CN108156113B - A kind of method for pushing updating file - Google Patents

A kind of method for pushing updating file Download PDF

Info

Publication number
CN108156113B
CN108156113B CN201611096859.2A CN201611096859A CN108156113B CN 108156113 B CN108156113 B CN 108156113B CN 201611096859 A CN201611096859 A CN 201611096859A CN 108156113 B CN108156113 B CN 108156113B
Authority
CN
China
Prior art keywords
file
length
client
server
hash
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201611096859.2A
Other languages
Chinese (zh)
Other versions
CN108156113A (en
Inventor
林殷
吴方才
许金龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongke Star Map Co Ltd
Original Assignee
Zhongke Star Map Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongke Star Map Co Ltd filed Critical Zhongke Star Map Co Ltd
Priority to CN201611096859.2A priority Critical patent/CN108156113B/en
Publication of CN108156113A publication Critical patent/CN108156113A/en
Application granted granted Critical
Publication of CN108156113B publication Critical patent/CN108156113B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/55Push-based network services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a kind of method for pushing for updating file, this method comprises: updating server generates initial encryption key, and by key exchange method, so that client obtains the initial encryption key;Based on the initial encryption key, updates after server encrypts file block to be updated and be sent to the client;The client assembles the piecemeal, obtains and updates file.

Description

A kind of method for pushing updating file
[technical field]
The invention belongs to computer and file more frontier more particularly to a kind of method for pushing for updating file.
[background technique]
In recent years, popularizing with internet, especially mobile Internet, is updated by push, becomes computer literal One of main update mode of part.From it is original by user actively downloading updates it is different, now by computer software manufacturer active File update is pushed in the computer of user, is updated automatically.One typical example is browser, browser program After opening, can actively connect a update server, if the browser program has update file, the update server to this Browser program pushes the update file, which, will be in some suitable time after receiving the update file Point uses the update file automatically, without user intervention.
But the safety of update file push method in the prior art is not high, is voluntarily set by manufacturer Meter, is all much that file itself transmits on network, without integrity checking.
[summary of the invention]
In order to solve the above problem in the prior art, the invention proposes a kind of method for pushing for updating file.
The technical solution adopted by the invention is as follows:
A kind of method for pushing updating file, method includes the following steps:
Step 100: updating server and generate initial encryption key, and by key exchange method, so that client obtains The initial encryption key;
Step 200: being based on the initial encryption key, update after server encrypts file block to be updated and be sent to institute State client;
Step 300: the client assembles the piecemeal, obtains and updates file.
Further, the length of the initial encryption key is 4096.
Further, the length of each file block is the integral multiple of key length.
Further, completeness check is carried out to each piecemeal during block transmission.
Further, if the completeness check does not pass through, the client request updates server and retransmits.
The beneficial effect comprise that the safety for updating file is higher, update text ensure that by completeness check The integrality of part.
[Detailed description of the invention]
Described herein the drawings are intended to provide a further understanding of the invention, constitutes part of this application, but It does not constitute improper limitations of the present invention, in the accompanying drawings:
Fig. 1 is system construction drawing applied by the method for the present invention.
Fig. 2 is the basic flow chart of the method for the present invention.
[specific embodiment]
Come that the present invention will be described in detail below in conjunction with attached drawing and specific embodiment, illustrative examples therein and says It is bright to be only used to explain the present invention but not as a limitation of the invention.
Referring to attached drawing 1, the present invention relates to the update file transmission between two o'clock, respectively include updating server and client End, passes through network connection between the two, it is therefore an objective to will update file from server transport is updated to client by the network.This First of the update document transmission method of invention considers it is safety, thus file should be encryption in transmission process, Also, in order to which with universality, update server and client side of the invention can be in the case where being not necessarily to offered, completion Update the encrypted transmission of file;Second considers it is the efficiency transmitted, but encrypted transmission can generally reduce the efficiency of transmission, because And present invention employs a simply and effectively encryption methods, on the basis of guaranteeing enough encryption intensities, to efficiency of transmission Influence very little;Third considers it is the reliability and fault-tolerance transmitted, and the present invention is by transmitting file block, so that even if few Number blocks of files is damaged in transmission process, can also be carried out blocks of files re-transmission, will not be carried out too much influence to entire transmission belt;The The integrality of four consideration files, the present invention solve integrity issue by the cryptographic Hash verification to blocks of files.Also, this hair Bright update document transmission method will be organically combined together in terms of aforementioned four consideration, solve update text more perfectly Part transmission problem.
Referring to attached drawing 2, it is based on above-mentioned setting, the basic step of the method for pushing of update file of the invention is as follows:
Step 100: updating server and generate initial encryption key, and by key exchange method, so that client obtains The initial encryption key;
Step 200: being based on the initial encryption key, update after server encrypts file block to be updated and be sent to institute State client;
Step 300: the client assembles the piecemeal, obtains and updates file.
Based on above-mentioned basic step, method flow of the invention is described in detail below:
(1) it after update server and client establish connection, updates server and generates a random number a, and calculate first Beginning encryption key K=gaMod P, while client also generates a random number b, and calculates Y=gb mod P。
Wherein, P is a Big prime, and g is a primitive element of P, and for security consideration, the length of P should be sufficiently large, excellent Selection of land, the length of P are 4096, then the length of K is also 4096 (if less than 4096, in front end, zero padding is to 4096)
(2) Y is sent to update server by client, is updated server and is calculated X=YaMod P, and X is sent to visitor Family end.
(3) client calculates
It is easy to derive by above-mentioned steps, the K ' that step (3) client obtains is equal to K, therefore through the above steps, more New demand servicing device and client have co-owned initial encryption key K, due in whole process K all not in transmission over networks, because Even if this has hacker to monitor whole process, two values of X and Y can only be also obtained, due to the difficulty that discrete logarithm calculates, this is black Visitor substantially can not be within the acceptable time, and value based on X and Y, which calculates, obtains K, thus K obtain enough confidentiality and Safety.
(4) server is updated by update file block to be transmitted, and every piece of length is all m times of the length of K, and m is whole Number supplies length by finally increasing random number in block if the length of last block is insufficient.If the update file is divided At N block, it is denoted as F1, F2... ..., FN
For example, the length of K is 4096, m=10, then by the update file with 40960 length piecemeals, if finally One piece less than 40960, then increases random number behind last block, complements to 40960.
The purpose for updating file block, is for block transmission, thus by the scattered risks of damage, even if in transmission process Mistake occurs, also only needs to retransmit the block of error, without retransmitting entire file.
(5) it updates server and assembles a file information packet={ File, N, mL }.Wherein File is update file to be transmitted The file information, including filename, file size etc., N is to update file by the block number of piecemeal, and L is the length of K, and mL is exactly every The length of a piecemeal.
(6) it updates server and calculates the cryptographic Hash Hash (F for updating first piecemeal of file1), if the length of cryptographic Hash For h, then the random number R that length is L-h is filled after cryptographic Hash1, obtain the key K that new length is L1
Hash is the hash algorithm that uses of the present invention, it is preferable that the present invention uses the hash algorithm of MD5, MD5's the result is that 128, the length of K is 4096, then needs to generate one 4096-128=3968 random numbers, is mended after MD5 cryptographic Hash Face constitutes 4096 new key K1, due to not only having random number in new key, further include cryptographic Hash, further enhance The randomness of key, the new key are used for the encryption to first file packet later.
(7) length of the file information packet is set as L0, then by the preceding L of the file information packet and K0Position carries out exclusive or, obtains exclusive or knot Fruit XF.Then it updates server and assembles an initial information packet={ K1⊕ K, XF, HF, it include being sent to visitor by the initial information Family end.Wherein HFIt is the file information packet and K1Cryptographic Hash, be used for subsequent verification.
(8) client decrypts the initial information packet using K, obtains K1With the file information packet, and use HFCarry out Hash school It tests, if verification does not pass through, requests update server to retransmit the initial information packet and pass through until verifying, if verification passes through, Then client, which informs to update server and be ready for receiving, updates file.
It, can be different by being carried out with initial information packet since client has been obtained for key K in step (3) Or, decrypting K1With the file information packet.Hash check ensure that initial information packet is correct.In addition, due to K1In include Hash(F1), thus client has also obtained the cryptographic Hash of first piecemeal simultaneously.
(9) it updates server and cyclic variable i=1 is set.
(10) it updates server and assembles i-th of file packet BiIf i < N (not being the last one file packet), enables Bi= {Fi, Ki+1, Ki+1={ Hash (Fi+1), Ri+1, if i=N, Bi=Fi
Wherein, Ri+1It is the random number that a length is L-h, then Ri+1Length and Hash (Fi+1) the sum of length be L, That is, Ki+1Length be L, the encryption key as next file packet.
(11) it updates server and uses key KiI-th of file packet is encrypted, i.e. calculating Ei=E (Ki, Bi)。
The invention proposes a kind of new Encryption Algorithm E, i.e., continuous exclusive or method, this method is described in detail later.
(12) server is updated by EiWith Hash (Bi) it is sent to client, client is to EiDecryption obtains BiIt is (specific Decryption method is also described below).If i < N, client is just from BiMiddle acquisition FiAnd Ki+1, from Ki+1Middle acquisition Hash (Fi+1).If i=N, client only obtains Fi
(13) client uses Hash (Bi) to BiCryptographic Hash verification is carried out, while using Hash (Fi) to FiCarry out Hash Value verification confirms the integrality of i-th of file packet by the verification of dual cryptographic Hash, if there is a verification does not pass through, Then client request updates server and retransmits until verification passes through.
From above-mentioned steps as can be seen that Hash (Bi) it is to be obtained from this transmission, and Hash (Fi) it is from a upper text It is obtained in part packet, the hash check of dual separate sources increases difficulty to hacker attack.
(14) it if i < N, enables i increase by 1, and return step (10), otherwise continues following step.
(15) client merges all F receivedi, obtain and update file.
If the last one FNIt is added to random number, due to having the length for updating file, thus visitor in the file information packet Family end can know last part by the length, and which is the random number being added, thus can remove the random number.
For the present invention for each file packet, what is used is all different key Ki, this actually plays one-time pad Effect greatly strengthens the safety for updating file transmission.And for the Encryption Algorithm in step (11), present invention uses one The simple and effective continuous exclusive or method of kind, is described as follows:
(11.1) by BiIt is divided into the block that multiple length are L, if shared S block.
As i < N, due to BiIncluding FiAnd Ki+1, wherein FiLength be mL, then S=m+1;As i=N, S=m.
(11.2) B is setiThe S block being divided into is A1, A2... ..., AS, the calculating process of continuous exclusive or is as follows:
C1=A1⊕Ki
Cj=Cj-1⊕Aj⊕Ki, 2≤j≤S;
(11.3) the result E of continuous exclusive ori={ C1,, C2... ..., CS}。
Its calculating used of continuous exclusive or method proposed by the present invention only has exclusive or, not complicated calculating, therefore entire meter The efficiency of calculation process be it is very high, on update file efficiency of transmission do not have too big influence.
The decryption of continuous exclusive or is also very simple, specific as follows:
(12.1) E for decrypting needsiIt is divided into the block that S length is L, i.e. C1,, C2... ..., CS
(12.2) continuous exclusive or decryption is carried out according to the following equation:
A1=C1⊕Ki
Aj=Cj⊕Cj-1⊕Ki, 2≤j≤S
The process of above-mentioned continuous exclusive or decryption can actually parallel computation.
(12.3) continuous exclusive or decrypted result Bi={ A1, A2... ..., AS}。
The above description is only a preferred embodiment of the present invention, thus it is all according to the configuration described in the scope of the patent application of the present invention, The equivalent change or modification that feature and principle are done, is included in the scope of the patent application of the present invention.

Claims (5)

1. a kind of method for pushing for updating file, which is characterized in that method includes the following steps:
Step 100: updating server and generate initial encryption key, and by key exchange method, so as to obtain this first for client Beginning encryption key;
Step 200: being based on the initial encryption key, update after server encrypts file block to be updated and be sent to the visitor Family end;
Step 300: the client assembles the piecemeal, obtains and updates file;
The method process the following steps are included:
After step (1) update server and client establish connection, updates server and generate a random number a, and calculate first Beginning encryption key K=gaMod P, while client also generates a random number b, and calculates Y=gbmod P;
Wherein, P is a Big prime, and g is a primitive element of P, and the length of P is 4096, then the length of K is also 4096;
Y is sent to update server by step (2) client, is updated server and is calculated X=YaMod P, and X is sent to client End;
Step (3) client calculates K'=Xb-1mod P;
Step (4) updates server for update file block to be transmitted, and every piece of length is all m times of the length of K, and m is whole Number supplies length by finally increasing random number in block if the length of last block is insufficient;If the update file is divided At N block, it is denoted as F1, F2... ..., FN
Wherein, the length of K is 4096, m=10, then by the update file with 40960 length piecemeals, if last block Less than 40960, then increases random number behind last block, complement to 40960;
Step (5) updates server and assembles a file information packet={ File, N, mL };Wherein File is update file to be transmitted The file information, including filename, file size, N is to update file by the block number of piecemeal, and L is the length of K, and mL is exactly each The length of piecemeal;
Step (6) updates server and calculates the cryptographic Hash Hash (F for updating first piecemeal of file1), if the length of cryptographic Hash is H then fills the random number R that length is L-h after cryptographic Hash1, obtain the key K that new length is L1
Hash uses hash algorithm or MD5 hash algorithm, and MD5's the result is that 128, and the length of K is 4096, then needs to generate One 4096-128=3968 random numbers mend behind MD5 cryptographic Hash, constitute 4096 new key K1, described 4096 key K1Later for the encryption to first file packet;
Step (7) sets the length of the file information packet as L0, then by the preceding L of the file information packet and K0Position carries out exclusive or, obtains exclusive or knot Fruit XF;Then it updates server and assembles an initial information packet={ K1⊕ K, XF, HF, it include being sent to visitor by the initial information Family end;Wherein HFIt is the file information packet and K1Cryptographic Hash, be used for subsequent verification;
Step (8) client decrypts the initial information packet using K, obtains K1With the file information packet, and use HFCarry out Hash school It tests, if verification does not pass through, requests update server to retransmit the initial information packet and pass through until verifying, if verification passes through, Then client, which informs to update server and be ready for receiving, updates file;
Step (9) updates server and cyclic variable i=1 is arranged;
Step (10) updates server and assembles i-th of file packet Bi, when i < N is not the last one file packet, Bi={ Fi, Ki+1, Ki+1={ Hash (Fi+1), Ri+1, i=N, Bi=Fi
Wherein, Ri+1It is the random number that a length is L-h, then Ri+1Length and Hash (Fi+1) the sum of length be L, also It is to say, Ki+1Length be L, the encryption key as next file packet;
Step (11) updates server and uses key KiI-th of file packet is encrypted, i.e. calculating Ei=E (Ki, Bi);
Step (12) updates server for EiWith Hash (Bi) it is sent to client, client is to EiDecryption obtains Bi;If i < N, Then client is just from BiMiddle acquisition FiAnd Ki+1, from Ki+1Middle acquisition Hash (Fi+1);If i=N, client only obtains Fi
Step (13) client uses Hash (Bi) to BiCryptographic Hash verification is carried out, while using Hash (Fi) to FiCarry out cryptographic Hash Verification confirms the integrality of i-th of file packet by the verification of dual cryptographic Hash, if there is a verification does not pass through, then Client request updates server and retransmits until verification passes through;
Step (14) enables i increase by 1, and return step (10), otherwise continues following step if i < N;
Step (15) client merges all F receivedi, obtain and update file.
2. the method for pushing according to claim 1 for updating file, which is characterized in that the length of the initial encryption key It is 4096.
3. the method for pushing of file is updated described in -2 any one according to claim 1, which is characterized in that each file block Length be key length integral multiple.
4. the method for pushing of file is updated described in -2 any one according to claim 1, which is characterized in that in block transmission Completeness check is carried out to each piecemeal in the process.
5. the method for pushing according to claim 4 for updating file, which is characterized in that if the completeness check is obstructed It crosses, then the client request updates server and retransmits.
CN201611096859.2A 2016-12-02 2016-12-02 A kind of method for pushing updating file Active CN108156113B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611096859.2A CN108156113B (en) 2016-12-02 2016-12-02 A kind of method for pushing updating file

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611096859.2A CN108156113B (en) 2016-12-02 2016-12-02 A kind of method for pushing updating file

Publications (2)

Publication Number Publication Date
CN108156113A CN108156113A (en) 2018-06-12
CN108156113B true CN108156113B (en) 2019-07-23

Family

ID=62470417

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611096859.2A Active CN108156113B (en) 2016-12-02 2016-12-02 A kind of method for pushing updating file

Country Status (1)

Country Link
CN (1) CN108156113B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112182512A (en) * 2020-09-01 2021-01-05 北京幻想纵横网络技术有限公司 Information processing method, device and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1285102A (en) * 1998-02-24 2001-02-21 莫斯科戈罗德电话设备公开股份公司 Method for block-encryption of discrete data
CN101344906A (en) * 2008-05-19 2009-01-14 北京深思洛克数据保护中心 Sectional type remote updating method
CN101394273A (en) * 2008-10-17 2009-03-25 电子科技大学 Multichannel ciphered information transmission method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1285102A (en) * 1998-02-24 2001-02-21 莫斯科戈罗德电话设备公开股份公司 Method for block-encryption of discrete data
CN101344906A (en) * 2008-05-19 2009-01-14 北京深思洛克数据保护中心 Sectional type remote updating method
CN101394273A (en) * 2008-10-17 2009-03-25 电子科技大学 Multichannel ciphered information transmission method

Also Published As

Publication number Publication date
CN108156113A (en) 2018-06-12

Similar Documents

Publication Publication Date Title
CN105939191B (en) The client secure De-weight method of ciphertext data in a kind of cloud storage
CN106254374B (en) A kind of cloud data public audit method having duplicate removal function
CN107124274B (en) Digital signature method and device based on SM2
CN106357701B (en) The integrity verification method of data in cloud storage
US9806889B2 (en) Key downloading method, management method, downloading management method, device and system
CN106130716B (en) Key exchange system and method based on authentication information
CN104184740B (en) Trusted transmission method, trusted third party and credible delivery system
US20140258736A1 (en) Systems and Methods for Maintaining Integrity and Secrecy in Untrusted Computing Platforms
CN111526197B (en) Cloud data secure sharing method
KR20210134655A (en) Security systems and related methods
CN105391554B (en) A kind of method and system for realizing fingerprint matching using ciphertext
CN106899406B (en) A kind of method of proof of cloud data storage integrality
US20130067218A2 (en) Incorporating data into cryptographic components of an ecqv certificate
WO2015173434A1 (en) Method for proving retrievability of information
Azraoui et al. Stealthguard: Proofs of retrievability with hidden watchdogs
CN103368975B (en) A kind of method and system of batch data safe transmission
CN105743854A (en) Security authentication system and method
CN109981671B (en) Data processing method based on encryption machine and encryption machine
CN108156113B (en) A kind of method for pushing updating file
JP6534913B2 (en) Information processing apparatus and fraudulent message detection method
CN112839328B (en) Close-contact data verification method, client, server and storage medium
CN106788969B (en) A kind of transmission method of data file
US7574607B1 (en) Secure pipeline processing
US20230318857A1 (en) Method and apparatus for producing verifiable randomness within a decentralized computing network
CN116032655B (en) Identity authentication method and system capable of resisting timing attack

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 101399 No. 2 East Airport Road, Shunyi Airport Economic Core Area, Beijing (1st, 5th and 7th floors of Industrial Park 1A-4)

Applicant after: Zhongke Star Map Co., Ltd.

Address before: 101399 Building 1A-4, National Geographic Information Technology Industrial Park, Guomen Business District, Shunyi District, Beijing

Applicant before: Space Star Technology (Beijing) Co., Ltd.

GR01 Patent grant
GR01 Patent grant