CN106452792A - Data single transmission module based on digital signature integrity checking - Google Patents
Data single transmission module based on digital signature integrity checking Download PDFInfo
- Publication number
- CN106452792A CN106452792A CN201611021596.9A CN201611021596A CN106452792A CN 106452792 A CN106452792 A CN 106452792A CN 201611021596 A CN201611021596 A CN 201611021596A CN 106452792 A CN106452792 A CN 106452792A
- Authority
- CN
- China
- Prior art keywords
- data
- digital signature
- individual event
- transmission
- single transmission
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Abstract
The invention discloses a data single transmission module based on digital signature integrity checking. The data single transmission module is characterized in that data single transmission with an integrity checking function is realized by a digital signature technology and a data diode technology; and the data single transmission module comprises three parts, namely, a single transmission part, a digital signature verifying part and a data transmission integrity feedback part. In the data single transmission module based on the digital signature integrity checking, the data diode technology is adopted, and a single transmission feature of light is utilized in conjunction with a digital signature integrity checking feature, so that secure one-way import of the data is realized. A sender performs message digest and digital signature on transmitted data by using an asymmetrical key in an encrypted chip, and a receiver verifies a signature value and the message digest after receiving the data, and if the data are consistent, the data are transmitted safely and completely.
Description
Technical field
The present invention relates to cryptographic technique, technical field of data transmission are and in particular to a kind of be based on digital signature integrality school
The data individual event transport module tested.
Background technology
At present, a lot of government organs and business unit all build important service system and working environment physically-isolated
In independent internal network.Although physically-isolated separate internal network has largely ensured that the safety of significant data is protected
Close property, but had a strong impact on the operation of operating information system and the use of user.Resource on internet is extremely abundant, connects
It is frequently necessary to obtain various data and information from Low Security Level network in the user in High Security Level network, artificially network is disconnected
The operating efficiency making user substantially reduces;Finally, currently typically pass through to High Security Level transmitted data on network from Low Security Level network
The mode imprinted CDs, in addition to using upper inconvenience, also creates a large amount of wastes imprinted CDs, and it is hidden itself to there is safety
Suffer from.
Therefore, more and more it is fully recognized that, being fully disconnected network is not purpose, the safety of protection concerning security matters network is
It is purpose.Why to disconnect now, be because also not having a kind of trustworthy technology can realize safe interconnection.How
The connection data realized between the public networks such as important internal network and internet is exchangeed problem, and becomes one in informatization
The major issue of individual urgent need to resolve.
Content of the invention
The technical problem to be solved in the present invention is:The present invention is directed to problem above, provides a kind of complete based on digital signature
Property verification data individual event transport module.
The technical solution adopted in the present invention is:
A kind of data individual event transport module based on digital signature completeness check, described data individual event transport module is using numeral
Signature technology data diode technologies, realize the data individual event transmission with completeness check function, the unidirectional biography of described data
Defeated module includes three parts:Individual event hop, digital signature sign test part data transmission integrity feedback fraction, wherein:
Individual event hop employs data diode technology, and the one-way design using light completes, and realizes the unidirectional height of data
Speed transmission;
Digital signature sign test part, in a side of data is activation, be mainly responsible for transmission data the calculating of message digest value and
Data signature;In the opposing party of data receiver, mainly it is by the sign test of data signature and eap-message digest is worth comparing, complete one
Cause then to be verified;
Data transfer integrity feedback fraction, is also to employ data diode technology, and the one-way design using light completes, root
It is worth comparison result according to receiving side data signature and eap-message digest, transmission side is sent with a feedback signal, for ensureing data biography
Defeated unidirectional safety, this feedback signal is defined as transmitting 0 and 1 two value:Value of feedback is 0 and represents that data is complete
Property checking not over sender re-starts the transmission of data;Value of feedback is 1 and represents that data integrity validation passes through.
Described individual event hop realizes a self-defining single line transmission interface using FPGA, and this interface includes two
Point:A part is used for sending data, and a part is used for receiving data, has caching mechanism, realize sending and receiving inside FPGA
Dynamic equilibrium.
Described self-defining single line transmission interface has tight data checking mechanisms, is accurate to bit, effectively ensures
The accuracy of data.
Described data checking mechanisms are detected the integrality it is ensured that packet to each packet.
Beneficial effects of the present invention are:
The data individual event transport module based on digital signature completeness check for the present invention, using data diode technology, using light
Individual event transmission characteristic, merge digital signature integrity verification characteristic it is achieved that the unidirectional importing of the safety of data.Sender utilizes
Unsymmetrical key in encryption chip, carries out eap-message digest and digital signature to the data of transmission, recipient is receiving data
Afterwards, signature value and eap-message digest are verified, if data is consistent, data safety, complete being transmitted.
Brief description
Fig. 1 is the data individual event transfer process figure based on digital signature completeness check.
Specific embodiment
Below according to Figure of description, in conjunction with specific embodiment, the present invention is further described:
Embodiment 1
As shown in figure 1, a kind of data individual event transport module based on digital signature completeness check, described data individual event transmission mould
Block utilizes digital signature technology data diode technologies, realizes the data individual event transmission with completeness check function, described
The unidirectional transport module of data includes three parts:Individual event hop, digital signature sign test part data transmission integrity feedback
Part, wherein:
Individual event hop employs data diode technology, and the one-way design using light completes, and realizes the unidirectional height of data
Speed transmission;
Digital signature sign test part, in a side of data is activation, be mainly responsible for transmission data the calculating of message digest value and
Data signature;In the opposing party of data receiver, mainly it is by the sign test of data signature and eap-message digest is worth comparing, complete one
Cause then to be verified;
Data transfer integrity feedback fraction, is also to employ data diode technology, and the one-way design using light completes, root
It is worth comparison result according to receiving side data signature and eap-message digest, transmission side is sent with a feedback signal, for ensureing data biography
Defeated unidirectional safety, this feedback signal is defined as transmitting 0 and 1 two value:Value of feedback is 0 and represents that data is complete
Property checking not over sender re-starts the transmission of data;Value of feedback is 1 and represents that data integrity validation passes through.
Embodiment 2
On the basis of embodiment 1, individual event hop described in the present embodiment is realized a self-defining single line using FPGA and is passed
Defeated interface, this interface includes two parts:A part is used for sending data, and a part is used for receiving data, has slow inside FPGA
Deposit mechanism, realize the dynamic equilibrium sending and receiving.
Embodiment 3
On the basis of embodiment 2, described in the present embodiment, self-defining single line transmission interface has tight data checking mechanisms,
It is accurate to bit, be effectively guaranteed the accuracy of data.
Embodiment 4
On the basis of embodiment 1, each packet is detected data checking mechanisms described in the present embodiment it is ensured that data
The integrality of bag.
Embodiment is merely to illustrate the present invention, and not limitation of the present invention, about the ordinary skill of technical field
Personnel, without departing from the spirit and scope of the present invention, can also make a variety of changes and modification, therefore all equivalent
Technical scheme fall within scope of the invention, the scope of patent protection of the present invention should be defined by the claims.
Claims (4)
1. a kind of data individual event transport module based on digital signature completeness check is it is characterised in that described data individual event passes
Defeated module utilizes digital signature technology data diode technologies, realizes the data individual event transmission with completeness check function,
The unidirectional transport module of described data includes three parts:Individual event hop, digital signature sign test part data transmission integrity
Feedback fraction, wherein:
Individual event hop employs data diode technology, and the one-way design using light completes, and realizes the unidirectional height of data
Speed transmission;
Digital signature sign test part, in a side of data is activation, be mainly responsible for transmission data the calculating of message digest value and
Data signature;In the opposing party of data receiver, mainly it is by the sign test of data signature and eap-message digest is worth comparing, complete one
Cause then to be verified;
Data transfer integrity feedback fraction, is also to employ data diode technology, and the one-way design using light completes, root
It is worth comparison result according to receiving side data signature and eap-message digest, transmission side is sent with a feedback signal, this feedback signal quilt
It is defined to transmit 0 and 1 two value:Value of feedback is 0 and represents data integrity validation not over sender re-starts
The transmission of data;Value of feedback is 1 and represents that data integrity validation passes through.
2. a kind of data individual event transport module based on digital signature completeness check according to claim 1, its feature
It is:Described individual event hop realizes a self-defining single line transmission interface using FPGA, and this interface includes two parts:One
Part is used for sending data, and a part is used for receiving data, has caching mechanism, it is dynamic that realization sends and receives inside FPGA
Balance.
3. a kind of data individual event transport module based on digital signature completeness check according to claim 2, its feature
It is:Described self-defining single line transmission interface has tight data checking mechanisms, is accurate to bit.
4. a kind of data individual event transport module based on digital signature completeness check according to claim 3, its feature
It is:Described data checking mechanisms are detected the integrality it is ensured that packet to each packet.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611021596.9A CN106452792A (en) | 2016-11-21 | 2016-11-21 | Data single transmission module based on digital signature integrity checking |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611021596.9A CN106452792A (en) | 2016-11-21 | 2016-11-21 | Data single transmission module based on digital signature integrity checking |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106452792A true CN106452792A (en) | 2017-02-22 |
Family
ID=58221088
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611021596.9A Pending CN106452792A (en) | 2016-11-21 | 2016-11-21 | Data single transmission module based on digital signature integrity checking |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106452792A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107241187A (en) * | 2017-04-25 | 2017-10-10 | 广东网金控股股份有限公司 | A kind of service end data processing method verified for mobile terminal wizard-like |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1976259A (en) * | 2006-11-20 | 2007-06-06 | 中网信息技术有限公司 | Directive non-feedback optical fiber one-way transmitting physica isolating method |
CN101383813A (en) * | 2007-09-03 | 2009-03-11 | 深圳市维信联合科技有限公司 | Method and system for network uni-directional forwarding |
CN101986638A (en) * | 2010-09-16 | 2011-03-16 | 珠海市鸿瑞软件技术有限公司 | Gigabit one-way network isolation device |
CN102411681A (en) * | 2011-04-12 | 2012-04-11 | 苏州君嬴电子科技有限公司 | Unidirectional data transmission device and communication method |
CN203896047U (en) * | 2014-05-23 | 2014-10-22 | 国网浙江省电力公司宁波供电公司 | Electric power protection system |
-
2016
- 2016-11-21 CN CN201611021596.9A patent/CN106452792A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1976259A (en) * | 2006-11-20 | 2007-06-06 | 中网信息技术有限公司 | Directive non-feedback optical fiber one-way transmitting physica isolating method |
CN101383813A (en) * | 2007-09-03 | 2009-03-11 | 深圳市维信联合科技有限公司 | Method and system for network uni-directional forwarding |
CN101986638A (en) * | 2010-09-16 | 2011-03-16 | 珠海市鸿瑞软件技术有限公司 | Gigabit one-way network isolation device |
CN102411681A (en) * | 2011-04-12 | 2012-04-11 | 苏州君嬴电子科技有限公司 | Unidirectional data transmission device and communication method |
CN203896047U (en) * | 2014-05-23 | 2014-10-22 | 国网浙江省电力公司宁波供电公司 | Electric power protection system |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107241187A (en) * | 2017-04-25 | 2017-10-10 | 广东网金控股股份有限公司 | A kind of service end data processing method verified for mobile terminal wizard-like |
CN107241187B (en) * | 2017-04-25 | 2019-11-08 | 广东网金控股股份有限公司 | A kind of server-side data processing method for the verifying of mobile terminal wizard-like |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Xin | A mixed encryption algorithm used in internet of things security transmission system | |
CN109559122A (en) | Block chain data transmission method and block chain data transmission system | |
CN107846395A (en) | Vehicle-mounted networking | |
CN102006303B (en) | Method and terminal for increasing data transmission safety by using multi-encryption method | |
CN103491072A (en) | Boundary access control method based on double one-way separation gatekeepers | |
CN102065016B (en) | Message method of sending and receiving and device, message processing method and system | |
RU2009112643A (en) | TRANSPORTATION MANAGEMENT TRAFFIC THROUGH A MILLED NETWORK WITH MANY NETWORK SEGMENTS | |
CN101931536B (en) | Method for encrypting and authenticating efficient data without authentication center | |
CN101990748A (en) | Method and device for transmitting messages in real time | |
CN111698084B (en) | Block chain-based concealed communication method | |
CN102868531A (en) | Networked transaction certification system and method | |
CN104618109A (en) | Method for safely transmitting data of power terminal based on digital signature | |
CN106134522B (en) | A kind of one-way data transmission method and device based on wireless laser | |
CN1829150B (en) | Gateway identification device and method based on CPK | |
CN106452792A (en) | Data single transmission module based on digital signature integrity checking | |
CN101072377A (en) | Short message content interpolation-preventing method | |
CN108540287A (en) | Internet of Things safety management encryption method | |
CN102820922B (en) | Asynchronous encryption visible light communication method and system | |
CN102694652B (en) | A kind of method using symmetric cryptographic algorithm to realize light-weight authentication encryption | |
CN101174945B (en) | Method for validating PUSH message and identity of its transmission part | |
US20210067327A1 (en) | Method and arrangement for the secure transmission of a message from a transmitter to a receiver | |
CN105306437A (en) | Network security encryption and verification method | |
Mashima et al. | Enhancing demand response signal verification in automated demand response systems | |
CN102136904A (en) | Message discrimination method based on block cipher | |
CN101162995A (en) | Communication system and communication method of chaos safety information internet transmission |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170222 |
|
RJ01 | Rejection of invention patent application after publication |