CN105162586A - Method and system for performing secure communication in intelligent equipment using D-Bus - Google Patents
Method and system for performing secure communication in intelligent equipment using D-Bus Download PDFInfo
- Publication number
- CN105162586A CN105162586A CN201510605425.XA CN201510605425A CN105162586A CN 105162586 A CN105162586 A CN 105162586A CN 201510605425 A CN201510605425 A CN 201510605425A CN 105162586 A CN105162586 A CN 105162586A
- Authority
- CN
- China
- Prior art keywords
- bus
- data
- target
- client
- cipher key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Small-Scale Networks (AREA)
Abstract
The invention discloses a method and system for performing secure data communication in intelligent equipment using D-Bus. A D-Bus client is connected to a D-Bus service through a D-Bus bus. The method comprises the following steps that: the D-Bus client generates first and second key exchange factors, and transmits the second key exchange factor to a target D-Bus service; the target D-Bus service generates third and fourth key exchange factors and transmits the fourth key exchange factor to the D-Bus client after the second key exchange factor is received; the target D-Bus service calculates a first data encryption key by using the third and second key exchange factors; the D-Bus client calculates a second data encryption key by using the fourth and first key exchange factors; the D-Bus client encrypts data needing to be transmitted to a target D-Bus service interface with the second data encryption key, and transmits the encrypted data to the target D-Bus service; and the target D-Bus service decrypts the encrypted data with the first data encryption key after the encrypted data is received. Through adoption of the method and system, the security of data in D-Bus communication is ensured.
Description
Technical field
The application relates to the data communication in smart machine, particularly relates to the method and system carrying out data security communication in a kind of smart machine using D-Bus.
Background technology
D-Bus is Linux interprocess communication (IPC) mechanism of increasing income under freedesktop, uses the distribution of GPL licence.Other IPC communication mechanism of Linux own also comprises: pipeline (fifo), shared drive, semaphore, message queue, Socket etc.D-Bus aims at two kinds of concrete condition designs:
Communication between the application of 1, same desktop session, become as a whole to allow integrating desktop session, and solve the life cycle problem of process, this is referred to as sessionbus;
2, desktop session and communicating between operating system, operating system generally includes kernel and any system finger daemon or process, and this is referred to as systembus.
In existing mobile phone operating system, a large amount of interprocess communications employs D-Bus mode, but the data transmitted under this communication modes in system are clear-text way, simultaneously, all data that dbus-monitor system tool can be utilized to check transmit in D-Bus, this is very unsafe for some vital strategic secrets data.
Summary of the invention
The target of the application is the fail safe strengthening D-Bus communication data in smart machine system, with the privacy of protection system inner core data.
The target of the application is realized by a kind of method of carrying out data security communication in smart machine using D-Bus, and wherein D-Bus client is connected to D-Bus service through D-Bus bus, and the method comprises:
D-Bus client generates the first and second cipher key change factors according to a Diffie-Hellman and sends to target D-Bus to serve the second cipher key change factor;
After target D-Bus service receives the second cipher key change factor, generate the third and fourth cipher key change factor according to described Diffie-Hellman and the 4th cipher key change factor is sent to D-Bus client;
Target D-Bus health care utilization the 3rd and the second cipher key change factor calculate the first data encryption key according to described Diffie-Hellman;
D-Bus client utilize the 4th and first the cipher key change factor calculate the second data encryption key according to described Diffie-Hellman;
D-Bus client is encrypted needing the data being sent to target D-Bus service interface method with the second data encryption key, then the data of encryption is sent to target D-Bus service;
Target D-Bus service utilizes the first data encryption key to be decrypted after receiving the data of encryption, thus guarantees the fail safe of data in D-Bus communication.
The target of the application also uses the secure data communication system in the smart machine of D-Bus to realize by a kind of, and wherein D-Bus client is connected to D-Bus service through D-Bus bus, and this system comprises:
First exchange factor generation unit, generates the first and second cipher key change factors for making D-Bus client according to a Diffie-Hellman and sends to target D-Bus to serve the second cipher key change factor;
Second exchange factor generation unit, serves for making target D-Bus and after receiving the second cipher key change factor, generates the third and fourth cipher key change factor according to described Diffie-Hellman and the 4th cipher key change factor is sent to D-Bus client;
First Key generating unit, calculates the first data encryption key for making target D-Bus health care utilization the 3rd and the second cipher key change factor according to described Diffie-Hellman;
Second Key generating unit, for make D-Bus client utilize the 4th and first the cipher key change factor calculate the second data encryption key according to described Diffie-Hellman;
The data of encryption, for using the second data encryption key to be encrypted needing the data being sent to target D-Bus service interface method, are then sent to target D-Bus service by the first encrypted transmission unit;
First decryption unit, for utilize the first data encryption key to target D-Bus service reception to enciphered data be decrypted.
Because D-Bus realizes the exchanges data in same system between different process, it is conventionally believed that and do not worry man-in-the-middle attack, also can not consider that other process is stolen secret information.As previously mentioned, this is for the private danger close of vital strategic secrets data.By method and system of the present invention, achieve the dynamic encryption that D-Bus transmits data, in system, enhance the channel safety of D-Bus, protect vital strategic secrets data.Under this protection, when using dbus-monitor system tool to check protected data, it is seen that the mess code that can not resolve, thus really achieve the safety communication of D-Bus data.
Unless explicitly stated otherwise, plural reference (namely there is the meaning of " at least one ") is included this singulative used " one ", " being somebody's turn to do ".Should understand further, the term used in specification " has ", " comprising " and/or " comprising " show to exist described in feature, step, operation, element and/or parts, but do not get rid of and there is or increase other features one or more, step, operation, element, parts and/or its combination.Term "and/or" as used in this comprises any of one or more relevant item enumerated and all combinations.Unless explicitly stated otherwise, the step of any method disclosed herein need not accurately perform according to disclosed order.
Accompanying drawing explanation
The present invention will also illustrate with reference to accompanying drawing below in conjunction with the preferred embodiments more completely.
Fig. 1 is the flow chart of the embodiment according to the inventive method.
Fig. 2 is the flow chart of another embodiment according to the inventive method.
Fig. 3 is the structural representation of an embodiment of system according to the invention.
Fig. 4 is the structural representation of another embodiment of system according to the invention.
For clarity, these accompanying drawings are schematically and the figure simplified, and they only give for understanding the necessary details of the present invention, and omit other details.
Embodiment
By detailed description given below, the scope of application of the present invention will be apparent.But, should be appreciated that they only provide for the purpose of illustration while detailed description and object lesson show the preferred embodiment of the present invention.
Fig. 1 shows the first embodiment according to the inventive method, and it for carrying out data security communication in using the smart machine of D-Bus as mobile phone, Pad.After D-Bus client's side link to D-Bus bus, before invocation target D-Bus service interface method, perform the step of the inventive method.
The method of this embodiment starts from step S1, and D-Bus client generates the first and second cipher key change factor a and b according to Diffie-Hellman as DH Diffie-Hellman and sends to target D-Bus to serve the second cipher key change factor b.Wherein, DH Diffie-Hellman (also referred to as DH algorithm) is a kind of method setting up key, instead of encryption method.But the key that it produces can be used for encrypting, further key management or other cipher mode any.Because this algorithm itself is limited to the purposes of cipher key change, be used as Internet Key Exchange by many commercial products.The object of this Internet Key Exchange is to exchange a privacy key with making two user security for use in later message encryption.In other embodiments, other Diffie-Hellman also can be used as ECDH algorithm, Oakley algorithm or IKE algorithm.Afterwards, process proceeds to step S2.
After step S2, target D-Bus service receives the cipher key change factor b of D-Bus client, generate the third and fourth service end cipher key change factor sa and sb according to DH algorithm and the 4th cipher key change factor sb is sent to D-Bus client.Afterwards, process proceeds to step S3.
Step S3, target D-Bus health care utilization service end cipher key change factor sa and client key exchange factor b calculates service end data encryption key key1 according to DH algorithm.Afterwards, process proceeds to step S4.
Step S4, D-Bus client utilizes service end cipher key change factor sb and client key exchange factor a to calculate client data encryption key key2 according to DH algorithm.Client data encryption key key2 is the same with service end data encryption key key1.Afterwards, process proceeds to step S5.
Step S5, D-Bus client is encrypted needing the data encryption key key2 being sent to target D-Bus service interface method, then the data of encryption is sent to target D-Bus service.Send mode includes but not limited to compression transmission.Afterwards, process proceeds to step S6.
Encryption key key1 is utilized to be decrypted after step S6, target D-Bus service receives the data of encryption.By being encrypted D-Bus data channel, ensure that the fail safe of data in D-Bus communication.
Step above must not perform by listed mode order.Such as, step S1 and S2 can be divided into multistep respectively and perform, step S3 and S4 interchangeable execution sequence etc.
Fig. 2 shows another embodiment of the inventive method.Except comprising the step of method shown in Fig. 1, when D-Bus service needs to D-Bus client return data, the method performs step S7 after being also included in step S6.
Step S7, D-Bus service uses service end encryption key key1 to be encrypted needing the data returning to D-Bus client, and then sends to D-Bus client.Afterwards, process proceeds to step S8.
The enciphered data that step S8, D-Bus client uses client encryption key key2 deciphering D-Bus service to send.
Fig. 3 shows an embodiment of D-Bus data security communication system of the present invention, wherein D-Bus client is connected to D-Bus service through D-Bus bus, this system comprises: the first exchange factor generation unit 11, for making D-Bus client according to DH algorithm generation pair of secret keys exchange factor a and b and sending to target D-Bus to serve cipher key change factor b; The second exchange factor generation unit 12, serves for making target D-Bus and after receiving cipher key change factor b, generates another to cipher key change factor sa and sb according to DH algorithm cipher key change factor sb is sent to D-Bus client; First Key generating unit 13, calculates data encryption key key1 for making target D-Bus health care utilization cipher key change factor sa and b according to DH algorithm; Second Key generating unit 14, utilizes cipher key change factor sb and a to calculate data encryption key key2 according to DH algorithm for making D-Bus client; The data of encryption, for using encryption key key2 to be encrypted needing the data being sent to target D-Bus service interface method, are then sent to target D-Bus service by the first encrypted transmission unit 15; And first decryption unit 16, for utilize encryption key key1 to target D-Bus service reception to enciphered data be decrypted.
Fig. 4 shows another embodiment of present system.Except comprising the unit shown in Fig. 3, also comprising: the second encrypted transmission unit 17, for using encryption key key1 to be encrypted needing the data returning to D-Bus client, and then sending to D-Bus client; And second decryption unit 18, for using encryption key key2, the enciphered data that D-Bus service is sent is decrypted.
Some preferred embodiments are illustrated above, but it is emphasized that the present invention is not limited to these embodiments, but can realize by the alternate manner within the scope of present subject matter.
Claims (6)
1. in the smart machine using D-Bus, carry out a method for safety communication, wherein D-Bus client is connected to D-Bus service through D-Bus bus, and it is characterized in that, described method comprises:
D-Bus client generates the first and second cipher key change factors according to a Diffie-Hellman and sends to target D-Bus to serve the second cipher key change factor;
After target D-Bus service receives the second cipher key change factor, generate the third and fourth cipher key change factor according to described Diffie-Hellman and the 4th cipher key change factor is sent to D-Bus client;
Target D-Bus health care utilization the 3rd and the second cipher key change factor calculate the first data encryption key according to described Diffie-Hellman;
D-Bus client utilize the 4th and first the cipher key change factor calculate the second data encryption key according to described Diffie-Hellman;
D-Bus client is encrypted needing the data being sent to target D-Bus service interface method with the second data encryption key, then the data of encryption is sent to target D-Bus service;
Target D-Bus service utilizes the first data encryption key to be decrypted after receiving the data of encryption, thus guarantees the fail safe of data in D-Bus communication.
2. method according to claim 1, also comprises:
D-Bus serves use first data encryption key and is encrypted needing the data returning to D-Bus client, and then sends to D-Bus client;
The enciphered data that D-Bus client uses the second data encryption key deciphering D-Bus service to send.
3. method according to claim 1 and 2, wherein said Diffie-Hellman is DH algorithm.
4. use the secure data communication system in the smart machine of D-Bus, wherein D-Bus client is connected to D-Bus service through D-Bus bus, and it is characterized in that, described system comprises:
First exchange factor generation unit, generates the first and second cipher key change factors for making D-Bus client according to a Diffie-Hellman and sends to target D-Bus to serve the second cipher key change factor;
Second exchange factor generation unit, serves for making target D-Bus and after receiving the second cipher key change factor, generates the third and fourth cipher key change factor according to described Diffie-Hellman and the 4th cipher key change factor is sent to D-Bus client;
First Key generating unit, calculates the first data encryption key for making target D-Bus health care utilization the 3rd and the second cipher key change factor according to described Diffie-Hellman;
Second Key generating unit, for make D-Bus client utilize the 4th and first the cipher key change factor calculate the second data encryption key according to described Diffie-Hellman;
The data of encryption, for using the second data encryption key to be encrypted needing the data being sent to target D-Bus service interface method, are then sent to target D-Bus service by the first encrypted transmission unit;
First decryption unit, for utilize the first data encryption key to target D-Bus service reception to enciphered data be decrypted.
5. system according to claim 4, also comprises:
Second encrypted transmission unit, for using the first data encryption key to be encrypted needing the data returning to D-Bus client, and then sends to D-Bus client;
Second decryption unit, is decrypted the enciphered data that D-Bus service is sent for using the second data encryption key.
6. the system according to claim 4 or 5, wherein said Diffie-Hellman is DH algorithm.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510605425.XA CN105162586A (en) | 2015-09-21 | 2015-09-21 | Method and system for performing secure communication in intelligent equipment using D-Bus |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510605425.XA CN105162586A (en) | 2015-09-21 | 2015-09-21 | Method and system for performing secure communication in intelligent equipment using D-Bus |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105162586A true CN105162586A (en) | 2015-12-16 |
Family
ID=54803351
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510605425.XA Pending CN105162586A (en) | 2015-09-21 | 2015-09-21 | Method and system for performing secure communication in intelligent equipment using D-Bus |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105162586A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106209891A (en) * | 2016-07-26 | 2016-12-07 | 广东道易鑫物联网科技有限公司 | A kind of means of communication based on D BUS communications protocol |
CN108076021A (en) * | 2016-11-18 | 2018-05-25 | 腾讯科技(深圳)有限公司 | Method and device for business processing |
CN108550035A (en) * | 2018-03-20 | 2018-09-18 | 中国银行股份有限公司 | A kind of cross-border network bank business method and cross-border internet banking system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001067679A1 (en) * | 2000-03-10 | 2001-09-13 | Shenzhen Liming Network Systems Co., Ltd. | A platform of information switch |
CN102347879A (en) * | 2011-05-23 | 2012-02-08 | 大连理工计算机控制工程有限公司 | D-BUS high-speed bus technology based on ring type Ethernet and auxiliary network |
CN102640160A (en) * | 2009-10-09 | 2012-08-15 | 诺基亚公司 | Platform security |
-
2015
- 2015-09-21 CN CN201510605425.XA patent/CN105162586A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001067679A1 (en) * | 2000-03-10 | 2001-09-13 | Shenzhen Liming Network Systems Co., Ltd. | A platform of information switch |
CN102640160A (en) * | 2009-10-09 | 2012-08-15 | 诺基亚公司 | Platform security |
CN102347879A (en) * | 2011-05-23 | 2012-02-08 | 大连理工计算机控制工程有限公司 | D-BUS high-speed bus technology based on ring type Ethernet and auxiliary network |
Non-Patent Citations (2)
Title |
---|
张志伟: "基于Windows CE的联系人管理软件的研究与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
梁栋: "《Java加密与解密的艺术》", 31 January 2014 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106209891A (en) * | 2016-07-26 | 2016-12-07 | 广东道易鑫物联网科技有限公司 | A kind of means of communication based on D BUS communications protocol |
CN108076021A (en) * | 2016-11-18 | 2018-05-25 | 腾讯科技(深圳)有限公司 | Method and device for business processing |
CN108076021B (en) * | 2016-11-18 | 2020-06-16 | 腾讯科技(深圳)有限公司 | Service processing method and device |
CN108550035A (en) * | 2018-03-20 | 2018-09-18 | 中国银行股份有限公司 | A kind of cross-border network bank business method and cross-border internet banking system |
CN108550035B (en) * | 2018-03-20 | 2022-03-25 | 中国银行股份有限公司 | Cross-border online banking transaction method and cross-border online banking system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101340443A (en) | Session key negotiating method, system and server in communication network | |
CN105553951A (en) | Data transmission method and data transmission device | |
CN104253694A (en) | Encrypting method for network data transmission | |
CN109194656A (en) | A kind of method of distribution wireless terminal secure accessing | |
CN102986161B (en) | For carrying out the method and system of cryptoguard to application | |
CN104601571A (en) | Data encryption system and method for interaction between tenants and cloud server memory | |
CN105610789B (en) | A kind of data ciphering method for chatting instant messaging suitable for more crowds | |
CN104270242A (en) | Encryption and decryption device used for network data encryption transmission | |
CN105072107A (en) | System and method for enhancing data transmission and storage security | |
CN105227566A (en) | Cipher key processing method, key handling device and key handling system | |
CN104202158A (en) | Data symmetric and asymmetric hybrid encryption and decryption method based on cloud computing | |
CN204180095U (en) | A kind of ciphering and deciphering device for network data encryption transmission | |
CN104735070A (en) | Universal data sharing method for heterogeneous encryption clouds | |
CN102857338A (en) | Method for realizing secure transmission of data in cloud storage system | |
CN101706854A (en) | USB information security equipment and method for communication between USB information security equipment and mainframe | |
GB2581096A (en) | Altering cipher and key within an established session | |
CN101707767A (en) | Data transmission method and devices | |
CN102355353A (en) | Encrypted input method and encrypted communication method and device | |
CN102724205B (en) | A kind of method to the encryption of industrial circle communication process and data acquisition equipment | |
CN105142134A (en) | Parameter obtaining and transmission methods/devices | |
CN105162586A (en) | Method and system for performing secure communication in intelligent equipment using D-Bus | |
CN104270380A (en) | End-to-end encryption method and system based on mobile network and communication client side | |
CN101431411A (en) | Dynamic encryption method for network game data | |
CN102624892B (en) | A kind of method preventing plug-in client simulation HTTP request | |
CN100464337C (en) | Method and equipment for carrying out safety communication between USB device and host |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20151216 |
|
RJ01 | Rejection of invention patent application after publication |