CN105790936A - Data transmission method - Google Patents
Data transmission method Download PDFInfo
- Publication number
- CN105790936A CN105790936A CN201610277454.2A CN201610277454A CN105790936A CN 105790936 A CN105790936 A CN 105790936A CN 201610277454 A CN201610277454 A CN 201610277454A CN 105790936 A CN105790936 A CN 105790936A
- Authority
- CN
- China
- Prior art keywords
- key
- data
- datapublisher
- edgerouter
- datauser
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 230000005540 biological transmission Effects 0.000 title claims abstract description 12
- 230000004044 response Effects 0.000 claims description 5
- 230000003139 buffering effect Effects 0.000 abstract 1
- 238000010586 diagram Methods 0.000 description 2
- 238000004064 recycling Methods 0.000 description 2
- 238000012163 sequencing technique Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 210000003141 lower extremity Anatomy 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/568—Storing data temporarily at an intermediate stage, e.g. caching
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
Abstract
An embodiment of the invention provides a data transmission method. The data transmission method comprises the steps of generating a key set by a Data Publisher, wherein the key set comprises a public key Kp and a private key Ks; publishing the public key Kp in the key set by the Data Publisher to an Edge router; generating a random key K1 by the Data Publisher; encrypting data content M by the Data Publisher by means of the random key K1 and the private key Kp for obtaining the data content C1; and publishing the data content C1 to the Edge router by the Data Publisher for buffering.
Description
Technical field
The present invention relates to communication field, specifically relate generally to a kind of data transmission method.
Background technology
Fig. 1 citing illustrates that the one of CDN is likely to framework, and wherein, the router that the data content (such as video, audio frequency etc.) from DataPublisher110 can pass through in information-CentricNetworking120 transmits to Datauser130.Edgerouter in information-CentricNetworking120 can buffer memory from some data contents of DataPublisher110.Sometimes can get required content from the Datauser close to Edgerouter nearby from the content of Edgerouter buffer memory, and then reduce network congestion and improve the purpose of user's access response speed.
When being cached to Edgerouter from the data content of DataPublisher110, Edgerouter also can obtain the key Kx from DataPublisher110, according to key Kx, Edgerouter can determine which Datauser has the authority obtaining these data contents being cached to Edgerouter, after Edgerouter determines that Datauser130 has content obtaining authority, send corresponding data content to Datauser130.But DataPublisher110 also loses the control of authority of institute's cache data content in Edgerouter to a certain extent in this case.
Summary of the invention
The embodiment provides a kind of data transmission method, it is possible to be conducive to DataPublisher that data content is carried out control of authority.
DataPublisher generates key group, and described key group comprises PKI Kp and private key Ks;
DataPublisher issues the PKI Kp in described key group to Edgerouter;
DataPublisher generates random key K1;
DataPublisher uses random key K1 and private key Kp to be encrypted to obtain data content C1 to data content M;
Data content C1 is published to Edgerouter and carries out buffer memory by DataPublisher.
In the embodiment of the present invention, DataPublisher can generate random key K1, and according to K1, data content is encrypted, owing to K1 can't be provided to Edgerouter, so Edgerouter does not control the authority of data content completely, need for being controlled by DataPublisher, be therefore beneficial to DataPublisher and data content is carried out control of authority.
Accompanying drawing explanation
In order to be illustrated more clearly that the technical scheme in the embodiment of the present invention, the accompanying drawing used required in embodiment will be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the premise not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is existing network configuration diagram;
Fig. 2 is one embodiment schematic diagram of data transmission method of the present invention.
Detailed description of the invention
Embodiments provide a kind of data transmission method, it is possible to be conducive to DataPublisher that data content is carried out control of authority.
In description of the present invention, claims and accompanying drawing, the term " first " of appearance, " second " and " the 3rd " etc. are for distinguishing different objects, and are not intended to the specific order of description.Additionally, term " including " and " having " and their any deformation, it is intended that cover non-exclusive comprising.Such as contain series of steps or the process of unit, method, system, product or equipment are not limited to step or the unit listed, but also include step or the unit do not listed alternatively, or also include other step intrinsic for these processes, method, product or equipment or unit alternatively.
Content distributing network (CDN, ContentDeliveryNetwork) is to build a kind of network being mainly used in content distribution on physical network.CDN can rely on the Edge Server that is deployed in various places, and (product form of Edge Server is probably router, it is likely at this scene lower limb server and is referred to as border router (Edgerouter)) make user obtain required content nearby, and then reduce network congestion and improve the purpose of user's access response speed.
Fig. 1 citing illustrates that the one of CDN is likely to framework, and wherein, the router that the data content (such as video, audio frequency etc.) from DataPublisher110 can pass through in information-CentricNetworking120 transmits to Datauser130.Edgerouter in information-CentricNetworking120 can buffer memory from some data contents of DataPublisher110.Sometimes can get required content from the Datauser close to Edgerouter nearby from the content of Edgerouter buffer memory, and then reduce network congestion and improve the purpose of user's access response speed.
When being cached to Edgerouter from the data content of DataPublisher110, Edgerouter also can obtain the key Kx from DataPublisher110, according to key Kx, Edgerouter can determine which Datauser has the authority obtaining these data contents being cached to Edgerouter, after Edgerouter determines that Datauser130 has content obtaining authority, send corresponding data content to Datauser130.But DataPublisher110 also loses the control of authority of institute's cache data content in Edgerouter to a certain extent in this case.
The solution of problem mentioned above is inquired into below by specific embodiment.
Referring to the schematic flow sheet that Fig. 2, Fig. 2 are the another kind of data transmission methods that one embodiment of the present of invention provides.Wherein, as in figure 2 it is shown, the another kind of data transmission method that one embodiment of the present of invention provides can include herein below:
S201, DataPublisher generate the key group (Kp, Ks) including PKI and private key.
S202, DataPublisher issue the PKI Kp in key group (Kp, Ks) to Edgerouter.
S203, DataPublisher generate random key K1.
S204, DataPublisher use random key K1 and private key Kp to be encrypted to obtain data content C1 to data content M.
Data content C1 is published to Edgerouter and carries out buffer memory by S205, DataPublisher.
S206, DataPublisher preserve the corresponding relation between the content identification Tc1 and random key K1 of data content C1.
Wherein, there is no the sequencing of certainty between step S205 and S206, for instance step S205 also can be later than S206 and perform, or step S205 and S206 can synchronize to perform.
S207, Datauser send data content to Edgerouter and obtain request, and described data content obtains the content identification Tc1 that request carries the data content of acquisition request.
The data content that S208, Edgerouter receive from Datauser obtains request, and when determining that described data content C1 corresponding for content identification Tc1 is cached in Edgerouter, Edgerouter generates random key K2.
The present embodiment obtains data content corresponding to the content identification carried in request by the situation of Edgerouter buffer memory for data content, when data content obtains data content corresponding to the content identification carried in request not by Edgerouter buffer memory, the present embodiment is temporarily not inquired into.
S209, Edgerouter use random key K2 that data content C1 is encrypted obtain data content C2, Edgerouter use PKI Kp and are encrypted to obtain data C0 to random key K2 and content identification Tc1.
It is appreciated that step S202 can perform any time between S209 and S201.
S210, Edgerouter send the data content carrying data C0 and data content C2 and obtain response to Datauser.
Data C0 and data content C2, Datauser that S211, Datauser receive from Edgerouter send the certification request of the identity information carrying data C0 and Datauser to DataPublisher.
The certification that S212, DataPublisher receive from Datauser is asked, DataPublisher utilizes the identity information that certification request is carried that Datauser is carried out authentication, when the authentication of Datauser is passed through, data C0 is decrypted to obtain key K2 and content identification Tc1, DataPublisher and determines the key K1 with it with corresponding relation according to content identification Tc1 by DataPublisher use PKI Ks.
Key K2, key K1 and key Ks are combined processing to obtain key K by S213, DataPublisher.
S214, DataPublisher send key K to Datauser.
S215, Datauser receive from DataPublisher to key K, Datauser use key K be decrypted to obtain data content M to data content C2.
When specifically deciphering, Datauser can first use key K that data content C2 is decrypted to obtain data content C1, and data content C1 is decrypted and obtains data content M by recycling key K.
Can be seen that, in the present embodiment, the authentication of Datauser is performed by DataPublisher, and to issue requested data content to Datauser by Edgerouter, Datauser is being passed through to obtain the corresponding secret key for deciphering the data content from Edgerouter afterwards by DataPublisher authentication, that is, the issue of data content and the checking of user identity have been separated by the mechanism of the present embodiment, and this mechanism makes DataPublisher have the flexible control of authority of institute's cache data content in Edgerouter.
Except the embodiment described by Fig. 2, the data transmission method that another embodiment of the present invention provides can include herein below:
S1, DataPublisher generate the key group (Kp, Ks) including PKI and private key.
S2, DataPublisher issue the PKI Kp in key group (Kp, Ks) to Edgerouter.
S3, DataPublisher generate random key K1.
S4, DataPublisher use random key K1 and private key Kp to be encrypted to obtain data content C1 to data content M.
Data content C1 is published to Edgerouter and carries out buffer memory by S5, DataPublisher.
S6, DataPublisher preserve the corresponding relation between the content identification Tc1 and random key K1 of data content C1.
Wherein, there is no the sequencing of certainty between step S5 and S6, for instance step S5 also can be later than S6 and perform, or step S5 and S6 can synchronize to perform.
S7, Datauser send data content to Edgerouter and obtain request, and described data content obtains the content identification Tc1 that request carries the data content of acquisition request.
The data content that S8, Edgerouter receive from Datauser obtains request, and when determining that described data content C1 corresponding for content identification Tc1 is cached in Edgerouter, Edgerouter generates random key K2.
The present embodiment obtains data content corresponding to the content identification carried in request by the situation of Edgerouter buffer memory for data content, when data content obtains data content corresponding to the content identification carried in request not by Edgerouter buffer memory, the present embodiment is temporarily not inquired into.
S9, Edgerouter use random key K2 that data content C1 is encrypted obtain data content C2, Edgerouter use PKI Kp and to random key K2 and are encrypted to obtain data C0.
It is appreciated that step S2 can perform any time between S8 and S1.
S10, Edgerouter send data C0 and data content C2 to Datauser.
Data C0 and data content C2, Datauser that S11, Datauser receive from Edgerouter send the certification request of the identity information carrying content identification Tc1, data C0 and Datauser to DataPublisher.
The certification that S12, DataPublisher receive from Datauser is asked, DataPublisher utilizes the identity information that certification request is carried that Datauser is carried out authentication, when the authentication of Datauser is passed through, PKI Ks is used to be decrypted data C0 to obtain key K2.The content identification Tc1 that DataPublisher carries according to certification request determines the key K1 with it with corresponding relation.
Key K2, key K1 and key Ks are combined processing to obtain key K by S13, DataPublisher.
S14, DataPublisher send key K to Datauser.
S15, Datauser receive from DataPublisher to key K, Datauser use key K be decrypted to obtain data content M to data content C2.
When specifically deciphering, Datauser can first use key K that data content C2 is decrypted to obtain data content C1, and data content C1 is decrypted and obtains data content M by recycling key K.
The above; being only the present invention preferably detailed description of the invention, but protection scope of the present invention is not limited thereto, any those familiar with the art is in the technical scope that the invention discloses; the change that can readily occur in or replacement, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with scope of the claims.
Claims (7)
1. a data transmission method, it is characterised in that including:
DataPublisher generates key group, and described key group comprises PKI Kp and private key Ks;
DataPublisher issues the PKI Kp in described key group to Edgerouter;
DataPublisher generates random key K1;
DataPublisher uses random key K1 and private key Kp to be encrypted to obtain data content C1 to data content M;
Data content C1 is published to Edgerouter and carries out buffer memory by DataPublisher.
2. method according to claim 1, it is characterised in that described method also includes:
DataPublisher preserves the corresponding relation between the content identification Tc1 and random key K1 of data content C1.
3. method according to claim 2, it is characterised in that data content C1 is published to after Edgerouter carries out buffer memory by described DataPublisher, and described method also includes:
The data content that Edgerouter receives from Datauser obtains request, and described data content obtains the content identification Tc1 that request carries the data content of acquisition request;
If described data content C1 corresponding for content identification Tc1 is cached in Edgerouter, then Edgerouter obtains data C0 according to random key K2 and PKI Kp.
4. method according to claim 3, it is characterised in that described Edgerouter obtains data C0 according to random key K2 and PKI Kp and includes:
Edgerouter generates random key K2;
Edgerouter uses random key K2 to be encrypted to obtain data content C2 to data content C1;
Edgerouter uses PKI Kp to be encrypted to obtain data C0 to random key K2 and content identification Tc1.
5. method according to claim 4, it is characterised in that after described Edgerouter obtains data C0 according to random key K2 and PKI Kp, described method also includes:
Edgerouter sends the data content carrying data C0 and data content C2 and obtains response to Datauser;
Datauser receives data C0 and data content C2 from Edgerouter;
Datauser sends the certification request of the identity information carrying data C0 and Datauser to DataPublisher;
The certification that DataPublisher receives from Datauser is asked;
DataPublisher utilizes the identity information that certification request is carried that Datauser is carried out authentication;
When the authentication of Datauser is passed through, DataPublisher uses PKI Ks to be decrypted data C0 to obtain key K2 and content identification Tc1;
DataPublisher determines the key K1 with it with corresponding relation according to content identification Tc1;
Key K2, key K1 and key Ks are combined processing to obtain key K by DataPublisher;
DataPublisher sends key K to Datauser;
Datauser receive from DataPublisher to key K;
Datauser uses key K to be decrypted to obtain data content M to data content C2.
6. method according to claim 3, it is characterised in that described Edgerouter obtains data C0 according to random key K2 and PKI Kp and includes:
Edgerouter generates random key K2;
Edgerouter uses random key K2 to be encrypted to obtain data content C2 to data content C1;
Edgerouter uses PKI Kp to be encrypted to obtain data C0 to random key K2.
7. method according to claim 6, it is characterised in that after described Edgerouter obtains data C0 according to random key K2 and PKI Kp, described method also includes:
Edgerouter sends data C0 and data content C2 to Datauser;
Datauser receives data C0 and data content C2 from Edgerouter;
Datauser sends the certification request of the identity information carrying content identification Tc1, data C0 and Datauser to DataPublisher;
The certification that DataPublisher receives from Datauser is asked;
DataPublisher utilizes the identity information that certification request is carried that Datauser is carried out authentication;
When the authentication of Datauser is passed through, PKI Ks is used to be decrypted data C0 to obtain key K2;
The content identification Tc1 that DataPublisher carries according to certification request determines the key K1 with it with corresponding relation;
Key K2, key K1 and key Ks are combined processing to obtain key K by DataPublisher;
DataPublisher sends key K to Datauser;
Datauser receive from DataPublisher to key K;
Datauser uses key K to be decrypted to obtain data content M to data content C2.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610277454.2A CN105790936A (en) | 2016-04-28 | 2016-04-28 | Data transmission method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610277454.2A CN105790936A (en) | 2016-04-28 | 2016-04-28 | Data transmission method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105790936A true CN105790936A (en) | 2016-07-20 |
Family
ID=56400104
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610277454.2A Pending CN105790936A (en) | 2016-04-28 | 2016-04-28 | Data transmission method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105790936A (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101127597A (en) * | 2007-10-09 | 2008-02-20 | 华中科技大学 | Data transmission encryption method of MANET network |
CN101883100A (en) * | 2010-06-11 | 2010-11-10 | 北京大学 | Digital content distributed authorization method |
CN102025507A (en) * | 2010-12-24 | 2011-04-20 | 暨南大学 | Digital copyright management method and device for protecting digital content consumer privacy |
US20130016839A1 (en) * | 2011-07-15 | 2013-01-17 | Yokogawa Electric Corporation | Wireless communication apparatus and method of preventing leakage of encrypted key |
CN103391541A (en) * | 2013-05-10 | 2013-11-13 | 华为终端有限公司 | Configuration method of wireless devices, device and system |
WO2016058523A1 (en) * | 2014-10-13 | 2016-04-21 | Huawei Technologies Co., Ltd. | Data distributing over network to user devices |
-
2016
- 2016-04-28 CN CN201610277454.2A patent/CN105790936A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101127597A (en) * | 2007-10-09 | 2008-02-20 | 华中科技大学 | Data transmission encryption method of MANET network |
CN101883100A (en) * | 2010-06-11 | 2010-11-10 | 北京大学 | Digital content distributed authorization method |
CN102025507A (en) * | 2010-12-24 | 2011-04-20 | 暨南大学 | Digital copyright management method and device for protecting digital content consumer privacy |
US20130016839A1 (en) * | 2011-07-15 | 2013-01-17 | Yokogawa Electric Corporation | Wireless communication apparatus and method of preventing leakage of encrypted key |
CN103391541A (en) * | 2013-05-10 | 2013-11-13 | 华为终端有限公司 | Configuration method of wireless devices, device and system |
WO2016058523A1 (en) * | 2014-10-13 | 2016-04-21 | Huawei Technologies Co., Ltd. | Data distributing over network to user devices |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9959413B2 (en) | Security and data privacy for lighting sensory networks | |
CN105245328B (en) | It is a kind of that management method is generated based on the key of third-party user and file | |
CN111030996B (en) | Method and device for accessing resources | |
CN106503995A (en) | A kind of data sharing method, source node, destination node and system | |
US11343081B2 (en) | Synchronizable hardware security module | |
WO2019147747A3 (en) | User identity and trust models in decentralized and distributed systems | |
CN104104692B (en) | A kind of virtual machine encryption method, decryption method and encryption and decryption control system | |
CN107659829A (en) | A kind of method and system of video-encryption | |
WO2019004929A3 (en) | Network slice allocation method, device and system | |
EP2475194B1 (en) | Service access method, system and device based on wlan access authentication | |
SG120868A1 (en) | Data storage device security method and apparatus | |
CN111163036B (en) | Data sharing method, device, client, storage medium and system | |
JP2008060789A (en) | Public key distribution system and public key distribution method | |
CN106685644B (en) | Communication encryption method and device, gateway, server, intelligent terminal and system | |
CN106911702A (en) | Based on the cloud storage block encryption access control method for improving CP ABE | |
CN104135471B (en) | The anti-abduction communication means of DNS | |
CN111193755B (en) | Data access method, data encryption method and data encryption and access system | |
CN105791244B (en) | For the method for routing change, border router and system between control domain | |
CN108063748B (en) | User authentication method, device and system | |
CN104869142B (en) | Link sharing method, system and device based on social platform | |
CN113794702A (en) | Communication high-level encryption method in intelligent household system | |
US20180314807A1 (en) | File permission control method | |
CN105790936A (en) | Data transmission method | |
CN102752307A (en) | Transmission method and system on basis of identified video monitoring data | |
Darve et al. | Comparison of biometric and non-biometric security techniques in mobile cloud computing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1233392 Country of ref document: HK |
|
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160720 |
|
REG | Reference to a national code |
Ref country code: HK Ref legal event code: WD Ref document number: 1233392 Country of ref document: HK |