CN104660641B - A kind of enterprise network internal data transmission method - Google Patents

A kind of enterprise network internal data transmission method Download PDF

Info

Publication number
CN104660641B
CN104660641B CN201310598188.XA CN201310598188A CN104660641B CN 104660641 B CN104660641 B CN 104660641B CN 201310598188 A CN201310598188 A CN 201310598188A CN 104660641 B CN104660641 B CN 104660641B
Authority
CN
China
Prior art keywords
data
token
user
exchange system
download
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310598188.XA
Other languages
Chinese (zh)
Other versions
CN104660641A (en
Inventor
董岩
江卓逞
胡敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Helicopter Research and Development Institute
Original Assignee
China Helicopter Research and Development Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Helicopter Research and Development Institute filed Critical China Helicopter Research and Development Institute
Priority to CN201310598188.XA priority Critical patent/CN104660641B/en
Publication of CN104660641A publication Critical patent/CN104660641A/en
Application granted granted Critical
Publication of CN104660641B publication Critical patent/CN104660641B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention relates to network data Transfer Technology field, more particularly to a kind of data transferring method.The present invention keeps apart in data file source with data exchange system, ensure that data source is not accessed by anyone outside system manager.The present invention can ensure to receive user when without data file access right using disposable token downloading data of downloading, and also data file can not be obtained by technological means even if knowing the identifier of data file.The present invention obtains the second token when logging in, and bound end message, the terminal then bound can use in non-login status and download token and the second token with the complete content data file of breakpoint transmission pattern acquiring, and update the second token after each request, it is abolished after the completion of entire data file obtains and downloads token, the disposable of data path is realized, so as to ensure that the safety of data transmission.

Description

A kind of enterprise network internal data transmission method
Technical field
The present invention relates to network data Transfer Technology field, more particularly to a kind of data transferring method.
Background technology
Enterprise network is general during transmitting network data, and all in network bottom layer, there are encrypting and decrypting processes and network turn Process is changed, under this network environment, message transmission rate is unstable and frequent interruption, and the internal data of enterprise network is usual It needs to limit its scope being known, it is necessary to ensure its security, so transferring data inside enterprise network, it is necessary in solution State two problems.
Existing data transfer common are FTP, mailing system, share directory, site resource, net there are many kinds of method The methods of program of standing, for the demand that enterprise network internal data is transferred, usually there are following for traditional data transferring method Problem:A) data connection lacks security, and the mode of resource is directly placed on website or file server and can not prevent illegally to use The download at family, which receives, to be used;B) can not verify the availability of user, as long as user takes address can downloading data, for one There are the data of specific granting object a bit, security cannot be guaranteed;C) checking for data file is answered with access right management Miscellaneous, using FTP modes or share directory mode, priority assignation operation is quite time-consuming, is not suitable for carrying out on the server a large amount of The type operation.D) traditional procedure site output file method data transfer does not have continuity, passes through net in enterprise network In the case of the hardware devices such as lock and encryption equipment, network connection is often interrupted, and can not ensure the integrality of data.E) it is traditional disconnected Point resumes mechanism usually using a disclosed URL, which is known that rear non-designated reception user can also be obtained in data Hold, Information Security cannot be guaranteed.F) number can be ensured by rationally control by being directly based upon the delivery means of TCP connection exploitation According to safety, but there is the problem of deployment is difficult under the scene to be cooperated in more factories.G) big data is transmitted using SSL patterns Efficiency is very low, and the network bottom layer of enterprise network is commonly provided with hardware encryption device so that SSL is without necessity of application. H) the usually not detailed enough record of the audit of common data transfer mode can not obtain the transmitting state of primary data.
The content of the invention
The purpose of the present invention:
The present invention proposes a kind of method that enterprise network internal data is transferred, and is used to implement the peace of the internal data of enterprise network Full transmission, and realize breakpoint transmission ability of the big data on this safe transmission access.
Technical scheme:
The present invention proposes a kind of enterprise network internal data transmission method, and the method comprises the following steps:
The first step, in the data exchange system in the data exchange server of enterprise network, to the data file to be transferred Reception user be configured.
Second step receives user and is verified by account and password logon, into the data exchange system on server.
3rd step, the data file list that data exchange system will receive return to reception user.
4th step receives user and submits the data file identifier provided in data file list, data exchange system life Into the download token bound with the reception subscriber identity information, and reception user is returned to, while the download token is regarded as Effectively, which cannot be used by other second reception users beyond reception user.
The download token of acquisition is submitted to data exchange system by the 5th step, reception user.Data exchange system receives After downloading token, the data file size to be downloaded is judged according to preset size of data threshold values, if data File size is less than threshold values, into the 6th step.If data file size is more than threshold values, flow enters the 7th step.
6th step, in the state of keeping logging in, data exchange system returns to the data file to be downloaded to receiving user Data flow, and the download token of submission is regarded as it is expired, if user is properly received all portions of the data file to be downloaded Point, it downloads flow and terminates.If user, which fails, receives all data of the data file to be downloaded, the 4th step weight is returned The new token that obtains is downloaded.
7th step, data exchange system generates the second token, and the second token, download token and end message are tied up It is fixed, and be returned to and receive user.Enter the 8th step afterwards.
8th step, user is received after binding to data exchange system download token, the second token, terminal to be submitted to believe at any time The data area for the data file that breath and this time request are downloaded, data exchange system returns to this request after receiving above- mentioned information Data block to receiving user, and update the second token, be encapsulated the head of the data block message of return, in multiplicating Process is stated, can realize that the mode of breakpoint downloads the data file.After the completion of download, receive user and submit confirmation message to data The download token related with this download is regarded as expired by exchange system, data exchange system.
Threshold values described in 5th step is:According to the network distance and network of enterprise network server and the terminal for receiving user Transmission quality, a pre-set numerical value.Rational threshold values can guarantee that most of data for being less than threshold values can be passed disposably It is totally lost into.
Holding login status described in 6th step is:It receives user and passes through the non-mistake of the session status obtained after login authentication Phase, and data exchange system does not empty the user information preserved in session status.
End message described in 7th step is:Receive host used by a user NIC address or CPU sequence numbers, Hard disk address or mainboard number or IP address.
Advantages of the present invention:
1) present invention data file source is kept apart with data exchange system, ensure that data source not by system manager it Anyone outer is accessed.
2) it can ensure to receive user without data file access right using disposable token downloading data of downloading When, also can not data file be obtained by technological means even if knowing the identifier of data file.
3) the second token is obtained when logging in, and is bound end message, then the terminal bound can be in non-login shape State, which uses, downloads token and the second token with the complete content data file of breakpoint transmission pattern acquiring, and after each request more New second token is abolished after the completion of entire data file obtains and downloads token, the disposable of data path realized, so as to protect The safety of data transmission is demonstrate,proved.
Description of the drawings
Fig. 1 is the flow chart of this method.
Specific embodiment:
Embodiment:By Web service mode construction data exchange system, built using multipad frame big Data file receives instrument, receives user using the page to obtain data file list, and the small data text that received threshold defines Part receives instrument to obtain the content for the large data files that threshold values defines using large data files, data transmission procedure be divided into as Lower step:
The first step builds interactive interface in data exchange system, for the list of importing data film source and to this The reception user of a little data files is configured, operation system by this interface to the reception user of the data file to be transferred into Row is set.
Second step receives user and is verified by account and password logon, into the data exchange system on server.
3rd step, data exchange system return to reception user with the data file that tabular form will receive, row The each single item of table includes at least the data of the title and data file of data file in data exchange system for data file distribution File identifier.
4th step receives user and submits in data file list the data file identifier that provides to data exchange system, Data exchange system generates the download token bound with the reception subscriber identity information by current session information and returns Be regarded as effectively back to user, while by the download token, the download token cannot by beyond reception user other second User is received to use.Why using token is downloaded rather than directly using data file identifier come request data stream, be because Have the characteristics that disposable to download token, and data file identifier is thick-and-thin, download token it is safe in Data file identifier.
The download token of acquisition is submitted to data exchange system by the 5th step, reception user, and data exchange system receives After downloading token, the size and data exchange system of the data file according to bound in downloading token are directed to reception user Set size of data threshold values, the two is compared, if data file size is less than threshold values, illustrates that receiving user is made The unobstructed degree of network between terminal and data exchange server completes the transmission of entire file in once asking enough, The 6th step is then transferred to, if data file size is more than threshold values, illustrates to receive terminal and data exchange service used by a user The unobstructed degree of network between device is not well positioned to meet the transmission that entire file is completed in once asking, then is transferred to the 7th Step.
6th step, data exchange system reads current session status, if session status does not interrupt, and in session status Subscriber identity information can with download token it is correspondings success, and download token do not fail, then data exchange system to reception user The data flow of the data file to be downloaded is returned, and the download token of submission is regarded as expired.After token failure is downloaded such as Fruit submits the token to data exchange system again, and data exchange system will return to the expired information of token without returned data Stream.If user is properly received all data in the data file to be downloaded, downloads flow and terminate.If user fails into Work(receives all data of the data file to be downloaded, then returns to the 4th step reacquisition token and be downloaded.Performing the step When rapid, if the situation for the reception that frequently occurs failing, coupled system administrator adjust data file size valve Value.
7th step, data exchange system reads current session status, if session status does not interrupt, and in session status Subscriber identity information can with download token it is correspondings success, and download token do not fail, then data exchange system generation with download Second token of token binding, and be returned to and receive user.If it is desired that being bound with hardware information, then receive user and receiving The hardware information of terminal is submitted after to the second token, and to data exchange system, data exchange system will download token, the second token And end message is bound;If it is desired that the mode bound with the network information, then just will in the period of the second token generates IP address, the first token and the second token are bound.Enter the 8th step after binding.
8th step regardless of whether with session status, receives user and receives instrument at any time to data using large data files Exchange system submits the data area for downloading the data file that token, the second token, end message and this time request are downloaded, and receives Data exchange system verifies the information of submission after to above- mentioned information, is not lost if receiving the download token that user submits Effect, and the second token submitted is considered effective or stand-by state, then returns to the data block of this request to user is received, together Second token of submission is regarded as spare token by the second tokens of Shi Gengxin, receives user failing to being successfully received response, then Still new token can be obtained using the second old token, if receiving user is successfully received response, is asked in next time When use the second new token so that the above process is repeated several times, under can realizing in a manner of breakpoint in old second token failure The data file is carried, and the second token in downloading process is replaced at any time, can not be stolen.Entire data file, which is downloaded, to be completed Afterwards, receive user and submit confirmation message to data exchange system, download token is regarded as expired by data exchange system, is bound therewith The second token it is also expired therewith.
The unpredictability of token code is sufficiently make use of using this method, with reference to dynamic disposable token code so that Small data file can be downloaded at any time or large data files are downloaded in a manner of breakpoint by receiving user.And it ensure that downloading process Safety.Data exchange system can realize that data file source is managed independently by operation system by way of open interface, The setting for the reception user that data file is directed to voluntarily is controlled by operation system, so as to which a variety of needs be supported to be transferred in enterprise network The business of internal data.
The large data files download tool sheet in the terminal for receiving user is operated in as instrumental matter, need not frequently be risen Grade, data exchange system use the forming types of web application, can support quickly to upgrade.Using this embodiment Can adapt to production line scene changes in demand it is very fast the characteristics of.
Embodiment 1:
Exemplified by project data delivery system between certain research institute and multiple manufactories, number will be designed required for certain research Multiple manufactories are transferred to according to by enterprise network, then the research institute deploys the project data of responsible design data file distributing Delivery system, and the number of responsible data transfer is constructed using ASP.NET application frameworks according to the method in the present invention According to exchange system, and the large data files download tool that can meet embodiment step 8 in the present invention is developed, be supplied to system Factory's use is made, the implementation process of this method is now illustrated by taking the scene as an example:
The first step, among project data delivery system, designer's submission design data of design department, and according to Project demand is specified the manufactory for needing to receive data, after data sending flow is completed, work by project data delivery system Number of passes by the FTP addresses of design data and needs the manufactory for receiving the design data to submit to data exchange system according to delivery system The data that system provides import and set interface, it is made to receive the existence that user understand that design data.And to data exchange System discloses the username and password for the FTP service for being able to access that data to be sent.
Second step, it is necessary to receive the manufactory of design data in the data receiver person that specifies used using pre-assigned receive The username and password at family logs on to the data exchange system of certain research institute by browser.
3rd step, the data exchange system of certain research institute are authenticated the information of the data receiver person of accessing system, test After the correctness for demonstrate,proving its username and password, the identity information of the data receiver person is obtained from database, and is written into The session status that ASP.NET frames are established automatically obtains its account letter for receiving user from the identity information of data receiver person Breath, data receiver person is presented to by the design data for being sent to the data receiver person by webpage in the form of a list.
4th step, data receiver person click on " file A ", trigger the submission event of the page, first by the data text of " file A " In the parameter that the write-in of part identifier is submitted, pattern is then submitted by list, this data file identifier is sent to data hands over Change the background page processing routine 1 of system.Processing routine 1 downloads token code using the generation of GUID technologies, and by the download token The identifier three of code, the identifier for receiving user and the data file submitted is bound, and is write database, is put under this The state for carrying token code is available, returns download the page to the browser end of data receiver person with the token code afterwards.
5th step performs download action among the download page that the data receiver person returns in data exchange system, will obtain The token code taken submits to the background page processing routine 2 of data exchange system with list pattern.Processing routine 2 is by reading number According to storehouse, the size of requested file is learnt, and learn that it obtains data text glibly according to the identity information of data receiver person The file size threshold values of part is 50M, and " file A " size is 40M, then is data exchange by using project data delivery system FTP addresses disclosed in system, user name, password and this time position of the data file of request.This file is read in into memory simultaneously It writes in response message, " Content-Disposition " field of the HTTP stems of response message is arranged to “attachment;Filename=<Filename>”.Then send response message.And storehouse is updated the data, the data of submission are made The information of board code is changed to expired.Data receiver person can obtain the complete binary content of data file in browser end, And " preservation " is clicked on to receive design data file.If because of network problem, this step fails completion, then data receiver person The 4th step is returned to reacquire token and complete the download of " file A ".
6th step, data receiver person click on " file B ", other are the same as the 4th step.Generation binding " the file of page processing routine 1 The download token code of B ", and return to the download page.
7th step performs download action among the download page that the data receiver person returns in data exchange system, will obtain The token code taken submits to the background page processing routine 2 of data exchange system with list pattern.Processing routine 2 is by reading number According to storehouse, the size of requested file is learnt, and learn that it obtains data text glibly according to the identity information of data receiver person The file size threshold values of part is 50M, and the size of " file B " is 800M, then data exchange system generation is tied up with downloading token code The second fixed token code, while the IP address of the terminating machine of the data receiver person obtained by NAT address conversions is obtained, and under Token code binding is carried, and these binding informations are write into database, the second all token codes with downloading token code binding Therewith binding incidence relation can be established with IP address.The value for downloading token code and the second token code is write into response message, lattice Following " the DataToken of formula:<Download the code value of token code>, StartToken:<The code value of second token code>, DataSize:< Size of the data file in units of byte>", by " Content-Disposition " field of the HTTP stems of response message It is arranged to " attachment;Filename=rcvDefination.frcvd ".Then send response message.Data receiver person A data receiver statement file can be obtained in browser end, " * is pre-set on the terminal machine of data receiver person .frcvd it is large data files download tool that " acquiescence of form, which opens program, and data receiver person clicks on " opening " to start big number According to file download tool.Flow enters the 8th step.
8th step, large data files download tool start the file of download request, will download token, the value of the second token, The starting position of data file and data block size submit to the processing routine 3 of data exchange system, data exchange as parameter The processing routine 3 of system is according to the information stored in database, to the IP address of request message, the download token of submission and second Token is judged, if meeting binding information, and is downloaded token and is in the state not failed, then continues to judge the second order Board, if the second token status is " failure ", then it is assumed that this time request is illegal request, and the details of request are write and are examined Journal file is counted, and returns to empty message;If the state of the second token is " enabling ", this request is write in response message The corresponding portion of specified data file, and the second new token is generated, add new second token on response message head Content.State " failure " will be set to for second token of " spare " before, and the second old token status is set to " spare ", And with downloading token and binding the second new token, the second new token status is initialized as " enabling ".If user fails This secondary response is properly received, then re-initiates request using the second old token, among processing routine 3, if receive Its state recognition is " spare " by reading database by the second token, then 3 returned content part of processing routine is empty report Text, in the second token that response message stem write state is " enabling " so that download tool next time is made with the second new token It initiates to ask for parameter.Large data files download tool can obtain complete data file by the step of execution repeatedly Content.Enter the 9th step afterwards.
9th step, user obtain listed files by browser logon data exchange system, it can be found that " file B " State is " in download ", and the download token obtained among the 6th step can be abolished by clicking on " confirmation ", to prevent under non-login status Possible illegal request.

Claims (4)

1. a kind of enterprise network internal data transmission method, it is characterized in that, the method comprises the following steps:
The first step, in the data exchange system in the data exchange server of enterprise network, to connecing for the data file to be transferred User is received to be configured;
Second step receives user and is verified by account and password logon, into the data exchange system on server;
3rd step, the data file list that data exchange system will receive return to reception user;
4th step receives user and submits the data file identifier that provides in data file list, data exchange system generation with The download token of reception subscriber identity information binding, and reception user is returned to, while the download token is regarded as effectively, The download token cannot be used by other second reception users beyond reception user;
The download token of acquisition is submitted to data exchange system by the 5th step, reception user, and data exchange system receives download After token, the data file size to be downloaded is judged according to preset size of data threshold values, if data file Size is less than threshold values, into the 6th step;If data file size is more than threshold values, flow enters the 7th step;
6th step, in the state of keeping logging in, data exchange system returns to the number of the data file to be downloaded to receiving user According to stream, and the download token of submission is regarded as it is expired, if user is properly received all data of the data file to be downloaded, under Current-carrying journey terminates;If user, which fails, receives all data of the data file to be downloaded, return to the 4th step and obtain again Token is taken to be downloaded;
7th step, data exchange system generates the second token, and the second token, download token and end message are bound, And be returned to and receive user, afterwards into the 8th step;
8th step, after binding receive user can at any time to data exchange system submit download token, the second token, end message with And the data area of the data file of this download, receive the data block that data exchange system after above- mentioned information returns to this request To user, and the second token of update is received, the head of the data block message of return is encapsulated, is repeated several times upper in this step Process is stated, can realize that the mode of breakpoint downloads the data file, after the completion of download, user is received and submits confirmation message to data The download token related with this download is regarded as expired by exchange system, data exchange system.
2. a kind of enterprise network internal data transmission method as described in claim 1, it is characterized in that, the threshold values described in the 5th step For:According to enterprise network server and receive user terminal network distance and network transmission quality, pre-set one Numerical value.
3. a kind of enterprise network internal data transmission method as described in claim 1, it is characterized in that, the holding described in the 6th step is stepped on Record state is:It is not out of date by the session status obtained after login authentication to receive user, and data exchange system does not empty session The user information preserved in state.
4. a kind of enterprise network internal data transmission method as described in claim 1, it is characterized in that, the terminal described in the 7th step Information is:Receive the NIC address of host used by a user or CPU sequence numbers or hard disk address or mainboard number or IP Address.
CN201310598188.XA 2013-11-25 2013-11-25 A kind of enterprise network internal data transmission method Active CN104660641B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310598188.XA CN104660641B (en) 2013-11-25 2013-11-25 A kind of enterprise network internal data transmission method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310598188.XA CN104660641B (en) 2013-11-25 2013-11-25 A kind of enterprise network internal data transmission method

Publications (2)

Publication Number Publication Date
CN104660641A CN104660641A (en) 2015-05-27
CN104660641B true CN104660641B (en) 2018-05-18

Family

ID=53251340

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310598188.XA Active CN104660641B (en) 2013-11-25 2013-11-25 A kind of enterprise network internal data transmission method

Country Status (1)

Country Link
CN (1) CN104660641B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105592083B (en) * 2015-12-18 2020-06-12 北京奇虎科技有限公司 Method and device for terminal to access server by using token

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6643696B2 (en) * 1997-03-21 2003-11-04 Owen Davis Method and apparatus for tracking client interaction with a network resource and creating client profiles and resource database
CN1845103A (en) * 2006-04-30 2006-10-11 中国工商银行股份有限公司 File transmission method and system
KR20070051156A (en) * 2005-11-14 2007-05-17 주식회사 유베이션 File identification system in distributed network and method thereof
CN101068245A (en) * 2007-03-30 2007-11-07 腾讯科技(深圳)有限公司 Shared file issuing and downloading method and file sharing control system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6643696B2 (en) * 1997-03-21 2003-11-04 Owen Davis Method and apparatus for tracking client interaction with a network resource and creating client profiles and resource database
KR20070051156A (en) * 2005-11-14 2007-05-17 주식회사 유베이션 File identification system in distributed network and method thereof
CN1845103A (en) * 2006-04-30 2006-10-11 中国工商银行股份有限公司 File transmission method and system
CN101068245A (en) * 2007-03-30 2007-11-07 腾讯科技(深圳)有限公司 Shared file issuing and downloading method and file sharing control system

Also Published As

Publication number Publication date
CN104660641A (en) 2015-05-27

Similar Documents

Publication Publication Date Title
CN105007280B (en) A kind of application login method and device
US9766914B2 (en) System and methods for remote maintenance in an electronic network with multiple clients
CN103944890B (en) Virtual interaction system based on customer end/server mode and method
CN105871838B (en) A kind of log-in control method and customer center platform of third party&#39;s account
CN104767834B (en) System and method for the transmission for accelerating to calculate environment to remote user
US8619986B2 (en) Systems and methods for secure communication using a communication encryption bios based upon a message specific identifier
DE60221113T3 (en) PROCESS AND SYSTEM FOR THE REMOTE AND MANAGEMENT OF PERSONNEL SECURITY DEVICES
CN108173850A (en) A kind of identity authorization system and identity identifying method based on block chain intelligence contract
CN107122674B (en) Access method of oracle database applied to operation and maintenance auditing system
CN104468592B (en) Login method and login system
CN106936853A (en) A kind of system-oriented integrated cross-domain single login system and method
WO2016173199A1 (en) Mobile application single sign-on method and device
CN110196715A (en) A kind of code generating system and method
CN103685554A (en) Upgrading method, device and system
CN101567893A (en) Method and system for uploading files in WEB application
CN110061967A (en) Business datum providing method, device, equipment and computer readable storage medium
CN107484152A (en) The management method and device of terminal applies
CN110457629A (en) Permission processing, authority control method and device
CN109040134A (en) A kind of design method and relevant apparatus of information encryption
CN108650093A (en) A kind of interface realizing method based on idempotence
CN109547567A (en) Act on behalf of connection method and device
CN104823410B (en) Parameter setting system, program managing device and information processing unit
CN108924159A (en) The verification method and device in a kind of message characteristic identification library
CN103957189B (en) Application program interaction method and device
CN113194099B (en) Data proxy method and proxy server

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant