CN108366066A - A kind of data transmission method and system of automation community - Google Patents
A kind of data transmission method and system of automation community Download PDFInfo
- Publication number
- CN108366066A CN108366066A CN201810144768.4A CN201810144768A CN108366066A CN 108366066 A CN108366066 A CN 108366066A CN 201810144768 A CN201810144768 A CN 201810144768A CN 108366066 A CN108366066 A CN 108366066A
- Authority
- CN
- China
- Prior art keywords
- network
- network end
- file
- server
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of data transmission methods and system of automation community, are related to intelligence system field.A kind of data transmission method of automation community provided in an embodiment of the present invention, is split, the technology of encryption and subsequent authentication so that the safety higher for the data that first network end is transmitted to the second network-side using semantic analysis, digest algorithm, data.
Description
Technical field
The present invention relates to intelligence system fields, in particular to a kind of data transmission method automating community and are
System.
Background technology
Automation community refers to generally by government (private enterprise cooperates with government) planning construction, supply water, power supply, supply,
Communication, road, storage and other auxiliary facilities it is complete, it is rationally distributed and disclosure satisfy that be engaged in certain specific industry production and science
Test the standard building needed or building group, including industrial park, industrial zone, Logistics Park, metropolis industry garden
Area, scientific and technological park, creative park etc..
Currently, automation community is capable of providing more complete a set of service system, the service system is by multiple subsystems
Composition, such as power supply system, water system etc., these systems have collectively constituted automation community so that automation community can
It is preferably user service.
Invention content
The purpose of the present invention is to provide a kind of data transmission methods and system of automation community.
The embodiment of the present invention provides a kind of data transmission method of automation community, including:
First network end obtains the significance level information of the file destination and file destination that are sent;
The profile information in file destination is extracted by semantic analysis software in first network end;
First network end increases significance level information in profile information and obtains the first reference paper;
First network end is calculated using first the first reference paper of digest algorithm pair, obtains the first summary info, with
And calculated using second the first reference paper of digest algorithm pair, obtain the second summary info;
First network end determines encryption secret key according to the first summary info, and is determined according to the second summary info and split rule
Then;
First network end sends the first storage rule to security server by escape way and obtains request;First storage rule
Then obtain the identification marking that first network end is carried in request;
The identification marking that security server obtains the receiving time and first network end asked according to the first storage rule is true
Determine storage rule;
Security server sends the exchange code corresponding to storage rule and storage rule to first network end;
First network end is encrypted using encryption secret key pair file destination, to obtain the second reference paper;
First network end splits the second reference paper according to rule is split, to generate multi-group data fragment;
Multi-group data fragment is respectively stored according to storage rule on different fragment servers by first network end;It is broken
Piece server includes public cloud fragment server and private clound fragment server;
First network end is encrypted according to sending time to exchanging code;
First network end sends the first reference paper and encrypted exchange code to the second network-side;
Second network-side is decrypted exchange code according to the time for exchanging code is received, to obtain converting for unencryption
Replacement code;
Second network-side is calculated using the first reference paper of third digest algorithm pair, obtains third summary info, with
And calculated using the 4th the first reference paper of digest algorithm pair, obtain the 4th summary info;
Second network-side determines decryption secret key according to third summary info, and determines combination rule according to the 4th summary info
Then;
Second network-side sends the second storage rule to security server and obtains request, and the second storage rule obtains in request
Carry the exchange code after decryption;
Security server is verified to exchanging code, is deposited to the return of the second network-side if exchanging being verified of code
Storage rule;
Second network-side is according to storage rule, from specified fragment server download data fragment;
The fragmentation of data downloaded to is combined into third reference paper by the second network-side according to rule of combination;
Third reference paper is decrypted according to data deciphering rule for second network-side, to obtain clear text file;
Second network-side extracts significance level information from the first reference paper;
If the significance level represented by significance level information is more than predetermined threshold, the second network-side is according to preset rules pair
Clear text file carries out field and wins, to obtain authentication document;The size of authentication document is no more than the 1% of clear text file size;
Second network-side sends authentication document to first network end;
Authentication document is verified at first network end, if first network end does not pass through the verification of authentication document or
One network-side is not received by authentication document at the appointed time, then first network end sends out warning information to intermediate server.
Preferably, significance level information is calculated as follows:
First network end obtains the file parameters of file destination, and file parameters include file type, keyword, file size
With file sectional drawing;
First network end sends file parameters to certificate server;
Certificate server calculates the reference information of file destination according to file parameters;
Certificate server sends reference information to first network end;
First network end calculates significance level information according to the title of reference information and file destination.
Preferably, file sectional drawing is obtained after being intercepted to the watermark region of file destination.
Preferably, the identification marking at first network end is calculated as follows:
First network end sends out mark to security server and obtains request;
Security server returns to the server code at first network end to first network end, and server code is according to network
What the quantity at end determined;
First network end determines identification marking according to the IP address of server code and first network end.
Preferably, step security server obtains the receiving time and first network end asked according to the first storage rule
Identification marking determines that storage rule includes:
Security server according to the first storage rule obtain request receiving time where period and identification marking it is true
Determine storage rule, every 10 minutes, storage rule can be adjusted.
Preferably, storage rule includes private cloud storage proportion, publicly-owned cloud storage proportion, storage server address, storage
Proportion is stored under memory block and line in server.
Preferably, step first network end according to sending time to exchange code be encrypted including:
First network end obtains estimated sending time;
First network end is by the way of tabling look-up, and sending time, is searched from list and it is expected that sending time on the estimation
Corresponding asymmetric encryption secret key;
Code is exchanged using the asymmetric encryption secret key pair found and is encrypted in first network end.
Preferably, if first network end does not pass through the verification of authentication document, this method further includes:
First network end carries out sectional drawing to the code of file destination, to generate the first picture;
The first picture of first network end pair carries out binary conversion treatment, and according to the finger in the first picture after binary conversion treatment
Determine Area generation target encryption secret key;
First network end is encrypted using target encryption secret key pair file destination, to generate the first encryption file;
First net establishes the first communication port, the second communication port and standby transport respectively using network end and the second network-side
Channel;
Current first communication port, the second communication port and the practical net in standby transport channel are detected respectively in first network end
Speed value;
If the practical network speed value of the first communication port and the second communication port is more than predetermined threshold, first network end the
One encryption file is packed into the first data packet, and the first picture is packed into the second data packet;
First network end sends the first data packet by the first communication port to the second network-side, and passes through the second communication
Channel sends the second data packet to the second network-side;
Second the first picture of network-side carries out binary conversion treatment, and according to specified in the first picture after binary conversion treatment
Area generation object decryption secret key;
Second network-side is encrypted file using object decryption secret key pair first and is decrypted, to generate file destination.
Preferably, if one in the practical network speed value of the first communication port and the practical network speed value of the second communication port equal
More than predetermined threshold, then this method further includes:
It is multiple first encryptions subfiles by the first encryption file declustering, and the abstract of each first encryption subfile is beaten
Packet forms the first data packet, and, and the first picture is packed into the second data packet;Each first encryption subfile adds
Close mode is identical as the first encryption cipher mode of file;
First network end sends the first data packet by the first communication port to the second network-side, and passes through the second communication
Channel sends the second data packet to the second network-side;
Second the first picture of network-side carries out binary conversion treatment, and according to specified in the first picture after binary conversion treatment
Area generation object decryption secret key;
Second network-side is decrypted using each first encryption subfile of object decryption secret key pair, to generate multiple first
Encrypt the abstract of subfile;
Second network-side generates file reception request depending on the user's operation, and file reception is asked to first network end
It sends;
First network end sends the first encryption subfile corresponding with file reception request to the second network-side.
The embodiment of the present invention additionally provides a kind of data transmission system of automation community, including first network end, second
Network-side and security server;
First network end, the second network-side and security server are used to according to a kind of transmission side data of automation community
Method executes corresponding operation.
It is provided in an embodiment of the present invention it is a kind of automation community data transmission method, using semantic analysis, digest algorithm,
The technology of data fractionation, encryption and subsequent authentication so that the safety for the data that first network end is transmitted to the second network-side is more
It is high.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, preferred embodiment cited below particularly, and coordinate
Appended attached drawing, is described in detail below.
Description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached
Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair
The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings.
Fig. 1 shows a kind of the used system of data transmission method for automation community that the embodiment of the present invention is provided
System architecture diagram;
A kind of first details of the data transmission method of the automation community provided Fig. 2 shows the embodiment of the present invention
Optimized flow chart;
Fig. 3 shows a kind of second details of the data transmission method for automation community that the embodiment of the present invention is provided
Optimized flow chart;
Fig. 4 shows a kind of third details of the data transmission method for automation community that the embodiment of the present invention is provided
Optimized flow chart.
Specific implementation mode
Below in conjunction with attached drawing in the embodiment of the present invention, technical solution in the embodiment of the present invention carries out clear, complete
Ground describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Usually exist
The component of the embodiment of the present invention described and illustrated in attached drawing can be arranged and be designed with a variety of different configurations herein.Cause
This, the detailed description of the embodiment of the present invention to providing in the accompanying drawings is not intended to limit claimed invention below
Range, but it is merely representative of the selected embodiment of the present invention.Based on the embodiment of the present invention, those skilled in the art are not doing
The every other embodiment obtained under the premise of going out creative work, shall fall within the protection scope of the present invention.
In the related technology, there is the data transmission technology for automation community, but it has been recognised by the inventors that at present
The safety of some data transmission technologies is not high enough, and in turn, for this kind of situation, this application provides a kind of improved automations
The data transmission method of community acts on system as shown in Figure 1, which includes first network end, the second network-side and peace
Full server, this method include:
First network end 101 obtains the significance level information of the file destination and file destination that are sent;
The profile information in file destination is extracted by semantic analysis software in first network end 101;
First network end 101 increases significance level information in profile information and obtains the first reference paper;
First network end 101 is calculated using first the first reference paper of digest algorithm pair, obtains the first summary info,
And calculated using second the first reference paper of digest algorithm pair, obtain the second summary info;
First network end 101 determines encryption secret key according to the first summary info, and is torn open according to the determination of the second summary info
Divider is then;
First network end 101 sends the first storage rule to security server 102 by escape way and obtains request;First
Storage rule obtains the identification marking that first network end 101 is carried in request;
Security server 102 obtains the identification of the receiving time and first network end 101 of request according to the first storage rule
Mark determines storage rule;
Security server 102 sends the exchange code corresponding to storage rule and storage rule to first network end 101;
First network end 101 is encrypted using encryption secret key pair file destination, to obtain the second reference paper;
First network end 101 splits the second reference paper according to rule is split, to generate multi-group data fragment;
Multi-group data fragment is respectively stored according to storage rule on different fragment servers by first network end 101;
Fragment server includes public cloud fragment server and private clound fragment server;
First network end 101 is encrypted according to sending time to exchanging code;
First network end 101 sends the first reference paper and encrypted exchange code to the second network-side 103;
Second network-side 103 is decrypted exchange code according to the time for exchanging code is received, to obtain unencryption
Exchange code;
Second network-side 103 is calculated using the first reference paper of third digest algorithm pair, obtains third summary info,
And calculated using the 4th the first reference paper of digest algorithm pair, obtain the 4th summary info;
Second network-side 103 determines decryption secret key according to third summary info, and determines group according to the 4th summary info
Normally;
Second network-side 103 sends the second storage rule to security server 102 and obtains request, and the second storage rule obtains
The exchange code after decryption is carried in request;
Security server 102 is verified to exchanging code, to the second network-side 103 if exchanging being verified of code
Return to storage rule;
Second network-side 103 is according to storage rule, from specified fragment server download data fragment;
The fragmentation of data downloaded to is combined into third reference paper by the second network-side 103 according to rule of combination;
Third reference paper is decrypted according to data deciphering rule for second network-side 103, to obtain clear text file;
Second network-side 103 extracts significance level information from the first reference paper;
If the significance level represented by significance level information is more than predetermined threshold, the second network-side 103 is according to default rule
It then carries out field to clear text file to win, to obtain authentication document;The size of authentication document is no more than clear text file size
1%;
Second network-side 103 sends authentication document to first network end 101;
Authentication document is verified at first network end 101, if first network end 101 is obstructed to the verification of authentication document
It crosses or first network end 101 is not received by authentication document at the appointed time, then first network end 101 is to intermediate server
Send out warning information.
Wherein, file destination can be document, can also be picture.Significance level information shows file destination should be by
The degree of attention.The extracting mode of profile information is extracted by the way of semantic analysis, and semantic analysis software can use
Existing a certain kind, it is contemplated that semantic analysis precision, can be for some technical fields (such as automation community neck
Domain) semantic analysis software, for example the dictionary of the software can be dictionary using the technical field.
Under normal conditions, the algorithm model of the first digest algorithm and the second digest algorithm is different, it is necessary to when
It waits, the algorithm core of the two digest algorithms can be also adjusted to different situations.
The process that encryption secret key is determined according to the first summary info can prestore one in present first network end 101
A table has recorded the correspondence of encryption secret key and the first summary info in the table, similar, can also be and separately deposits one
Table, the second summary info of the table summary record separately deposited and the correspondence for splitting rule.
Storage rule is that first network end 101 is asked for security server 102 temporarily, rather than is pre-stored in first network
In end 101, this is to improve whole safety.In fact, security server 102 determines that the mode of storage rule also has
Other kinds, but in view of being determined to ensure therefore resolution uses this side in current scheme according to identification marking
Formula.
In subsequent process, first network end 101 also uses sending time to be encrypted to exchanging code, improves peace
Whole degree.
Second network-side 103 after receiving the first reference paper and encrypted exchange code, according to first network
It holds the similar flow of 101 processing modes to be handled, and after obtaining clear text file, is also carried out according to significance level information
Subsequent processing.
Subsequent processes mainly play the role of repetition restriction, and verifying in this way for task is more than by the second network-side
103 undertake, and are also undertaken by first network end 101.
Preferably, in method provided herein, significance level information is calculated as follows, such as schemes
Shown in 2:
S201, first network end 101 obtain file destination file parameters, file parameters include file type, keyword,
File size and file sectional drawing;
S202, first network end 101 send file parameters to certificate server;
S203, certificate server calculate the reference information of file destination according to file parameters;
S204, certificate server send reference information to first network end 101;
S205, first network end 101 calculate significance level information according to the title of reference information and file destination.
It is, significance level information is mainly to be determined by reference information, file name is more to number
It uses and (distinguishes different significance level information).Intervention certificate server is also for raising safe coefficient herein.
Preferably, file sectional drawing is obtained after being intercepted to the watermark region of file destination.
Preferably, the identification marking at first network end 101 is calculated as follows, as shown in Figure 3:
S301, first network end 101 send out mark to security server 102 and obtain request;
S302, security server 102 return to the server code at first network end 101, server to first network end 101
Coding is determined according to the quantity of network-side;
S303, first network end 101 determine identification marking according to the IP address of server code and first network end 101.
Wherein, server code refers to what security server 102 was determined according to the quantity at first network end 101, such as
The first network end 101 is the first network end 101 of the tenth foundation, then the server code at the first network end 101 can
To be 0010, IP address refers to that the address of network is accessed at first network end 101.
Preferably, step security server 102 obtains the receiving time and first network of request according to the first storage rule
The identification marking at end 101 determines that storage rule includes:
Security server 102 according to the first storage rule obtain request receiving time where period and identification marking
Determine storage rule, every 10 minutes, storage rule can be adjusted.
It is, storage rule is to be adjusted for each ten minutes.Can be in security server when specific implementation
Prestore a table of comparisons in 102, and the correspondence of period and storage rule is had recorded in the table of comparisons.Security server 102
After the requests have been received, storage rule is directly determined by the way of tabling look-up.
Preferably, storage rule includes private cloud storage proportion (percentage how many data are stored in private clound), public affairs
There is depositing in cloud storage proportion (percentage for storing how many data in public cloud), storage server address, storage server
Proportion is stored under storage area (which memory block is selected to be stored in some server) and line (in the line in addition to server
The percentage stored in lower equipment).
Preferably, step first network end 101 is encrypted to exchanging code including as shown in Figure 4 according to sending time:
S401, first network end 101 obtain estimated sending time;
S402, first network end 101 is by the way of tabling look-up, sending time on the estimation, searched from list with it is expected that
The corresponding asymmetric encryption secret key of sending time;
S403, first network end 101 are exchanged code using the asymmetric encryption secret key pair found and are encrypted.
It is, encrypted strategy is determined using sending time.Sending time herein is the sending time being expected
(because sending action has not carried out at this time).
Preferably, if first network end 101 does not pass through the verification of authentication document, this method further includes:
First network end 101 carries out sectional drawing to the code of file destination, (is preserved with graphic form with generating the first picture
Code);
First network end 101 carries out binary conversion treatment to the first picture, and according in the first picture after binary conversion treatment
Specified Area generation target encryption secret key (such as can according to brightness for 0 the area in region and the ratio of the gross area come it is true
Surely secret key is encrypted);
First network end 101 is encrypted using target encryption secret key pair file destination, to generate the first encryption file;
First net establishes the first communication port, the second communication port and spare respectively using network end and the second network-side 103
Transmission channel;
The reality of current first communication port, the second communication port and standby transport channel is detected respectively in first network end 101
Border network speed value;
If the practical network speed value of the first communication port and the second communication port is more than predetermined threshold, first network end
101 first encryption files are packed into the first data packet, and the first picture is packed into the second data packet;
First network end 101 sends the first data packet by the first communication port to the second network-side 103, and passes through the
Two communication ports send the second data packet to the second network-side 103;
Second network-side, 103 first picture carries out binary conversion treatment, and according in the first picture after binary conversion treatment
Specified Area generation object decryption secret key;
Second network-side 103 is encrypted file using object decryption secret key pair first and is decrypted, to generate file destination.
The process that second network-side 103 is decrypted with the process that first network end 101 is encrypted be it is similar, only
Final result one is encrypted, and one is decrypted.
Preferably, if one in the practical network speed value of the first communication port and the practical network speed value of the second communication port equal
More than predetermined threshold, then this method further includes:
It is multiple first encryptions subfiles by the first encryption file declustering, and the abstract of each first encryption subfile is beaten
Packet forms the first data packet, and, and the first picture is packed into the second data packet;Each first encryption subfile adds
Close mode is identical as the first encryption cipher mode of file;Wherein, the first encryption subfile is remained in encrypted state,
Its abstract can be calculated by digest algorithm, can also be by simple extraction algorithm, directly from the first encryption Ziwen
Corresponding character is extracted in part to obtain;
First network end 101 sends the first data packet by the first communication port to the second network-side 103, and passes through the
Two communication ports send the second data packet to the second network-side 103;
Second network-side, 103 first picture carries out binary conversion treatment, and according in the first picture after binary conversion treatment
Specified Area generation object decryption secret key;
Second network-side 103 is decrypted using each first encryption subfile of object decryption secret key pair, multiple to generate
The abstract of first encryption subfile;
Second network-side 103 generates file reception request depending on the user's operation, and file reception is asked to the first net
Network end 101 is sent;
First network end 101 is sent out by the first encryption subfile corresponding with file reception request to the second network-side 103
It send.
It is, it is similar that first network end 101 and the second network-side 103, which generate the process of abstract,.
Preferably, if the practical network speed value of the first communication port and the practical network speed value of the second communication port be below it is predetermined
Threshold value, then this method further include:
First network end 101 is sent a warning message by alternate communication channels to receiving terminal, if receiving in the given time
To the feedback information for warning information, then step is re-executed after the predetermined time and detects current first communication port, second
The practical network speed value of communication port and standby transport channel.
It is, when network speed is too low, then without sending, otherwise transmission success rate is too low.
Preferably, first network end 101 is PC.
Preferably, the second network-side 103 is server.
Preferably, the significance level corresponding to significance level information shares 15 classification (namely threshold values of significance level
It can be set as the 8th grade, the 9th grade etc.).
Preferably, the recording mode of profile information and the recording mode of file destination are identical.
Preferably, storage rule includes:Storage region on the same fragment server, in the same fragment server
On each storage region in storage quantity, the memory gap length of different data in fragmentation of data, to fragmentation of data
The mode and extraction password that code is converted.
Preferably, rule is split to generate as follows:
First network end 101 generates the candidate random number of 16 2-100 at random, and according to current network time, to life
At candidate random number carry out operation, to generate the use random number of 2-1000;
First network end 101 in a predetermined sequence, will be all ranked up using random number, generate collating sequence;
First network end 101 extracted at random from collating sequence one use random number, and according to the use extracted with
Machine number, which generates, splits rule;
After being split to the second reference paper of predefined size using fractionation rule, judgement is at first network end 101
It is no to also have remaining second reference paper not to be split, if so, then re-execute step extracts one at random from collating sequence
Using random number, and according to extracting rule is split using generating random number.
Wherein, the mode for establishing table can also be used to be inquired using the correspondence of random number and fractionation rule.
Remaining second reference paper refers to the partial data for belonging to the second reference paper, and not being split.
Preferably, public cloud fragment server and private clound fragment server are provided in different regions.For example, one
It is a in Beijing, one in Shanghai.
Preferably, multi-group data fragment is at least 4 groups.
Preferably, sending time was calculated according to first network end internal clocking time and internet timing time
's.
Preferably, it is by least three kinds of code combination strokes to exchange code.
Preferably, security server and intermediate server are provided in different geographical.
Preferably, it is specified that the time is 10 seconds.
Preferably, it is provided with adaptive and learning system in semantic analysis software.
Preferably, step first network end includes by the profile information in semantic analysis software extraction file destination:
First network end carries out sectional drawing to the code of file destination, and the pictorial information generated to sectional drawing carries out picture knowledge
Not, to generate profile information.
Preferably, the first digest algorithm and the be MD5 algorithms of the second digest algorithm.
Preferably, the first digest algorithm and the be SHA-1 algorithms of the second digest algorithm.
It is combined with the above method, present invention also provides a kind of data transmission systems of automation community, including the
One network-side, the second network-side and security server;
First network end, the second network-side and security server are used to execute corresponding behaviour according to method as the aforementioned
Make.
Preferably, further include the first monitoring server;
First monitoring server, for being monitored to the behavior of the second network-side.
Preferably, further include the second monitoring server;
Second monitoring server, for being monitored to the behavior at first network end.
Preferably, further include third monitoring server;
Third monitoring server, for being monitored to the behavior of security server.
An embodiment of the present invention provides a kind of data transmission methods of automation community of A1., including:
First network end obtains the significance level information of the file destination and file destination that are sent;
The profile information in file destination is extracted by semantic analysis software in first network end;
First network end increases significance level information in profile information and obtains the first reference paper;
First network end is calculated using first the first reference paper of digest algorithm pair, obtains the first summary info, with
And calculated using second the first reference paper of digest algorithm pair, obtain the second summary info;
First network end determines encryption secret key according to the first summary info, and is determined according to the second summary info and split rule
Then;
First network end sends storage rule to security server by escape way and obtains request;Storage rule acquisition is asked
The identification marking at first network end is carried in asking;
Security server obtains the receiving time of request according to storage rule and the identification marking determination at first network end is deposited
Storage rule;
Security server sends the exchange code corresponding to storage rule and storage rule to first network end;
First network end is encrypted using encryption secret key pair file destination, to obtain the second reference paper;
First network end splits the second reference paper according to rule is split, to generate multi-group data fragment;
Multi-group data fragment is respectively stored according to storage rule on different fragment servers by first network end;It is broken
Piece server includes public cloud fragment server and private clound fragment server;
First network end is encrypted according to sending time to exchanging code;
First network end sends the first reference paper and encrypted exchange code to the second network-side;
Second network-side is decrypted exchange code according to the time for exchanging code is received, to obtain converting for unencryption
Replacement code;
Second network-side is calculated using the first reference paper of third digest algorithm pair, obtains third summary info, with
And calculated using the 4th the first reference paper of digest algorithm pair, obtain the 4th summary info;
Second network-side determines decryption secret key according to third summary info, and determines combination rule according to the 4th summary info
Then;
Second network-side sends the second storage rule to security server and obtains request, and the second storage rule obtains in request
Carry the exchange code after decryption;
Security server is verified to exchanging code, and storage rule is returned to the second network-side if being verified;
Second network-side is according to storage rule, from specified fragment server download data fragment;
The fragmentation of data downloaded to is combined into third reference paper by the second network-side according to rule of combination;
Third reference paper is decrypted according to data deciphering rule for second network-side, to obtain clear text file;
Second network-side extracts significance level information from the first reference paper;
If the significance level represented by significance level information is more than predetermined threshold, the second network-side is according to preset rules pair
Clear text file carries out field and wins, to obtain authentication document;The size of authentication document is no more than the 1% of clear text file size;
Second network-side sends authentication document to first network end;
Authentication document is verified at first network end, if verification does not pass through or first network end does not have at the appointed time
Authentication document is received, then first network end sends out warning information to intermediate server.
A2. according to the method for A1, significance level information is calculated as follows:
First network end obtains the file parameters of file destination, and file parameters include file type, keyword, file size
With file sectional drawing;
First network end sends file parameters to certificate server;
Certificate server calculates the reference information of file destination according to file parameters;
Certificate server sends reference information to first network end;
First network end calculates significance level information according to the title of reference information and file destination.
A3. according to the method for A2, file sectional drawing is obtained after being intercepted to the watermark region of file destination.
A4. according to the method for A1, the identification marking at first network end is calculated as follows:
First network end sends out mark to security server and obtains request;
Security server returns to the server code at first network end to first network end, and server code is according to network
What the quantity at end determined;
First network end determines identification marking according to the IP address of server code and first network end.
A5. according to the method for A1, step security server obtains the receiving time and the first net of request according to storage rule
The identification marking at network end determines that storage rule includes:
Period and identification marking determination where the receiving time that security server is asked according to storage rule acquisition deposit
Storage rule, every 10 minutes, storage rule can be adjusted.
A6. according to the method for A1,
Storage rule includes in private cloud storage proportion, publicly-owned cloud storage proportion, storage server address, storage server
Memory block and line under store proportion.
A7. according to the method for A1, step first network end according to sending time to exchange code be encrypted including:
First network end obtains estimated sending time;
First network end is by the way of tabling look-up, and sending time, is searched from list and it is expected that sending time on the estimation
Corresponding asymmetric encryption secret key;
Code is exchanged using the asymmetric encryption secret key pair found and is encrypted in first network end.
A8. according to the method for A1, if verification does not pass through, this method further includes:
First network end carries out sectional drawing to the code of file destination, to generate the first picture;
The first picture of first network end pair carries out binary conversion treatment, and according to the finger in the first picture after binary conversion treatment
Determine Area generation target encryption secret key;
First network end is encrypted using target encryption secret key pair file destination, to generate the first encryption file;
First net establishes the first communication port, the second communication port and standby transport respectively using network end and the second network-side
Channel;
Current first communication port, the second communication port and the practical net in standby transport channel are detected respectively in first network end
Speed value;
If the practical network speed value of the first communication port and the second communication port is more than predetermined threshold, first network end the
One encryption file is packed into the first data packet, and the first picture is packed into the second data packet;
First network end sends the first data packet by the first communication port to the second network-side, and passes through the second communication
Channel sends the second data packet to the second network-side;
Second the first picture of network-side carries out binary conversion treatment, and according to specified in the first picture after binary conversion treatment
Area generation object decryption secret key;
Second network-side is encrypted file using object decryption secret key pair first and is decrypted, to generate file destination.
A9. according to the method for A8, if the practical network speed value of the practical network speed value of the first communication port and the second communication port
In one be more than predetermined threshold, then this method further include:
It is multiple first encryptions subfiles by the first encryption file declustering, and the abstract of each first encryption subfile is beaten
Packet forms the first data packet, and, and the first picture is packed into the second data packet;Each first encryption subfile adds
Close mode is identical as the first encryption cipher mode of file;
First network end sends the first data packet by the first communication port to the second network-side, and passes through the second communication
Channel sends the second data packet to the second network-side;
Second the first picture of network-side carries out binary conversion treatment, and according to specified in the first picture after binary conversion treatment
Area generation object decryption secret key;
Second network-side is decrypted using each first encryption subfile of object decryption secret key pair, to generate multiple first
Encrypt the abstract of subfile;
Second network-side generates file reception request depending on the user's operation, and file reception is asked to first network end
It sends;
First network end sends the first encryption subfile corresponding with file reception request to the second network-side.
A10. according to the method for A8, if the practical network speed value of the practical network speed value of the first communication port and the second communication port
It is below predetermined threshold, then this method further includes:
First network end is sent a warning message by alternate communication channels to receiving terminal, if receiving needle in the given time
To the feedback information of warning information, then step is re-executed after the predetermined time and detects current first communication port, the second communication
The practical network speed value in channel and standby transport channel.
A11. according to the method for A1, first network end is PC.
A12. according to the method for A1, the second network-side is server.
A13. according to the method for A1, the significance level corresponding to significance level information shares 15 classifications.
A14. according to the method for A1, the recording mode of profile information and the recording mode of file destination are identical.
A15. according to the method for A1, storage rule includes:Storage region on the same fragment server, same
It is the storage quantity in each storage region on fragment server, the memory gap length of the different data in fragmentation of data, right
The mode and extraction password that the code of fragmentation of data is converted.
A16. it according to the method for A1, splits rule and generates as follows:
First network end generates the candidate random number of 16 2-100 at random, and according to current network time, to generation
Candidate random number carries out operation, to generate the use random number of 2-1000;
In a predetermined sequence, it will be all ranked up using random number, generated collating sequence;
It extracts one at random from collating sequence and uses random number, and rule are split using generating random number according to extracting
Then;
Using splitting after rule splits the second reference paper of predefined size, judging whether also remaining the
Two reference papers are not split, and random number, and root are used if so, then re-executing step and extracting one at random from collating sequence
According to extracting rule is split using generating random number.
A17. it is provided in different regions according to the method for A1, public cloud fragment server and private clound fragment server
's.
A18. according to the method for A1, multi-group data fragment is at least 4 groups.
A19. according to the method for A1, sending time is according to first network end internal clocking time and internet timing time
It is calculated.
A20. according to the method for A1, it is by least three kinds of code combination strokes to exchange code.
A21. different geographical is provided according to the method for A1, security server and intermediate server.
22. according to the method for A1, it is specified that the time is 10 seconds.
A23. according to the method for A1, adaptive and learning system is provided in semantic analysis software.
A24. according to the method for A1, step first network end is extracted the brief introduction in file destination by semantic analysis software and is believed
Breath includes:
First network end carries out sectional drawing to the code of file destination, and the pictorial information generated to sectional drawing carries out picture knowledge
Not, to generate profile information.
A25. according to the method for A1, the first digest algorithm and the be MD5 algorithms of the second digest algorithm.
A26. according to the method for A1, the first digest algorithm and the be SHA-1 algorithms of the second digest algorithm.
B27. a kind of data transmission system of automation community, including first network end, the second network-side and security service
Device;
First network end, the second network-side and security server are used to execute phase according to the method for any one of such as A1-26
The operation answered.
B28. further include the first monitoring server according to the system of B27;
First monitoring server, for being monitored to the behavior of the second network-side.
B29. according to the system of B27, which is characterized in that further include the second monitoring server;
Second monitoring server, for being monitored to the behavior at first network end.
B30. according to the system of B27, which is characterized in that further include third monitoring server;
Third monitoring server, for being monitored to the behavior of security server.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in a computer read/write memory medium.Based on this understanding, technical scheme of the present invention is substantially in other words
The part of the part that contributes to existing technology or the technical solution can be expressed in the form of software products, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be
People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention.
And storage medium above-mentioned includes:USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic disc or CD.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain
Lid is within protection scope of the present invention.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. a kind of data transmission method of automation community, which is characterized in that including:
First network end obtains the significance level information of the file destination and file destination that are sent;
The profile information in file destination is extracted by semantic analysis software in first network end;
First network end increases significance level information in profile information and obtains the first reference paper;
First network end is calculated using first the first reference paper of digest algorithm pair, obtains the first summary info, and make
It is calculated with second the first reference paper of digest algorithm pair, obtains the second summary info;
First network end determines encryption secret key according to the first summary info, and is determined according to the second summary info and split rule;
First network end sends the first storage rule to security server by escape way and obtains request;The first storage rule
Then obtain the identification marking that first network end is carried in request;
Security server obtains the receiving time of request according to the first storage rule and the identification marking determination at first network end is deposited
Storage rule;
Security server sends the exchange code corresponding to storage rule and storage rule to first network end;
First network end is encrypted using encryption secret key pair file destination, to obtain the second reference paper;
First network end splits the second reference paper according to rule is split, to generate multi-group data fragment;
Multi-group data fragment is respectively stored according to storage rule on different fragment servers by first network end;It is described broken
Piece server includes public cloud fragment server and private clound fragment server;
First network end is encrypted according to sending time to exchanging code;
First network end sends the first reference paper and encrypted exchange code to the second network-side;
Second network-side is decrypted exchange code according to the time for exchanging code is received, to obtain the exchange generation of unencryption
Code;
Second network-side is calculated using the first reference paper of third digest algorithm pair, obtains third summary info, and make
It is calculated with the 4th the first reference paper of digest algorithm pair, obtains the 4th summary info;
Second network-side determines decryption secret key according to third summary info, and determines rule of combination according to the 4th summary info;
Second network-side sends the second storage rule to security server and obtains request, and second storage rule obtains in request
Carry the exchange code after decryption;
Security server is verified to exchanging code, and storage rule are returned to the second network-side if exchanging being verified of code
Then;
Second network-side is according to storage rule, from specified fragment server download data fragment;
The fragmentation of data downloaded to is combined into third reference paper by the second network-side according to rule of combination;
Third reference paper is decrypted according to data deciphering rule for second network-side, to obtain clear text file;
Second network-side extracts significance level information from the first reference paper;
If the significance level represented by significance level information is more than predetermined threshold, the second network-side is according to preset rules in plain text
File carries out field and wins, to obtain authentication document;The size of authentication document is no more than the 1% of clear text file size;
Second network-side sends authentication document to first network end;
Authentication document is verified at first network end, if first network end does not pass through to the verification of authentication document or the first net
Network end is not received by authentication document at the appointed time, then first network end sends out warning information to intermediate server.
2. according to the method described in claim 1, it is characterized in that, the significance level information is to calculate as follows
It arrives:
First network end obtains the file parameters of file destination, and the file parameters include file type, keyword, file size
With file sectional drawing;
First network end sends file parameters to certificate server;
Certificate server calculates the reference information of file destination according to file parameters;
Certificate server sends reference information to first network end;
First network end calculates significance level information according to the title of reference information and file destination.
3. according to the method described in claim 2, it is characterized in that, the file sectional drawing be to the watermark region of file destination into
It is obtained after row interception.
4. according to the method described in claim 1, it is characterized in that, the identification marking at the first network end is according to such as lower section
What formula was calculated:
First network end sends out mark to security server and obtains request;
Security server returns to the server code at first network end to first network end, and the server code is according to network
What the quantity at end determined;
First network end determines identification marking according to the IP address of server code and first network end.
5. according to the method described in claim 1, it is characterized in that, step security server is asked according to the acquisition of the first storage rule
The identification marking of the receiving time and first network end asked determines that storage rule includes:
Period and identification marking determination where the receiving time that security server is asked according to the acquisition of the first storage rule deposit
Storage rule, every 10 minutes, storage rule can be adjusted.
6. according to the method described in claim 1, it is characterized in that,
Storage rule includes depositing in private cloud storage proportion, publicly-owned cloud storage proportion, storage server address, storage server
Proportion is stored under storage area and line.
7. according to the method described in claim 1, it is characterized in that, step first network end according to sending time to exchange code
Be encrypted including:
First network end obtains estimated sending time;
First network end is by the way of tabling look-up, sending time on the estimation, searched from list with it is expected that sending time is opposite
The asymmetric encryption secret key answered;
Code is exchanged using the asymmetric encryption secret key pair found and is encrypted in first network end.
8. according to the method described in claim 1, it is characterized in that, if first network end does not pass through the verification of authentication document,
Then this method further includes:
First network end carries out sectional drawing to the code of file destination, to generate the first picture;
The first picture of first network end pair carries out binary conversion treatment, and according to the specified area in the first picture after binary conversion treatment
Domain generates target and encrypts secret key;
First network end is encrypted using target encryption secret key pair file destination, to generate the first encryption file;
First net is established the first communication port, the second communication port and standby transport using network end and the second network-side and is led to respectively
Road;
Current first communication port, the second communication port and the practical network speed in standby transport channel are detected respectively in first network end
Value;
If the practical network speed value of the first communication port and the second communication port is more than predetermined threshold, first network end first adds
Ciphertext part is packed into the first data packet, and the first picture is packed into the second data packet;
First network end sends the first data packet by the first communication port to the second network-side, and passes through the second communication port
The second data packet is sent to the second network-side;
Second the first picture of network-side carries out binary conversion treatment, and according to the specified region in the first picture after binary conversion treatment
Generate object decryption secret key;
Second network-side is encrypted file using object decryption secret key pair first and is decrypted, to generate file destination.
9. if according to the method described in claim 8, it is characterized in that, the practical network speed value of the first communication port and the second communication
One in the practical network speed value in channel is more than predetermined threshold, then this method further includes:
It is multiple first encryptions subfiles by the first encryption file declustering, and the abstract packing shape for encrypting subfile by each first
At the first data packet, and, and the first picture is packed into the second data packet;The encryption side of each first encryption subfile
Formula is identical as the first encryption cipher mode of file;
First network end sends the first data packet by the first communication port to the second network-side, and passes through the second communication port
The second data packet is sent to the second network-side;
Second the first picture of network-side carries out binary conversion treatment, and according to the specified region in the first picture after binary conversion treatment
Generate object decryption secret key;
Second network-side is decrypted using each first encryption subfile of object decryption secret key pair, to generate multiple first encryptions
The abstract of subfile;
Second network-side generates file reception request depending on the user's operation, and file reception is asked to send out to first network end
It send;
First network end sends the first encryption subfile corresponding with file reception request to the second network-side.
10. a kind of data transmission system of automation community, which is characterized in that including first network end, the second network-side and peace
Full server;
First network end, the second network-side and security server are used to according to such as claim 1-9 any one of them method
Execute corresponding operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810144768.4A CN108366066B (en) | 2018-02-12 | 2018-02-12 | A kind of data transmission method and system automating community |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810144768.4A CN108366066B (en) | 2018-02-12 | 2018-02-12 | A kind of data transmission method and system automating community |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108366066A true CN108366066A (en) | 2018-08-03 |
| CN108366066B CN108366066B (en) | 2019-01-15 |
Family
ID=63005598
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810144768.4A Active CN108366066B (en) | 2018-02-12 | 2018-02-12 | A kind of data transmission method and system automating community |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108366066B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109559796A (en) * | 2018-11-30 | 2019-04-02 | 苏州东巍网络科技有限公司 | A kind of interval training data acquisition request and Verification System and method |
| CN109617980A (en) * | 2018-12-24 | 2019-04-12 | 国家电网有限公司 | The analysis method and device of decentralization big data |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104065567A (en) * | 2014-06-29 | 2014-09-24 | 喻桃阳 | Intelligent community interactive information play and control system |
| CN105725992A (en) * | 2016-01-28 | 2016-07-06 | 无锡南理工科技发展有限公司 | Home-based aged care monitoring system and method |
| US20170111325A1 (en) * | 2013-10-31 | 2017-04-20 | Eco-Mail Development Llc | System and method for secured content delivery |
| CN106780250A (en) * | 2016-12-01 | 2017-05-31 | 武汉大思想信息股份有限公司 | A kind of intelligence community Security incident handling method and system based on technology of Internet of things |
| US20170277893A1 (en) * | 2014-09-10 | 2017-09-28 | International Business Machines Corporation | Data tracking in user space |
| CN107483627A (en) * | 2017-09-12 | 2017-12-15 | 网宿科技股份有限公司 | A kind of file distributing, method for down loading, Distributor, client and system |
-
2018
- 2018-02-12 CN CN201810144768.4A patent/CN108366066B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170111325A1 (en) * | 2013-10-31 | 2017-04-20 | Eco-Mail Development Llc | System and method for secured content delivery |
| CN104065567A (en) * | 2014-06-29 | 2014-09-24 | 喻桃阳 | Intelligent community interactive information play and control system |
| US20170277893A1 (en) * | 2014-09-10 | 2017-09-28 | International Business Machines Corporation | Data tracking in user space |
| CN105725992A (en) * | 2016-01-28 | 2016-07-06 | 无锡南理工科技发展有限公司 | Home-based aged care monitoring system and method |
| CN106780250A (en) * | 2016-12-01 | 2017-05-31 | 武汉大思想信息股份有限公司 | A kind of intelligence community Security incident handling method and system based on technology of Internet of things |
| CN107483627A (en) * | 2017-09-12 | 2017-12-15 | 网宿科技股份有限公司 | A kind of file distributing, method for down loading, Distributor, client and system |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109559796A (en) * | 2018-11-30 | 2019-04-02 | 苏州东巍网络科技有限公司 | A kind of interval training data acquisition request and Verification System and method |
| CN109617980A (en) * | 2018-12-24 | 2019-04-12 | 国家电网有限公司 | The analysis method and device of decentralization big data |
| CN109617980B (en) * | 2018-12-24 | 2021-12-14 | 国家电网有限公司 | Method and device for analyzing decentralized big data |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108366066B (en) | 2019-01-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106603233B (en) | Encryption and decryption method for remote bid opening type bidding system | |
| CN105915332B (en) | A kind of encryption of cloud storage and deduplication method and its system | |
| CN100536393C (en) | Secret shared key mechanism based user management method | |
| CN109902494A (en) | Data encryption storage method, device and document storage system | |
| EP2874074B1 (en) | Method for implementing cross-domain jump, browser, and domain name server | |
| CN110138754B (en) | Multi-cloud-end information processing system and resource sharing method thereof | |
| Novak et al. | Near-pri: Private, proximity based location sharing | |
| CN106611129A (en) | Data desensitization method, device and system | |
| CN104967693B (en) | Towards the Documents Similarity computational methods based on full homomorphism cryptographic technique of cloud storage | |
| CN106888183A (en) | Data encryption, decryption, the method and apparatus and system of key request treatment | |
| CN110932854B (en) | Block chain key distribution system and method for Internet of things | |
| CN106650482A (en) | Electronic file encryption method and device, electronic file decryption method and device and electronic file encryption and decryption system | |
| CN106060078B (en) | User information encryption method, register method and verification method applied to cloud platform | |
| CN106878265A (en) | A kind of data processing method and device | |
| CN107146120A (en) | The generation method and generating means of electronic invoice | |
| CN107948152A (en) | Information storage means, acquisition methods, device and equipment | |
| CN105812366A (en) | Server, anti-crawler system and anti-crawler verification method | |
| CN105025019A (en) | Data safety sharing method | |
| CN105871805A (en) | Anti-stealing-link method and device | |
| CN109063498A (en) | Digital asset storage method, device, restoration methods and device | |
| CN114338247B (en) | Data transmission method and apparatus, electronic device, storage medium, and program product | |
| CN113536250B (en) | Token generation method, login verification method and related equipment | |
| CN111177763A (en) | Two-dimensional code electronic encryption and decryption management system and method for file multiple encryption | |
| CN108366066B (en) | A kind of data transmission method and system automating community | |
| CN111709040A (en) | Sensitive data oriented secure discrete storage method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20190926 Address after: 400 000 Room 401, Building 5, Kaidi Science Park, 69 Torch Avenue, Jiulongpo District, Chongqing Patentee after: Enlightenment Shuhua Technology Co.,Ltd. Address before: 100000 room 213, 5 North Yongjia Road, Haidian District, Beijing, 5 Patentee before: NATIONSKY TECHNOLOGY CO.,LTD. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230310 Address after: 401329 Building 1, No. 21, Fengsheng Road, Jinfeng Town, high tech Zone, Jiulongpo District, Chongqing Patentee after: Guoyun Digital Technology (Chongqing) Co.,Ltd. Address before: 400 000 Room 401, Building 5, Kaidi Science Park, 69 Torch Avenue, Jiulongpo District, Chongqing Patentee before: Enlightenment Shuhua Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right |