CN106790223B - Data transmission method, equipment and system - Google Patents
Data transmission method, equipment and system Download PDFInfo
- Publication number
- CN106790223B CN106790223B CN201710023925.1A CN201710023925A CN106790223B CN 106790223 B CN106790223 B CN 106790223B CN 201710023925 A CN201710023925 A CN 201710023925A CN 106790223 B CN106790223 B CN 106790223B
- Authority
- CN
- China
- Prior art keywords
- server
- unit
- key
- public
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Abstract
The embodiment of the invention discloses a method, equipment and a system for data transmission, wherein the method comprises the following steps: the device sends a communication connection request to the server so that the server sends a public key to the device after receiving the communication connection request, and the server prestores at least one group of public keys and private keys; if the equipment receives the public key sent by the server, the equipment generates a symmetric key according to the current communication connection request, and the symmetric key is different when the communication connection request is different; the device encrypts local information by using the public key, wherein the local information comprises a symmetric key; the device sends the encrypted local information to the server so that the server can decrypt the encrypted local information according to the private key matched with the public key to obtain a symmetric key; the device uses the symmetric key to carry out encrypted communication with the server until the current encrypted communication channel is interrupted. The embodiment of the invention provides the dynamically changed symmetric key through the method, thereby improving the safety of information transmission.
Description
Technical Field
The present invention relates to the field of internet technologies, and in particular, to a method, a device, and a system for data transmission.
Background
With the development of internet communication technology, internet of things technology is applied to more and more scenes, such as an elevator internet of things. In the existing internet of things technology, data transmission is generally performed between equipment and a server in a symmetric encryption or plaintext mode, and a symmetric encryption key is fixed and unchanged during symmetric encryption transmission, so that once the symmetric encryption key is broken, great potential safety hazards are caused.
Disclosure of Invention
Embodiments of the present invention provide a method, an apparatus, and a system for data transmission, which can provide a dynamically changing symmetric key, that is, a current symmetric key is different from a previously generated symmetric key, so as to improve security of information transmission.
In a first aspect, an embodiment of the present invention provides a method for data transmission, where the method includes:
the device sends a communication connection request to the server so that the server sends a public key to the device after receiving the communication connection request, and the server prestores at least one group of public keys and private keys; if the equipment receives the public key sent by the server, the equipment generates a symmetric key according to the current communication connection request, wherein different communication connection requests correspond to different symmetric keys; the device encrypts local information by using the public key, wherein the local information comprises a symmetric key; the device sends the encrypted local information to the server so that the server can decrypt the encrypted local information according to the private key matched with the public key to obtain a symmetric key; the device uses the symmetric key to carry out encrypted communication with the server until the current encrypted communication channel is interrupted.
In another aspect, an embodiment of the present invention provides an apparatus, where the apparatus includes: the device comprises a first transceiver unit, a generating unit, a first encryption unit, a first transceiver unit and a first communication unit.
The first transceiving unit is used for sending a communication connection request to the server so that the server can send a public key to the equipment after receiving the communication connection request, and at least one group of public key and private key is prestored on the server; the generating unit is used for generating a symmetric key according to the current communication connection request if the public key sent by the server is received, wherein different communication connection requests correspond to different symmetric keys; the first encryption unit is used for encrypting the local information by using the public key, and the local information comprises a symmetric key; the first transceiving unit is further used for sending the encrypted local information to the server so that the server can decrypt the encrypted local information according to a private key matched with the public key to obtain a symmetric key; and the first communication unit is used for carrying out encryption communication with the server by using the symmetric key until the current encryption communication channel is interrupted.
On the other hand, the embodiment of the present invention provides a system for data transmission, which includes a server and a device, where the device includes a first transceiver unit, a generator unit, a first encryption unit, a first transceiver unit, and a first communication unit; the server comprises a second transceiving unit, a decryption unit and a second communication unit.
The first transceiving unit is used for equipment to send a communication connection request to the server; the second transceiving unit is used for sending a public key to the equipment after the server receives the communication connection request, and at least one group of public key and private key is prestored on the server; the device comprises a generating unit, a sending unit and a receiving unit, wherein the generating unit is used for generating a symmetric key according to a current communication connection request if a public key sent by a server is received, and different communication connection requests correspond to different symmetric keys; the device comprises a first encryption unit, a second encryption unit and a third encryption unit, wherein the first encryption unit is used for encrypting local information by the device by using a public key, and the local information comprises a symmetric key; the first transceiving unit is also used for sending the encrypted local information to the server by the equipment; the decryption unit is used for decrypting the encrypted local information by the server according to the private key matched with the public key to obtain a symmetric key; the first communication unit is used for the equipment to carry out encryption communication with the server by using the symmetric key until the current encryption communication channel is interrupted; and the second communication unit is used for the server to carry out encryption communication with the equipment by using the symmetric key until the current encryption communication channel is interrupted.
The data transmission method disclosed by the embodiment of the invention acquires the public key from the server and generates the symmetric key when the equipment sends the communication connection request to the server each time, encrypts the symmetric key by using the public key and then sends the symmetric key to the server, thereby establishing an encryption communication channel for encryption communication. The public key is used for encrypting the symmetric key, so that the security of the process of transmitting the symmetric key to the server is improved, and the symmetric keys generated when the equipment sends a communication connection request to the server each time are different, so that the data transmission security is further improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic flow chart of a method for data transmission according to an embodiment of the present invention;
FIG. 2 is a partial flow diagram of FIG. 1 provided by an embodiment of the present invention;
FIG. 3 is a partial flow diagram of FIG. 1 provided by an embodiment of the present invention;
fig. 4 is a schematic block diagram of a system for data transmission according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It will be understood that the terms "comprises" and "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
The data transmission method provided by the embodiment of the invention is operated in a data transmission system, the data transmission system provided by the embodiment of the invention is usually applied to an Internet of things system, the Internet of things system comprises a server and equipment, and the server and the equipment are communicated through a network. The data transmission method is particularly expressed as an information transmission method between the server and the equipment, and the security of information transmission between the server and the equipment is improved by providing a dynamically-changed symmetric key and encrypting the symmetric key by using an asymmetric key. The internet of things in the embodiment of the invention include but are not limited to elevator internet of things, smart home internet of things and the like, so that the equipment is not limited to elevators, smart homes and the like. The embodiment of the invention will be explained by taking the internet of things of the elevator as an example.
Referring to fig. 1, which is a schematic flowchart of a data transmission method according to an embodiment of the present invention, as shown in the figure, the data transmission method includes steps S101 to S107:
step S101, the device sends a communication connection request to the server, so that the server sends a public key to the device after receiving the communication connection request.
Specifically, if the device detects that an encrypted communication channel with the server is not currently established, the device sends a communication connection request to the server. It should be understood that the encrypted communication channel means a connection channel through which encrypted communication can be performed.
Step S102, the server sends the public key to the device.
Specifically, the server pre-stores an asymmetric key, that is, at least one set of a public key and a private key, and data encrypted by using the public key can be decrypted only when the corresponding private key is used.
Step S103, if the device receives the public key sent by the server, the device generates a symmetric key according to the current communication connection request, and different communication connection requests correspond to different symmetric keys.
The different communication connection requests correspond to different symmetric keys, which are specifically expressed as: the symmetric key of the current communication connection request is unique, and is different from the symmetric key generated before. Therefore, in this embodiment, it is preferable that the device generates the symmetric key according to the current communication connection request, including:
the method comprises the steps that equipment acquires an identification mark of a current communication connection request, wherein the identification mark is a unique mark used for representing the communication connection request; and the device generates a symmetric key according to the identification.
In this embodiment, the preferred identification includes the current time or a random number or a combination thereof. In other possible embodiments, the identification includes the current time or a random number, and the identification further includes a mac address or a motherboard number or a combination thereof. It should be understood that the current time of different communication connection requests should be different, and the random number of different communication connection requests should be different, so as to ensure the uniqueness of the symmetric key generated according to the identification mark. The mac address or the mainboard number is used for distinguishing different devices, and the uniqueness and uniqueness of the identification mark are further ensured.
In step S104, the device encrypts local information with the public key, where the local information includes a symmetric key.
In particular, the symmetric key is device generated and belongs to local information of the device. The public key is used for encrypting the local information, so that the safety level of the information can be improved, and a symmetric key is prevented from being obtained in a network due to man-in-the-middle attack.
In step S105, the device sends the encrypted local information to the server, so that the server decrypts the encrypted local information according to the private key matched with the public key to obtain the symmetric key.
And step S106, if the server receives the encrypted local information, the server decrypts the encrypted local information according to the private key matched with the public key to obtain the symmetric key.
Specifically, the device encrypts the local information using the received public key based on the encrypted local information, so that the server can perform decryption using a private key matching the public key.
And step S107, the device and the server carry out encryption communication by using the symmetric key until the current encryption communication channel is interrupted.
It should be noted that, when the device and the server perform encrypted communication using the symmetric key, it indicates that the encrypted communication channel is already established, and the encrypted communication channel needs to be established next time after the current encrypted communication channel is interrupted, steps S101 to S107 are repeated. And the mutual independence of the current encryption communication channel and the subsequent encryption communication channel is further ensured, even if the symmetric key in the current encryption communication is cracked, the symmetric key in the subsequent encryption communication is not cracked, and the safety of data transmission is improved.
In some embodiments, if the device or the server detects that the current information has been transmitted, the current encryption communication channel is interrupted; in other embodiments, if the device or the server detects an attack, the current encrypted communication channel is interrupted; in some possible embodiments, the server or the device interrupts the current encrypted communication channel at a predetermined time interval. Namely, the establishment and the interruption of the encryption communication channel for many times are realized in the current transmission task, so that the symmetric key is dynamically updated in the current transmission task, and the safety of information transmission is improved. It should be understood that the current encrypted communication channel in the channel is also interrupted when the network is abnormal.
In summary, step S101, step S103, step S104, step S105, and step S107 are executed by the device, and step S102, step S106, and step S107 are executed by the server. The data transmission method in the embodiment of the invention improves the security of information transmission through the dynamically-changed symmetric key generated by the equipment, and on the other hand, the equipment encrypts the symmetric key through the public key sent by the server, thereby preventing man-in-the-middle attack, preventing the man-in-the-middle from obtaining the symmetric key from the network and further improving the security of information transmission.
It should be noted that, in another implementation, in order to improve security performance and prevent the server from communicating with an unauthorized device, the local information on the device further includes a device authentication code, referring to fig. 2, on the basis of the above embodiment, before the device and the server perform encrypted communication using a symmetric key in step S107, the method for data transmission further includes the following steps:
step S201, the server decrypts the encrypted local information according to a private key matched with the public key to obtain a device authentication code;
step S202, the server identifies whether the equipment is authorized equipment according to the equipment authentication code, and if the equipment is authorized equipment, the step S107 is executed; if not, executing S203;
step S203, the communication connection is interrupted.
It should be understood that the step S201 and the step S106 of the server obtaining the device authentication code may be performed as the same step, or may be performed sequentially. The device authentication code is a unique identifier of the device, and comprises a mainboard number, a mac address, an internet of things card and the like or any combination thereof. In addition, the server prestores data matched with the authentication code of the authorized equipment, and if the data matched with the equipment authentication code exists on the server, the server is the authorized equipment; if no data on the server matches the device authentication code, it indicates that the server is not an authorized device.
It should be noted that, in order to further improve the security of information transmission and prevent the man-in-the-middle from cracking the public key and the private key of the server, it is preferable that the public key and the private key on the server dynamically change according to time change, thereby improving the security of information transmission. In some possible embodiments, the time change is expressed as a server restart time, i.e., the public and private keys will be updated each time the server restarts. In some possible embodiments, the time variation is represented as an interruption time of the encrypted communication channel, that is, the public key and the private key are updated after each interruption of the encrypted communication channel for the next communication connection.
If the public key and the private key on the server are dynamically changed with time, in some embodiments, the public key and the private key on the server are generated according to the current information of the server, such as the current time; in other embodiments, the public key and the private key on the server may also be randomly generated, each set of the public key and the private key matches a random number, and the random numbers of different sets of the public key and the private key are different.
It should be noted that, in order to further improve the security of information transmission and prevent a middle-man from cracking the public key sent by the server in the network transmission process, referring to fig. 3, on the basis of the above embodiment, if a plurality of sets of public keys and private keys are pre-stored on the server, the data transmission method further includes the following steps:
step S301, a server selects a group of public keys and private keys from a plurality of groups of public keys and private keys;
step S302, the server sequentially encrypts the rest public keys in the groups of public keys and private keys to the public key in the selected group of public keys and private keys.
Then, step S102 is executed, where step S102 specifically includes: the server sends the encrypted public key to the device for the device to encrypt the local information using the encrypted public key. And after receiving the encrypted local information, the server decrypts the local information by using the private keys in the plurality of groups of public keys and private keys in sequence to obtain the symmetric key and the equipment authentication code.
On the other hand, if a plurality of groups of public keys and private keys are prestored on the server, and preferably, the public keys and the private keys are generated, the generation algorithms of each group of public keys and private keys are different, and the safety of the public keys and the private keys is further improved.
Specifically, if the server includes a first group of public keys and private keys and a second group of public keys and private keys, the public keys of the first group are encrypted by the public keys of the second group, and then the encrypted public keys of the first group are sent to the device; and after receiving the local information encrypted by the equipment by using the public key, the server decrypts the local information by using the private key of the second group.
Referring to fig. 4, which is a schematic block diagram of a system for data transmission according to an embodiment of the present invention, as shown in the figure, the system 40 includes a device 41 and a server 42. The server 42 and the device 41 are connected via a network.
The device 41 includes a first transceiver 410, a generator 411, a first encryption unit 412, and a first communication unit 413.
The first transceiver 410 is configured to send a communication connection request to the server 42 by the device 41, so that the server 42 sends a public key to the device 41 after receiving the communication connection request.
The generating unit 411 is configured to, if the device 41 receives the public key sent by the server 42, the device 41 generates a symmetric key according to the current communication connection request, where different communication connection requests correspond to different symmetric keys.
Specifically, the correspondence between different communication connection requests and different symmetric keys is specifically expressed as: the symmetric key of the current communication connection request is unique, and is different from the symmetric key generated before. Therefore, in the present embodiment, the generating unit 411 preferably includes an acquiring unit and a processing unit.
An obtaining unit, configured to obtain, by the device 41, an identification identifier of a current communication connection request, where the identification identifier is a unique identifier used to represent the communication connection request; a processing unit for the device 41 to generate a symmetric key based on the identification.
In this embodiment, the preferred identification includes the current time or a random number or a combination thereof. In other possible embodiments, the identification includes the current time or a random number, and the identification further includes a mac address or a motherboard number or a combination thereof. It should be understood that the current time of different communication connection requests should be different, and the random number of different communication connection requests should be different, so as to ensure the uniqueness of the symmetric key generated according to the identification mark. The mac address or the mainboard number is used for distinguishing different devices, and the uniqueness and uniqueness of the identification mark are further ensured.
A first encryption unit 412, configured to encrypt the local information by the device 41 using the public key, where the local information includes the symmetric key.
In particular, the symmetric key is generated by the device 41 and belongs to local information of the device 41. The public key is used for encrypting the local information, so that the safety level of the information can be improved, and a symmetric key is prevented from being obtained in a network due to man-in-the-middle attack.
The first transceiving unit 410 is further configured to send the encrypted local information to the server 42 by the device 41, so that the server 42 decrypts the encrypted local information according to the private key matching the public key to obtain the symmetric key.
The first communication unit 413 is configured to perform encrypted communication between the device 41 and the server 42 by using the symmetric key until the current encrypted communication channel is interrupted.
On the other hand, the server 42 includes a second transceiving unit 420, a decryption unit 421, and a second communication unit 422.
The second transceiver unit 420 is configured to receive the communication connection request sent by the device 41, and send the public key to the device 41.
Specifically, the server 42 pre-stores an asymmetric key, i.e. includes at least one set of a public key and a private key, and data encrypted by using the public key can only be decrypted when using the corresponding private key.
The second transceiving unit 420 is further configured to receive the encrypted local information sent by the device 41.
And a decryption unit 421, configured to decrypt the encrypted local information according to the private key matching the public key to obtain the symmetric key by the server 42.
And a second communication unit 422, configured to enable the server 42 to perform encrypted communication with the device 41 using the symmetric key until the current encrypted communication channel is interrupted.
It should be noted that the encrypted communication channel indicates a connection channel through which encrypted communication is possible. In some embodiments, the first communication unit 413 is further configured to interrupt the current encrypted communication channel by the device 41. For example, when the device 41 detects that the current information has been transmitted, the current encrypted communication channel is interrupted. Or the device 41 detects the attack and interrupts the current encrypted communication channel. Or at a preset interval, the device 41 interrupts the current encrypted communication channel
The second communication unit 422 is also used for interrupting the current encrypted communication channel by the server 42. For example, when the server 42 detects that the current message has been transmitted, the current encrypted communication channel is interrupted. Or the server 42 detects the attack and interrupts the current encrypted communication channel. Or at a preset interval, the server 42 interrupts the current encrypted communication channel.
It should be understood that the network abnormality will also cause the current encrypted communication channel to be interrupted.
It should be noted that in other embodiments, in order to improve the security and prevent the server from communicating with unauthorized devices, the local information on the device 41 further includes a device authentication code, and the server 42 further includes an authentication unit.
The decryption unit 421 is further configured to decrypt the encrypted local information according to the private key matching the public key to obtain the device authentication code.
An authentication unit, configured to identify, by the server 42, whether the device 41 is an authorized device according to the device authentication code, if the device is an authorized device, the first communication unit 413 performs encrypted communication with the server 42 by using the symmetric key, and the second communication unit 422 performs encrypted communication with the device 41 by using the symmetric key until the current encrypted communication channel is interrupted; if not, the first communication unit 413 and the second communication unit 422 interrupt the communication connection.
The device authentication code is a unique identifier of the device, and comprises a mainboard number, a mac address, an internet of things card and the like or any combination thereof. In addition, the server 42 pre-stores data matching the authentication code of the authorized device, and if the data matching the device authentication code exists on the server 42, it indicates that the server 42 is the authorized device; if there is no data on the server 42 that matches the device authentication code, it indicates that the server 42 is not an authorized device.
It should be noted that, in order to further improve the security of information transmission and prevent the middle man from cracking the public key and the private key at the server 42, it is preferable that the public key and the private key on the server 42 dynamically change according to time change, so as to improve the security of information transmission. Therefore, the server 42 further includes an updating unit, and the updating unit is used for dynamically updating the public key and the private key over time for the server 42. In some possible embodiments, the time change is expressed as a restart time of the server 42, i.e., the public key and the private key are updated each time the server 42 is restarted. In some possible embodiments, the time variation is represented as an interruption time of the encrypted communication channel, that is, the public key and the private key are updated after each interruption of the encrypted communication channel for the next communication connection.
If the public and private keys on the server 42 are dynamically changing over time, in some embodiments, the public and private keys on the server 42 are generated based on current information of the server 42, such as the current time; in other embodiments, the public and private keys on the server 42 may also be randomly generated, each set matching a random number, with different sets of random numbers for the public and private keys.
It should be noted that, in order to further improve the security of information transmission and prevent a man-in-the-middle from cracking the public key sent by the server in the network transmission process, if a plurality of sets of public keys and private keys are pre-stored on the server 42, the server 42 preferably further includes a selecting unit and a second encrypting unit.
A selection unit for the server 42 to select a set of public and private keys from a plurality of sets of public and private keys.
And a second encryption unit, configured to sequentially encrypt the remaining public keys of the plurality of sets of public keys and the remaining public keys of the private key by the server 42.
A second transceiving unit 420, configured to send the encrypted public key to the device 41 by the server 42, so that the device 41 encrypts the local information by using the encrypted public key.
On the other hand, if a plurality of groups of public keys and private keys are prestored on the server, and preferably, the public keys and the private keys are generated, the generation algorithms of each group of public keys and private keys are different, and the safety of the public keys and the private keys is further improved.
It should be noted that, the steps in the method according to the embodiment of the present invention may be sequentially adjusted, combined, and deleted according to actual needs.
The units in the embodiment of the invention can be combined, divided and deleted according to actual needs.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described devices, servers, systems and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. In the several embodiments provided in the present application, it should be understood that the disclosed apparatus, server, system and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implementing, for example, several units or components may be combined or integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may also be an electric, mechanical or other form of connection.
In addition, each functional unit in the embodiments of the present invention may be integrated into one first processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit. The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention essentially or partially contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
While the invention has been described with reference to specific embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (6)
1. A method of data transmission, comprising:
the method comprises the steps that the equipment sends a communication connection request to a server so that the server can send a public key to the equipment after receiving the communication connection request, and at least one group of public key and private key is prestored on the server;
if the equipment receives a public key sent by the server, the equipment generates a symmetric key according to the current communication connection request, wherein different communication connection requests correspond to different symmetric keys;
the device encrypts local information by using the public key, wherein the local information comprises the symmetric key;
the equipment sends the encrypted local information to the server so that the server can decrypt the encrypted local information according to a private key matched with the public key to obtain the symmetric key;
the equipment uses the symmetric key to carry out encryption communication with the server until the current encryption communication channel is interrupted;
wherein, if a plurality of groups of public keys and private keys are prestored on the server, the method further comprises:
the server selects a group of public keys and private keys from the plurality of groups of public keys and private keys;
the server sequentially encrypts the rest public keys in the groups of public keys and private keys to the public key in the selected group of public keys and private keys;
the server sends the encrypted public key to the equipment so that the equipment can encrypt the local information by using the encrypted public key;
the local information further includes a device authentication code, the method further comprising:
the server decrypts the encrypted local information according to a private key matched with the public key to acquire the equipment authentication code;
the server identifies whether the device is an authorized device according to the device authentication code;
if the device is authorized, the server and the device respectively use the symmetric key to carry out encryption communication;
if the device is not an authorized device, the server interrupts the communication connection.
2. The method of claim 1, wherein the device generates a symmetric key according to the current communication connection request, comprising:
the equipment acquires an identification mark of the current communication connection request, wherein the identification mark is a unique mark for representing the communication connection request;
and the equipment generates the symmetric key according to the identification mark.
3. The method of claim 1, wherein the public key and the private key pre-stored on the server are dynamically changed according to time variation.
4. An apparatus for data transmission, the apparatus comprising:
the first transceiving unit is used for sending a communication connection request to a server so that the server can send a public key to equipment after receiving the communication connection request, and at least one group of public key and private key is prestored on the server;
the generating unit is used for generating a symmetric key according to the current communication connection request if a public key sent by the server is received, wherein different communication connection requests correspond to different symmetric keys;
a first encryption unit, configured to encrypt local information using the public key, where the local information includes the symmetric key;
the first transceiving unit is further configured to send the encrypted local information to the server, so that the server decrypts the encrypted local information according to a private key matched with the public key to obtain the symmetric key;
the first communication unit is used for carrying out encryption communication with the server by using the symmetric key until the current encryption communication channel is interrupted;
if a plurality of groups of public keys and private keys are prestored on the server, the server comprises a selection unit, a second encryption unit and a second transceiving unit:
the selecting unit is used for selecting a group of public keys and private keys from the plurality of groups of public keys and private keys;
the second encryption unit is used for sequentially encrypting the rest public keys in the groups of public keys and private keys to the public key in the selected group of public keys and private key;
the second transceiving unit is configured to send the encrypted public key to the device, so that the device encrypts the local information using the encrypted public key;
if the local information also comprises a device authentication code, the server also comprises a decryption unit and an authentication unit,
a decryption unit, configured to decrypt the encrypted local information according to a private key that matches the public key to obtain the device authentication code;
the authentication unit is used for identifying whether the equipment is authorized equipment or not according to the equipment authentication code;
if the device is authorized, the second communication unit uses the symmetric key to carry out encrypted communication with the device, and the first communication unit uses the symmetric key to carry out encrypted communication with the server;
if the first communication unit is not authorized equipment, the first communication unit and the second communication unit are disconnected in communication.
5. The apparatus of claim 4, wherein the generating unit comprises:
an obtaining unit, configured to obtain an identification identifier of the current communication connection request, where the identification identifier is a unique identifier used to represent the communication connection request;
and the processing unit is used for generating the symmetric key according to the identification mark.
6. A data transmission system is characterized by comprising a server and equipment, wherein the equipment comprises a first transceiver unit, a generation unit, a first encryption unit, a first transceiver unit and a first communication unit; the server comprises a second transceiving unit, a decryption unit and a second communication unit,
the first receiving and sending unit is used for sending a communication connection request to the server;
the second transceiver unit is used for sending a public key to the equipment after receiving the communication connection request, and the server prestores at least one group of public keys and private keys;
the generating unit is used for generating a symmetric key according to the current communication connection request if a public key sent by the server is received, wherein different communication connection requests correspond to different symmetric keys;
a first encryption unit, configured to encrypt local information using the public key, where the local information includes the symmetric key;
the first transceiving unit is further used for sending the encrypted local information to the server;
the decryption unit is used for decrypting the encrypted local information according to a private key matched with the public key to obtain the symmetric key;
the first communication unit is used for carrying out encryption communication with the server by using the symmetric key until the current encryption communication channel is interrupted;
the second communication unit is used for carrying out encryption communication with the equipment by using the symmetric key until the current encryption communication channel is interrupted;
if a plurality of groups of public keys and private keys are prestored on the server, the server comprises a selection unit and a second encryption unit:
the selecting unit is used for selecting a group of public keys and private keys from the plurality of groups of public keys and private keys;
the second encryption unit is used for sequentially encrypting the rest public keys in the groups of public keys and private keys to the public key in the selected group of public keys and private key;
the second transceiving unit is further configured to send the encrypted public key to the device, so that the device encrypts the local information by using the encrypted public key;
if the local information also comprises a device authentication code, the server also comprises a decryption unit and an authentication unit,
a decryption unit, configured to decrypt the encrypted local information according to a private key that matches the public key to obtain the device authentication code;
the authentication unit is used for identifying whether the equipment is authorized equipment or not according to the equipment authentication code;
if the device is authorized, the second communication unit uses the symmetric key to carry out encrypted communication with the device, and the first communication unit uses the symmetric key to carry out encrypted communication with the server;
if the first communication unit is not authorized equipment, the first communication unit and the second communication unit are disconnected in communication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710023925.1A CN106790223B (en) | 2017-01-13 | 2017-01-13 | Data transmission method, equipment and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710023925.1A CN106790223B (en) | 2017-01-13 | 2017-01-13 | Data transmission method, equipment and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106790223A CN106790223A (en) | 2017-05-31 |
| CN106790223B true CN106790223B (en) | 2020-10-20 |
Family
ID=58948083
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710023925.1A Active CN106790223B (en) | 2017-01-13 | 2017-01-13 | Data transmission method, equipment and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106790223B (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109218266B (en) * | 2017-07-04 | 2021-07-30 | 百度在线网络技术(北京)有限公司 | Driving data acquisition method and device |
| CN108200019A (en) * | 2017-12-21 | 2018-06-22 | 广东汇泰龙科技有限公司 | A kind of safe and efficient app Encryption Algorithm based on cloud lock |
| CN108683627B (en) * | 2018-03-23 | 2020-12-29 | 深圳市超算科技开发有限公司 | Internet of things node-to-node communication encryption method and system |
| CN109274488A (en) * | 2018-09-04 | 2019-01-25 | 广州众诺电子技术有限公司 | Integrated circuit burning program method, storage medium and system |
| CN108833452B (en) * | 2018-09-13 | 2021-01-19 | 国云科技股份有限公司 | Method for encrypting front-end and back-end separated data |
| CN111343131B (en) * | 2018-12-19 | 2022-06-14 | 中国移动通信集团湖南有限公司 | Data transmission method and device |
| CN110213041A (en) * | 2019-04-26 | 2019-09-06 | 五八有限公司 | Data ciphering method, decryption method, device, electronic equipment and storage medium |
| CN110677382A (en) * | 2019-08-20 | 2020-01-10 | 中国平安财产保险股份有限公司 | Data security processing method, device, computer system and storage medium |
| CN111641446A (en) * | 2020-04-21 | 2020-09-08 | 山东省科学院海洋仪器仪表研究所 | Iridium-based deep sea intelligent buoy data communication system and communication method |
| CN115967905A (en) * | 2021-10-12 | 2023-04-14 | 北京三快在线科技有限公司 | Data transmission system and method |
| CN114189356A (en) * | 2021-11-12 | 2022-03-15 | 珠海大横琴科技发展有限公司 | Data transmission method and device |
| CN115225352B (en) * | 2022-06-30 | 2024-04-23 | 厦门职行力信息科技有限公司 | Hybrid encryption method and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1567288A (en) * | 2003-09-02 | 2005-01-19 | 四川大学 | Method for multiple encryption of file and simultaneous sealing/unsealing |
| CN102394749A (en) * | 2011-09-26 | 2012-03-28 | 深圳市文鼎创数据科技有限公司 | Line protection method, system, information safety equipment and application equipment for data transmission |
| CN105959105A (en) * | 2016-04-25 | 2016-09-21 | 乐视控股(北京)有限公司 | Data transmission method and data transmission device |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104023013B (en) * | 2014-05-30 | 2017-04-12 | 上海帝联信息科技股份有限公司 | Data transmission method, server side and client |
| WO2016116890A1 (en) * | 2015-01-22 | 2016-07-28 | Visa International Service Association | Method and system for establishing a secure communication tunnel |
| EP3082355A1 (en) * | 2015-04-17 | 2016-10-19 | Gemalto Sa | A method for controlling remotely the permissions and rights of a target secure element |
-
2017
- 2017-01-13 CN CN201710023925.1A patent/CN106790223B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1567288A (en) * | 2003-09-02 | 2005-01-19 | 四川大学 | Method for multiple encryption of file and simultaneous sealing/unsealing |
| CN102394749A (en) * | 2011-09-26 | 2012-03-28 | 深圳市文鼎创数据科技有限公司 | Line protection method, system, information safety equipment and application equipment for data transmission |
| CN105959105A (en) * | 2016-04-25 | 2016-09-21 | 乐视控股(北京)有限公司 | Data transmission method and data transmission device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106790223A (en) | 2017-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106790223B (en) | Data transmission method, equipment and system | |
| CN108243176B (en) | Data transmission method and device | |
| CN108173644A (en) | Data transfer encryption method, device, storage medium, equipment and server | |
| CN110690956B (en) | Bidirectional authentication method and system, server and terminal | |
| CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
| CN109544747A (en) | Encryption key update method, system and the computer storage medium of intelligent door lock | |
| CN106571915A (en) | Terminal master key setting method and apparatus | |
| CN110912920A (en) | Data processing method, apparatus and medium | |
| CN111064572B (en) | Data communication method and device | |
| CN112351037B (en) | Information processing method and device for secure communication | |
| CN110635901A (en) | Local Bluetooth dynamic authentication method and system for Internet of things equipment | |
| CN114915504B (en) | Security chip initial authentication method and system | |
| US20190325146A1 (en) | Data encryption and decryption method and system and network connection apparatus and data encryption and decryption method thereof | |
| CN114637987A (en) | Security chip firmware downloading method and system based on platform verification | |
| CN115065472A (en) | Multi-key encryption and decryption-based security chip encryption and decryption method and device | |
| CN115208705A (en) | Encryption and decryption method and device based on link data self-adaptive adjustment | |
| CN117118763B (en) | Method, device and system for data transmission | |
| CN116155491B (en) | Symmetric key synchronization method of security chip and security chip device | |
| CN106972928B (en) | Bastion machine private key management method, device and system | |
| CN113141333A (en) | Communication method, device, server, system and storage medium for network access device | |
| CN113434837B (en) | Method and device for equipment identity authentication and smart home system | |
| CN112437436A (en) | Identity authentication method and device | |
| CN115208569B (en) | Encryption and decryption method and device for dynamic key distribution | |
| CN114978785B (en) | Control method for special machine interconnection authentication | |
| CN111064753B (en) | One-Time Pad-based password manager implementation method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |