CN102065135A - Peer to peer data acquisition method, system and server - Google Patents
Peer to peer data acquisition method, system and server Download PDFInfo
- Publication number
- CN102065135A CN102065135A CN2010105908700A CN201010590870A CN102065135A CN 102065135 A CN102065135 A CN 102065135A CN 2010105908700 A CN2010105908700 A CN 2010105908700A CN 201010590870 A CN201010590870 A CN 201010590870A CN 102065135 A CN102065135 A CN 102065135A
- Authority
- CN
- China
- Prior art keywords
- key
- node
- data
- server
- content
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 239000012634 fragment Substances 0.000 claims abstract description 67
- 230000005540 biological transmission Effects 0.000 claims abstract description 33
- 238000012545 processing Methods 0.000 claims abstract description 5
- 230000015572 biosynthetic process Effects 0.000 claims description 3
- 230000008569 process Effects 0.000 description 16
- 238000013481 data capture Methods 0.000 description 13
- 230000003993 interaction Effects 0.000 description 5
- 210000001503 joint Anatomy 0.000 description 5
- 238000012217 deletion Methods 0.000 description 3
- 230000037430 deletion Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000008676 import Effects 0.000 description 2
- 238000012797 qualification Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 239000003292 glue Substances 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a peer to peer data acquisition method, a peer to peer data acquisition system and a peer to peer data acquisition server. The method comprises the following steps that: a source node encrypts a first data fragment to form a first cipher text fragment according to a preliminary key transmitted from the server, and transmits the first cipher text fragment to a request node; the server at least transmits a first key updating message to the request node and the source node once, wherein the first key updating message comprises a first updated key; the source node encrypts a second data fragment according to the first updated key, adds a key updating identifier into the second data fragment to form a second cipher text fragment, and transmits the second cipher text fragment to the request node; and the request node receives the second cipher text fragment, and decrypts the second cipher text fragment by using the first updated key corresponding to the key updating identifier so as to acquire content data. The technical scheme provided by the invention can guarantee the data transmission safety and the data transmission efficiency, has low requirement on the node processing capability, and is easy to implement.
Description
Technical field
The present invention relates to the network communications technology, relate in particular to a kind of Point-to-Point Data acquisition methods, system and server.
Background technology
Existing point-to-point (Peer to Peer; Abbreviate as: P2P) download be requesting node to the server requests node listing, the source node request msg after obtaining node listing in node listing is downloaded, and sets up successful source node data download from connecting; Simultaneously, this requesting node also can provide data to other nodes as source node.In data exchange process, if unauthorized node obtains the address of source node, directly download to the source node request msg, then this unauthorized node also can obtain legal data content, and there is safety problem in promptly this data exchange process.
At the problems referred to above, prior art adopts unsymmetrical key that the data in the reciprocal process are encrypted, to guarantee data security.A common once close cipher mode and adopt the mode that unsymmetrical key is encrypted simultaneously to a plurality of data blocks.Adopt the cipher mode of this unsymmetrical key, after requesting node is received enciphered data, need after receiving the block of unencrypted data of server, enciphered data be decrypted, obtain data to server requests block of unencrypted data (being decruption key).There is the reciprocal process of a large amount of requesting nodes to the server requests block of unencrypted data in this mode in data transmission procedure, reduced the efficient of transfer of data.
In addition, adopt symmetric key that the data in the reciprocal process are encrypted in the prior art in addition, in the mode that guarantees data security.In the method that adopts symmetric key, symmetric key is included in the seed file at present, and key is imported in the P2P network in advance by seed server; In transmission course, file is divided into segment, and each segment adopts the key that imports in advance to encrypt, and requesting node adopts the key that imports in advance to be decrypted, to obtain data.Compare with the unsymmetrical key mode, this mode need not requesting node and seed server is carried out alternately, improved efficiency of transmission, but for a certain glue file, key is constant, if have the authorization requests node to scatter this key or cracked this key by the disabled user, then the distribution of this document will be not controlled, and therefore, there is potential safety hazard equally in file under this cipher mode.In order further to improve safety of data transmission, prior art proposes a kind of new symmetric key method again, promptly same segment is encrypted with different keys, source node will send to different requesting nodes respectively with the segment of different secret key encryptions, so just require source node to write down the relation of each requesting node and each segment counterpart keys and this corresponding relation is sent to requesting node, requesting node can adopt correct key to decipher segment to obtain data receiving that the encryption sheet is had no progeny like this.Because in the P2P network, each node be requesting node be again source node, therefore, each node all will be stored the corresponding relation of a large amount of segments, key and requesting node, in the P2P network number of nodes more for a long time, this mode can reduce the disposal ability of node, and having relatively high expectations to node.
As seen from the above analysis: existing P2P data encryption mode can't be accomplished balance preferably on safety issue and other transmission performance problems (for example efficiency of transmission problem or node processing capability problems), therefore, the problem of assurance safety of data transmission remains further to be solved when guaranteeing P2P system transmissions performance.
Summary of the invention
The invention provides a kind of Point-to-Point Data acquisition methods, system and server,, guarantee safety of data transmission in order to when guaranteeing P2P system transmissions performance.
The invention provides a kind of Point-to-Point Data acquisition methods, comprising:
The initial key that source node issues according to server, first data fragments of encrypted content data forms the first ciphertext segment, and the described first ciphertext segment is sent to requesting node;
Described server sends one time first key updating message to described request node and described source node at least, and the described first key updating message comprises first new key more;
Described source node upgrades second data fragments of the described content-data of secret key encryption according to described first, and adds the key updating sign in described second data fragments, forms the second ciphertext segment, and sends the described second ciphertext segment to the described request node;
The described request node receives the described second ciphertext segment, adopts the corresponding described second ciphertext segment of the first renewal secret key decryption of described key updating sign, to obtain described content-data.
The invention provides a kind of server, comprising:
First sending module, be used for sending initial key to source node and requesting node, so that described source node forms the first ciphertext segment according to first data fragments of described initial key encrypted content data, and make the described request node decipher the described first ciphertext segment according to described initial key;
Second sending module, be used for after described first sending module sends described initial key, at least send one time first key updating message to described request node and described source node, the described first key updating message comprises first new key more, so that described source node forms the second ciphertext segment according to described first second data fragments that upgrades the described content-data of secret key encryption, and make the described request node upgrade the described second ciphertext segment of secret key decryption according to described first, to obtain described content-data.
The invention provides a kind of Point-to-Point Data and obtain system, comprise arbitrary server provided by the invention, also comprise: source node and requesting node;
The described request node is used to receive the first key updating message that described server sends, and the described first key updating message comprises first new key more; And be used to receive the first ciphertext segment and the second ciphertext segment that described source node sends, and according to the described second ciphertext segment of the described first renewal secret key decryption, to obtain content-data;
Described source node, be used to receive described initial key and the described first key updating message that described server sends, first data fragments of encrypting described content-data according to described initial key forms the described first ciphertext segment and according to described first second data fragments that upgrades the described content-data of secret key encryption, and in described second data fragments, add the described second ciphertext segment of key updating sign formation, and described first ciphertext segment and the described second ciphertext segment are sent to the described request node.
Point-to-Point Data acquisition methods provided by the invention, system and server, at requesting node in the process of source node acquisition request content-data, at least once carry the more key updating message of new key to source node and requesting node transmission by server, encrypt and carry the key updating sign by the source node data fragments that butt joint is received after the key updating message according to new key more, and requesting node adopts the corresponding secret key decryption data encrypted segment of upgrading according to the key updating sign, finally obtains content-data.In technical solution of the present invention, the different pieces of information segment of same content-data can adopt different keys to encrypt, and has guaranteed safety of data transmission; And different keys are initiatively issued to requesting node and source node by server, and requesting node need not to carry out cipher key interaction with server and guaranteed data transmission efficiency; In addition, source node is by adding the key updating sign in the ciphertext segment that sends in technical solution of the present invention, requesting node identification corresponding secret key is decrypted the ciphertext segment, each node need not to store the corresponding relation between different keys, data fragments and other nodes, disposal ability to node requires lower, easy to implement.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do one to the accompanying drawing of required use in embodiment or the description of the Prior Art below introduces simply, apparently, accompanying drawing in describing below is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
The flow chart of the P2P data capture method that Fig. 1 provides for the embodiment of the invention one;
The flow chart of the P2P data capture method that Fig. 2 provides for the embodiment of the invention two;
The server that Fig. 3 provides for the embodiment of the invention sends the method flow diagram of the first key updating message to requesting node and source node;
The flow chart of the P2P data capture method that Fig. 4 provides for the embodiment of the invention three;
A kind of structural representation of the server that Fig. 5 provides for the embodiment of the invention;
Another structural representation of the server that Fig. 6 provides for the embodiment of the invention;
The another kind of structural representation of the server that Fig. 7 provides for the embodiment of the invention;
The structural representation of the P2P data-acquisition system that Fig. 8 provides for the embodiment of the invention.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer, below in conjunction with the accompanying drawing in the embodiment of the invention, technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
The flow chart of the P2P data capture method that Fig. 1 provides for the embodiment of the invention one.As shown in Figure 1, the method for present embodiment comprises:
The initial key that step 11, source node issue according to server, first data fragments of encrypted content data forms the first ciphertext segment, and the first ciphertext segment is sent to requesting node;
Wherein, content-data is the information of requesting node acquisition request.In the P2P data transmission procedure, by source node content-data is divided into a plurality of data fragments and transmits.Before requesting node and source node connect, server issues the key (being initial key) that the enciphered data segment is used to source node and requesting node, adopt the symmetric key mode to come the enciphered data segment in the present embodiment, therefore, the key of requesting node and source node is identical.Wherein, first data fragments is meant that source node adopts initial key institute ciphered data segment, and it can comprise that a data segment also can comprise a plurality of data fragments.
Step 12, server send one time first key updating message to requesting node and source node at least, and the described first key updating message comprises first new key more;
This step is specifically implemented in the process of source node acquisition request content-data at requesting node, promptly encrypts first data fragments according to initial key at source node and implements after forming the first ciphertext segment and sending to requesting node.Wherein, the first key updating message is meant the key updating message that server issues in the process of source node acquisition request content-data at requesting node, be mainly used in and make source node adopt different secret key encryptions, improve the data fragments safety of transmission the different pieces of information segment of same content-data.Concrete, server sends more new key by key updating message to requesting node and source node according to certain strategy; Wherein the strategy of server institute foundation can be regularly a strategy, promptly just issues key updating message one time every certain realization; Also can be the number of times strategy, promptly set and issue the total degree of key updating message, but do not limit the time of each transmission at each content-data; Can also be at the different content data and the distributing policy of special setting is not done qualification to this present embodiment.
Step 13, source node upgrade second data fragments of secret key encryption content-data according to first, and add the key updating sign in second data fragments, form the second ciphertext segment, and send the second ciphertext segment to requesting node;
Wherein, after source node receives the key updating message that server issues, resolve the more new key of obtaining wherein; According to the rule of making an appointment, source node or need encrypt the follow-up data segment with new key more, at this moment, source node adopts the butt joint of new key more to receive the data fragments that key updating message will send constantly and encrypts, in data fragments, add the key updating sign simultaneously, form the ciphertext segment, and the ciphertext segment is sent to requesting node.Wherein, key updating sign is used to make requesting node to know from which ciphertext segment, need adopt more that new key is decrypted the ciphertext segment, obtains data fragments; And issue at server under the situation of repeatedly key updating message, this key updating sign also be used to make requesting node to know to use which more new key corresponding ciphertext segment is decrypted, promptly this key updating sign simultaneously sign adopt more that new key begins the ciphered data segment, adopt the ciphertext segment of upgrading secret key decryption and the more mapping relations between the new key that adopted.
Wherein, second data fragments is meant and adopts the data fragments that upgrades secret key encryption that it can comprise that a data segment also can comprise a plurality of data fragments; In addition, issue the situation of repeatedly key updating message for server, when key updating message next time arrives, more new key in the current key updating message can be considered initial key, therefore, the data fragments that adopts the renewal secret key encryption in the key updating message next time also is second data fragments, and promptly the data fragments between twice key updating message all belongs to second data fragments, and the ciphertext segment that forms according to second data fragments is the second ciphertext segment.
Step 14, requesting node receive the second ciphertext segment, adopt the corresponding first renewal secret key decryption, the second ciphertext segment of key updating sign, to obtain content-data.
Requesting node receives after the second ciphertext segment, obtains accordingly more according to the key updating of carrying in second ciphertext segment sign that new key is decrypted, and obtains second data fragments; Simultaneously, for the first ciphertext segment, requesting node can adopt initial key to be decrypted, and obtains first data fragments, and finally obtains the whole contents data.
Wherein, in the present embodiment, requesting node can just adopt corresponding key to be decrypted and obtain data fragments, and finally obtain the whole contents data whenever receiving a ciphertext segment when (comprising the first ciphertext segment and the second ciphertext segment); Requesting node also can be after receiving all ciphertext segments, adopting accordingly more to the ciphertext segment of carrying the key updating sign according to the key updating sign, new key is decrypted, adopt initial key to be decrypted to the ciphertext segment of not carrying the key updating sign, and finally obtain the whole contents data.
The P2P data capture method of present embodiment, at requesting node in the process of source node acquisition request content-data, at least once carry the more key updating message of new key to source node and requesting node transmission by server, encrypt and carry the key updating sign by the source node data fragments that butt joint is received after the key updating message according to new key more, and requesting node adopts the corresponding secret key decryption data encrypted segment of upgrading according to the key updating sign, finally obtains content-data.In the present embodiment, the different pieces of information segment of same content-data can adopt different keys to encrypt, and has guaranteed safety of data transmission; And different keys are initiatively issued to requesting node and source node by server, and requesting node need not to carry out cipher key interaction with server and guaranteed data transmission efficiency; In addition, in the present embodiment, source node is by adding the key updating sign in the ciphertext segment that sends, requesting node identification corresponding secret key is decrypted the ciphertext segment, each node need not to store the corresponding relation between different keys, data fragments and other nodes, disposal ability to node requires lower, easy to implement.
Wherein, in the above-described embodiments, in order further to improve safety of data transmission, server can improve the frequency to requesting node and source node transmission key updating message, and the best can reach each data fragments and all adopt different keys to encrypt.
The flow chart of the P2P data capture method that Fig. 2 provides for the embodiment of the invention two.Present embodiment realizes that based on embodiment one as shown in Figure 2, the method for present embodiment comprises:
Step 21, requesting node are to server sending node list request, and described node listing request comprises content-data information;
When requesting node has the content-data that need obtain, at first to server sending node list request, the nodal information service available to obtain, that resource is arranged.Wherein, content-data information can be title, chained address data or the partial content etc. of content-data.Wherein, content-data can be a film, a piece of music, one piece of article etc., and the content corresponding data message can be film name, song title, article name, can also be film director, singer's name, author's name etc.Server obtains the node listing that service can be provided for requesting node according to content-data information for requesting node.
Step 22, server comprise the source node information of content-data information correspondence to the tabulation of requesting node return node in the described node listing;
When server gets access to when can be requesting node the source node of server being provided, return the information of each source node to requesting node by the form of node listing; Wherein, the information of source node can be URL(uniform resource locator) (the Uniform/Universal Resource Locator of source node; Abbreviate as: the URL) Internet protocol of address or source node (Internet Protocol; Abbreviate as: IP) address etc.
Step 23, server send initial key to requesting node and source node;
When server after requesting node return node tabulation, issue initial key to requesting node and source node so that source node is encrypted first data fragments according to initial key, and make the requesting node first ciphertext segment that deciphering receives according to initial key.
Step 24, requesting node send content-data according to node listing to source node and obtain request;
Wherein, requesting node may connect with the multiple source node simultaneously, obtains the different pieces of information segment respectively.
The initial key that step 25, source node issue according to server, first data fragments of encrypted content data forms the first ciphertext segment, and the first ciphertext segment is sent to requesting node;
Step 26, server send one time first key updating message to requesting node and source node at least, and the described first key updating message comprises first new key more;
Step 27, source node upgrade second data slot of secret key encryption content-data according to first, and add the key updating sign in second data slot, form the second ciphertext fragment, and send the second ciphertext fragment to requesting node;
Step 28, requesting node receive the second ciphertext segment, adopt the corresponding first renewal secret key decryption, the second ciphertext segment of key updating sign, to obtain content-data.
Wherein step 25-step 28 can not repeat them here referring to the description of embodiment one.In addition, requesting node can be according to the sequence number in the data fragments, the situation of obtaining of monitoring content-data; When monitor content-data obtain end after, send notice message to server, finish with obtaining of this content-data of notification server.Server can stop to send key updating message to requesting node and source node according to this notice message, can also will distribute to the initial key of this content-data or more withdrawal such as new key simultaneously.But aforesaid operations is a kind of selection operation, and present embodiment obtains content-data with requesting node and attaches most importance to.
The P2P data capture method of present embodiment, requesting node are to the server requests node listing, and server sends initial key after the tabulation of requesting node return node to requesting node and source node; Requesting node sends content-data according to node listing to source node and obtains request, source node is according to initial key enciphered data segment and send to requesting node, after server make source node and requesting node adopt more new key that the follow-up data segment is carried out encryption and decryption to handle by sending repeatedly key updating message, realization is transmitted after the different pieces of information segment of same content-data is adopted different secret key encryptions, has improved safety of data transmission; Simultaneously, different keys are initiatively issued to requesting node and source node by server, and requesting node need not to carry out cipher key interaction with server and guaranteed data transmission efficiency; In addition, in the present embodiment, source node is by adding the key updating sign in the ciphertext segment that sends, requesting node identification corresponding secret key is decrypted the ciphertext segment, each node need not to store the corresponding relation between different keys, data fragments and other nodes, disposal ability to node requires lower, easy to implement.
The server that Fig. 3 provides for the embodiment of the invention sends the method flow diagram of the first key updating message to requesting node and source node.Present embodiment realizes that based on the foregoing description as shown in Figure 3, the method that present embodiment sends first updating message comprises:
Step 31, server judge according to content-data information whether available key is arranged in the pool of keys; For having, then execution in step 32 as judged result, otherwise, execution in step 33.
Wherein, be provided with pool of keys in advance on server, be mainly used in storage key and key is managed, wherein key comprises initial key and various more new key.Available key mainly is meant the key that is not used.Key in the pool of keys can be recycled within its life cycle.
When not having available key in the pool of keys, server can be current content data and generates a new key, as its first new key more.Wherein, server can generate key according to preset rules, specifically can not do qualification in the present embodiment referring to prior art.
Wherein, server can with first more new key and generate the first key updating message after the address information of package request node, source node as data content, but be not limited to this.
The method of the transmission first key updating message that present embodiment provides, server manages its key by pool of keys, at first from available key, select first new key more, if do not generate new key as first new key more according to the key create-rule when not existing, and with first more new key be encapsulated as the first key updating message, be handed down to requesting node and source node, this mode simply is easy to realize, and resource consumption is less.
In addition, in the present embodiment, server also can not carried out and judge the operation that whether has available key in the pool of keys, and directly generate first new key more according to content-data information, and with first more new key store in the pool of keys, this mode is simple more and be convenient to enforcement, just the capacity of pool of keys is had relatively high expectations relatively.
Based on the foregoing description, for the ease of the confidentiality that key is managed and improves key, server is provided with a life cycle for each key, and when finished life cycle, this key was with deleted.The flow chart of the P2P data capture method that Fig. 4 provides for the embodiment of the invention three.Present embodiment realizes that based on the foregoing description as shown in Figure 4, the method for present embodiment also comprises:
Concrete, server can the periodic queries pool of keys, and also query key pond in real time is wherein for alleviating load of server, each key in the preferred cycle repeating query pool of keys.Wherein, server can be set a timer for it when each key generates, write down the life period of each key.
Life period is greater than the key of default life cycle in step 42, the server deletion pool of keys;
The life period of server by judging timer record with this key deletion, can improve the confidentiality of key during greater than default life cycle in this way.
Server is that deleted key generates new key, i.e. second new key more, substitute deleted key, and with second more new key store in the pool of keys, can guarantee to exist in the pool of keys key of some by this mode, so that provide key (for example initial key or more new key) to the node that the data content requests obtained is arranged.
Wherein, deleted key may be an available key, and the key that promptly is not used also may be the key that is being used.For the node that guarantees to use this deleted key can proper communication, present embodiment provides a kind of execution mode, be server by the second key updating message with second more new key send to source node and the requesting node that uses deleted key, reach the purpose of the key that upgrades above-mentioned requesting node and source node simultaneously.Wherein, second when more new key is a key in its pool of keys of server update, for being used for of guaranteeing that deleted key do not influence that the operation of P2P system generates substitutes deleted key.
The P2P data capture method of present embodiment by default life cycle, is upgraded the key in its pool of keys by server, has improved the confidentiality of key, and then has improved the safety of data of transmitting based on the key in the pool of keys.
Need explanation at this, server is according to default life cycle of the scheme of new key more, can combine with the various embodiments described above, and not limit its sequencing, promptly server according to default life cycle more the scheme of new key can implement with the scheme of other embodiment is parallel.
A kind of structural representation of the server that Fig. 5 provides for the embodiment of the invention.As shown in Figure 5, the server of present embodiment comprises: first sending module 51 and second sending module 52.
Wherein, first sending module 51, be connected with requesting node with source node, be used for sending initial key to source node and requesting node, so that source node forms the first ciphertext segment according to first data fragments of initial key encrypted content data, and make requesting node decipher the first ciphertext segment according to initial key; Second sending module 52, be connected with requesting node with first sending module 51, source node, be used for after first sending module 51 sends initial key, at least send one time first key updating message to requesting node and source node, the described first key updating message comprises first new key more, so that source node forms the second ciphertext segment according to first second data fragments that upgrades the secret key encryption content-data, and make requesting node upgrade the secret key decryption second ciphertext segment according to first, to obtain content-data.
The server of present embodiment, can be used for carrying out the flow process of the P2P data capture method that mode embodiment of the present invention provides, concrete by first sending module and second sending module, in the process of source node acquisition request content-data, send key updating message at least one time at requesting node, so that source node is encrypted according to the data fragments after the butt joint of the more new key in the key updating message receipts key updating message, and make requesting node according to upgrading secret key decryption subsequent ciphertext segment, realized adopting different keys to encrypt, improved safety of data transmission the different pieces of information segment of same content-data; Simultaneously, different keys (mainly referring to more new key) are initiatively sent to requesting node and source node by its second sending module by server, and requesting node need not to carry out cipher key interaction with server and guaranteed data transmission efficiency.
Another structural representation of the server that Fig. 6 provides for the embodiment of the invention.Present embodiment realizes that based on the foregoing description as shown in Figure 6, the server of present embodiment also comprises: receiver module 61 and return module 62.
Wherein, receiver module 61 is connected with requesting node, is used to receive the node listing request that requesting node sends, and described node listing request comprises content-data information; Return module 62, be connected with requesting node, be used for obtaining source node information, and to the tabulation of requesting node return node, described node listing comprises the source node information of content-data information correspondence according to content-data information with receiver module 61.
Above-mentioned each functional module can be used for carrying out the flow process of the P2P data capture method that the above embodiment of the present invention provides, and its concrete operation principle repeats no more.
Further, second sending module 52 comprises: processing unit, generation unit and transmitting element.Wherein, processing unit is used for according to content-data information, selects first new key more from pool of keys, perhaps according to content-data information, generates first new key more, and stores in the pool of keys; Generation unit is used for generating the first key updating message according to first new key more; Transmitting element is used for the first key updating message is sent to requesting node and source node.
Each functional unit of present embodiment second sending module can be used for carrying out the flow process of the transmission first key updating message that said method embodiment of the present invention provides, and its concrete operation principle sees also the description of method embodiment, does not repeat them here.
The another kind of structural representation of the server that Fig. 7 provides for the embodiment of the invention.Present embodiment can realize that as shown in Figure 7, the server of present embodiment also comprises based on the foregoing description: enquiry module 71, removing module 72 and generation module 73.
Wherein, enquiry module 71 is connected with pool of keys, is used for the query key pond; Removing module 72 is connected with pool of keys, is used for deleting the key of pool of keys life period greater than default life cycle; Generation module 73 is connected with removing module 72 with pool of keys, is used for according to deleted key, and generation second is new key more, to upgrade pool of keys.
Wherein, the above-mentioned functions module can be used for carrying out the flow process of the P2P data capture method that the inventive method embodiment provides, and is mainly used in pool of keys is upgraded, and its concrete operation principle sees the description of method embodiment for details, does not repeat them here.By above-mentioned module, the server of present embodiment can upgrade the key in the pool of keys, with there being the key deletion of certain hour, has improved the confidentiality of key, and then has improved the fail safe when carrying out transfer of data based on the key in the pool of keys.
The structural representation of the P2P data-acquisition system that Fig. 8 provides for the embodiment of the invention.As shown in Figure 8, the system of present embodiment comprises: source node 81, requesting node 82 and server 83.Wherein, source node 81 is connected with requesting node 82 with server 83 respectively, and requesting node 82 also is connected with server 83.
Wherein, the server that server in the present embodiment 83 adopts the above embodiment of the present invention to provide, its structure can be referring to Fig. 5-shown in Figure 7, and its operation principle can not repeat them here referring to the description of said method embodiment.Based on this, the groundwork principle of present embodiment system is as follows:
The node listing request that requesting node 82 sends to server 83, described node listing request comprises content-data information; Server 83 obtains the source node information that requesting node 82 provides service that can be according to content-data information, and to the tabulation of requesting node 82 return nodes, described node listing comprises the source node information of described content-data information correspondence; The node listing that requesting node 82 reception servers 83 return.
The P2P data-acquisition system that present embodiment provides, can be used for carrying out the flow process of the P2P data capture method that the above embodiment of the present invention provides, specifically at requesting node in the process of source node acquisition request content-data, at least once carry the more key updating message of new key to source node and requesting node transmission by server, encrypt and carry the key updating sign by the source node data fragments that butt joint is received after the key updating message according to new key more, and requesting node adopts the corresponding secret key decryption data encrypted segment of upgrading according to the key updating sign, finally obtains content-data.In the present embodiment, the different pieces of information segment of same content-data can adopt different keys to encrypt, and has guaranteed safety of data transmission; And different keys are initiatively issued to requesting node and source node by server, and requesting node need not to carry out cipher key interaction with server and guaranteed data transmission efficiency; In addition, source node is by adding the key updating sign in the ciphertext segment that sends in the present embodiment, requesting node identification corresponding secret key is decrypted the ciphertext segment, each node need not to store the corresponding relation between different keys, data fragments and other nodes, disposal ability to node requires lower, easy to implement.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be finished by the relevant hardware of program command, aforesaid program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (10)
1. a Point-to-Point Data acquisition methods is characterized in that, comprising:
The initial key that source node issues according to server, first data fragments of encrypted content data forms the first ciphertext segment, and the described first ciphertext segment is sent to requesting node;
Described server sends one time first key updating message to described request node and described source node at least, and the described first key updating message comprises first new key more;
Described source node upgrades second data fragments of the described content-data of secret key encryption according to described first, and adds the key updating sign in described second data fragments, forms the second ciphertext segment, and sends the described second ciphertext segment to the described request node;
The described request node receives the described second ciphertext segment, adopts the corresponding described second ciphertext segment of the first renewal secret key decryption of described key updating sign, to obtain described content-data.
2. Point-to-Point Data acquisition methods according to claim 1 is characterized in that, at the initial key that source node issues according to server, first data fragments of encrypted content data also comprises before forming the first ciphertext segment:
The described request node is to described server sending node list request, and described node listing request comprises content-data information;
Described server comprises the source node information of described content-data information correspondence to the tabulation of described request node return node in the described node listing;
Described server sends described initial key to described request node and described source node.
3. Point-to-Point Data acquisition methods according to claim 2 is characterized in that, described server comprises to described request node and one time first key updating message of described source node transmission at least:
Described server is according to described content-data information, selects described first new key more from pool of keys, perhaps according to described content-data information, generates described first new key more, and with described first more new key store in the described pool of keys;
Described server generates the described first key updating message according to described first new key more;
Described server sends to described request node and described source node with the described first key updating message.
4. Point-to-Point Data acquisition methods according to claim 3 is characterized in that, also comprises:
The described pool of keys of described server lookup;
Described server is deleted the key greater than default life cycle of life period in the described pool of keys;
Described server is according to deleted key, and generation second is new key more, to upgrade described pool of keys.
5. a server is characterized in that, comprising:
First sending module, be used for sending initial key to source node and requesting node, so that described source node forms the first ciphertext segment according to first data fragments of described initial key encrypted content data, and make the described request node decipher the described first ciphertext segment according to described initial key;
Second sending module, be used for after described first sending module sends described initial key, at least send one time first key updating message to described request node and described source node, the described first key updating message comprises first new key more, so that described source node forms the second ciphertext segment according to described first second data fragments that upgrades the described content-data of secret key encryption, and make the described request node upgrade the described second ciphertext segment of secret key decryption according to described first, to obtain described content-data.
6. server according to claim 5 is characterized in that, also comprises:
Receiver module is used to receive the node listing request that the described request node sends, and described node listing request comprises content-data information;
Return module, be used for to the tabulation of described request node return node, described node listing comprises the source node information of described content-data information correspondence.
7. server according to claim 6 is characterized in that, described second sending module comprises:
Processing unit is used for according to described content-data information, selects described first new key more from pool of keys, perhaps according to described content-data information, generates described first new key more, and stores in the described pool of keys;
Generation unit is used for generating the described first key updating message according to described first new key more;
Transmitting element is used for the described first key updating message is sent to described request node and described source node.
8. server according to claim 7 is characterized in that, also comprises:
Enquiry module is used to inquire about described pool of keys;
Removing module is used for deleting the key of described pool of keys life period greater than default life cycle;
Generation module is used for according to deleted key, and generation second is new key more, to upgrade described pool of keys.
9. one kind comprises as the Point-to-Point Data of each described server of claim 5-8 and obtains system, it is characterized in that, also comprises: source node and requesting node;
The described request node is used to receive the first key updating message that described server sends, and the described first key updating message comprises first new key more; And be used to receive the first ciphertext segment and the second ciphertext segment that described source node sends, and according to the described second ciphertext segment of the described first renewal secret key decryption, to obtain content-data;
Described source node, be used to receive described initial key and the described first key updating message that described server sends, first data fragments of encrypting described content-data according to described initial key forms the described first ciphertext segment and according to described first second data fragments that upgrades the described content-data of secret key encryption, and in described second data fragments, add the described second ciphertext segment of key updating sign formation, and described first ciphertext segment and the described second ciphertext segment are sent to the described request node.
10. Point-to-Point Data according to claim 9 is obtained system, it is characterized in that, the described request node also is used for to described server sending node list request, described node listing request comprises content-data information, and receiving the node listing that described server returns, described node listing comprises the source node information of described content-data information correspondence; And be used to receive the described initial key that described server sends, and decipher the described first ciphertext segment according to described initial key, to obtain described content-data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010590870 CN102065135B (en) | 2010-12-15 | 2010-12-15 | Peer to peer data acquisition method, system and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010590870 CN102065135B (en) | 2010-12-15 | 2010-12-15 | Peer to peer data acquisition method, system and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102065135A true CN102065135A (en) | 2011-05-18 |
| CN102065135B CN102065135B (en) | 2013-02-13 |
Family
ID=44000234
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010590870 Active CN102065135B (en) | 2010-12-15 | 2010-12-15 | Peer to peer data acquisition method, system and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102065135B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104935433A (en) * | 2015-03-13 | 2015-09-23 | 天地融科技股份有限公司 | Secret key-hopping method during communication process, communication device and communication system |
| CN109246695A (en) * | 2018-10-24 | 2019-01-18 | 深圳市鼎晟开元科技有限公司 | Data transmission method, device and computer readable storage medium |
| CN110912941A (en) * | 2019-12-27 | 2020-03-24 | 北京四达时代软件技术股份有限公司 | Transmission processing method and device for multicast data |
| WO2022003449A1 (en) * | 2020-07-02 | 2022-01-06 | International Business Machines Corporation | Secure secret recovery |
| WO2022144643A1 (en) * | 2020-12-30 | 2022-07-07 | International Business Machines Corporation | Secure memory sharing |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1256599A (en) * | 1998-11-09 | 2000-06-14 | 朗迅科技公司 | Effective discrimination using key update |
| CN1650570A (en) * | 2002-04-30 | 2005-08-03 | 国际商业机器公司 | Encrypted communication system, key delivery server thereof, terminal device and key sharing method |
-
2010
- 2010-12-15 CN CN 201010590870 patent/CN102065135B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1256599A (en) * | 1998-11-09 | 2000-06-14 | 朗迅科技公司 | Effective discrimination using key update |
| CN1650570A (en) * | 2002-04-30 | 2005-08-03 | 国际商业机器公司 | Encrypted communication system, key delivery server thereof, terminal device and key sharing method |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104935433A (en) * | 2015-03-13 | 2015-09-23 | 天地融科技股份有限公司 | Secret key-hopping method during communication process, communication device and communication system |
| CN104935433B (en) * | 2015-03-13 | 2018-11-16 | 天地融科技股份有限公司 | Method, communication device and the communication system of key jump in a kind of communication process |
| CN109246695A (en) * | 2018-10-24 | 2019-01-18 | 深圳市鼎晟开元科技有限公司 | Data transmission method, device and computer readable storage medium |
| CN110912941A (en) * | 2019-12-27 | 2020-03-24 | 北京四达时代软件技术股份有限公司 | Transmission processing method and device for multicast data |
| WO2022003449A1 (en) * | 2020-07-02 | 2022-01-06 | International Business Machines Corporation | Secure secret recovery |
| GB2611966A (en) * | 2020-07-02 | 2023-04-19 | Ibm | Secure secret recovery |
| WO2022144643A1 (en) * | 2020-12-30 | 2022-07-07 | International Business Machines Corporation | Secure memory sharing |
| GB2616811A (en) * | 2020-12-30 | 2023-09-20 | Ibm | Secure memory sharing |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102065135B (en) | 2013-02-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108259169B (en) | File secure sharing method and system based on block chain cloud storage | |
| EP3453135B1 (en) | System and method for encryption and decryption based on quantum key distribution | |
| CN108418796B (en) | Cloud data multi-copy integrity verification and association deletion method and cloud storage system | |
| JP5894155B2 (en) | Method of file transmission based on distributed storage in a wireless communication system | |
| JP3657396B2 (en) | Key management system, key management apparatus, information encryption apparatus, information decryption apparatus, and storage medium storing program | |
| US20180351734A1 (en) | Cloud storage method and system | |
| CN109768987A (en) | A kind of storage of data file security privacy and sharing method based on block chain | |
| CN105681031B (en) | A kind of storage encryption gateway key management system and method | |
| JP5489301B2 (en) | Encryption key distribution method in mobile broadcast system, method for receiving distribution of encryption key, and system therefor | |
| CN103326850A (en) | Key generating device and key generating method | |
| CN106411504B (en) | Data encryption system, method and device | |
| CN102065135B (en) | Peer to peer data acquisition method, system and server | |
| CN103427998A (en) | Internet data distribution oriented identity authentication and data encryption method | |
| CN109151507B (en) | Video playing system and method | |
| CN101515947A (en) | Method and system for the quick-speed and safe distribution of file based on P2P | |
| CN103220295A (en) | Document encryption and decryption method, device and system | |
| CN101305542B (en) | Method for downloading digital certificate and cryptographic key | |
| US10116442B2 (en) | Data storage apparatus, data updating system, data processing method, and computer readable medium | |
| WO2016040381A1 (en) | Process for secure document exchange | |
| CN101345624B (en) | Document access system and method | |
| CN103973440A (en) | File cloud security management method and system based on CPK | |
| JP2001237872A (en) | Mail system | |
| WO2013075673A1 (en) | Method, system, and server for digital copyright management | |
| CN103856938A (en) | Encryption and decryption method, system and device | |
| CN111010408B (en) | Distributed encryption and decryption method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |