CN106506470B - network data security transmission method - Google Patents

network data security transmission method Download PDF

Info

Publication number
CN106506470B
CN106506470B CN201610929621.7A CN201610929621A CN106506470B CN 106506470 B CN106506470 B CN 106506470B CN 201610929621 A CN201610929621 A CN 201610929621A CN 106506470 B CN106506470 B CN 106506470B
Authority
CN
China
Prior art keywords
key
message
data
certificate
initial data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610929621.7A
Other languages
Chinese (zh)
Other versions
CN106506470A (en
Inventor
郑驰
梁思谦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Datang High Hung Principal (zhejiang) Mdt Infotech Ltd
Original Assignee
Datang High Hung Principal (zhejiang) Mdt Infotech Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Datang High Hung Principal (zhejiang) Mdt Infotech Ltd filed Critical Datang High Hung Principal (zhejiang) Mdt Infotech Ltd
Priority to CN201610929621.7A priority Critical patent/CN106506470B/en
Publication of CN106506470A publication Critical patent/CN106506470A/en
Application granted granted Critical
Publication of CN106506470B publication Critical patent/CN106506470B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention discloses a kind of network data security transmission method, including:Recipient is based on credible platform module and creates public private key pair, preserves private key, and the authenticated mechanism of public key is generated public key certificate;Sender obtains public key certificate, and session key is generated based on credible platform module;Original data processing is generated digital envelope by sender, is sent to recipient;Digital digest A including calculating initial data;It is based on symmetric encipherment algorithm using session key and ciphertext data are generated to initial data and digital digest A encryptions;Session key is encrypted based on rivest, shamir, adelman and generates ciphertext key;Recipient receives digital envelope;It is handled:Session key is obtained to ciphertext secret key decryption using private key based on credible platform module;Symmetric encipherment algorithm is based on to ciphertext data deciphering using session key, obtains initial data and digital digest A;The digital digest B for calculating initial data, compares digital digest B, A.The security reliability of network data transmission can be improved in the present invention.

Description

Network data security transmission method
Technical field
The present invention provides a kind of network data security transmission method, belongs to field of information security technology.
Background technology
Message-oriented middleware is suitable for any required system for carrying out network communication, is responsible for establishing the channel of network communication, real Existing data transmission.Credential-Security mechanism is used between in the message in the communication process of part, it is ensured that communication security, in communication The data of transmission carry out secondary encryption, then can further improve the safety of transmitted data on network.
Invention content
In view of the foregoing, the purpose of the present invention is to provide a kind of network data security transmission methods, by data It is encrypted, the processing such as digital signature, the safety and integrity that data are transmitted in a network can be improved.
To achieve the above object, the present invention uses following technical scheme:
A kind of network data security transmission method, includes the following steps:
Network data security transmission method, which is characterized in that include the following steps:
S1:Message receiver is based on credible platform module and creates public, private key pair, preserves private key, public key is sent to certification Mechanism generates public key certificate;
S2:Message sender obtains the public key certificate from certification authority, and session key is generated based on credible platform module;
S3:Message sender handles initial data, and the digital envelope of generation is sent to message receiver;Packet It includes:
Calculate the digital digest A of initial data;Using the session key, based on symmetric encipherment algorithm to initial data and number Word abstract A is encrypted, and generates ciphertext data;Session key is encrypted based on rivest, shamir, adelman, is generated close Literary key;The digital envelope includes ciphertext data and ciphertext key;
S4:Message receiver receives the digital envelope, and processing is carried out to it and generates initial data, and is carried out to initial data Verification;Including:
Private key is read from credible platform module, and ciphertext key is decrypted based on rivest, shamir, adelman,
Obtain session key;Using the session key, ciphertext data are decrypted based on symmetric encipherment algorithm,
Obtain initial data and digital digest A;Calculate the digital digest B of initial data decrypted, by digital digest B with Digital digest A is compared, and carries out the verification of data integrity.
Further,
Secure communication channel is established between the message sender and message receiver.
In the step S1, message receiver is based on credible platform module, and institute is created using the close SM2 elliptic curves of state State public, private key pair.
The symmetric encipherment algorithm is the close symmetric encipherment algorithm SM4 of state, and the rivest, shamir, adelman is that elliptic curve is public Key cryptographic algorithm SM2 calculates the digital digest of the initial data based on the close hash algorithm SM3 of state.
It is an advantage of the invention that:
The network data security transmission method of the present invention, to the number transmitted in the secure communication channel of message-oriented middleware foundation According to secondary encryption is carried out, the digital envelope based on credible platform module TPM, Public Key Infrastructure PKI and national secret algorithm adds Close mode ensures the safety of encryption and decryption key, improves Information Security and high efficiency;To initial data be digitally signed with Verification of data integrity can effectively improve the security reliability based on transmitted data on network.
Description of the drawings
Fig. 1 is flow chart of the method for the present invention.
Fig. 2 is the method flow diagram that initial data is encrypted in the message sender of the present invention.
Fig. 3 is the method flow diagram that the message receiver of the present invention is decrypted cipher-text message and verifies.
Specific implementation mode
Below in conjunction with drawings and examples, the present invention is described in further detail.
The network data security transmission method of the present invention, it is network-based with message receiver for realizing message sender Data communicate, and the secure communication channel for being used for transmission data have been established between message sender and message receiver, that is, build The communication channel of the SSL/TLS connections based on certificate is found.
The specific implementation for establishing secure communication channel is:
Ca authentication certificate, server-side certificate, client certificate, ca authentication certificate pair are generated using related national secret algorithm first The certificate of server-side and client is signed, it is ensured that the safety of certificate, a ca authentication certificate can be to multiple server-sides Certificate and client certificate are signed.Ca authentication certificate and server-side certificate, client are stored between in the message in part server-side End is communicated using its client certificate with message-oriented middleware, after certification authentication passes through, is established credible connection, that is, is established secure communication Channel.
As shown in Figs. 1-3, network data security transmission method disclosed by the invention, includes the following steps:
S1:Message receiver is based on credible platform module (TPM:Trusted Platform Module) it is close ellipse using state Circular curve public key algorithm SM2 creates public private key pair, and credible platform module preserves private key, exports public key, should to certification authority's registration Public key is applied and generates public key certificate;
The certification authority is the organization based on Public Key Infrastructure PKI.
S2:Message sender obtains the public key certificate from certification authority, and close based on credible platform module generation session Key;
Credible platform module provides interface and generates random key, which is session key.
S3:The initial data that message sender is sent to message receiver, generates digital envelope after processing, is sent to and disappears Cease recipient:
To initial data carry out data processing process include:
S31:The digital digest A of initial data is calculated using the close hash algorithm SM3 of state,
S32:Using session key, initial data and digital digest A are encrypted based on state close symmetric encipherment algorithm SM4 Operation generates ciphertext data;
S33:Operation is encrypted to session key based on state close ellipse curve public key cipher algorithm SM2, it is close to generate ciphertext Key;
The digital envelope includes the ciphertext data generated and ciphertext key.
S4:Message receiver receives the digital envelope, and following decryption processing is carried out to digital envelope:
S41:Private key is read out from credible platform module, based on the close ellipse curve public key cipher algorithm SM2 of state to ciphertext Key is decrypted, and obtains session key;
S42:Using the session key, ciphertext data are decrypted based on state close symmetric encipherment algorithm SM4, are obtained original Data and digital digest A;
S43:The digital digest B that the initial data decrypted is calculated based on the close hash algorithm SM3 of state, by digital digest B It is compared with digital digest A, if the two is consistent, data integrity validation passes through, if the two is inconsistent, data are usurped Change, this data transmission fails, subsequent processing need to be carried out, such as requires message sender to retransmit data, or send out alarm log Deng.
The network data security transmission method of the present invention is calculated based on credible platform module, the close ellipse curve public key cipher of state Method SM2, the close symmetric encipherment algorithm SM4 of state, the close hash algorithm SM3 of state build message-oriented middleware in conjunction with Public Key Infrastructure PKI The data transmitted in vertical secure communication channel carry out secondary encryption, including carry out symmetric cryptography processing to initial data, To the processing of the asymmetric encryption of session key, to improve Information Security and high efficiency, to initial data be digitally signed with Verification of data integrity can effectively improve the security reliability based on transmitted data on network.
The above is presently preferred embodiments of the present invention and its technical principle used, for those skilled in the art For, without departing from the spirit and scope of the present invention, any equivalent change based on the basis of technical solution of the present invention Change, simple replacement etc. is obvious changes, all fall within the protection scope of the present invention.

Claims (3)

1. a kind of network data security transmission method, has been established between message sender and message receiver and is used for transmission data Secure communication channel, which is characterized in that
The method for establishing secure communication channel is:Using national secret algorithm generate ca authentication certificate, message-oriented middleware server-side certificate, Message sender and message receiver certificate, using ca authentication certificate to message middleware services end certificate and message sender and Message receiver certificate is signed;Ca authentication certificate and message-oriented middleware server-side card are stored between in the message in part server-side Book, message sender and message receiver are communicated using its certificate with message-oriented middleware server-side, after certification authentication passes through, are established Secure communication channel;
The network data security transmission method includes the following steps:
S1:Message receiver is based on credible platform module and creates public, private key pair, preserves private key, public key is sent to certification authority, Generate public key certificate;
S2:Message sender obtains the public key certificate from certification authority, and session key is generated based on credible platform module;
S3:Message sender handles initial data, and the digital envelope of generation is sent to message receiver, including:
Calculate the digital digest A of initial data;Using the session key, initial data and number are plucked based on symmetric encipherment algorithm It wants A to be encrypted, generates ciphertext data;Session key is encrypted based on rivest, shamir, adelman, it is close to generate ciphertext Key;The digital envelope includes ciphertext data and ciphertext key;
S4:Message receiver receives the digital envelope, and processing is carried out to it and generates initial data, and is tested initial data Card;Including:
Private key is read from credible platform module, and ciphertext key is decrypted based on rivest, shamir, adelman, it is close to obtain session Key;Using the session key, ciphertext data are decrypted based on symmetric encipherment algorithm, obtain initial data and digital digest A; The digital digest B for calculating the initial data decrypted, digital digest B is compared with digital digest A, carries out data integrity Verification.
2. network data security transmission method according to claim 1, which is characterized in that in the step S1, message connects Debit is based on credible platform module, and the public, private key pair is created using the close ellipse curve public key cipher algorithm SM2 of state.
3. network data security transmission method according to claim 2, which is characterized in that the symmetric encipherment algorithm is state Close symmetric encipherment algorithm SM4, the rivest, shamir, adelman is the close ellipse curve public key cipher algorithm SM2 of state, close miscellaneous based on state The algorithm SM3 that gathers calculates the digital digest of the initial data.
CN201610929621.7A 2016-10-31 2016-10-31 network data security transmission method Active CN106506470B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610929621.7A CN106506470B (en) 2016-10-31 2016-10-31 network data security transmission method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610929621.7A CN106506470B (en) 2016-10-31 2016-10-31 network data security transmission method

Publications (2)

Publication Number Publication Date
CN106506470A CN106506470A (en) 2017-03-15
CN106506470B true CN106506470B (en) 2018-07-27

Family

ID=58318941

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610929621.7A Active CN106506470B (en) 2016-10-31 2016-10-31 network data security transmission method

Country Status (1)

Country Link
CN (1) CN106506470B (en)

Families Citing this family (44)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108737334A (en) * 2017-04-17 2018-11-02 中国科学院微电子研究所 A kind of ECG detecting data uploading system and method
CN107277007A (en) * 2017-06-14 2017-10-20 山东中创软件商用中间件股份有限公司 A kind of data encryption and transmission method and device
CN107493271A (en) * 2017-07-28 2017-12-19 大唐高鸿信安(浙江)信息科技有限公司 Credible and secure network system
CN107425970A (en) * 2017-09-27 2017-12-01 郑州云海信息技术有限公司 A kind of document transmission method, transmitting terminal, receiving terminal and the medium of P2P networks
CN109802834A (en) * 2017-11-16 2019-05-24 航天信息股份有限公司 The method and system that a kind of pair of business layer data is encrypted, decrypted
CN108199838B (en) * 2018-01-31 2020-05-05 北京深思数盾科技股份有限公司 Data protection method and device
CN112075051A (en) * 2018-03-02 2020-12-11 日东电工株式会社 System and method for securing data communications between computers
CN108537314A (en) * 2018-03-27 2018-09-14 中国工商银行股份有限公司 Product marketing system and method based on Quick Response Code
CN108696360A (en) * 2018-04-16 2018-10-23 北京虎符信息技术有限公司 A kind of CA certificate distribution method and system based on CPK keys
CN108848094B (en) * 2018-06-22 2021-04-16 平安科技(深圳)有限公司 Data security verification method, device, system, computer equipment and storage medium
CN109150865A (en) * 2018-08-07 2019-01-04 厦门市美亚柏科信息股份有限公司 A kind of protection, device and the storage medium of mobile terminal APP communications protocol
CN111107038B (en) * 2018-10-25 2022-07-29 山东量子科学技术研究院有限公司 Encryption method, decryption method and device
CN109462476B (en) * 2018-11-23 2021-10-08 成都卫士通信息产业股份有限公司 Key agreement method, device, terminal and computer readable storage medium
CN112422487A (en) * 2019-08-23 2021-02-26 北京小米移动软件有限公司 Data transmission method, device, system and computer readable storage medium
CN112448934A (en) * 2019-09-03 2021-03-05 无锡江南计算技术研究所 Software trusted message implementation method based on abstract
CN110635990B (en) * 2019-09-12 2021-04-06 核芯互联科技(青岛)有限公司 Method and system for receiving electronic file issuing receipt by communication network node
CN110730184B (en) * 2019-10-22 2021-11-05 江苏先安科技有限公司 Novel bidding encryption and decryption method based on SM2 cryptographic algorithm
CN111372247A (en) * 2019-12-23 2020-07-03 国网天津市电力公司 Terminal secure access method and terminal secure access system based on narrowband Internet of things
CN111538973A (en) * 2020-03-26 2020-08-14 成都云巢智联科技有限公司 Personal authorization access control system based on state cryptographic algorithm
CN111586680A (en) * 2020-05-15 2020-08-25 中国南方电网有限责任公司 Power grid end-to-end communication encryption system and method, communication equipment and storage medium
CN111884993B (en) * 2020-06-10 2023-02-03 广东工业大学 CAN bus encryption method for encrypting data by applying encryption algorithm
CN111726346B (en) * 2020-06-15 2022-11-11 合肥哈工轩辕智能科技有限公司 Data secure transmission method, device and system
CN111818026A (en) * 2020-06-24 2020-10-23 杭州缥缈峰科技有限公司 Data encryption method and system for public network transmission
CN112235107B (en) * 2020-10-27 2023-03-03 南方电网科学研究院有限责任公司 Data transmission method, device, equipment and storage medium
CN112968859A (en) * 2020-11-27 2021-06-15 长威信息科技发展股份有限公司 Encryption storage system for work privacy data
CN112713987B (en) * 2020-12-10 2022-07-26 北京握奇数据股份有限公司 System and method for establishing session key between CA and TA
CN112769764A (en) * 2020-12-23 2021-05-07 南方电网电力科技股份有限公司 Metering data transmission key storage method of instrument and transmission method and device thereof
CN113242235A (en) * 2021-05-08 2021-08-10 卡斯柯信号有限公司 System and method for encrypting and authenticating railway signal secure communication protocol RSSP-I
CN113726503B (en) * 2021-07-12 2023-11-14 国网山东省电力公司信息通信公司 Method and system for protecting web interaction information
CN113468569A (en) * 2021-07-13 2021-10-01 京东科技控股股份有限公司 Data encryption method and device and data decryption method and device
CN114124557B (en) * 2021-11-30 2024-05-14 袁林英 Information security access control method based on big data
CN114338200A (en) * 2021-12-30 2022-04-12 南京卓宇智能科技有限公司 Method for encrypting signal-to-noise ratio information of broadband adaptive modulation channel estimation
CN114567486B (en) * 2022-03-01 2024-02-13 上海浦东软件平台有限公司 Method and system for regulating and controlling metering parameters of intelligent metering equipment
CN114531235B (en) * 2022-03-01 2023-06-13 中国科学院软件研究所 Communication method and system for end-to-end encryption
CN114826656A (en) * 2022-03-02 2022-07-29 国家电网有限公司大数据中心 Trusted data link transmission method and system
CN114697095A (en) * 2022-03-23 2022-07-01 中山大学 Hybrid encryption and decryption method, system, device and medium
CN114553420B (en) * 2022-04-21 2022-09-13 济南量子技术研究院 Digital envelope packaging method based on quantum key and data secret communication network
CN115208632B (en) * 2022-06-16 2023-11-07 国网浙江省电力有限公司营销服务中心 Front-end and back-end data encryption transmission method and system
CN115134135A (en) * 2022-06-23 2022-09-30 广州物联网研究院 Data privacy calculation method, storage medium and computer equipment
CN115242392B (en) * 2022-08-01 2024-03-26 北京成鑫盈通科技有限公司 Method and system for realizing industrial information safety transmission based on safety transmission protocol
CN115102788B (en) * 2022-08-10 2023-01-17 北京安盟信息技术股份有限公司 Method for improving performance of digital envelope through key reuse and digital envelope
CN115549987A (en) * 2022-09-19 2022-12-30 广州图灵科技有限公司 Hybrid encryption method based on data security and privacy protection
CN115660519A (en) * 2022-11-15 2023-01-31 广东优算科技有限公司 Block chain-based marine service platform implementation method, system, device and medium
CN116244750A (en) * 2023-03-20 2023-06-09 云海链控股股份有限公司 Secret-related information maintenance method, device, equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7263619B1 (en) * 2002-06-26 2007-08-28 Chong-Lim Kim Method and system for encrypting electronic message using secure ad hoc encryption key
CN103490895A (en) * 2013-09-12 2014-01-01 北京斯庄格科技有限公司 Industrial control identity authentication method and device with state cryptographic algorithms
CN105323070A (en) * 2015-02-09 2016-02-10 北京中油瑞飞信息技术有限责任公司 Method for realizing security electronic mail based on digital envelope

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102118710A (en) * 2011-03-08 2011-07-06 上海红松信息技术有限公司 System and method for transmitting data between mobile terminals
CN104580180A (en) * 2014-12-26 2015-04-29 北京佳月隶平软件有限公司 Data encryption method, data decryption method and devices

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7263619B1 (en) * 2002-06-26 2007-08-28 Chong-Lim Kim Method and system for encrypting electronic message using secure ad hoc encryption key
CN103490895A (en) * 2013-09-12 2014-01-01 北京斯庄格科技有限公司 Industrial control identity authentication method and device with state cryptographic algorithms
CN105323070A (en) * 2015-02-09 2016-02-10 北京中油瑞飞信息技术有限责任公司 Method for realizing security electronic mail based on digital envelope

Also Published As

Publication number Publication date
CN106506470A (en) 2017-03-15

Similar Documents

Publication Publication Date Title
CN106506470B (en) network data security transmission method
CN111835752B (en) Lightweight authentication method based on equipment identity and gateway
US11323276B2 (en) Mutual authentication of confidential communication
CN107919956B (en) End-to-end safety guarantee method in cloud environment facing to Internet of things
US10903991B1 (en) Systems and methods for generating signatures
CN107948189B (en) Asymmetric password identity authentication method and device, computer equipment and storage medium
CN107947913B (en) Anonymous authentication method and system based on identity
US20180375663A1 (en) Secure communications providing forward secrecy
CN106789042B (en) Authentication key negotiation method for user in IBC domain to access resources in PKI domain
CN110048849B (en) Multi-layer protection session key negotiation method
US20130191632A1 (en) System and method for securing private keys issued from distributed private key generator (d-pkg) nodes
CN110113150B (en) Encryption method and system based on non-certificate environment and capable of repudiation authentication
CN103780618A (en) Method for cross-isomerism domain identity authentication and session key negotiation based on access authorization ticket
CN103763356A (en) Establishment method, device and system for connection of secure sockets layers
CN102111416B (en) Real time data encryption transmission method for voice over internet protocol (VoIP)
CN101931536B (en) Method for encrypting and authenticating efficient data without authentication center
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
CN102387152A (en) Preset-key-based symmetric encryption communication method
KR20100050846A (en) System and method for interchanging key
CN101958907A (en) Method, system and device for transmitting key
CN104767612A (en) Signcryption method from certificateless environment to public key infrastructure environment
JP2010004288A (en) Secret information transmission system, secret information transmission method, secret information management server, encryption device, secret information transmission program
CN114553441B (en) Electronic contract signing method and system
CN114650173A (en) Encryption communication method and system
CN112532648A (en) Security access method and system based on hybrid cryptosystem

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant