CN108683665A - Data ciphering method, system in fiber optic communication and data transmitting equipment - Google Patents

Data ciphering method, system in fiber optic communication and data transmitting equipment Download PDF

Info

Publication number
CN108683665A
CN108683665A CN201810463197.0A CN201810463197A CN108683665A CN 108683665 A CN108683665 A CN 108683665A CN 201810463197 A CN201810463197 A CN 201810463197A CN 108683665 A CN108683665 A CN 108683665A
Authority
CN
China
Prior art keywords
data
light
transmission
ciphertext
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810463197.0A
Other languages
Chinese (zh)
Inventor
李志伟
唐亮
孙辰军
刘海锋
赵冀宁
聂立贤
祁利刚
范晓丹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Maintenance Branch of State Grid Hebei Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
Maintenance Branch of State Grid Hebei Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Maintenance Branch of State Grid Hebei Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201810463197.0A priority Critical patent/CN108683665A/en
Publication of CN108683665A publication Critical patent/CN108683665A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/80Optical aspects relating to the use of optical transmission for specific applications, not provided for in groups H04B10/03 - H04B10/70, e.g. optical power feeding or optical transmission through water
    • H04B10/85Protection from unauthorised access, e.g. eavesdrop protection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The present invention is suitable for fiber optic communication field, discloses data ciphering method, system and data transmitting equipment in a kind of fiber optic communication, and this method is applied to data transmitting equipment, including:Transmission data is obtained, judges whether carry encryption identification in transmission data;If transmission data carries encryption identification, the public key of data receiver is obtained;Asymmetric encryption is carried out to transmission data according to the public key of data receiver and generates ciphertext data;Digital signature is generated according to the transmission private key and ciphertext data to prestore;Ciphertext data and digital signature are packaged and generate the first message, and are converted into the first light data;It is random to generate light key, it is encrypted according to the first light data of light key pair and generates light ciphertext data;Light key is sent to data receiver by safe lane, light ciphertext data are sent to data receiver by common signal channel, light key is used to indicate data receiver and finally obtains transmission data.The present invention can improve safety and the confidentiality of data transmission.

Description

Data ciphering method, system in fiber optic communication and data transmitting equipment
Technical field
The invention belongs to the data ciphering method in technical field of optical fiber communication more particularly to a kind of fiber optic communication, systems And data transmitting equipment.
Background technology
Fiber optic communication is to make carrier wave using light wave, and information is reached to the logical of another place using optical fiber as transmission medium from one Letter mode.Since fiber optic communication has many advantages, such as that bandwidth, message capacity are big, loss is low, repeater span is long, fiber optic communication by It is widely used in various information transmission.
Due to light wave transmitted in optical cable be difficult leak from optical fiber, even if at turning, when bending radius very little, The light wave released is also very faint so that and many users think that fiber optic communication itself is perfectly safe, and will not reveal the communication information, Therefore existing fiber optic communication it is not intended that fiber optic communication privacy problem.But due to the development of Eavesdropping, this communication The information that mode is transmitted, which is easy to be stolen, to be heard, safety and confidentiality are relatively low.
Invention content
In view of this, an embodiment of the present invention provides data ciphering method, system and data hairs in a kind of fiber optic communication Equipment is sent, to solve the problems, such as that safety in the prior art and confidentiality are relatively low.
The first aspect of the embodiment of the present invention provides the data ciphering method in a kind of fiber optic communication, the method application In data transmitting equipment, including:
Transmission data is obtained, and judges whether carry encryption identification in transmission data;
If it is determined that carrying encryption identification in transmission data, then the public key of data receiver is obtained;
Asymmetric encryption is carried out to transmission data according to the public key of data receiver and generates ciphertext data;
Digital signature is generated according to the transmission private key and ciphertext data to prestore;
Ciphertext data and digital signature are packaged and generate the first message, and the first message is converted into the first light data;
It is random to generate light key, and be encrypted according to the first light data of light key pair and generate light ciphertext data;
Light key is sent to data receiver by safe lane, and light ciphertext data are sent by common signal channel To data receiver, light key is used to indicate data receiver and light ciphertext data is decrypted to obtain the first message, the One message is used to indicate data receiver according to the digital signature of the first message and reception the first message of private key pair to prestore Ciphertext data are decrypted, and obtain transmission data.
The second aspect of the embodiment of the present invention provides the data encryption system in a kind of fiber optic communication, the system application In data transmitting equipment, including:
Judgment module for obtaining transmission data, and judges whether carry encryption identification in transmission data;
First processing module, for if it is determined that carry encryption identification in transmission data, then obtaining data receiver Public key;
Ciphertext data generation module, for carrying out asymmetric encryption life to transmission data according to the public key of data receiver At ciphertext data;
Digital signature generation module, for generating digital signature according to the transmission private key and ciphertext data that prestore;
Conversion module generates the first message for being packaged ciphertext data and digital signature, and the first message is converted into First light data;
Light ciphertext data generation module for generating light key at random, and is added according to the first light data of light key pair It is dense at light ciphertext data;
First sending module, for light key to be sent to data receiver by safe lane, and by light ciphertext number It is sent to data receiver according to by common signal channel, light key is used to indicate data receiver and is solved to light ciphertext data Close to obtain the first message, the first message is used to indicate data receiver according to the digital signature of the first message and the reception to prestore The ciphertext data of the first message of private key pair are decrypted, and obtain transmission data.
The third aspect of the embodiment of the present invention provides a kind of data transmitting equipment, including memory, processor and deposits The computer program that can be run in memory and on a processor is stored up, processor is realized as described above when executing computer program The step of data ciphering method in fiber optic communication.
The fourth aspect of the embodiment of the present invention provides a kind of computer readable storage medium, computer readable storage medium It is stored with computer program, the number in fiber optic communication as described above is realized when computer program is executed by one or more processors The step of according to encryption method.
Existing advantageous effect is the embodiment of the present invention compared with prior art:In embodiments of the present invention, data are sent Equipment carries out asymmetric encryption to transmission data according to the public key of data receiver and generates ciphertext data, according to the transmission to prestore Private key and ciphertext data generate digital signature, and ciphertext data and digital signature are packaged and generate the first message, and by the first message It is converted into the first light data, it is random to generate light key, and be encrypted according to the first light data of light key pair and generate light ciphertext number According to light key being sent to data receiver by safe lane, and light ciphertext data are sent to number by common signal channel According to receiving device;Data receiver is decrypted to obtain the first message according to the light key pair light ciphertext data received, and It is decrypted according to the ciphertext data of the digital signature of the first message and reception the first message of private key pair to prestore, obtains transmission number According to.The embodiment of the present invention can improve safety and the confidentiality of data transmission by asymmetric encryption techniques;It is signed by number Name technology is able to verify that the integrality and authenticity of ciphertext data, knows whether ciphertext data are attacked;Pass through light key pair light Data, which are encrypted, generates light ciphertext data, and light key is sent to data receiver by safe lane, by public Light ciphertext data are sent to data receiver by channel, can ensure that light key is securely sent to data receiver, into One step improves safety and the confidentiality of data transmission;The embodiment of the present invention ensures the safety of data transmission by triple protection Property and confidentiality.
Description of the drawings
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description be only the present invention some Embodiment for those of ordinary skill in the art without having to pay creative labor, can also be according to these Attached drawing obtains other attached drawings.
Fig. 1 is the implementation process schematic diagram of the data ciphering method in the fiber optic communication that one embodiment of the invention provides;
Fig. 2 is the schematic block diagram of the data encryption system in the fiber optic communication that one embodiment of the invention provides;
Fig. 3 is the schematic block diagram for the data transmitting equipment that one embodiment of the invention provides.
Specific implementation mode
In being described below, for illustration and not for limitation, it is proposed that such as tool of particular system structure, technology etc Body details, so as to provide a thorough understanding of the present application embodiment.However, it will be clear to one skilled in the art that there is no these specific The application can also be realized in the other embodiments of details.In other situations, it omits to well-known system, device, electricity The detailed description of road and method, so as not to obscure the description of the present application with unnecessary details.
It should be appreciated that ought use in this specification and in the appended claims, the instruction of term " comprising " is described special Sign, entirety, step, operation, the presence of element and/or component, but be not precluded one or more of the other feature, entirety, step, Operation, element, component and/or its presence or addition gathered.
It is also understood that the term used in this present specification is merely for the sake of the mesh for describing specific embodiment And be not intended to limit the application.As present specification and it is used in the attached claims, unless on Other situations are hereafter clearly indicated, otherwise " one " of singulative, "one" and "the" are intended to include plural form.
It will be further appreciated that the term "and/or" used in present specification and the appended claims is Refer to any combinations and all possible combinations of one or more of associated item listed, and includes these combinations.
As used in this specification and in the appended claims, term " if " can be according to context quilt Be construed to " when ... " or " once " or " in response to determination " or " in response to detecting ".Similarly, phrase " if it is determined that " or " if detecting [described condition or event] " can be interpreted to mean according to context " once it is determined that " or " in response to true It is fixed " or " once detecting [described condition or event] " or " in response to detecting [described condition or event] ".
In order to illustrate technical solutions according to the invention, illustrated below by specific embodiment.
Fig. 1 is the implementation process schematic diagram of the data ciphering method in the fiber optic communication that one embodiment of the invention provides, and is Convenient for explanation, illustrate only and the relevant part of the embodiment of the present invention.The method is applied to data transmitting equipment.In optical fiber In communication, data transmission is related to two sides, and a side is data transmitting equipment, and a side is data receiver, data transmitting equipment Transmission data is sent to data receiver.In embodiments of the present invention, it would be desirable to which the data of transmission are known as transmission data, will The equipment for sending transmission data is known as data transmitting equipment, and the equipment for receiving transmission data is known as data receiver.
The executive agent of the embodiment of the present invention can be data transmitting equipment.As shown in Figure 1, this method may include following Step:
Step S101:Transmission data is obtained, and judges whether carry encryption identification in transmission data.
In embodiments of the present invention, it if carrying encryption identification in transmission data, is transmitted after transmission data is encrypted; If not carrying encryption identification in transmission data, it is not necessary that transmission data is encrypted, can directly transmit.For example, for one The data that a little all devices all would know that, can transmit without encryption;For comparing the data of privacy, then need to be encrypted laggard Row transmission.The embodiment of the present invention is transmitted by different transmission datas using different transmission modes, both can guarantee privacy Data are not leaked, and can improve the efficiency of transmission of non-private data.
Step S102:If it is determined that carrying encryption identification in transmission data, then the public key of data receiver is obtained.
In embodiments of the present invention, if it is determined that carrying encryption identification in transmission data, that is, judge that transmission data needs to add It is close, then transmission data is encrypted using rivest, shamir, adelman first.In rivest, shamir, adelman, data transmitting equipment Public key with data transmitting equipment and transmission private key, data receiver have the public key of data receiver and receive private Key.The public key of data transmitting equipment and the public key of data receiver are disclosed, and any equipment can be got.Data are sent out Equipment is sent to generate first password pair by rivest, shamir, adelman, first password is to the public key comprising data transmitting equipment and transmission Private key.Data receiver generates the second password pair by rivest, shamir, adelman, and the second password is to including data receiver Public key and receive private key.Wherein, rivest, shamir, adelman can be RSA (Ron Rivest Adi Shamir Leonard Adleman, public key encryption algorithm) Encryption Algorithm.
Step S103:Asymmetric encryption is carried out to transmission data according to the public key of data receiver and generates ciphertext data.
In embodiments of the present invention, transmission data is carried out according to the public key of data receiver and rivest, shamir, adelman Asymmetric encryption generates ciphertext data.By carrying out asymmetric encryption generation to transmission data according to the public key of data receiver Ciphertext data can improve safety and the confidentiality of transmission data.
Step S104:Digital signature is generated according to the transmission private key and ciphertext data to prestore.
As further embodiment of this invention, digital signature is generated according to the transmission private key and ciphertext data to prestore, including:
Hash operation is carried out to ciphertext data and obtains summary info;
Summary info is encrypted to obtain digital signature according to the transmission private key to prestore.
In embodiments of the present invention, data transmitting equipment carries out Hash operation to ciphertext data and obtains summary info, by this Summary info as the first summary info, and according to the transmission private key and rivest, shamir, adelman to prestore to summary info carry out it is non- Symmetric cryptography obtains digital signature.Wherein, if Hash operation ensures that ciphertext data change, Hash is carried out to ciphertext data The summary info that operation obtains can also change.Hash operation is that data transmitting equipment is appointed in advance with data receiver 's.
Data receiver carries out same Hash operation life after obtaining ciphertext data and digital signature, to ciphertext data At the second summary info;The public key of data transmitting equipment is obtained, and digital signature is carried out according to the public key of data transmitting equipment Decryption obtains third summary info;If the second summary info is identical with third summary info, illustrate that ciphertext data do not occur Change, that is to say, that ciphertext data are not attacked;If the second summary info is different with third summary info, illustrate ciphertext Data are changed, that is to say, that ciphertext data are attacked.
In embodiments of the present invention, by increasing digital signature, the integrality and authenticity of ciphertext data can be verified, is obtained Know whether ciphertext data are attacked, increases one layer of protection again to transmission data.
Step S105:Ciphertext data and digital signature are packaged and generate the first message, and the first message is converted into first Light data.
Ciphertext data and digital signature are packaged the message generated and are known as the first message.In fiber optic communication, need to report Text is ultimately converted to light data, then transmits the light data by optical fiber.In embodiments of the present invention, any incite somebody to action may be used First message is converted into the first light data by the method that message is ultimately converted to light data.Wherein, light data refers to that can lead to The data-signal for crossing optical fiber transmission, is known as the first light data by the light data that the first message is converted into.
Step S106:It is random to generate light key, and be encrypted according to the first light data of light key pair and generate light ciphertext number According to.
In embodiments of the present invention, data transmitting equipment, which may be used, any can generate the method for light key at random to generate Light key.Light key is for being encrypted the first light data.
As further embodiment of this invention, it is encrypted according to the first light data of light key pair and generates light ciphertext data, packet It includes:
Light key and the first light data are subjected to XOR operation, generate light ciphertext data.
XOR operation has the property that:If A and B, which carries out XOR operation, which obtains C, C and A progress XOR operation, to obtain To B.The embodiment of the present invention utilizes this characteristic of XOR operation, and light key and the first light data, which are carried out XOR operation, obtains light Ciphertext data.After data receiver receives light ciphertext data and light key, light ciphertext data and light key are carried out XOR operation, you can obtain the first light data.
In embodiments of the present invention, by generating light key at random, and light key and the first light data are subjected to exclusive or fortune It calculates, generates light ciphertext data, increase transmission data one layer of protection again, further improve safety and the guarantor of transmission data Close property.
Step S107:Light key is sent to data receiver by safe lane, and light ciphertext data are passed through into public affairs Channel is sent to data receiver altogether, and light key is used to indicate data receiver and is decrypted to obtain the to light ciphertext data One message, the first message are used to indicate data receiver according to the digital signature of the first message and the reception private key pair to prestore the The ciphertext data of one message are decrypted, and obtain transmission data.
In embodiments of the present invention, light key is sent to data receiver by safe lane, to ensure light key It is not stolen to hear;Light ciphertext data are sent to data receiver by common signal channel, are heard even if light ciphertext data are stolen, However eavesdropping user can not intercept light key, therefore light ciphertext data can not be cracked;Further, since transmission data passes through Rivest, shamir, adelman is encrypted, even if eavesdropping user intercepts light ciphertext data and light key, and utilizes light key pair Light ciphertext data are decrypted, and also can not really crack to obtain transmission data.
Data receiver is receiving light key that data transmitting equipment is sent by safe lane and data transmission is set After the standby light ciphertext data sent by common signal channel, light key and light ciphertext data are subjected to XOR operation, obtain the first light Data;First light data is converted into the first message, and parses the first message and obtains ciphertext data and digital signature;Obtain data The public key of sending device, and it is whether correct according to the public key of data transmitting equipment and ciphertext data verification digital signature;If digital Signature is correct, then is decrypted to ciphertext data according to the reception private key to prestore, obtains transmission data.
Wherein, data receiver can be used any method that light data can be converted into message and convert the first light data At the first message.
Whether data receiver is correct according to the public key and ciphertext data verification digital signature of data transmitting equipment, packet It includes:Data receiver carries out Hash operation to ciphertext data and obtains the second summary info;Data receiver is sent out according to data Send the public key of equipment that digital signature is decrypted to obtain third summary info;Judge the second summary info and third summary info It is whether identical;If the second summary info is identical with third summary info, it is determined that digital signature is correct;If the second summary info and Third summary info differs, it is determined that digital signature is incorrect.
If digital signature is correct, illustrate that ciphertext data are not changed, ciphertext data are carried out according to the reception private key to prestore Decryption, so that it may to obtain transmission data;If digital signature is incorrect, illustrates to be attacked in data transmission procedure, receive Ciphertext data be not data transmitting equipment send ciphertext data, finally decrypt obtained transmission data nor data hair Send the transmission data that equipment to be sent.Wherein, Hash operation is appointed in advance with data transmitting equipment.
As further embodiment of this invention, the data ciphering method in fiber optic communication further includes:
If it is determined that not carrying encryption identification in transmission data, then transmission data is packaged and generates the second message;
Second message is converted into the second light data, and the second light data is sent to data receiver by common signal channel and is set Standby, the second light data is used to indicate data receiver and obtains transmission data according to the second light data.
In embodiments of the present invention, if not carrying encryption identification in transmission data, illustrate the transmission data without encryption, then Directly transmission data is packaged and generates the second message, is turned the second message using any method that message can be converted into light data It changes the second light data into, and the second light data is sent to data receiver by common signal channel.
Data receiver after receiving the second light data that data transmitting equipment is sent by common signal channel, using appoint Second light data is converted into the second message by the method that light data can be converted into message by what, and is parsed the second message and transmitted Data.
In embodiments of the present invention, by if it is determined that do not carry encryption identification in transmission data, being then packaged transmission data Generate the second message;Second message is converted into the second light data, and the second light data is sent to data by common signal channel Receiving device, the second light data are used to indicate data receiver and obtain transmission data according to the second light data, for being not necessarily to add Close transmission data is sent directly to data receiver, can improve the efficiency of transmission of transmission data.
In embodiments of the present invention, safety and the confidentiality of data transmission can be improved by asymmetric encryption techniques; It is able to verify that the integrality and authenticity of ciphertext data by digital signature technology, knows whether ciphertext data are attacked;Pass through Light key pair light data, which is encrypted, generates light ciphertext data, and light key is sent to data receiver by safe lane and is set It is standby, light ciphertext data are sent to by data receiver by common signal channel, can ensure that light key is securely sent to data Receiving device further increases safety and the confidentiality of data transmission;The embodiment of the present invention ensures number by triple protection Safety according to transmission and confidentiality.
As further embodiment of this invention, data transmitting equipment may be used another mode and determine whether to transmitting number According to being encrypted, and how transmission data is encrypted.It is as follows:
Transmission data is obtained, encryption mode is carried in transmission data;
If encryption mode is the first encryption mode, the public key of data receiver is obtained;And then execute step S103 To step S107;
If encryption mode is the second encryption mode, transmission data is packaged and generates the second message;Second message is converted Data receiver is sent to by common signal channel at the second light data, and by the second light data, the second light data is used to indicate Data receiver obtains transmission data according to the second light data;
If encryption mode is third encryption mode, the public key of data receiver is obtained;And then execute step S103 To step S105;First light data is sent to data receiver by common signal channel, the first light data is used to indicate data First light data is converted into the first message by receiving device, and the first message is used to indicate data receiver according to the first message Digital signature and the ciphertext data of reception the first message of private key pair to prestore are decrypted, and obtain transmission data.
If encryption mode is the 4th encryption mode, transmission data is packaged and generates the second message, and the second message is turned Change the second light data into;It is random to generate the second smooth key, and generation the is encrypted according to second the second light data of smooth key pair Two smooth ciphertext data;Second smooth key is sent to data receiver by safe lane, and the second smooth ciphertext data are led to It crosses common signal channel and is sent to data receiver, the second smooth key is used to indicate the second smooth ciphertext number of data receiver pair According to being decrypted to obtain the second message, and transmission data is obtained according to the second message.
In embodiments of the present invention, encryption side when encryption identification is carried in the first encryption mode and above-mentioned transmission data Formula is identical, i.e., first carries out asymmetric encryption to transmission data, then generate digital signature, finally light data is encrypted;The Two encryption modes are identical as cipher mode when not carrying encryption identification in above-mentioned transmission data, that is, are not necessarily to carry out transmission data Encryption can be transmitted;Third encryption mode is to carry out asymmetric encryption to transmission data, then generates digital signature;4th Encryption mode is that the light data that transmission data is converted into is encrypted, wherein according to second the second light data of smooth key pair into Row encryption generates the second smooth ciphertext data, including:Second smooth key and the second light data are subjected to XOR operation and generate the second light Ciphertext data.The embodiment of the present invention can use different cipher modes to different transmission datas, both ensure private data Safety and confidentiality, and the transmission rate of non-private data can be improved.
It should be noted that all citings in above-described embodiment are used for the purpose of explaining technical scheme of the present invention, and It is not used in the restriction present invention.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each process Execution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present invention constitutes any limit It is fixed.
Fig. 2 is the schematic block diagram of the data encryption system in the fiber optic communication that one embodiment of the invention provides, for the ease of Illustrate, only shows and the relevant part of the embodiment of the present invention.The system is applied to data transmitting equipment.
In embodiments of the present invention, the data encryption system 2 in fiber optic communication includes:
Judgment module 21 for obtaining transmission data, and judges whether carry encryption identification in transmission data;
First processing module 22, for if it is determined that carry encryption identification in transmission data, then obtaining data receiver Public key;
Ciphertext data generation module 23, for carrying out asymmetric encryption to transmission data according to the public key of data receiver Generate ciphertext data;
Digital signature generation module 24, for generating digital signature according to the transmission private key and ciphertext data that prestore;
Conversion module 25 generates the first message for being packaged ciphertext data and digital signature, and the first message is converted At the first light data;
Light ciphertext data generation module 26 is carried out for generating light key at random, and according to the first light data of light key pair Encryption generates light ciphertext data;
First sending module 27, for light key to be sent to data receiver by safe lane, and by light ciphertext Data are sent to data receiver by common signal channel, and light key is used to indicate data receiver and is carried out to light ciphertext data Decryption obtains the first message, and the first message is used to indicate data receiver according to the digital signature of the first message and connecing for prestoring The ciphertext data for receiving the first message of private key pair are decrypted, and obtain transmission data.
Optionally, the data encryption system 2 in fiber optic communication further includes:
Second processing module, for if it is determined that not carrying encryption identification in transmission data, then by transmission data packing generation Second message;
Second light data for the second message to be converted into the second light data, and is passed through public letter by the second sending module Road is sent to data receiver, and the second light data is used to indicate data receiver and obtains transmission number according to the second light data According to.
Optionally, digital signature generation module 24, including:
Summary info acquiring unit obtains summary info for carrying out Hash operation to ciphertext data;
Encryption unit, for summary info to be encrypted to obtain digital signature according to the transmission private key to prestore.
Optionally, light ciphertext data generation module 26 is additionally operable to light key and the first light data carrying out XOR operation, raw At light ciphertext data.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each work( Can unit, module division progress for example, in practical application, can be as needed and by above-mentioned function distribution by different Functional unit, module are completed, i.e., the internal structure of the data encryption system in the fiber optic communication is divided into different functions Unit or module, to complete all or part of the functions described above.Each functional unit, module in embodiment can integrate Can also be that each unit physically exists alone in a processing unit, can also two or more units be integrated in In one unit, the form that hardware had both may be used in above-mentioned integrated unit is realized, can also use the shape of SFU software functional unit Formula is realized.In addition, the specific name of each functional unit, module is also only to facilitate mutually differentiation, is not limited to this Shen Protection domain please.The specific work process of unit in above-mentioned apparatus, module can refer to the correspondence in preceding method embodiment Process, details are not described herein.
Fig. 3 is the schematic block diagram for the data transmitting equipment that one embodiment of the invention provides.As shown in figure 3, the embodiment Data transmitting equipment 3 includes:It one or more processors 30, memory 31 and is stored in the memory 31 and can be in institute State the computer program 32 run on processor 30.The processor 30 is realized above-mentioned each when executing the computer program 32 The step in data ciphering method embodiment in fiber optic communication, such as step S101 to S107 shown in FIG. 1.Alternatively, described Processor 30 realized when executing the computer program 32 each module in the data encryption system embodiment in above-mentioned fiber optic communication/ The function of unit, for example, module 21 to 27 shown in Fig. 2 function.
Illustratively, the computer program 32 can be divided into one or more module/units, it is one or Multiple module/units are stored in the memory 31, and are executed by the processor 30, to complete the application.Described one A or multiple module/units can be the series of computation machine program instruction section that can complete specific function, which is used for Implementation procedure of the computer program 32 in the data transmitting equipment 3 is described.For example, the computer program 32 can be with It is close to be divided into judgment module, first processing module, ciphertext data generation module, digital signature generation module, conversion module, light Literary data generation module and the first sending module.
Judgment module for obtaining transmission data, and judges whether carry encryption identification in transmission data;
First processing module, for if it is determined that carry encryption identification in transmission data, then obtaining data receiver Public key;
Ciphertext data generation module, for carrying out asymmetric encryption life to transmission data according to the public key of data receiver At ciphertext data;
Digital signature generation module, for generating digital signature according to the transmission private key and ciphertext data that prestore;
Conversion module generates the first message for being packaged ciphertext data and digital signature, and the first message is converted into First light data;
Light ciphertext data generation module for generating light key at random, and is added according to the first light data of light key pair It is dense at light ciphertext data;
First sending module, for light key to be sent to data receiver by safe lane, and by light ciphertext number It is sent to data receiver according to by common signal channel, light key is used to indicate data receiver and is solved to light ciphertext data Close to obtain the first message, the first message is used to indicate data receiver according to the digital signature of the first message and the reception to prestore The ciphertext data of the first message of private key pair are decrypted, and obtain transmission data.
Other modules or unit can refer to the description in embodiment shown in Fig. 2, and details are not described herein.
The data transmitting equipment can be the calculating such as desktop PC, notebook, palm PC and cloud server Equipment.The data transmitting equipment 3 includes but are not limited to processor 30, memory 31.It will be understood by those skilled in the art that Fig. 3 is only an example of data transmitting equipment, and the not restriction of structure paired data sending device 3 may include than diagram More or fewer components, either combine certain components or different components, such as the data transmitting equipment 3 can be with Including input equipment, output equipment, network access equipment, bus etc..
The processor 30 can be central processing unit (Central Processing Unit, CPU), can also be Other general processors, digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit (Application Specific Integrated Circuit, ASIC), field programmable gate array (Field- Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic, Discrete hardware components etc..General processor can be microprocessor or the processor can also be any conventional processor Deng.
The memory 31 can be the internal storage unit of the data transmitting equipment, such as data transmitting equipment is hard Disk or memory.The memory 31 can also be the External memory equipment of the data transmitting equipment, such as data transmission The plug-in type hard disk being equipped in equipment, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash card (Flash Card) etc..Further, the memory 31 can also both include that data are sent The internal storage unit of equipment also includes External memory equipment.The memory 31 for store the computer program 32 and Other programs needed for the data transmitting equipment and data.The memory 31 can be also used for temporarily storing and export Or the data that will be exported.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, is not described in detail or remembers in some embodiment The part of load may refer to the associated description of other embodiments.
Those of ordinary skill in the art may realize that lists described in conjunction with the examples disclosed in the embodiments of the present disclosure Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually It is implemented in hardware or software, depends on the specific application and design constraint of technical solution.Professional technician Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed Scope of the present application.
In embodiment provided herein, it should be understood that the data encryption system in disclosed fiber optic communication And method, it may be implemented in other ways.For example, the data encryption system embodiment in fiber optic communication described above It is only schematical, for example, the division of the module or unit, only a kind of division of logic function, in actual implementation may be used To there is an other dividing mode, such as multiple units or component can be combined or can be integrated into another system or some Feature can be ignored, or not execute.Another point, shown or discussed mutual coupling or direct-coupling or communication connection It can be by some interfaces, the INDIRECT COUPLING or communication connection of device or unit, can be electrical, machinery or other shapes Formula.
The unit illustrated as separating component may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, you can be located at a place, or may be distributed over multiple In network element.Some or all of unit therein can be selected according to the actual needs to realize the mesh of this embodiment scheme 's.
In addition, each functional unit in each embodiment of the application can be integrated in a processing unit, it can also It is that each unit physically exists alone, it can also be during two or more units be integrated in one unit.Above-mentioned integrated list The form that hardware had both may be used in member is realized, can also be realized in the form of SFU software functional unit.
If the integrated module/unit be realized in the form of SFU software functional unit and as independent product sale or In use, can be stored in a computer read/write memory medium.Based on this understanding, the application realizes above-mentioned implementation All or part of flow in example method, can also instruct relevant hardware to complete, the meter by computer program Calculation machine program can be stored in a computer readable storage medium, the computer program when being executed by processor, it can be achieved that on The step of stating each embodiment of the method.Wherein, the computer program includes computer program code, the computer program generation Code can be source code form, object identification code form, executable file or certain intermediate forms etc..The computer-readable medium May include:Any entity or device, recording medium, USB flash disk, mobile hard disk, magnetic of the computer program code can be carried Dish, CD, computer storage, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It should be noted that described The content that computer-readable medium includes can carry out increasing appropriate according to legislation in jurisdiction and the requirement of patent practice Subtract, such as in certain jurisdictions, according to legislation and patent practice, computer-readable medium do not include be electric carrier signal and Telecommunication signal.
Embodiment described above is only to illustrate the technical solution of the application, rather than its limitations;Although with reference to aforementioned reality Example is applied the application is described in detail, it will be understood by those of ordinary skill in the art that:It still can be to aforementioned each Technical solution recorded in embodiment is modified or equivalent replacement of some of the technical features;And these are changed Or replace, the spirit and scope of each embodiment technical solution of the application that it does not separate the essence of the corresponding technical solution should all Within the protection domain of the application.

Claims (10)

1. the data ciphering method in a kind of fiber optic communication, which is characterized in that the method is applied to data transmitting equipment, packet It includes:
Transmission data is obtained, and judges whether carry encryption identification in the transmission data;
If it is determined that carrying the encryption identification in the transmission data, then the public key of data receiver is obtained;
Asymmetric encryption is carried out to the transmission data according to the public key of the data receiver and generates ciphertext data;
Digital signature is generated according to the transmission private key to prestore and the ciphertext data;
The ciphertext data and the digital signature are packaged and generate the first message, and first message is converted into the first light Data;
It is random to generate light key, and be encrypted according to the first light data described in the smooth key pair and generate light ciphertext data;
The smooth key is sent to the data receiver by safe lane, and the smooth ciphertext data are passed through public Channel is sent to the data receiver, and the smooth key is used to indicate the data receiver to the smooth ciphertext data It is decrypted to obtain first message, first message is used to indicate the data receiver according to first message Digital signature and the reception private key that prestores the ciphertext data of first message are decrypted, obtain the transmission data.
2. the data ciphering method in fiber optic communication as described in claim 1, which is characterized in that further include:
If it is determined that not carrying the encryption identification in the transmission data, then the transmission data is packaged and generates the second message;
Second message is converted into the second light data, and second light data is sent to data by common signal channel and is connect Receiving unit, second light data are used to indicate the data receiver and obtain the transmission number according to second light data According to.
3. the data ciphering method in fiber optic communication as described in claim 1, which is characterized in that the transmission that the basis prestores Private key and the ciphertext data generate digital signature, including:
Hash operation is carried out to the ciphertext data and obtains summary info;
The summary info is encrypted to obtain digital signature according to the transmission private key to prestore.
4. the data ciphering method in fiber optic communication as described in claim 1, which is characterized in that described according to the smooth key First light data is encrypted and generates light ciphertext data, including:
The smooth key and first light data are subjected to XOR operation, generate light ciphertext data.
5. the data encryption system in a kind of fiber optic communication, which is characterized in that the system is applied to data transmitting equipment, packet It includes:
Judgment module for obtaining transmission data, and judges whether carry encryption identification in the transmission data;
First processing module, for if it is determined that carry the encryption identification in the transmission data, then obtaining data receiver and setting Standby public key;
Ciphertext data generation module, for carrying out asymmetric add to the transmission data according to the public key of the data receiver It is dense at ciphertext data;
Digital signature generation module, for generating digital signature according to the transmission private key and the ciphertext data that prestore;
Conversion module generates the first message for being packaged the ciphertext data and the digital signature, and described first is reported Text is converted into the first light data;
Light ciphertext data generation module, at random generate light key, and according to the first light data described in the smooth key pair into Row encryption generates light ciphertext data;
First sending module, for the smooth key to be sent to the data receiver by safe lane, and will be described Light ciphertext data are sent to the data receiver by common signal channel, and the smooth key is used to indicate the data receiver and sets Standby that the smooth ciphertext data are decrypted to obtain first message, first message is used to indicate the data receiver and sets The standby digital signature according to first message is decrypted the ciphertext data of first message with the reception private key to prestore, Obtain the transmission data.
6. the data encryption system in fiber optic communication as claimed in claim 5, which is characterized in that further include:
Second processing module, for if it is determined that not carrying the encryption identification in the transmission data, then by the transmission data It is packaged and generates the second message;
Second light data for second message to be converted into the second light data, and is passed through public affairs by the second sending module Channel is sent to data receiver altogether, and second light data is used to indicate the data receiver according to second light Data obtain the transmission data.
7. the data encryption system in fiber optic communication as claimed in claim 5, which is characterized in that the digital signature generates mould Block, including:
Summary info acquiring unit obtains summary info for carrying out Hash operation to the ciphertext data;
Encryption unit, the transmission private key for prestoring according to are encrypted to obtain digital signature to the summary info.
8. the data encryption system in fiber optic communication as claimed in claim 5, which is characterized in that the smooth ciphertext data generate Module is additionally operable to the smooth key and first light data carrying out XOR operation, generates light ciphertext data.
9. a kind of data transmitting equipment, including memory, processor and it is stored in the memory and can be in the processing The computer program run on device, which is characterized in that the processor realizes such as claim 1 when executing the computer program The step of to data ciphering method in any one of 4 fiber optic communications.
10. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage has computer journey Sequence realizes the fiber optic communication as described in any one of Claims 1-4 when the computer program is executed by one or more processors In data ciphering method the step of.
CN201810463197.0A 2018-05-15 2018-05-15 Data ciphering method, system in fiber optic communication and data transmitting equipment Pending CN108683665A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810463197.0A CN108683665A (en) 2018-05-15 2018-05-15 Data ciphering method, system in fiber optic communication and data transmitting equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810463197.0A CN108683665A (en) 2018-05-15 2018-05-15 Data ciphering method, system in fiber optic communication and data transmitting equipment

Publications (1)

Publication Number Publication Date
CN108683665A true CN108683665A (en) 2018-10-19

Family

ID=63806470

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810463197.0A Pending CN108683665A (en) 2018-05-15 2018-05-15 Data ciphering method, system in fiber optic communication and data transmitting equipment

Country Status (1)

Country Link
CN (1) CN108683665A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111144519A (en) * 2019-12-05 2020-05-12 阿里巴巴集团控股有限公司 Data processing method, electronic tag and device
CN111600829A (en) * 2019-02-21 2020-08-28 杭州萤石软件有限公司 Secure communication method and system for Internet of things equipment
CN111800257A (en) * 2020-06-01 2020-10-20 青岛海尔智能技术研发有限公司 3D model encryption transmission method and decryption method
CN112906037A (en) * 2021-03-26 2021-06-04 北京三快在线科技有限公司 Communication encryption system, method and device
CN113221188A (en) * 2021-04-25 2021-08-06 亿海蓝(北京)数据技术股份公司 AIS data evidence storing method, AIS data evidence obtaining device and AIS data evidence storing medium
CN113794560A (en) * 2021-11-05 2021-12-14 深邦智能科技(青岛)有限公司 Super instrument data transmission encryption method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5812669A (en) * 1995-07-19 1998-09-22 Jenkins; Lew Method and system for providing secure EDI over an open network
CN101442409A (en) * 2007-11-23 2009-05-27 东方钢铁电子商务有限公司 Encipher method and system for B2B data exchange
CN105978693A (en) * 2016-04-19 2016-09-28 北京奇虎科技有限公司 Terminal association method and system
CN106412024A (en) * 2016-09-07 2017-02-15 网易无尾熊(杭州)科技有限公司 Page acquisition method and device
CN107451483A (en) * 2017-07-28 2017-12-08 佛山市南方数据科学研究院 A kind of safe encryption method of data platform
CN107659400A (en) * 2017-09-29 2018-02-02 厦门科华恒盛股份有限公司 A kind of quantum secret communication method and device based on mark identification

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5812669A (en) * 1995-07-19 1998-09-22 Jenkins; Lew Method and system for providing secure EDI over an open network
CN101442409A (en) * 2007-11-23 2009-05-27 东方钢铁电子商务有限公司 Encipher method and system for B2B data exchange
CN105978693A (en) * 2016-04-19 2016-09-28 北京奇虎科技有限公司 Terminal association method and system
CN106412024A (en) * 2016-09-07 2017-02-15 网易无尾熊(杭州)科技有限公司 Page acquisition method and device
CN107451483A (en) * 2017-07-28 2017-12-08 佛山市南方数据科学研究院 A kind of safe encryption method of data platform
CN107659400A (en) * 2017-09-29 2018-02-02 厦门科华恒盛股份有限公司 A kind of quantum secret communication method and device based on mark identification

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
刘前: "《计算机网络技术》", 31 January 2012 *
曹东东,邓大鹏,朱峰,郭燕,李将: "光通信网物理层全光异或加解密技术研究", 《光通信研究》 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111600829A (en) * 2019-02-21 2020-08-28 杭州萤石软件有限公司 Secure communication method and system for Internet of things equipment
CN111144519A (en) * 2019-12-05 2020-05-12 阿里巴巴集团控股有限公司 Data processing method, electronic tag and device
CN111144519B (en) * 2019-12-05 2023-04-18 阿里巴巴集团控股有限公司 Data processing method, electronic tag and device
CN111800257A (en) * 2020-06-01 2020-10-20 青岛海尔智能技术研发有限公司 3D model encryption transmission method and decryption method
CN112906037A (en) * 2021-03-26 2021-06-04 北京三快在线科技有限公司 Communication encryption system, method and device
CN113221188A (en) * 2021-04-25 2021-08-06 亿海蓝(北京)数据技术股份公司 AIS data evidence storing method, AIS data evidence obtaining device and AIS data evidence storing medium
CN113221188B (en) * 2021-04-25 2024-02-02 亿海蓝(北京)数据技术股份公司 AIS data evidence storage method, evidence obtaining method, device and storage medium
CN113794560A (en) * 2021-11-05 2021-12-14 深邦智能科技(青岛)有限公司 Super instrument data transmission encryption method and system

Similar Documents

Publication Publication Date Title
CN108683665A (en) Data ciphering method, system in fiber optic communication and data transmitting equipment
CN108282459B (en) Data transmission method and system based on intelligent contract
CN110460439A (en) Information transferring method, device, client, server-side and storage medium
CN100468438C (en) Encryption and decryption method for realizing hardware and software binding
CN107294709A (en) A kind of block chain data processing method, apparatus and system
CN108347419A (en) Data transmission method and device
CN108366069A (en) A kind of mutual authentication method and system
CN105591737A (en) Data encryption, decryption and transmission methods and systems
CN111131278B (en) Data processing method and device, computer storage medium and electronic equipment
CN109800588B (en) Dynamic bar code encryption method and device and dynamic bar code decryption method and device
CN107358441A (en) Method, system and the mobile device and safety certificate equipment of payment verification
CN109417467A (en) Montgomery Algorithm with side-channel attacks countermeasure
CN102904713A (en) Key exchange method for secret key encryption communication system
CN108964922A (en) mobile terminal token activation method, terminal device and server
CN103546289A (en) USB (universal serial bus) Key based secure data transmission method and system
CN109039611B (en) Decruption key segmentation and decryption method, device, medium based on SM9 algorithm
CN112823503B (en) Data access method, data access device and mobile terminal
CN104901803A (en) Data interaction safety protection method based on CPK identity authentication technology
CN113742709B (en) Information processing method and device, readable medium and electronic equipment
US11431489B2 (en) Encryption processing system and encryption processing method
CN105306212B (en) A kind of label decryption method that identity is hiding and safe by force
CN113038463B (en) Communication encryption authentication experimental device
CN110191136A (en) A kind of convenient and fast file secure transmission method and equipment
CN109246581A (en) A kind of method and apparatus of communication
CN107395350B (en) Method and system for generating key and key handle and intelligent key safety equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181019

RJ01 Rejection of invention patent application after publication