CN107124407B - Data transmission method, device, readable storage medium storing program for executing, electronic equipment and system - Google Patents
Data transmission method, device, readable storage medium storing program for executing, electronic equipment and system Download PDFInfo
- Publication number
- CN107124407B CN107124407B CN201710267545.2A CN201710267545A CN107124407B CN 107124407 B CN107124407 B CN 107124407B CN 201710267545 A CN201710267545 A CN 201710267545A CN 107124407 B CN107124407 B CN 107124407B
- Authority
- CN
- China
- Prior art keywords
- data
- key
- client
- target
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Storage Device Security (AREA)
Abstract
This disclosure relates to a kind of data transmission method, device, readable storage medium storing program for executing, electronic equipment and system.Method applied to server-side includes: the target packet for receiving client and sending, and the target packet includes signed data, mark data and object transmission data, wherein the mark data is for object transmission data described in unique identification;Initial key based on the mark data and with client agreement, generates target sign test key;Sign test is carried out using object transmission data described in the target sign test key pair, obtains sign test data;When the sign test data are identical as the signed data, determine that the object transmission data are legal.Thus, it is possible to promote the complexity of Target Signature key, the probability that Target Signature key is cracked is reduced, so as to effectively prevent object transmission data illegally to be distorted in transmission process, promotes the safety of data transmission.
Description
Technical field
This disclosure relates to information security field, and in particular, to a kind of data transmission method, device, readable storage medium storing program for executing,
Electronic equipment and system.
Background technique
With the development of information technology and computer networking technology, in fields such as government, military affairs, culture and education, business, finance
There is certain application, and these fields are directed to the transmission and storage of confidential information.Information age bring people without
Hidden danger and danger are also flooded with while the business opportunity and convenience of limit.Since network is easy under attack, lead to letting out for confidential information
Dew gently then causes the paralysis of business enterprice sector work system and causes huge economic loss, heavy then jeopardize national, military security and society
It can stablize.So how to guarantee that confidential information is not revealed, the authenticity in authentication information source, it is ensured that the integrality of information and not
The property denied has become the emphasis of network information security research.
Summary of the invention
Purpose of this disclosure is to provide a kind of data transmission method, device, computer readable storage medium, electronic equipment and
System, to effectively prevent data to be maliciously tampered in transmission process, thus the safety of improve data transfer.
To achieve the goals above, according in a first aspect, the disclosure provides a kind of data transmission method, applied to service
End, which comprises
The target packet that client is sent is received, the target packet includes signed data, mark data and target
Transmit data, wherein the mark data is for object transmission data described in unique identification;
Initial key based on the mark data and with client agreement, generates target sign test key;
Sign test is carried out using object transmission data described in the target sign test key pair, obtains sign test data;
When the sign test data are identical as the signed data, determine that the object transmission data are legal.
Optionally, it in the initial key based on the mark data and with client agreement, generates target and tests
Before the step of signing key, the method also includes:
Judge in the local cache of the server-side whether the existing mark data;
When not yet there is the mark data in the local cache for determining the server-side, the mark data is stored
Into the local cache, and the initial key based on the mark data and with client agreement is executed, generated
The step of target sign test key.
Optionally, the method also includes:
In the local cache for determining the server-side the existing mark data or the sign test data with it is described
When signed data is not identical, abnormality alarming is carried out.
Optionally, it is described reception client send target packet the step of before, the method also includes:
Receive the first key that the client is sent;
Generate the second key;
Second key is sent to the client;
Based on the first key and second key, the initial key is generated;
Save the initial key.
Optionally, the mark data and second key are random number.
According to second aspect, the disclosure also provides a kind of data transmission method, is applied to client, which comprises
Mark data is generated for object transmission data, wherein the mark data is for object transmission described in unique identification
Data;
Initial key based on the mark data and with server-side agreement, generates Target Signature key;
It is signed using object transmission data described in the Target Signature key pair, obtains signed data;
Target packet is sent to the server-side, the target packet includes the signed data, the mark number
According to the object transmission data.
Optionally, before described the step of generating mark data for object transmission data, the method also includes:
Generate first key;
The first key is sent to the server-side;
Receive second key that the server-side is sent;
Based on the first key and second key, the initial key is generated;And
Save the initial key.
Optionally, the mark data and the first key are random number.
According to the third aspect, the disclosure also provides a kind of data transmission device, is applied to server-side, and described device includes:
First receiving module, for receiving the target packet of client transmission, the target packet includes number of signature
According to, mark data and object transmission data, wherein the mark data is for object transmission data described in unique identification;
Target sign test key production module, the mark data for being received based on first receiving module and with
The initial key of the client agreement, generates target sign test key;
Sign test data acquisition module, the target sign test for being generated using the target sign test key production module are close
Key carries out sign test to the object transmission data that first receiving module receives, and obtains sign test data;
Determining module, the sign test data and described first for getting in the sign test data acquisition module receive
When the signed data that module receives is identical, determine that the object transmission data are legal.
Optionally, described device further include:
Judgment module, the institute for being received in the target sign test key production module based on first receiving module
It states mark data and judges the server-side before generating target sign test key with the initial key of client agreement
In local cache whether the mark data that existing first receiving module receives;
Memory module, for not yet there is the mark in the local cache that the judgment module determines the server-side
When data, by mark data storage into the local cache, and triggers the target sign test key production module and be based on
The mark data and the initial key arranged with the client, generate target sign test key.
Optionally, described device further include:
Alarm module, for the mark number existing in the local cache that the judgment module determines the server-side
According to or the sign test data and the signed data it is not identical when, carry out abnormality alarming.
Optionally, described device further include:
Second receiving module, for connecing before the target packet that first receiving module receives that client is sent
Receive the first key that the client is sent;
Second key production module, for generating the second key;
First sending module, second key for generating second key production module are sent to the visitor
Family end;
First initial key generation module, the first key and institute for being received based on second receiving module
Second key for stating the generation of the second key production module, generates the initial key;
First preserving module, the initial key generated for saving the first initial key generation module.
Optionally, the mark data and second key are random number.
According to fourth aspect, the disclosure also provides a kind of data transmission device, is applied to client, and described device includes:
Mark data generation module, for generating mark data for object transmission data, wherein the mark data is used for
Object transmission data described in unique identification;
Target Signature key production module, the mark data for being generated based on the mark data generation module and
With the initial key of server-side agreement, Target Signature key is generated;
Signed data obtains module, and the Target Signature for being generated using the Target Signature key production module is close
Key signs to the object transmission data, obtains signed data;
Second sending module, for sending target packet to the server-side, the target packet includes the label
Name data, the mark data and the object transmission data.
Optionally, described device further include:
First key generation module, for being that object transmission data generate mark data in the mark data generation module
Before, first key is generated;
Third sending module, the first key for generating the first key generation module are sent to the clothes
Business end;
Third receiving module, second key sent for receiving the server-side;
Second initial key generation module, the first key for being generated based on the first key generation module and
Second key that the third receiving module receives, generates the initial key;And
Second preserving module, the initial key generated for saving the second initial key generation module.
Optionally, the mark data and the first key are random number.
According to the 5th aspect, the disclosure also provides a kind of computer readable storage medium, is stored thereon with computer program,
The program realizes the above-mentioned data transmission method applied to the server-side side when being executed by processor.
According to the 6th aspect, the disclosure also provides a kind of electronic equipment, comprising:
The computer readable storage medium provided according to above-mentioned 5th aspect;And
One or more processor, for executing the program in the computer readable storage medium.
According to the 7th aspect, the disclosure also provides a kind of computer readable storage medium, is stored thereon with computer program,
The program realizes the above-mentioned data transmission method applied to the client-side when being executed by processor.
According to eighth aspect, the disclosure also provides a kind of electronic equipment, comprising:
The computer readable storage medium provided according to above-mentioned 7th aspect;And
One or more processor, for executing the program in the computer readable storage medium.
According to the 9th aspect, the disclosure also provides a kind of data transmission system, the system comprises:
At least one client, the client are the electronic equipment provided according to above-mentioned eighth aspect;And
Server-side, the server-side are the electronic equipment provided according to above-mentioned 6th aspect.
In the above-mentioned technical solutions, client is according to the mark data uniquely generated for object transmission data, and with service
The initial key of agreement is held to generate Target Signature key, and the label to object transmission data are completed according to the Target Signature key
Name operation, and server-side also completes the sign test operation of object transmission data using corresponding mode.In this way, target can be promoted
The complexity of signature key reduces the probability that Target Signature key is cracked, so as to effectively prevent object transmission data
It is illegally distorted in transmission process, promotes the safety of data transmission.In addition, the process of data is transmitted to server-side in client
In, if one of mark data, object transmission data are tampered, server-side all can sign test failure, thus further improve
The safety of data transmission.
Other feature and advantage of the disclosure will the following detailed description will be given in the detailed implementation section.
Detailed description of the invention
Attached drawing is and to constitute part of specification for providing further understanding of the disclosure, with following tool
Body embodiment is used to explain the disclosure together, but does not constitute the limitation to the disclosure.In the accompanying drawings:
Fig. 1 is a kind of schematic diagram of data transmission system shown according to an exemplary embodiment.
Fig. 2A is a kind of flow chart of data transmission method shown according to an exemplary embodiment.
Fig. 2 B is a kind of flow chart of the data transmission method shown according to another exemplary embodiment.
Fig. 3 A is a kind of flow chart of data transmission method shown according to an exemplary embodiment.
Fig. 3 B is a kind of flow chart of the data transmission method shown according to another exemplary embodiment.
Fig. 3 C is a kind of flow chart of the data transmission method shown according to another exemplary embodiment.
Fig. 4 A is the key exchange process between a kind of server-side and client shown according to an exemplary embodiment
Signaling interaction diagram.
Fig. 4 B is the data transmission procedure between a kind of server-side and client shown according to an exemplary embodiment
Signaling interaction diagram.
Fig. 5 A is a kind of block diagram of data transmission device shown according to an exemplary embodiment.
Fig. 5 B is a kind of block diagram of the data transmission device shown according to another exemplary embodiment.
Fig. 5 C is a kind of block diagram of the data transmission device shown according to another exemplary embodiment.
Fig. 5 D is a kind of block diagram of the data transmission device shown according to another exemplary embodiment.
Fig. 6 A is a kind of block diagram of data transmission device shown according to an exemplary embodiment.
Fig. 6 B is a kind of block diagram of the data transmission device shown according to another exemplary embodiment.
Fig. 7 is the block diagram of a kind of electronic equipment shown according to an exemplary embodiment.
Fig. 8 is the block diagram of a kind of electronic equipment shown according to an exemplary embodiment.
Specific embodiment
It is described in detail below in conjunction with specific embodiment of the attached drawing to the disclosure.It should be understood that this place is retouched
The specific embodiment stated is only used for describing and explaining the disclosure, is not limited to the disclosure.
Fig. 1 is a kind of schematic diagram of data transmission system shown in an exemplary embodiment.As shown in Figure 1, the data pass
Defeated system may include: server-side 100 and at least one client, for example, two clients are shown in Fig. 1, it is respectively objective
Family end 201 and client 202.It illustratively, can be for example via bluetooth, ZigBee net between server-side 100 and each client
Network, WiFi network, 2G network, 3G network, 4G network etc. are communicated, to complete the process of data transmission.Client can be with
E.g. smart phone, tablet computer, personal digital assistant (PDA), desktop computer, laptop etc..With client in Fig. 1
201 be smart phone, client 202 be desktop computer to illustrate.
Fig. 2A is a kind of flow chart of data transmission method shown according to an exemplary embodiment.This method can be applied
In client, for example, client 201, client 202 shown in Fig. 1.As shown in Figure 2 A, this method may include following step
Suddenly.
In step 201, mark data is generated for object transmission data.
In the disclosure, which may, for example, be AJAX (Asynchronous Javascript And
XML, asynchronous JavaScript and XML) request data, but it is worth noting that, which is also possible to any
Other kinds of data, for example, subscriber identity information, banking information etc..In addition, client can pass through mark data
Carry out the unique identification object transmission data.In an example embodiment of the disclosure, the mark data may, for example, be with
Machine number.That is, client is first randomly generated a random number before the transmission for carrying out object transmission data, it should be with
Machine number on the one hand can the unique identification object transmission data, on the other hand, due to its stochastic behaviour, after capable of further enhancing
The safety of the continuous signature key based on the generating random number.
In step 202, the initial key based on mark data and with server-side agreement, generates Target Signature key.
In the disclosure, the initial key of client and server-side agreement can be the fixed key that the two is made an appointment,
It is also possible to the key arranged in such a way that key exchanges.In addition, client can be primary initial close with server-side agreement
Key, when data transmission afterwards, are based on the initial key of the secondary agreement and mark data that client is currently generated and generate
Target Signature data;Alternatively, client can also be initial with client agreement before carrying out data transmission every time with server-side
Key, in this way, can reduce because initial key is easy the wind being stolen caused by a fixed initial key is used for a long time
Danger has reached used Target Signature key different effect when carrying out data transmission every time, so as to promote number
According to the safety of transmission.
In one embodiment, which is the fixed key that client and server-side are made an appointment, this is fixed
Key can be the character string being made of one or more of letter, number, symbol.Fixed key may, for example, be 6~16
The character string of position is but not specifically limited the digit of fixed key here.
In another embodiment, which is to arrange by way of client is exchanged with server-side key
Key.As shown in Figure 2 B, client can arrange initial key with server-side in the following manner.
In step 205, first key is generated.In the disclosure, which can be random number, for example, 32
Random number;It is also possible to key set by user.
In step 206, first key is sent to server-side.When transmitting the first key, in order to ensure transmission peace
Quan Xing, client are transmitted again after can encrypting to the first key.Illustratively, client can pass through RSA public key
Server-side is transmitted to after encrypting to first key.
After server-side receives the encrypted first key, first key is obtained by decryption.Illustratively, server-side can
To be decrypted by RSA private key to using the first key of RSA public key encryption, to obtain the first key.Next, service
End can be locally generated the second key, and illustratively, which can be random number, for example, 32 random numbers.It
Afterwards, the initial key is generated according to first key and the second key, and saves the initial key.Illustratively, server-side can
Using by the combination of first key and the second key as the initial key.For example, it is assumed that the random number that first key is 32,
The random number that second key is 32, then initial key is 64 digits being made of first key and the second key.But it is worth
Illustrate, other are also applied for the disclosure according to the mode that first key and the second key generate initial key.In server-side
It, can be by second cipher key delivery to client after generating the second key.Similarly, in order to ensure the biography of second key
Defeated safety, server-side are transmitted again after can encrypting to second key.Illustratively, server-side can pass through RSA
Public key is transmitted to client after encrypting to the second key.
In step 207, the second key that server-side is sent is received.Client receives encrypted second key
Afterwards, which is obtained by decryption.Illustratively, client can be by RSA private key to using the second of RSA public key encryption
Key is decrypted, to obtain second key.
In a step 208, it is based on first key and the second key, generates initial key.Client is obtained by decryption
After second key, the initial key is generated according to first key and the second key.Illustratively, client can be close by first
The combination of key and the second key is as the initial key.In addition, it is necessary to explanation, client is based on first key and second
The mode that key generates initial key generates the mode of initial key with above-mentioned server-side based on first key and the second key
It is identical.
In step 209, initial key is saved.Client is generating initial key based on first key and the second key
Afterwards, it is saved, with the generation for subsequent Target Signature key.
When client arranges initial key with server-side in such a way that key exchanges, initial key is in client kimonos
Business end locally generates, and the initial key combines first key that client locally generates and server-side locally generates
Second key.In this way, the safety of initial key can be enhanced, because of even being transmitted across in first key or the second key
Cheng Zhong, the first key or the second key are stolen by the illegal, since the illegal can not know that the other end locally generates close
Key or cipher key combinations rule, therefore, which is also that can not know the initial key.
It, can also be with it is further to note that the step 205 to step 209 can be performed simultaneously with above-mentioned step 201
It is executed before step 201, can also execute after above-mentioned steps 201, be not construed as limiting here.
It, in step 202, can be by mark data after client gets the initial key arranged with server-side
Target Signature key is generated in the way of being weighted processing by certain rule with the initial key.Also, the weighting is handled
Mode be client and server-side is made an appointment.
In one embodiment, weighting can be completed and being directly connected to mark data and initial key to process
Journey, to generate Target Signature key, i.e. Target Signature key=mark data+initial key.
In another embodiment, weighting processing can be completed and being directly connected to initial key and mark data
Process, to generate Target Signature key, i.e. Target Signature key=initial key+mark data.
It in another embodiment, can be by the way that the mark data arranged according to opposite sequence be arranged with according to opposite sequence
Initial key be attached and complete weighting treatment process, to generate Target Signature key, i.e. Target Signature key=inverse
Mark data+backward initial key of sequence.It is worth noting that having to the weighting processing mode of mark data and initial key
Very much, no longer citing repeats one by one herein.
In step 203, it is signed using Target Signature key pair object transmission data, obtains signed data.Client
End can obtain the signed data by Any Digit signature algorithm.
In step 204, target packet is sent to server-side.
In the disclosure, which may include signed data, mark data and object transmission data, wherein
Signed data and mark data need to appoint in advance between client and server-side in the position in target packet.The signature
Data and mark data can be located at the stem of target packet, can also be located at the tail portion of target packet, can also distinguish
Stem, tail portion positioned at target packet are not made here about the position of signed data and mark data in target packet
It is specific to limit.
Fig. 3 A is a kind of flow chart of data transmission method shown according to an exemplary embodiment.This method can be applied
In server-side, for example, server-side 100 shown in Fig. 1.As shown in Figure 3A, this method may comprise steps of.
In step 301, the target packet that client is sent is received.
It in the disclosure, will include signed data, mark data and target after client is to object transmission data signature
The target packet of transmission data is sent to server-side, then receives the target packet by server-side.
In step 302, the initial key based on mark data and with client agreement, generates target sign test key.It closes
It has been described above in the method and detailed process with client agreement initial key, just repeats no more herein.Server-side can be with
The target sign test key is generated in the way of identical in the way of client generation Target Signature key.
In step 303, sign test is carried out using target sign test key pair object transmission data, obtains sign test data.Service
End can use algorithm identical with Digital Signature Algorithm used in client to obtain the sign test data.
In step 304, when sign test data are identical as signed data, determine that object transmission data are legal.Illustratively, it takes
Business end matches the sign test data with the signed data in the target packet received before, when the two is consistent, table
Show that mark data and object transmission data are not tampered in transmission process, therefore, it is possible to determine that object transmission data are legal;When
When the two is inconsistent, indicate that object transmission data or mark data are maliciously tampered in transmission process, therefore, it is possible to determine mesh
Mark transmission data are illegal, at this point, server-side can be alerted with throw exception.
With AJAX request data instance, after determining that object transmission data are legal, server-side can handle the request.
In the above-mentioned technical solutions, client is according to the mark data uniquely generated for object transmission data, and with service
The initial key of agreement is held to generate Target Signature key, and the label to object transmission data are completed according to the Target Signature key
Name operation, and server-side also completes the sign test operation of object transmission data using corresponding mode.In this way, target can be promoted
The complexity of signature key reduces the probability that Target Signature key is cracked, so as to effectively prevent object transmission data
It is illegally distorted in transmission process, promotes the safety of data transmission.In addition, the process of data is transmitted to server-side in client
In, if one of mark data, object transmission data are tampered, server-side all can sign test failure, thus further improve
The safety of data transmission.
Fig. 3 B is a kind of flow chart of the data transmission method shown according to another exemplary embodiment.This method can answer
For server-side, for example, server-side 100 shown in Fig. 1.As shown in Figure 3B, the above method can also include the following steps.
In step 305, judge in the local cache of server-side whether existing mark data.
Within step 306, when not yet there is mark data in the local cache for determining server-side, which is deposited
It stores up in local cache, and then executes step 302 and subsequent step.
In the disclosure, which can be used as playback mark, and server-side whether there is this according in local cache
Mark is reset to determine whether the data transfer request from client is Replay Attack.Specifically, when server-side receives packet
After target packet containing the mark data, the mark data is parsed from the target packet, then traversal is local slow
Deposit, search in its local cache whether the existing mark data.When server-side does not find the mark number in local cache
According to when, illustrate the data transfer request from client be normal request, at this point, the mark data is stored in local cache
In, to prepare for the identification of subsequent anti-replay-attack, and then promote the safety of data transmission.
Fig. 3 C is a kind of flow chart of the data transmission method shown according to another exemplary embodiment.This method can answer
For server-side, for example, server-side 100 shown in Fig. 1.As shown in Figure 3 C, the above method can also include the following steps.
In step 307, existing mark data or sign test data and signature in the local cache for determining server-side
When data are not identical, abnormality alarming is carried out.
In the disclosure, when server-side traverses local cache, the mark data is found wherein, is illustrated from client
The data transfer request at end may be Replay Attack, at this point, abnormality alarming is issued, to prevent Replay Attack.
Fig. 4 A is the key exchange process between a kind of server-side and client shown according to an exemplary embodiment
Signaling interaction diagram.Fig. 4 A combines above each step for client and the key exchange method for server-side, tool
Body step is not described in detail herein.
Fig. 4 B is the data transmission procedure between a kind of server-side and client shown according to an exemplary embodiment
Signaling interaction diagram.Fig. 4 B combines above each step for client and the data transmission method for server-side, tool
Body step is not described in detail herein.
Fig. 5 A is a kind of block diagram of data transmission device shown according to an exemplary embodiment, which is applied to
Server-side, for example, server-side 100 shown in Fig. 1.Referring to Fig. 5 A, which may include: the first receiving module 501,
For receiving the target packet of client transmission, the target packet includes signed data, mark data and object transmission
Data, wherein the mark data is for object transmission data described in unique identification;Target sign test key production module 502 is used
It is raw in the mark data received based on first receiving module 501 and the initial key arranged with the client
At target sign test key;Sign test data acquisition module 503, for what is generated using the target sign test key production module 502
The object transmission data that first receiving module 501 described in the target sign test key pair receives carry out sign test, are tested
Sign data;Determining module 504, sign test data for being got in the sign test data acquisition module 503 and described the
When the signed data that one receiving module 501 receives is identical, determine that the object transmission data are legal.
Fig. 5 B is a kind of block diagram of data transmission device shown according to an exemplary embodiment, which is applied to
Server-side, for example, server-side 100 shown in Fig. 1.Referring to Fig. 5 B, above-mentioned apparatus 500 can also include: judgment module 505,
The mark data for being received in the target sign test key production module 502 based on first receiving module 501
With the initial key arranged with the client, before generating target sign test key, in the local cache that judges the server-side
Whether the mark data that existing first receiving module 501 receives;Memory module 506, in the judgement
When module 505 determines not yet to have the mark data in the local cache of the server-side, the mark data storage is arrived
In the local cache, and trigger the target sign test key production module 502 be based on the mark data and with the client
The initial key of agreement is held, target sign test key is generated.
Fig. 5 C is a kind of block diagram of data transmission device shown according to an exemplary embodiment, which is applied to
Server-side, for example, server-side 100 shown in Fig. 1.Referring to Fig. 5 C, above-mentioned apparatus 500 can also include: alarm module 507,
For the mark data existing in the local cache that the judgment module 505 determines the server-side or described test
When signing data and the not identical signed data, abnormality alarming is carried out.
Fig. 5 D is a kind of block diagram of data transmission device shown according to an exemplary embodiment, which is applied to
Server-side, for example, server-side 100 shown in Fig. 1.Referring to Fig. 5 D, above-mentioned apparatus 500 can also include: the second receiving module
508, for before the target packet that first receiving module 501 receives that client is sent, receiving the client hair
The first key sent;Second key production module 509, for generating the second key;First sending module 510, being used for will be described
Second key that second key production module 509 generates is sent to the client;First initial key generation module
511, the first key and second key production module 509 for being received based on second receiving module 508
Second key generated, generates the initial key;First preserving module 512, for saving first initial key
The initial key that generation module 511 generates.
Optionally, the mark data and second key are random number.
Fig. 6 A is a kind of block diagram of data transmission device shown according to an exemplary embodiment, which is applied to
Client, for example, client 201 and client 202 shown in Fig. 1.Referring to Fig. 6 A, which includes: that mark data is raw
At module 601, for generating mark data for object transmission data, wherein the mark data is for mesh described in unique identification
Mark transmission data;Target Signature key production module 602, described in being generated based on the mark data generation module 601
Mark data and the initial key arranged with server-side, generate Target Signature key;Signed data obtains module 603, for benefit
Object transmission data described in the Target Signature key pair generated with the Target Signature key production module 602 are signed
Name, obtains signed data;Second sending module 604, for sending target packet, the target packet to the server-side
Including the signed data, the mark data and the object transmission data.
Fig. 6 B is a kind of block diagram of data transmission device shown according to an exemplary embodiment, which is applied to
Client, for example, client 201 and client 202 shown in Fig. 1.Referring to Fig. 6 B, which can also include: first
Key production module 605 is used for before the mark data generation module 601 is object transmission data generation mark data,
Generate first key;Third sending module 606, the first key for generating the first key generation module 605
It is sent to the server-side;Third receiving module 607, second key sent for receiving the server-side;At the beginning of second
Beginning key production module 608, the first key and the third for being generated based on the first key generation module 605
Second key that receiving module 607 receives, generates the initial key;And second preserving module 609, for saving
The initial key that the second initial key generation module 608 generates.
Optionally, the mark data and the first key are random number.
About the device in above-described embodiment, wherein modules execute the concrete mode of operation in related this method
Embodiment in be described in detail, no detailed explanation will be given here.
Fig. 7 is the block diagram of a kind of electronic equipment 700 shown according to an exemplary embodiment.As shown in fig. 7, the electronics is set
Standby 700 may include: processor 701, memory 702, multimedia component 703, input/output (I/O) interface 704, Yi Jitong
Believe component 705.
Wherein, processor 701 is used to control the integrated operation of the electronic equipment 700, with complete it is above-mentioned be applied to it is described
All or part of the steps in the data transmission method of client-side.Memory 702 for store various types of data with
Support the operation in the electronic equipment 700, these data for example may include any for operating on the electronic equipment 700
The instruction of application program or method and the relevant data of application program, such as contact data, the message of transmitting-receiving, picture, sound
Frequently, video etc..The memory 702 can be by any kind of volatibility or non-volatile memory device or their combination
It realizes, such as static random access memory (Static Random Access Memory, abbreviation SRAM), electric erasable can
Program read-only memory (Electrically Erasable Programmable Read-Only Memory, referred to as
EEPROM), Erasable Programmable Read Only Memory EPROM (Erasable Programmable Read-Only Memory, abbreviation
EPROM), programmable read only memory (Programmable Read-Only Memory, abbreviation PROM), read-only memory
(Read-Only Memory, abbreviation ROM), magnetic memory, flash memory, disk or CD.Multimedia component 703 can wrap
Include screen and audio component.Wherein screen for example can be touch screen, and audio component is used for output and/or input audio signal.
For example, audio component may include a microphone, microphone is for receiving external audio signal.The received audio signal can
To be further stored in memory 702 or be sent by communication component 705.Audio component further includes at least one loudspeaker,
For output audio signal.I/O interface 704 provides interface, other above-mentioned interfaces between processor 701 and other interface modules
Module can be keyboard, mouse, button etc..These buttons can be virtual push button or entity button.Communication component 705 is used for
Wired or wireless communication is carried out between the electronic equipment 700 and other equipment.Wireless communication, such as Wi-Fi, bluetooth, near field are logical
Believe (Near Field Communication, abbreviation NFC), 2G, 3G or 4G or they one or more of combination, because
This corresponding communication component 705 may include: Wi-Fi module, bluetooth module, NFC module.
In one exemplary embodiment, electronic equipment 700 can be by one or more application specific integrated circuit
(Application Specific Integrated Circuit, abbreviation ASIC), digital signal processor (Digital
Signal Processor, abbreviation DSP), digital signal processing appts (Digital Signal Processing Device,
Abbreviation DSPD), programmable logic device (Programmable Logic Device, abbreviation PLD), field programmable gate array
(Field Programmable Gate Array, abbreviation FPGA), controller, microcontroller, microprocessor or other electronics member
Part is realized, for executing the above-mentioned data transmission method applied to the client-side.
In a further exemplary embodiment, a kind of computer readable storage medium including program instruction, example are additionally provided
It such as include the memory 702 of program instruction, above procedure instruction can be executed by the processor 701 of electronic equipment 700 on to complete
The data transmission method applied to the client-side stated.
Fig. 8 is the block diagram of a kind of electronic equipment 800 shown according to an exemplary embodiment.For example, electronic equipment 800 can
To be provided as a server.Referring to Fig. 8, electronic equipment 800 includes processor 822, and quantity can be one or more, with
And memory 832, for storing the computer program that can be executed by processor 822.The computer program stored in memory 832
May include it is one or more each correspond to one group of instruction module.In addition, processor 822 can be configured as
The computer program is executed, to execute the above-mentioned data transmission method applied to the server-side side.
In addition, electronic equipment 800 can also include power supply module 826 and communication component 850, which can be with
It is configured as executing the power management of electronic equipment 800, which, which can be configured as, realizes electronic equipment 800
Communication, for example, wired or wireless communication.In addition, the electronic equipment 800 can also include input/output (I/O) interface 858.Electricity
Sub- equipment 800 can be operated based on the operating system for being stored in memory 832, such as Windows ServerTM, Mac OS
XTM, UnixTM, LinuxTM etc..
In a further exemplary embodiment, a kind of computer readable storage medium including program instruction, example are additionally provided
It such as include the memory 832 of program instruction, above procedure instruction can be executed by the processor 822 of electronic equipment 800 on to complete
The data transmission method applied to the server-side side stated.
The disclosure also provides a kind of data transmission system, which includes: at least one client, and the client is upper
The electronic equipment 700 stated;And server-side, the server-side are above-mentioned electronic equipment 800.
The preferred embodiment of the disclosure is described in detail in conjunction with attached drawing above, still, the disclosure is not limited to above-mentioned reality
The detail in mode is applied, in the range of the technology design of the disclosure, a variety of letters can be carried out to the technical solution of the disclosure
Monotropic type, these simple variants belong to the protection scope of the disclosure.
It is further to note that specific technical features described in the above specific embodiments, in not lance
In the case where shield, it can be combined in any appropriate way.In order to avoid unnecessary repetition, the disclosure to it is various can
No further explanation will be given for the combination of energy.
In addition, any combination can also be carried out between a variety of different embodiments of the disclosure, as long as it is without prejudice to originally
Disclosed thought equally should be considered as disclosure disclosure of that.
Claims (15)
1. a kind of data transmission method is applied to server-side, which is characterized in that the described method includes:
The target packet that client is sent is received, the target packet includes signed data, mark data and object transmission
Data, wherein the mark data is for object transmission data described in unique identification;
Initial key based on the mark data and with client agreement, generates target sign test key;
Sign test is carried out using object transmission data described in the target sign test key pair, obtains sign test data;
When the sign test data are identical as the signed data, determine that the object transmission data are legal.
2. the method according to claim 1, wherein it is described based on the mark data and with the client
Before the step of initial key of agreement, generation target sign test key, the method also includes:
Judge in the local cache of the server-side whether the existing mark data;
When not yet there is the mark data in the local cache for determining the server-side, by mark data storage to institute
It states in local cache, and executes the initial key based on the mark data and with client agreement, generate target
The step of sign test key.
3. according to the method described in claim 2, it is characterized in that, the method also includes:
The existing mark data or the sign test data and the signature in the local cache for determining the server-side
When data are not identical, abnormality alarming is carried out.
4. method according to any one of claim 1-3, which is characterized in that in the target that the reception client is sent
Before the step of data packet, the method also includes:
Receive the first key that the client is sent;
Generate the second key;
Second key is sent to the client;
Based on the first key and second key, the initial key is generated;
Save the initial key.
5. according to the method described in claim 4, it is characterized in that, the mark data and second key are random number.
6. a kind of data transmission method is applied to client, which is characterized in that the described method includes:
Mark data is generated for object transmission data, wherein the mark data is for object transmission data described in unique identification;
Initial key based on the mark data and with server-side agreement, generates Target Signature key;
It is signed using object transmission data described in the Target Signature key pair, obtains signed data;
To the server-side send target packet, the target packet include the signed data, the mark data and
The object transmission data.
7. according to the method described in claim 6, it is characterized in that, in the step for generating mark data for object transmission data
Before rapid, the method also includes:
Generate first key;
The first key is sent to the server-side;
Receive the second key that the server-side is sent;
Based on the first key and second key, the initial key is generated;And
Save the initial key.
8. the method according to the description of claim 7 is characterized in that the mark data and the first key are random number.
9. a kind of data transmission device, it is applied to server-side, which is characterized in that described device includes:
First receiving module, for receiving the target packet of client transmission, the target packet includes signed data, mark
Know data and object transmission data, wherein the mark data is for object transmission data described in unique identification;
Target sign test key production module, the mark data for being received based on first receiving module and with it is described
The initial key of client agreement, generates target sign test key;
Sign test data acquisition module, the target sign test key pair for being generated using the target sign test key production module
The object transmission data that first receiving module receives carry out sign test, obtain sign test data;
Determining module, the sign test data and first receiving module for being got in the sign test data acquisition module
When the signed data received is identical, determine that the object transmission data are legal.
10. a kind of data transmission device, it is applied to client, which is characterized in that described device includes:
Mark data generation module, for generating mark data for object transmission data, wherein the mark data is for unique
Identify the object transmission data;
Target Signature key production module, the mark data for being generated based on the mark data generation module and with clothes
The initial key for end agreement of being engaged in, generates Target Signature key;
Signed data obtains module, the Target Signature key pair for being generated using the Target Signature key production module
The object transmission data are signed, and signed data is obtained;
Second sending module, for sending target packet to the server-side, the target packet includes the number of signature
According to, the mark data and the object transmission data.
11. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is by processor
The step of any one of claim 1-5 the method is realized when execution.
12. a kind of electronic equipment characterized by comprising
Computer readable storage medium described in claim 11;And
One or more processor, for executing the program in the computer readable storage medium.
13. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is by processor
The step of any one of claim 6-8 the method is realized when execution.
14. a kind of electronic equipment characterized by comprising
Computer readable storage medium described in claim 13;And
One or more processor, for executing the program in the computer readable storage medium.
15. a kind of data transmission system, which is characterized in that the system comprises:
At least one client, the client are electronic equipment described in claim 14;And
Server-side, the server-side are electronic equipment described in claim 12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710267545.2A CN107124407B (en) | 2017-04-21 | 2017-04-21 | Data transmission method, device, readable storage medium storing program for executing, electronic equipment and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710267545.2A CN107124407B (en) | 2017-04-21 | 2017-04-21 | Data transmission method, device, readable storage medium storing program for executing, electronic equipment and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107124407A CN107124407A (en) | 2017-09-01 |
| CN107124407B true CN107124407B (en) | 2019-09-13 |
Family
ID=59725915
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710267545.2A Active CN107124407B (en) | 2017-04-21 | 2017-04-21 | Data transmission method, device, readable storage medium storing program for executing, electronic equipment and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107124407B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109614592B (en) * | 2018-12-29 | 2023-10-10 | 东软集团股份有限公司 | Text processing method and device, storage medium and electronic equipment |
| CN110958249B (en) * | 2019-12-03 | 2022-07-19 | 望海康信(北京)科技股份公司 | Information processing method, information processing device, electronic equipment and storage medium |
| CN112087431A (en) * | 2020-08-14 | 2020-12-15 | 华新(北京)网络科技有限公司 | Internet of things data transmission method based on state password |
| CN114449041A (en) * | 2021-12-30 | 2022-05-06 | 东软集团股份有限公司 | Data transmission method, device, storage medium and electronic equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1571408A (en) * | 2003-07-17 | 2005-01-26 | 华为技术有限公司 | A safety authentication method based on media gateway control protocol |
| CN101489220A (en) * | 2009-02-11 | 2009-07-22 | 中兴通讯股份有限公司 | Method and system for software safety management |
| CN102571357A (en) * | 2012-02-24 | 2012-07-11 | 飞天诚信科技股份有限公司 | Signature realization method and signature realization device |
| CN103888262A (en) * | 2014-03-31 | 2014-06-25 | 公安部第三研究所 | Secret key changing and signature updating method for cloud data audit |
| CN104393993A (en) * | 2014-10-24 | 2015-03-04 | 国家电网公司 | A security chip for electricity selling terminal and the realizing method |
-
2017
- 2017-04-21 CN CN201710267545.2A patent/CN107124407B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1571408A (en) * | 2003-07-17 | 2005-01-26 | 华为技术有限公司 | A safety authentication method based on media gateway control protocol |
| CN101489220A (en) * | 2009-02-11 | 2009-07-22 | 中兴通讯股份有限公司 | Method and system for software safety management |
| CN102571357A (en) * | 2012-02-24 | 2012-07-11 | 飞天诚信科技股份有限公司 | Signature realization method and signature realization device |
| CN103888262A (en) * | 2014-03-31 | 2014-06-25 | 公安部第三研究所 | Secret key changing and signature updating method for cloud data audit |
| CN104393993A (en) * | 2014-10-24 | 2015-03-04 | 国家电网公司 | A security chip for electricity selling terminal and the realizing method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107124407A (en) | 2017-09-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104065653B (en) | A kind of interactive auth method, device, system and relevant device | |
| CN111835511A (en) | Data security transmission method and device, computer equipment and storage medium | |
| Roth et al. | Simple and effective defense against evil twin access points | |
| CN107124407B (en) | Data transmission method, device, readable storage medium storing program for executing, electronic equipment and system | |
| US20160366109A1 (en) | Method and Apparatus for Validating a Transaction between a Plurality of Machines | |
| CN105515783A (en) | Identity authentication method, server and authentication terminal | |
| Tanveer et al. | ARAP-SG: Anonymous and reliable authentication protocol for smart grids | |
| CN109067545A (en) | Key management method, device and storage medium | |
| CN106559386B (en) | A kind of authentication method and device | |
| Mahinderjit Singh et al. | A novel out-of-band biometrics authentication scheme for wearable devices | |
| Allen et al. | Smart homes under siege: Assessing the robustness of physical security against wireless network attacks | |
| CN109510711A (en) | A kind of network communication method, server, client and system | |
| Wang et al. | Secure and efficient control transfer for IoT devices | |
| Rahnama et al. | Securing RFID-based authentication systems using ParseKey+ | |
| CN102882687A (en) | Intelligent household safe access method and system based on searchable cipher text | |
| Rodríguez et al. | Security assessment of the Spanish contactless identity card | |
| Yang et al. | A privacy model for RFID tag ownership transfer | |
| Vishnoi et al. | Text encryption for lower bandwidth channels: Design and implementation | |
| US9203607B2 (en) | Keyless challenge and response system | |
| Wang et al. | Scalable and resynchronisable radio frequency identification ownership transfer protocol based on a sliding window mechanism | |
| CN108337233A (en) | It is a kind of to the encrypted method of content information, electronic equipment and storage medium | |
| Shi et al. | The Lightweight RFID Grouping‐Proof Protocols with Identity Authentication and Forward Security | |
| Bapat et al. | Multilevel secure RFID based object tracking system | |
| CN110098915B (en) | Authentication method and system, and terminal | |
| Peris-Lopez et al. | An ultra light authentication protocol resistant to passive attacks under the Gen-2 specification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |