CN102118311B - Data transmission method - Google Patents
Data transmission method Download PDFInfo
- Publication number
- CN102118311B CN102118311B CN2011100246370A CN201110024637A CN102118311B CN 102118311 B CN102118311 B CN 102118311B CN 2011100246370 A CN2011100246370 A CN 2011100246370A CN 201110024637 A CN201110024637 A CN 201110024637A CN 102118311 B CN102118311 B CN 102118311B
- Authority
- CN
- China
- Prior art keywords
- switch
- data
- subscription client
- information
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a data transmission method. In the method, data switching equipment reads setting information in a specified storage area and performs initialization; after a password input by a user is successfully authenticated, the connection of the data switching equipment with a user client-side is established; after the data switching equipment receives data from the user client-side, the data switching equipment is disconnected with the user client-side; the data switching equipment decrypts ciphertext and is connected with equipment at the opposite end; and after a private key of the equipment at the opposite end is used to encrypt the ciphertext, the data switching equipment sends the encrypted ciphertext to the equipment at the opposite end, and then is disconnected with the equipment at the opposite end. By using the method, the safe and accurate data transmission between data switching devices can be realized.
Description
Technical field
The present invention relates to the transfer of data in the computer network, saying so exactly is applied to the method for interchanging data that information security accurately exchanges of guaranteeing between data exchange service device and the data receiver.
Background technology
The extensive use of computer network is a revolution of current information-intensive society.The development of network applications such as e-commerce and e-government and popularize not only brings great convenience to life; And creating great riches; The global IT wave that with Internet is representative is deep day by day; The application of information network technique popularize just day by day with extensively, application level deepens continuously, application especially from traditional, small-sized operation system gradually to large-scale, key business system extension.
When the application of network brings great convenience for our live and work; Also exist many potential safety hazards; Hacker's behavior that widely network user knew and attack activity are just with annual 10 times speed increment; Network and information security issue become increasingly conspicuous, and have become the major issue that influences national security, social stability and people's lives.In the existing diverse network safe practice, firewall technology can solve some network security problems to a certain extent, but firewall product exists limitation.Its maximum limitation is exactly that fire compartment wall self can not guarantee whether safety of its data of permit letting pass, and can not defend the attack from inside, can not defend to walk around the attack of fire compartment wall, can not defend new threat fully.
So attacking, new operating system leak and network layer emerge in an endless stream; The incident of breaking through fire compartment wall, attack computer network is also more and more; Therefore; How to guarantee between DEU data exchange unit, to carry out safety, exchanges data exactly, become each network security manufacturer and user's joint demand and target.
Summary of the invention
Technical problem to be solved by this invention is the deficiency that overcomes prior art, and the next effective protecting network of more perfect network security crime prevention system system is provided.
This technical scheme realizes that through subscription client, switch and opposite equip. this method may further comprise the steps:
A. log-on data switching equipment;
B. switch reads the information of setting and carries out initialization operation from specified memory; This is provided with information hardness in the read-only memory of this switch; And each startup can only be read once; Wherein the preliminary examination operation comprises that data memory area formats, and the key information that has comprised subscription client and opposite equip. in the information is set;
C. after the load operation that detects the user password dish, subscription client is entered password through interactive interface prompting user; After the user correctly entered password, subscription client read address, user name and the password of the switch of storing in the user password dish, and foundation is connected with switch, and carries out identification authentication; After the authentication success, switch and subscription client connect;
D. subscription client uses the key in the user password dish that the data that needs transmit are encrypted; And the ciphertext after will encrypting is kept in the transmission memory block of subscription client; And, in this solicited message, comprised the size information of ciphertext to switch transmission solicited message;
E. switch is after the request of receiving; Obtain the size information that comprises in the solicited message; And compare with the size of receiving area; If less than the size of receiving area, then the ciphertext in the transmission memory block of subscription client is read to the receiving area in the switch, and being connected between disconnection and the subscription client;
F. switch uses and key information included in the information to be set ciphertext is deciphered, and the data after will deciphering are kept in the sending zone of self;
G. switch sends connecting request to opposite equip., and in solicited message, carries authentication information, and after opposite equip. is received connection request, obtain authentication information, and carry out authentication, after authentication is passed through, being connected between foundation and the switch;
H. switch uses the key of opposite equip. that the data in the sending zone are encrypted; And the ciphertext that generates sent to opposite equip.; After opposite equip. receives ciphertext; Use the key of self that ciphertext is deciphered; And after the deciphering completion, return the completion response to switch, and switch is after receiving the completion response, and disconnection is connected with opposite equip.; The format memory block, and carry out power-off operation;
Wherein, at synchronization, switch can only be connected with subscription client or opposite equip. one side.
The invention has the beneficial effects as follows: because at synchronization, switch can only be connected with subscription client or opposite equip. one side, the transmit leg of data can not directly be connected with the recipient, has guaranteed transmit leg and the recipient safety of data separately; Simultaneously, after data are carried out encryption, send again, further improved the fail safe of exchanges data; In addition; Because switch is only accomplished data exchange operation one time after startup; And after data exchange operation runs succeeded, processing and shutdown are formatd in the memory block; So just prevented the possibility of leak data from switch, raising further safety of data transmission.
Step e in the said method further comprises:
If E1. greater than the size of receiving area, then switch returns the refusal response to subscription client, in this refusal response, carried the size information of receiving area in the switch;
E2. after receiving the refusal response, subscription client will send data and split according to the size information in the response, and the data after splitting are numbered;
Step H in the said method further comprises:
H1. the data after the deciphering are merged into complete data according to numbering;
The present invention is a kind of method of transfer of data, and this method has adopted following multiple measure effectively to guarantee the safety of user data in conjunction with isolating transmission and two kinds of technology of file encryption:
A. user data uploads to switch again behind local cipher, can illegally not stolen when transmitting and store to guarantee user data, makes the user can use this business to carry out the strange land storage of critical data relievedly.
B. switch uses transmit leg and recipient's key-pair file to encrypt respectively, and in transfer files, does not carry the key of ciphertext, has improved the fail safe of data in transmission course.
Description of drawings
Fig. 1 is the operating process block diagram of the method for a kind of transfer of data of the present invention.
Fig. 2 is a system architecture diagram of the present invention.
Embodiment
For making the object of the invention, technical scheme and advantage clearer, the present invention is made further detailed description below in conjunction with accompanying drawing.
Referring to Fig. 1 and Fig. 2, the present invention is a kind of method of transfer of data, mainly carries out associative operation by subscription client, switch and opposite equip., comprises the following steps:
A. log-on data switching equipment;
B. switch reads the information of setting and carries out initialization operation from specified memory; This is provided with information hardness in the read-only memory of this switch; And each startup can only be read once; Wherein the preliminary examination operation comprises that data memory area formats, and the key information that has comprised subscription client and opposite equip. in the information is set;
C. after the load operation that detects the user password dish; Wherein, The user password dish here can be the packet that is stored in the subscription client; Perhaps preserved the PnP device of user password information etc., subscription client is entered password through interactive interface prompting user, and the soft keyboard that shows on external connection keyboard that the user can be through being connected to subscription client or the subscription client screen is accomplished input operation; After the user correctly entered password, subscription client read address, user name and the password of the switch of storing in the user password dish, and foundation is connected with switch, and carries out identification authentication; After the authentication success, switch and subscription client connect; If identification authentication is unsuccessful, the switch disconnection is connected with subscription client, and carries out power-off operation;
D. subscription client uses the key in the user password dish that the data that needs transmit are encrypted; AES comprises at least; Digital Signature Algorithm DSA; By the RSA public key algorithm of Rivest, Shamir and Adlernan three people invention, data symmetric encipherment algorithm DES, Secure Hash Algorithm SHA-1, Message Digest 5 MD5 etc., and the ciphertext after will encrypting is kept in the transmission memory block of subscription client; And, in this solicited message, comprised the size information of ciphertext to switch transmission solicited message;
E. switch is after the request of receiving; Obtain the size information that comprises in the solicited message; And compare with the size of receiving area in self memory device; If size less than the receiving area; Then the ciphertext in the transmission memory block of subscription client is read to the receiving area in the switch, and being connected between disconnection and the subscription client;
If E1. greater than the size of receiving area, then switch returns the refusal response to subscription client, in this refusal response, carried the size information of receiving area in the switch;
E2. after receiving the refusal response, subscription client will send data and split according to the size information in the response, and the data after splitting are numbered;
F. switch uses and key information included in the information to be set ciphertext is deciphered, and the data after will deciphering are kept in the sending zone of self;
Receiving area and sending zone are in the switch two independently storage areas, and both sizes can be identical or different;
G. switch sends the request of connecting to opposite equip.; And in solicited message, carrying authentication information, this authentication information can be the key of opposite equip., after opposite equip. is received connection request; Obtain authentication information; And carry out authentication, after authentication is passed through, set up with switch between be connected;
H. switch uses the key of opposite equip. that the data in the sending zone are encrypted; And the ciphertext that generates sent to opposite equip.; After opposite equip. receives ciphertext; Use the key of self that ciphertext is deciphered; And after the deciphering completion, return the completion response to switch, and switch is after receiving the completion response, and disconnection is connected with opposite equip.; The format memory block, and carry out power-off operation;
H1. the data after the deciphering are merged into complete data according to numbering;
Obviously, it is apparent to those skilled in the art that above-mentioned each step of the present invention can realize with the general calculation device; They can concentrate on the single calculation element; Perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element; Thereby; Can they be stored in the storage device and carry out, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize by calculation element.Like this, the present invention is not restricted to any specific hardware and software combination.
The above is merely the preferred embodiments of the present invention, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.All within spirit of the present invention and principle, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (3)
1. a data transmission method is characterized in that: comprise the following steps: at least
A. log-on data switching equipment;
B. switch reads the information of setting and carries out initialization operation from specified memory; This is provided with information hardness in the read-only memory of this switch; And each startup can only be read once; Wherein initialization operation comprises that data memory area formats, and the key information that has comprised subscription client and opposite equip. in the information is set;
C. after the load operation that detects the user password dish, subscription client is entered password through interactive interface prompting user; After the user correctly entered password, subscription client read address, user name and the password of the switch of storing in the user password dish, and foundation is connected with switch, and carries out identification authentication; After the authentication success, switch and subscription client connect;
D. subscription client uses the key in the user password dish that the data that needs transmit are encrypted; And the ciphertext after will encrypting is kept in the transmission memory block of subscription client; And, in this solicited message, comprised the size information of ciphertext to switch transmission solicited message;
E. switch is after the request of receiving; Obtain the size information that comprises in the solicited message; And compare with the size of receiving area; If less than the size of receiving area, then the ciphertext in the transmission memory block of subscription client is read to the receiving area in the switch, and being connected between disconnection and the subscription client;
F. switch uses the key information that subscription client included in the information is set that ciphertext is deciphered, and the data after will deciphering are kept in the sending zone of self;
G. switch sends connecting request to opposite equip., and in solicited message, carries authentication information, and after opposite equip. is received connection request, obtain authentication information, and carry out authentication, after authentication is passed through, being connected between foundation and the switch;
H. switch uses the key of opposite equip. that the data in the sending zone are encrypted; And the ciphertext that generates sent to opposite equip.; After opposite equip. receives ciphertext; Use the key of self that ciphertext is deciphered; And after the deciphering completion, return the completion response to switch, and switch is after receiving the completion response, and disconnection is connected with opposite equip.; The format memory block, and carry out power-off operation;
Wherein, at synchronization, switch can only be connected with subscription client or opposite equip. one side.
2. according to the data transmission method described in the claim 1, it is characterized in that: further may further comprise the steps in the said step e:
If E1. greater than the size of receiving area, then switch returns the refusal response to subscription client, in this refusal response, carried the size information of receiving area in the switch;
E2. after receiving the refusal response, subscription client will send data and split according to the size information in the response, and the data after splitting are numbered.
3. data transmission method according to claim 2 is characterized in that: the step H in the said method further comprises:
H1. the data after the deciphering are merged into complete data according to numbering.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100246370A CN102118311B (en) | 2011-01-21 | 2011-01-21 | Data transmission method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100246370A CN102118311B (en) | 2011-01-21 | 2011-01-21 | Data transmission method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102118311A CN102118311A (en) | 2011-07-06 |
| CN102118311B true CN102118311B (en) | 2012-06-13 |
Family
ID=44216913
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100246370A Expired - Fee Related CN102118311B (en) | 2011-01-21 | 2011-01-21 | Data transmission method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102118311B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103139208A (en) * | 2013-02-01 | 2013-06-05 | 宁波市胜源技术转移有限公司 | Data exchanging method |
| CN103200170A (en) * | 2013-02-01 | 2013-07-10 | 宁波市胜源技术转移有限公司 | Data exchange method |
| CN105933217B (en) * | 2016-07-14 | 2019-11-08 | 北京元心科技有限公司 | Message synchronization method and platform, network server and adaptive server |
| CN106534275B (en) * | 2016-10-25 | 2019-12-06 | 公安部第三研究所 | Universal safe and reliable data exchange method |
| CN108092978A (en) * | 2017-12-19 | 2018-05-29 | 贵州数据宝网络科技有限公司 | A kind of data safety exchange system and method |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP5209993B2 (en) * | 2008-03-03 | 2013-06-12 | キヤノン株式会社 | Information processing apparatus and control method thereof |
| CN101593165A (en) * | 2009-04-09 | 2009-12-02 | 上海微电子装备有限公司 | Duplex communication method based on double-port RAM |
-
2011
- 2011-01-21 CN CN2011100246370A patent/CN102118311B/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN102118311A (en) | 2011-07-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10785019B2 (en) | Data transmission method and apparatus | |
| US11063754B2 (en) | Systems, devices, and methods for hybrid secret sharing | |
| US9166793B2 (en) | Efficient authentication for mobile and pervasive computing | |
| CN105162772A (en) | IoT equipment authentication and key agreement method and device | |
| CN101695107B (en) | Method of soft keyboard for safely inputting code of set top box of digital television | |
| US20190199722A1 (en) | Systems and methods for networked computing | |
| CN102333093A (en) | Data encryption transmission method and system | |
| CN102664898A (en) | Fingerprint identification-based encrypted transmission method, fingerprint identification-based encrypted transmission device and fingerprint identification-based encrypted transmission system | |
| CN106302335B (en) | Network monitoring equipment, method, device and system for resetting password thereof and server | |
| CN107770127A (en) | The transmission method and device of a kind of data | |
| CN107896223A (en) | A kind of data processing method and system, data collecting system and data receiving system | |
| CN112822177B (en) | Data transmission method, device, equipment and storage medium | |
| Rege et al. | Bluetooth communication using hybrid encryption algorithm based on AES and RSA | |
| CN102118311B (en) | Data transmission method | |
| CN113726725A (en) | Data encryption and decryption method and device, electronic equipment and storage medium | |
| CN112187757A (en) | Multilink privacy data circulation system and method | |
| US20050210247A1 (en) | Method of virtual challenge response authentication | |
| Barukab et al. | Secure communication using symmetric and asymmetric cryptographic techniques | |
| CN106972928B (en) | Bastion machine private key management method, device and system | |
| CN103200170A (en) | Data exchange method | |
| CN109412799A (en) | System and method for generating local key | |
| KR101754519B1 (en) | Keyboard secure system and method for protecting data input via keyboard using one time key | |
| GB2579884A (en) | Methods and systems of securely transferring data | |
| CN103139208A (en) | Data exchanging method | |
| CN112688781A (en) | Key processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: QIU JIANMIN Free format text: FORMER OWNER: NINGBO SHENGYUAN TECHNOLOGY TRANSMISSION CO., LTD. Effective date: 20130802 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 315192 NINGBO, ZHEJIANG PROVINCE TO: 518000 SHENZHEN, GUANGDONG PROVINCE |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20130802 Address after: 4 building, No. 51, Qing Qing village, Shenzhen, Guangdong, Luohu District 518000, China Patentee after: Qiu Jianmin Address before: 315192 Ningbo, Yinzhou District Zhong Gong Temple Street, Temple Road, No. 285 Patentee before: Ningbo Shengyuan Technology Transmission Co., Ltd. |
|
| ASS | Succession or assignment of patent right |
Owner name: SHENZHEN GAOQIN INFORMATION TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: QIU JIANMIN Effective date: 20150403 |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20150403 Address after: Shenzhen Nanshan District City, Guangdong province 518000 Liuxian Avenue No. 1183 Nanshan valley landscape building A floor 5 Patentee after: Shenzhen high tech Information Technology Co., Ltd. Address before: 4 building, No. 51, Qing Qing village, Shenzhen, Guangdong, Luohu District 518000, China Patentee before: Qiu Jianmin |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120613 Termination date: 20190121 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |