Embodiment
Be not suitable for the encrypted transmission that data volume is larger and be not suitable for the problem of multi-party communication in order to solve correlation technique, the invention provides a kind of data encryption and transmission method and system of message-oriented middleware, wherein, method comprises: dispensing device uses the first key to be encrypted the solid data that will send, and the first encrypt data that encryption is obtained sends to data exchange service device; Data exchange service device uses the first key to be decrypted the first encrypt data receiving; The solid data that data exchange service device uses the second key to obtain deciphering is encrypted, and the second encrypt data that encryption is obtained sends to receiving system; The second encrypt data that receiving system uses the second secret key decryption to receive, obtains solid data.Data encryption and transmission method of the present invention and system are very fast for the speed of the encryption and decryption of data, are applicable to the encrypted transmission of Volume data, and the cipher key change that sending and receiving both sides needn't be extra, have simplified operation.In addition,, for the exchanges data between enterprise application system provides the multiple encipher transmit modes such as point-to-point a, point-to-multipoint, broadcast mode, improved confidentiality and the fail safe of data in transmission over networks.
Below with reference to the accompanying drawings and in conjunction with the embodiments, describe the present invention in detail.
Fig. 1 shows according to the flow chart of the data encryption and transmission method of the message-oriented middleware of the embodiment of the present invention, comprises the following steps:
Step S101, dispensing device uses the first key to be encrypted the solid data that will send, and the first encrypt data that encryption is obtained sends to data exchange service device;
Step S102, data exchange service device uses the first key to be decrypted the first encrypt data receiving;
Step S103, the solid data that data exchange service device uses the second key to obtain deciphering is encrypted, and the second encrypt data that encryption is obtained sends to receiving system;
Step S104, the second encrypt data that receiving system uses the second secret key decryption to receive, obtains solid data.
This embodiment is owing to forwarding the solid data of encrypting by data exchange service device, and be to adopt symmetric encipherment algorithm to be encrypted to the encryption of solid data, encrypt, deciphering speed is fast, be not suitable for the encrypted transmission that data volume is larger and be not suitable for the problem of multi-party communication thereby solved correlation technique.This embodiment has realized the encrypted transmission scheme in message-oriented middleware (Message-OrientedMiddleware, MOM) field, very fast for the speed of the encryption and decryption of data, is applicable to the encrypted transmission of Volume data.
Preferably, pre-stored in the database of storage device or disk file have user profile, and user profile comprises user name and entry password.
The first key in above-mentioned steps S101 is the entry password that sends user, and step S101 comprises: dispensing device uses the transmission user's who sends user's input entry password to be encrypted the solid data that will send; The information of the send mode that the first encrypt data that dispensing device obtains encryption and transmission user specify sends to data exchange service device.
Wherein, the information of send mode comprises: the send mode such as point-to-point a, point-to-multipoint or broadcast; When send mode is point-to-point or when a point-to-multipoint send mode, the information of described send mode also comprises the user name or the user name list that receive user.By providing multiple send mode that the multiple encipher transmit modes such as point-to-point (clean culture), a point-to-multipoint (multicast), broadcast mode are provided for the exchanges data between enterprise application system, improve confidentiality and the fail safe of data in transmission over networks.
Step S102 comprises: data exchange service device receives after the first encrypt data, finds the entry password that sends user from storage device; Data exchange service device uses the entry password that sends user to decipher the first encrypt data, obtains solid data.
The second key in above-mentioned steps S103 is to receive user's entry password, and step S103 comprises: data exchange service device obtains routing table according to the information of send mode and the message routing rule that sets in advance; Data exchange service device travels through each reception user in routing table successively, from storage device, find current reception user's entry password according to current reception user's user name, and use current reception user's entry password encryption entity data, obtain the second encrypt data; According to routing table, the second encrypt data is sent to current receiving system corresponding to reception user.In the time that send mode is a point-to-multipoint or broadcast mode, reception user in routing table may be multiple, now, the entry password encryption entity data that need to use successively each to receive user, and send to each to receive receiving system corresponding to user the second encrypt data obtaining after encrypting.
Step S104 comprises: receiving system uses the reception user's who receives user's input entry password to be decrypted the second encrypt data receiving, and obtains solid data.
Above preferred embodiment provides the specific embodiments of the data encryption and transmission method of message-oriented middleware of the present invention.By data exchange service device access to storage device, from storage device, search pre-stored user's encrypted message, cipher key change that sending and receiving both sides needn't be extra, simplify operation.
Above-mentioned storage device also can be realized by data exchange service device.User profile (comprising user name and entry password) can pre-storedly also can be stored in data exchange service device in data exchange service device another device in addition, is realized the function of storage device by data exchange service device.
Fig. 2 shows according to the schematic diagram of the Data Encrypting Transmission System of the message-oriented middleware of the embodiment of the present invention, comprising:
Dispensing device 10, for using the first key to be encrypted the solid data that will send, and the first encrypt data that encryption is obtained sends to data exchange service device;
Data exchange service device 20, for using the first key to be decrypted the first encrypt data receiving; Also be encrypted for the solid data that uses the second key to obtain deciphering, and the second encrypt data that encryption is obtained sends to receiving system;
Receiving system 30, for the second encrypt data that uses the second secret key decryption to receive, obtains solid data.
Preferably, above-mentioned system also comprises: storage device 40, at its database or disk file is pre-stored user profile, user profile comprises user name and entry password.
Preferably, the first key is the entry password that sends user, and dispensing device 10 comprises: the first encrypting module 101, is encrypted the solid data that will send for the entry password that uses the transmission user who sends user's input; The first sending module 102, sends to data exchange service device for the first encrypt data that encryption is obtained and the information that sends the send mode of user's appointment.
Preferably, data exchange service device 20 comprises: the second receiver module 201, for receiving the first encrypt data; The second deciphering module 202 for receiving after the first encrypt data at the second receiver module 201, finds the entry password that sends user from storage device 40; The entry password that also sends user for using is deciphered the first encrypt data, obtains solid data.
Preferably, the second key is to receive user's entry password, and data exchange service device 20 also comprises: the second sending module 203, obtains routing table according to the information of send mode and the message routing rule that sets in advance; Also for the second encrypt data being sent to according to routing table to the receiving system corresponding to all reception users of routing table;
The second encrypting module 204, for traveling through successively each reception user of routing table, from storage device, find current reception user's entry password according to current reception user's user name, and use current reception user's entry password encryption entity data, obtain the second encrypt data.
Receiving system 30 comprises: the 3rd receiver module 301, for receiving the second encrypt data; The 3rd deciphering module 302, is decrypted for the second encrypt data that uses the reception user's who receives user's input entry password to receive the 3rd receiver module 301, obtains solid data.
Fig. 3 shows the basic framework schematic diagram of Data Encrypting Transmission System according to the preferred embodiment of the invention, receiving system can have multiple (as the receiving system A in figure and receiving system B), support the several data encipher transmit modes such as clean culture, multicast and broadcast, it comprises: dispensing device, data exchange service device, receiving system.
As shown in Figure 4, the workflow of entirety comprises the steps:
Step 401, the solid data that transmission user will send is given dispensing device, and specify message send mode.Be a byte arrays data that length is 4096 bytes as specified the data that will send herein, send mode is broadcast.
Step 402, the entry password (being assumed to 123456 herein) that dispensing device utilization sends user is encrypted the solid data data specifying in step 401 as password, obtains transmit leg solid data ciphertext encdata0 (being the first above-mentioned encrypt data).
Step 403, the transmit leg solid data ciphertext encdata0 obtaining in step 402 is sent to data exchange service device by dispensing device.
Step 404, the transmit leg solid data ciphertext encdata0 that data exchange service device transmission and reception apparatus sends; Data exchange service device obtains routing table according to message routing rule, supposes that route results has two to receive user herein, its login App1 by name and App2.
Step 405, data exchange service device obtains sending user's entry password (being 123456) herein from storage device, and uses this entry password to be decrypted transmit leg solid data ciphertext, obtains solid data data.
Step 406, data exchange service device obtains receiving the login password of user App1 from user's storage device, be assumed to abc123 herein, use this login password to be encrypted solid data, obtain recipient's solid data ciphertext encdata1 (being the second above-mentioned encrypt data).
Step 407, data exchange service device sends to the recipient's solid data ciphertext encdata1 obtaining in step 306 to receive receiving system A corresponding to user App1.Data exchange service device according to the routing table obtaining in step 404 to App2 repeating step 406 and step 407, until send the data to routing table each receive user.
Step 408, receiving system A receives recipient's solid data ciphertext encdata1 of data exchange service device.
Step 409, receiving system A uses the entry password (being abc123) that receives user App1 to be decrypted solid data ciphertext encdata1 herein, obtains the True Data data of transmitting terminal transmission, completes encrypted data transmission process one time.
Fig. 5 shows the workflow diagram of dispensing device according to the preferred embodiment of the invention, comprises the following steps:
Step S501, dispensing device receives the message modes such as send user's solid data that will send and send that user specifies point-to-point, a point-to-multipoint or broadcast;
Step S502, the entry password that dispensing device utilization sends user is encrypted the solid data of specifying, and obtains transmit leg solid data ciphertext;
Step S503, the transmit leg solid data encrypt data bag obtaining is sent to data exchange service device by dispensing device.
Fig. 6 shows the workflow diagram of data exchange service device according to the preferred embodiment of the invention, comprises the following steps:
Step S601, data exchange service device receives after the packet of dispensing device transmission, obtains transmit leg solid data ciphertext from packet;
Step S602, data exchange service device obtains sending user's entry password from storage device, and uses this transmission user's entry password to be decrypted transmit leg solid data ciphertext, obtains solid data;
Step S603, data exchange service device obtains routing table according to message routing rule, and swap server obtains receiving terminal list from routing table;
Step S604, data exchange service device obtains receiving user's entry password from storage device, and uses this entry password to be encrypted solid data, obtains recipient's solid data ciphertext;
Step S605, the recipient's solid data ciphertext obtaining is sent to receiving system by data exchange service device.
Step S606, data exchange service judges whether solid data to be encrypted and is transmitted to all reception users according to the routing table obtaining, if not, continue next receiving terminal repeating step S604 and step S605, until solid data is encrypted to each the reception user who sends in routing table.
Fig. 7 shows the workflow diagram of receiving system according to the preferred embodiment of the invention, comprises the following steps:
Step S701, receiving system receives that data exchange service device forwards recipient's solid data ciphertext of coming;
Step S702, receiving system uses the entry password that receives user to be decrypted described recipient's solid data ciphertext, obtains the True Data of transmitting terminal transmission, completes encrypted transmission process one time.
Adopt data encryption and transmission method of the present invention and system can improve data transmission security and the data transmission performance between application system, can ensure the data of data after transmission over networks is encrypted, prevent that disabled user from tackling after the data of transmission for illegal objective, ensures the fail safe of transfer of data.
As can be seen from the above description, the above embodiments of the present invention have realized following technique effect:
(1) very fast for the speed of the encryption and decryption of data, be applicable to the encrypted transmission of Volume data;
(2) sending and receiving both sides needn't be extra cipher key change, simplified operation;
(3) provide multiple send mode that the multiple encipher transmit modes such as point-to-point (clean culture), a point-to-multipoint (multicast), broadcast mode are provided for the exchanges data between enterprise application system, improved confidentiality and the fail safe of data in transmission over networks.
Obviously, those skilled in the art should be understood that, above-mentioned of the present invention each module or each step can realize with general calculation element, they can concentrate on single calculation element, or be distributed on the network that multiple calculation elements form, alternatively, they can be realized with the executable program code of calculation element, thereby they can be stored in storage device and be carried out by calculation element, or they are made into respectively to each integrated circuit modules, or the multiple modules in them or step are made into single integrated circuit module to be realized.Like this, the present invention is not restricted to any specific hardware and software combination.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any amendment of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.