CN103457724A - Method and system for point-to-point data safe transmission - Google Patents
Method and system for point-to-point data safe transmission Download PDFInfo
- Publication number
- CN103457724A CN103457724A CN2012101814120A CN201210181412A CN103457724A CN 103457724 A CN103457724 A CN 103457724A CN 2012101814120 A CN2012101814120 A CN 2012101814120A CN 201210181412 A CN201210181412 A CN 201210181412A CN 103457724 A CN103457724 A CN 103457724A
- Authority
- CN
- China
- Prior art keywords
- target terminal
- safe floor
- terminal
- safe
- initiating terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a method and system for point-to-point data safe transmission. A safe layer is arranged on an application layer of NFC to serve as a sub-layer of the application layer, and the safe layer is responsible for establishing safe connection between nodes of equal communication and conducting encryption data transmission and correctness verification. The method for point-to-point data safe transmission comprises the steps that a random secret key is generated after safe connection of a starting terminal and a target terminal is established; the safe layer of the starting terminal obtains a public key of a target terminal application program from a public key server; the safe layer of the starting terminal utilizes the public key of the target terminal application program to encrypt the random secret key and obtain a ciphertext; the safe layer of the starting terminal sends the ciphertext to a safe layer of the target terminal; the safe layer of the target terminal utilizes a private key of the application program to decode the ciphertext and obtain a random secret key; the safe layer of the target terminal sends a confirmation message of receiving the secret key to the safe layer of the starting terminal; after the safe layer of the starting terminal confirms that the safe layer of the target terminal already receives the secret key, the safe layer of the starting terminal sends a starting connection confirmation message to the starting terminal. The method for point-to-point data safe transmission is a safer NFC point-to-point communication method and can remove the potential safety hazards of an existing network.
Description
Technical field
The present invention relates to near-field communication (Near Field Communication, NFC) technical field, particularly a kind of method and system that carries out the Point-to-Point Data safe transmission in NFC equipment.
Background technology
The NFC technology is by non-contact radio-frequency identification (Radio Frequency Identification at present, RFID) technology and point-to-point communication technological incorporation develop, work in the 13.56MHz frequency range in 0 to 20cm distance, transmission rate with 106kbit/s, 212kbit/s, 424kbit/s is carried out transfer of data, and can between different transmission rates, automatically switch.The NFC technology meets ISO18092, ISO21481, ECMA(340,352 and 356) and the ETSITS102 standard, also compatibility be take ISO14441A as basic inductive intelligent card architecture simultaneously.
NFC has defined three kinds of use patterns: mode card (Card Emulation Mode), point-to-point communication pattern (Peer-to-Peer Communication), read/write card device pattern (Reader/Write Mode).Wherein the point-to-point communication pattern is for realizing the exchanges data between the NFC terminal, by a plurality of linking of devices that possess the NFC function, by the link layer communications agreement, NFC-IP realizes the data point-to-point transmission, as thin as sharing download music, exchange picture or synchronizing address.Therefore by the point-to-point communication pattern of NFC, a plurality of equipment is as carried out wireless transmission, swap data between computer, palmtop PC (Personal Digital Assistant, PDA), digital camera, mobile phone.The protocol architecture of NFC point-to-point communication as shown in Figure 1.
Because the point-to-point communication pattern of NFC is to communicate between NFC equipment by wireless mode, exist monitored, the network security hidden danger such as deception, therefore need to provide a kind of safety data transmission method to the NFC point-to-point communication, wish that this safety data transmission method can make the assailant obtain the transfer of data content by the method for monitoring, in addition, also wish that this safety data transmission method can make the assailant be cheated data transmission procedure, and in the situation that communication channel be disturbed or make mistakes, in the situation that the least possible error data that recovers of expense.
Summary of the invention
In order to address the above problem, the invention provides a kind of method and system that carries out the Point-to-Point Data safe transmission in NFC equipment, safer NFC Point-to-point Communication Method can be provided, substantially solved above-mentioned network security hidden danger.
Method of carrying out the Point-to-Point Data safe transmission of the present invention, arrange the sublayer of safe floor as application layer in the application layer of near-field communication NFC, is responsible for setting up safety and connects between the node of peer-to-peer communications, and carry out encrypted data transmission and verification of correctness, comprising:
Initiating terminal, after being connected with target terminal foundation is safe, generates a random key RandomKey;
The safe floor 312 of initiating terminal obtains the PKI Public_Key_314 of target terminal applications program 314 from public key server; Wherein, the safe floor 312 of initiating terminal, according to the identifier Application_ID_314 of the application program 314 of target terminal, obtains the PKI Public_Key_314 of target terminal applications program 314 from public key server;
The safe floor 312 of initiating terminal is used the PKI Public_Key_314 encrypted random keys RandomKey of target terminal applications program, obtains ciphertext CText;
The safe floor 312 of initiating terminal is sent to described ciphertext CText the safe floor of target terminal;
The private key Private_Key_314 decrypting ciphertext CText of the safe floor 313 use application programs 314 of target terminal, obtain random key RandomKey;
The safe floor 313 of target terminal sends " receiving key confirmation " message to the safe floor 312 of initiating terminal;
The safe floor 312 of initiating terminal, after the safe floor 313 of confirming target terminal has been received key, sends " start to connect and confirm " message to the application program 311 of moving on initiating terminal.
Wherein, before carrying out the application layer security transfer of data, the initiating terminal and the target terminal that participate in transfer of data first will be registered to PKI separately on public key server.
Wherein, initiating terminal is set up safely and is connected and comprises the following steps: with target terminal
The safe floor 312 of initiating terminal will " be set up safe connection request ", and message is sent to the safe floor 313 of target terminal, the identifier Application_ID_311 and the Set_App_Sec that comprise the application program 311 of initiating terminal in this message, wherein Set_App_Sec means that initiating terminal 301 request sets up application layer security data connection response;
The safe floor 313 of target terminal sends to " beginning connection request " message the application program 314 of target terminal, comprises the identifier Application_ID_311 of the application program 311 of initiating terminal in this message;
The application program 314 of target terminal will " start to connect and confirm " message and send to the safe floor 313 of target terminal, comprise the identifier Application_ID_314 of application program 314 in this message;
The safe floor 313 of target terminal will " be set up safety and connect confirmation " message and be sent to the safe floor 312 of initiating terminal, the identifier Application_ID_314 and the Set_App_Sec_Response that comprise application program 314 in this message, wherein Set_App_Sec_Response means that target terminal confirms to set up application layer security data connection response.
Further, message that the safe floor 312 of initiating terminal will " be set up safe connection request " further comprises before being sent to the safe floor 313 of target terminal: the application program 311 of moving on initiating terminal sends and starts connection request message to the safe floor 312 on initiating terminal; Wherein, the identifier Application_ID_311 that comprises initiating terminal application program 311 in this message.
Further, after initiating terminal and target terminal are set up safety and be connected, while carrying out Security Data Transmission, comprise the following steps:
The file data that the application program of moving on initiating terminal sends wish sends to the safe floor of initiating terminal;
The safe floor of initiating terminal is divided into several blocks of files B by file data F
i, the equal and opposite in direction of each blocks of files, used one-way Hash algorithm to calculate the hashed value H of each blocks of files subsequently
i, to carry out verification of correctness;
The safe floor of initiating terminal is used random key RandomKey encrypt file piece B
iwith hashed value H
i, obtain ciphertext C (B
i, H
i);
The safe floor of initiating terminal is by ciphertext C (B
i, H
i) send to the safe floor of target terminal;
The safe floor of target terminal uses random key RandomKey to ciphertext C (B
i, H
i) deciphering, obtain blocks of files B
iwith hashed value H
i;
The safe floor of target terminal is used each blocks of files B of one-way Hash algorithm to obtaining
icalculate hashed value H
i', and with the hashed value H obtained
icompare, if identical, blocks of files B
itransmission is correct, otherwise mistake occurs in the explanation data transmission procedure; If without data transmission fault, the safe floor of target terminal is being confirmed each blocks of files B
iafter all correctly receiving, by B
ibe reassembled into original file data F, and send to the application program of moving on target terminal, so far complete the safety data transmission between initiating terminal and target terminal.
Further, when data transmission fault occurring, need to carry out the error in data processing, specifically comprise:
If the blocks of files B that the safe floor of target terminal obtains
ican't pass through verification of correctness, abandon acquired blocks of files B
i;
The safe floor of target terminal sends " misdata re-transmission " request to the safe floor of initiating terminal, comprises the index number BlockIndex of the blocks of files abandoned in message;
The safe floor of initiating terminal is according to the content of BlockIndex, by ciphertext C (B
blockIndex, H
blockIndex) resend the safe floor to target terminal.
System of carrying out the Point-to-Point Data safe transmission in NFC equipment of the present invention, comprise initiating terminal, target terminal and public key server, and wherein, initiating terminal, for after being connected with target terminal foundation is safe, generate a random key RandomKey; The safe floor 312 of initiating terminal obtains the PKI Public_Key_314 of target terminal applications program 314 from public key server, and uses described PKI Public_Key_314 encrypted random keys RandomKey, obtains ciphertext CText; Safe floor 312 by initiating terminal is sent to described ciphertext CText the safe floor of target terminal; And, after having received key for the safe floor 313 confirming target terminal, to the application program 311 of moving on initiating terminal, send " start to connect and confirm " message; Wherein, the safe floor 312 of initiating terminal, according to the identifier Application_ID_314 of the application program 314 of target terminal, obtains the PKI Public_Key_314 of target terminal applications program 314 from public key server; Target terminal, the private key Private_Key_314 decrypting ciphertext CText for the safe floor 313 use target terminal applications programs 314 by target terminal, obtain random key RandomKey; And send " receiving key confirmation " message to the safe floor 312 of initiating terminal.
Wherein, described initiating terminal, be further used for being sent to by its safe floor 312 message of will " setting up safe connection request " safe floor 313 of target terminal, the identifier Application_ID_311 and the Set_App_Sec that comprise the application program 311 of initiating terminal in this message, wherein Set_App_Sec means that initiating terminal 301 request sets up application layer security data connection response;
Described target terminal, be further used for by its safe floor 313, " beginning connection request " message being sent to the application program 314 of target terminal, comprises the identifier Application_ID_311 of the application program 311 of initiating terminal in this message; And, will " start to connect and confirm " message by its application program 314 and send to its safe floor 313, comprise the identifier Application_ID_314 of application program 314 in this message; And, to " set up safety and connect confirmation " message by its safe floor 313 and be sent to the safe floor 312 of initiating terminal, the identifier Application_ID_314 and the Set_App_Sec_Response that comprise application program 314 in this message, wherein Set_App_Sec_Response means that target terminal confirms to set up application layer security data connection response.
Further, after initiating terminal and target terminal are set up safety and are connected, while carrying out Security Data Transmission, described initiating terminal, the application program be further used for by moving on initiating terminal sends to the file data of wish transmission the safe floor of initiating terminal; And by the safe floor of initiating terminal, file data F is divided into to several blocks of files B
i, the equal and opposite in direction of each blocks of files, used one-way Hash algorithm to calculate the hashed value H of each blocks of files subsequently
i, to carry out verification of correctness; The safe floor of initiating terminal is used random key RandomKey encrypt file piece B
iwith hashed value H
i, obtain ciphertext C (B
i, H
i), and by ciphertext C (B
i, H
i) send to the safe floor of target terminal; Described target terminal, be further used for using random key RandomKey to ciphertext C (B by the safe floor of target terminal
i, H
i) deciphering, obtain blocks of files B
iwith hashed value H
i; The safe floor of target terminal is used each blocks of files B of one-way Hash algorithm to obtaining
icalculate hashed value H
i', and with the hashed value H obtained
icompare, if identical, blocks of files B
itransmission is correct, otherwise mistake occurs in the explanation data transmission procedure; If without data transmission fault, the safe floor of target terminal is being confirmed each blocks of files B
iafter all correctly receiving, by B
ibe reassembled into original file data F, and send to the application program of moving on target terminal, so far complete the safety data transmission between initiating terminal and target terminal.
In addition, when data transmission fault occurring, in the time of need to carrying out the error in data processing, described target terminal, be further used for the blocks of files B in the safe floor acquisition of target terminal
ican't pass through verification of correctness, abandon acquired blocks of files B
i, and send " misdata re-transmission " request to the safe floor of initiating terminal, comprise the index number BlockIndex of the blocks of files abandoned in message; Described initiating terminal, be further used for the content of the safe floor of initiating terminal according to BlockIndex, by ciphertext C (B
blockIndex, H
blockIndex) resend the safe floor to target terminal.
The invention has the beneficial effects as follows: according to the method and system that carries out the Point-to-Point Data safe transmission in NFC equipment of the present invention, start the application layer security transfer of data by exchanging safety request and security response between initiating terminal and target terminal, application layer at initiating terminal and target terminal is encrypted data and the check information of transmission, safer NFC Point-to-point Communication Method can be provided, substantially solve the potential safety hazard of existing network; In addition, by becoming data block to be transmitted Data Segmentation, and data block is carried out to the correctness verification, when mistake appears in transmission, take data block as unit carries out the misdata recovery, further improved the accuracy of transmission; And stop security request and stop security response finishing neatly the application layer security transfer of data by exchange between initiating terminal and target terminal.
The accompanying drawing explanation
The NFC point to point protocol structure that Fig. 1 is existing standard;
The NFC point to point protocol structure that Fig. 2 is the embodiment of the present invention;
The signal flow graph connected for NFC peer-to-peer communications application layer foundation safety that Fig. 3 is the embodiment of the present invention;
Fig. 4 be the embodiment of the present invention carry out the signal flow graph of safety data transmission for NFC peer-to-peer communications application layer;
Fig. 5 be the embodiment of the present invention carry out the signal flow graph of data mistake processing after transfer of data makes a mistake;
The signal flow graph that releasing safety connects after DTD that Fig. 6 is the embodiment of the present invention.
Embodiment
Below, describe the method and system that carries out the Point-to-Point Data safe transmission in NFC equipment of the present invention in detail with reference to accompanying drawing 2 ~ 6.
Fig. 2 is the NFC point to point protocol structure according to the embodiment of the present invention.As shown in Figure 2, RF layer 200 is the lowermost layer that meet (IEC) 18092 of International Organization for Standardization/International Electrotechnical Commission and 14443A, category-B standard and contact type intelligent card technology (Felica) protocol stack standard.RF layer 200 is corresponding with the physical layer of ISO/OSI reference model, is responsible for carrying out modulating/demodulating and the wireless transmission of data.The agreement of NFC link layer 210 is called as the NFC-IP protocol layer, is responsible for coding, sets transmission rate, defines frame format, the initialization scheme of RF layer interface and carry out the necessary data collision of initialization and control.In addition, the NFC-IP agreement has also defined transport layer protocol, comprises protocol activating and method for interchanging data.Application layer 220 is responsible for general program provides service to guarantee communication.Safe floor 230 is sublayers of application layer 220, is responsible for setting up safety and connects between the node of peer-to-peer communications, and carry out encrypted data transmission and verification of correctness.
Embodiment of the method
Fig. 3 has described safe floor 230 and has set up the process that safety connects.As shown in Figure 3, the process of setting up the safety connection in the present invention between node relates to 3 entities, is respectively the initiating terminal 301 of peer-to-peer communications, the target terminal 302 of peer-to-peer communications, and public key server 303.Wherein, initiating terminal 301 is initiated the NFC peer-to-peer communications, and target terminal 302 is recipients of peer-to-peer communications, and public key server 303 is the believable servers that provided by application issued person, for depositing the client public key information of using this application program.Application program 311 and safe floor 312 are positioned at the application layer of initiating terminal 301, and safe floor 313 and application program 314 are positioned at the application layer of target terminal 302.
Step 321, target terminal 302 also needs the PKI of oneself is registered on public key server 303, and registration process is completed by the application program 314 of target terminal 302, and registration process is identical with step 320, and this step is not describing in detail.
Step 323, safe floor 312 on initiating terminal 301 will " be set up safe connection request ", and message is sent to the safe floor 313 of target terminal 302, comprise Application_ID_311 and Set_App_Sec in message, wherein, Set_App_Sec means that initiating terminal 301 request sets up application layer security data connection response.
Step 324, the safe floor 313 of target terminal 302 sends to " beginning connection request " message the application program 314 of target terminal 302, comprises Application_ID_311 in message.
Step 326, the safe floor 313 of target terminal 302 will " be set up safety and connect confirmation " message and be sent to the safe floor 312 on initiating terminal 301, comprise Application_ID_314 and Set_App_Sec_Response in message, wherein Set_App_Sec_Response means that target terminal confirms to set up the application layer security data and connect.
Step 330, the safe floor 312 on initiating terminal 301 is sent to CText the safe floor 313 of target terminal 302.
Step 332, the safe floor 313 of target terminal 302 sends " receiving key confirmation " message to the safe floor 312 of initiating terminal 301.
Step 333, the safe floor 312 of initiating terminal 301, after the safe floor 313 of confirming target terminal 302 has been received key, sends " start to connect and confirm " message to the application program 311 of operation on initiating terminal 301, comprises Application_ID_314 in message.So far, initiating terminal 301 is connected and sets up with safety between target terminal 302, can start transfer of data.
Fig. 4 has described the process that initiating terminal 401 and target terminal 402 are encrypted transfer of data and verification of correctness.
Step 422, the safe floor 412 of initiating terminal 401 is divided into several blocks of files B by file data F
i, the equal and opposite in direction of each blocks of files, be defaulted as 64KB (the blocks of files size that is positioned at the file data end may be less than 64KB), also can be changed according to the situation of file size.Use subsequently one-way Hash algorithm to calculate the hashed value H of each blocks of files
i, to carry out verification of correctness.One-way Hash algorithm can select as required Message-Digest Algorithm 5 (Message-Digest Algorithm 5, MD5), translations SHA (Secure Hash Algorithm, SHA) etc.
Step 423, the safe floor 412 of initiating terminal 401 is used random key RandomKey encrypt file piece B
iwith hashed value H
i, obtain ciphertext C (B
i, H
i).
Step 425, the safe floor 413 use random key RandomKey of target terminal 402 are to ciphertext C (B
i, H
i) deciphering, obtain blocks of files B
iwith hashed value H
i.
Step 426, the safe floor 413 of target terminal 402 is used each blocks of files B of one-way Hash algorithm to obtaining
icalculate hashed value H
i', and with the hashed value H obtained
icompare, if identical, blocks of files B
itransmission is correct, otherwise mistake occurs in the explanation data transmission procedure.
After Fig. 5 has described transfer of data and has made a mistake, the process of carrying out the error in data processing.
Step 522, the safe floor 512 of target terminal 502 sends " misdata re-transmission " request to the safe floor 511 of initiating terminal 501, comprises the index number BlockIndex of the blocks of files abandoned in message.
After Fig. 6 has described DTD, remove the process that safety connects.
System embodiment:
System of carrying out the Point-to-Point Data safe transmission in NFC equipment of the present invention, comprise initiating terminal, target terminal and public key server, and wherein, initiating terminal, for after being connected with target terminal foundation is safe, generate a random key RandomKey; The safe floor 312 of initiating terminal obtains the PKI Public_Key_314 of target terminal applications program 314 from public key server, and uses described PKI Public_Key_314 encrypted random keys RandomKey, obtains ciphertext CText; Safe floor 312 by initiating terminal is sent to described ciphertext CText the safe floor of target terminal; And, after having received key for the safe floor 313 confirming target terminal, to the application program 311 of moving on initiating terminal, send " start to connect and confirm " message; Wherein, the safe floor 312 of initiating terminal, according to the identifier Application_ID_314 of the application program 314 of target terminal, obtains the PKI Public_Key_314 of target terminal applications program 314 from public key server;
Target terminal, the private key Private_Key_314 decrypting ciphertext CText for the safe floor 313 use target terminal applications programs 314 by target terminal, obtain random key RandomKey; And send " receiving key confirmation " message to the safe floor 312 of initiating terminal.
In addition, initiating terminal, be further used for being sent to by its safe floor 312 message of will " setting up safe connection request " safe floor 313 of target terminal, the identifier Application_ID_311 and the Set_App_Sec that comprise the application program 311 of initiating terminal in this message, wherein Set_App_Sec means that initiating terminal 301 request sets up application layer security data connection response;
Described target terminal, be further used for by its safe floor 313, " beginning connection request " message being sent to the application program 314 of target terminal, comprises the identifier Application_ID_311 of the application program 311 of initiating terminal in this message; And, will " start to connect and confirm " message by its application program 314 and send to its safe floor 313, comprise the identifier Application_ID_314 of application program 314 in this message; And, to " set up safety and connect confirmation " message by its safe floor 313 and be sent to the safe floor 312 of initiating terminal, the identifier Application_ID_314 and the Set_App_Sec_Response that comprise application program 314 in this message, wherein Set_App_Sec_Response means that target terminal confirms to set up application layer security data connection response.
In addition, after initiating terminal and target terminal are set up safety and are connected, while carrying out Security Data Transmission, initiating terminal, the application program be further used for by moving on initiating terminal sends to the file data of wish transmission the safe floor of initiating terminal; And by the safe floor of initiating terminal, file data F is divided into to several blocks of files B
i, the equal and opposite in direction of each blocks of files, used one-way Hash algorithm to calculate the hashed value H of each blocks of files subsequently
i, to carry out verification of correctness; The safe floor of initiating terminal is used random key RandomKey encrypt file piece B
iwith hashed value H
i, obtain ciphertext C (B
i, H
i), and by ciphertext C (B
i, H
i) send to the safe floor of target terminal.Target terminal, be further used for using random key RandomKey to ciphertext C (B by the safe floor of target terminal
i, H
i) deciphering, obtain blocks of files B
iwith hashed value H
i; The safe floor of target terminal is used each blocks of files B of one-way Hash algorithm to obtaining
icalculate hashed value H
i', and with the hashed value H obtained
icompare, if identical, blocks of files B
itransmission is correct, otherwise mistake occurs in the explanation data transmission procedure; If without data transmission fault, the safe floor of target terminal is being confirmed each blocks of files B
iafter all correctly receiving, by B
ibe reassembled into original file data F, and send to the application program of moving on target terminal, so far complete the safety data transmission between initiating terminal and target terminal.
When data transmission fault occurring, in the time of need to carrying out the error in data processing, target terminal, be further used for the blocks of files B in the safe floor acquisition of target terminal
ican't pass through verification of correctness, abandon acquired blocks of files B
i, and send " misdata re-transmission " request to the safe floor of initiating terminal, comprise the index number BlockIndex of the blocks of files abandoned in message; Initiating terminal, be further used for the content of the safe floor of initiating terminal according to BlockIndex, by ciphertext C (B
blockIndex, H
blockIndex) resend the safe floor to target terminal.
In sum, according to the method and system that carries out the Point-to-Point Data safe transmission in NFC equipment of the present invention, start the application layer security transfer of data by exchanging safety request and security response between initiating terminal and target terminal, application layer at initiating terminal and target terminal is encrypted data and the check information of transmission, safer NFC Point-to-point Communication Method can be provided, substantially solve the potential safety hazard of existing network; In addition, by becoming data block to be transmitted Data Segmentation, and data block is carried out to the correctness verification, when mistake appears in transmission, take data block as unit carries out the misdata recovery, further improved the accuracy of transmission; And stop security request and stop security response finishing neatly the application layer security transfer of data by exchange between initiating terminal and target terminal.
More than in order to make those of ordinary skills understand the present invention; and the detailed description that the present invention is carried out; but can expect; can also make other changes and modifications within not breaking away from the scope that claim of the present invention contains, these variations and revising all in protection scope of the present invention.
Claims (10)
1. a method of carrying out the Point-to-Point Data safe transmission, it is characterized in that, application layer at near-field communication NFC arranges the sublayer of safe floor as application layer, is responsible for setting up safety and connects between the node of peer-to-peer communications, and carry out encrypted data transmission and verification of correctness; Described method comprises:
Initiating terminal, after being connected with target terminal foundation is safe, generates a random key RandomKey;
The safe floor of initiating terminal (312) obtains the PKI Public_Key_314 of target terminal applications program (314) from public key server; Wherein, the safe floor of initiating terminal (312), according to the identifier Application_ID_314 of the application program (314) of target terminal, obtains the PKI Public_Key_314 of target terminal applications program 314 from public key server;
The safe floor of initiating terminal (312) is used the PKI Public_Key_314 encrypted random keys RandomKey of the application program (314) of target terminal, obtains ciphertext CText;
The safe floor of initiating terminal (312) is sent to described ciphertext CText the safe floor (313) of target terminal;
The private key Private_Key_314 decrypting ciphertext CText of application program (314) for the safe floor of target terminal (313), obtain random key RandomKey;
The safe floor of target terminal (313) sends " receiving key confirmation " message to the safe floor (312) of initiating terminal;
The safe floor of initiating terminal (312), after the safe floor (313) of confirming target terminal has been received key, sends " start to connect and confirm " message to the application program (311) of moving on initiating terminal; Initiating terminal and target terminal carry out transfer of data.
2. method of carrying out the Point-to-Point Data safe transmission as claimed in claim 1, is characterized in that, before carrying out the application layer security transfer of data, the initiating terminal and the target terminal that participate in transfer of data first will be registered to PKI separately on public key server.
3. method of carrying out the Point-to-Point Data safe transmission as claimed in claim 2, is characterized in that, initiating terminal is set up safely and is connected and comprises the following steps: with target terminal
The safe floor of initiating terminal (312) will " be set up safe connection request ", and message is sent to the safe floor (313) of target terminal, the identifier Application_ID_311 and the Set_App_Sec that comprise the application program (311) of initiating terminal in this message, wherein Set_App_Sec means that the initiating terminal request sets up application layer security data connection response;
The safe floor of target terminal (313) sends to " beginning connection request " message the application program (314) of target terminal, comprises the identifier Application_ID_311 of the application program (311) of initiating terminal in this message;
The application program of target terminal (314) will " start to connect and confirm " message and send to the safe floor (313) of target terminal, comprise the identifier Application_ID_314 of application program (314) in this message;
The safe floor of target terminal (313) will " be set up safety and connect confirmation " message and be sent to the safe floor (312) of initiating terminal, the identifier Application_ID_314 and the Set_App_Sec_Response that comprise application program (314) in this message, wherein Set_App_Sec_Response means that target terminal confirms to set up application layer security data connection response.
4. method of carrying out the Point-to-Point Data safe transmission as claimed in claim 3, is characterized in that,
The safe floor (313) that message that the safe floor of initiating terminal (312) will " be set up safe connection request " is sent to target terminal before, further comprises: the application program of moving on initiating terminal (311) sends and starts connection request message to the safe floor (312) on initiating terminal; Wherein, the identifier Application_ID_311 that comprises initiating terminal application program (311) in this message.
5. method of carrying out the Point-to-Point Data safe transmission as described as any one in claim 1 to 4, is characterized in that, after initiating terminal and target terminal are set up safety and be connected, while carrying out Security Data Transmission, comprises the following steps:
The file data that the application program of moving on initiating terminal sends wish sends to the safe floor of initiating terminal;
The safe floor of initiating terminal is divided into several blocks of files B by file data F
i, the equal and opposite in direction of each blocks of files, used one-way Hash algorithm to calculate the hashed value H of each blocks of files subsequently
i, to carry out verification of correctness;
The safe floor of initiating terminal is used random key RandomKey encrypt file piece B
iwith hashed value H
i, obtain ciphertext C (B
i, H
i);
The safe floor of initiating terminal is by ciphertext C (B
i, H
i) send to the safe floor of target terminal;
The safe floor of target terminal uses random key RandomKey to ciphertext C (B
i, H
i) deciphering, obtain blocks of files B
iwith hashed value H
i;
The safe floor of target terminal is used each blocks of files B of one-way Hash algorithm to obtaining
icalculate hashed value H
i', and with the hashed value H obtained
icompare, if identical, blocks of files B
itransmission is correct, otherwise mistake occurs in the explanation data transmission procedure; If without data transmission fault, the safe floor of target terminal is being confirmed each blocks of files B
iafter all correctly receiving, by B
ibe reassembled into original file data F, and send to the application program of moving on target terminal, so far complete the safety data transmission between initiating terminal and target terminal.
6. method of carrying out the Point-to-Point Data safe transmission as claimed in claim 5, is characterized in that,
When data transmission fault occurring, need to carry out the error in data processing, specifically comprise:
If the blocks of files B that the safe floor of target terminal obtains
ican't pass through verification of correctness, abandon acquired blocks of files B
i;
The safe floor of target terminal sends " misdata re-transmission " request to the safe floor of initiating terminal, comprises the index number BlockIndex of the blocks of files abandoned in message;
The safe floor of initiating terminal is according to the content of BlockIndex, by ciphertext C (B
blockIndex, H
blockIndex) resend the safe floor to target terminal.
7. a system that realizes the described method of claim 1, is characterized in that, comprises initiating terminal, target terminal and public key server, wherein,
Initiating terminal, for after being connected with target terminal foundation is safe, generate a random key RandomKey; The safe floor of initiating terminal (312) obtains the PKI Public_Key_314 of target terminal applications program (314) from public key server, and uses described PKI Public_Key_314 encrypted random keys RandomKey, obtains ciphertext CText; Safe floor (312) by initiating terminal is sent to described ciphertext CText the safe floor of target terminal; And, after having received key for the safe floor (313) confirming target terminal, to the application program (311) of moving on initiating terminal, send " start to connect and confirm " message; Wherein, the safe floor of initiating terminal (312), according to the identifier Application_ID_314 of the application program (314) of target terminal, obtains the PKI Public_Key_314 of target terminal applications program (314) from public key server;
Target terminal, the private key Private_Key_314 decrypting ciphertext CText for the safe floor by target terminal (313) by target terminal applications program (314), obtain random key RandomKey; And send " receiving key confirmation " message to the safe floor (312) of initiating terminal.
8. system as claimed in claim 7, it is characterized in that, described initiating terminal, be further used for being sent to by its safe floor (312) message of will " setting up safe connection request " safe floor (313) of target terminal, the identifier Application_ID_311 and the Set_App_Sec that comprise the application program (311) of initiating terminal in this message, wherein Set_App_Sec means that initiating terminal (301) request sets up application layer security data connection response;
Described target terminal, be further used for by its safe floor (313), " beginning connection request " message being sent to the application program (314) of target terminal, comprise the identifier Application_ID_311 of the application program (311) of initiating terminal in this message; And, will " start to connect and confirm " message by its application program (314) and send to its safe floor (313), comprise the identifier Application_ID_314 of application program (314) in this message; And, to " set up safety and connect confirmation " message by its safe floor (313) and be sent to the safe floor (312) of initiating terminal, the identifier Application_ID_314 and the Set_App_Sec_Response that comprise application program (314) in this message, wherein Set_App_Sec_Response means that target terminal confirms to set up application layer security data connection response.
9. system as claimed in claim 8, is characterized in that, after initiating terminal and target terminal are set up safety and are connected, and while carrying out Security Data Transmission,
Described initiating terminal, the application program be further used for by moving on initiating terminal sends to the file data of wish transmission the safe floor of initiating terminal; And by the safe floor of initiating terminal, file data F is divided into to several blocks of files B
i, the equal and opposite in direction of each blocks of files, used one-way Hash algorithm to calculate the hashed value H of each blocks of files subsequently
i, to carry out verification of correctness; The safe floor of initiating terminal is used random key RandomKey encrypt file piece B
iwith hashed value H
i, obtain ciphertext C (B
i, H
i), and by ciphertext C (B
i, H
i) send to the safe floor of target terminal;
Described target terminal, be further used for using random key RandomKey to ciphertext C (B by the safe floor of target terminal
i, H
i) deciphering, obtain blocks of files B
iwith hashed value H
i; The safe floor of target terminal is used each blocks of files B of one-way Hash algorithm to obtaining
icalculate hashed value H
i', and with the hashed value H obtained
icompare, if identical, blocks of files B
itransmission is correct, otherwise mistake occurs in the explanation data transmission procedure; If without data transmission fault, the safe floor of target terminal is being confirmed each blocks of files B
iafter all correctly receiving, by B
ibe reassembled into original file data F, and send to the application program of moving on target terminal, so far complete the safety data transmission between initiating terminal and target terminal.
10. system as claimed in claim 8, is characterized in that, when data transmission fault occurring, and in the time of need to carrying out the error in data processing,
Described target terminal, be further used for the blocks of files B in the safe floor acquisition of target terminal
ican't pass through verification of correctness, abandon acquired blocks of files B
i, and send " misdata re-transmission " request to the safe floor of initiating terminal, comprise the index number BlockIndex of the blocks of files abandoned in message;
Described initiating terminal, be further used for the content of the safe floor of initiating terminal according to BlockIndex, by ciphertext C (B
blockIndex, H
blockIndex) resend the safe floor to target terminal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210181412.0A CN103457724B (en) | 2012-06-05 | 2012-06-05 | Method and system for point-to-point data safe transmission |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210181412.0A CN103457724B (en) | 2012-06-05 | 2012-06-05 | Method and system for point-to-point data safe transmission |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103457724A true CN103457724A (en) | 2013-12-18 |
CN103457724B CN103457724B (en) | 2017-02-08 |
Family
ID=49739720
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210181412.0A Active CN103457724B (en) | 2012-06-05 | 2012-06-05 | Method and system for point-to-point data safe transmission |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103457724B (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103985042A (en) * | 2014-06-04 | 2014-08-13 | 孙国华 | Digital information encryption and decryption method based on NFC mobile phone and IC card |
CN104219054A (en) * | 2014-09-04 | 2014-12-17 | 天津大学 | NFC (near field communication)-based point-to-point data transmission method |
CN104301334A (en) * | 2014-11-06 | 2015-01-21 | 捷开通讯科技(上海)有限公司 | Matched checking system and method for high-bandwidth digital content protection technology |
CN105988422A (en) * | 2015-01-27 | 2016-10-05 | 上海海马汽车研发有限公司 | Remote driving control system and method for vehicles |
CN107094036A (en) * | 2017-04-24 | 2017-08-25 | 深圳市科漫达智能管理科技有限公司 | A kind of cipher key processing method and Bluetooth terminal based on bluetooth communication |
CN108173866A (en) * | 2017-12-29 | 2018-06-15 | 苏州麦迪斯顿医疗科技股份有限公司 | Integrated approach, device, equipment and the storage medium of pectoralgia center certification data |
CN108390858A (en) * | 2018-01-16 | 2018-08-10 | 山东浪潮商用系统有限公司 | A method of based on tax sensitive data secure exchange |
CN110535641A (en) * | 2019-08-27 | 2019-12-03 | 中国神华能源股份有限公司神朔铁路分公司 | Key management method and device, computer equipment and storage medium |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101146125A (en) * | 2006-09-11 | 2008-03-19 | 三星电子株式会社 | Peer-to-peer communication method for near field communication |
CN102325167A (en) * | 2011-07-21 | 2012-01-18 | 杭州微元科技有限公司 | Verifying method for network file transmission |
-
2012
- 2012-06-05 CN CN201210181412.0A patent/CN103457724B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101146125A (en) * | 2006-09-11 | 2008-03-19 | 三星电子株式会社 | Peer-to-peer communication method for near field communication |
CN102325167A (en) * | 2011-07-21 | 2012-01-18 | 杭州微元科技有限公司 | Verifying method for network file transmission |
Non-Patent Citations (2)
Title |
---|
帅青红: "《电子商务安全与PKI技术》", 31 December 2001 * |
梅挺: "《计算机网络安全》", 31 January 2011 * |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103985042A (en) * | 2014-06-04 | 2014-08-13 | 孙国华 | Digital information encryption and decryption method based on NFC mobile phone and IC card |
CN104219054A (en) * | 2014-09-04 | 2014-12-17 | 天津大学 | NFC (near field communication)-based point-to-point data transmission method |
CN104219054B (en) * | 2014-09-04 | 2017-09-15 | 天津大学 | A kind of Point-to-Point Data Transmission method based on NFC |
CN104301334A (en) * | 2014-11-06 | 2015-01-21 | 捷开通讯科技(上海)有限公司 | Matched checking system and method for high-bandwidth digital content protection technology |
CN105988422A (en) * | 2015-01-27 | 2016-10-05 | 上海海马汽车研发有限公司 | Remote driving control system and method for vehicles |
CN105988422B (en) * | 2015-01-27 | 2019-05-21 | 上海海马汽车研发有限公司 | A kind of long-range Ride Control System and method of vehicle |
CN107094036A (en) * | 2017-04-24 | 2017-08-25 | 深圳市科漫达智能管理科技有限公司 | A kind of cipher key processing method and Bluetooth terminal based on bluetooth communication |
CN108173866A (en) * | 2017-12-29 | 2018-06-15 | 苏州麦迪斯顿医疗科技股份有限公司 | Integrated approach, device, equipment and the storage medium of pectoralgia center certification data |
CN108390858A (en) * | 2018-01-16 | 2018-08-10 | 山东浪潮商用系统有限公司 | A method of based on tax sensitive data secure exchange |
CN110535641A (en) * | 2019-08-27 | 2019-12-03 | 中国神华能源股份有限公司神朔铁路分公司 | Key management method and device, computer equipment and storage medium |
CN110535641B (en) * | 2019-08-27 | 2022-06-10 | 中国神华能源股份有限公司神朔铁路分公司 | Key management method and apparatus, computer device, and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN103457724B (en) | 2017-02-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103457724A (en) | Method and system for point-to-point data safe transmission | |
US8515073B2 (en) | Method and system for secure communication in near field communication network | |
CN101521883B (en) | Method and system for renewing and using digital certificate | |
CN101534505B (en) | Communication device and communication method | |
CN1694454B (en) | Communication method and system between a terminal and at least a communication device | |
JP6092415B2 (en) | Fingerprint authentication system and fingerprint authentication method based on NFC | |
CN108259164B (en) | Identity authentication method and equipment of Internet of things equipment | |
CN105069864A (en) | Door lock control secure communication scheme based on NFC (near field communication) function of smart phone | |
CN101771973B (en) | Data short message processing method, data short message processing equipment and data short message processing system | |
CN101707772A (en) | Identification method based on NFC and system | |
CN101916459B (en) | Safe electronic ticket method | |
CN102916869A (en) | Instant messaging method and system | |
CN110932854B (en) | Block chain key distribution system and method for Internet of things | |
US20160328714A1 (en) | Method and apparatus for authenticating payment related information in mobile communication system | |
CN104270244A (en) | NFC encryption method and system | |
CN103886661A (en) | Entrance guard management method and system | |
WO2011147183A1 (en) | Radio frequency identification system, reader-writer and data transmission method | |
CN103916848A (en) | Data backup and recovery method and system for mobile terminal | |
EP3128696B1 (en) | Entity authentication method and device | |
CN108430092A (en) | Obtain, provide method, equipment and the medium of wireless access point access information | |
CN108206738B (en) | Quantum key output method and system | |
CN110212991B (en) | Quantum wireless network communication system | |
Baek et al. | Secure and lightweight authentication protocol for NFC tag based services | |
CN102833243B (en) | A kind of communication means utilizing finger print information | |
EP2779682A2 (en) | Method for acquiring access rights to a product or a service and system for implementing this method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |