CN109033830A - Data safety processing method, device, equipment and medium - Google Patents
Data safety processing method, device, equipment and medium Download PDFInfo
- Publication number
- CN109033830A CN109033830A CN201810910011.1A CN201810910011A CN109033830A CN 109033830 A CN109033830 A CN 109033830A CN 201810910011 A CN201810910011 A CN 201810910011A CN 109033830 A CN109033830 A CN 109033830A
- Authority
- CN
- China
- Prior art keywords
- instruction
- data
- expired
- received
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2151—Time stamp
Abstract
The embodiment of the invention discloses a kind of data safety processing method, device, equipment and media, are related to technical field of data processing.This method comprises: obtaining expired identification label from received instruction;It is whether expired according to the expired identification marker for judgment described instruction of acquisition;If described instruction is expired, described instruction is not executed.The embodiment of the invention provides a kind of data safety processing methods to improve the safety of data to resist the attack of flow duplication.
Description
Technical field
The present embodiments relate to technical field of data processing more particularly to a kind of data safety processing method, device, set
Standby and medium.
Background technique
With popularizing for internet of things equipment, the secure communication of equipment room becomes further important.In a typical Internet of Things
In solution, it will use gateway and pass through radiofrequency signal realization and the interaction between terminal device.Due to the opening of radiofrequency signal,
The Content of Communication of gateway and terminal device is easy to be attacked.
Typically, attack means have flow duplication.Specific flow duplication is referred to through technological means acquisition instruction signal
Whether (no matter instruct and encrypt), then save command content.When attacking the recipient of instruction, by preservation
Instruction is sent to the recipient of instruction, to control equipment or obtain data.
For example, recipient is intelligent door, at least one instruction (its that gateway is sent to intelligent door is obtained by technological means
In include unlocking instruction), and store.When attacking intelligent door, the instruction of storage is sent to intelligent door, intelligent door is receiving
Unlocking can be executed after to unlocking instruction therein, to open intelligent door.
Summary of the invention
The embodiment of the present invention provides a kind of data safety processing method, device, equipment and medium, multiple to resist above-mentioned flow
The attack of system improves the safety of data.
In a first aspect, the embodiment of the invention provides a kind of data safety processing methods, this method comprises:
Expired identification label is obtained from received instruction;
It is whether expired according to the expired identification marker for judgment described instruction of acquisition;
If described instruction is expired, described instruction is not executed.
It is further, described whether expired according to the expired identification marker for judgment described instruction of acquisition, comprising:
Received instruction is regard as present instruction, according to the expired identification of the present instruction of acquisition label and a upper instruction
In expired identification label, judge present instruction sending time whether earlier than it is upper one instruction sending time, wherein on described
One instruction refers to the instruction received before receiving present instruction;
If the sending time of present instruction is earlier than the sending time of a upper instruction, it is determined that present instruction is expired.
Further, described before obtaining expired identification label in received instruction, the method also includes:
Receive data;
The interference data in received data are removed, the instruction including valid data is generated.
Further, the interference data in the received data of removal, before generating the instruction including valid data, institute
State method further include:
Received data are decrypted using the random key being locally stored, wherein what local only storage locally used
Key.Second aspect, the embodiment of the invention also provides a kind of data safety processing methods, this method comprises:
According to the transmission of instruction sequence, the expired identification label of determine instruction;
By determining expired identification label write-in described instruction.
Further, the method also includes:
Determine radom insertion position, radom insertion content and radom insertion length;
It is long based on the determining radom insertion position and radom insertion using the radom insertion content as interference data
Degree, will interfere data insertion includes in the data to be sent of instruction.
Further, described using the radom insertion content as interference data, based on the determining radom insertion position
Set with radom insertion length, by interfere data insertion include instruction data to be sent in after, the method also includes:
Based on the random key being locally stored, to the instruction in the data to be sent and data is interfered to encrypt,
Middle local only stores the local key used.
The third aspect, the embodiment of the invention also provides a kind of data safe processing devices, this method comprises:
Label obtains module, for obtaining expired identification label from received instruction;
Expired judgment module, for whether expired according to the expired identification marker for judgment described instruction of acquisition;
If secure processing module does not execute described instruction expired for described instruction.
Further, the expired judgment module, comprising:
Sending time judging unit, for regarding received instruction as present instruction, according to the mistake of the present instruction of acquisition
Whether the expired identification label in phase identification label and a upper instruction judges the sending time of present instruction earlier than a upper instruction
Sending time, wherein it is described it is upper one instruction refer to the instruction received before receiving present instruction;
Expired determination unit is instructed, if the sending time that the sending time for present instruction is instructed earlier than upper one, really
It is expired to determine present instruction.
Further, described device further include:
Data reception module receives data for described before obtaining expired identification label in received instruction;
It interferes data to remove module, for removing the interference data in received data, generates the finger including valid data
It enables.
Further, described device further include:
Data decryption module generates the finger including valid data for the interference data in the received data of removal
Before order, received data are decrypted using the random key being locally stored, wherein what local only storage locally used
Key.
Fourth aspect, the embodiment of the invention also provides a kind of data safe processing device, which includes:
Determining module is marked, for the transmission sequence according to instruction, the expired identification label of determine instruction;
Writing module is marked, for the expired identification determined to be marked write-in described instruction.
Further, described device further include:
It is inserted into determining module, for determining radom insertion position, radom insertion content and radom insertion length;
Interfere Data insertion module, for using the radom insertion content as interfering data, based on described in determining with
Machine insertion position and radom insertion length, will interfere data insertion includes in the data to be sent of instruction.
Further, described device further include:
Data encryption module, for described using the radom insertion content as interfering data, based on described in determining with
Machine insertion position and radom insertion length will be deposited after interfering in data to be sent of the data insertion including instruction based on local
The random key of storage to the instruction in the data to be sent and interferes data to encrypt, wherein local only storage is local to be made
The key used.
5th aspect, the embodiment of the invention also provides a kind of equipment, the equipment includes:
One or more processors;
Storage device, for storing one or more programs,
When one or more of programs are executed by one or more of processors, so that one or more of processing
Device realizes the data safety processing method as described in any in the embodiment of the present invention.
6th aspect, the embodiment of the invention also provides a kind of computer readable storage medium, which is held by processor
The data safety processing method as described in any in the embodiment of the present invention is realized when row.
Whether the embodiment of the present invention passes through expired according to the expired identification marker for judgment described instruction of acquisition;If described instruction
It is expired, then do not execute described instruction.So that refusing after receiving the expired instruction sent based on flow replication attacks to expired
The execution of instruction improves the safety of data to resist flow replication attacks.
Detailed description of the invention
Fig. 1 is a kind of flow chart for data safety processing method that the embodiment of the present invention one provides;
Fig. 2 is a kind of flow chart of data safety processing method provided by Embodiment 2 of the present invention;
Fig. 3 is a kind of flow chart for data safety processing method that the embodiment of the present invention three provides;
Fig. 4 is a kind of structural schematic diagram for data safe processing device that the embodiment of the present invention four provides;
Fig. 5 is a kind of structural schematic diagram for equipment that the embodiment of the present invention five provides.
Specific embodiment
The present invention is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched
The specific embodiment stated is used only for explaining the present invention rather than limiting the invention.It also should be noted that in order to just
Only the parts related to the present invention are shown in description, attached drawing rather than entire infrastructure.
Embodiment one
Fig. 1 is a kind of flow chart for data safety processing method that the embodiment of the present invention one provides.The present embodiment is applicable
In there are flow replication attacks risk the case where, typically, should it may is that gateway and connection multiple smart machine low coverages
The case where from communication.This method can be executed by a kind of data safe processing device, which can be by software and/or hardware
Mode realize.Optionally, which can be gateway or smart machine.Referring to Fig. 1, at data safety provided in this embodiment
Reason method includes:
S110, expired identification label is obtained from received instruction.
Wherein, described instruction can be controlling terminal to the control instruction for executing terminal transmission, be also possible to execute terminal
Instruction is reported to what controlling terminal was sent.For example, described instruction can be that gateway sends to the smart machine of connection by servicing
The instruction for the control smart machine that device generates.Described instruction be also possible to that smart machine sends to gateway for reporting server
Facility information instruction.
Expired identification label be instruct for identification whether expired label.Optionally, expired identification label can refer to
It enables sending time stab, is also possible to the label for mark instructions sending time sequence.
The acquisition of expired identification label can be by obtaining from the expired identification marker bit set in instruction.
It is S120, whether expired according to the expired identification marker for judgment described instruction of acquisition.
It is specifically, described whether expired according to the expired identification marker for judgment described instruction of acquisition, comprising:
Received instruction is regard as present instruction, according to the expired identification of the present instruction of acquisition label and a upper instruction
In expired identification label, judge present instruction sending time whether earlier than it is upper one instruction sending time, wherein on described
One instruction refers to the instruction received before receiving present instruction;
If the sending time of present instruction is earlier than the sending time of a upper instruction, it is determined that present instruction is expired.
Optionally, can also be according to the generation time of instruction, whether decision instruction is expired.
If S130, described instruction are expired, described instruction is not executed.
At the same time it can also execute other safety measures, such as the sender's transmission of warning prompt or limitation to expired instruction
Instruction reception.
The technical solution of the embodiment of the present invention, by according to the expired identification marker for judgment described instruction of acquisition whether mistake
Phase;If described instruction is expired, described instruction is not executed.So that receiving the expired instruction sent based on flow replication attacks
Afterwards, execution of the refusal to expired instruction improves the safety of data to resist flow replication attacks.
It is described before obtaining expired identification label in received instruction for the safety for further increasing data, it is described
Method further include:
Receive data;
The interference data in received data are removed, the instruction including valid data is generated.
Wherein, by interfering data to transmission data addition, to increase the difficulty that attacker cracks data.
For the safety for further increasing data, the interference data removed in received data, it includes effective for generating
Before the instruction of data, the method also includes:
Received data are decrypted using the random key being locally stored, wherein what local only storage locally used
Key.
It is encrypted by being based on random key to transmission data, to improve the safety of data.Optionally, encryption is calculated
Method can be symmetric key encryption algorithm, be also possible to asymmetric-key encryption algorithm.
Random key is dispatched from the factory by equipment or is determined at random when networking for the first time, and in write device.Pay attention to random key not
The own attribute (such as sequence number, NIC address etc.) of equipment can be used only.
The key that local device uses, namely minimum visible storage are only stored in local device, even if a thus equipment
Be broken, attacker can only also obtain the random key of the equipment, can not still obtain other connection equipment random key (namely
Other equipment can not be broken through).
Embodiment two
Fig. 2 is a kind of flow chart of data safety processing method provided by Embodiment 2 of the present invention.The present embodiment is upper
On the basis of stating embodiment, a kind of optinal plan for being provided using executing subject as transmitting terminal.Referring to fig. 2, provided in this embodiment
Data safe processing scheme includes:
S210, the transmission sequence according to instruction, the expired identification label of determine instruction.
It specifically, can be according to the transmission sequence of the generation time determine instruction of the sending time or instruction of instruction.
It is alternatively possible to directly by the sending time of the instruction of reaction instruction transmission sequence or the generation time of instruction, directly
Connect the expired identification label as instruction;It can also be instruction to be numbered according to instruction transmission sequence, by number as instruction
Expired identification label.
S220, described instruction is written into determining expired identification label.
Specifically, expired identification marker bit determines in advance.After determining expired identification label, expired identification is marked and is written
The expired identification marker bit of instruction.
To prevent attacker from distorting to expired identification label, expired identification marker bit can determine at random.Therefore, every
The expired identification marker bit of instruction is unfixed.The difficulty of expired identification label is obtained to increase attacker, and then is prevented
Attacker distorts expired identification label.
The technical solution of the embodiment of the present invention is marked by the way that expired identification is written to instruction, so that receiving end is receiving
After instruction, determine whether the instruction received is expired according to expired identification label.If expired, the instruction is not executed.To
Flow replication attacks are resisted, the safety of data is improved.
Attacker decodes key by collecting encryption data sample in order to prevent, the method also includes:
Determine radom insertion position, radom insertion content and radom insertion length;
It is long based on the determining radom insertion position and radom insertion using the radom insertion content as interference data
Degree, will interfere data insertion includes in the data to be sent of instruction.
Wherein, radom insertion position is not fixed position, and to facilitate recipient's reverse resolution.It specifically, can be with
Use the specific field in the data frame of instruction as insertion position foundation, calculates insertion position (note according to certain rules
It is intended to evade the data bit by as calculation basis, prevents data from can not decrypt).Insertion position can also be generated at random.
Radom insertion length can be calculated according to the specific field in the data frame of instruction, can also be generated and will be grown at random
Angle value is as in a part insertion data frame of interference data.Pay attention to controlling intubating length, too many interference data will cause logical
Believe that efficiency reduces.
Insertion content will have enough randomness at any time, and data source, can basis it is not recommended that using existing frame data
Random algorithm determines.
Data are interfered by insertion, to break the regularity of data, increases and decodes difficulty.Instruction can be resisted simultaneously to crack
Attack refers to by constantly collecting specific command signal wherein instruction cracks, and combines the function of instruction, passes through probability point
It the means such as analyses and compares and crack instruction format, to achieve the purpose that forge instruction.
Further, described using the radom insertion content as interference data, based on the determining radom insertion position
Set with radom insertion length, by interfere data insertion include instruction data to be sent in after, the method also includes:
Based on the random key being locally stored, to the instruction in the data to be sent and data is interfered to encrypt,
Middle local only stores the local key used.
Specifically, it is contemplated that the low operational capability of internet of things equipment is encrypted using symmetric encipherment algorithm.Bonding apparatus
Operational capability and requirement to efficiency, single encryption can be used, can also repeatedly be encrypted.
By being encrypted using random key, single-point can be resisted and break through attack.Wherein single-point breakthrough refers to passing through
Technological means breaks through some legal equipment (such as gateway or smart machine), thus obtain storage key on the device and
Encryption and decryption information, and then achieve the purpose that break through other equipment, such case is more common in multiple equipment using identical key, or
The generating algorithm of person's key is not sufficiently random, and has guessd out key generation strategy by attacker.
Embodiment three
Fig. 3 is a kind of flow chart for data safety processing method that the embodiment of the present invention three provides.The present embodiment is upper
On the basis of stating embodiment, using application scenarios to carry out data interaction based on radio frequency between gateway and smart machine in Internet of Things
Scene, a kind of optinal plan provided.If wherein transmitting terminal is gateway, receiving end is exactly the smart machine for connecting gateway;If
Transmitting terminal is the smart machine for connecting gateway, then receiving end is exactly gateway.Referring to Fig. 3, at data safety provided in this embodiment
Reason method includes:
Transmission sequence of the transmitting terminal according to instruction, the expired identification label of determine instruction;
Described instruction is written in determining expired identification label by transmitting terminal;
Transmitting terminal determines radom insertion position, radom insertion content and radom insertion length;
Transmitting terminal is using the radom insertion content as interference data, based on the determining radom insertion position and at random
Intubating length, will interfere data insertion includes in the data to be sent of instruction;
Transmitting terminal is based on random key, to the instruction (including that expired identification marks in the instruction) in the data to be sent
Symmetric cryptography is carried out with interference data, wherein the local local key used of only storage;
Receiving end is decrypted received data using the random key being locally stored;
Data are interfered in data after the removal decryption of receiving end, generate the instruction including valid data;
Receiving end obtains expired identification label from received instruction, refers to according to the expired identification marker for judgment of acquisition
It whether expired enables;
If receiving end described instruction is expired, described instruction is not executed.
The technical solution of the embodiment of the present invention, by carrying out expired judgement to instruction using expired identification label, to resist
Flow replication attacks.And attack is cracked to resist instruction by addition interference data at random.And encrypted by random key,
It resists single-point and breaks through attack, to improve the safety of data.
In addition, the safety of data, the money of the embodiment of the present invention are improved by complicated Encryption Algorithm compared to the prior art
Source consumption is few, and encryption/decryption speed is fast, influences on response speed and handling capacity small.To adapt to the low operational capability field of internet of things equipment
Scape.
It should be noted that technical teaching based on the above embodiment, those skilled in the art have motivation by above-mentioned implementation
Mode is combined, to improve the safety of data.
Example IV
Fig. 4 is a kind of structural schematic diagram for data safe processing device that the embodiment of the present invention four provides.Typically, the number
The smart machine that can be gateway according to secure processing device or connect with gateway.Referring to fig. 4, data safety provided in this embodiment
Processing unit includes: that label obtains module 10, expired judgment module 20 and secure processing module 30.
Wherein, label obtains module 10, for obtaining expired identification label from received instruction;
Expired judgment module 20, for whether expired according to the expired identification marker for judgment described instruction of acquisition;
If secure processing module 30 does not execute described instruction expired for described instruction.
The technical solution of the embodiment of the present invention, by according to the expired identification marker for judgment described instruction of acquisition whether mistake
Phase;If described instruction is expired, described instruction is not executed.So that receiving the expired instruction sent based on flow replication attacks
Afterwards, execution of the refusal to expired instruction improves the safety of data to resist flow replication attacks.
Further, the expired judgment module, comprising: sending time judging unit and the expired determination unit of instruction.
Wherein, sending time judging unit, for regarding received instruction as present instruction, according to the present instruction of acquisition
Expired identification label and it is upper one instruction in expired identification label, judge the sending time of present instruction whether earlier than upper one
The sending time of instruction, wherein a upper instruction refers to the instruction received before receiving present instruction;
Expired determination unit is instructed, if the sending time that the sending time for present instruction is instructed earlier than upper one, really
It is expired to determine present instruction.
Further, described device further include: data reception module and interference data remove module.
Wherein, data reception module receives number for described before obtaining expired identification label in received instruction
According to;
It interferes data to remove module, for removing the interference data in received data, generates the finger including valid data
It enables.
Further, described device further include: data decryption module.
Wherein, data decryption module, for the interference data in the received data of removal, generating includes valid data
Instruction before, received data are decrypted using the random key being locally stored, are used wherein local only storage is local
The key arrived.
Embodiment five
Fig. 5 is a kind of structural schematic diagram for equipment that the embodiment of the present invention five provides, as shown in figure 5, the equipment includes place
Manage device 70, memory 71, input unit 72 and output device 73;The quantity of processor 70 can be one or more in equipment,
In Fig. 5 by taking a processor 70 as an example;Processor 70, memory 71, input unit 72 and output device 73 in equipment can be with
It is connected by bus or other modes, in Fig. 5 for being connected by bus.
Memory 71 is used as a kind of computer readable storage medium, can be used for storing software program, journey can be performed in computer
Sequence and module, if the corresponding program instruction/module of the data safety processing method in the embodiment of the present invention is (for example, data are pacified
Label in full processing unit obtains module 10, expired judgment module 20 and secure processing module 30).Processor 70 passes through operation
Software program, instruction and the module being stored in memory 71, at the various function application and data of equipment
Reason, that is, realize above-mentioned data safety processing method.
Memory 71 can mainly include storing program area and storage data area, wherein storing program area can store operation system
Application program needed for system, at least one function;Storage data area, which can be stored, uses created data etc. according to terminal.This
Outside, memory 71 may include high-speed random access memory, can also include nonvolatile memory, for example, at least a magnetic
Disk storage device, flush memory device or other non-volatile solid state memory parts.In some instances, memory 71 can be further
Including the memory remotely located relative to processor 70, these remote memories can pass through network connection to equipment.It is above-mentioned
The example of network includes but is not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.
Input unit 72 can be used for receiving the number or character information of input, and generate with the user setting of equipment and
The related key signals input of function control.Output device 73 may include that display screen etc. shows equipment.
Embodiment six
The embodiment of the present invention six also provides a kind of storage medium comprising computer executable instructions, and the computer can be held
Row instruction is used to execute a kind of data safety processing method when being executed by computer processor, this method comprises:
Expired identification label is obtained from received instruction;
It is whether expired according to the expired identification marker for judgment described instruction of acquisition;
If described instruction is expired, described instruction is not executed.
Certainly, a kind of storage medium comprising computer executable instructions, computer provided by the embodiment of the present invention
The method operation that executable instruction is not limited to the described above, can also be performed data safety provided by any embodiment of the invention
Relevant operation in processing method
By the description above with respect to embodiment, it is apparent to those skilled in the art that, the present invention
It can be realized by software and required common hardware, naturally it is also possible to which by hardware realization, but in many cases, the former is more
Good embodiment.Based on this understanding, technical solution of the present invention substantially in other words contributes to the prior art
Part can be embodied in the form of software products, which can store in computer readable storage medium
In, floppy disk, read-only memory (Read-Only Memory, ROM), random access memory (Random such as computer
Access Memory, RAM), flash memory (FLASH), hard disk or CD etc., including some instructions are with so that a computer is set
Standby (can be personal computer, server or the network equipment etc.) executes method described in each embodiment of the present invention.
It is worth noting that, included each unit and module are only according to function in the embodiment of above-mentioned searcher
Energy logic is divided, but is not limited to the above division, as long as corresponding functions can be realized;In addition, each function
The specific name of energy unit is also only for convenience of distinguishing each other, the protection scope being not intended to restrict the invention.
Note that the above is only a better embodiment of the present invention and the applied technical principle.It will be appreciated by those skilled in the art that
The invention is not limited to the specific embodiments described herein, be able to carry out for a person skilled in the art it is various it is apparent variation,
It readjusts and substitutes without departing from protection scope of the present invention.Therefore, although being carried out by above embodiments to the present invention
It is described in further detail, but the present invention is not limited to the above embodiments only, without departing from the inventive concept, also
It may include more other equivalent embodiments, and the scope of the invention is determined by the scope of the appended claims.
Claims (16)
1. a kind of data safety processing method is applied to receiving end characterized by comprising
Expired identification label is obtained from received instruction;
It is whether expired according to the expired identification marker for judgment described instruction of acquisition;
If described instruction is expired, described instruction is not executed.
2. the method according to claim 1, wherein referring to described in the expired identification marker for judgment according to acquisition
It whether expired enables, comprising:
Received instruction is regard as present instruction, according in the expired identification of the present instruction of acquisition label and a upper instruction
Expired identification label judges the sending time whether sending time of present instruction instructs earlier than upper one, wherein described upper one refers to
Order refers to the instruction received before receiving present instruction;
If the sending time of present instruction is earlier than the sending time of a upper instruction, it is determined that present instruction is expired.
3. the method according to claim 1, wherein described obtain expired identification label from received instruction
Before, the method also includes:
Receive data;
The interference data in received data are removed, the instruction including valid data is generated.
4. the method according to claim 1, wherein the interference data in the received data of removal, generate
Before instruction including valid data, the method also includes:
Received data are decrypted using the random key being locally stored, wherein local only storage it is local use it is close
Key.
5. a kind of data safety processing method is applied to transmitting terminal characterized by comprising
According to the transmission of instruction sequence, the expired identification label of determine instruction;
By determining expired identification label write-in described instruction.
6. the method according to claim 1, wherein the method also includes:
Determine radom insertion position, radom insertion content and radom insertion length;
Using the radom insertion content as interference data, based on the determining radom insertion position and radom insertion length,
It includes in the data to be sent of instruction that data insertion, which will be interfered,.
7. according to the method described in claim 6, it is characterized in that, it is described using the radom insertion content as interference data,
Based on the determining radom insertion position and radom insertion length, will interfere data insertion includes in the data to be sent of instruction
Later, the method also includes:
Based on the random key being locally stored, to the instruction in the data to be sent and data is interfered to encrypt, wherein originally
Ground only stores the local key used.
8. a kind of data safe processing device is applied to receiving end characterized by comprising
Label obtains module, for obtaining expired identification label from received instruction;
Expired judgment module, for whether expired according to the expired identification marker for judgment described instruction of acquisition;
If secure processing module does not execute described instruction expired for described instruction.
9. device according to claim 8, which is characterized in that the expired judgment module, comprising:
Sending time judging unit, for regarding received instruction as present instruction, according to the expired knowledge of the present instruction of acquisition
Not Biao Ji and it is upper one instruction in expired identification label, judge present instruction sending time whether earlier than it is upper one instruction hair
The time is sent, wherein a upper instruction refers to the instruction received before receiving present instruction;
Expired determination unit is instructed, if the sending time that the sending time for present instruction is instructed earlier than upper one, it is determined that when
Preceding instruction is expired.
10. device according to claim 8, which is characterized in that described device further include:
Data reception module receives data for described before obtaining expired identification label in received instruction;
It interferes data to remove module, for removing the interference data in received data, generates the instruction including valid data.
11. device according to claim 8, which is characterized in that described device further include:
Data decryption module, for the interference data in the received data of the removal, generate include valid data instruction it
Before, received data are decrypted using the random key being locally stored, wherein the local local key used of only storage.
12. a kind of data safe processing device is applied to transmitting terminal characterized by comprising
Determining module is marked, for the transmission sequence according to instruction, the expired identification label of determine instruction;
Writing module is marked, for the expired identification determined to be marked write-in described instruction.
13. device according to claim 12, which is characterized in that described device further include:
It is inserted into determining module, for determining radom insertion position, radom insertion content and radom insertion length;
Interfere Data insertion module, for using the radom insertion content as interfering data, based on described in determining with the machine transplanting of rice
Enter position and radom insertion length, will interfere data insertion includes in the data to be sent of instruction.
14. device according to claim 13, which is characterized in that described device further include:
Data encryption module, for described using the radom insertion content as interfering data, based on described in determining with the machine transplanting of rice
Enter position and radom insertion length, after interfering in data to be sent of the data insertion including instruction, based on what is be locally stored
Random key to the instruction in the data to be sent and interferes data to encrypt, and uses wherein local only storage is local
Key.
15. a kind of equipment, which is characterized in that the equipment includes:
One or more processors;
Storage device, for storing one or more programs,
When one or more of programs are executed by one or more of processors, so that one or more of processors are real
The now data safety processing method as described in any in claim 1-4 or claim 5-7.
16. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is by processor
The data safety processing method as described in any in claim 1-4 or claim 5-7 is realized when execution.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810910011.1A CN109033830A (en) | 2018-08-10 | 2018-08-10 | Data safety processing method, device, equipment and medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810910011.1A CN109033830A (en) | 2018-08-10 | 2018-08-10 | Data safety processing method, device, equipment and medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109033830A true CN109033830A (en) | 2018-12-18 |
Family
ID=64632754
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810910011.1A Pending CN109033830A (en) | 2018-08-10 | 2018-08-10 | Data safety processing method, device, equipment and medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109033830A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114040388A (en) * | 2021-10-22 | 2022-02-11 | 四川水利职业技术学院 | Data security transmission method and system based on network duplex communication |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101945247A (en) * | 2009-07-09 | 2011-01-12 | 北京视博数字电视科技有限公司 | Message sending method and device thereof |
CN102255725A (en) * | 2011-07-16 | 2011-11-23 | 山东省数字证书认证管理有限公司 | Random hybrid key encryption/decryption method |
CN105827408A (en) * | 2015-12-03 | 2016-08-03 | 中国航天系统工程有限公司 | Timestamp technique-based industrial network security transmission method |
-
2018
- 2018-08-10 CN CN201810910011.1A patent/CN109033830A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101945247A (en) * | 2009-07-09 | 2011-01-12 | 北京视博数字电视科技有限公司 | Message sending method and device thereof |
CN102255725A (en) * | 2011-07-16 | 2011-11-23 | 山东省数字证书认证管理有限公司 | Random hybrid key encryption/decryption method |
CN105827408A (en) * | 2015-12-03 | 2016-08-03 | 中国航天系统工程有限公司 | Timestamp technique-based industrial network security transmission method |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114040388A (en) * | 2021-10-22 | 2022-02-11 | 四川水利职业技术学院 | Data security transmission method and system based on network duplex communication |
CN114040388B (en) * | 2021-10-22 | 2022-08-16 | 四川水利职业技术学院 | Data security transmission method and system based on network duplex communication |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN113542253B (en) | Network flow detection method, device, equipment and medium | |
US8719938B2 (en) | Detecting network intrusion using a decoy cryptographic key | |
KR20190033716A (en) | Apparatus and method for communication using message history-based security key using blockchain | |
CN105262773B (en) | A kind of verification method and device of Internet of things system | |
CN110868294B (en) | Key updating method, device and equipment | |
CN109743325A (en) | A kind of Brute Force attack detection method, system, equipment and storage medium | |
US9444622B2 (en) | Computing platform with system key | |
CN109194616B (en) | Industrial information safety protection system for variable frequency vector control device | |
EP3442195A1 (en) | Method and device for parsing packet | |
CN108737446A (en) | Multi-party communications method based on dual identity and system | |
CN105791244B (en) | For the method for routing change, border router and system between control domain | |
CN113472789B (en) | Attack detection method, attack detection system, storage medium and electronic device | |
CN108092937B (en) | Method and system for preventing unauthorized access of Web system | |
CA2953027A1 (en) | Method for transmitting data, method for receiving data, corresponding devices and programs | |
CN109033830A (en) | Data safety processing method, device, equipment and medium | |
CN107589999B (en) | Process communication safety channel establishing method in heaven-earth integrated engineering | |
Kloibhofer et al. | LoRaWAN with HSM as a security improvement for agriculture applications | |
CN113709129A (en) | White list generation method, device and system based on traffic learning | |
KR101792235B1 (en) | Method and system for scanning vulnerability of the network printer | |
KR101630462B1 (en) | Apparatus and Method for Securing a Keyboard | |
CN114362997B (en) | Data transmission method and device for intelligent equipment of transformer substation, intelligent equipment and medium | |
CN108390757A (en) | Processing method of communication data, device, electronic equipment, program and medium | |
CN105610811B (en) | Authentication method and its relevant equipment and system | |
CN105791233A (en) | Anti-virus scanning method and device | |
CN106790100A (en) | A kind of data storage and access control method based on asymmetric cryptographic algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181218 |
|
RJ01 | Rejection of invention patent application after publication |