CN105490812A - Data transmission line protection method and device - Google Patents
Data transmission line protection method and device Download PDFInfo
- Publication number
- CN105490812A CN105490812A CN201510831408.8A CN201510831408A CN105490812A CN 105490812 A CN105490812 A CN 105490812A CN 201510831408 A CN201510831408 A CN 201510831408A CN 105490812 A CN105490812 A CN 105490812A
- Authority
- CN
- China
- Prior art keywords
- signature
- information safety
- safety devices
- application apparatus
- sign test
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a data transmission line protection method and device. The method comprises: sending a device certificate to an application device by an information security device, wherein the device certificate is a first signature generated by signing original text data through a manufacturer public key; checking and signing the first signature through pre-obtained manufacturer public key by the application device; if checking and signing are successful, indicating that the information security device is a legal device, or the information security device is an illegal device. In application of the invention, an unsecure information security device can be effectively identified; the security of the information security device is improved; and the data of the application device is prevented from being leaked.
Description
Technical field
The invention belongs to information security field, particularly relate to line protection method and the device of transfer of data.
Background technology
Information safety devices is the equipment for improving information interaction security, is usually used in the information security checking in information interactive process.Such as in information safety devices, store sensitive information; comprise route protection key etc.; route protection key in information safety devices is read to after in application apparatus, makes information safety devices and there is in application apparatus identical route protection key, can Data Encryption Transmission be carried out.
The protection process of existing route protection key generally adopts following steps:
1, application apparatus Program Generating temporary key pair;
2, temporary public key is sent to information safety devices by application apparatus program;
3, information safety devices generation circuit Protective Key, utilizes temporary public key encrypt rear and return to application apparatus;
4, application apparatus temporary private deciphers the enciphered message that previous step sends, and obtains route protection key.
Because existing route protection process carries out transfer of data by obtaining route protection key from information safety devices; also similar information safety devices is namely used can to realize equally transmitting data between application apparatus; fail safe due to information safety devices can not get protection, easily causes the leaking data of application apparatus.
Summary of the invention
The object of the present invention is to provide a kind of line protection method of transfer of data, can not get protection to solve prior art due to the fail safe of information safety devices, easily cause the problem of the leaking data of application apparatus.
The present invention is achieved in that a kind of line protection method of transfer of data, and described method comprises:
Information safety devices is to application apparatus transmitting apparatus certificate, and wherein, described device certificate comprises plaintext data, and carries out to plaintext data the first signature generated of signing by manufacturer's private key;
Described application apparatus carries out sign test by the manufacturer's PKI obtained in advance to described first signature;
Sign test is passed through, then described information safety devices is legitimate device, otherwise described information safety devices is illegality equipment.
Present invention also offers a kind of data transmission link guard method, described method comprises:
To application apparatus transmitting apparatus certificate, wherein, described device certificate comprises the first signature by manufacturer's private key, plaintext data being carried out to signature generation, by the manufacturer's PKI obtained in advance, sign test is carried out to described first signature to make described application apparatus, if sign test is passed through, then described information safety devices is legitimate device, otherwise described information safety devices is illegality equipment.
Present invention also offers a kind of data transmission link guard method, described method comprises:
The device certificate that received information safety equipment sends, wherein, described device certificate comprises the first signature by manufacturer's private key, plaintext data being carried out to signature generation;
By the manufacturer's PKI obtained in advance, sign test is carried out to described first signature;
Sign test is passed through, then described information safety devices is legitimate device, otherwise described information safety devices is illegality equipment.
Present invention also offers a kind of line protection system of transfer of data, described system comprises information safety devices and application apparatus, wherein:
Information safety devices comprises device certificate transmitting element, for by information safety devices to application apparatus transmitting apparatus certificate, wherein, described device certificate comprises plaintext data, and by manufacturer's private key to plaintext data carry out sign generate first signature;
Described application apparatus comprises sign test unit and judging unit, and described sign test unit is used for carrying out sign test by the manufacturer's PKI obtained in advance to described first signature by described application apparatus;
Described judging unit, passes through for sign test, then described information safety devices is legitimate device, otherwise described information safety devices is illegality equipment.
Present invention also offers a kind of data line line protection device, it is characterized in that, described device comprises:
Device certificate sending module, for to application apparatus transmitting apparatus certificate, wherein, described device certificate comprises the first signature by manufacturer's private key, plaintext data being carried out to signature generation, by the manufacturer's PKI obtained in advance, sign test is carried out to described first signature to make described application apparatus, if sign test is passed through, then described information safety devices is legitimate device, otherwise described information safety devices is illegality equipment.
Present invention also offers a kind of data line line protection device, described device comprises:
Device certificate receiver module, for the device certificate that received information safety equipment sends, wherein, described device certificate comprises the first signature by manufacturer's private key, plaintext data being carried out to signature generation;
Sign test module, carries out sign test for the manufacturer's PKI by obtaining in advance to described first signature;
Judge module, passes through for sign test, then described information safety devices is legitimate device, otherwise described information safety devices is illegality equipment.
In the present invention, sign by carrying out signature generation first by manufacturer's private key to plaintext data, the device certificate comprising the first signature is sent to application apparatus, application apparatus carries out sign test by the manufacturer's PKI obtained in advance to the first signature, can judge whether information safety devices is legal information safety devices, thus can effectively identify unsafe information safety devices, improve the fail safe of information safety devices, avoid application apparatus leaking data.
Accompanying drawing explanation
Fig. 1 is the realization flow figure of the route protection that the embodiment of the present invention provided by the invention provides;
Fig. 2 is the realization flow figure of the line protection method of the transfer of data that the embodiment of the present invention provides;
Fig. 3 is the realization flow figure of the line protection method of the transfer of data that the embodiment of the present invention provides;
Fig. 4 is the interaction diagrams of the route protection of the transfer of data that the embodiment of the present invention provides;
Fig. 5 is the interaction diagrams of the route protection of the another transfer of data that the embodiment of the present invention provides;
The structural representation of the route protection protection system of the transfer of data that Fig. 6 provides for the embodiment of the present invention.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearly understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
The object of the embodiment of the present invention is the line protection method providing a kind of transfer of data, to overcome in the line protection method of transfer of data of the prior art, the information safety devices that third party palms off can not be identified, cause the problem of the data leak of application apparatus, use in the method for information safety devices protected data transmission line in prior art, first, temporary key pair is generated by application program in application apparatus, described temporary key is to comprising temporary public key and temporary private, temporary public key is sent to information safety devices by the application program of application apparatus, information safety devices is according to the temporary public key received, the route protection key generated is encrypted, generation circuit Protective Key ciphertext, and route protection key ciphertext is sent to application apparatus, application apparatus is decrypted by the temporary private of the temporary key centering generated, route protection key can be obtained, the data transmitted by route protection double secret key are encrypted transmission.Because this method can not ensure information security the fail safe of equipment, therefore, the leaking data that application apparatus transmits may be caused.
For overcoming the problems referred to above, the invention provides a kind of line protection method of transfer of data, described method comprises: information safety devices is to application apparatus transmitting apparatus certificate, and wherein, described device certificate comprises the first signature by manufacturer's private key, plaintext data being carried out to signature generation; Manufacturer's PKI that described application apparatus passes through to obtain in advance is to described first signature sign test; Sign test is passed through, then described information safety devices is legitimate device, otherwise described information safety devices is illegality equipment.
Sign by carrying out signature generation first by manufacturer's private key to plaintext data, the device certificate comprising the first signature is sent to application apparatus, manufacturer's PKI that application apparatus passes through to obtain in advance is decrypted the first signature and obtains data decryption, by comparing data decryption and plaintext data can judge whether information safety devices is legal information safety devices, thus can effectively identify unsafe information safety devices, improve the fail safe of information safety devices, avoid application apparatus leaking data.Illustrate below in conjunction with accompanying drawing.
The realization flow of the line protection method of the transfer of data that Fig. 1 provides for the embodiment of the present invention, details are as follows:
In step S101, information safety devices is to application apparatus transmitting apparatus certificate, and wherein, described device certificate comprises the first signature by manufacturer's private key, plaintext data being carried out to signature generation.
Concrete, plaintext data described in the present invention, can comprise the data of equipment PKI, also can comprise the data of other data.Concrete endorsement method is known technology, does not repeat them here.In step s 102, described application apparatus carries out sign test by the manufacturer's PKI obtained in advance to described first signature.
Concrete sign test method is known technology, does not repeat them here.Described plaintext data can be preset at application apparatus side or extracted from the device certificate received by application apparatus.When extracting plaintext data by application apparatus from the device certificate received, can be the original text extracting plaintext data, also can be extract the plaintext data result of plaintext data after the computing preset, as the cryptographic Hash of original text.
In step s 103, sign test is passed through, then described information safety devices is legitimate device, otherwise described information safety devices is illegality equipment.
In the present embodiment, sign by carrying out signature generation first by manufacturer's private key to plaintext data, the device certificate comprising the first signature is sent to application apparatus, application apparatus carries out sign test by the manufacturer's PKI obtained in advance to the first signature, thus can judge whether information safety devices is legal information safety devices, thus can effectively identify unsafe information safety devices, improve the fail safe of information safety devices, avoid application apparatus leaking data.
The realization flow of the data transmission link guard method that Fig. 2 provides for the embodiment of the present invention, details are as follows:
In step s 201, application apparatus generates temporary key pair, and the temporary public key of temporary key centering is sent to information safety devices.
Concrete, the application apparatus described in the embodiment of the present invention, refers to and can communicate with information safety devices and have the equipment of certain operational capability, such as computer, smart mobile phone and panel computer etc.Described information safety devices, refers to the hardware device for providing cryptographic service, personal identification, such as U shield etc.
Double secret key described in the embodiment of the present invention, generally refer to the double secret key that unsymmetrical key enough becomes, it comprises by the public-key cryptography (abbreviation PKI) in rivest, shamir, adelman and private cipher key (abbreviation private key), and PKI and private key are mutually different.
Wherein, described rivest, shamir, adelman is a kind of secret algorithm of key, and rivest, shamir, adelman needs two keys, public-key cryptography and private cipher keys.Public-key cryptography and private cipher key are a pair, if be encrypted data with public-key cryptography, only had and could decipher with corresponding private cipher key, if be encrypted data with private cipher key, so only had and just can be decrypted with corresponding public-key cryptography.
Temporary public key is sent to information safety devices by application apparatus, can in application apparatus set up applications, carry out the transmission of data and the reception of follow-up data by application program.
In step S202, information safety devices generation circuit Protective Key, encrypts described route protection secret generating route protection key ciphertext by temporary public key and sends to described application apparatus.
Described route protection key ciphertext is encrypted generation to route protection key.Described route protection key by information safety devices stochastic generation, and can be encrypted route protection key by the temporary public key received.
In step 203, information safety devices is to application apparatus transmitting apparatus certificate, and wherein, described device certificate comprises the first signature by manufacturer's private key, plaintext data being carried out to signature generation.
Described device certificate, can be divided into two kinds of generation situations, and the first implants device certificate in information safety devices, directly mentions device certificate in this case, and the interaction diagrams of its correspondence as shown in Figure 4.
The second situation is for generate device certificate temporarily.During interim generation device certificate, can generate for carrying out signature by the manufacturer's private key prestored to plaintext data such as the equipment PKIs in information safety devices in information safety devices, described equipment PKI and device private can be implanted in advance, or generate temporarily.The interaction diagrams of its correspondence as shown in Figure 5.
In step S204, described application apparatus carries out sign test by the manufacturer's PKI obtained in advance to described first signature.
In step S205, sign test is passed through, then described information safety devices is legitimate device, otherwise described information safety devices is illegality equipment.
Step S203-S205 is substantially identical with step S101-S103 in the above embodiments, does not repeat at this.
In step S206, if described information safety devices is legal, then application apparatus is decrypted route protection key ciphertext by temporary private, obtains route protection key.
Pass through in described first signature verification, after described information safety devices is legal, then further route protection key ciphertext is decrypted.
The embodiment of the present invention is by the device certificate in authorization information safety means; could be decrypted route protection ciphertext after being verified; because manufacturer's private key of third party's information safety devices is different; therefore, it is possible to effectively complete the safety certification to information safety devices; carry out the transmission of route protection key more further, thus the fail safe of information safety devices to information transmission can be improved.
The realization flow schematic diagram of the line protection method of the another transfer of data that Fig. 3 provides for the embodiment of the present invention, details are as follows:
In step S301, application apparatus generates temporary key pair, and the temporary public key of temporary key centering is sent to information safety devices.
In step s 302, information safety devices generation circuit Protective Key, encrypts described route protection secret generating route protection key ciphertext by temporary public key and sends to described application apparatus.
In step S303, information safety devices is to application apparatus transmitting apparatus certificate, and wherein, described device certificate comprises the first signature by manufacturer's private key, plaintext data being carried out to signature generation.
In step s 304, described application apparatus carries out sign test by the manufacturer's PKI obtained in advance to described first signature.
Step S301-S304 is substantially identical with the step S201-S204 in the above embodiments, does not repeat at this.
In step S305, information safety devices is signed to the second data comprising route protection ciphertext and device certificate by device private, obtains the second signature and sends to application apparatus.
In this step, described second signature carries out signature by device private to device certificate together with route protection ciphertext to obtain, after the follow-up checking to signature, to carry out the deciphering of route protection ciphertext.
In step S306, the first signature sign test is passed through, then described information safety devices is legitimate device, otherwise described information safety devices is illegality equipment.
In step S307, application apparatus, according to equipment PKI, carries out sign test to described second signature, if sign test is not passed through, then described second signature is illegal.
Concrete; described application apparatus is according to equipment PKI; sign test is carried out to described second signature; if sign test is not passed through; then described second signature is illegal, is specially: described application apparatus utilizes the route protection ciphertext and device certificate that receive, carries out sign test according to equipment PKI to described second signature; if sign test is not passed through, then described second signature is illegal.
If legal to the device certificate checking comprising the first signature, then can decipher the equipment PKI of the first signature obtained in device certificate, according to the equipment PKI obtained, legitimate verification can be carried out to the second signature using device private to sign.Concrete signature verification method is known technology, does not repeat them here.
In step S308, if described information safety devices is legal, then application apparatus is decrypted route protection key ciphertext by temporary private, obtains route protection key.
In the present embodiment, by carrying out sign test to the second signature, further ensure the legitimacy of information safety devices and the integrality of route protection key ciphertext.
Information safety devices described is in embodiments of the present invention for providing the hardware device of cryptographic service and/or personal identification, and described application apparatus is can communicate with information safety devices and have the equipment of operational capability.
The embodiment of the present invention, on the line protection method basis of transfer of data described in Fig. 2, comprises extraction equipment PKI from device certificate further and verifies the second signature, thus can ensure reliability and the safety of line transmission further.
Corresponding with data transmission link guard method described in Fig. 1 to Fig. 3, describe from the angle of information safety devices, described data transmission link guard method comprises:
To application apparatus transmitting apparatus certificate, wherein, described device certificate comprises the first signature by manufacturer's private key, plaintext data being carried out to signature generation, by the manufacturer's PKI obtained in advance, sign test is carried out to described first signature to make described application apparatus, if sign test is passed through, then described information safety devices is legitimate device, otherwise described information safety devices is illegality equipment.
Describe from the angle of application apparatus, described data transmission link guard method comprises:
The device certificate that received information safety equipment sends, wherein, described device certificate comprises the first signature by manufacturer's private key, plaintext data being carried out to signature generation;
By the manufacturer's PKI obtained in advance, sign test is carried out to described first signature;
Sign test is passed through, then described information safety devices is legitimate device, otherwise described information safety devices is illegality equipment.
The structural representation of the line protection system of the transfer of data that Fig. 6 provides for the embodiment of the present invention, details are as follows:
The line protection system of transfer of data described in the embodiment of the present invention, described system comprises information safety devices and application apparatus, wherein:
Information safety devices comprises device certificate transmitting element 501, for by information safety devices to application apparatus transmitting apparatus certificate, wherein, described device certificate comprises plaintext data, and by manufacturer's private key to plaintext data carry out sign generate first signature;
Described application apparatus comprises sign test unit 502 and judging unit 503, and described sign test unit is used for carrying out sign test by the manufacturer's PKI obtained in advance to described first signature by described application apparatus;
Described judging unit 503, passes through for sign test, then described information safety devices is legitimate device, otherwise described information safety devices is illegality equipment.
Preferably, described system also comprises:
The temporary public key of temporary key centering, to generation unit, for generating temporary key pair by application apparatus, and is sent to information safety devices by temporary key;
Route protection Key generating unit, for by information safety devices generation circuit Protective Key, encrypts described route protection secret generating route protection key ciphertext by temporary public key and sends to described application apparatus;
Decryption unit, if legal for described information safety devices, then application apparatus is decrypted route protection key ciphertext by temporary private, obtains route protection key.
Preferably, described device certificate for be implanted in information safety devices in advance, or, generate in information safety devices temporarily.
Preferably, described information safety devices is for providing the hardware device of cryptographic service and/or personal identification, and described application apparatus is can communicate with information safety devices and have the equipment of operational capability.Such as information safety devices can be U shield etc., and described application apparatus can be smart mobile phone or computer etc.
Corresponding with line transmission protection system described in Fig. 6; from the angle of information safety devices; described data line line protection device comprises: device certificate sending module; for to application apparatus transmitting apparatus certificate; wherein; described device certificate comprises the first signature by manufacturer's private key, plaintext data being carried out to signature generation; by the manufacturer's PKI obtained in advance, sign test is carried out to described first signature to make described application apparatus; if sign test is passed through; then described information safety devices is legitimate device, otherwise described information safety devices is illegality equipment.
From the angle of application apparatus, described data line line protection device comprises:
Device certificate receiver module, for the device certificate that received information safety equipment sends, wherein, described device certificate comprises the first signature by manufacturer's private key, plaintext data being carried out to signature generation;
Sign test module, carries out sign test for the manufacturer's PKI by obtaining in advance to described first signature;
Judge module, passes through for sign test, then described information safety devices is legitimate device, otherwise described information safety devices is illegality equipment.
In several embodiment provided by the present invention, should be understood that, disclosed apparatus and method, can realize by another way.Such as, device embodiment described above is only schematic, such as, the division of described unit, be only a kind of logic function to divide, actual can have other dividing mode when realizing, such as multiple unit or assembly can in conjunction with or another system can be integrated into, or some features can be ignored, or do not perform.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, and the indirect coupling of device or unit or communication connection can be electrical, machinery or other form.
The described unit illustrated as separating component or can may not be and physically separates, and the parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of unit wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, also can be that the independent physics of unit exists, also can two or more unit in a unit integrated.Above-mentioned integrated unit both can adopt the form of hardware to realize, and the form of SFU software functional unit also can be adopted to realize.
If described integrated unit using the form of SFU software functional unit realize and as independently production marketing or use time, can be stored in a computer read/write memory medium.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words or all or part of of this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform all or part of of method described in each embodiment of the present invention.And aforesaid storage medium comprises: USB flash disk, portable hard drive, read-only memory (ROM, Read-OnlyMemory), random access memory (RAM, RandomAccessMemory), magnetic disc or CD etc. various can be program code stored medium.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, all any amendments done within the spirit and principles in the present invention, equivalent replacement and improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. a line protection method for transfer of data, is characterized in that, described method comprises:
Information safety devices is to application apparatus transmitting apparatus certificate, and wherein, described device certificate comprises the first signature by manufacturer's private key, plaintext data being carried out to signature generation;
Described application apparatus carries out sign test by the manufacturer's PKI obtained in advance to described first signature;
Sign test is passed through, then described information safety devices is legitimate device, otherwise described information safety devices is illegality equipment.
2. method according to claim 1, is characterized in that, described application apparatus carries out sign test by the manufacturer's PKI obtained in advance to described first signature and is specially:
Described application apparatus utilizes the plaintext data prestored or the plaintext data extracted from device certificate, then combines manufacturer's PKI of obtaining in advance and carry out sign test to described first signature.
3. method according to claim 1 or 2, is characterized in that, described method also comprises:
Application apparatus generates temporary key pair, and the temporary public key of temporary key centering is sent to information safety devices;
Information safety devices generation circuit Protective Key, encrypts described route protection secret generating route protection key ciphertext by temporary public key and sends to described application apparatus;
If described information safety devices is legal, then application apparatus is decrypted route protection key ciphertext by temporary private, obtains route protection key.
4. method according to claim 3, it is characterized in that, described plaintext data comprises equipment PKI; Described method also comprises:
Information safety devices is signed to the second data comprising route protection ciphertext and device certificate by device private, obtains the second signature and sends to application apparatus;
If described information safety devices is legal, then application apparatus uses temporary private to be decrypted route protection key ciphertext, and before obtaining route protection key step, described method also comprises:
Application apparatus, according to equipment PKI, carries out sign test to described second signature, if sign test is not passed through, then described second signature is illegal.
5. method according to claim 4; it is characterized in that; described application apparatus is according to equipment PKI; carry out sign test to described second signature, if sign test is not passed through, then described second signature is illegal; be specially: described application apparatus utilizes the route protection ciphertext and device certificate that receive; carry out sign test according to equipment PKI to described second signature, if sign test is not passed through, then described second signature is illegal.
6. a data transmission link guard method, is characterized in that, described method comprises:
To application apparatus transmitting apparatus certificate, wherein, described device certificate comprises the first signature by manufacturer's private key, plaintext data being carried out to signature generation, by the manufacturer's PKI obtained in advance, sign test is carried out to described first signature to make described application apparatus, if sign test is passed through, then described information safety devices is legitimate device, otherwise described information safety devices is illegality equipment.
7. a data transmission link guard method, is characterized in that, described method comprises:
The device certificate that received information safety equipment sends, wherein, described device certificate comprises the first signature by manufacturer's private key, plaintext data being carried out to signature generation;
By the manufacturer's PKI obtained in advance, sign test is carried out to described first signature;
Sign test is passed through, then described information safety devices is legitimate device, otherwise described information safety devices is illegality equipment.
8. a line protection system for transfer of data, is characterized in that, described system comprises information safety devices and application apparatus, wherein:
Information safety devices comprises device certificate transmitting element, for by information safety devices to application apparatus transmitting apparatus certificate, wherein, described device certificate comprises plaintext data, and by manufacturer's private key to plaintext data carry out sign generate first signature;
Described application apparatus comprises sign test unit and judging unit, and described sign test unit is used for carrying out sign test by the manufacturer's PKI obtained in advance to described first signature by described application apparatus;
Described judging unit, passes through for sign test, then described information safety devices is legitimate device, otherwise described information safety devices is illegality equipment.
9. a data line line protection device, is characterized in that, described device comprises:
Device certificate sending module, for to application apparatus transmitting apparatus certificate, wherein, described device certificate comprises the first signature by manufacturer's private key, plaintext data being carried out to signature generation, by the manufacturer's PKI obtained in advance, sign test is carried out to described first signature to make described application apparatus, if sign test is passed through, then described information safety devices is legitimate device, otherwise described information safety devices is illegality equipment.
10. a data line line protection device, is characterized in that, described device comprises:
Device certificate receiver module, for the device certificate that received information safety equipment sends, wherein, described device certificate comprises the first signature by manufacturer's private key, plaintext data being carried out to signature generation;
Sign test module, carries out sign test for the manufacturer's PKI by obtaining in advance to described first signature;
Judge module, passes through for sign test, then described information safety devices is legitimate device, otherwise described information safety devices is illegality equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510831408.8A CN105490812B (en) | 2015-11-25 | 2015-11-25 | The line protection method and device of data transmission |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510831408.8A CN105490812B (en) | 2015-11-25 | 2015-11-25 | The line protection method and device of data transmission |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105490812A true CN105490812A (en) | 2016-04-13 |
| CN105490812B CN105490812B (en) | 2019-06-18 |
Family
ID=55677559
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510831408.8A Active CN105490812B (en) | 2015-11-25 | 2015-11-25 | The line protection method and device of data transmission |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105490812B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108174370A (en) * | 2017-12-14 | 2018-06-15 | 北京明华联盟科技有限公司 | Bluetooth security connection method, device, terminal and computer readable storage medium |
| CN109101803A (en) * | 2018-07-25 | 2018-12-28 | 腾讯科技(深圳)有限公司 | Biometric apparatus and method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101170407A (en) * | 2007-12-03 | 2008-04-30 | 北京深思洛克数据保护中心 | A method for securely generating secret key pair and transmitting public key or certificate application file |
| US20120047503A1 (en) * | 2007-06-08 | 2012-02-23 | Zhou Lu | Method for virtualizing a personal working environment and device for the same |
| CN103346883A (en) * | 2013-06-19 | 2013-10-09 | 天地融科技股份有限公司 | Method and device for initializing electronic signature tool |
| CN103838988A (en) * | 2014-03-07 | 2014-06-04 | 北京深思数盾科技有限公司 | Information security protection method and device |
| CN104639327A (en) * | 2015-01-29 | 2015-05-20 | 杭州晟元芯片技术有限公司 | Method for identifying and correlating equipment by digital certificate |
-
2015
- 2015-11-25 CN CN201510831408.8A patent/CN105490812B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120047503A1 (en) * | 2007-06-08 | 2012-02-23 | Zhou Lu | Method for virtualizing a personal working environment and device for the same |
| CN101170407A (en) * | 2007-12-03 | 2008-04-30 | 北京深思洛克数据保护中心 | A method for securely generating secret key pair and transmitting public key or certificate application file |
| CN103346883A (en) * | 2013-06-19 | 2013-10-09 | 天地融科技股份有限公司 | Method and device for initializing electronic signature tool |
| CN103838988A (en) * | 2014-03-07 | 2014-06-04 | 北京深思数盾科技有限公司 | Information security protection method and device |
| CN104639327A (en) * | 2015-01-29 | 2015-05-20 | 杭州晟元芯片技术有限公司 | Method for identifying and correlating equipment by digital certificate |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108174370A (en) * | 2017-12-14 | 2018-06-15 | 北京明华联盟科技有限公司 | Bluetooth security connection method, device, terminal and computer readable storage medium |
| CN109101803A (en) * | 2018-07-25 | 2018-12-28 | 腾讯科技(深圳)有限公司 | Biometric apparatus and method |
| CN109101803B (en) * | 2018-07-25 | 2023-06-23 | 腾讯科技(深圳)有限公司 | Biometric identification apparatus and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105490812B (en) | 2019-06-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103067401B (en) | Method and system for key protection | |
| CN101867898B (en) | Short message encrypting communication system, method and secret key center | |
| CN105553951A (en) | Data transmission method and data transmission device | |
| EP3664360B1 (en) | Certificateless public key encryption using pairings | |
| CN105071935A (en) | Data processing method, heterogeneous system and integrated system | |
| CN102986161B (en) | For carrying out the method and system of cryptoguard to application | |
| CN104424446A (en) | Safety verification and transmission method and system | |
| CN103678174A (en) | Data safety method, storage device and data safety system | |
| CN103078742A (en) | Generation method and system of digital certificate | |
| CN105989643A (en) | Communication encryption method used for electronic lock, electronic lock apparatus and system thereof | |
| CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
| CN105407467A (en) | Short message encryption methods, devices and system | |
| CN102647279A (en) | Encryption method, encryption card, terminal equipment and machine-card interlocking device | |
| CN103414564A (en) | Secrete key card, secrete key device and method for protecting private key | |
| CN115348023A (en) | Data security processing method and device | |
| CN112003697A (en) | Encryption and decryption method and device for cryptographic module, electronic equipment and computer storage medium | |
| US20220038267A1 (en) | Methods and devices for secured identity-based encryption systems with two trusted centers | |
| CN105191332A (en) | Method and device to embed watermark in uncompressed video data | |
| CN105490812A (en) | Data transmission line protection method and device | |
| CN104253692A (en) | SE-based (symmetric encryption based) key management method and device | |
| CN101296077A (en) | Identity authentication system based on bus type topological structure | |
| CN107343276B (en) | Method and system for protecting SIM card locking data of terminal | |
| CN104579691A (en) | BYOD mode control method, mobile device and system | |
| CN105049433A (en) | Identified card number information transmission verification method and system | |
| CN110636502A (en) | Wireless encryption communication method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |