CN106453430A - Method and device for verifying encrypted data transmission paths - Google Patents

Method and device for verifying encrypted data transmission paths Download PDF

Info

Publication number
CN106453430A
CN106453430A CN201611169296.5A CN201611169296A CN106453430A CN 106453430 A CN106453430 A CN 106453430A CN 201611169296 A CN201611169296 A CN 201611169296A CN 106453430 A CN106453430 A CN 106453430A
Authority
CN
China
Prior art keywords
information
key
transmitting apparatus
plain
field
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611169296.5A
Other languages
Chinese (zh)
Inventor
宋承根
谭智勇
钟峰
王子龙
张勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Brilliant Hi Tech Development Co Ltd
Original Assignee
Beijing Brilliant Hi Tech Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Brilliant Hi Tech Development Co Ltd filed Critical Beijing Brilliant Hi Tech Development Co Ltd
Priority to CN201611169296.5A priority Critical patent/CN106453430A/en
Publication of CN106453430A publication Critical patent/CN106453430A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method and a device for verifying encrypted data transmission paths, and relates to the technical field of data transmission. All transmission paths of encrypted data can be acquired and verified. The method includes the steps: receiving a data package sent by a message sending device; decoding secret key ciphertexts in the data package by the aid of private keys of a message receiving device to obtain secret key plaintexts; decoding message ciphertexts in the data package by the aid of the secret key plaintexts to obtain message plaintexts; verifying various signing messages in signing fields according to public keys of path fields, the message plaintexts and all message sending devices sending the message ciphertexts; reserving the message plaintexts if verification of all signing messages is successful; discarding the message plaintexts if verification of the signing messages is failed. The method and the device are mainly applicable to scenes based on sharing information of encryption technology.

Description

The method and device in checking encrypted data transmission path
Technical field
The present invention relates to technical field of data transmission, more particularly to a kind of method in checking encrypted data transmission path and Device.
Background technology
Data transfer is that data is sent to the communication process of another equipment from an equipment.In actual applications, in order to The protection privacy of data and safety, information transmitting apparatus when sending information to information receiving device, often first with information The public key of receiving device is encrypted to the information needing to send, and then the ciphertext of acquisition is sent to information receiving device, with Just ciphertext is untied by information receiving device using the private key of itself.Additionally, so that information receiving device can determine information The identity of transmission equipment and the correctness of checking received information, can be entered to sent information by signature technology toward contact Row signature.
However, whether the mode of existing encryption and signature can checking information be only the equipment institute directly transmitting this information The information sending, and this information cannot be verified up to the present whether there is change from original information transmitting apparatus, from And the reliability of information is reduced.
Content of the invention
In view of this, the present invention provides a kind of method and device in checking encrypted data transmission path, can obtain and test All transmission paths that card encryption data is passed through, thus improve the reliability of information transfer.
The purpose of the present invention employs the following technical solutions to realize:
In a first aspect, the invention provides a kind of method in checking encrypted data transmission path, methods described includes:
Receive information sends the packet that equipment sends, and wherein, described packet includes passing for recording each information The path field in defeated path, for record key ciphertext field, for record information ciphertext field and being used for record each The field of the signing messages of individual information transmitting apparatus, described key ciphertext is public key according to information receiving device to key plain It is encrypted and obtains, described key plain is used for encryption information in plain text, and described signing messages is according to information transmitting apparatus Private key, obtains to carrying out signing by the data that corresponding path field and described information plaintext form;
It is decrypted using the key ciphertext in packet described in the private key pair of described information receiving device, obtain key bright Literary composition;
Using the key plain that deciphering obtains, the information ciphertext in described packet is decrypted, obtains information in plain text;
In plain text and it is transmitted across described information according to described path field, using the information that the deciphering of described key plain obtains The public key of all information transmitting apparatus of ciphertext, verifies to each signing messages in described signature field;
If all signing messages are all proved to be successful, retain the information obtaining by key plain deciphering in plain text;
If there is signing messages authentication failed, abandon the information obtaining by key plain deciphering in plain text.
Second aspect, the invention provides a kind of device in checking encrypted data transmission path, described device includes:
Receiving unit, sends, for receive information, the packet that equipment sends, wherein, described packet is included for remembering Record each information transmission path path field, for record key ciphertext field, for record information ciphertext field with And for recording the field of the signing messages of each information transmitting apparatus, described key ciphertext is the public affairs according to information receiving device Key is encrypted to key plain and obtains, and described key plain is used for encryption information in plain text, and described signing messages is according to letter The private key of breath transmission equipment, obtains to carrying out signing by the data that corresponding path field and described information plaintext form;
Decryption unit, the described packet receiving for receiving unit described in the private key pair using described information receiving device In key ciphertext be decrypted, obtain key plain;
The key plain that described decryption unit is additionally operable to using deciphering obtains is carried out to the information ciphertext in described packet Deciphering, obtains information in plain text;
Authentication unit, for utilizing described key plain deciphering to obtain according to described path field, described decryption unit Information in plain text and be transmitted across described information ciphertext all information transmitting apparatus public key, to each in described signature field Signing messages is verified;
Stick unit, for when the result of described authentication unit is all proved to be successful for all signing messages, retaining The information being obtained by key plain deciphering is in plain text;
Discarding unit, for when the result of described authentication unit is to there is signing messages authentication failed, abandoning logical Cross the information plaintext that key plaintext decryption obtains.
The method and device in the checking encrypted data transmission path providing by technique scheme, the present invention, Neng Gou When information transmitting apparatus need to information receiving device transmission information, the path for recording each information transmission path will be included Field, for storing the field of key ciphertext, storing each information and send and set for the field and being used for of storage information ciphertext The packet of the signature field of standby signing messages is sent to information receiving device, and (wherein, signing messages is with regard to transmission path And the signature of information plaintext), receive after this packet by this information receiving device, can be first according to itself private key, close Key ciphertext and information ciphertext obtain information in plain text, are then transmitted across this information in plain text and once according to path field, information The public key of each information transmitting apparatus of ciphertext, verifies to each signing messages in signature field, respectively thus realizing Checking to all transmission paths and the checking of each information transmitting apparatus institute photos and sending messages plaintext, and equal in all signing messages Ability reservation information plaintext when being proved to be successful, and then improve the reliability of information receiving device receive information.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention, And can be practiced according to the content of description, and in order to allow the above and other objects of the present invention, feature and advantage can Become apparent, below especially exemplified by the specific embodiment of the present invention.
Brief description
By reading the detailed description of hereafter preferred implementation, various other advantages and benefit are common for this area Technical staff will be clear from understanding.Accompanying drawing is only used for illustrating the purpose of preferred implementation, and is not considered as to the present invention Restriction.And in whole accompanying drawing, it is denoted by the same reference numerals identical part.In the accompanying drawings:
The flow chart that Fig. 1 shows a kind of method in checking encrypted data transmission path provided in an embodiment of the present invention;
Fig. 2 shows the method exemplary plot generating retrospective encryption data provided in an embodiment of the present invention;
Fig. 3 shows the method exemplary plot in checking encrypted data transmission path provided in an embodiment of the present invention;
The flow chart that Fig. 4 shows the method in another kind of checking encrypted data transmission path provided in an embodiment of the present invention;
Fig. 5 shows a kind of composition frame chart of the device in checking encrypted data transmission path provided in an embodiment of the present invention;
Fig. 6 shows the composition frame of the device in another kind of checking encrypted data transmission path provided in an embodiment of the present invention Figure;
Fig. 7 shows the composition frame of the device in another kind of checking encrypted data transmission path provided in an embodiment of the present invention Figure;
Fig. 8 shows the composition frame of the device in another kind of checking encrypted data transmission path provided in an embodiment of the present invention Figure;
Fig. 9 shows a kind of composition frame chart of the system in checking encrypted data transmission path provided in an embodiment of the present invention.
Specific embodiment
It is more fully described the exemplary embodiment of the disclosure below with reference to accompanying drawings.Although showing the disclosure in accompanying drawing Exemplary embodiment it being understood, however, that may be realized in various forms the disclosure and should not be by embodiments set forth here Limited.On the contrary, these embodiments are provided to be able to be best understood from the disclosure, and can be by the scope of the present disclosure Complete conveys to those skilled in the art.
Embodiments provide a kind of method in checking encrypted data transmission path, methods described is applied to information and sends out Send equipment, as shown in figure 1, methods described includes:
101st, when needing to send information to information receiving device, key plain for encryption information plaintext, institute are obtained State information in plain text and using described key plain, described information plaintext is encrypted with the information ciphertext obtaining;
Specifically, when current information transmitting apparatus are the raw information transmission equipment sending described information, Ke Yizhi Connect and obtain described key plain and described information plaintext from local;And current information transmitting apparatus are not described original letters During breath transmission equipment, can obtain and parse, from the packet that a upper information transmitting apparatus side joint is received, the described key plain obtaining And described information is in plain text.
Wherein, the packet that current information transmitting apparatus receive from a upper information transmitting apparatus side joint includes:For Record the path field of each information transmission path, be used for recording the field of key ciphertext, be used for the field of record information ciphertext And be used for recording the signing messages of each information transmitting apparatus (sending the supreme information transmitting apparatus of equipment from raw information) Field.Therefore, from the packet that a upper information transmitting apparatus side joint is received, parsing obtains key plain and information plaintext Specific implementation can be:Key in the packet that current information receiving device receives first with the private key pair of itself Ciphertext is decrypted, and obtains described key plain;Then using described key plain to the letter in the described packet receiving Breath ciphertext is decrypted, and obtains described information in plain text.
Additionally, when current information transmitting apparatus be raw information send equipment when, need obtain key plain and After information plaintext, using key ciphertext, information plaintext is encrypted, just can obtain information ciphertext;And current information sends When equipment is not that raw information sends equipment, if desired information ciphertext, then can directly send from a upper information receiving device Information ciphertext is extracted in the field for record information ciphertext of packet.
102nd, using the public key of information receiving device, described key plain is encrypted, obtains described information receiving device Public key corresponding key ciphertext;
Wherein, the key ciphertext due to being obtained using the public key encryption of information receiving device only has the private of information receiving device Key just can be untied, so being encrypted to key plain using the public key of information receiving device, can be effectively prevented key bright Literary composition leaks.
It should be noted that this step only need to execute before step 106, and it is with respect to step 103- step 105 execution sequence does not limit.
103rd, send being used for characterization information to the transmission path of described information receiving device from described information transmission equipment Add to the path field for recording each information transmission path, obtain the path field after updating;
Wherein, when information transmitting apparatus record this transmission path, only this transmission path can be added to path field In, without delete before other information send equipment record transmission path, therefore in path field storage be from original All transmission paths that information transmitting apparatus are experienced to the current corresponding information receiving device of information transmitting apparatus.
Exemplary, if information sequentially passes through the current information of equipment B, equipment C arrival from raw information transmission device A sending out Send equipment D, and information transmitting apparatus D will transmit information to information receiving device E, then the content storing in path field Can be " from D to E from C to D from B to C from A to B ".
104th, described information is utilized to send the private key of equipment, to bright by the path field after described renewal and described information The data of literary composition composition is signed, and obtains the signing messages that described information sends equipment;
Specifically, described information is sent equipment and is first spliced the content in path field with information plaintext, Ran Hougen According to preset algorithm, row operation is entered to spliced data, obtain the operation values of spliced data, finally sent out using described information The operation values sending this spliced data of private key pair of equipment are encrypted, and obtain the signing messages that described information sends equipment. Wherein, preset algorithm can be hash algorithm or other algorithms.
You need to add is that, when being spliced path field with information plaintext, path field can be made to be located above, Information plaintext can also be made to be located above, both relative positions do not limit.
105th, the signing messages that described information is sent equipment adds to the signature being used for recording each information transmitting apparatus In the signature field of information, obtain the signature field after updating;
Wherein, when information transmitting apparatus record this signing messages, only this signing messages can be added to signature field In, without delete before other information send equipment record signing messages, therefore in signature field storage be from original Information transmitting apparatus to current information transmitting apparatus all signing messages.
Exemplary, if after information plaintext M is encrypted, from raw information send device A sequentially pass through equipment B, equipment C to Reach current information transmitting apparatus D, and information transmitting apparatus D will transmit information to information receiving device E, then word of signing In section, the content of storage can be to " from D to E from C to D from B to C from A to B&mess= The signature of M ".
106th, by the path field after described for inclusion renewal, the field of the described key ciphertext that is stored with, be stored with described letter The packet of the signature field after the field of breath ciphertext and described renewal is sent to described information receiving device, so that described letter Breath receiving device passes through to parse described packet, to obtain and to verify the transmission road of described information plaintext and described information plaintext Footpath.
Wherein, information receiving device obtains the transmission of simultaneously checking information plaintext and information plaintext by parsing packet The content that the method Fig. 4 as described below in path is related to.
The scheme of the present embodiment is exemplified below:
If as shown in Fig. 2 information sends device A from raw information sequentially passes through the current information of equipment B, equipment C arrival Transmission equipment D, and information transmitting apparatus D will transmit information to information receiving device E, then and information transmitting apparatus D generates The process of packet to be sent is as follows:
(A1) information transmitting apparatus D obtain equipment C send inclusions path field, be used for record key ciphertext field, The packet 1 of the field for record information ciphertext and signature field;
Wherein, described path field includes " from C to D ", " from B to C " and " from A to B " three Individual transmission path, the field for recording key ciphertext includes public key corresponding key ciphertext (the i.e. profit of information transmitting apparatus D The key ciphertext being obtained with the public key encryption key plaintext of D), the field for record information ciphertext includes key plain encryption The information ciphertext that information plaintext obtains, signature field includes the signing messages of the signing messages of C, the signing messages of B and A.
(A2) information transmitting apparatus D is decrypted acquisition key plain using the private key pair key ciphertext of D;
(A3) information transmitting apparatus D is encrypted to key plain using the public key of E, obtains the corresponding key of public key of E Ciphertext, and the corresponding key of public key that corresponding for the public key of E key ciphertext is replaced D in the field being used for recording key ciphertext is close Literary composition;
Wherein, step A3 only need to execute after step A2, before step A7, and it is with respect to the execution of step A4-A6 Order does not limit.
(A4) information transmitting apparatus D is decrypted acquisition information in plain text using key plain to information ciphertext;
Wherein, step A4 only need to execute after step A2, before step A6, and it is with respect to step A3 and step A5 Execution sequence here does not limit.
(A5) information transmitting apparatus D adds transmission path " from D to E " to path field, obtains after updating Path field;
Wherein, step A5 only need to execute after step A1, before step A6, and it is with respect to the execution of step A2-A4 Order here does not limit.
(A6) path field after updating is spliced so that spliced interior by information transmitting apparatus D with information plaintext Hold and include " from D to E ", " from C to D ", " fromB to C ", " from A to B " and " information is in plain text ", and Signed using the spliced content of the private key pair of D, obtained the signing messages of D;
(A7) being used for after the path field after including updating, renewal is recorded the word of key ciphertext by information transmitting apparatus D The packet 2 of the signature field after section, the field for record information ciphertext and renewal is defined as needing to issue information reception The packet of equipment E.
Additionally, as shown in Figure 2, the field for record information ciphertext does not change, therefore in transmitting encrypted data During, only raw information send equipment operation is encrypted to information plaintext, and other information send equipment only need right The key plain of encryption information plaintext is encrypted, and need not information plaintext be encrypted again, and due to key plain Size of data is often much smaller than information in plain text, so the amount of calculation of encryption reduces.
Provided in an embodiment of the present invention checking encrypted data transmission path method, can information transmitting apparatus need to Information receiving device send information when, by include for record each information transmission path path field, be used for storing key The field of ciphertext, the field for storage information ciphertext and the signature for storing the signing messages of each information transmitting apparatus The packet of field is sent to information receiving device, and (wherein, signing messages is the label with regard to transmission path and information plaintext Name), receive after this packet by this information receiving device, can be first close according to itself private key, key ciphertext and information Civilian acquisition information in plain text, is then sent out according to each information that path field, information are transmitted across this information ciphertext in plain text and once Send the public key of equipment, each signing messages in signature field is verified respectively, thus realizing to all transmission paths Checking and the checking of each information transmitting apparatus institute photos and sending messages plaintext, and just retain when all signing messages are all proved to be successful Information in plain text, and then improves the reliability of information receiving device receive information.
Optionally, when the key plain of current information transmitting apparatus acquisition and information plaintext come from a upper information and send out When sending the packet that equipment sends, in order to ensure that the information being sent to information receiving device is reliable and correct information, obtaining Take and parse the described key plain obtaining and described information plaintext from the packet that a upper information transmitting apparatus side joint is received Before, current information transmitting apparatus can first verify whether the information of parsing from packet is tampered in plain text and this information is bright Whether literary composition is reliable, when this information plaintext is not tampered with and is reliable, just obtains the information of parsing from packet in plain text, and works as When being tampered or be unreliable, directly abandon this information in plain text, thus abandoning for this information plaintext being sent to information receiving device.
Wherein, whether reliability is exactly information obtained by checking parsing from packet in plain text:Verify for recording each letter Whether the transmission path in the path field of breath transmission path is correct.
Because the signing messages in signature field is the label to transmission path and information plaintext for each information transmitting apparatus By verifying the signing messages in signature field, name information, so can verify that information obtained by parsing from packet is in plain text No it is tampered and whether this information is reliable in plain text.
Specifically, whether checking information is tampered in plain text and whether reliable implementation can be:Current information Transmission equipment can decipher the information obtaining in plain text according to the path field in the packet receiving, using described key plain And send equipment to the public key of each information transmitting apparatus in information transmitting apparatus described from described raw information, to institute Each signing messages stated in signature field is verified;If each signing messages is all proved to be successful it is determined that information plaintext does not have It is tampered and be reliable (i.e. transmission path is correct);If there is signing messages authentication failed, descriptive information plaintext quilt Distort or information plaintext unreliable (i.e. transmission path is incorrect).
Wherein, the upper information that described upper information transmitting apparatus are adjacent with current information transmitting apparatus sends and sets Standby, the packet that is, current information transmitting apparatus receive is to be sent by described upper information transmitting apparatus.For example, if letter Breath sends device A from raw information and sequentially passes through equipment B, equipment C arrival equipment D, and equipment D needs to equipment C transmission Signing messages in packet is verified, then current information transmitting apparatus are equipment D, and upper information transmitting apparatus are equipment C.
Specifically, current information receiving device can obtain and treat according to default checking order from described path field Checking information transmitting apparatus corresponding complete transmission path, described complete transmission path include from described originally transmitted equipment to All transmission paths that the corresponding information receiving device of described information transmitting apparatus to be verified is passed through;Then treated according to described The public key of information transmitting apparatus of checking and the letter by described complete transmission path and using the deciphering acquisition of described key plain The data that breath forms in plain text, verifies to the signing messages of described information transmitting apparatus to be verified, until completing to all The checking of signing messages.
Wherein, information transmitting apparatus to be verified are any in the raw information transmission supreme information transmitting apparatus of equipment One equipment.Default checking order can be to send the supreme information transmitting apparatus of equipment from raw information to be verified successively, Can also be to send equipment to be verified successively from upper information transmitting apparatus to raw information.
Additionally, " public key according to described information transmitting apparatus to be verified and by described complete transmission path and utilization The data that the information that described key plain deciphering obtains forms in plain text, the signing messages to described information transmitting apparatus to be verified Verified " specific implementation can have multiple.One of which verifies that the mode of signature is:According to preset algorithm, calculate Operation values by described complete transmission path and the data being formed using the information plaintext that the deciphering of described key plain obtains;According to Calculated operation values, the public key of described information transmitting apparatus to be verified, to described information transmitting apparatus to be verified Signing messages is verified.
Wherein, the public key according to calculated operation values, described information transmitting apparatus to be verified, to described to be verified The specific implementation verified of signing messages of information transmitting apparatus can be:First sent according to information to be verified and set Standby public key is decrypted to corresponding signing messages, obtains the operation values after deciphering, then by described calculated computing Value is compared with the operation values after described deciphering;If both are identical, illustrate that obtained by parsing from packet, information is in plain text Identical with signed information plaintext, and the transmission path in path field is identical with signed transmission path, thus may be used It is proved to be successful with determining;If both are different, illustrate that information plaintext obtained by parsing from packet is bright with signed information Literary composition is different, or the transmission path in path field is different from signed transmission path, thus can determine authentication failed.
Exemplary, if as shown in figure 3, information sends device A and sequentially passes through equipment B, equipment C and reach from raw information sets Standby D, then the process that the data in the packet that equipment D sends to equipment C is verified is as follows:
(B1) equipment D receiving device C send inclusions path field, be used for record the field of key ciphertext, be used for recording The field of information ciphertext and the packet of signature field;
Wherein, described path field includes " from C to D ", " from B to C " and " from A to B " three Individual transmission path, the field for recording key ciphertext includes the public key corresponding key ciphertext of information transmitting apparatus D, is used for The field of record information ciphertext includes the information ciphertext that key plain encryption information plaintext obtains, and signature field includes C's The signing messages of signing messages, the signing messages of B and A.
(B2) equipment D is decrypted using the private key pair key ciphertext of D, obtains key plain;
(B3) equipment D is decrypted to information ciphertext using key plain, obtains information in plain text;
After the information of acquisition plaintext, the transmission path that equipment D can be according to information in plain text and in path field is right respectively The signing messages of equipment to be verified (i.e. device A to equipment C) is verified, believes obtained by parsing from packet to determine Whether breath is true and reliable in plain text.Specifically, the checking of the signing messages to equipment C for the equipment D sees below step B4, and equipment D is to setting The checking of the signing messages of standby B sees below step B5, and the checking of the signing messages to device A for the equipment D sees below step B6.
(B4) equipment D is spliced corresponding for equipment C fullpath so that spliced content includes with information plaintext " from C to D ", " from B to C ", " fromA to B " and " information in plain text ", then according to the public key of C, splicing after Content, the signing messages of C is verified;
(B5) equipment D is spliced corresponding for equipment B fullpath so that spliced content includes with information plaintext " from B to C ", " from A to B " and " information is in plain text ", then public key, the spliced content according to B, to B's Signing messages is verified;
(B6) equipment D is spliced corresponding for device A fullpath so that spliced content includes with information plaintext " from A to B " and " information is in plain text ", then public key, the spliced content according to A, tests to the signing messages of A Card;
(B7) if being all proved to be successful it is determined that information obtained by parsing from packet is true and reliable in plain text, otherwise Then untrue reliability.
Further, according to the method shown in Fig. 1, an alternative embodiment of the invention additionally provides a kind of checking encryption number According to the method for transmission path, methods described is applied to information receiving device, as shown in figure 4, methods described includes:
201st, receive information sends the packet that equipment sends;
Wherein, described packet include for record each information transmission path path field, be used for recording key The field of ciphertext, the field for record information ciphertext and the word for recording the signing messages of each information transmitting apparatus Section, described key ciphertext is according to the public key of described information receiving device, key plain to be encrypted to obtain, described key It is used for encryption information in plain text in plain text, described signing messages is the private key according to information transmitting apparatus, to by corresponding path field And the data of described information in plain text composition carries out signing and obtains.
Additionally, with regard to path field and signature field be discussed in detail may refer to information transmitting apparatus side method real Apply example, will not be described here.
202nd, it is decrypted using the key ciphertext in packet described in the private key pair of described information receiving device, obtain close Key is in plain text;
Because the encryption key that information transmitting apparatus use when being encrypted to key plain is information receiving device Public key, so information receiving device can carry out successful decryption using the private key pair key ciphertext of itself, obtains key plain.
203rd, using the key plain that deciphering obtains, the information ciphertext in described packet is decrypted, obtains information bright Literary composition;
204th, according to described path field, the information that obtained using the deciphering of described key plain is in plain text and described in being transmitted across The public key of all information transmitting apparatus of information ciphertext, verifies to each signing messages in described signature field;
Specifically, information receiving device can obtain to be verified according to default checking order from described path field Information transmitting apparatus corresponding complete transmission path, described complete transmission path includes treating from described originally transmitted equipment to described All transmission paths that the corresponding information receiving device of information transmitting apparatus of checking is passed through;According to by described complete transmission road Footpath and the information data of composition and the described information transmitting apparatus to be verified in plain text being obtained using the deciphering of described key plain Public key, the signing messages of described information transmitting apparatus to be verified is verified, until complete to all signing messages Checking.
Wherein, " form with using the information plaintext that the deciphering of described key plain obtains according to by described complete transmission path Data and described information transmitting apparatus to be verified public key, the signing messages to described information transmitting apparatus to be verified Verified " specific implementation can be:According to preset algorithm, calculate by described complete transmission path with using described close The operation values of the data that the information that key plaintext decryption obtains forms in plain text;According to calculated operation values, described to be verified The public key of information transmitting apparatus, verifies to the signing messages of described information transmitting apparatus to be verified, until completing to institute There is the checking of signing messages.
Wherein, the specific example of checking signature may refer to embodiment of the method (i.e. the showing of Fig. 3 of information transmitting apparatus side Example), will not be described here.
If 205 all signing messages are all proved to be successful, retain the information obtaining by key plain deciphering in plain text;
When all of signing messages is proved to be successful, descriptive information sends device transmission to current information from raw information During receiving device, information clear content itself does not change, and transmission path is also trusted path, not quilt Insecure equipment is intercepted and captured, and therefore can retain the information obtaining in plain text.
If 206 have signing messages authentication failed, abandon the information obtaining by key plain deciphering in plain text.
When the signing messages authentication failed of certain information transmitting apparatus, illustrate that the information obtaining is unreliable, therefore in plain text This information can directly be abandoned in plain text, to prevent this insecure information plaintext transmission to other equipment.
Provided in an embodiment of the present invention checking encrypted data transmission path method, can information transmitting apparatus need to Information receiving device send information when, by include for record each information transmission path path field, be used for storing key The field of ciphertext, the field for storage information ciphertext and the signature for storing the signing messages of each information transmitting apparatus The packet of field is sent to information receiving device, and (wherein, signing messages is the label with regard to transmission path and information plaintext Name), receive after this packet by this information receiving device, can be first close according to itself private key, key ciphertext and information Civilian acquisition information in plain text, is then sent out according to each information that path field, information are transmitted across this information ciphertext in plain text and once Send the public key of equipment, each signing messages in signature field is verified respectively, thus realizing to all transmission paths Checking and the checking of each information transmitting apparatus institute photos and sending messages plaintext, and just retain when all signing messages are all proved to be successful Information in plain text, and then improves the reliability of information receiving device receive information.
Further, according to the method shown in Fig. 1, an alternative embodiment of the invention additionally provides a kind of checking and adds The device of ciphertext data transmission path, described device is applied to information transmitting apparatus, as shown in figure 5, described device mainly includes:Obtain Take unit 31, ciphering unit 32, adding device 33, signature unit 34 and transmitting element 35.Wherein,
Acquiring unit 31, for when needing to send information to information receiving device, obtaining for encryption information plaintext Key plain, described information are in plain text and to be encrypted, to described information plaintext, the information obtaining using described key plain close Literary composition;
Ciphering unit 32, the described key for being obtained to described acquiring unit 31 using the public key of information receiving device is bright Literary composition is encrypted, and obtains the public key corresponding key ciphertext of described information receiving device;
Adding device 33, sends to described information receiving device from described information transmission equipment for being used for characterization information Transmission path add to the path field for recording each information transmission path, obtain update after path field;
Signature unit 34, for sending the private key of equipment using described information, to the institute being obtained by described adding device 33 The data stating the described information plaintext composition of the path field after renewal and described acquiring unit 31 acquisition is signed, and obtains Described information sends the signing messages of equipment;
The described information that described adding device 33 is additionally operable to obtain described signature unit 34 sends the signing messages of equipment Add to the signature field for the signing messages recording each information transmitting apparatus, obtain the signature field after updating;
Transmitting element 35, for including the path field after described renewal, the field of the described key ciphertext that is stored with, depositing The packet containing the signature field after the field of described information ciphertext and described renewal is sent to described information receiving device, So that described information receiving device passes through to parse described packet, to obtain and to verify described information in plain text and described information is bright The transmission path of literary composition.
Optionally, as shown in fig. 6, described acquiring unit 31 includes:
First acquisition module 311, for being that the raw information transmission sending described information sets when described information sends equipment When standby, directly obtain described key plain and described information plaintext from local;
Second acquisition module 312, for when it is not that described raw information sends equipment that described information sends equipment, obtaining The described key plain obtaining and described information plaintext is parsed from the packet that a upper information transmitting apparatus side joint is received.
Optionally, as shown in fig. 6, described device also includes:
Resolution unit 36, obtains described key for parsing from the packet that a described upper information transmitting apparatus side joint is received Plaintext and described information are in plain text;
Described resolution unit 36 is used for close in the packet being received using the private key pair of current information transmitting apparatus Key ciphertext is decrypted, and obtains described key plain;Using described key plain to the information in the described packet receiving Ciphertext is decrypted, and obtains described information in plain text.
Optionally, as shown in fig. 6, described device also includes:
Authentication unit 37, for described acquiring unit 31 obtain from one information transmitting apparatus side joint receive packet in Before parsing the described key plain obtaining and described information plaintext, according to the path word in the described packet receiving Section, the information being obtained using the deciphering of described key plain send equipment in plain text and from described raw information to an information described The public key of each information transmitting apparatus in transmission equipment, verifies to each signing messages in described signature field;
Described acquiring unit 31 is used for all being proved to be successful for all signing messages when the result of described authentication unit 37 When, acquisition parses, from the packet that a upper information transmitting apparatus side joint is received, the described key plain obtaining and described information is bright Literary composition.
Optionally, as shown in fig. 6, described authentication unit 37 includes:
3rd acquisition module 371, for according to default checking order, obtaining information to be verified from described path field Transmission equipment corresponding complete transmission path, described complete transmission path is included from described originally transmitted equipment to described to be verified All transmission paths of being passed through of the corresponding information receiving device of information transmitting apparatus;
Authentication module 372, for according to by described complete transmission path and the letter being obtained using the deciphering of described key plain Data and the public key of described information transmitting apparatus to be verified that breath forms in plain text, to described information transmitting apparatus to be verified Signing messages verified, until the checking completing to all signing messages.
Optionally, described authentication module 372 is used for according to preset algorithm, calculate by described complete transmission path with utilize institute State the operation values of the data of information plaintext composition that key plain deciphering obtains;According to calculated operation values, described to be tested The public key of the information transmitting apparatus of card, verifies to the signing messages of described information transmitting apparatus to be verified.
Optionally, as shown in fig. 6, described device also includes:
Discarding unit 38, for when the result of described authentication unit 37 is to there is signing messages authentication failed, losing Abandon the information plaintext obtaining using the deciphering of described key plain.
Provided in an embodiment of the present invention checking encrypted data transmission path device, can information transmitting apparatus need to Information receiving device send information when, by include for record each information transmission path path field, be used for storing key The field of ciphertext, the field for storage information ciphertext and the signature for storing the signing messages of each information transmitting apparatus The packet of field is sent to information receiving device, and (wherein, signing messages is the label with regard to transmission path and information plaintext Name), receive after this packet by this information receiving device, can be first close according to itself private key, key ciphertext and information Civilian acquisition information in plain text, is then sent out according to each information that path field, information are transmitted across this information ciphertext in plain text and once Send the public key of equipment, each signing messages in signature field is verified respectively, thus realizing to all transmission paths Checking and the checking of each information transmitting apparatus institute photos and sending messages plaintext, and just retain when all signing messages are all proved to be successful Information in plain text, and then improves the reliability of information receiving device receive information.
Further, according to the method shown in Fig. 4, an alternative embodiment of the invention additionally provides a kind of checking encryption number According to the device of transmission path, described device is applied to information receiving device, as shown in fig. 7, described device mainly includes:Receive single Unit 41, decryption unit 42, authentication unit 43, stick unit 44 and discarding unit 45.Wherein,
Receiving unit 41, for receive information send equipment send packet, wherein, described packet include for Record the path field of each information transmission path, be used for recording the field of key ciphertext, be used for the field of record information ciphertext And for recording the field of the signing messages of each information transmitting apparatus, described key ciphertext is according to information receiving device Public key is encrypted to key plain and obtains, and described key plain is used for encryption information in plain text, and described signing messages is basis The private key of information transmitting apparatus, obtains to carrying out signature by the data that corresponding path field and described information plaintext form 's;
Decryption unit 42, the described number receiving for receiving unit 41 described in the private key pair using described information receiving device It is decrypted according to the key ciphertext in bag, obtain key plain;
The key plain that described decryption unit 42 is additionally operable to using deciphering obtains is entered to the information ciphertext in described packet Row deciphering, obtains information in plain text;
Authentication unit 43, for being obtained using the deciphering of described key plain according to described path field, described decryption unit 42 The information plaintext obtaining and the public key of all information transmitting apparatus being transmitted across described information ciphertext, in described signature field Each signing messages is verified;
Stick unit 44, for when the result of described authentication unit 43 is all proved to be successful for all signing messages, Retain the information obtaining by key plain deciphering in plain text;
Discarding unit 45, for when the result of described authentication unit 43 is to there is signing messages authentication failed, losing Abandon the information obtaining by key plain deciphering in plain text.
Optionally, as shown in figure 8, described authentication unit 43 includes:
Acquisition module 431, for according to default checking order, obtaining information to be verified and sending from described path field Equipment corresponding complete transmission path, described complete transmission path is included from described originally transmitted equipment to described letter to be verified All transmission paths that the breath corresponding information receiving device of transmission equipment is passed through;
Authentication module 432, for according to by described complete transmission path and the letter being obtained using the deciphering of described key plain Data and the public key of described information transmitting apparatus to be verified that breath forms in plain text, to described information transmitting apparatus to be verified Signing messages verified, until the checking completing to all signing messages.
Optionally, described authentication module 432 is used for according to preset algorithm, calculate by described complete transmission path with utilize institute State the operation values of the data of information plaintext composition that key plain deciphering obtains;According to calculated operation values, described to be tested The public key of the information transmitting apparatus of card, verifies to the signing messages of described information transmitting apparatus to be verified.
Provided in an embodiment of the present invention checking encrypted data transmission path device, can information transmitting apparatus need to Information receiving device send information when, by include for record each information transmission path path field, be used for storing key The field of ciphertext, the field for storage information ciphertext and the signature for storing the signing messages of each information transmitting apparatus The packet of field is sent to information receiving device, and (wherein, signing messages is the label with regard to transmission path and information plaintext Name), receive after this packet by this information receiving device, can be first close according to itself private key, key ciphertext and information Civilian acquisition information in plain text, is then sent out according to each information that path field, information are transmitted across this information ciphertext in plain text and once Send the public key of equipment, each signing messages in signature field is verified respectively, thus realizing to all transmission paths Checking and the checking of each information transmitting apparatus institute photos and sending messages plaintext, and just retain when all signing messages are all proved to be successful Information in plain text, and then improves the reliability of information receiving device receive information.
Further, according to said apparatus embodiment, an alternative embodiment of the invention additionally provides a kind of checking encryption The system of data transfer path, as shown in figure 9, described system includes:Information transmitting apparatus 51 and information receiving device 52;Its In, described information sends equipment 51 and includes the device as described in Fig. 5 or 6;Described information receiving device 52 is included as Fig. 7 or 8 institute The device stated.
Provided in an embodiment of the present invention checking encrypted data transmission path system, can information transmitting apparatus need to Information receiving device send information when, by include for record each information transmission path path field, be used for storing key The field of ciphertext, the field for storage information ciphertext and the signature for storing the signing messages of each information transmitting apparatus The packet of field is sent to information receiving device, and (wherein, signing messages is the label with regard to transmission path and information plaintext Name), receive after this packet by this information receiving device, can be first close according to itself private key, key ciphertext and information Civilian acquisition information in plain text, is then sent out according to each information that path field, information are transmitted across this information ciphertext in plain text and once Send the public key of equipment, each signing messages in signature field is verified respectively, thus realizing to all transmission paths Checking and the checking of each information transmitting apparatus institute photos and sending messages plaintext, and just retain when all signing messages are all proved to be successful Information in plain text, and then improves the reliability of information receiving device receive information.
In the above-described embodiments, the description to each embodiment all emphasizes particularly on different fields, and does not have the portion described in detail in certain embodiment Point, may refer to the associated description of other embodiment.
It is understood that the correlated characteristic in said method and device can mutually reference.In addition, in above-described embodiment " first ", " second " etc. be for distinguishing each embodiment, and do not represent the quality of each embodiment.
Those skilled in the art can be understood that, for convenience and simplicity of description, the system of foregoing description, Device and the specific work process of unit, may be referred to the corresponding process in preceding method embodiment, will not be described here.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein. Various general-purpose systems can also be used together with based on teaching in this.As described above, construct required by this kind of system Structure be obvious.Additionally, the present invention is also not for any certain programmed language.It is understood that, it is possible to use various Programming language realizes the content of invention described herein, and the description above language-specific done is to disclose this Bright preferred forms.
In description mentioned herein, illustrate a large amount of details.It is to be appreciated, however, that the enforcement of the present invention Example can be put into practice in the case of not having these details.In some instances, known method, structure are not been shown in detail And technology, so as not to obscure the understanding of this description.
Similarly it will be appreciated that in order to simplify the disclosure and help understand one or more of each inventive aspect, Above in the description to the exemplary embodiment of the present invention, each feature of the present invention is grouped together into single enforcement sometimes In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:I.e. required guarantor The application claims of shield more features than the feature being expressly recited in each claim.More precisely, it is such as following Claims reflected as, inventive aspect is all features less than single embodiment disclosed above.Therefore, The claims following specific embodiment are thus expressly incorporated in this specific embodiment, wherein each claim itself All as the separate embodiments of the present invention.
Those skilled in the art are appreciated that and the module in the equipment in embodiment can be carried out adaptively Change and they are arranged in one or more equipment different from this embodiment.Can be the module in embodiment or list Unit or assembly be combined into a module or unit or assembly, and can be divided in addition multiple submodule or subelement or Sub-component.In addition to such feature and/or at least some of process or unit exclude each other, can adopt any Combination is to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so disclosed Where method or all processes of equipment or unit are combined.Unless expressly stated otherwise, this specification (includes adjoint power Profit requires, summary and accompanying drawing) disclosed in each feature can carry out generation by the alternative features providing identical, equivalent or similar purpose Replace.
Although additionally, it will be appreciated by those of skill in the art that some embodiments described herein include other embodiments In included some features rather than further feature, but the combination of the feature of different embodiment means to be in the present invention's Within the scope of and form different embodiments.For example, in the following claims, embodiment required for protection appoint One of meaning can in any combination mode using.
The all parts embodiment of the present invention can be realized with hardware, or to run on one or more processor Software module realize, or with combinations thereof realize.It will be understood by those of skill in the art that can use in practice Microprocessor or digital signal processor (DSP) are realizing checking encrypted data transmission path according to embodiments of the present invention The some or all functions of some or all parts in method and device.The present invention is also implemented as executing this In described some or all equipment of method or program of device (for example, computer program and computer program Product).Such program realizing the present invention can store on a computer-readable medium, or can have one or many The form of individual signal.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or with Any other form provides.
It should be noted that above-described embodiment the present invention will be described rather than limits the invention, and ability Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference markss between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not Element listed in the claims or step.Word "a" or "an" before element does not exclude the presence of multiple such Element.The present invention can come real by means of the hardware including some different elements and by means of properly programmed computer Existing.If in the unit claim listing equipment for drying, several in these devices can be by same hardware branch To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame Claim.

Claims (6)

1. a kind of method in checking encrypted data transmission path is it is characterised in that methods described includes:
Receive information sends the packet that equipment sends, and wherein, described packet is included for recording each information transfer road The path field in footpath, for recording the field of key ciphertext, recording each letter for the field and being used for of record information ciphertext The field of the signing messages of breath transmission equipment, described key ciphertext is that the public key according to information receiving device is carried out to key plain Encryption obtains, and described key plain is used for encryption information in plain text, and described signing messages is the private key according to information transmitting apparatus, Obtain to carrying out signing by the data that corresponding path field and described information plaintext form;
It is decrypted using the key ciphertext in packet described in the private key pair of described information receiving device, obtain key plain;
Using the key plain that deciphering obtains, the information ciphertext in described packet is decrypted, obtains information in plain text;
In plain text and it is transmitted across described information ciphertext according to described path field, using the information that the deciphering of described key plain obtains All information transmitting apparatus public key, each signing messages in described signature field is verified;
If all signing messages are all proved to be successful, retain the information obtaining by key plain deciphering in plain text;
If there is signing messages authentication failed, abandon the information obtaining by key plain deciphering in plain text.
2. method according to claim 1 it is characterised in that described according to described path field, using described key bright The information plaintext obtaining and the public key of all information transmitting apparatus being transmitted across described information ciphertext deciphered in literary composition, to described signature Each signing messages in field carries out checking and includes:
According to default checking order, obtain information transmitting apparatus to be verified corresponding complete transmission road from described path field Footpath, described complete transmission path is included from described originally transmitted equipment to the corresponding information of described information transmitting apparatus to be verified All transmission paths that receiving device is passed through;
According to by described complete transmission path and the data that forms of information plaintext being obtained using the deciphering of described key plain and The public key of described information transmitting apparatus to be verified, verifies to the signing messages of described information transmitting apparatus to be verified, Until completing the checking to all signing messages.
3. method according to claim 2 it is characterised in that described basis by described complete transmission path with using described Data and the public key of described information transmitting apparatus to be verified that the information that key plain deciphering obtains forms in plain text, to described The signing messages of information transmitting apparatus to be verified carries out checking and includes:
According to preset algorithm, calculate by described complete transmission path and the information plaintext group being obtained using the deciphering of described key plain The operation values of the data becoming;
According to the public key of calculated operation values, described information transmitting apparatus to be verified, described information to be verified is sent out The signing messages sending equipment is verified.
4. a kind of device in checking encrypted data transmission path is it is characterised in that described device includes:
Receiving unit, sends, for receive information, the packet that equipment sends, and wherein, described packet includes every for recording The path field of secondary information transmission path, field, the field for record information ciphertext and use for recording key ciphertext In the field of the signing messages recording each information transmitting apparatus, described key ciphertext is the public key pair according to information receiving device Key plain is encrypted and obtains, and described key plain is used for encryption information in plain text, and described signing messages is to be sent out according to information Send the private key of equipment, obtain to carrying out signing by the data that corresponding path field and described information plaintext form;
Decryption unit, in the described packet receiving for receiving unit described in the private key pair using described information receiving device Key ciphertext is decrypted, and obtains key plain;
The key plain that described decryption unit is additionally operable to using deciphering obtains is decrypted to the information ciphertext in described packet, Acquisition information is in plain text;
Authentication unit, for utilizing described key plain to decipher the information obtaining according to described path field, described decryption unit In plain text and be transmitted across described information ciphertext all information transmitting apparatus public key, to each signature in described signature field Information is verified;
Stick unit, for when the result of described authentication unit is all proved to be successful for all signing messages, reservation is passed through The information that key plain deciphering obtains is in plain text;
Discarding unit, for when the result of described authentication unit is to there is signing messages authentication failed, abandoning by close The information that key plaintext decryption obtains is in plain text.
5. device according to claim 4 is it is characterised in that described authentication unit includes:
Acquisition module, for according to default checking order, obtaining information transmitting apparatus pair to be verified from described path field The complete transmission path answered, described complete transmission path includes sending from described originally transmitted equipment to described information to be verified All transmission paths that the corresponding information receiving device of equipment is passed through;
Authentication module, for according to by described complete transmission path and the information plaintext group being obtained using the deciphering of described key plain The data becoming and the public key of described information transmitting apparatus to be verified, the A.L.S. to described information transmitting apparatus to be verified Breath is verified, until completing the checking to all signing messages.
6. device according to claim 5 is it is characterised in that described authentication module is used for according to preset algorithm, calculate by The operation values of the data that described complete transmission path is formed with the information plaintext being obtained using the deciphering of described key plain;According to meter The operation values that obtain, the public key of described information transmitting apparatus to be verified, the label to described information transmitting apparatus to be verified Name information is verified.
CN201611169296.5A 2016-12-16 2016-12-16 Method and device for verifying encrypted data transmission paths Pending CN106453430A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611169296.5A CN106453430A (en) 2016-12-16 2016-12-16 Method and device for verifying encrypted data transmission paths

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611169296.5A CN106453430A (en) 2016-12-16 2016-12-16 Method and device for verifying encrypted data transmission paths

Publications (1)

Publication Number Publication Date
CN106453430A true CN106453430A (en) 2017-02-22

Family

ID=58216629

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611169296.5A Pending CN106453430A (en) 2016-12-16 2016-12-16 Method and device for verifying encrypted data transmission paths

Country Status (1)

Country Link
CN (1) CN106453430A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109347627A (en) * 2018-09-19 2019-02-15 平安科技(深圳)有限公司 Data encryption/decryption method, device, computer equipment and storage medium
CN109657479A (en) * 2017-10-11 2019-04-19 厦门雅迅网络股份有限公司 Data leakage prevention method and computer readable storage medium
CN110035036A (en) * 2018-01-12 2019-07-19 中国移动通信有限公司研究院 Data transmission method, device, the network equipment and storage medium
CN115549993A (en) * 2022-09-19 2022-12-30 山东大学 Multi-task cost evaluation method and system based on graph path secret calculation

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101198971A (en) * 2005-06-14 2008-06-11 Nxp股份有限公司 Transponder system for transmitting key-encrypted information and associated keys
CN101442409A (en) * 2007-11-23 2009-05-27 东方钢铁电子商务有限公司 Encipher method and system for B2B data exchange
US20150381589A1 (en) * 2014-06-28 2015-12-31 Vmware, Inc. Asynchronous encryption and decryption of virtual machine memory for live migration
CN105376098A (en) * 2015-11-30 2016-03-02 中国互联网络信息中心 Route origin and path two-factor authentication method
CN105610847A (en) * 2016-01-08 2016-05-25 成都卫士通信息产业股份有限公司 Method for supporting security transmission and exchange of electronic official documents of multiple exchange nodes

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101198971A (en) * 2005-06-14 2008-06-11 Nxp股份有限公司 Transponder system for transmitting key-encrypted information and associated keys
CN101442409A (en) * 2007-11-23 2009-05-27 东方钢铁电子商务有限公司 Encipher method and system for B2B data exchange
US20150381589A1 (en) * 2014-06-28 2015-12-31 Vmware, Inc. Asynchronous encryption and decryption of virtual machine memory for live migration
CN105376098A (en) * 2015-11-30 2016-03-02 中国互联网络信息中心 Route origin and path two-factor authentication method
CN105610847A (en) * 2016-01-08 2016-05-25 成都卫士通信息产业股份有限公司 Method for supporting security transmission and exchange of electronic official documents of multiple exchange nodes

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109657479A (en) * 2017-10-11 2019-04-19 厦门雅迅网络股份有限公司 Data leakage prevention method and computer readable storage medium
CN109657479B (en) * 2017-10-11 2023-03-28 厦门雅迅网络股份有限公司 Data leakage prevention method and computer readable storage medium
CN110035036A (en) * 2018-01-12 2019-07-19 中国移动通信有限公司研究院 Data transmission method, device, the network equipment and storage medium
CN109347627A (en) * 2018-09-19 2019-02-15 平安科技(深圳)有限公司 Data encryption/decryption method, device, computer equipment and storage medium
CN109347627B (en) * 2018-09-19 2023-08-29 平安科技(深圳)有限公司 Data encryption and decryption method and device, computer equipment and storage medium
CN115549993A (en) * 2022-09-19 2022-12-30 山东大学 Multi-task cost evaluation method and system based on graph path secret calculation
CN115549993B (en) * 2022-09-19 2024-04-26 山东大学 Multitasking cost evaluation method and system based on graph path dense state calculation

Similar Documents

Publication Publication Date Title
EP3025226B1 (en) Media client device authentication using hardware root of trust
KR101010040B1 (en) File encryption/decryption method, device, program, and computer-readable recording medium containing the program
US9053332B2 (en) Policy for secure packet transmission using required node paths and cryptographic signatures
CN108566381A (en) A kind of security upgrading method, device, server, equipment and medium
CN106506146A (en) Based on the Transaction Information method of calibration of block chain technology, apparatus and system
CN106055936B (en) Executable program data packet encrypting/decrypting method and device
CN103546289B (en) USB (universal serial bus) Key based secure data transmission method and system
CN110891061B (en) Data encryption and decryption method and device, storage medium and encrypted file
JP2016515235A5 (en)
CN106612180A (en) Method and device for realizing session identifier synchronization
CN102413132A (en) Two-way-security-authentication-based data downloading method and system
CN109618341A (en) A kind of digital signature authentication method, system, device and storage medium
CN106101150B (en) The method and system of Encryption Algorithm
CN106453430A (en) Method and device for verifying encrypted data transmission paths
CN105490997B (en) Safe checking method, device, terminal and server
CN102970676B (en) A kind of method handled initial data, Internet of things system and terminal
CN109144552A (en) A kind of boot firmware method for refreshing and device
CN107896222A (en) A kind of data processing method and system
CN112217636B (en) Data processing method and device based on block chain, computer equipment and medium
CN106411964A (en) Traceable and encrypted data transmission method and device
CN107026729B (en) Method and device for transmitting software
CN109981667A (en) A kind of user data transmission method and device
CN103179088B (en) The guard method of CGI(Common gateway interface) business and system
CN106603534A (en) System sharing traceable encrypted data
CN108600180A (en) A kind of image verification method and device based on block chain

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170222

RJ01 Rejection of invention patent application after publication