CN106452792A - Data single transmission module based on digital signature integrity checking - Google Patents

Data single transmission module based on digital signature integrity checking Download PDF

Info

Publication number
CN106452792A
CN106452792A CN201611021596.9A CN201611021596A CN106452792A CN 106452792 A CN106452792 A CN 106452792A CN 201611021596 A CN201611021596 A CN 201611021596A CN 106452792 A CN106452792 A CN 106452792A
Authority
CN
China
Prior art keywords
data
digital signature
individual event
transmission
single transmission
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611021596.9A
Other languages
Chinese (zh)
Inventor
王金超
于治楼
罗清彩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinan Inspur Hi Tech Investment and Development Co Ltd
Original Assignee
Jinan Inspur Hi Tech Investment and Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinan Inspur Hi Tech Investment and Development Co Ltd filed Critical Jinan Inspur Hi Tech Investment and Development Co Ltd
Priority to CN201611021596.9A priority Critical patent/CN106452792A/en
Publication of CN106452792A publication Critical patent/CN106452792A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Abstract

The invention discloses a data single transmission module based on digital signature integrity checking. The data single transmission module is characterized in that data single transmission with an integrity checking function is realized by a digital signature technology and a data diode technology; and the data single transmission module comprises three parts, namely, a single transmission part, a digital signature verifying part and a data transmission integrity feedback part. In the data single transmission module based on the digital signature integrity checking, the data diode technology is adopted, and a single transmission feature of light is utilized in conjunction with a digital signature integrity checking feature, so that secure one-way import of the data is realized. A sender performs message digest and digital signature on transmitted data by using an asymmetrical key in an encrypted chip, and a receiver verifies a signature value and the message digest after receiving the data, and if the data are consistent, the data are transmitted safely and completely.

Description

A kind of data individual event transport module based on digital signature completeness check
Technical field
The present invention relates to cryptographic technique, technical field of data transmission are and in particular to a kind of be based on digital signature integrality school The data individual event transport module tested.
Background technology
At present, a lot of government organs and business unit all build important service system and working environment physically-isolated In independent internal network.Although physically-isolated separate internal network has largely ensured that the safety of significant data is protected Close property, but had a strong impact on the operation of operating information system and the use of user.Resource on internet is extremely abundant, connects It is frequently necessary to obtain various data and information from Low Security Level network in the user in High Security Level network, artificially network is disconnected The operating efficiency making user substantially reduces;Finally, currently typically pass through to High Security Level transmitted data on network from Low Security Level network The mode imprinted CDs, in addition to using upper inconvenience, also creates a large amount of wastes imprinted CDs, and it is hidden itself to there is safety Suffer from.
Therefore, more and more it is fully recognized that, being fully disconnected network is not purpose, the safety of protection concerning security matters network is It is purpose.Why to disconnect now, be because also not having a kind of trustworthy technology can realize safe interconnection.How The connection data realized between the public networks such as important internal network and internet is exchangeed problem, and becomes one in informatization The major issue of individual urgent need to resolve.
Content of the invention
The technical problem to be solved in the present invention is:The present invention is directed to problem above, provides a kind of complete based on digital signature Property verification data individual event transport module.
The technical solution adopted in the present invention is:
A kind of data individual event transport module based on digital signature completeness check, described data individual event transport module is using numeral Signature technology data diode technologies, realize the data individual event transmission with completeness check function, the unidirectional biography of described data Defeated module includes three parts:Individual event hop, digital signature sign test part data transmission integrity feedback fraction, wherein:
Individual event hop employs data diode technology, and the one-way design using light completes, and realizes the unidirectional height of data Speed transmission;
Digital signature sign test part, in a side of data is activation, be mainly responsible for transmission data the calculating of message digest value and Data signature;In the opposing party of data receiver, mainly it is by the sign test of data signature and eap-message digest is worth comparing, complete one Cause then to be verified;
Data transfer integrity feedback fraction, is also to employ data diode technology, and the one-way design using light completes, root It is worth comparison result according to receiving side data signature and eap-message digest, transmission side is sent with a feedback signal, for ensureing data biography Defeated unidirectional safety, this feedback signal is defined as transmitting 0 and 1 two value:Value of feedback is 0 and represents that data is complete Property checking not over sender re-starts the transmission of data;Value of feedback is 1 and represents that data integrity validation passes through.
Described individual event hop realizes a self-defining single line transmission interface using FPGA, and this interface includes two Point:A part is used for sending data, and a part is used for receiving data, has caching mechanism, realize sending and receiving inside FPGA Dynamic equilibrium.
Described self-defining single line transmission interface has tight data checking mechanisms, is accurate to bit, effectively ensures The accuracy of data.
Described data checking mechanisms are detected the integrality it is ensured that packet to each packet.
Beneficial effects of the present invention are:
The data individual event transport module based on digital signature completeness check for the present invention, using data diode technology, using light Individual event transmission characteristic, merge digital signature integrity verification characteristic it is achieved that the unidirectional importing of the safety of data.Sender utilizes Unsymmetrical key in encryption chip, carries out eap-message digest and digital signature to the data of transmission, recipient is receiving data Afterwards, signature value and eap-message digest are verified, if data is consistent, data safety, complete being transmitted.
Brief description
Fig. 1 is the data individual event transfer process figure based on digital signature completeness check.
Specific embodiment
Below according to Figure of description, in conjunction with specific embodiment, the present invention is further described:
Embodiment 1
As shown in figure 1, a kind of data individual event transport module based on digital signature completeness check, described data individual event transmission mould Block utilizes digital signature technology data diode technologies, realizes the data individual event transmission with completeness check function, described The unidirectional transport module of data includes three parts:Individual event hop, digital signature sign test part data transmission integrity feedback Part, wherein:
Individual event hop employs data diode technology, and the one-way design using light completes, and realizes the unidirectional height of data Speed transmission;
Digital signature sign test part, in a side of data is activation, be mainly responsible for transmission data the calculating of message digest value and Data signature;In the opposing party of data receiver, mainly it is by the sign test of data signature and eap-message digest is worth comparing, complete one Cause then to be verified;
Data transfer integrity feedback fraction, is also to employ data diode technology, and the one-way design using light completes, root It is worth comparison result according to receiving side data signature and eap-message digest, transmission side is sent with a feedback signal, for ensureing data biography Defeated unidirectional safety, this feedback signal is defined as transmitting 0 and 1 two value:Value of feedback is 0 and represents that data is complete Property checking not over sender re-starts the transmission of data;Value of feedback is 1 and represents that data integrity validation passes through.
Embodiment 2
On the basis of embodiment 1, individual event hop described in the present embodiment is realized a self-defining single line using FPGA and is passed Defeated interface, this interface includes two parts:A part is used for sending data, and a part is used for receiving data, has slow inside FPGA Deposit mechanism, realize the dynamic equilibrium sending and receiving.
Embodiment 3
On the basis of embodiment 2, described in the present embodiment, self-defining single line transmission interface has tight data checking mechanisms, It is accurate to bit, be effectively guaranteed the accuracy of data.
Embodiment 4
On the basis of embodiment 1, each packet is detected data checking mechanisms described in the present embodiment it is ensured that data The integrality of bag.
Embodiment is merely to illustrate the present invention, and not limitation of the present invention, about the ordinary skill of technical field Personnel, without departing from the spirit and scope of the present invention, can also make a variety of changes and modification, therefore all equivalent Technical scheme fall within scope of the invention, the scope of patent protection of the present invention should be defined by the claims.

Claims (4)

1. a kind of data individual event transport module based on digital signature completeness check is it is characterised in that described data individual event passes Defeated module utilizes digital signature technology data diode technologies, realizes the data individual event transmission with completeness check function, The unidirectional transport module of described data includes three parts:Individual event hop, digital signature sign test part data transmission integrity Feedback fraction, wherein:
Individual event hop employs data diode technology, and the one-way design using light completes, and realizes the unidirectional height of data Speed transmission;
Digital signature sign test part, in a side of data is activation, be mainly responsible for transmission data the calculating of message digest value and Data signature;In the opposing party of data receiver, mainly it is by the sign test of data signature and eap-message digest is worth comparing, complete one Cause then to be verified;
Data transfer integrity feedback fraction, is also to employ data diode technology, and the one-way design using light completes, root It is worth comparison result according to receiving side data signature and eap-message digest, transmission side is sent with a feedback signal, this feedback signal quilt It is defined to transmit 0 and 1 two value:Value of feedback is 0 and represents data integrity validation not over sender re-starts The transmission of data;Value of feedback is 1 and represents that data integrity validation passes through.
2. a kind of data individual event transport module based on digital signature completeness check according to claim 1, its feature It is:Described individual event hop realizes a self-defining single line transmission interface using FPGA, and this interface includes two parts:One Part is used for sending data, and a part is used for receiving data, has caching mechanism, it is dynamic that realization sends and receives inside FPGA Balance.
3. a kind of data individual event transport module based on digital signature completeness check according to claim 2, its feature It is:Described self-defining single line transmission interface has tight data checking mechanisms, is accurate to bit.
4. a kind of data individual event transport module based on digital signature completeness check according to claim 3, its feature It is:Described data checking mechanisms are detected the integrality it is ensured that packet to each packet.
CN201611021596.9A 2016-11-21 2016-11-21 Data single transmission module based on digital signature integrity checking Pending CN106452792A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611021596.9A CN106452792A (en) 2016-11-21 2016-11-21 Data single transmission module based on digital signature integrity checking

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611021596.9A CN106452792A (en) 2016-11-21 2016-11-21 Data single transmission module based on digital signature integrity checking

Publications (1)

Publication Number Publication Date
CN106452792A true CN106452792A (en) 2017-02-22

Family

ID=58221088

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611021596.9A Pending CN106452792A (en) 2016-11-21 2016-11-21 Data single transmission module based on digital signature integrity checking

Country Status (1)

Country Link
CN (1) CN106452792A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107241187A (en) * 2017-04-25 2017-10-10 广东网金控股股份有限公司 A kind of service end data processing method verified for mobile terminal wizard-like

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1976259A (en) * 2006-11-20 2007-06-06 中网信息技术有限公司 Directive non-feedback optical fiber one-way transmitting physica isolating method
CN101383813A (en) * 2007-09-03 2009-03-11 深圳市维信联合科技有限公司 Method and system for network uni-directional forwarding
CN101986638A (en) * 2010-09-16 2011-03-16 珠海市鸿瑞软件技术有限公司 Gigabit one-way network isolation device
CN102411681A (en) * 2011-04-12 2012-04-11 苏州君嬴电子科技有限公司 Unidirectional data transmission device and communication method
CN203896047U (en) * 2014-05-23 2014-10-22 国网浙江省电力公司宁波供电公司 Electric power protection system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1976259A (en) * 2006-11-20 2007-06-06 中网信息技术有限公司 Directive non-feedback optical fiber one-way transmitting physica isolating method
CN101383813A (en) * 2007-09-03 2009-03-11 深圳市维信联合科技有限公司 Method and system for network uni-directional forwarding
CN101986638A (en) * 2010-09-16 2011-03-16 珠海市鸿瑞软件技术有限公司 Gigabit one-way network isolation device
CN102411681A (en) * 2011-04-12 2012-04-11 苏州君嬴电子科技有限公司 Unidirectional data transmission device and communication method
CN203896047U (en) * 2014-05-23 2014-10-22 国网浙江省电力公司宁波供电公司 Electric power protection system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107241187A (en) * 2017-04-25 2017-10-10 广东网金控股股份有限公司 A kind of service end data processing method verified for mobile terminal wizard-like
CN107241187B (en) * 2017-04-25 2019-11-08 广东网金控股股份有限公司 A kind of server-side data processing method for the verifying of mobile terminal wizard-like

Similar Documents

Publication Publication Date Title
Xin A mixed encryption algorithm used in internet of things security transmission system
CN109559122A (en) Block chain data transmission method and block chain data transmission system
CN107846395A (en) Vehicle-mounted networking
CN102006303B (en) Method and terminal for increasing data transmission safety by using multi-encryption method
CN103491072A (en) Boundary access control method based on double one-way separation gatekeepers
CN102065016B (en) Message method of sending and receiving and device, message processing method and system
RU2009112643A (en) TRANSPORTATION MANAGEMENT TRAFFIC THROUGH A MILLED NETWORK WITH MANY NETWORK SEGMENTS
CN101931536B (en) Method for encrypting and authenticating efficient data without authentication center
CN101990748A (en) Method and device for transmitting messages in real time
CN111698084B (en) Block chain-based concealed communication method
CN102868531A (en) Networked transaction certification system and method
CN104618109A (en) Method for safely transmitting data of power terminal based on digital signature
CN106134522B (en) A kind of one-way data transmission method and device based on wireless laser
CN1829150B (en) Gateway identification device and method based on CPK
CN106452792A (en) Data single transmission module based on digital signature integrity checking
CN101072377A (en) Short message content interpolation-preventing method
CN108540287A (en) Internet of Things safety management encryption method
CN102820922B (en) Asynchronous encryption visible light communication method and system
CN102694652B (en) A kind of method using symmetric cryptographic algorithm to realize light-weight authentication encryption
CN101174945B (en) Method for validating PUSH message and identity of its transmission part
US20210067327A1 (en) Method and arrangement for the secure transmission of a message from a transmitter to a receiver
CN105306437A (en) Network security encryption and verification method
Mashima et al. Enhancing demand response signal verification in automated demand response systems
CN102136904A (en) Message discrimination method based on block cipher
CN101162995A (en) Communication system and communication method of chaos safety information internet transmission

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170222

RJ01 Rejection of invention patent application after publication