CN108156113A - A kind of method for pushing for updating file - Google Patents

A kind of method for pushing for updating file Download PDF

Info

Publication number
CN108156113A
CN108156113A CN201611096859.2A CN201611096859A CN108156113A CN 108156113 A CN108156113 A CN 108156113A CN 201611096859 A CN201611096859 A CN 201611096859A CN 108156113 A CN108156113 A CN 108156113A
Authority
CN
China
Prior art keywords
file
update
client
pushing
length
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611096859.2A
Other languages
Chinese (zh)
Other versions
CN108156113B (en
Inventor
林殷
吴方才
许金龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Space Star Technology (beijing) Co Ltd
Original Assignee
Space Star Technology (beijing) Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Space Star Technology (beijing) Co Ltd filed Critical Space Star Technology (beijing) Co Ltd
Priority to CN201611096859.2A priority Critical patent/CN108156113B/en
Publication of CN108156113A publication Critical patent/CN108156113A/en
Application granted granted Critical
Publication of CN108156113B publication Critical patent/CN108156113B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/55Push-based network services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a kind of method for pushing for updating file, this method includes:Server generation initial encryption key is updated, and passes through key exchange method so that client obtains the initial encryption key;Based on the initial encryption key, update server is sent to the client after file block to be updated is encrypted;The client assembles the piecemeal, obtains update file.

Description

A kind of method for pushing for updating file
【Technical field】
The invention belongs to computer and file more frontier more particularly to a kind of method for pushing for updating file.
【Background technology】
In recent years, popularizing with internet, especially mobile Internet, is updated by pushing, becomes computer literal One of main update mode of part.From original different by user's active download update, now by computer software manufacturer actively File update is pushed in the computer of user, is updated automatically.One typical example is browser, browser program After opening, can actively connect one update server, if the browser program has update file, the update server to this Browser program pushes the update file, which, will be in some suitable time after the update file is received Point is automatically with the update file, without user intervention.
But the safety of update file push method of the prior art is not high, is voluntarily set by manufacturer Meter, is all much that file transmits on network in itself, without integrity checking.
【Invention content】
In order to solve the above problem of the prior art, the present invention proposes a kind of method for pushing for updating file.
The technical solution adopted by the present invention is as follows:
A kind of method for pushing for updating file, this method include the following steps:
Step 100:Server generation initial encryption key is updated, and passes through key exchange method so that client obtains The initial encryption key;
Step 200:Based on the initial encryption key, update server is sent to institute after file block to be updated is encrypted State client;
Step 300:The client assembles the piecemeal, obtains update file.
Further, the length of the initial encryption key is 4096.
Further, the length of each file block is the integral multiple of key length.
Further, completeness check is carried out to each piecemeal during block transmission.
Further, if the completeness check does not pass through, the client request update server retransmits.
Beneficial effects of the present invention include:The safety higher of file is updated, update text ensure that by completeness check The integrality of part.
【Description of the drawings】
Attached drawing described herein is to be used to provide further understanding of the present invention, and forms the part of the application, but It does not constitute improper limitations of the present invention, in the accompanying drawings:
Fig. 1 is the system construction drawing that the method for the present invention is applied.
Fig. 2 is the basic flow chart of the method for the present invention.
【Specific embodiment】
Come that the present invention will be described in detail below in conjunction with attached drawing and specific embodiment, illustrative examples therein and say It is bright to be only used for explaining the present invention, but not as a limitation of the invention.
Referring to attached drawing 1, the present invention relates to the update file transmission between 2 points, respectively include update server and client End, passes through network connection between the two, it is therefore an objective to will update file from update server transport to client by the network.This First of the update document transmission method of invention considers it is safety, thus file should be in transmission process it is encrypted, Also, in order to which with universality, update server and client side of the invention can be in the case of without offered, completion Update the encrypted transmission of file;Second considers it is the efficiency transmitted, but encrypted transmission can generally reduce the efficiency of transmission, because And present invention employs a simply and effectively encryption method, on the basis of enough encryption intensities are ensured, to efficiency of transmission Influence very little;Third consideration is the reliability and fault-tolerance of transmission, and the present invention is by the way that file block is transmitted so that even if few Number blocks of files is damaged in transmission process, can also be carried out blocks of files re-transmission, will not be carried out too much influence to entire conveyor;The The integrality of four consideration files, the present invention verify to solve integrity issue by the cryptographic Hash to blocks of files.Also, this hair Bright update document transmission method will be organically combined together in terms of aforementioned four consideration, solve update text more perfectly Part transmission problem.
Referring to attached drawing 2, based on above-mentioned setting, the basic step of the method for pushing of update file of the invention is as follows:
Step 100:Server generation initial encryption key is updated, and passes through key exchange method so that client obtains The initial encryption key;
Step 200:Based on the initial encryption key, update server is sent to institute after file block to be updated is encrypted State client;
Step 300:The client assembles the piecemeal, obtains update file.
Based on above-mentioned basic step, the method flow of the present invention is described in detail below:
(1) after update server establishes connection with client, update server generates a random number a, and calculates just Beginning encryption key K=gaMod P, while client also generates a random number b, and calculates Y=gb mod P。
Wherein, P is a Big prime, and g is a primitive element of P, and for security consideration, the length of P should be sufficiently large, excellent Selection of land, the length of P is 4096, then the length of K is also 4096 (if less than 4096, in front end, zero padding is to 4096)
(2) Y is sent to update server by client, and update server calculates X=YaMod P, and X is sent to visitor Family end.
(3) client calculates
It is easily derived by above-mentioned steps, the K ' that step (3) client obtains is equal to K, therefore by above-mentioned steps, more New demand servicing device and client have co-owned initial encryption key K, due in whole process K all not in transmission over networks, because Even if this has hacker to monitor whole process, two values of X and Y can only be also obtained, due to the difficulty that discrete logarithm calculates, this is black Visitor substantially can not be within the acceptable time, and value based on X and Y, which calculates, obtains K, thus K obtain enough confidentiality and Safety.
(4) for update server by update file block to be transmitted, every piece of length is all m times of the length of K, and m is whole If the length of last block is insufficient, length is supplied by finally increasing random number in block for number.If the update file is divided Into N blocks, it is denoted as F1, F2... ..., FN
For example, the length of K is 4096, m=10, then by the update file with the length piecemeal of 40960, if finally One piece less than 40960, then increases random number behind last block, complements to 40960.
The purpose of file block is updated, is for block transmission, thus by the scattered risks damaged, even if in transmission process Mistake occurs, also only needs to retransmit the block to malfunction, without retransmitting entire file.
(5) update server assembling one fileinfo packet={ File, N, mL }.Wherein File is update file to be transmitted Fileinfo, including filename, file size etc., N be update file by the block number of piecemeal, L is the length of K, and mL is exactly every The length of a piecemeal.
(6) update server calculates the cryptographic Hash Hash (F of first piecemeal of update file1), if the length of cryptographic Hash For h, then the random number R that length is L-h is filled after cryptographic Hash1, obtain the key K that new length is L1
Hash is the hash algorithm that uses of the present invention, it is preferable that the present invention uses the hash algorithm of MD5, MD5's the result is that 128, the length of K is 4096, then needs the random number of generation one 4096-128=3968, mend after MD5 cryptographic Hash Face forms the new key K of 40961, due to not only having random number in new key, cryptographic Hash is further included, is further enhanced The randomness of key, the new key is later for the encryption to first file packet.
(7) length of fileinfo packet is set as L0, then by fileinfo packet and the preceding L of K0Position carries out exclusive or, obtains exclusive or knot Fruit XF.Then update server assembles an initial information packet={ K1⊕ K, XF, HF, which is included to be sent to visitor Family end.Wherein HFIt is fileinfo packet and K1Cryptographic Hash, for subsequent verification.
(8) client decrypts the initial information packet using K, obtains K1With fileinfo packet, and using HFCarry out Hash school It tests, if verification does not pass through, update server is asked to retransmit the initial information packet and is passed through until verifying, if verification passes through, Then client informs that update server is ready for receiving update file.
It, can be different by being carried out with initial information packet since client has been obtained for key K in step (3) Or, decrypt K1With fileinfo packet.Hash check ensure that initial information packet is correct.In addition, due to K1In include Hash(F1), thus client has also obtained the cryptographic Hash of first piecemeal simultaneously.
(9) update server setting cyclic variable i=1.
(10) update server assembles i-th of file packet BiIf i<N (not being the last one file packet), then enable Bi= {Fi, Ki+1, Ki+1={ Hash (Fi+1), Ri+1, if i=N, Bi=Fi
Wherein, Ri+1The random number that a length is L-h, then Ri+1Length and Hash (Fi+1) the sum of length be L, That is, Ki+1Length for L, the encryption key as next file packet.
(11) update server uses key KiI-th of file packet is encrypted, that is, calculates Ei=E (Ki, Bi)。
The present invention proposes a kind of new Encryption Algorithm E, i.e., continuous exclusive or method, and this method is described in detail later.
(12) server is updated by EiWith Hash (Bi) client is sent to, client is to EiDecryption obtains BiIt is (specific Decryption method is also described below).If i<N, then client is just from BiMiddle acquisition FiAnd Ki+1, from Ki+1Middle acquisition Hash (Fi+1).If i=N, client only obtains Fi
(13) client uses Hash (Bi) to BiCryptographic Hash verification is carried out, while uses Hash (Fi) to FiCarry out Hash Value verification confirms the integrality of i-th of file packet by the verification of dual cryptographic Hash, if do not passed through there are one verifying, Then client request update server is retransmitted until verification passes through.
From above-mentioned steps as can be seen that Hash (Bi) obtained from this transmission, and Hash (Fi) it is from a upper text It is obtained in part packet, the hash check of dual separate sources increases difficulty to hacker attack.
(14) if i<N then enables i increase by 1, and return to step (10), otherwise continues following step.
(15) all F that client merging receivesi, obtain update file.
If the last one FNRandom number is added to, due to having the length of update file, thus visitor in fileinfo packet Family end can know last part by the length, and which is the random number being added, thus can remove the random number.
For the present invention for each file packet, that use is all different key Ki, this actually plays one-time pad Effect greatly strengthens the safety of update file transmission.And for the Encryption Algorithm in step (11), present invention uses one The simple and effective continuous exclusive or method of kind, is described as follows:
(11.1) by BiIt is divided into the block that multiple length are L, if shared S blocks.
Work as i<During N, due to BiIncluding FiAnd Ki+1, wherein FiLength for mL, then S=m+1;As i=N, S=m.
(11.2) B is setiThe S blocks being divided into are A1, A2... ..., AS, the calculating process of continuous exclusive or is as follows:
C1=A1⊕Ki
Cj=Cj-1⊕Aj⊕Ki, 2≤j≤S;
(11.3) the result E of continuous exclusive ori={ C1,, C2... ..., CS}。
Its calculating used of continuous exclusive or method proposed by the present invention only has exclusive or, without complicated calculating, therefore entirely meter The efficiency of calculation process is very high, and too big influence is not had on the efficiency of transmission for updating file.
The decryption of continuous exclusive or is also very simple, specific as follows:
(12.1) E decrypted will be needediIt is divided into the block that S length is L, i.e. C1,, C2... ..., CS
(12.2) continuous exclusive or decryption is carried out according to the following equation:
A1=C1⊕Ki
Aj=Cj⊕Cj-1⊕Ki, 2≤j≤S
The process of above-mentioned continuous exclusive or decryption can essentially parallel computation.
(12.3) continuous exclusive or decrypted result Bi={ A1, A2... ..., AS}。
The above is only the better embodiment of the present invention, therefore all constructions according to described in present patent application range, The equivalent change or modification that feature and principle are done, is included in the range of present patent application.

Claims (5)

1. a kind of method for pushing for updating file, which is characterized in that this method includes the following steps:
Step 100:Server generation initial encryption key is updated, and passes through key exchange method so that it is first that client obtains this Beginning encryption key;
Step 200:Based on the initial encryption key, update server is sent to the visitor after file block to be updated is encrypted Family end;
Step 300:The client assembles the piecemeal, obtains update file.
2. the method for pushing of update file according to claim 1, which is characterized in that the length of the initial encryption key It is 4096.
3. the method for pushing of the update file according to claim 1-2 any one, which is characterized in that each file block Length be key length integral multiple.
4. the method for pushing of the update file according to claim 1-3 any one, which is characterized in that in block transmission Completeness check is carried out to each piecemeal in the process.
5. the method for pushing of update file according to claim 4, which is characterized in that if the completeness check is obstructed It crosses, then the client request update server retransmits.
CN201611096859.2A 2016-12-02 2016-12-02 A kind of method for pushing updating file Active CN108156113B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611096859.2A CN108156113B (en) 2016-12-02 2016-12-02 A kind of method for pushing updating file

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611096859.2A CN108156113B (en) 2016-12-02 2016-12-02 A kind of method for pushing updating file

Publications (2)

Publication Number Publication Date
CN108156113A true CN108156113A (en) 2018-06-12
CN108156113B CN108156113B (en) 2019-07-23

Family

ID=62470417

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611096859.2A Active CN108156113B (en) 2016-12-02 2016-12-02 A kind of method for pushing updating file

Country Status (1)

Country Link
CN (1) CN108156113B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112182512A (en) * 2020-09-01 2021-01-05 北京幻想纵横网络技术有限公司 Information processing method, device and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1285102A (en) * 1998-02-24 2001-02-21 莫斯科戈罗德电话设备公开股份公司 Method for block-encryption of discrete data
CN101344906A (en) * 2008-05-19 2009-01-14 北京深思洛克数据保护中心 Sectional type remote updating method
CN101394273A (en) * 2008-10-17 2009-03-25 电子科技大学 Multichannel ciphered information transmission method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1285102A (en) * 1998-02-24 2001-02-21 莫斯科戈罗德电话设备公开股份公司 Method for block-encryption of discrete data
CN101344906A (en) * 2008-05-19 2009-01-14 北京深思洛克数据保护中心 Sectional type remote updating method
CN101394273A (en) * 2008-10-17 2009-03-25 电子科技大学 Multichannel ciphered information transmission method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112182512A (en) * 2020-09-01 2021-01-05 北京幻想纵横网络技术有限公司 Information processing method, device and storage medium

Also Published As

Publication number Publication date
CN108156113B (en) 2019-07-23

Similar Documents

Publication Publication Date Title
JP6724249B2 (en) System and method for information protection
CN106254374B (en) A kind of cloud data public audit method having duplicate removal function
CN111242617B (en) Method and apparatus for performing transaction correctness verification
CN106357701B (en) The integrity verification method of data in cloud storage
JP3858527B2 (en) Data generation apparatus, data verification apparatus and method
CN104184740B (en) Trusted transmission method, trusted third party and credible delivery system
US20180205555A1 (en) Contract Agreement Method, Agreement Verification Method, Contract Agreement System, Agreement Verification Device, Contract Agreement Device, Contract Agreement Program and Agreement Verification Program
CN109194466A (en) A kind of cloud data integrity detection method and system based on block chain
JP2020502857A (en) Information protection system and method
CN105162599B (en) A kind of data transmission system and its transmission method
CN101883100B (en) Digital content distributed authorization method
CN109474606A (en) Document transmission method, device, computer equipment and storage medium
CN111526197B (en) Cloud data secure sharing method
CN106899406B (en) A kind of method of proof of cloud data storage integrality
CN105391554B (en) A kind of method and system for realizing fingerprint matching using ciphertext
CN110096894B (en) Data anonymous sharing system and method based on block chain
CN104717217B (en) The provable security data property held verification method based on section entitlement in a kind of cloud storage
CN108540280B (en) Resource efficient security data sharing method and system
CN107979613A (en) A kind of method and system of guarantee JMS message safety certifications
CN105743854A (en) Security authentication system and method
Zhang et al. Provably secure cloud storage for mobile networks with less computation and smaller overhead
CN108156113B (en) A kind of method for pushing updating file
CN109981671A (en) Data processing method and encryption equipment based on encryption equipment
CN106788969B (en) A kind of transmission method of data file
US7574607B1 (en) Secure pipeline processing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 101399 No. 2 East Airport Road, Shunyi Airport Economic Core Area, Beijing (1st, 5th and 7th floors of Industrial Park 1A-4)

Applicant after: Zhongke Star Map Co., Ltd.

Address before: 101399 Building 1A-4, National Geographic Information Technology Industrial Park, Guomen Business District, Shunyi District, Beijing

Applicant before: Space Star Technology (Beijing) Co., Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant