CN108156113A - A kind of method for pushing for updating file - Google Patents
A kind of method for pushing for updating file Download PDFInfo
- Publication number
- CN108156113A CN108156113A CN201611096859.2A CN201611096859A CN108156113A CN 108156113 A CN108156113 A CN 108156113A CN 201611096859 A CN201611096859 A CN 201611096859A CN 108156113 A CN108156113 A CN 108156113A
- Authority
- CN
- China
- Prior art keywords
- file
- update
- client
- pushing
- length
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/55—Push-based network services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of method for pushing for updating file, this method includes:Server generation initial encryption key is updated, and passes through key exchange method so that client obtains the initial encryption key;Based on the initial encryption key, update server is sent to the client after file block to be updated is encrypted;The client assembles the piecemeal, obtains update file.
Description
【Technical field】
The invention belongs to computer and file more frontier more particularly to a kind of method for pushing for updating file.
【Background technology】
In recent years, popularizing with internet, especially mobile Internet, is updated by pushing, becomes computer literal
One of main update mode of part.From original different by user's active download update, now by computer software manufacturer actively
File update is pushed in the computer of user, is updated automatically.One typical example is browser, browser program
After opening, can actively connect one update server, if the browser program has update file, the update server to this
Browser program pushes the update file, which, will be in some suitable time after the update file is received
Point is automatically with the update file, without user intervention.
But the safety of update file push method of the prior art is not high, is voluntarily set by manufacturer
Meter, is all much that file transmits on network in itself, without integrity checking.
【Invention content】
In order to solve the above problem of the prior art, the present invention proposes a kind of method for pushing for updating file.
The technical solution adopted by the present invention is as follows:
A kind of method for pushing for updating file, this method include the following steps:
Step 100:Server generation initial encryption key is updated, and passes through key exchange method so that client obtains
The initial encryption key;
Step 200:Based on the initial encryption key, update server is sent to institute after file block to be updated is encrypted
State client;
Step 300:The client assembles the piecemeal, obtains update file.
Further, the length of the initial encryption key is 4096.
Further, the length of each file block is the integral multiple of key length.
Further, completeness check is carried out to each piecemeal during block transmission.
Further, if the completeness check does not pass through, the client request update server retransmits.
Beneficial effects of the present invention include:The safety higher of file is updated, update text ensure that by completeness check
The integrality of part.
【Description of the drawings】
Attached drawing described herein is to be used to provide further understanding of the present invention, and forms the part of the application, but
It does not constitute improper limitations of the present invention, in the accompanying drawings:
Fig. 1 is the system construction drawing that the method for the present invention is applied.
Fig. 2 is the basic flow chart of the method for the present invention.
【Specific embodiment】
Come that the present invention will be described in detail below in conjunction with attached drawing and specific embodiment, illustrative examples therein and say
It is bright to be only used for explaining the present invention, but not as a limitation of the invention.
Referring to attached drawing 1, the present invention relates to the update file transmission between 2 points, respectively include update server and client
End, passes through network connection between the two, it is therefore an objective to will update file from update server transport to client by the network.This
First of the update document transmission method of invention considers it is safety, thus file should be in transmission process it is encrypted,
Also, in order to which with universality, update server and client side of the invention can be in the case of without offered, completion
Update the encrypted transmission of file;Second considers it is the efficiency transmitted, but encrypted transmission can generally reduce the efficiency of transmission, because
And present invention employs a simply and effectively encryption method, on the basis of enough encryption intensities are ensured, to efficiency of transmission
Influence very little;Third consideration is the reliability and fault-tolerance of transmission, and the present invention is by the way that file block is transmitted so that even if few
Number blocks of files is damaged in transmission process, can also be carried out blocks of files re-transmission, will not be carried out too much influence to entire conveyor;The
The integrality of four consideration files, the present invention verify to solve integrity issue by the cryptographic Hash to blocks of files.Also, this hair
Bright update document transmission method will be organically combined together in terms of aforementioned four consideration, solve update text more perfectly
Part transmission problem.
Referring to attached drawing 2, based on above-mentioned setting, the basic step of the method for pushing of update file of the invention is as follows:
Step 100:Server generation initial encryption key is updated, and passes through key exchange method so that client obtains
The initial encryption key;
Step 200:Based on the initial encryption key, update server is sent to institute after file block to be updated is encrypted
State client;
Step 300:The client assembles the piecemeal, obtains update file.
Based on above-mentioned basic step, the method flow of the present invention is described in detail below:
(1) after update server establishes connection with client, update server generates a random number a, and calculates just
Beginning encryption key K=gaMod P, while client also generates a random number b, and calculates Y=gb mod P。
Wherein, P is a Big prime, and g is a primitive element of P, and for security consideration, the length of P should be sufficiently large, excellent
Selection of land, the length of P is 4096, then the length of K is also 4096 (if less than 4096, in front end, zero padding is to 4096)
(2) Y is sent to update server by client, and update server calculates X=YaMod P, and X is sent to visitor
Family end.
(3) client calculates
It is easily derived by above-mentioned steps, the K ' that step (3) client obtains is equal to K, therefore by above-mentioned steps, more
New demand servicing device and client have co-owned initial encryption key K, due in whole process K all not in transmission over networks, because
Even if this has hacker to monitor whole process, two values of X and Y can only be also obtained, due to the difficulty that discrete logarithm calculates, this is black
Visitor substantially can not be within the acceptable time, and value based on X and Y, which calculates, obtains K, thus K obtain enough confidentiality and
Safety.
(4) for update server by update file block to be transmitted, every piece of length is all m times of the length of K, and m is whole
If the length of last block is insufficient, length is supplied by finally increasing random number in block for number.If the update file is divided
Into N blocks, it is denoted as F1, F2... ..., FN。
For example, the length of K is 4096, m=10, then by the update file with the length piecemeal of 40960, if finally
One piece less than 40960, then increases random number behind last block, complements to 40960.
The purpose of file block is updated, is for block transmission, thus by the scattered risks damaged, even if in transmission process
Mistake occurs, also only needs to retransmit the block to malfunction, without retransmitting entire file.
(5) update server assembling one fileinfo packet={ File, N, mL }.Wherein File is update file to be transmitted
Fileinfo, including filename, file size etc., N be update file by the block number of piecemeal, L is the length of K, and mL is exactly every
The length of a piecemeal.
(6) update server calculates the cryptographic Hash Hash (F of first piecemeal of update file1), if the length of cryptographic Hash
For h, then the random number R that length is L-h is filled after cryptographic Hash1, obtain the key K that new length is L1。
Hash is the hash algorithm that uses of the present invention, it is preferable that the present invention uses the hash algorithm of MD5, MD5's the result is that
128, the length of K is 4096, then needs the random number of generation one 4096-128=3968, mend after MD5 cryptographic Hash
Face forms the new key K of 40961, due to not only having random number in new key, cryptographic Hash is further included, is further enhanced
The randomness of key, the new key is later for the encryption to first file packet.
(7) length of fileinfo packet is set as L0, then by fileinfo packet and the preceding L of K0Position carries out exclusive or, obtains exclusive or knot
Fruit XF.Then update server assembles an initial information packet={ K1⊕ K, XF, HF, which is included to be sent to visitor
Family end.Wherein HFIt is fileinfo packet and K1Cryptographic Hash, for subsequent verification.
(8) client decrypts the initial information packet using K, obtains K1With fileinfo packet, and using HFCarry out Hash school
It tests, if verification does not pass through, update server is asked to retransmit the initial information packet and is passed through until verifying, if verification passes through,
Then client informs that update server is ready for receiving update file.
It, can be different by being carried out with initial information packet since client has been obtained for key K in step (3)
Or, decrypt K1With fileinfo packet.Hash check ensure that initial information packet is correct.In addition, due to K1In include
Hash(F1), thus client has also obtained the cryptographic Hash of first piecemeal simultaneously.
(9) update server setting cyclic variable i=1.
(10) update server assembles i-th of file packet BiIf i<N (not being the last one file packet), then enable Bi=
{Fi, Ki+1, Ki+1={ Hash (Fi+1), Ri+1, if i=N, Bi=Fi。
Wherein, Ri+1The random number that a length is L-h, then Ri+1Length and Hash (Fi+1) the sum of length be L,
That is, Ki+1Length for L, the encryption key as next file packet.
(11) update server uses key KiI-th of file packet is encrypted, that is, calculates Ei=E (Ki, Bi)。
The present invention proposes a kind of new Encryption Algorithm E, i.e., continuous exclusive or method, and this method is described in detail later.
(12) server is updated by EiWith Hash (Bi) client is sent to, client is to EiDecryption obtains BiIt is (specific
Decryption method is also described below).If i<N, then client is just from BiMiddle acquisition FiAnd Ki+1, from Ki+1Middle acquisition Hash
(Fi+1).If i=N, client only obtains Fi。
(13) client uses Hash (Bi) to BiCryptographic Hash verification is carried out, while uses Hash (Fi) to FiCarry out Hash
Value verification confirms the integrality of i-th of file packet by the verification of dual cryptographic Hash, if do not passed through there are one verifying,
Then client request update server is retransmitted until verification passes through.
From above-mentioned steps as can be seen that Hash (Bi) obtained from this transmission, and Hash (Fi) it is from a upper text
It is obtained in part packet, the hash check of dual separate sources increases difficulty to hacker attack.
(14) if i<N then enables i increase by 1, and return to step (10), otherwise continues following step.
(15) all F that client merging receivesi, obtain update file.
If the last one FNRandom number is added to, due to having the length of update file, thus visitor in fileinfo packet
Family end can know last part by the length, and which is the random number being added, thus can remove the random number.
For the present invention for each file packet, that use is all different key Ki, this actually plays one-time pad
Effect greatly strengthens the safety of update file transmission.And for the Encryption Algorithm in step (11), present invention uses one
The simple and effective continuous exclusive or method of kind, is described as follows:
(11.1) by BiIt is divided into the block that multiple length are L, if shared S blocks.
Work as i<During N, due to BiIncluding FiAnd Ki+1, wherein FiLength for mL, then S=m+1;As i=N, S=m.
(11.2) B is setiThe S blocks being divided into are A1, A2... ..., AS, the calculating process of continuous exclusive or is as follows:
C1=A1⊕Ki
Cj=Cj-1⊕Aj⊕Ki, 2≤j≤S;
(11.3) the result E of continuous exclusive ori={ C1,, C2... ..., CS}。
Its calculating used of continuous exclusive or method proposed by the present invention only has exclusive or, without complicated calculating, therefore entirely meter
The efficiency of calculation process is very high, and too big influence is not had on the efficiency of transmission for updating file.
The decryption of continuous exclusive or is also very simple, specific as follows:
(12.1) E decrypted will be needediIt is divided into the block that S length is L, i.e. C1,, C2... ..., CS。
(12.2) continuous exclusive or decryption is carried out according to the following equation:
A1=C1⊕Ki
Aj=Cj⊕Cj-1⊕Ki, 2≤j≤S
The process of above-mentioned continuous exclusive or decryption can essentially parallel computation.
(12.3) continuous exclusive or decrypted result Bi={ A1, A2... ..., AS}。
The above is only the better embodiment of the present invention, therefore all constructions according to described in present patent application range,
The equivalent change or modification that feature and principle are done, is included in the range of present patent application.
Claims (5)
1. a kind of method for pushing for updating file, which is characterized in that this method includes the following steps:
Step 100:Server generation initial encryption key is updated, and passes through key exchange method so that it is first that client obtains this
Beginning encryption key;
Step 200:Based on the initial encryption key, update server is sent to the visitor after file block to be updated is encrypted
Family end;
Step 300:The client assembles the piecemeal, obtains update file.
2. the method for pushing of update file according to claim 1, which is characterized in that the length of the initial encryption key
It is 4096.
3. the method for pushing of the update file according to claim 1-2 any one, which is characterized in that each file block
Length be key length integral multiple.
4. the method for pushing of the update file according to claim 1-3 any one, which is characterized in that in block transmission
Completeness check is carried out to each piecemeal in the process.
5. the method for pushing of update file according to claim 4, which is characterized in that if the completeness check is obstructed
It crosses, then the client request update server retransmits.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611096859.2A CN108156113B (en) | 2016-12-02 | 2016-12-02 | A kind of method for pushing updating file |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611096859.2A CN108156113B (en) | 2016-12-02 | 2016-12-02 | A kind of method for pushing updating file |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108156113A true CN108156113A (en) | 2018-06-12 |
CN108156113B CN108156113B (en) | 2019-07-23 |
Family
ID=62470417
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611096859.2A Active CN108156113B (en) | 2016-12-02 | 2016-12-02 | A kind of method for pushing updating file |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108156113B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112182512A (en) * | 2020-09-01 | 2021-01-05 | 北京幻想纵横网络技术有限公司 | Information processing method, device and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1285102A (en) * | 1998-02-24 | 2001-02-21 | 莫斯科戈罗德电话设备公开股份公司 | Method for block-encryption of discrete data |
CN101344906A (en) * | 2008-05-19 | 2009-01-14 | 北京深思洛克数据保护中心 | Sectional type remote updating method |
CN101394273A (en) * | 2008-10-17 | 2009-03-25 | 电子科技大学 | Multichannel ciphered information transmission method |
-
2016
- 2016-12-02 CN CN201611096859.2A patent/CN108156113B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1285102A (en) * | 1998-02-24 | 2001-02-21 | 莫斯科戈罗德电话设备公开股份公司 | Method for block-encryption of discrete data |
CN101344906A (en) * | 2008-05-19 | 2009-01-14 | 北京深思洛克数据保护中心 | Sectional type remote updating method |
CN101394273A (en) * | 2008-10-17 | 2009-03-25 | 电子科技大学 | Multichannel ciphered information transmission method |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112182512A (en) * | 2020-09-01 | 2021-01-05 | 北京幻想纵横网络技术有限公司 | Information processing method, device and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN108156113B (en) | 2019-07-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6724249B2 (en) | System and method for information protection | |
CN106254374B (en) | A kind of cloud data public audit method having duplicate removal function | |
CN111242617B (en) | Method and apparatus for performing transaction correctness verification | |
CN106357701B (en) | The integrity verification method of data in cloud storage | |
JP3858527B2 (en) | Data generation apparatus, data verification apparatus and method | |
CN104184740B (en) | Trusted transmission method, trusted third party and credible delivery system | |
US20180205555A1 (en) | Contract Agreement Method, Agreement Verification Method, Contract Agreement System, Agreement Verification Device, Contract Agreement Device, Contract Agreement Program and Agreement Verification Program | |
CN109194466A (en) | A kind of cloud data integrity detection method and system based on block chain | |
JP2020502857A (en) | Information protection system and method | |
CN105162599B (en) | A kind of data transmission system and its transmission method | |
CN101883100B (en) | Digital content distributed authorization method | |
CN109474606A (en) | Document transmission method, device, computer equipment and storage medium | |
CN111526197B (en) | Cloud data secure sharing method | |
CN106899406B (en) | A kind of method of proof of cloud data storage integrality | |
CN105391554B (en) | A kind of method and system for realizing fingerprint matching using ciphertext | |
CN110096894B (en) | Data anonymous sharing system and method based on block chain | |
CN104717217B (en) | The provable security data property held verification method based on section entitlement in a kind of cloud storage | |
CN108540280B (en) | Resource efficient security data sharing method and system | |
CN107979613A (en) | A kind of method and system of guarantee JMS message safety certifications | |
CN105743854A (en) | Security authentication system and method | |
Zhang et al. | Provably secure cloud storage for mobile networks with less computation and smaller overhead | |
CN108156113B (en) | A kind of method for pushing updating file | |
CN109981671A (en) | Data processing method and encryption equipment based on encryption equipment | |
CN106788969B (en) | A kind of transmission method of data file | |
US7574607B1 (en) | Secure pipeline processing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 101399 No. 2 East Airport Road, Shunyi Airport Economic Core Area, Beijing (1st, 5th and 7th floors of Industrial Park 1A-4) Applicant after: Zhongke Star Map Co., Ltd. Address before: 101399 Building 1A-4, National Geographic Information Technology Industrial Park, Guomen Business District, Shunyi District, Beijing Applicant before: Space Star Technology (Beijing) Co., Ltd. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |