CN102118311A - Data transmission method - Google Patents
Data transmission method Download PDFInfo
- Publication number
- CN102118311A CN102118311A CN2011100246370A CN201110024637A CN102118311A CN 102118311 A CN102118311 A CN 102118311A CN 2011100246370 A CN2011100246370 A CN 2011100246370A CN 201110024637 A CN201110024637 A CN 201110024637A CN 102118311 A CN102118311 A CN 102118311A
- Authority
- CN
- China
- Prior art keywords
- switch
- data
- subscription client
- ciphertext
- opposite equip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 19
- 238000000034 method Methods 0.000 title claims abstract description 19
- 230000004044 response Effects 0.000 claims description 18
- 230000002452 interceptive effect Effects 0.000 claims description 3
- 238000004364 calculation method Methods 0.000 description 5
- 238000012546 transfer Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a data transmission method. In the method, data switching equipment reads setting information in a specified storage area and performs initialization; after a password input by a user is successfully authenticated, the connection of the data switching equipment with a user client-side is established; after the data switching equipment receives data from the user client-side, the data switching equipment is disconnected with the user client-side; the data switching equipment decrypts ciphertext and is connected with equipment at the opposite end; and after a private key of the equipment at the opposite end is used to encrypt the ciphertext, the data switching equipment sends the encrypted ciphertext to the equipment at the opposite end, and then is disconnected with the equipment at the opposite end. By using the method, the safe and accurate data transmission between data switching devices can be realized.
Description
Technical field
The present invention relates to the transfer of data in the computer network, saying so exactly is applied to guarantee the accurately method for interchanging data of exchange of information security between data exchange service device and the data receiver.
Background technology
The extensive use of computer network is a revolution of current information-intensive society.The development of network applications such as e-commerce and e-government and popularize not only brings great convenience to life, and creating great riches, the global IT wave that with Internet is representative is deep day by day, the application of information network technique is popularized just day by day and is extensive, application level deepens continuously, application especially from traditional, small-sized operation system gradually to large-scale, key business system extension.
When the application of network brings great convenience for our live and work, also exist many potential safety hazards, widely hacker's behavior known to the network user and attack activity are just with annual 10 times speed increment, network and information security issue become increasingly conspicuous, and have become the major issue that influences national security, social stability and people's lives.In the existing diverse network safe practice, firewall technology can solve some network security problems to a certain extent, but firewall product exists limitation.Its maximum limitation is exactly that fire compartment wall self can not guarantee whether safety of its data of permit letting pass, and can not defend the attack from inside, can not defend to walk around the attack of fire compartment wall, can not defend new threat fully.
So attacking, new operating system leak and network layer emerge in an endless stream, the incident of breaking through fire compartment wall, attack computer network is also more and more, therefore, how to guarantee between DEU data exchange unit, to carry out safety, exchanges data exactly, become each network security manufacturer and user's joint demand and target.
Summary of the invention
Technical problem to be solved by this invention is to overcome the deficiencies in the prior art, and the next effective protecting network of more perfect network security crime prevention system system is provided.
This technical scheme realizes that by subscription client, switch and opposite equip. this method may further comprise the steps:
A. log-on data switching equipment;
B. switch reads configuration information and carries out initialization operation from specified memory, this configuration information is solidificated in the read-only memory of this switch, and each startup can only be read once, wherein the preliminary examination operation comprises that data memory area formats, and has comprised the key information of subscription client and opposite equip. in the configuration information;
C. after the load operation that detects the user password dish, subscription client is entered password by interactive interface prompting user; After the user correctly entered password, subscription client read address, user name and the password of the switch of storing in the user password dish, and foundation is connected with switch, and carries out identification authentication; After the authentication success, switch and subscription client connect;
D. subscription client uses the key in the user password dish that the data that needs transmit are encrypted, and the ciphertext after will encrypting is kept in the transmission memory block of subscription client, and, in this solicited message, comprised the size information of ciphertext to switch transmission solicited message;
E. switch is after the request of receiving, obtain the size information that comprises in the solicited message, and compare with the size of receiving area, if size less than the receiving area, then the ciphertext in the transmission memory block of subscription client is read to the receiving area in the switch, and being connected between disconnection and the subscription client;
F. included key information is decrypted ciphertext in the switch use configuration information, and the data after will deciphering are kept in the sending zone of self;
G. switch sends connecting request to opposite equip., and carries authentication information in solicited message, and after opposite equip. is received connection request, obtain authentication information, and carry out authentication, after authentication is passed through, being connected between foundation and the switch;
H. switch uses the key of opposite equip. that the data in the sending zone are encrypted, and the ciphertext that generates sent to opposite equip., after opposite equip. receives ciphertext, use the key of self that ciphertext is decrypted, and after deciphering is finished, return and finish response to switch, switch receive finish response after, disconnect and being connected of opposite equip., the format memory block, and carry out power-off operation;
Wherein, at synchronization, switch can only be connected with subscription client or opposite equip. one side.
The invention has the beneficial effects as follows: because at synchronization, switch can only be connected with subscription client or opposite equip. one side, the transmit leg of data can not directly be connected with the recipient, has guaranteed transmit leg and the recipient safety of data separately; Simultaneously, after data are carried out encryption, send again, further improved the fail safe of exchanges data; In addition, because switch is only finished data exchange operation one time after startup, and after data exchange operation runs succeeded, processing and shutdown are formatd in the memory block, so just prevent the possibility of leak data from switch, further improved safety of data transmission.
Step e in the described method further comprises:
If E1. greater than the size of receiving area, then switch returns the refusal response to subscription client, in this refusal response, carried the size information of receiving area in the switch;
E2. after receiving the refusal response, subscription client will send data and split according to the size information in the response, and the data after splitting are numbered;
Step H in the described method further comprises:
H1. the data after the deciphering are merged into complete data according to numbering;
The present invention is a kind of method of transfer of data, and this method has adopted following multiple measure effectively to guarantee the safety of user data in conjunction with isolating transmission and two kinds of technology of file encryption:
A. user data uploads to switch again behind local cipher, can illegally not stolen when transmitting and store to guarantee user data, makes the user can use this business to carry out the strange land storage of critical data relievedly.
B. switch uses transmit leg and recipient's key-pair file to encrypt respectively, and does not carry the key of ciphertext in transfer files, has improved the fail safe of data in transmission course.
Description of drawings
Fig. 1 is the operating process block diagram of the method for a kind of transfer of data of the present invention.
Fig. 2 is a system architecture diagram of the present invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with accompanying drawing.
Referring to Fig. 1 and Fig. 2, the present invention is a kind of method of transfer of data, mainly carries out associative operation by subscription client, switch and opposite equip., comprises the following steps:
A. log-on data switching equipment;
B. switch reads configuration information and carries out initialization operation from specified memory, this configuration information is solidificated in the read-only memory of this switch, and each startup can only be read once, wherein the preliminary examination operation comprises that data memory area formats, and has comprised the key information of subscription client and opposite equip. in the configuration information;
C. after the load operation that detects the user password dish, wherein, user password dish herein can be the packet that is stored in the subscription client, perhaps preserved the PnP device of user password information etc., subscription client is entered password by interactive interface prompting user, and the soft keyboard that shows on external connection keyboard that the user can be by being connected to subscription client or the subscription client screen is finished input operation; After the user correctly entered password, subscription client read address, user name and the password of the switch of storing in the user password dish, and foundation is connected with switch, and carries out identification authentication; After the authentication success, switch and subscription client connect; If identification authentication is unsuccessful, the switch disconnection is connected with subscription client, and carries out power-off operation;
D. subscription client uses the key in the user password dish that the data that needs transmit are encrypted, cryptographic algorithm comprises at least, Digital Signature Algorithm DSA, RSA public key algorithm by Rivest, Shamir and Adlernan three people invention, data symmetric encipherment algorithm DES, Secure Hash Algorithm SHA-1, Message Digest 5 MD5 etc., and the ciphertext after will encrypting is kept in the transmission memory block of subscription client, and, in this solicited message, comprised the size information of ciphertext to switch transmission solicited message;
E. switch is after the request of receiving, obtain the size information that comprises in the solicited message, and compare with the size of receiving area in self memory device, if size less than the receiving area, then the ciphertext in the transmission memory block of subscription client is read to the receiving area in the switch, and being connected between disconnection and the subscription client;
If E1. greater than the size of receiving area, then switch returns the refusal response to subscription client, in this refusal response, carried the size information of receiving area in the switch;
E2. after receiving the refusal response, subscription client will send data and split according to the size information in the response, and the data after splitting are numbered;
F. included key information is decrypted ciphertext in the switch use configuration information, and the data after will deciphering are kept in the sending zone of self;
Receiving area and sending zone are in the switch two independently storage areas, and both sizes can be identical or different;
G. switch sends the request of connecting to opposite equip., and in solicited message, carry authentication information, this authentication information can be the key of opposite equip., after opposite equip. is received connection request, obtain authentication information, and carry out authentication, after authentication is passed through, set up with switch between be connected;
H. switch uses the key of opposite equip. that the data in the sending zone are encrypted, and the ciphertext that generates sent to opposite equip., after opposite equip. receives ciphertext, use the key of self that ciphertext is decrypted, and after deciphering is finished, return and finish response to switch, switch receive finish response after, disconnect and being connected of opposite equip., the format memory block, and carry out power-off operation;
H1. the data after the deciphering are merged into complete data according to numbering;
Obviously, those skilled in the art should be understood that, above-mentioned each step of the present invention can realize with the general calculation device, they can concentrate on the single calculation element, perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in the storage device and carry out by calculation element, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (3)
1. a data transmission method is characterized in that: comprise the following steps: at least
A. log-on data switching equipment;
B. switch reads configuration information and carries out initialization operation from specified memory, this configuration information is solidificated in the read-only memory of this switch, and each startup can only be read once, wherein the preliminary examination operation comprises that data memory area formats, and has comprised the key information of subscription client and opposite equip. in the configuration information;
C. after the load operation that detects the user password dish, subscription client is entered password by interactive interface prompting user; After the user correctly entered password, subscription client read address, user name and the password of the switch of storing in the user password dish, and foundation is connected with switch, and carries out identification authentication; After the authentication success, switch and subscription client connect;
D. subscription client uses the key in the user password dish that the data that needs transmit are encrypted, and the ciphertext after will encrypting is kept in the transmission memory block of subscription client, and, in this solicited message, comprised the size information of ciphertext to switch transmission solicited message;
E. switch is after the request of receiving, obtain the size information that comprises in the solicited message, and compare with the size of receiving area, if size less than the receiving area, then the ciphertext in the transmission memory block of subscription client is read to the receiving area in the switch, and being connected between disconnection and the subscription client;
F. switch uses the key information of subscription client included in the configuration information that ciphertext is decrypted, and the data after will deciphering are kept in the sending zone of self;
G. switch sends connecting request to opposite equip., and carries authentication information in solicited message, and after opposite equip. is received connection request, obtain authentication information, and carry out authentication, after authentication is passed through, being connected between foundation and the switch;
H. switch uses the key of opposite equip. that the data in the sending zone are encrypted, and the ciphertext that generates sent to opposite equip., after opposite equip. receives ciphertext, use the key of self that ciphertext is decrypted, and after deciphering is finished, return and finish response to switch, switch receive finish response after, disconnect and being connected of opposite equip., the format memory block, and carry out power-off operation;
Wherein, at synchronization, switch can only be connected with subscription client or opposite equip. one side.
2. according to the data transmission method described in the claim 1, it is characterized in that: further may further comprise the steps in the described step e:
If E1. greater than the size of receiving area, then switch returns the refusal response to subscription client, in this refusal response, carried the size information of receiving area in the switch;
E2. after receiving the refusal response, subscription client will send data and split according to the size information in the response, and the data after splitting are numbered.
3. according to the data transmission method described in the claim 1 to 2, it is characterized in that: the step H in the described method further comprises:
H1. the data after the deciphering are merged into complete data according to numbering.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100246370A CN102118311B (en) | 2011-01-21 | 2011-01-21 | Data transmission method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100246370A CN102118311B (en) | 2011-01-21 | 2011-01-21 | Data transmission method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102118311A true CN102118311A (en) | 2011-07-06 |
| CN102118311B CN102118311B (en) | 2012-06-13 |
Family
ID=44216913
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100246370A Expired - Fee Related CN102118311B (en) | 2011-01-21 | 2011-01-21 | Data transmission method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102118311B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103139208A (en) * | 2013-02-01 | 2013-06-05 | 宁波市胜源技术转移有限公司 | Data exchanging method |
| CN103200170A (en) * | 2013-02-01 | 2013-07-10 | 宁波市胜源技术转移有限公司 | Data exchange method |
| CN105933217A (en) * | 2016-07-14 | 2016-09-07 | 北京元心科技有限公司 | Message synchronization method and platform, network server and adaptive server |
| CN106534275A (en) * | 2016-10-25 | 2017-03-22 | 公安部第三研究所 | Universal safe and reliable data switching method |
| CN108092978A (en) * | 2017-12-19 | 2018-05-29 | 贵州数据宝网络科技有限公司 | A kind of data safety exchange system and method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090235102A1 (en) * | 2008-03-03 | 2009-09-17 | Canon Kabushiki Kaisha | Information processing apparatus and control method thereof |
| CN101593165A (en) * | 2009-04-09 | 2009-12-02 | 上海微电子装备有限公司 | Duplex communication method based on double-port RAM |
-
2011
- 2011-01-21 CN CN2011100246370A patent/CN102118311B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090235102A1 (en) * | 2008-03-03 | 2009-09-17 | Canon Kabushiki Kaisha | Information processing apparatus and control method thereof |
| CN101593165A (en) * | 2009-04-09 | 2009-12-02 | 上海微电子装备有限公司 | Duplex communication method based on double-port RAM |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103139208A (en) * | 2013-02-01 | 2013-06-05 | 宁波市胜源技术转移有限公司 | Data exchanging method |
| CN103200170A (en) * | 2013-02-01 | 2013-07-10 | 宁波市胜源技术转移有限公司 | Data exchange method |
| CN105933217A (en) * | 2016-07-14 | 2016-09-07 | 北京元心科技有限公司 | Message synchronization method and platform, network server and adaptive server |
| CN105933217B (en) * | 2016-07-14 | 2019-11-08 | 北京元心科技有限公司 | Message synchronization method and platform, network server and adaptive server |
| CN106534275A (en) * | 2016-10-25 | 2017-03-22 | 公安部第三研究所 | Universal safe and reliable data switching method |
| CN106534275B (en) * | 2016-10-25 | 2019-12-06 | 公安部第三研究所 | Universal safe and reliable data exchange method |
| CN108092978A (en) * | 2017-12-19 | 2018-05-29 | 贵州数据宝网络科技有限公司 | A kind of data safety exchange system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102118311B (en) | 2012-06-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10785019B2 (en) | Data transmission method and apparatus | |
| CN106656476B (en) | Password protection method and device and computer readable storage medium | |
| EP3289723B1 (en) | Encryption system, encryption key wallet and method | |
| CN105162772A (en) | IoT equipment authentication and key agreement method and device | |
| CN102333093A (en) | Data encryption transmission method and system | |
| CN104660605A (en) | Multi-factor identity authentication method and system | |
| CN102664898A (en) | Fingerprint identification-based encrypted transmission method, fingerprint identification-based encrypted transmission device and fingerprint identification-based encrypted transmission system | |
| US20190199722A1 (en) | Systems and methods for networked computing | |
| CN102833246A (en) | Social video information security method and system | |
| CN103546421A (en) | Network work communication security and secrecy system on basis of PKI (public key infrastructure) technology and method for implementing network work communication security and secrecy system | |
| CN112822177B (en) | Data transmission method, device, equipment and storage medium | |
| CN104753953A (en) | Access control system | |
| CN102118311B (en) | Data transmission method | |
| WO2005088892A1 (en) | A method of virtual challenge response authentication | |
| CN108632251A (en) | Authentic authentication method based on cloud computing data service and its Encryption Algorithm | |
| CN112187757A (en) | Multilink privacy data circulation system and method | |
| KR101760376B1 (en) | Terminal and method for providing secure messenger service | |
| CN112020037A (en) | Domestic communication encryption method suitable for rail transit | |
| CN103200170A (en) | Data exchange method | |
| CN106972928B (en) | Bastion machine private key management method, device and system | |
| CN109412799A (en) | System and method for generating local key | |
| CN109194650A (en) | Encrypted transmission method based on the remote encryption transmission system of file | |
| CN111698263B (en) | Beidou satellite navigation data transmission method and system | |
| CN103139208A (en) | Data exchanging method | |
| CN112688781A (en) | Key processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: QIU JIANMIN Free format text: FORMER OWNER: NINGBO SHENGYUAN TECHNOLOGY TRANSMISSION CO., LTD. Effective date: 20130802 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 315192 NINGBO, ZHEJIANG PROVINCE TO: 518000 SHENZHEN, GUANGDONG PROVINCE |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20130802 Address after: 4 building, No. 51, Qing Qing village, Shenzhen, Guangdong, Luohu District 518000, China Patentee after: Qiu Jianmin Address before: 315192 Ningbo, Yinzhou District Zhong Gong Temple Street, Temple Road, No. 285 Patentee before: Ningbo Shengyuan Technology Transmission Co., Ltd. |
|
| ASS | Succession or assignment of patent right |
Owner name: SHENZHEN GAOQIN INFORMATION TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: QIU JIANMIN Effective date: 20150403 |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20150403 Address after: Shenzhen Nanshan District City, Guangdong province 518000 Liuxian Avenue No. 1183 Nanshan valley landscape building A floor 5 Patentee after: Shenzhen high tech Information Technology Co., Ltd. Address before: 4 building, No. 51, Qing Qing village, Shenzhen, Guangdong, Luohu District 518000, China Patentee before: Qiu Jianmin |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120613 Termination date: 20190121 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |