by Message Authentication Code or cryptographic hash.
The authentication, the source of specified data.Digital certificate is used to provide authentication.Digital signature is applied to cryptographic hash usually, because these values are much littler than the source data of their representatives.
IBM, Microsoft and Verisign united and issued a standard about network service safe property network service (WS-Security) in December, 2002; How this specification description provides a cover network developer of services protect the mechanism of simple object access protocol soap message exchange to simple object access protocol SOAP (SIMPLE OBJECT ACCESS PROTOCOL) message attaching signature and encryption header.
Two types of different encrypted technology are arranged at present:
One type is symmetric cryptography, and both sides have cipher key shared, only under both sides know the situation of key, could use, and among the environment that is applied to usually isolate, if number of users is many, this mechanism is also unreliable.Algorithm commonly used: DES Cipher (DATA ENCRYPTIONSTANDARD), TripleDES (triple des), Rijndael, RC2 etc.
Another kind of is asymmetric encryption, is also referred to as public key encryption PKI (Public KeyInfrastructure), and the key that key is made up of public-key cryptography/private cipher key is right; Encrypt with private cipher key, utilize public-key cryptography to decipher, but because public-key cryptography can't be extrapolated private cipher key; So disclosed key can't damage the safety of private cipher key; Public-key cryptography need not be maintained secrecy, and can openly propagate, and private cipher key must be maintained secrecy.Algorithms most in use: Digital Signature Algorithm DSA (Digital Signature Algorithm), RSA etc.
Digital signature is a kind of emerging safe practice that is used for the guarantee information integrality, and the safety of its guarantee information is inviolable, and can solve problems such as denying, forge, distort and pretend to be.Its actual required information transmitted of private cipher key conversion of having used information transmitter.Algorithms most in use: Hash Hash, DSS, RSA etc.
Usually public key information, user profile all are to be kept in the digital certificate.Digital certificate is one section data that comprise subscriber identity information, client public key information and authentication mechanism digital signature.The digital signature of authentication mechanism can be guaranteed the authenticity of certificate information, and client public key information can guarantee the integrality of digital information transmission, and user's digital signature can guarantee the non-repudiation of digital information.X.509V3 many network securitys are widely being accepted and be applied to standard aspect the layout public key cryptography form.
Because China's information technology is flourish in recent years; Data integration requires increasingly high between the isomerized sub-system; Therefore when exchanges data is shared, how to ensure confidentiality, integrality, fail safe and the consistency of data content, just become the problem that to think deeply.
Summary of the invention
In order to overcome above-mentioned weak point, main purpose of the present invention aims to provide and a kind ofly can in data exchange process, realize the encryption technology based on digital signature according to the standard of international network service safe property; Use simple object access protocol SOAP to carry out network service filtration and exchanges data through the network service; Through secure network service in data encryption, digital certificate and the data sharing exchange process; Adopt the trust service integration tool case of the Verisign host-host protocol HTTP of company, support to accomplish in the exchanges data transmission of digital signature, checking, encrypt and decrypt work of simple object access protocol SOAP bag encryption technique method based on digital signature.
Internet security service request when another purpose of the present invention is intended to use data encryption and digital certificate to satisfy the data sharing exchange; When using the digital certificate method, network service request person must have a digital certificate by the signature of authentic authentication center; The requestor uses this certificate to show their identity, and simple object access protocol SOAP (SIMPLE OBJECT ACCESSPROTOCOL) message is carried out digital signature; After method, system received message, just can do time stamp and carry out log record, checking message.Proof procedure will be guaranteed message from transmit leg, and will verify that message content is not distorted in transmission course.
After being signed, information encrypts again, then propagating on the information network after encrypting, like this, even the transmission information after the third party obtains to encrypt can not be deciphered.
The technical problem that the present invention will solve is: mainly solve between heterogeneous system in the exchanges data transmission course, how to guarantee confidentiality in the information exchanging process, integrality and consistency problem; Solve and how to obtain message-level safety problem end to end through the network service; Solve relevant technologies problems such as digital signature how to accomplish simple object access protocol SOAP bag, checking, encrypt and decrypt work.
The technical solution adopted for the present invention to solve the technical problems is: this method runs on exchanges data transmission course between the heterogeneous system; Use simple object access protocol SOAP to carry out network service filtration and exchanges data through the network service, obtain message-level safety end to end; Through secure network service in data encryption, digital certificate and the data sharing exchange process, expandable mark language XML is carried out digital signature and encrypted work, realize safety of data; Adopt the trust service integration tool case of the Verisign host-host protocol HTTP of company, support to accomplish digital signature, checking, the encrypt and decrypt work of simple object access protocol SOAP bag; The workflow of secure network service in this data sharing exchange process specifically may further comprise the steps:
Step 1: write the certificate script
With the use standard of the trust service integration tool case of Verisign company, write data certificate generation script, for writing the certificate script module;
Step 2: carry out script
Execute write the certificate script module after, the output signal of writing the certificate script module is delivered to the execution script module;
Step 3: Generate Certificate
After executing the execution script module, the output signal of carrying out script module is delivered to the module that Generates Certificate; Generate four files through the digital certificate script: server end file: bms.keystore; Agent side file: bmc.keystore; Server trust file: bms.truststore and agent side are trusted file: bmc.truststore;
Step 4: client deployment agent side file and server end are trusted file
After executing the module that Generates Certificate; The output signal of the module that Generates Certificate is divided into two-way; One the tunnel is delivered to client deployment agent side file and server end trust file module, is that networking client is disposed agent side file bmc.keystore and two files of server trust file bms.truststore;
Step 5: service end deployment services end file and agent side are trusted file
After executing the module that Generates Certificate; Another road of the output signal of the module that Generates Certificate is delivered to service end deployment services end file and agent side is trusted file module, is service end deployment server end file bms.keystore and two files of agent side trust file bmc.truststore;
Step 6: use the agent side file to obtain digital signature
Execute after client deployment agent side file and server end trust file module, then get into and use the agent side file to obtain the digital signature module, during the client call interface with the private key digital signature of agent side file bmc.keystore;
Step 7: use server end to trust file and encrypt
Execute use the agent side file to obtain the digital signature module after; Then get into and use server end trust file to carry out encrypting module, the output signal that uses server end trust file to carry out encrypting module is delivered to service end deployment services end file and agent side is trusted file module; PKI with server trust file bms.truststore is done encryption to simple object access protocol SOAP bag;
Step 8: use agent side to trust file decryption
After executing service end deployment services end file and agent side trust file module, then get into and use agent side to trust the file decryption module, the private key with agent side file bmc.keystore during processing response is done deciphering to simple object access protocol SOAP bag;
Step 9: use the service end file to carry out digital signature authentication
After executing use agent side trust file decryption module, then get into and use the service end file to carry out the digital signature authentication module, with the public key verifications digital signature of server trust file bms.truststore.
In the transmission of described exchanges data based on the digital signature of the encryption technique method of digital signature and encrypted work for to expand internet system AXIS based on Apache; Through the transmission between client and the service end A with finish receiving; The electrical connection of wrapping module and host-host protocol HTTP for encryption SOAP between client and the service end A, wherein:
Client comprises: use digital certificate to carry out signature blocks, soap message is carried out encrypting module and encryption function module to soap message, the output signal that uses digital certificate to carry out signature blocks to soap message is delivered to soap message is carried out encryption module input end; The output signal of encryption function module is delivered to soap message is carried out encryption module input end;
Service end A comprises: digital certificate is carried out authentication module, soap message is carried out deciphering module and deciphering function module, the output signal that digital certificate is carried out authentication module is delivered to the input that soap message is carried out deciphering module; The output signal of decryption function module is delivered to the input that soap message is carried out deciphering module; This digital signature and encrypted work may further comprise the steps:
Step 1: client
Simple object access protocol SOAP information is encrypted through signature function in client;
Step 2: ciphering process
During encryption, at first obtain privately owned key and related credentials, then simple object access protocol soap message is signed, the file after will signing at last sends to service end through the host-host protocol http protocol;
Step 3: service end A
The simple object access protocol soap message that service end A has signed through the data verification function validates;
Step 4: decrypting process
Decipher document according to privately owned key and related credentials the checking back.
Filter based on the network service of the encryption technique method of digital signature in the transmission of described exchanges data and comprise: agent side and service end B, the electrical connection completion through request and response signal between agent side and the service end B, wherein:
Agent side comprises: digital certificate authentication, digital certificate mandate, content-encrypt and logger module are parallel electrical connection between each module;
Service end B comprises: digital certificate checking, contents decryption and network service cache module are parallel electrical connection between each module; This network service filtration work may further comprise the steps:
A), client is carried out authentication, mandate;
B), user's visit writing system daily record;
C), the simple object access protocol soap message of request is encrypted deciphering;
D), do buffer memory for the network service object.
Based on the device of the encryption technology of digital signature, this device has operation system, central database and Service Database, also comprises: operation system A, data center and operation system B in the transmission of a kind of exchanges data; Be electrically connected each other between the Shared Folders B among Shared Folders A among the operation system A and the operation system B; Be electrically connected each other between the data switching center in agent data A among the operation system A and the data center; Be electrically connected each other between the agent data B among data switching center in the data center and the operation system B; Wherein:
Shared Folders A, agent data A and Service Database A successively have been linked in sequence among the operation system A; Be each other to be electrically connected between Shared Folders A, agent data A and the Service Database A, be electrically connected each other between Shared Folders A and the Shared Folders B;
Central database and data switching center successively have been linked in sequence in the data center; Be electrically connected each other between central database and the data switching center;
Shared Folders B, agent data B and Service Database B successively have been linked in sequence among the operation system B; Be each other to be electrically connected between Shared Folders B, agent data B and the Service Database B, be electrically connected each other between agent data B and the data switching center.
The invention has the beneficial effects as follows: this method provide a kind of in the process of data sharing exchange the secure network service implementing, make application program can make up safe simple object access protocol soap message exchange, obtain message-level safety end to end; Expandable mark language XML signature be used for the authentication sender identity, guarantee the integrality of simple object access protocol soap message, and expandable mark language XML encrypted improved safety of data; Take encryption technology, can guarantee confidentiality in the information exchanging process, integrality and consistency based on digital signature; Have and made things convenient for the user, promoted advantages such as service quality.
Description of drawings
Below in conjunction with accompanying drawing and embodiment the present invention is further specified.
Accompanying drawing 1 is hardware environment structure block diagram of the present invention;
Accompanying drawing 2 is total work schematic flow sheet of secure network service in the data sharing exchange process of the present invention;
Accompanying drawing 3 is digital signature of the present invention and encrypted work schematic flow sheet;
Accompanying drawing 4 is a network service filtering process sketch map of the present invention;
Accompanying drawing 5 is the functions of application system schematic flow sheet of one of embodiment of the invention;
Label declaration in the accompanying drawing:
1-writes the certificate script;
2-carries out script;
3-Generates Certificate;
4-client deployment agent side file and server end are trusted file;
5-service end deployment services end file and agent side are trusted file;
6-uses the agent side file to obtain digital signature;
7-uses server end to trust file and encrypts;
8-uses agent side to trust file decryption;
9-uses the service end file to carry out digital signature authentication;
10-Service Database B;
11-operation system A;
12-Shared Folders A;
13-Service Database A;
14-agent data A;
15-data center;
The 16-central database;
17-data switching center;
18-operation system B;
19-Shared Folders B;
20-agent data B;
The 21-client;
22-service end A;
23-encrypts the SOAP bag;
24-host-host protocol HTTP;
25-uses digital certificate to sign to soap message;
26-encrypts soap message;
The 27-encryption function;
28-verifies digital certificate;
29-deciphers soap message;
The 30-decryption function; 51-transmit leg A packing data;
The 31-agent side; The 52-digital signature is also encrypted;
32-service end B; 53-sends the result to middle database;
The 33-request; 54-middle database C checking is also preserved data;
The 34-response; 55-returns historical record to transmit leg;
The 35-digital certificate authentication; 56-recipient B obtains XML from middle database;
The mandate of 36-digital certificate; 57-deciphers XML, the checking digital certificate;
The 37-content-encrypt; 58-is to the middle database dataset;
The 38-log record; 59-analyzing XML warehouse-in;
The checking of 39-digital certificate; 60-returns historical record to the recipient.
The 40-contents decryption;
41-network service buffer memory;
Embodiment
See also accompanying drawing 1,2,3, shown in 4, this method runs on exchanges data transmission course between the heterogeneous system, uses simple object access protocol SOAP to carry out network service filtration and exchanges data through the network service, obtains message-level safety end to end; Through secure network service in data encryption, digital certificate and the data sharing exchange process, expandable mark language XML is carried out digital signature and encrypted work, realize safety of data; Adopt the trust service integration tool case of the Verisign host-host protocol HTTP of company, support to accomplish digital signature, checking, the encrypt and decrypt work of simple object access protocol SOAP bag; The workflow of secure network service in this data sharing exchange process specifically may further comprise the steps:
Step 1: write certificate script 1
With the use standard of the trust service integration tool case of Verisign company, write data certificate generation script, for writing certificate script 1 module;
Step 2: carry out script 2
Execute write certificate script 1 module after, the output signal of writing certificate script 1 module is delivered to carries out script 2 modules;
Step 3: Generate Certificate 3
After executing execution script 2 modules, the output signal of carrying out script 2 modules is delivered to 3 modules that Generate Certificate; Generate four files through the digital certificate script: server end file: bms.keystore; Agent side file: bmc.keystore; Server trust file: bms.truststore and agent side are trusted file: bmc.truststore;
Step 4: client deployment agent side file and server end are trusted file 4
After executing 3 modules that Generate Certificate; The output signal of 3 modules that Generate Certificate is divided into two-way; One the tunnel is delivered to client deployment agent side file and server end trust file 4 modules, is that networking client is disposed agent side file bmc.keystore and two files of server trust file bms.truststore;
Step 5: service end deployment services end file and agent side are trusted file 5
After executing 3 modules that Generate Certificate; Another road of the output signal of 3 modules that Generate Certificate is delivered to service end deployment services end file and agent side is trusted file 5 modules, is service end deployment server end file bms.keystore and two files of agent side trust file bmc.truststore;
Step 6: use the agent side file to obtain digital signature 6
Execute after client deployment agent side file and server end trust file 4 modules, then get into and use the agent side file to obtain digital signature 6 modules, during the client call interface with the private key digital signature of agent side file bmc.keystore;
Step 7: use server end to trust file and encrypt 7
Execute use the agent side file to obtain digital signature 6 modules after; Then get into and use server end trust file to encrypt 7 modules, the output signal that uses server end trust file to encrypt 7 modules is delivered to service end deployment services end file and agent side is trusted file 5 modules; PKI with server trust file bms.truststore is done encryption to simple object access protocol SOAP bag;
Step 8: use agent side to trust file decryption 8
After executing service end deployment services end file and agent side trust file 5 modules, then get into and use agent side to trust file decryption 8 modules, the private key with agent side file bmc.keystore during processing response is done deciphering to simple object access protocol SOAP bag;
Step 9: use the service end file to carry out digital signature authentication 9
After executing use agent side trust file decryption 8 modules, then get into and use the service end file to carry out digital signature authentication 9 modules, with the public key verifications digital signature of server trust file bms.truststore.
See also shown in the accompanying drawing 3; In the transmission of described exchanges data based on the digital signature of the encryption technique method of digital signature and encrypted work for to expand internet system AXIS based on Apache; Through the transmission between client 21 and the service end A 22 with finish receiving; The electrical connection of wrapping 23 modules and host-host protocol HTTP 24 for encryption SOAP between client 21 and the service end A 22, wherein:
Client 21 comprises: to soap message use digital certificate sign 25 modules, soap message is encrypted 26 modules and encryption function 27 modules, use the sign output signal of 25 modules of digital certificate to be delivered to the input of soap message being encrypted 26 modules to soap message; The output signal of encryption function 27 modules is delivered to the input of soap message being encrypted 26 modules;
Service end A 22 comprises: digital certificate is verified 28 modules, soap message is deciphered 29 modules and decryption function 30 modules, digital certificate is verified the output signal of 28 modules is delivered to the input of soap message being deciphered 29 modules; The output signal of decryption function 30 modules is delivered to the input of soap message being deciphered 29 modules; This digital signature and encrypted work may further comprise the steps:
Step 1: client 21
Simple object access protocol SOAP information is encrypted through signature function in client 21;
Step 2: ciphering process
During encryption, at first obtain privately owned key and related credentials, then simple object access protocol soap message is signed, the file after will signing at last sends to service end through host-host protocol HTTP 24 agreements;
Step 3: service end A 22
The simple object access protocol soap message that service end A 22 has signed through the data verification function validates;
Step 4: decrypting process
Decipher document according to privately owned key and related credentials the checking back.
The execution mode of digital signature of the present invention and encrypted work:
1. simple object access protocol SOAP (SIMPLEOBJECT ACCESS PROTOCOL) information is encrypted through signature function in client;
When 2. encrypting; At first obtain privately owned key and related credentials; Then simple object access protocol SOAP (SIMPLE OBJECT ACCESS PROTOCOL) message is signed, the file after will signing at last sends to service end through host-host protocol HTTP (HYPERTEXT TRANSPORTPROTOCOL) agreement;
3. service end simple object access protocol (SOAP the is written as SIMPLE OBJECT ACCESS PROTOCOL entirely) message of having signed through the data verification function validates;
4. decipher document according to privately owned key and related credentials the checking back.
See also shown in the accompanying drawing 4; Filter based on the network service of the encryption technique method of digital signature in the transmission of described exchanges data and comprise: agent side 31 and service end B 32; Accomplish through the request 33 and the electrical connection of response 34 signals between agent side 31 and the service end B 32, wherein:
Agent side 31 comprises: digital certificate authentication 35, digital certificate mandate 36, content-encrypt 37 and log record 38 modules are parallel electrical connection between each module;
Service end B 32 comprises: digital certificate checking 39, contents decryption 40 and network service buffer memory 41 modules are parallel electrical connection between each module; This network service filtration work may further comprise the steps:
A), client is carried out authentication, mandate;
B), user's visit writing system daily record;
C), the simple object access protocol soap message of request is encrypted deciphering;
D), do buffer memory for the network service object.
See also shown in the accompanying drawing 1, based on the device of the encryption technology of digital signature, this installs by modules such as operation system, central database and Service Databases, also comprises: operation system A 11, data center 15 and operation system B 18 in the transmission of a kind of exchanges data; Be electrically connected each other between the Shared Folders B 19 among Shared Folders A 12 among the operation system A 11 and the operation system B 18; Be electrically connected each other between the data switching center 17 in agent data A 14 among the operation system A 11 and the data center 15; Be electrically connected each other between the agent data B 20 among data switching center 17 in the data center 15 and the operation system B 18; Wherein:
Shared Folders A 12, agent data A 14 and Service Database A 13 successively have been linked in sequence among the operation system A 11; Be each other to be electrically connected between Shared Folders A 12, agent data A 14 and the Service Database A 13, be electrically connected each other between Shared Folders A 12 and the Shared Folders B 19;
Central database 16 and data switching center 17 successively have been linked in sequence in the data center 15; Be electrically connected each other between central database 16 and the data switching center 17;
Shared Folders B 19, agent data B20 and Service Database B 10 successively have been linked in sequence among the operation system B 18; Be each other to be electrically connected between Shared Folders B 19, agent data B 20 and the Service Database B 10, be electrically connected each other between agent data B 20 and the data switching center 17.
The execution mode of hardware environment of the present invention:
1. data center comprises encryption, the decipher function of data item management, network service and simple object access protocol SOAP (SIMPLE OBJECT ACCESS PROTOCOL) information; The network service processing is from the interface interchange of agent data end.
2. agent data is mainly accomplished data provides and Data Receiving two parts function.Data agent side of each database operation also can agent side of a plurality of databases operations, and agency's section is also provided services on the Internet and encryption, the decipher function of simple object access protocol SOAP (SIMPLE OBJECT ACCESSPROTOCOL) information.
See also shown in the accompanying drawing 5, the functions of application system flow chart for one of embodiment of the invention specifically may further comprise the steps:
Step 1. transmit leg A packing data (51)
If operation system A 11 is transmit leg A, i.e. data provider A, the side of being ready for sending A packing data (51) work;
Step 2. digital signature is also encrypted (52)
After executing transmit leg A packing data (51) module, then get into digital signature and encrypt (52) module;
Step 3. is sent the result to middle database (53)
After executing digital signature and encrypting (52) module, then get into and send the result to middle database (53) module;
Step 4. middle database C checking is also preserved data (54)
Execute and send the result after middle database (53) module; Then get into middle database C checking and preserve data (54) module; The output signal of middle database C checking and preservation data (54) is divided into three the tunnel; The first via is delivered to transmit leg and returns historical record (55) module, and the second the tunnel is delivered to recipient B obtains XML (56) module from middle database, and Third Road is delivered to the recipient and returns historical record (60) module;
Step 5. deciphering XML, checking digital certificate (57)
Execute after recipient B obtains XML (56) module from middle database, then get into deciphering XML, checking digital certificate (57);
Step 6. is to middle database dataset (58)
Execute deciphering XML, after checking digital certificate (57) module, then get into to middle database dataset (58);
Step 7. analyzing XML warehouse-in (59)
Execute after middle database dataset (58) module, then get into analyzing XML warehouse-in (59) module.
The application system execution mode of one of embodiment of the invention:
Existing operation system A 11 is data provider A for transmit leg, and operation system B 12 is the data side of obtaining B for the side of obtaining, and data center is that middle database is C, and A gives B through the C shared data:
1. the relational data table that will be shared by the A definition is described, and submits to C and B; Each agent side is set up in own system item is provided accordingly, and the description that provides according to A forms the lead in item of oneself;
2. C describes according to the tables of data that A provides, and in system, sets up corresponding shared data directory, data format expandable mark language XML (EXTENSIBLE MARKUPLANGUAGE) Schema (being stored in the webserver) when definition is shared.B also can set up Data Receiving item and expandable mark language XML (EXTENSIBLE MARKUP LANGUAGE) Element/ field corresponding relation in native system, be convenient to B and receive data.B side's corresponding database list structure defines voluntarily, but will coincide with the coherent element of Data Receiving project;
3. A timing log-on data provides process; The record of not sharing the last time (newly-increased or revised) breaks into expandable mark language XML (EXTENSIBLE MARKUPLANGUAGE) bag according to rule, XML (EXTENSIBLEMARKUP LANGUAGE) Schema of definition above this XML file must be followed.Interface through providing through C after the safe handling is saved to central database, revises the flag bit sign of respective record if C confirms to receive and sends.If the priority of data demand is higher, require notice B;
4. B log-on data receiving process regularly.Whether the query interface that provides through C knows the oriented data of oneself sharing; Have then and obtain expandable mark language XML (EXTENSIBLE MARKUP LANGUAGE) data from central database; After receiving data; Be transformed in the database through XML (EXTENSIBLE MARKUP LANGUAGE)-to-Table, and revise the receiving flag among the C; Comprise accessory information in expandable mark language XML (EXTENSIBLEMARKUP LANGUAGE) bag that A makes up; Then B will extract corresponding FTP address or host-host protocol HTTP (HYPERTEXT TRANSPORT PROTOCOL) address when resolving; Join annex and obtain tabulation, from the Shared Folders of A, download in the Shared Folders of B.
Claims (2)
- In the exchanges data transmission based on the encryption technique method of digital signature; It is characterized in that: this method runs on exchanges data transmission course between the heterogeneous system; Use simple object access protocol SOAP to carry out network service filtration and exchanges data through the network service, obtain message-level safety end to end; Through secure network service in data encryption, digital certificate and the data sharing exchange process, expandable mark language XML is carried out digital signature and encrypted work, realize safety of data; Adopt the trust service integration tool case of the Verisign host-host protocol HTTP of company, support to accomplish digital signature, checking, the encrypt and decrypt work of simple object access protocol SOAP bag; The workflow of secure network service in this data sharing exchange process specifically may further comprise the steps:Step 1: write certificate script (1)With the use standard of the trust service integration tool case of Verisign company, write data certificate generation script, for writing certificate script (1) module;Step 2: carry out script (2)Execute write certificate script (1) module after, the output signal of writing certificate script (1) module is delivered to carries out script (2) module;Step 3: (3) Generate CertificateAfter executing execution script (2) module, the output signal of carrying out script (2) module is delivered to (3) module that Generates Certificate; Generate four files through the digital certificate script: server end file: bms.keystore; Agent side file: bmc.keystore; Server trust file: bms.truststore and agent side are trusted file: bmc.truststore;Step 4: client deployment agent side file and server end are trusted file (4)After executing (3) module that Generates Certificate; The output signal of (3) module that Generates Certificate is divided into two-way; One the tunnel is delivered to client deployment agent side file and server end trust file (4) module, is that networking client is disposed agent side file bmc.keystore and two files of server trust file bms.trust store;Step 5: service end deployment services end file and agent side are trusted file (5)After executing (3) module that Generates Certificate; Another road of the output signal of (3) module that Generates Certificate is delivered to service end deployment services end file and agent side is trusted file (5) module, is service end deployment server end file bms.keystore and two files of agent side trust file bmc.truststore;Step 6: use the agent side file to obtain digital signature (6)Execute after client deployment agent side file and server end trust file (4) module, then get into and use the agent side file to obtain digital signature (6) module, during the client call interface with the private key digital signature of agent side file bmc.keystore;Step 7: use server end to trust file and encrypt (7)Execute use the agent side file to obtain digital signature (6) module after; Then get into and use server end trust file to encrypt (7) module, the output signal that uses server end trust file to encrypt (7) module is delivered to service end deployment services end file and agent side is trusted file (5) module; PKI with server trust file bms.truststore is done encryption to simple object access protocol SOAP bag;Step 8: use agent side to trust file decryption (8)After executing service end deployment services end file and agent side trust file (5) module; Then get into and use agent side to trust file decryption (8) module, the private key with agent side file bmc.keystore during processing response is done deciphering to simple object access protocol SOAP bag;Step 9: use the service end file to carry out digital signature authentication (9)After executing use agent side trust file decryption (8) module, then get into and use the service end file to carry out digital signature authentication (9) module, with the public key verifications digital signature of server trust file bms.truststore.
- 2. in the exchanges data according to claim 1 transmission based on the encryption technique method of digital signature; It is characterized in that: described digital signature and encrypted work are for to expand internet system AXIS based on Apache; Through the transmission between client (21) and the service end A (22) with finish receiving; The electrical connection of wrapping (23) module and host-host protocol HTTP (24) for encryption SOAP between client (21) and the service end A (22), wherein:Client (21) comprising: to soap message use digital certificate sign (25) module, soap message is encrypted (26) module and encryption function (27) module, the sign output signal of (25) module of soap message use digital certificate is delivered to the input of soap message being encrypted (26) module; The output signal of encryption function (27) module is delivered to the input of soap message being encrypted (26) module;Service end A (22) comprising: digital certificate is verified (28) module; Soap message is deciphered (29) module and decryption function (30) module, digital certificate is verified the output signal of (28) module is delivered to the input of soap message being deciphered (29) module; The output signal of decryption function (30) module is delivered to the input of soap message being deciphered (29) module; This digital signature and encrypted work may further comprise the steps:Step 1: client (21)Simple object access protocol SOAP information is encrypted through signature function in client (21);Step 2: ciphering processDuring encryption, at first obtain privately owned key and related credentials, then simple object access protocol soap message is signed, the file after will signing at last sends to service end through host-host protocol HTTP (24) agreement;Step 3: service end A (22)The simple object access protocol soap message that service end A (22) has signed through the data verification function validates;Step 4: decrypting processDecipher document according to privately owned key and related credentials the checking back.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200810035274A CN101247232B (en) | 2008-03-27 | 2008-03-27 | Encryption technique method based on digital signature in data communication transmission |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200810035274A CN101247232B (en) | 2008-03-27 | 2008-03-27 | Encryption technique method based on digital signature in data communication transmission |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101247232A CN101247232A (en) | 2008-08-20 |
CN101247232B true CN101247232B (en) | 2012-09-26 |
Family
ID=39947464
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200810035274A Expired - Fee Related CN101247232B (en) | 2008-03-27 | 2008-03-27 | Encryption technique method based on digital signature in data communication transmission |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101247232B (en) |
Families Citing this family (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101753539B (en) * | 2008-12-01 | 2012-06-06 | 北京大学 | Network data storage method and server |
CN102256246A (en) * | 2011-07-05 | 2011-11-23 | 上海市安全生产科学研究所 | Data transfer encryption method for mobile communication |
CN103227770B (en) * | 2012-01-30 | 2016-01-20 | 凌群电脑股份有限公司 | The safe delivery module of end-point data and method |
CN104036198A (en) * | 2014-06-11 | 2014-09-10 | 北京素志科技发展有限公司 | WAN (wide area network) file encryption method |
US9838870B2 (en) * | 2015-03-25 | 2017-12-05 | Juniper Networks, Inc. | Apparatus and method for authenticating network devices |
CN106970906A (en) * | 2016-01-14 | 2017-07-21 | 芋头科技(杭州)有限公司 | A kind of semantic analysis being segmented based on sentence |
CN106970907A (en) * | 2016-01-14 | 2017-07-21 | 芋头科技(杭州)有限公司 | A kind of method for recognizing semantics |
CN106970909A (en) * | 2016-01-14 | 2017-07-21 | 芋头科技(杭州)有限公司 | A kind of semantic semantic analysis of Secondary Match |
CN106970905A (en) * | 2016-01-14 | 2017-07-21 | 芋头科技(杭州)有限公司 | A kind of semantic analysis |
CN106970908A (en) * | 2016-01-14 | 2017-07-21 | 芋头科技(杭州)有限公司 | A kind of voice content analysis method |
CN107294726B (en) * | 2016-04-12 | 2021-01-15 | 阿里巴巴集团控股有限公司 | Export, import and processing method, device and system of virtual encryption machine data |
CN106921644B (en) * | 2016-06-23 | 2020-09-01 | 阿里巴巴集团控股有限公司 | Client data file verification method and device |
CN106295377B (en) * | 2016-08-24 | 2019-02-19 | 成都万联传感网络技术有限公司 | A kind of construction method of medical treatment endowment data safety clearing agent device |
US11070379B2 (en) | 2019-04-18 | 2021-07-20 | Advanced New Technologies Co., Ltd. | Signature verification for a blockchain ledger |
CN110163006B (en) * | 2019-04-18 | 2020-07-07 | 阿里巴巴集团控股有限公司 | Signature verification method, system, device and equipment in block chain type account book |
CN112287364A (en) * | 2020-10-22 | 2021-01-29 | 同盾控股有限公司 | Data sharing method, device, system, medium and electronic equipment |
EP4002788A1 (en) * | 2020-11-13 | 2022-05-25 | Secure Thingz Limited | A system and devices for secure and efficient provisioning of electronic devices |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1352434A (en) * | 2001-11-29 | 2002-06-05 | 上海维豪信息安全技术有限公司 | Electronic government affairs safety platform system based on trust and authorization service |
CN1505309A (en) * | 2002-11-20 | 2004-06-16 | Securely processing client credentials used for web-based access to resources | |
CN101119196A (en) * | 2006-08-03 | 2008-02-06 | 西安电子科技大学 | Bidirectional identification method and system |
-
2008
- 2008-03-27 CN CN200810035274A patent/CN101247232B/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1352434A (en) * | 2001-11-29 | 2002-06-05 | 上海维豪信息安全技术有限公司 | Electronic government affairs safety platform system based on trust and authorization service |
CN1505309A (en) * | 2002-11-20 | 2004-06-16 | Securely processing client credentials used for web-based access to resources | |
CN101119196A (en) * | 2006-08-03 | 2008-02-06 | 西安电子科技大学 | Bidirectional identification method and system |
Also Published As
Publication number | Publication date |
---|---|
CN101247232A (en) | 2008-08-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101247232B (en) | Encryption technique method based on digital signature in data communication transmission | |
EP3318043B1 (en) | Mutual authentication of confidential communication | |
US9704159B2 (en) | Purchase transaction system with encrypted transaction information | |
CN102594558B (en) | Anonymous digital certificate system and verification method of trustable computing environment | |
CN101964791B (en) | Communication authenticating system and method of client and WEB application | |
Barker et al. | Recommendation for key management part 3: Application-specific key management guidance | |
CN110460439A (en) | Information transferring method, device, client, server-side and storage medium | |
JP5204090B2 (en) | Communication network, e-mail registration server, network device, method, and computer program | |
CN109743171B (en) | Key series method for solving multi-party digital signature, timestamp and encryption | |
CN103546289B (en) | USB (universal serial bus) Key based secure data transmission method and system | |
CN101720071B (en) | Short message two-stage encryption transmission and secure storage method based on safety SIM card | |
CN109450843B (en) | SSL certificate management method and system based on block chain | |
CN113132099B (en) | Method and device for encrypting and decrypting transmission file based on hardware password equipment | |
CN108696360A (en) | A kind of CA certificate distribution method and system based on CPK keys | |
CN103580868A (en) | Secure transmission method of electronic official document secure transmission system | |
US20240250826A1 (en) | Cryptographic method for verifying data | |
CN104243439A (en) | File transfer processing method and system and terminals | |
CN112564906A (en) | Block chain-based data security interaction method and system | |
KR101839048B1 (en) | End-to-End Security Platform of Internet of Things | |
CN101984626B (en) | Method and system for safely exchanging files | |
US8520840B2 (en) | System, method and computer product for PKI (public key infrastructure) enabled data transactions in wireless devices connected to the internet | |
CN112261002A (en) | Data interface docking method and device | |
JPH0969831A (en) | Cipher communication system | |
Barker et al. | Sp 800-57. recommendation for key management, part 1: General (revised) | |
KR20080012402A (en) | Method for authenticating and decrypting of short message based on public key |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120926 |