CN108156113B - A kind of method for pushing updating file - Google Patents
A kind of method for pushing updating file Download PDFInfo
- Publication number
- CN108156113B CN108156113B CN201611096859.2A CN201611096859A CN108156113B CN 108156113 B CN108156113 B CN 108156113B CN 201611096859 A CN201611096859 A CN 201611096859A CN 108156113 B CN108156113 B CN 108156113B
- Authority
- CN
- China
- Prior art keywords
- file
- length
- client
- server
- hash
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/55—Push-based network services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of method for pushing for updating file, this method comprises: updating server generates initial encryption key, and by key exchange method, so that client obtains the initial encryption key;Based on the initial encryption key, updates after server encrypts file block to be updated and be sent to the client;The client assembles the piecemeal, obtains and updates file.
Description
[technical field]
The invention belongs to computer and file more frontier more particularly to a kind of method for pushing for updating file.
[background technique]
In recent years, popularizing with internet, especially mobile Internet, is updated by push, becomes computer literal
One of main update mode of part.From it is original by user actively downloading updates it is different, now by computer software manufacturer active
File update is pushed in the computer of user, is updated automatically.One typical example is browser, browser program
After opening, can actively connect a update server, if the browser program has update file, the update server to this
Browser program pushes the update file, which, will be in some suitable time after receiving the update file
Point uses the update file automatically, without user intervention.
But the safety of update file push method in the prior art is not high, is voluntarily set by manufacturer
Meter, is all much that file itself transmits on network, without integrity checking.
[summary of the invention]
In order to solve the above problem in the prior art, the invention proposes a kind of method for pushing for updating file.
The technical solution adopted by the invention is as follows:
A kind of method for pushing updating file, method includes the following steps:
Step 100: updating server and generate initial encryption key, and by key exchange method, so that client obtains
The initial encryption key;
Step 200: being based on the initial encryption key, update after server encrypts file block to be updated and be sent to institute
State client;
Step 300: the client assembles the piecemeal, obtains and updates file.
Further, the length of the initial encryption key is 4096.
Further, the length of each file block is the integral multiple of key length.
Further, completeness check is carried out to each piecemeal during block transmission.
Further, if the completeness check does not pass through, the client request updates server and retransmits.
The beneficial effect comprise that the safety for updating file is higher, update text ensure that by completeness check
The integrality of part.
[Detailed description of the invention]
Described herein the drawings are intended to provide a further understanding of the invention, constitutes part of this application, but
It does not constitute improper limitations of the present invention, in the accompanying drawings:
Fig. 1 is system construction drawing applied by the method for the present invention.
Fig. 2 is the basic flow chart of the method for the present invention.
[specific embodiment]
Come that the present invention will be described in detail below in conjunction with attached drawing and specific embodiment, illustrative examples therein and says
It is bright to be only used to explain the present invention but not as a limitation of the invention.
Referring to attached drawing 1, the present invention relates to the update file transmission between two o'clock, respectively include updating server and client
End, passes through network connection between the two, it is therefore an objective to will update file from server transport is updated to client by the network.This
First of the update document transmission method of invention considers it is safety, thus file should be encryption in transmission process,
Also, in order to which with universality, update server and client side of the invention can be in the case where being not necessarily to offered, completion
Update the encrypted transmission of file;Second considers it is the efficiency transmitted, but encrypted transmission can generally reduce the efficiency of transmission, because
And present invention employs a simply and effectively encryption methods, on the basis of guaranteeing enough encryption intensities, to efficiency of transmission
Influence very little;Third considers it is the reliability and fault-tolerance transmitted, and the present invention is by transmitting file block, so that even if few
Number blocks of files is damaged in transmission process, can also be carried out blocks of files re-transmission, will not be carried out too much influence to entire transmission belt;The
The integrality of four consideration files, the present invention solve integrity issue by the cryptographic Hash verification to blocks of files.Also, this hair
Bright update document transmission method will be organically combined together in terms of aforementioned four consideration, solve update text more perfectly
Part transmission problem.
Referring to attached drawing 2, it is based on above-mentioned setting, the basic step of the method for pushing of update file of the invention is as follows:
Step 100: updating server and generate initial encryption key, and by key exchange method, so that client obtains
The initial encryption key;
Step 200: being based on the initial encryption key, update after server encrypts file block to be updated and be sent to institute
State client;
Step 300: the client assembles the piecemeal, obtains and updates file.
Based on above-mentioned basic step, method flow of the invention is described in detail below:
(1) it after update server and client establish connection, updates server and generates a random number a, and calculate first
Beginning encryption key K=gaMod P, while client also generates a random number b, and calculates Y=gb mod P。
Wherein, P is a Big prime, and g is a primitive element of P, and for security consideration, the length of P should be sufficiently large, excellent
Selection of land, the length of P are 4096, then the length of K is also 4096 (if less than 4096, in front end, zero padding is to 4096)
(2) Y is sent to update server by client, is updated server and is calculated X=YaMod P, and X is sent to visitor
Family end.
(3) client calculates
It is easy to derive by above-mentioned steps, the K ' that step (3) client obtains is equal to K, therefore through the above steps, more
New demand servicing device and client have co-owned initial encryption key K, due in whole process K all not in transmission over networks, because
Even if this has hacker to monitor whole process, two values of X and Y can only be also obtained, due to the difficulty that discrete logarithm calculates, this is black
Visitor substantially can not be within the acceptable time, and value based on X and Y, which calculates, obtains K, thus K obtain enough confidentiality and
Safety.
(4) server is updated by update file block to be transmitted, and every piece of length is all m times of the length of K, and m is whole
Number supplies length by finally increasing random number in block if the length of last block is insufficient.If the update file is divided
At N block, it is denoted as F1, F2... ..., FN。
For example, the length of K is 4096, m=10, then by the update file with 40960 length piecemeals, if finally
One piece less than 40960, then increases random number behind last block, complements to 40960.
The purpose for updating file block, is for block transmission, thus by the scattered risks of damage, even if in transmission process
Mistake occurs, also only needs to retransmit the block of error, without retransmitting entire file.
(5) it updates server and assembles a file information packet={ File, N, mL }.Wherein File is update file to be transmitted
The file information, including filename, file size etc., N is to update file by the block number of piecemeal, and L is the length of K, and mL is exactly every
The length of a piecemeal.
(6) it updates server and calculates the cryptographic Hash Hash (F for updating first piecemeal of file1), if the length of cryptographic Hash
For h, then the random number R that length is L-h is filled after cryptographic Hash1, obtain the key K that new length is L1。
Hash is the hash algorithm that uses of the present invention, it is preferable that the present invention uses the hash algorithm of MD5, MD5's the result is that
128, the length of K is 4096, then needs to generate one 4096-128=3968 random numbers, is mended after MD5 cryptographic Hash
Face constitutes 4096 new key K1, due to not only having random number in new key, further include cryptographic Hash, further enhance
The randomness of key, the new key are used for the encryption to first file packet later.
(7) length of the file information packet is set as L0, then by the preceding L of the file information packet and K0Position carries out exclusive or, obtains exclusive or knot
Fruit XF.Then it updates server and assembles an initial information packet={ K1⊕ K, XF, HF, it include being sent to visitor by the initial information
Family end.Wherein HFIt is the file information packet and K1Cryptographic Hash, be used for subsequent verification.
(8) client decrypts the initial information packet using K, obtains K1With the file information packet, and use HFCarry out Hash school
It tests, if verification does not pass through, requests update server to retransmit the initial information packet and pass through until verifying, if verification passes through,
Then client, which informs to update server and be ready for receiving, updates file.
It, can be different by being carried out with initial information packet since client has been obtained for key K in step (3)
Or, decrypting K1With the file information packet.Hash check ensure that initial information packet is correct.In addition, due to K1In include
Hash(F1), thus client has also obtained the cryptographic Hash of first piecemeal simultaneously.
(9) it updates server and cyclic variable i=1 is set.
(10) it updates server and assembles i-th of file packet BiIf i < N (not being the last one file packet), enables Bi=
{Fi, Ki+1, Ki+1={ Hash (Fi+1), Ri+1, if i=N, Bi=Fi。
Wherein, Ri+1It is the random number that a length is L-h, then Ri+1Length and Hash (Fi+1) the sum of length be L,
That is, Ki+1Length be L, the encryption key as next file packet.
(11) it updates server and uses key KiI-th of file packet is encrypted, i.e. calculating Ei=E (Ki, Bi)。
The invention proposes a kind of new Encryption Algorithm E, i.e., continuous exclusive or method, this method is described in detail later.
(12) server is updated by EiWith Hash (Bi) it is sent to client, client is to EiDecryption obtains BiIt is (specific
Decryption method is also described below).If i < N, client is just from BiMiddle acquisition FiAnd Ki+1, from Ki+1Middle acquisition Hash
(Fi+1).If i=N, client only obtains Fi。
(13) client uses Hash (Bi) to BiCryptographic Hash verification is carried out, while using Hash (Fi) to FiCarry out Hash
Value verification confirms the integrality of i-th of file packet by the verification of dual cryptographic Hash, if there is a verification does not pass through,
Then client request updates server and retransmits until verification passes through.
From above-mentioned steps as can be seen that Hash (Bi) it is to be obtained from this transmission, and Hash (Fi) it is from a upper text
It is obtained in part packet, the hash check of dual separate sources increases difficulty to hacker attack.
(14) it if i < N, enables i increase by 1, and return step (10), otherwise continues following step.
(15) client merges all F receivedi, obtain and update file.
If the last one FNIt is added to random number, due to having the length for updating file, thus visitor in the file information packet
Family end can know last part by the length, and which is the random number being added, thus can remove the random number.
For the present invention for each file packet, what is used is all different key Ki, this actually plays one-time pad
Effect greatly strengthens the safety for updating file transmission.And for the Encryption Algorithm in step (11), present invention uses one
The simple and effective continuous exclusive or method of kind, is described as follows:
(11.1) by BiIt is divided into the block that multiple length are L, if shared S block.
As i < N, due to BiIncluding FiAnd Ki+1, wherein FiLength be mL, then S=m+1;As i=N, S=m.
(11.2) B is setiThe S block being divided into is A1, A2... ..., AS, the calculating process of continuous exclusive or is as follows:
C1=A1⊕Ki
Cj=Cj-1⊕Aj⊕Ki, 2≤j≤S;
(11.3) the result E of continuous exclusive ori={ C1,, C2... ..., CS}。
Its calculating used of continuous exclusive or method proposed by the present invention only has exclusive or, not complicated calculating, therefore entire meter
The efficiency of calculation process be it is very high, on update file efficiency of transmission do not have too big influence.
The decryption of continuous exclusive or is also very simple, specific as follows:
(12.1) E for decrypting needsiIt is divided into the block that S length is L, i.e. C1,, C2... ..., CS。
(12.2) continuous exclusive or decryption is carried out according to the following equation:
A1=C1⊕Ki
Aj=Cj⊕Cj-1⊕Ki, 2≤j≤S
The process of above-mentioned continuous exclusive or decryption can actually parallel computation.
(12.3) continuous exclusive or decrypted result Bi={ A1, A2... ..., AS}。
The above description is only a preferred embodiment of the present invention, thus it is all according to the configuration described in the scope of the patent application of the present invention,
The equivalent change or modification that feature and principle are done, is included in the scope of the patent application of the present invention.
Claims (5)
1. a kind of method for pushing for updating file, which is characterized in that method includes the following steps:
Step 100: updating server and generate initial encryption key, and by key exchange method, so as to obtain this first for client
Beginning encryption key;
Step 200: being based on the initial encryption key, update after server encrypts file block to be updated and be sent to the visitor
Family end;
Step 300: the client assembles the piecemeal, obtains and updates file;
The method process the following steps are included:
After step (1) update server and client establish connection, updates server and generate a random number a, and calculate first
Beginning encryption key K=gaMod P, while client also generates a random number b, and calculates Y=gbmod P;
Wherein, P is a Big prime, and g is a primitive element of P, and the length of P is 4096, then the length of K is also 4096;
Y is sent to update server by step (2) client, is updated server and is calculated X=YaMod P, and X is sent to client
End;
Step (3) client calculates K'=Xb-1mod P;
Step (4) updates server for update file block to be transmitted, and every piece of length is all m times of the length of K, and m is whole
Number supplies length by finally increasing random number in block if the length of last block is insufficient;If the update file is divided
At N block, it is denoted as F1, F2... ..., FN;
Wherein, the length of K is 4096, m=10, then by the update file with 40960 length piecemeals, if last block
Less than 40960, then increases random number behind last block, complement to 40960;
Step (5) updates server and assembles a file information packet={ File, N, mL };Wherein File is update file to be transmitted
The file information, including filename, file size, N is to update file by the block number of piecemeal, and L is the length of K, and mL is exactly each
The length of piecemeal;
Step (6) updates server and calculates the cryptographic Hash Hash (F for updating first piecemeal of file1), if the length of cryptographic Hash is
H then fills the random number R that length is L-h after cryptographic Hash1, obtain the key K that new length is L1;
Hash uses hash algorithm or MD5 hash algorithm, and MD5's the result is that 128, and the length of K is 4096, then needs to generate
One 4096-128=3968 random numbers mend behind MD5 cryptographic Hash, constitute 4096 new key K1, described
4096 key K1Later for the encryption to first file packet;
Step (7) sets the length of the file information packet as L0, then by the preceding L of the file information packet and K0Position carries out exclusive or, obtains exclusive or knot
Fruit XF;Then it updates server and assembles an initial information packet={ K1⊕ K, XF, HF, it include being sent to visitor by the initial information
Family end;Wherein HFIt is the file information packet and K1Cryptographic Hash, be used for subsequent verification;
Step (8) client decrypts the initial information packet using K, obtains K1With the file information packet, and use HFCarry out Hash school
It tests, if verification does not pass through, requests update server to retransmit the initial information packet and pass through until verifying, if verification passes through,
Then client, which informs to update server and be ready for receiving, updates file;
Step (9) updates server and cyclic variable i=1 is arranged;
Step (10) updates server and assembles i-th of file packet Bi, when i < N is not the last one file packet, Bi={ Fi, Ki+1,
Ki+1={ Hash (Fi+1), Ri+1, i=N, Bi=Fi;
Wherein, Ri+1It is the random number that a length is L-h, then Ri+1Length and Hash (Fi+1) the sum of length be L, also
It is to say, Ki+1Length be L, the encryption key as next file packet;
Step (11) updates server and uses key KiI-th of file packet is encrypted, i.e. calculating Ei=E (Ki, Bi);
Step (12) updates server for EiWith Hash (Bi) it is sent to client, client is to EiDecryption obtains Bi;If i < N,
Then client is just from BiMiddle acquisition FiAnd Ki+1, from Ki+1Middle acquisition Hash (Fi+1);If i=N, client only obtains Fi;
Step (13) client uses Hash (Bi) to BiCryptographic Hash verification is carried out, while using Hash (Fi) to FiCarry out cryptographic Hash
Verification confirms the integrality of i-th of file packet by the verification of dual cryptographic Hash, if there is a verification does not pass through, then
Client request updates server and retransmits until verification passes through;
Step (14) enables i increase by 1, and return step (10), otherwise continues following step if i < N;
Step (15) client merges all F receivedi, obtain and update file.
2. the method for pushing according to claim 1 for updating file, which is characterized in that the length of the initial encryption key
It is 4096.
3. the method for pushing of file is updated described in -2 any one according to claim 1, which is characterized in that each file block
Length be key length integral multiple.
4. the method for pushing of file is updated described in -2 any one according to claim 1, which is characterized in that in block transmission
Completeness check is carried out to each piecemeal in the process.
5. the method for pushing according to claim 4 for updating file, which is characterized in that if the completeness check is obstructed
It crosses, then the client request updates server and retransmits.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611096859.2A CN108156113B (en) | 2016-12-02 | 2016-12-02 | A kind of method for pushing updating file |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611096859.2A CN108156113B (en) | 2016-12-02 | 2016-12-02 | A kind of method for pushing updating file |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108156113A CN108156113A (en) | 2018-06-12 |
CN108156113B true CN108156113B (en) | 2019-07-23 |
Family
ID=62470417
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611096859.2A Active CN108156113B (en) | 2016-12-02 | 2016-12-02 | A kind of method for pushing updating file |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108156113B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112182512A (en) * | 2020-09-01 | 2021-01-05 | 北京幻想纵横网络技术有限公司 | Information processing method, device and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1285102A (en) * | 1998-02-24 | 2001-02-21 | 莫斯科戈罗德电话设备公开股份公司 | Method for block-encryption of discrete data |
CN101344906A (en) * | 2008-05-19 | 2009-01-14 | 北京深思洛克数据保护中心 | Sectional type remote updating method |
CN101394273A (en) * | 2008-10-17 | 2009-03-25 | 电子科技大学 | Multichannel ciphered information transmission method |
-
2016
- 2016-12-02 CN CN201611096859.2A patent/CN108156113B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1285102A (en) * | 1998-02-24 | 2001-02-21 | 莫斯科戈罗德电话设备公开股份公司 | Method for block-encryption of discrete data |
CN101344906A (en) * | 2008-05-19 | 2009-01-14 | 北京深思洛克数据保护中心 | Sectional type remote updating method |
CN101394273A (en) * | 2008-10-17 | 2009-03-25 | 电子科技大学 | Multichannel ciphered information transmission method |
Also Published As
Publication number | Publication date |
---|---|
CN108156113A (en) | 2018-06-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105939191B (en) | The client secure De-weight method of ciphertext data in a kind of cloud storage | |
CN106254374B (en) | A kind of cloud data public audit method having duplicate removal function | |
CN107124274B (en) | Digital signature method and device based on SM2 | |
CN106357701B (en) | The integrity verification method of data in cloud storage | |
US9806889B2 (en) | Key downloading method, management method, downloading management method, device and system | |
CN106130716B (en) | Key exchange system and method based on authentication information | |
CN104184740B (en) | Trusted transmission method, trusted third party and credible delivery system | |
US20140258736A1 (en) | Systems and Methods for Maintaining Integrity and Secrecy in Untrusted Computing Platforms | |
CN111526197B (en) | Cloud data secure sharing method | |
KR20210134655A (en) | Security systems and related methods | |
CN105391554B (en) | A kind of method and system for realizing fingerprint matching using ciphertext | |
CN106899406B (en) | A kind of method of proof of cloud data storage integrality | |
US20130067218A2 (en) | Incorporating data into cryptographic components of an ecqv certificate | |
WO2015173434A1 (en) | Method for proving retrievability of information | |
Azraoui et al. | Stealthguard: Proofs of retrievability with hidden watchdogs | |
CN103368975B (en) | A kind of method and system of batch data safe transmission | |
CN105743854A (en) | Security authentication system and method | |
CN109981671B (en) | Data processing method based on encryption machine and encryption machine | |
CN108156113B (en) | A kind of method for pushing updating file | |
JP6534913B2 (en) | Information processing apparatus and fraudulent message detection method | |
CN112839328B (en) | Close-contact data verification method, client, server and storage medium | |
CN106788969B (en) | A kind of transmission method of data file | |
US7574607B1 (en) | Secure pipeline processing | |
US20230318857A1 (en) | Method and apparatus for producing verifiable randomness within a decentralized computing network | |
CN116032655B (en) | Identity authentication method and system capable of resisting timing attack |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 101399 No. 2 East Airport Road, Shunyi Airport Economic Core Area, Beijing (1st, 5th and 7th floors of Industrial Park 1A-4) Applicant after: Zhongke Star Map Co., Ltd. Address before: 101399 Building 1A-4, National Geographic Information Technology Industrial Park, Guomen Business District, Shunyi District, Beijing Applicant before: Space Star Technology (Beijing) Co., Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant |