CN108574665B

CN108574665B - Safe transmission method and system

Info

Publication number: CN108574665B
Application number: CN201710137789.9A
Authority: CN
Inventors: 李明
Original assignee: 李明
Current assignee: Tendyron Corp
Priority date: 2017-03-09
Filing date: 2017-03-09
Publication date: 2021-08-17
Anticipated expiration: 2037-03-09
Also published as: CN108574665A

Abstract

The invention provides a safe transmission method and a system, wherein the method comprises the following steps: the method comprises the steps that a first terminal detects level change of a level signal at a first wired communication interface in the process of sending the level signal of first data, and when the level change of the level signal at the first wired communication interface meets a timing triggering condition, first timing is started; the second terminal receives the level signal of the first data and processes the first data to obtain second data; the first terminal generates a level signal of third data when the first timing reaches a first specified value, detects the level change of the level signal at the first wired communication interface in the process of sending the level signal of the third data, and starts second timing when the level change of the level signal at the first wired communication interface meets a timing triggering condition; the second terminal receives the level signal of the third data and sends the level signal of the second data; the first terminal allows the level signal of the second data to be received when the second timing reaches a second prescribed value.

Description

Safe transmission method and system

Technical Field

The present invention relates to the field of electronic technologies, and in particular, to a secure transmission method and system.

Background

When the electronic signature device communicates with a host device (for example, a PC device, a mobile device, etc.), the host device sends data to be processed to the electronic signature device, the electronic signature device receives the data to be processed and performs corresponding processing on the data to be processed to obtain processed data, the electronic signature device sends the processed data to the host device, and according to an existing communication protocol, if the host device receives the processed data within a specified waiting time, the received data is considered as normal data, and subsequent operations (for example, transaction operations, authorization operations, etc.) are continued.

However, if data communication is performed between the electronic signature device and the host device, the third party illegal device hijacks data transmitted by the electronic signature device and performs illegal operations such as forwarding or tampering to obtain illegal data, and as long as the illegal data can be returned to the host device within the waiting time specified by the existing communication protocol, the host device still considers the received illegal data as normal data and continues to use the illegal data to perform subsequent operations, which affects the security of the subsequent operations. The prior art can not ensure the security of data transmission, and can not effectively identify illegal data after the data remote hijacking occurs.

Disclosure of Invention

The present invention is directed to solving the above problems.

The invention mainly aims to provide a safe transmission method, which comprises the following steps: a first wired communication interface of a first terminal is connected with a second wired communication interface of a second terminal, the method comprising: the first terminal generates a level signal of first data and transmits the level signal of the first data through the first wired communication interface; the first terminal detects the level change of the level signal at the first wired communication interface in the process of sending the level signal of the first data, and starts first timing when the level change of the level signal at the first wired communication interface meets a timing triggering condition; the second terminal receives the level signal of the first data through the second wired communication interface, and processes the first data to obtain second data; when the first timing reaches a first specified value, the first terminal generates a level signal of third data, and sends the level signal of the third data through the first wired communication interface, wherein the third data is notification indication information; the first terminal detects the level change of the level signal at the first wired communication interface in the process of sending the level signal of the third data, and starts second timing when the level change of the level signal at the first wired communication interface meets a timing triggering condition; the second terminal receives the level signal of the third data through the second wired communication interface, generates the level signal of the second data, and sends the level signal of the second data through the second wired communication interface; and when the second timing reaches a second specified value, the first terminal allows the first wired communication interface to receive the level signal of the second data, wherein the second specified value is the time required from the completion of the second terminal receiving the level signal of the third data to the sending of the level signal of the second data.

Wherein, when the level change of the level signal at the first wired communication interface meets the timing trigger condition, the first terminal starts the first timing, which comprises: the first terminal detects whether the level characteristics of the level signals at the first wired communication interface accord with the characteristics of a data start bit, if so, the first terminal continues to detect the characteristic values of subsequent level signals at the first wired communication interface, and if the characteristic values indicate that the first wired communication interface is in a data transmission state, first timing is started, wherein the characteristics of the data start bit comprise the level characteristics of a specific level signal or the level characteristics changing in a specific regularity; when the level change of the level signal at the first wired communication interface meets a timing trigger condition, the first terminal starts second timing, which comprises: the first terminal detects whether the level characteristics of the level signals at the first wired communication interface accord with the data start bit characteristics, if so, the characteristic values of subsequent level signals at the first wired communication interface are continuously detected, and if the characteristic values indicate that the first wired communication interface is in a data transmission state, second timing is started, wherein the data start bit characteristics comprise the level characteristics of specific level signals or the level characteristics which change in a specific regularity.

Wherein, when the level change of the level signal at the first wired communication interface meets the timing trigger condition, the first terminal starts the first timing, which comprises: the first terminal detects a characteristic value of a level signal at the first wired communication interface, if the characteristic value indicates that the first wired communication interface is in a data transmission state, whether the level characteristic of a subsequent level signal at the first wired communication interface accords with a data ending bit characteristic or not is continuously detected, and if the characteristic value accords with the data ending bit characteristic, first timing is started, wherein the data ending bit characteristic comprises the level characteristic of a specific level signal or the level characteristic which changes in a specific regularity; when the level change of the level signal at the first wired communication interface meets a timing trigger condition, the first terminal starts second timing, which comprises: and the first terminal detects a characteristic value of a level signal at the first wired communication interface, if the characteristic value indicates that the first wired communication interface is in a data transmission state, the first terminal continues to detect whether the level characteristic of a subsequent level signal at the first wired communication interface accords with a data ending bit characteristic, and if the characteristic value accords with the data ending bit characteristic, a second timing is started, wherein the data ending bit characteristic comprises the level characteristic of a specific level signal or the level characteristic which changes in a specific regularity.

The first specified value is greater than or equal to the time required by the second terminal for processing the first data to obtain second data; the first prescribed value is pre-stored in the first terminal, or obtained by negotiation between the first terminal and the second terminal before the first terminal sends first data to the second terminal; the second predetermined value is pre-stored in the first terminal, or obtained by the first terminal and the second terminal negotiating before the first terminal sends the first data to the second terminal.

Wherein, the first specified value is a first preset duration, and when the first timing reaches the first specified value, the method includes: when the time length obtained by the first timing reaches a first preset time length; the second specified value is a second preset duration, and when the second timing reaches the second specified value, the method includes: when the duration obtained by the second timing reaches a second preset duration; or, the first predetermined value is a first preset count value, and the starting the first timer includes: starting a first count; when the first timing reaches a first prescribed value, the method includes: when the value obtained by the first counting reaches a first preset counting value; the second predetermined value is a second preset count value, and the starting of the second timing includes: starting a second count; when the second timing reaches a second prescribed value, the method includes: and when the value obtained by the second counting reaches a second preset counting value.

The invention mainly aims to provide a safe transmission system, wherein a first wired communication interface of a first terminal is connected with a second wired communication interface of a second terminal, and the first terminal is used for generating a level signal of first data and transmitting the level signal of the first data through the first wired communication interface; detecting the level change of a level signal at the first wired communication interface in the process of sending the level signal of the first data, and starting first timing when the level change of the level signal at the first wired communication interface meets a timing trigger condition; the second terminal is configured to receive a level signal of the first data through the second wired communication interface, and process the first data to obtain second data; the first terminal is further configured to generate a level signal of third data when the first timing reaches a first prescribed value, and send the level signal of the third data through the first wired communication interface, where the third data is notification indication information; detecting the level change of the level signal at the first wired communication interface in the process of sending the level signal of the third data, and starting second timing when the level change of the level signal at the first wired communication interface meets a timing trigger condition; the second terminal is further configured to receive the level signal of the third data through the second wired communication interface, generate the level signal of the second data, and send the level signal of the second data through the second wired communication interface; the first terminal is further configured to allow the first wired communication interface to receive the level signal of the second data when the second timing reaches a second predetermined value, where the second predetermined value is a time required for the second terminal to transmit the level signal of the second data after receiving the level signal of the third data.

The first terminal is specifically configured to detect whether a level feature of a level signal at the first wired communication interface meets a data start bit feature, if so, continue to detect a feature value of a subsequent level signal at the first wired communication interface, and start first timing when the feature value indicates that the first wired communication interface is in a data transmission state, where the data start bit feature includes a level feature of a specific level signal or a level feature that changes in a specific regularity; the first terminal is specifically configured to detect whether a level feature of a level signal at the first wired communication interface meets a data start bit feature, if so, continue to detect a feature value of a subsequent level signal at the first wired communication interface, and if the feature value indicates that the first wired communication interface is in a data transmission state, start second timing, where the data start bit feature includes a level feature of a specific level signal or a level feature that changes in a specific regularity.

The first terminal is specifically configured to detect a characteristic value of a level signal at the first wired communication interface, continue to detect whether a level characteristic of a subsequent level signal at the first wired communication interface conforms to a data end bit characteristic if the characteristic value indicates that the first wired communication interface is in a data transmission state, and start first timing if the characteristic value conforms to the data end bit characteristic, where the data end bit characteristic includes a level characteristic of a specific level signal or a level characteristic that changes in a specific regularity; the first terminal is specifically configured to detect a characteristic value of a level signal at the first wired communication interface, continue to detect whether a level characteristic of a subsequent level signal at the first wired communication interface conforms to a data end bit characteristic if the characteristic value indicates that the first wired communication interface is in a data transmission state, and start second timing if the characteristic value conforms to the data end bit characteristic, where the data end bit characteristic includes a level characteristic of a specific level signal or a level characteristic that changes in a specific regularity.

The first terminal is specifically configured to generate a level signal of third data when the duration obtained by the first timing reaches a first preset duration; the first terminal is specifically configured to allow the first wired communication interface to receive the level signal of the second data when a duration obtained by the second timing reaches a second preset duration; or, the first prescribed value is a first preset counting value, and the first terminal is specifically configured to start a first counting; the first terminal is specifically configured to generate a level signal of third data when a value obtained by the first counting reaches a first preset counting value; the second specified value is a second preset counting value, and the first terminal is specifically used for starting second counting; the first terminal is specifically configured to allow the first wired communication interface to receive the level signal of the second data when the value obtained by the second counting reaches a second preset counting value.

According to the technical scheme provided by the invention, under the condition of normal communication, the first terminal starts second timing while sending third data (namely notification indication information), the second terminal receives the third data (namely notification indication information) and sends second data to the first terminal, and the first terminal can receive the second data when the second timing reaches a second specified value (the second specified value is the time required by the second terminal to send a level signal of the second data after the second terminal receives the level signal of the third data) because the transmission delay is very small and can be ignored under the condition of wired connection. That is, under normal communication conditions, the first terminal starts timing while transmitting the third data to the second terminal, the second terminal immediately transmits the second data after receiving the third data (notification indication information), and ignores the transmission delay, so that the first terminal will just receive the second data when the second time reaches the second specified value.

If the remote hijacking of the third-party illegal equipment exists between the first terminal and the second terminal, and the third-party illegal equipment needs to take a certain time after carrying out illegal operations such as forwarding or tampering on the hijacked data, the second terminal always sends the second data after receiving the third data (namely the notification indication information), and the second data is sent to the first terminal after the remote hijacking of the third-party illegal equipment, at the moment, the illegal data received by the first terminal inevitably exceed a second specified value reached by timing, the first terminal only allows the second data to be received when the timing reaches the second specified value, and the data reached by timing is not allowed to be received when the timing reaches the second specified value, so that the illegal data can be effectively identified after the remote hijacking of the data, and further corresponding processing measures can be taken, such as interrupting subsequent processing, discarding the illegal data, And the communication connection between the first terminal and the second terminal is disconnected, and the like, so that the safety of data transmission between the first terminal and the second terminal is ensured.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.

Fig. 1 is a flowchart of a secure transmission method according to embodiment 1 of the present invention;

fig. 2 is a block diagram of a secure transmission system according to embodiment 2 of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.

In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.

In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.

Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.

In this embodiment, a first wired communication interface is disposed on a first terminal, and a second wired communication interface is disposed on a second terminal, where the first terminal includes, but is not limited to, a PC, a mobile terminal, a palm computer, a card reader (such as a POS) supporting a contact type IC card interface, and the second terminal includes, but is not limited to, an electronic signature device (usbkey, audio key), and a contact type IC card; the first wired communication interface and the second wired communication interface may be both USB interfaces, contact IC card communication interfaces, and the like.

The first wired communication interface of the first terminal is in wired connection with the second wired communication interface of the second terminal, so that wired communication can be conveniently carried out between the first terminal and the second terminal.

Example 1

Fig. 1 is a flowchart illustrating a secure transmission method according to an embodiment of the present invention; the method comprises the following steps:

101. the first terminal generates a level signal of first data and transmits the level signal of the first data through the first wired communication interface;

in this embodiment, after the first terminal and the second terminal establish the wired communication connection, the first terminal and the second terminal send data through the high and low level signals. When the first terminal sends the first data to the second terminal, the first terminal generates a level signal of the first data and sends the level signal through the first wired communication interface, at the moment, the level change generated at the first wired communication interface also causes the second wired communication interface to generate corresponding level change, and the second terminal can receive the first data by detecting the level change generated at the second wired communication interface.

102. The first terminal detects the level change of the level signal at the first wired communication interface in the process of sending the level signal of the first data, and starts first timing when the level change of the level signal at the first wired communication interface meets a timing triggering condition;

in this embodiment, in the process of sending the level signal of the first data by the first terminal, the level change of the level signal at the first wired communication interface is detected. The level change of the level signal may be, for example, a change of a level value of the level signal, and different level values may represent different meanings during data transmission, for example, a data transmission state may be represented by a differential characteristic value of the level signal, a data start bit and a data end bit may be represented by a level characteristic value conforming to a certain preset format, and the like.

In this embodiment, the number of pins for data transmission in the first wired communication interface may be multiple, for example, when the first wired communication interface is a USB interface, the number of pins for data transmission is two, and the two pins are a D + pin and a D-pin respectively. It is understood that the level change of the level signal at the first wired communication interface specifically refers to: for example, taking a USB interface as an example, the level change of the level signal at the USB interface specifically refers to: a level change of the level signal at the D + pin and a level change of the level signal at the D-pin. Other interface forms are similar and are not described in detail herein.

In this embodiment, if the level change of the level signal at the first wired communication interface satisfies the timing trigger condition, the start of the first timing is triggered, so that the level signal of the third data is generated when the first timing reaches the first prescribed value.

The implementation manner of the first timing includes but is not limited to the following: timing by adopting a clock, wherein the numerical value obtained by timing is duration; or a counter is adopted for timing, and the numerical value obtained by timing is a counting numerical value.

103. The second terminal receives the level signal of the first data through the second wired communication interface, and processes the first data to obtain second data;

in this embodiment, the first wired communication interface is connected to the second wired communication interface by a wired connection, and when the first terminal sends the level signal of the first data through the first wired communication interface, correspondingly, the second terminal may receive the level signal of the first data through the second wired communication interface. It will be appreciated that the level change of the level signal at the first wired communication interface is identical to the level change of the level signal at the second wired communication interface.

In this embodiment, after receiving the first data, the second terminal processes the first data to obtain second data. For example, the first data is data to be signed, and the second data obtained by processing the first data by the second terminal may specifically be signed data obtained by signing the data to be signed.

104. When the first timing reaches a first specified value, the first terminal generates a level signal of third data, and sends the level signal of the third data through the first wired communication interface, wherein the third data is notification indication information;

in this embodiment, the first predetermined value is greater than or equal to a time required for the second terminal to process the first data to obtain second data;

in this embodiment, the third data is notification indication information for indicating that the second data is returned to the first terminal. And after the first terminal sends the third data to the second terminal, the second terminal receives the notification indication information and sends the second data to the first terminal.

105. The first terminal detects the level change of the level signal at the first wired communication interface in the process of sending the level signal of the third data, and starts second timing when the level change of the level signal at the first wired communication interface meets a timing triggering condition;

in this embodiment, in the process of sending the level signal of the third data by the first terminal, the level change of the level signal at the first wired communication interface is detected. The level change of the level signal may be, for example, a change of a level value of the level signal, and different level values may represent different meanings during data transmission, for example, a data transmission state may be represented by a differential characteristic value of the level signal, a data start bit and a data end bit may be represented by a level characteristic value conforming to a certain preset format, and the like.

In this embodiment, if the level change of the level signal at the first wired communication interface meets the timing trigger condition, the start of the second timing is triggered, so that the level signal of the second data is allowed to be received through the first wired communication interface when the second timing reaches a second specified value.

The implementation of the second timing includes but is not limited to the following: timing by adopting a clock, wherein the numerical value obtained by timing is duration; or a counter is adopted for timing, and the numerical value obtained by timing is a counting numerical value.

In this embodiment, the second timing and the first timing may adopt the same timing mode or different timing modes. And is not limited herein.

106. The second terminal receives a level signal of the third data through the second wired communication interface;

in this embodiment, the first wired communication interface is connected to the second wired communication interface by a wired connection, and when the first terminal sends the level signal of the third data through the first wired communication interface, correspondingly, the second terminal may receive the level signal of the third data through the second wired communication interface. It will be appreciated that the level change of the level signal at the first wired communication interface is identical to the level change of the level signal at the second wired communication interface.

107. The second terminal generates a level signal of the second data and transmits the level signal of the second data through the second wired communication interface;

in this embodiment, the second terminal does not immediately return the second data to the first terminal after obtaining the second data, but after receiving the third data (i.e., the notification indication information), the second terminal sends the second data to the first terminal through the second wired communication interface, so that the second terminal can receive the second data when the second timing reaches the second predetermined value.

In this embodiment, if the second terminal does not receive the notification indication information, step 107 will not be executed.

108. And the first terminal allows the first wired communication interface to receive the level signal of the second data when the second timing reaches a second specified value.

In this embodiment, the second predetermined value is a time required for the second terminal to send the level signal of the second data after receiving the level signal of the third data.

In this embodiment, the first terminal allows the second data to be received when the second timing reaches the second predetermined value, and the first terminal does not allow the data to be received when the second timing does not reach or exceeds the second predetermined value.

In this embodiment, in a normal communication situation, the first terminal starts the second timing while sending the third data (i.e., the notification indicator), and the second terminal receives the third data (i.e., the notification indicator) and sends the second data to the first terminal. That is, under normal communication conditions, the first terminal starts timing while transmitting the third data to the second terminal, the second terminal immediately transmits the second data after receiving the third data (notification indication information), and ignores the transmission delay, so that the first terminal will just receive the second data when the second time reaches the second specified value.

As an optional implementation manner of this embodiment, the first prescribed value may be pre-stored in the first terminal, for example, the first prescribed value may be pre-stored in a secure storage area in the first terminal in advance, and when the first terminal needs to be used, the first prescribed value is acquired from the secure storage area.

As an alternative to this embodiment, the first prescribed value may also be obtained by: before the first terminal sends first data to the second terminal, the first terminal and the second terminal negotiate to obtain the first data; the negotiation to obtain the first prescribed value may be carried out in the following manner: the first terminal and the second terminal carry out bidirectional identity authentication, and after the bidirectional identity authentication is passed, the first terminal and the second terminal negotiate to obtain a transmission key; the second terminal generates the first specified value, encrypts the first specified value by using the transmission key, and sends the encrypted first specified value to the first terminal; the first terminal decrypts the encrypted first specified numerical value by using the transmission key to obtain the first specified numerical value, and stores the first specified numerical value; or, the first terminal generates the first prescribed value, encrypts the first prescribed value by using the transmission key, and transmits the encrypted first prescribed value to the second terminal; the second terminal decrypts the encrypted first specified numerical value by using the transmission key to obtain the first specified numerical value and stores the first specified numerical value; alternatively, the negotiation to obtain the first prescribed value may be implemented in the following manner: the first terminal and the second terminal carry out bidirectional identity authentication; after the bidirectional identity authentication is passed, the second terminal generates the first specified value, encrypts the first specified value by using the public key of the first terminal, and sends the encrypted first specified value to the first terminal; the first terminal decrypts the encrypted first specified numerical value by using a private key of the first terminal to obtain the first specified numerical value and stores the first specified numerical value; or after the bidirectional identity authentication is passed, the first terminal generates the first specified value, encrypts the first specified value by using the public key of the second terminal, and sends the encrypted first specified value to the second terminal; and the second terminal decrypts the encrypted first specified numerical value by using a private key of the second terminal to obtain the first specified numerical value and stores the first specified numerical value.

As an optional implementation manner of this embodiment, the second specified value may be pre-stored in the first terminal, for example, the second specified value may be pre-stored in a secure storage area in the first terminal in advance, and when the first terminal needs to be used, the second specified value is obtained from the secure storage area.

As an alternative to this embodiment, the second prescribed value may also be obtained by: and before the first terminal sends the first data to the second terminal, the first terminal and the second terminal negotiate to obtain the first data. The negotiation to obtain the second prescribed value may be achieved in the following manner: the first terminal and the second terminal carry out bidirectional identity authentication, and after the bidirectional identity authentication is passed, the first terminal and the second terminal negotiate to obtain a transmission key; the second terminal generates the second specified value, encrypts the second specified value by using the transmission key, and sends the encrypted second specified value to the first terminal; the first terminal decrypts the encrypted second specified numerical value by using the transmission key to obtain the second specified numerical value, and stores the second specified numerical value; or, the first terminal generates the second prescribed value, encrypts the second prescribed value by using the transmission key, and transmits the encrypted second prescribed value to the second terminal; the second terminal decrypts the encrypted second specified numerical value by using the transmission key to obtain the second specified numerical value, and stores the second specified numerical value; alternatively, the following manner may be adopted to implement the negotiation to obtain the second prescribed value: the first terminal and the second terminal carry out bidirectional identity authentication; after the bidirectional identity authentication is passed, the second terminal generates the second specified value, encrypts the second specified value by using the public key of the first terminal, and sends the encrypted second specified value to the first terminal; the first terminal decrypts the encrypted second specified numerical value by using a private key of the first terminal to obtain the second specified numerical value, and stores the second specified numerical value; or after the bidirectional identity authentication is passed, the first terminal generates the second specified value, encrypts the second specified value by using a public key of the second terminal, and sends the encrypted second specified value to the second terminal; and the second terminal decrypts the encrypted second specified numerical value by using a private key of the second terminal to obtain the second specified numerical value and stores the second specified numerical value.

As an optional implementation manner of this embodiment, when the timing manner is clock timing, the first specified value is a first preset time length, and when the first timing reaches the first specified value, the method includes: when the time length obtained by the first timing reaches a first preset time length; the second specified value is a second preset duration, and when the second timing reaches the second specified value, the method includes: when the duration obtained by the second timing reaches a second preset duration;

or, when the timing manner is counting by a counter, the first predetermined value is a first preset count value, and the starting of the first timing includes: starting a first count; when the first timing reaches a first prescribed value, the method includes: when the value obtained by the first counting reaches a first preset counting value; the second predetermined value is a second preset count value, and the starting of the second timing includes: starting a second count; when the second timing reaches a second prescribed value, the method includes: and when the value obtained by the second counting reaches a second preset counting value.

As an optional implementation manner of this embodiment, the above timing may be triggered at the beginning of data transmission, and the specific implementation of triggering timing is as follows:

in the process of sending the level signal of the first data, a first terminal detects whether the level characteristic of the level signal at the first wired communication interface conforms to the data start bit characteristic, if so, the first terminal continues to detect the characteristic value of the subsequent level signal at the first wired communication interface, and if the characteristic value indicates that the first wired communication interface is in a data transmission state, the first timing is started, wherein the data start bit characteristic comprises the level characteristic of a specific level signal or the level characteristic which changes in a specific regularity;

in the process of sending the level signal of the third data, the first terminal detects whether the level characteristic of the level signal at the first wired communication interface conforms to the data start bit characteristic, if so, the first terminal continues to detect the characteristic value of the subsequent level signal at the first wired communication interface, and if the characteristic value indicates that the first wired communication interface is in a data transmission state, the second timing is started, wherein the data start bit characteristic comprises the level characteristic of a specific level signal or the level characteristic which changes in a specific regularity.

Taking the first wired communication interface and the second wired communication interface as USB interfaces as an example, the following implementation processes of the first terminal and the second terminal performing communication through the USB interfaces are briefly introduced: when data is not transmitted, the USB interface is in an idle state, when data needs to be transmitted, level signals at D + and D-in the USB interface are switched from the idle state to a K state (this process is also referred to as a start of packet (SOP) state), and then the USB interface starts to transmit data by using a differential signal, where a first bit of the data is usually a first bit of a SYNC field SYNC, and when the first bit of the SYNC field SYNC is detected, it can be determined that the USB interface is in a data transmission state. When the data transmission is finished, the last bit of the data is usually the check bit CRC, and after the check bit CRC is transmitted, the D + and D-level signals in the USB interface enter the SE0 state, and then the state is changed from the SE0 state to the J state (this process is also referred to as an end of packet (EOP) state). The characteristics of the level signals at D + and D-positions in the USB interface in the SOP state and the EOP state may specifically refer to the relevant specifications in the USB protocol, and are not described herein again.

The implementation scheme based on the USB interface triggering timing is as follows: when the first terminal detects that the level characteristics of the D + pin and the D-pin enter the K state from the idle state (that is, detects that the data packet starts SOP), it indicates that a level signal conforming to the characteristics of the data start bit is detected, and continues to detect the characteristic values of the level signals at the subsequent D + pin and the D-pin, and if the characteristic value is a differential signal and indicates the first bit of the information packet, for example, the first bit of the SYNC field SYNC, it indicates that the first wired communication interface is in the data transmission state, and at this time, first timing starts (the second timing trigger implementation process is similar to the first timing, and is not described again).

Of course, the first wired communication interface and the second wired communication interface may also be contact IC card communication interfaces, and the following implementation process of the first terminal and the second terminal performing communication through a contact IC is briefly described: the input/output I/O interface of the contact type IC card adopts a character mode to transmit data. Before data transmission, the I/O interface is in a high state. Each character consists of 10 consecutive bits: a start bit of 1 low state, 8 data bits constituting a data byte, and 1 parity bit. And after the character transmission is finished, the I/O interface enters the protection time, and the I/O interface is in a high level state in the protection time.

The contact type IC card communication interface based triggering timing is realized as follows: when the first terminal detects that the first wired communication interface (i.e., the I/O interface) changes from a high level to a low level, it indicates that a level signal conforming to the characteristics of the data start bit is detected, and when the first data bit in the level signals representing the 8 data bits is continuously detected, it indicates that the first wired communication interface (i.e., the I/O interface) is in a data transmission state, and then first timing is started (the second timing trigger implementation process is similar to the first timing, and is not described again).

Of course, the first wired communication interface and the second wired communication interface may also adopt the following third communication mode: two data pins for transmitting data are arranged in the first wired communication interface and the second wired communication interface. Data transmission is performed through the differential signal formed by the two data pins, a start bit is usually set when data transmission is started, the start bit of data is usually represented by parallel signals, for example, the two data pins are both high levels, or the two data pins are both low levels, the start bit is formed by specifically adopting the combination of the high levels, the low levels, the level values and the levels, and can be set differently according to different application scenes, and the description is omitted here. After data starts to be transmitted, the transmitted data is represented by differential signals, for example, one of the two data pins is at a high level, the other is at a low level, the transmitted data is different, the differential signals formed by the two data pins are also different, and the differential signals can be specifically set according to different application scenarios, which is not described herein again. When data transmission is finished, an end bit is set, and the end bit of data is usually represented by a parallel signal, for example, both the two data pins are at a high level, or both the two data pins are at a low level, and the end bit formed by specifically adopting a combination of a high level or a low level, the level value and the level value can be set differently according to different application scenarios, which is not described herein again. It is understood that the specific level value of the parallel signal used by the start bit of the data is different from the specific level value of the parallel signal used by the end bit of the data for distinguishing.

The implementation of triggering timing based on the third communication mode is as follows: taking the first wired communication interface provided with a first pin and a second pin for transmitting data as an example;

the first terminal detects a parallel signal representing a start bit in the level signal at the first pin and the level signal at the second pin, and subsequently detects a differential signal for data transmission in the level signal at the first pin and the level signal at the second pin, which indicates that the level signal conforming to the characteristics of the start bit is detected first and then data transmission is detected, and then starts first timing (the second timing trigger implementation process is similar to the first timing, and is not described again).

As an optional implementation manner of this embodiment, the above timing may be triggered at the end of data transmission, and the specific implementation of triggering timing is as follows:

the first terminal detects a characteristic value of a level signal at a first wired communication interface in the process of sending the level signal of the first data, if the characteristic value indicates that the first wired communication interface is in a data transmission state, whether the level characteristic of a subsequent level signal at the first wired communication interface accords with a data ending bit characteristic is continuously detected, and if the characteristic value accords with the data ending bit characteristic, first timing is started, wherein the data ending bit characteristic comprises the level characteristic of a specific level signal or the level characteristic which changes in a specific regularity;

the first terminal detects a characteristic value of a level signal at the first wired communication interface in the process of sending the level signal of the third data, if the characteristic value indicates that the first wired communication interface is in a data transmission state, whether the level characteristic of a subsequent level signal at the first wired communication interface accords with a data ending bit characteristic is continuously detected, and if the characteristic value accords with the data ending bit characteristic, second timing is started, wherein the data ending bit characteristic comprises the level characteristic of a specific level signal or the level characteristic which changes in a specific regularity;

the implementation scheme based on the USB interface triggering timing is as follows: the first terminal detects characteristic values of the level signals at the D + pin and the D-pin, if the characteristic values of the level signals are differential signals and represent transmitted data, such as check bits CRC, it may indicate that the first wired communication interface is in a data transmission state, and when it continues to detect whether the level characteristics at the D + pin and the D-pin conform to the end bit characteristics, if it is detected that the level characteristics are switched from an SE0 state to a J state, that is, it is detected that the data packet ends EOP, it indicates that it is detected that data is transmitted first and then the level signals conforming to the data end bit characteristics are detected, so that first timing is started (the second timing trigger implementation process is similar to the first timing and is not described again).

The contact type IC card communication interface based triggering timing is realized as follows: when the first terminal detects the check bit at the first wired communication interface (i.e., the I/O interface), it indicates that the first wired communication interface (i.e., the I/O interface) is in a data transmission state, and then continuously detects whether the first wired communication interface (i.e., the I/O interface) is at a high level (i.e., enters a protection time), and if so, it indicates that a level signal conforming to the characteristics of the data end bit is detected, then a first timing is started (the second timing trigger implementation process is similar to the first timing, and is not described again).

The implementation of triggering timing based on the third communication method is as follows (the implementation of communication based on the third communication method is described above and is not described here again): taking the first wired communication interface provided with a first pin and a second pin for transmitting data as an example;

the first terminal detects a differential signal for transmitting data in the level signal at the first pin and the level signal at the second pin, and subsequently detects a parallel signal representing an end bit in the level signal at the first pin and the level signal at the second pin, which indicates that data transmission is detected first and then a level signal conforming to the characteristics of the end bit is detected, and then starts first timing (the second timing trigger implementation process is similar to the first timing, and is not described again).

In this embodiment, as can be seen from the above description, the data start bit characteristic is a level characteristic of a specific level signal, for example, a level signal corresponding to the data start bit characteristic in the contact IC card communication interface is represented by a low level, a level signal corresponding to the data end bit characteristic is represented by a high level (the protection time is a period of high level), or a level characteristic that the data start bit characteristic changes in a specific regularity, for example, a level signal corresponding to the data start bit characteristic in the USB interface is represented by SOP (the level signal changes from an idle state to a K state), and a level signal corresponding to the data end bit characteristic is represented by EOP (the level signal changes from an SE0 state to a J state). Of course, without limitation, different types of level characteristics may be used to represent the data start bit characteristics according to different communication interfaces, for example, a combination of multiple high levels and low levels, or a single high level, or a single low level, etc., may also be used, and is not limited herein.

Example 2

The present embodiment provides a secure transmission system, as shown in fig. 2, in which a first wired communication interface of a first terminal is connected to a second wired communication interface of a second terminal, the system including: a first terminal 10 and a second terminal 20;

wherein, the first terminal 10 is configured to generate a level signal of first data and transmit the level signal of the first data through the first wired communication interface; detecting the level change of a level signal at the first wired communication interface in the process of sending the level signal of the first data, and starting first timing when the level change of the level signal at the first wired communication interface meets a timing trigger condition;

the second terminal 20 is configured to receive the level signal of the first data through the second wired communication interface, and process the first data to obtain second data;

the first terminal 10 is further configured to generate a level signal of third data when the first timing reaches a first predetermined value, and send the level signal of the third data through the first wired communication interface, where the third data is notification indication information; detecting the level change of the level signal at the first wired communication interface in the process of sending the level signal of the third data, and starting second timing when the level change of the level signal at the first wired communication interface meets a timing trigger condition;

the second terminal 20 is further configured to receive the level signal of the third data through the second wired communication interface, generate the level signal of the second data, and send the level signal of the second data through the second wired communication interface;

the first terminal 10 is further configured to allow the first wired communication interface to receive the level signal of the second data when the second timing reaches a second predetermined value, where the second predetermined value is a time required for the second terminal to send the level signal of the second data after receiving the level signal of the third data.

If the remote hijacking of the third-party illegal equipment exists between the first terminal and the second terminal, and the third-party illegal equipment needs to take a certain time after carrying out illegal operations such as forwarding or tampering on the hijacked data, the second terminal always sends the second data after receiving the third data (namely the notification indication information), and the second data is remotely hijacked by the third-party illegal equipment and then sends the processed illegal data to the first terminal, at the moment, the illegal data received by the first terminal inevitably exceeds a second specified value reached by timing, the first terminal only allows the second data to be received when the timing reaches the second specified value, and the data reached by overtime cannot be received, so that the illegal data can be effectively identified after the remote hijacking of the data occurs, and corresponding processing measures can be taken, such as interrupting subsequent processing, discarding illegal data, disconnecting the communication connection between the first terminal and the second terminal, etc., the security of data transmission between the first terminal and the second terminal is ensured.

As an optional implementation manner of this embodiment, when the timing manner is clock timing, the first specified value is a first preset time duration, and the first terminal is specifically configured to generate a level signal of third data when the time duration obtained by the first timing reaches the first preset time duration; the first terminal is specifically configured to allow the first wired communication interface to receive the level signal of the second data when a duration obtained by the second timing reaches a second preset duration;

or, when the timing manner is that a counter counts, the first prescribed value is a first preset count value, and the first terminal is specifically configured to start first counting; the first terminal is specifically configured to generate a level signal of third data when a value obtained by the first counting reaches a first preset counting value; the second specified value is a second preset counting value, and the first terminal is specifically used for starting second counting; the first terminal is specifically configured to allow the first wired communication interface to receive the level signal of the second data when the value obtained by the second counting reaches a second preset counting value.

the first terminal is specifically configured to detect whether a level feature of a level signal at the first wired communication interface meets a data start bit feature in a process of sending the level signal of the first data, if so, continue to detect a feature value of a subsequent level signal at the first wired communication interface, and start first timing when the feature value indicates that the first wired communication interface is in a data transmission state, where the data start bit feature includes a level feature of a specific level signal or a level feature that changes in a specific regularity;

the first terminal is further specifically configured to, in a process of sending the level signal of the third data, detect whether a level feature of the level signal at the first wired communication interface conforms to a data start bit feature, if so, continue to detect a feature value of a subsequent level signal at the first wired communication interface, and start second timing when the feature value indicates that the first wired communication interface is in a data transmission state, where the data start bit feature includes a level feature of a specific level signal or a level feature that changes in a specific regularity.

the first terminal is specifically configured to detect a feature value of a level signal at the first wired communication interface in a process of sending the level signal of the first data, continue to detect whether a level feature of a subsequent level signal at the first wired communication interface conforms to a data end bit feature if the feature value indicates that the first wired communication interface is in a data transmission state, and start first timing if the level feature of the subsequent level signal at the first wired communication interface conforms to the data end bit feature, where the data end bit feature includes a level feature of a specific level signal or a level feature that changes in a specific regularity;

the first terminal is further specifically configured to, during a process of sending the level signal of the third data, detect a feature value of the level signal at the first wired communication interface, if the feature value indicates that the first wired communication interface is in a data transmission state, continue to detect whether a level feature of a subsequent level signal at the first wired communication interface conforms to a data end bit feature, and if so, start second timing, where the data end bit feature includes a level feature of a specific level signal or a level feature that changes in a specific regularity;

It should be noted that the system provided in this embodiment may implement the data interaction method provided in embodiment 1, the related function implementation of the first terminal may also refer to the description related to the first terminal side in embodiment 1, and the related function implementation of the second terminal may also refer to the description related to the second terminal side in embodiment 1, which is not described herein again.

Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.

It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.

It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.

In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.

The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.

In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.

Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims

1. A secure transmission method, wherein a first wired communication interface of a first terminal is connected to a second wired communication interface of a second terminal, the method comprising:

the first terminal generates a level signal of first data and transmits the level signal of the first data through the first wired communication interface;

the first terminal detects the level change of the level signal at the first wired communication interface in the process of sending the level signal of the first data, and starts first timing when the level change of the level signal at the first wired communication interface meets a timing triggering condition;

the second terminal receives the level signal of the first data through the second wired communication interface, and processes the first data to obtain second data;

when the first timing reaches a first specified value, the first terminal generates a level signal of third data, and sends the level signal of the third data through the first wired communication interface, wherein the third data is notification indication information;

the first terminal detects the level change of the level signal at the first wired communication interface in the process of sending the level signal of the third data, and starts second timing when the level change of the level signal at the first wired communication interface meets a timing triggering condition;

the second terminal receives the level signal of the third data through the second wired communication interface, generates the level signal of the second data, and sends the level signal of the second data through the second wired communication interface;

and when the second timing reaches a second specified value, the first terminal allows the first wired communication interface to receive the level signal of the second data, wherein the second specified value is the time required from the completion of the second terminal receiving the level signal of the third data to the sending of the level signal of the second data.

2. The method of claim 1,

the first terminal starts first timing when the level change of the level signal at the first wired communication interface meets a timing trigger condition in the process of sending the level signal of the first data, and the first terminal comprises:

the first terminal detects whether the level characteristics of the level signals at the first wired communication interface accord with the characteristics of a data start bit in the process of sending the level signals of the first data, if so, the characteristic values of subsequent level signals at the first wired communication interface are continuously detected, and if the characteristic values indicate that the first wired communication interface is in a data transmission state, first timing is started, wherein the characteristics of the data start bit comprise the level characteristics of a specific level signal or the level characteristics changing in a specific regularity;

in the process of sending the level signal of the third data, when the level change of the level signal at the first wired communication interface meets a timing trigger condition, the first terminal starts a second timing, including:

and the first terminal detects whether the level characteristics of the level signals at the first wired communication interface accord with the data start bit characteristics or not in the process of sending the level signals of the third data, if so, the characteristic values of the subsequent level signals at the first wired communication interface are continuously detected, and if the characteristic values indicate that the first wired communication interface is in a data transmission state, second timing is started, wherein the data start bit characteristics comprise the level characteristics of specific level signals or the level characteristics which change in a specific regularity.

3. The method of claim 1,

and the first terminal detects a characteristic value of a level signal at the first wired communication interface in the process of sending the level signal of the third data, if the characteristic value indicates that the first wired communication interface is in a data transmission state, whether the level characteristic of a subsequent level signal at the first wired communication interface accords with a data ending bit characteristic is continuously detected, and if the characteristic value accords with the data ending bit characteristic, second timing is started, wherein the data ending bit characteristic comprises the level characteristic of a specific level signal or the level characteristic which changes in a specific regularity.

4. The method according to any one of claims 1 to 3,

the first specified value is greater than or equal to the time required by the second terminal for processing the first data to obtain second data;

the first prescribed value is pre-stored in the first terminal, or obtained by negotiation between the first terminal and the second terminal before the first terminal sends first data to the second terminal;

the second predetermined value is pre-stored in the first terminal, or obtained by the first terminal and the second terminal negotiating before the first terminal sends the first data to the second terminal.

5. The method according to any one of claims 1 to 3,

the first specified value is a first preset time length, and when the first timing reaches the first specified value, the method includes: when the time length obtained by the first timing reaches a first preset time length; the second specified value is a second preset duration, and when the second timing reaches the second specified value, the method includes: when the duration obtained by the second timing reaches a second preset duration;

or, the first predetermined value is a first preset count value, and the starting the first timer includes: starting a first count; when the first timing reaches a first prescribed value, the method includes: when the value obtained by the first counting reaches a first preset counting value; the second predetermined value is a second preset count value, and the starting of the second timing includes: starting a second count; when the second timing reaches a second prescribed value, the method includes: and when the value obtained by the second counting reaches a second preset counting value.

6. A secure transmission system, wherein a first wired communication interface of a first terminal is connected to a second wired communication interface of a second terminal,

the first terminal is used for generating a level signal of first data and transmitting the level signal of the first data through the first wired communication interface; detecting the level change of a level signal at the first wired communication interface in the process of sending the level signal of the first data, and starting first timing when the level change of the level signal at the first wired communication interface meets a timing trigger condition;

the second terminal is configured to receive a level signal of the first data through the second wired communication interface, and process the first data to obtain second data;

the first terminal is further configured to generate a level signal of third data when the first timing reaches a first prescribed value, and send the level signal of the third data through the first wired communication interface, where the third data is notification indication information; detecting the level change of the level signal at the first wired communication interface in the process of sending the level signal of the third data, and starting second timing when the level change of the level signal at the first wired communication interface meets a timing trigger condition;

the second terminal is further configured to receive the level signal of the third data through the second wired communication interface, generate the level signal of the second data, and send the level signal of the second data through the second wired communication interface;

the first terminal is further configured to allow the first wired communication interface to receive the level signal of the second data when the second timing reaches a second predetermined value, where the second predetermined value is a time required for the second terminal to transmit the level signal of the second data after receiving the level signal of the third data.

7. The system of claim 6,

the first terminal is specifically configured to detect whether a level feature of a level signal at a first wired communication interface meets a data start bit feature in a process of sending the level signal of the first data, if so, continue to detect a feature value of a subsequent level signal at the first wired communication interface, and start first timing when the feature value indicates that the first wired communication interface is in a data transmission state, where the data start bit feature includes a level feature of a specific level signal or a level feature that changes in a specific regularity;

the first terminal is further specifically configured to detect whether a level feature of a level signal at the first wired communication interface meets a data start bit feature in a process of sending the level signal of the third data, if so, continue to detect a feature value of a subsequent level signal at the first wired communication interface, and if the feature value indicates that the first wired communication interface is in a data transmission state, start second timing, where the data start bit feature includes a level feature of a specific level signal or a level feature that changes in a specific regularity.

8. The system of claim 6,

the first terminal is further specifically configured to detect a feature value of a level signal at the first wired communication interface in a process of sending the level signal of the third data, continue to detect whether a level feature of a subsequent level signal at the first wired communication interface conforms to a data end bit feature if the feature value indicates that the first wired communication interface is in a data transmission state, and start second timing if the level feature of the subsequent level signal at the first wired communication interface conforms to the data end bit feature, where the data end bit feature includes a level feature of a specific level signal or a level feature that changes in a specific regularity.

9. The system according to any one of claims 6 to 8,

10. The system according to any one of claims 6 to 8,

the first specified value is a first preset time length, and the first terminal is specifically configured to generate a level signal of third data when the time length obtained by the first timing reaches the first preset time length; the first terminal is specifically configured to allow the first wired communication interface to receive the level signal of the second data when a duration obtained by the second timing reaches a second preset duration;

or, the first prescribed value is a first preset counting value, and the first terminal is specifically configured to start a first counting; the first terminal is specifically configured to generate a level signal of third data when a value obtained by the first counting reaches a first preset counting value; the second specified value is a second preset counting value, and the first terminal is specifically used for starting second counting; the first terminal is specifically configured to allow the first wired communication interface to receive the level signal of the second data when the value obtained by the second counting reaches a second preset counting value.