CN109361508A - Data transmission method, electronic equipment and computer readable storage medium - Google Patents
Data transmission method, electronic equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN109361508A CN109361508A CN201811186139.4A CN201811186139A CN109361508A CN 109361508 A CN109361508 A CN 109361508A CN 201811186139 A CN201811186139 A CN 201811186139A CN 109361508 A CN109361508 A CN 109361508A
- Authority
- CN
- China
- Prior art keywords
- data
- electronic equipment
- encryption
- application service
- management system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 115
- 238000000034 method Methods 0.000 title claims abstract description 54
- 238000012546 transfer Methods 0.000 claims abstract description 16
- 238000004422 calculation algorithm Methods 0.000 claims description 54
- 241001269238 Data Species 0.000 claims description 4
- 238000004590 computer program Methods 0.000 description 26
- 238000012545 processing Methods 0.000 description 26
- 230000006870 function Effects 0.000 description 20
- 238000010586 diagram Methods 0.000 description 10
- 238000009434 installation Methods 0.000 description 6
- 238000012360 testing method Methods 0.000 description 5
- 230000005611 electricity Effects 0.000 description 4
- 239000011159 matrix material Substances 0.000 description 4
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical group CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000010365 information processing Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000005336 cracking Methods 0.000 description 2
- 230000005672 electromagnetic field Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 108091064702 1 family Proteins 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 239000011800 void material Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Algebra (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Physics & Mathematics (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of data transmission method, electronic equipment and computer readable storage medium.The data transmission method includes: to obtain the stamped signature of safety element in the electronic equipment when receiving data transfer instruction;The stamped signature to the key management system is sent to be verified;When the stamped signature passes through verifying, the first encryption data and the first random data that application service voucher, the key management system that the key management system is sent generate are received;The second encryption data is generated according to the application service voucher;Verify first encryption data;When first encryption data passes through verifying, second encryption data is sent to the key management system and is verified;When second encryption data passes through verifying, logs in the application service platform and carry out data transmission.The present invention can effectively ensure that the safety and high efficiency of data transmission, and convenient for operation, user experience is more preferably.
Description
Technical field
The present invention relates to field of communication technology more particularly to a kind of data transmission methods, electronic equipment and computer-readable
Storage medium.
Background technique
With the high speed development of technology of Internet of things, internet of things equipment is dispersed throughout the various industries of entire society.Such as it is intelligent
The equipment such as intelligent appliance, door lock in house system, train, automobile, public bicycle and enterprise operation in the vehicles
The equipment such as equipment remote monitoring.And most of in these equipment are based on dedicated data transmission unit (Data
Transmission Unit, DTU) it is dynamic to be interacted with cloud platform as gateway, technology of Internet of things is brought to entire society
High intelligence and simplicity, but the safety of data transmission also brings challenge to society.
Commonly used data transmission unit or gateway at present, can only realize the transparent transmission characteristic of data, the safety of data according to
Rely in the processing of terminal device itself.And the producer of terminal device is dispersed throughout all trades and professions, therefore terminal device can not be required to add
Enter safe practice and carries out capital input.In order to guarantee the safety of data transmission, section terminating equipment manufacturer is using fixation
Key carrys out encryption system, and individually completes encryption and decryption data by the processor on plate.Specifically include following 3 kinds of modes:
(1) data transmission unit initial data transparent transmission.
The equipment that this mode is unable to satisfy the demand of existing equipment Internet of Things networking, especially industrial circle is usually relatively more high
Expensive, deployment time and service life are all longer, it is few then 3 years, more then 10 years.
(2) encryption data is completed using MCU (Micro-Controller Unit, micro-control unit).
This mode is usually the encryption key fixed in server and equipment end setting, implements symmetrical encryption and decryption data, though
Reinforced in safety, but equipment encryption information is easy to be cracked by network monitoring, and once an equipment is cracked,
The equipment of his respective model can also be cracked
(3) RSA (RSA algorithm) Encryption Algorithm encrypting and deciphering system is used.
This mode resource consumption and delay are higher, are mainly used for high-end application processor.
Above-mentioned 3 kinds of modes can not effectively solve the safety issue of data transmission, cause inconvenience to the user.
Summary of the invention
In view of the foregoing, it is necessary to a kind of data transmission method, electronic equipment and computer readable storage medium are provided,
Can effectively ensure that data transmission safety and high efficiency, and can real-time update, Hybrid Encryption mode convenient for operation, to use
Bring better experience in family.
A kind of data transmission method is applied to electronic equipment, the electronic equipment and key management system and application service
Platform communicates, which comprises
When receiving data transfer instruction, the stamped signature of safety element in the electronic equipment is obtained;
The stamped signature to the key management system is sent to be verified;
When the stamped signature passes through verifying, application service voucher, the key that the key management system is sent are received
The first encryption data and the first random data that management system generates;
The second encryption data is generated according to the application service voucher;
Verify first encryption data;
When first encryption data passes through verifying, second encryption data is sent to the key management system
It is verified;
When second encryption data passes through verifying, logs in the application service platform and carry out data transmission.
Preferred embodiment according to the present invention, the data transfer instruction that receives include any of the following mode:
Detect the signal that the electronic equipment goes offline;Or
Receive the signal that the electronic equipment is transmitted every prefixed time interval trigger data;Or
Receive the signal in the transmission of preset time trigger data of the electronic equipment configuration;Or
Receive the signal of user's trigger data transmission.
Preferred embodiment according to the present invention, described to include according to the second encryption data of application service voucher generation:
The user identity for obtaining safety element in the electronic equipment proves UID;
The electricity is generated in conjunction with the application service voucher and the UID using elliptic curve encryption algorithm ECC Encryption Algorithm
Second session key of sub- equipment;
First random number is encrypted in conjunction with second session key using Advanced Encryption Standard AES encryption algorithm
According to generate second encryption data.
Preferred embodiment according to the present invention, it is described log in the application service platform and carry out data transmission include:
Receive the primary data uploaded;
When the primary data is the configuration data of the electronic equipment, the electronics is configured according to the configuration data
Equipment;Or
When the primary data is data to be transmitted, using AES encryption algorithm, the data to be transmitted is added
It is close, transmit encrypted data to be transmitted.
Preferred embodiment according to the present invention, the encrypted data to be transmitted of transmission include:
When the data to be transmitted is that the terminal device communicated with the electronic equipment uploads, by the number to be transmitted
According to being sent to the application service platform;Or
When the data to be transmitted is that the application service platform uploads, the data to be transmitted is sent to the end
End equipment.
Preferred embodiment according to the present invention, the method also includes:
When second encryption data is unverified, the electronic equipment is forbidden to log in the application service platform.
A kind of data transmission method is applied to key management system, the key management system and electronic equipment and application
Service platform communicates, which comprises
Receive the stamped signature of safety element in the electronic equipment;
Verify the stamped signature;
When the stamped signature passes through verifying, application service voucher is obtained from the application service platform;
The first encryption data is generated according to the application service voucher;
Generate the first random data;
The application service voucher, first encryption data and first random data are sent to the electronics to set
It is standby, so that the electronic equipment verifies first encryption data;
When first encryption data passes through verifying, the second encryption data that the electronic equipment is sent is received;
Verify second encryption data.
Preferred embodiment according to the present invention, described to include according to the first encryption data of application service voucher generation:
Obtain the second random data that the UID of safety element and the electronic equipment generate in the electronic equipment;
The key management system is generated in conjunction with the application service voucher and the UID using secure hash algorithm
First session key;
Second random data is encrypted in conjunction with first session key using AES encryption algorithm, described in generating
First encryption data.
A kind of data transmission device runs on electronic equipment, the electronic equipment and key management system and application service
Platform communicates, and described device includes:
Acquiring unit, for when receiving data transfer instruction, obtaining the stamped signature of safety element in the electronic equipment;
Transmission unit is verified for sending the stamped signature to the key management system;
Receiving unit, the application service sent for when the stamped signature passes through verifying, receiving the key management system
The first encryption data and the first random data that voucher, the key management system generate;
Generation unit, for generating the second encryption data according to the application service voucher;
Authentication unit, for verifying first encryption data;
The transmission unit is also used to when first encryption data passes through verifying, and second encryption data is sent out
It send to the key management system and is verified;
Unit is logged in, for the application service platform being logged in and being counted when second encryption data passes through verifying
According to transmission.
Preferred embodiment according to the present invention, the data transfer instruction that receives include any of the following mode:
Detect the signal that the electronic equipment goes offline;Or
Receive the signal that the electronic equipment is transmitted every prefixed time interval trigger data;Or
Receive the signal in the transmission of preset time trigger data of the electronic equipment configuration;Or
Receive the signal of user's trigger data transmission.
Preferred embodiment according to the present invention, the generation unit are specifically used for:
The user identity for obtaining safety element in the electronic equipment proves UID;
The electricity is generated in conjunction with the application service voucher and the UID using elliptic curve encryption algorithm ECC Encryption Algorithm
Second session key of sub- equipment;
First random number is encrypted in conjunction with second session key using Advanced Encryption Standard AES encryption algorithm
According to generate second encryption data.
Preferred embodiment according to the present invention, the login unit are specifically used for:
Receive the primary data uploaded;
When the primary data is the configuration data of the electronic equipment, the electronics is configured according to the configuration data
Equipment;Or
When the primary data is data to be transmitted, using AES encryption algorithm, the data to be transmitted is added
It is close, transmit encrypted data to be transmitted.
Preferred embodiment according to the present invention, the encrypted data to be transmitted of transmission include:
When the data to be transmitted is that the terminal device communicated with the electronic equipment uploads, by the number to be transmitted
According to being sent to the application service platform;Or
When the data to be transmitted is that the application service platform uploads, the data to be transmitted is sent to the end
End equipment.
Preferred embodiment according to the present invention, described device further include:
Forbid unit, for when second encryption data is unverified, forbidding described in the electronic equipment login
Application service platform.
A kind of data transmission system runs on key management system, the key management system and electronic equipment and application
Service platform communicates, the system comprises:
Receiving module, for receiving the stamped signature of safety element in the electronic equipment;
Authentication module, for verifying the stamped signature;
Module is obtained, for obtaining application service voucher from the application service platform when the stamped signature passes through verifying;
Generation module, for generating the first encryption data according to the application service voucher;
The generation module is also used to generate the first random data;
Sending module, for sending out the application service voucher, first encryption data and first random data
It send to the electronic equipment, so that the electronic equipment verifies first encryption data;
The receiving module is also used to when first encryption data passes through verifying, is received the electronic equipment and is sent
The second encryption data;
The authentication module is also used to verify second encryption data.
Preferred embodiment according to the present invention, the generation module are specifically used for:
Obtain the second random data that the UID of safety element and the electronic equipment generate in the electronic equipment;
The key management system is generated in conjunction with the application service voucher and the UID using secure hash algorithm
First session key;
Second random data is encrypted in conjunction with first session key using AES encryption algorithm, described in generating
First encryption data.
A kind of electronic equipment, the electronic equipment include:
Processor;And
Memory, the instruction stored in the memory are executed by the processor to realize the transmission side data
Method.
A kind of computer readable storage medium, the instruction stored in the computer readable storage medium is by electronic equipment
Processor execute to realize the data transmission method.
A kind of key management system, the key management system include:
Processing equipment;And
Equipment is stored, the instruction stored in the storage device is executed by the processing equipment to realize that the data pass
Transmission method.
A kind of computer readable storage medium, the instruction stored in the computer readable storage medium is by key management system
Processing equipment in system is executed to realize the data transmission method.
As can be seen from the above technical solutions, the present invention can be after verifying stamped signature, then authenticated key management system is sent
The first session key the second meeting is generated according to the application service voucher and when first session key passes through verifying
Key is talked about, to guarantee the safety of data transmission, while key generating mode is simple, flexible, logical in second session key
It when crossing the verifying of the key management system, logs in the application service platform and carries out data transmission, further data are transmitted
Carry out safety guarantee, have high efficiency, and can real-time update, Hybrid Encryption mode convenient for operation, brought preferably to user
Experience.
Detailed description of the invention
Fig. 1 is the applied environment figure for the preferred embodiment that the present invention realizes data transmission method.
Fig. 2 is the flow chart of the preferred embodiment of data transmission method of the present invention.
Fig. 3 is the flow chart of the another preferred embodiment of data transmission method of the present invention.
Fig. 4 is the functional block diagram of the preferred embodiment of data transmission device of the present invention.
Fig. 5 is the functional block diagram of the preferred embodiment of data transmission system of the present invention.
Fig. 6 is the structural schematic diagram of the electronic equipment for the preferred embodiment that the present invention realizes data transmission method.
Fig. 7 is the structural schematic diagram of the key management system for the preferred embodiment that the present invention realizes data transmission method.
Main element symbol description
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, right in the following with reference to the drawings and specific embodiments
The present invention is described in detail.
As shown in Figure 1, Fig. 1 is the applied environment figure for the preferred embodiment that the present invention realizes data transmission method.Electronics is set
Standby 1 is communicated two-by-two with key management system 2 and application service platform 3, and the electronic equipment 1 is also communicated with terminal device 4
Letter.
Wherein, the electronic equipment 1 can be an information transmission unit (Data Transmission Unit, DUT),
And there is safety element;
The key management system (Key Manage System, KMS) 2 is used to authenticate the electronic equipment 1,
And realize the data communication of the electronic equipment 1 and the application service platform 3;
The application service platform 3 is used to provide registering service to the electronic equipment 1, and mentions to the electronic equipment 1
For service and data;
The terminal device 4 is used to upload data to the electronic equipment 1.
As shown in Fig. 2, being the flow chart of the preferred embodiment of data transmission method of the present invention.According to different requirements, should
The sequence of step can change in flow chart, and certain steps can be omitted.
The data transmission method is applied in one or more electronic equipment 1, and the electronic equipment 1 is that one kind can
According to the instruction for being previously set or storing, the automatic equipment for carrying out numerical value calculating and/or information processing, hardware includes but unlimited
In microprocessor, specific integrated circuit (Application Specific Integrated Circuit, ASIC), may be programmed
Gate array (Field-Programmable Gate Array, FPGA), digital processing unit (Digital Signal
Processor, DSP), embedded device etc..
The electronic equipment 1 can be any electronic product that human-computer interaction can be carried out with user, for example, personal meter
Calculation machine, tablet computer, smart phone, personal digital assistant (Personal Digital Assistant, PDA), game machine, friendship
Mutual formula Web TV (Internet Protocol Television, IPTV), intellectual wearable device etc..
The electronic equipment 1 can also include the network equipment and/or user equipment.Wherein, the network equipment includes, but
It is not limited to single network server, the server group of multiple network servers composition or based on cloud computing (Cloud
Computing the cloud being made of a large amount of hosts or network server).
Network locating for the electronic equipment 1 include but is not limited to internet, wide area network, Metropolitan Area Network (MAN), local area network, it is virtual specially
With network (Virtual Private Network, VPN) etc..
S10, when receiving data transfer instruction, the electronic equipment 1 obtains safety element in the electronic equipment 1
Stamped signature.
In at least one embodiment of the present invention, the safety element (Secure Element, SE) is a kind of chip,
External malice parsing attack can be prevented, data safety is protected, there is encryption and decryption logic, the safety in the chips
The write-in private key information of element is non-readable, wherein the processing of the electromagnetic field for algorithm, can pass through analysis institute to avoid hacker
It states the parameters such as the electromagnetism of safety element and cracks system, in this way, even if hacker can crack an equipment, if also to crack other
Equipment, hacker will spend same cost to crack, without because cracking for equipment, leads to whole system equipment quilt
It cracks.
In at least one embodiment of the present invention, there is stamped signature in the safety element, it can by verifying the stamped signature
Further to identify the identity of the electronic equipment 1, to confirm whether the electronic equipment 1 has the permission of corresponding operating.
In at least one embodiment of the present invention, the electronic equipment 1 receives data transfer instruction and includes, but unlimited
In any one following mode:
(1) electronic equipment 1 detects the signal that the electronic equipment 1 goes offline.
Specifically, during carrying out data transmission, if the electronic equipment 1 goes offline suddenly, in data transmission
It is disconnected, at this point, the electronic equipment 1 will re-establish connection, to realize that data continue to transmit.
(2) electronic equipment 1 receives the letter that the electronic equipment 1 is transmitted every prefixed time interval trigger data
Number.
Specifically, the electronic equipment 1 takes the mode of clocked flip.
Further, the prefixed time interval can be configured by the electronic equipment 1, can also be by the electronics
The setting that equipment 1 receives user configures, and this is not restricted by the present invention.
Such as: the prefixed time interval may include 1 hour, 12 hours etc..
(3) electronic equipment 1 receives the letter in the transmission of preset time trigger data that the electronic equipment 1 configures
Number.
Specifically, the preset time can be configured by the electronic equipment 1, either, the preset time
It can be custom-configured by the user, more to meet the actual demand of user, the present invention is not limited.
Further, when configuring the preset time by the electronic equipment 1, the electronic equipment 1 is available to be gone through
History configuration mode, and the preset time is configured according to the history configuration mode, to improve the standard of the preset time configuration
True property.
Such as: the preset time can be 9 points of the morning etc. of 12 days 12 months.
(4) electronic equipment 1 receives the signal of user's trigger data transmission.
Specifically, the signal of user's trigger data transmission may include, but be not limited to following one or more
Combination:
1) user touches the signal of configuration key.Wherein, the configuration key can be physical button, be also possible to
Virtual key.
2) the configuration voice signal of user's input.Such as: the configuration voice signal may include that " log-on data passes
It is defeated " etc. voices.The configuration voice signal can carry out customized setting by the user.Certainly, the electronic equipment 1 may be used also
It is verified with the configuration voice signal inputted to the user (including content and the tone color of voice etc. for verifying voice), with true
The permission whether fixed user there is log-on data to transmit.
S11, the electronic equipment 1 send the stamped signature to the key management system 2 and are verified.
In at least one embodiment of the present invention, the key management system 2 can be with electronic equipment 1 described in connection and institute
Application service platform 3 is stated, the key management system 2 has the permission for decrypting and verifying the stamped signature.
S12, when the stamped signature passes through verifying, the electronic equipment 1 receives the application that the key management system 2 is sent
The first encryption data and the first random data that service evidence, the key management system 2 generate.
In at least one embodiment of the present invention, the application service voucher is generated by the application service platform 3, is not had
There are specific data format and building form, the application service voucher is a data related with application service.
S13, the electronic equipment 1 generate the second encryption data according to the application service voucher.
In at least one embodiment of the present invention, the electronic equipment 1 generates second according to the application service voucher
Encryption data includes:
The electronic equipment 1 obtains UID (User Identification, the use of safety element in the electronic equipment 1
Family proof of identification), and ECC (Elliptic curve cryptography, elliptic curve encryption algorithm) Encryption Algorithm is used, in conjunction with
The application service voucher and the UID generate the second session key of the electronic equipment 1, and the electronic equipment 1 is using high
Grade Encryption Standard AES (Advanced Encryption Standard, Advanced Encryption Standard) Encryption Algorithm, in conjunction with described second
Session key encrypts first random data, to generate second encryption data.
Specifically, the ECC Encryption Algorithm is a kind of unsymmetrical tridiagonal matrix algorithm, and the AES encryption algorithm is a kind of right
Title formula Encryption Algorithm.The electronic equipment 1 using Hybrid Encryption algorithm, (calculate by unsymmetrical tridiagonal matrix algorithm ECC and symmetry encryption
Method AES) it is encrypted, to more ensure safety.Again due to the randomness of second random data, then more ensure that
Data safety.
S14, the electronic equipment 1 verify first encryption data.
In at least one embodiment of the present invention, the electronic equipment 1 verifies first encryption data and includes:
The electronic equipment 1 decrypts first encryption data, obtains second for generating first encryption data
Random data, and determine whether second random data is correct, to verify first encryption data.Wherein, described second
Encryption data is generated by the key management system 2.
Specifically, when first encryption data is correct, subsequent step is executed;When first encryption data is incorrect
When, stop the correlation step of data transmission.
S15, when first encryption data passes through verifying, the electronic equipment 1 sends second encryption data
It is verified to the key management system 2.
In at least one embodiment of the present invention, second encryption data is sent to described by the electronic equipment 1
Key management system 2 is verified, to obtain logging in the license of the application service platform 3.
S16, when second encryption data passes through verifying, the electronic equipment 1 log in the application service platform 3 into
The transmission of row data.
In at least one embodiment of the present invention, the electronic equipment 1 logs in the application service platform 3 and carries out data
Transmission includes:
The electronic equipment 1 receives the primary data uploaded, when the configuration number that the primary data is the electronic equipment 1
According to when, the electronic equipment 1 configures the electronic equipment 1 according to the configuration data;Either, when the primary data be to
When transmitting data, the electronic equipment 1 uses AES encryption algorithm, encrypts to the data to be transmitted, the electronic equipment
The 1 encrypted data to be transmitted of transmission.
Further, the electronic equipment 1 transmits encrypted data to be transmitted and includes:
When the data to be transmitted is that the terminal device 4 communicated with the electronic equipment uploads, the electronic equipment 1
The data to be transmitted is sent to the application service platform 3;
Either, when the data to be transmitted is that the application service platform 3 uploads, the electronic equipment 1 will be described
Data to be transmitted is sent to the terminal device 4.
By above embodiment, the electronic equipment 1 can be realized flat in the terminal device 4 and the application service
Data transmission between platform 3 avoids the insecurity for directly transmitting data.
Specifically, the configuration data is the configuration item of the electronic equipment 1, such as: firmware update etc., to realize to institute
State the management of electronic equipment 1.
In at least one embodiment of the present invention, when second encryption data is unverified, forbid the electricity
Sub- equipment 1 logs in the application service platform 3, to guarantee the safety of data transmission.
In conclusion obtaining the stamped signature of safety element in the electronic equipment when receiving data transfer instruction;It sends
The stamped signature to the key management system is verified;When the stamped signature passes through verifying, the key management system is received
The first encryption data and the first random data that application service voucher, the key management system of transmission generate;According to described
Application service voucher generates the second encryption data;Verify first encryption data;When first encryption data passes through verifying
When, second encryption data is sent to the key management system and is verified;When second encryption data is by testing
When card, logs in the application service platform and carry out data transmission.The present invention can effectively ensure that the safety of data transmission, and add
Close mode is simple, flexible, convenient for operation, brings better experience to user.
As shown in figure 3, being the flow chart of the another preferred embodiment of data transmission method of the present invention.According to different need
It asks, the sequence of step can change in the flow chart, and certain steps can be omitted.
S20, the key management system 2 receive the stamped signature of safety element in the electronic equipment 1.
S21, the key management system 2 verify the stamped signature.
S22, when the stamped signature passes through verifying, the key management system 2 is obtained from the application service platform 3 and is applied
Service evidence.
In at least one embodiment of the present invention, the key management system 2 can be answered according to the stamped signature from described
Application service voucher is obtained with service platform 3, so that the application service voucher is corresponding with the request of the electronic equipment 1.
Certainly, in other embodiments, the electronic equipment 1 can also take other modes obtain the application service with
Card, the present invention do not limit.
S23, the key management system 2 generate the first encryption data according to the application service voucher.
In at least one embodiment of the present invention, the key management system 2 is generated according to the application service voucher
First encryption data includes:
The key management system 2 obtains the UID of safety element and the electronic equipment 1 in the electronic equipment 1 and generates
The second random data, and use secure hash (Secure Hash Algorithm, SHA) algorithm, in conjunction with the application service
Voucher and the UID, generate the first session key of the key management system 2, and the key management system 2 is added using AES
Close algorithm encrypts second random data, in conjunction with first session key to generate first encryption data.
S24, the key management system 2 generate the first random data.
S25, the key management system 2 by the application service voucher, first encryption data and described first with
Machine data are sent to the electronic equipment 1, so that the electronic equipment 1 verifies first encryption data.
S26, when first encryption data passes through verifying, the key management system 2 receives the electronic equipment 1 and sends out
The second encryption data sent.
S27, the key management system 2 verify second encryption data.
In conclusion the key management system 2 receives the stamped signature of safety element in the electronic equipment;Verify the label
Chapter;When the stamped signature passes through verifying, application service voucher is obtained from the application service platform;According to the application service with
Card generates the first encryption data;Generate the first random data;By the application service voucher, first encryption data and described
First random data is sent to the electronic equipment, so that the electronic equipment verifies first encryption data;When described
When one encryption data passes through verifying, the second encryption data that the electronic equipment is sent is received;Verify second encryption data.
The present invention can effectively ensure that the safety of data transmission, and cipher mode is simple, flexible, convenient for operation, brings more to user
Good experience.
As shown in figure 4, being the functional block diagram of the preferred embodiment of data transmission device of the present invention.The data transmission dress
Setting 11 includes acquiring unit 110, transmission unit 111, receiving unit 112, authentication unit 113, generation unit 114, login unit
115 and forbid unit 116.So-called module/the unit of the present invention refers to that one kind can be performed by processor 13, and can be complete
At the series of computation machine program segment of fixed function, storage is in memory 12.In the present embodiment, about each module/mono-
The function of member will be described in detail in subsequent embodiment.
When receiving data transfer instruction, acquiring unit 110 obtains the stamped signature of safety element in the electronic equipment 1.
In at least one embodiment of the present invention, the safety element is a kind of chip, can prevent external malice from solving
Analysis attack, protects data safety, has encryption and decryption logic, the write-in private key information of the safety element in the chips
It is non-readable, wherein the processing of the electromagnetic field for algorithm, can pass through the electromagnetism etc. of the analysis safety element to avoid hacker
Parameter cracks system, in this way, if also to crack other equipment, hacker will spend together even if hacker can crack an equipment
Deng cost cracked, without causing whole system equipment to be cracked because of cracking for equipment.
In at least one embodiment of the present invention, there is stamped signature in the safety element, it can by verifying the stamped signature
Further to identify the identity of the electronic equipment 1, to confirm whether the electronic equipment 1 has the permission of corresponding operating.
In at least one embodiment of the present invention, the electronic equipment 1 receives data transfer instruction and includes, but unlimited
In any one following mode:
(1) electronic equipment 1 detects the signal that the electronic equipment 1 goes offline.
Specifically, during carrying out data transmission, if the electronic equipment 1 goes offline suddenly, in data transmission
It is disconnected, at this point, the electronic equipment 1 will re-establish connection, to realize that data continue to transmit.
(2) electronic equipment 1 receives the letter that the electronic equipment 1 is transmitted every prefixed time interval trigger data
Number.
Specifically, the electronic equipment 1 takes the mode of clocked flip.
Further, the prefixed time interval can be configured by the electronic equipment 1, can also be by the electronics
The setting that equipment 1 receives user configures, and this is not restricted by the present invention.
Such as: the prefixed time interval may include 1 hour, 12 hours etc..
(3) electronic equipment 1 receives the letter in the transmission of preset time trigger data that the electronic equipment 1 configures
Number.
Specifically, the preset time can be configured by the electronic equipment 1, either, the preset time
It can be custom-configured by the user, more to meet the actual demand of user, the present invention is not limited.
Further, when configuring the preset time by the electronic equipment 1, the electronic equipment 1 is available to be gone through
History configuration mode, and the preset time is configured according to the history configuration mode, to improve the standard of the preset time configuration
True property.
Such as: the preset time can be 9 points of the morning etc. of 12 days 12 months.
(4) electronic equipment 1 receives the signal of user's trigger data transmission.
Specifically, the signal of user's trigger data transmission may include, but be not limited to following one or more
Combination:
1) user touches the signal of configuration key.Wherein, the configuration key can be physical button, be also possible to
Virtual key.
2) the configuration voice signal of user's input.Such as: the configuration voice signal may include that " log-on data passes
It is defeated " etc. voices.The configuration voice signal can carry out customized setting by the user.Certainly, the electronic equipment 1 may be used also
It is verified with the configuration voice signal inputted to the user (including content and the tone color of voice etc. for verifying voice), with true
The permission whether fixed user there is log-on data to transmit.
Transmission unit 111 sends the stamped signature to the key management system 2 and is verified.
In at least one embodiment of the present invention, the key management system 2 can be with electronic equipment 1 described in connection and institute
Application service platform 3 is stated, the key management system 2 has the permission for decrypting and verifying the stamped signature.
When the stamped signature passes through verifying, receiving unit 112 receive application service that the key management system 2 is sent with
The first encryption data and the first random data that card, the key management system 2 generate.
In at least one embodiment of the present invention, the application service voucher is generated by the application service platform 3, is not had
There are specific data format and building form, the application service voucher is a data related with application service.
Generation unit 114 generates the second encryption data according to the application service voucher.
In at least one embodiment of the present invention, the generation unit 114 generates the according to the application service voucher
Two encryption datas include:
The generation unit 114 obtain safety element in the electronic equipment 1 UID (User Identification,
User identity proves), and ECC (Elliptic curve cryptography, elliptic curve encryption algorithm) Encryption Algorithm is used, knot
The application service voucher and the UID are closed, the second session key of the electronic equipment 1 is generated, the generation unit 114 is adopted
With Advanced Encryption Standard AES (Advanced Encryption Standard, Advanced Encryption Standard) Encryption Algorithm, in conjunction with described
Second session key encrypts first random data, to generate second encryption data.
Specifically, the ECC Encryption Algorithm is a kind of unsymmetrical tridiagonal matrix algorithm, and the AES encryption algorithm is a kind of right
Title formula Encryption Algorithm.The generation unit 114 uses Hybrid Encryption algorithm (unsymmetrical tridiagonal matrix algorithm ECC and symmetry encryption
Algorithm AES) it is encrypted, to more ensure safety.Again due to the randomness of second random data, then more guarantee
Data safety.
Authentication unit 113 verifies first encryption data.
In at least one embodiment of the present invention, the authentication unit 113 verifies first encryption data and includes:
The authentication unit 113 decrypts first encryption data, obtains for generating first encryption data
Two random data, and determine whether second random data is correct, to verify first encryption data.Wherein, described
Two encryption datas are generated by the key management system 2.
Specifically, when first encryption data is correct, subsequent step is executed;When first encryption data is incorrect
When, stop the correlation step of data transmission.
When first encryption data passes through verifying, second encryption data is sent to by the transmission unit 111
The key management system 2 is verified.
In at least one embodiment of the present invention, second encryption data is sent to institute by the transmission unit 111
It states key management system 2 to be verified, to obtain logging in the license of the application service platform 3.
When second encryption data passes through verifying, logs in unit 115 and log in the progress of application service platform 3 data
Transmission.
In at least one embodiment of the present invention, the login unit 115 logs in the application service platform 3 and is counted
Include: according to transmission
The unit 115 that logs in receives the primary data uploaded, when the configuration that the primary data is the electronic equipment 1
When data, the login unit 115 configures the electronic equipment 1 according to the configuration data;Either, when the primary data
When for data to be transmitted, the login unit 115 uses AES encryption algorithm, encrypts to the data to be transmitted, described to step on
Record unit 115 transmits encrypted data to be transmitted.
Further, the login unit 115 transmits encrypted data to be transmitted and includes:
When the data to be transmitted is that the terminal device 4 communicated with the electronic equipment uploads, the login unit
The data to be transmitted is sent to the application service platform 3 by 115;
Either, when the data to be transmitted is that the application service platform 3 uploads, the login unit 115 is by institute
It states data to be transmitted and is sent to the terminal device 4.
By above embodiment, the login unit 115 be can be realized in the terminal device 4 and the application service
Data transmission between platform 3 avoids the insecurity for directly transmitting data.
Specifically, the configuration data is the configuration item of the electronic equipment 1, such as: firmware update etc., to realize to institute
State the management of electronic equipment 1.
In at least one embodiment of the present invention, when second encryption data is unverified, forbid unit 116
The login unit 115 is forbidden to log in the application service platform 3, to guarantee the safety of data transmission.
In conclusion obtaining the stamped signature of safety element in the electronic equipment when receiving data transfer instruction;It sends
The stamped signature to the key management system is verified;When the stamped signature passes through verifying, the key management system is received
The first encryption data and the first random data that application service voucher, the key management system of transmission generate;According to described
Application service voucher generates the second encryption data;Verify first encryption data;When first encryption data passes through verifying
When, second encryption data is sent to the key management system and is verified;When second encryption data is by testing
When card, logs in the application service platform and carry out data transmission.The present invention can effectively ensure that the safety of data transmission, and add
Close mode is simple, flexible, convenient for operation, brings better experience to user.
As shown in figure 5, being the functional block diagram of the preferred embodiment of data transmission system of the present invention.The data transmission system
System 20 includes receiving module 220, authentication module 221, obtains module 222, generation module 223, sending module 224.Institute of the present invention
Module/unit of title refers to that one kind can be performed by equipment 23 processed, and can complete the series of computation of fixed function
Machine program segment, storage is in storage device 22.It in the present embodiment, will be in subsequent reality about the function of each module/unit
It applies in example and is described in detail.
Receiving module 220 receives the stamped signature of safety element in the electronic equipment 1.
Authentication module 221 verifies the stamped signature.
When the stamped signature passes through verifying, module 222 is obtained from the application service platform 3 and obtains application service voucher.
In at least one embodiment of the present invention, the acquisition module 222 can be according to the stamped signature from the application
Service platform 3 obtains application service voucher, so that the application service voucher is corresponding with the request of the electronic equipment 1.
Certainly, in other embodiments, the acquisition module 222 can also take other modes to obtain the application service
Voucher, the present invention do not limit.
Generation module 223 generates the first encryption data according to the application service voucher.
In at least one embodiment of the present invention, the generation module 223 generates the according to the application service voucher
One encryption data includes:
The generation module 223 obtains what the UID of safety element and the electronic equipment 1 in the electronic equipment 1 generated
Second random data, and the key pipe is generated in conjunction with the application service voucher and the UID using secure hash algorithm
First session key of reason system 2, the generation module 223 are added using AES encryption algorithm in conjunction with first session key
Close second random data, to generate first encryption data.
The generation module 223 generates the first random data.
Sending module 224 sends the application service voucher, first encryption data and first random data
To the electronic equipment 1, so that the electronic equipment 1 verifies first encryption data.
When first encryption data passes through verifying, the receiving module 220 receive that the electronic equipment 1 sends the
Two encryption datas.
The authentication module 221 verifies second encryption data.
In conclusion receiving the stamped signature of safety element in the electronic equipment;Verify the stamped signature;When the stamped signature passes through
When verifying, application service voucher is obtained from the application service platform;The first encryption number is generated according to the application service voucher
According to;Generate the first random data;The application service voucher, first encryption data and first random data are sent
To the electronic equipment, so that the electronic equipment verifies first encryption data;When first encryption data is by testing
When card, the second encryption data that the electronic equipment is sent is received;Verify second encryption data.The present invention can be protected effectively
The safety of data transmission is demonstrate,proved, and cipher mode is simple, flexible, convenient for operation, brings better experience to user.
As shown in fig. 6, being the structural schematic diagram of the electronic equipment for the preferred embodiment that the present invention realizes data transmission method.
The electronic equipment 1 be it is a kind of can according to the instruction for being previously set or store, automatic progress numerical value calculating and/or
The equipment of information processing, hardware include but is not limited to microprocessor, specific integrated circuit (Application Specific
Integrated Circuit, ASIC), programmable gate array (Field-Programmable Gate Array, FPGA), number
Word processing device (Digital Signal Processor, DSP), embedded device etc..
The electronic equipment 1, which can also be but not limited to any one, to pass through keyboard, mouse, remote controler, touching with user
The modes such as template or voice-operated device carry out the electronic product of human-computer interaction, for example, personal computer, tablet computer, smart phone,
Personal digital assistant (Personal Digital Assistant, PDA), game machine, Interactive Internet TV (Internet
Protocol Television, IPTV), intellectual wearable device etc..
The electronic equipment 1 can also be that the calculating such as desktop PC, notebook, palm PC and cloud server are set
It is standby.
Network locating for the electronic equipment 1 include but is not limited to internet, wide area network, Metropolitan Area Network (MAN), local area network, it is virtual specially
With network (Virtual Private Network, VPN) etc..
In one embodiment of the invention, the electronic equipment 1 includes, but are not limited to memory 12, processor 13,
And it is stored in the computer program that can be run in the memory 12 and on the processor 13, such as data transmit journey
Sequence.
It will be understood by those skilled in the art that the schematic diagram is only the example of electronic equipment 1, not structure paired electrons
The restriction of equipment 1 may include perhaps combining certain components or different components, example than illustrating more or fewer components
Such as described electronic equipment 1 can also include input-output equipment, network access equipment, bus.
Alleged processor 13 can be central processing unit (Central Processing Unit, CPU), can also be
Other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit
(Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processor
Deng the processor 13 is arithmetic core and the control centre of the electronic equipment 1, entire using various interfaces and connection
The various pieces of electronic equipment 1, and execute the operating system of the electronic equipment 1 and types of applications program, the program of installation
Code etc..
The processor 13 executes the operating system of the electronic equipment 1 and the types of applications program of installation.The place
Reason device 13 executes the application program to realize the step in above-mentioned each data transmission method embodiment, such as shown in FIG. 1
Step S10, S11, S12, S13, S14, S15, S16.
Alternatively, the processor 13 realizes each module in above-mentioned each Installation practice/mono- when executing the computer program
The function of member, such as: when receiving data transfer instruction, obtain the stamped signature of safety element in the electronic equipment;Send institute
Stamped signature to the key management system is stated to be verified;When the stamped signature passes through verifying, the key management system hair is received
The first encryption data and the first random data that application service voucher, the key management system sent generates;It is answered according to described
The second encryption data is generated with service evidence;Verify first encryption data;When first encryption data passes through verifying,
Second encryption data is sent to the key management system to verify;When second encryption data passes through verifying
When, it logs in the application service platform and carries out data transmission.
Illustratively, the computer program can be divided into one or more module/units, one or more
A module/unit is stored in the memory 12, and is executed by the processor 13, to complete the present invention.It is one
Or multiple module/units can be the series of computation machine program instruction section that can complete specific function, the instruction segment is for retouching
State implementation procedure of the computer program in the electronic equipment 1.It is obtained for example, the computer program can be divided into
Unit 110 is taken, transmission unit 111, receiving unit 112, authentication unit 113, generation unit 114, unit 115 is logged in and forbids list
Member 116.
The memory 12 can be used for storing the computer program and/or module, the processor 13 by operation or
The computer program and/or module being stored in the memory 12 are executed, and calls the data being stored in memory 12,
Realize the various functions of the electronic equipment 1.The memory 12 can mainly include storing program area and storage data area,
In, storing program area can application program needed for storage program area, at least one function (such as sound-playing function, image
Playing function etc.) etc.;Storage data area, which can be stored, uses created data (such as audio data, phone directory according to mobile phone
Deng) etc..In addition, memory 12 may include high-speed random access memory, it can also include nonvolatile memory, such as firmly
Disk, memory, plug-in type hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital,
SD) block, flash card (Flash Card), at least one disk memory, flush memory device or other volatile solid-states
Part.
The memory 12 can be the external memory and/or internal storage of electronic equipment 1.Further, described
Memory 12 can be the circuit with store function for not having physical form in integrated circuit, such as RAM (Random-Access
Memory, random access memory), FIFO (First In First Out) etc..Alternatively, the memory 12 is also possible to
Memory with physical form, such as memory bar, TF card (Trans-flash Card).
If the integrated module/unit of the electronic equipment 1 is realized in the form of SFU software functional unit and as independent
Product when selling or using, can store in a computer readable storage medium.Based on this understanding, the present invention is real
All or part of the process in existing above-described embodiment method, can also instruct relevant hardware come complete by computer program
At the computer program can be stored in a computer readable storage medium, which is being executed by processor
When, it can be achieved that the step of above-mentioned each embodiment of the method.
Wherein, the computer program includes computer program code, and the computer program code can be source code
Form, object identification code form, executable file or certain intermediate forms etc..The computer-readable medium may include: can
Carry any entity or device, recording medium, USB flash disk, mobile hard disk, magnetic disk, CD, computer of the computer program code
Memory, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access
Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It should be noted that the computer-readable medium
The content for including can carry out increase and decrease appropriate according to the requirement made laws in jurisdiction with patent practice, such as in certain departments
Method administrative area does not include electric carrier signal and telecommunication signal according to legislation and patent practice, computer-readable medium.
In conjunction with Fig. 2, the memory 12 in the electronic equipment 1 stores multiple instruction to realize a kind of transmission side data
The multiple instruction can be performed to realize in method, the processor 13: when receiving data transfer instruction, obtaining the electronics
The stamped signature of safety element in equipment;The stamped signature to the key management system is sent to be verified;When the stamped signature is by testing
When card, the first encryption number that application service voucher, the key management system that the key management system is sent generate is received
According to and the first random data;The second encryption data is generated according to the application service voucher;Verify first encryption data;When
When first encryption data passes through verifying, second encryption data is sent to the key management system and is verified;
When second encryption data passes through verifying, logs in the application service platform and carry out data transmission.
Preferred embodiment according to the present invention, the data transfer instruction that receives include any of the following mode:
Detect the signal that the electronic equipment goes offline;Or
Receive the signal that the electronic equipment is transmitted every prefixed time interval trigger data;Or
Receive the signal in the transmission of preset time trigger data of the electronic equipment configuration;Or
Receive the signal of user's trigger data transmission.
Preferred embodiment according to the present invention, the processor 13 also execute multiple instruction and include:
The user identity for obtaining safety element in the electronic equipment proves UID;
The electricity is generated in conjunction with the application service voucher and the UID using elliptic curve encryption algorithm ECC Encryption Algorithm
Second session key of sub- equipment;
First random number is encrypted in conjunction with second session key using Advanced Encryption Standard AES encryption algorithm
According to generate second encryption data.
Preferred embodiment according to the present invention, the processor 13 also execute multiple instruction and include:
Receive the primary data uploaded;
When the primary data is the configuration data of the electronic equipment, the electronics is configured according to the configuration data
Equipment;Or
When the primary data is data to be transmitted, using AES encryption algorithm, the data to be transmitted is added
It is close, transmit encrypted data to be transmitted.
Preferred embodiment according to the present invention, the processor 13 also execute multiple instruction and include:
When the data to be transmitted is that the terminal device communicated with the electronic equipment uploads, by the number to be transmitted
According to being sent to the application service platform;Or
When the data to be transmitted is that the application service platform uploads, the data to be transmitted is sent to the end
End equipment.
Preferred embodiment according to the present invention, the processor 13 also execute multiple instruction and include:
When second encryption data is unverified, the electronic equipment is forbidden to log in the application service platform.
Specifically, the processor 13 can refer to the concrete methods of realizing of above-metioned instruction related in Fig. 2 corresponding embodiment
The description of step, this will not be repeated here.
As shown in fig. 7, being that the present invention realizes that the structure of key management system of the preferred embodiment of data transmission method is shown
It is intended to.
The key management system 2 is that one kind can be automatic to carry out numerical value calculating according to the instruction for being previously set or storing
And/or the equipment of information processing, hardware include but is not limited to microprocessor, specific integrated circuit (Application
Specific Integrated Circuit, ASIC), programmable gate array (Field-Programmable Gate
Array, FPGA), digital processing unit (Digital Signal Processor, DSP), embedded device etc..
The key management system 2 can also be that desktop PC, notebook, palm PC and cloud server etc. are counted
Calculate equipment.
Network locating for the key management system 2 includes but is not limited to internet, wide area network, Metropolitan Area Network (MAN), local area network, void
Quasi- dedicated network (Virtual Private Network, VPN) etc..
In one embodiment of the invention, the key management system 2 includes, but are not limited to store equipment 22, processing
Equipment 23, and it is stored in the computer program that can be run in the storage equipment 22 and in the processing equipment 23, such as
Data distributing program.
It will be understood by those skilled in the art that the schematic diagram is only the example of key management system 2, do not constitute pair
The restriction of key management system 2 may include perhaps combining certain components or difference than illustrating more or fewer components
Component, such as the key management system 2 can also include input-output equipment, network access equipment, bus etc..
Alleged processing equipment 23 can be central processing unit (Central Processing Unit, CPU), can be with
It is other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit
(Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processor
Deng the processing equipment 23 is arithmetic core and the control centre of the key management system 2, and various interfaces and route is utilized to connect
Connect the various pieces of entire key management system 2, and execute the key management system 2 operating system and installation it is all kinds of
Application program, program code etc..
The processing equipment 23 executes the operating system of the key management system 2 and the types of applications program of installation.
The processing equipment 23 executes the application program to realize the step in above-mentioned each data transmission method embodiment, such as schemes
Step S20, S21, S22, S23, S24, S25, S26, S27 shown in 3.
Alternatively, the processing equipment 23 realized when executing the computer program each module in above-mentioned each Installation practice/
The function of unit, such as: receive the stamped signature of safety element in the electronic equipment;Verify the stamped signature;When the stamped signature passes through
When verifying, application service voucher is obtained from the application service platform;The first encryption number is generated according to the application service voucher
According to;Generate the first random data;The application service voucher, first encryption data and first random data are sent
To the electronic equipment, so that the electronic equipment verifies first encryption data;When first encryption data is by testing
When card, the second encryption data that the electronic equipment is sent is received;Verify second encryption data.
Illustratively, the computer program can be divided into one or more module/units, one or more
A module/unit is stored in the storage equipment 22, and is executed by the processing equipment 23, to complete the present invention.It is described
One or more module/units can be the series of computation machine program instruction section that can complete specific function, which uses
In implementation procedure of the description computer program in the key management system 2.For example, the computer program can be by
It is divided into receiving module 220, authentication module 221, obtains module 222, generation module 223, sending module 224.
The storage equipment 22 can be used for storing the computer program and/or module, and the processing equipment 23 passes through fortune
Row executes the computer program being stored in the storage equipment 22 and/or module, and calls and be stored in storage equipment 22
Interior data realize the various functions of the key management system 2.The storage equipment 22 can mainly include storing program area and
Storage data area, wherein storing program area can (such as the sound of application program needed for storage program area, at least one function
Playing function, image player function etc.) etc.;Storage data area, which can be stored, uses created data (such as sound according to mobile phone
Frequency evidence, phone directory etc.) etc..In addition, storage equipment 22 may include high-speed random access memory, it can also include non-volatile
Property memory, such as hard disk, memory, plug-in type hard disk, intelligent memory card (Smart Media Card, SMC), secure digital
(Secure Digital, SD) card, flash card (Flash Card), at least one disk memory, flush memory device or other
Volatile solid-state part.
The storage equipment 22 can be the external memory and/or internal storage of key management system 2.Further
Ground, the storage equipment 22 can be the circuit with store function for not having physical form in integrated circuit, such as RAM
(Random-Access Memory, random access memory), FIFO (First In First Out) etc..Alternatively, described deposit
Storage equipment 22 is also possible to the memory with physical form, such as memory bar, TF card (Trans-flash Card).
If the integrated module/unit of the key management system 2 is realized in the form of SFU software functional unit and as only
Vertical product when selling or using, can store in a computer readable storage medium.Based on this understanding, this hair
All or part of the process in bright realization above-described embodiment method, can also be instructed by computer program relevant hardware come
It completes, the computer program can be stored in a computer readable storage medium, which holds by processor
When row, it can be achieved that the step of above-mentioned each embodiment of the method.
Wherein, the computer program includes computer program code, and the computer program code can be source code
Form, object identification code form, executable file or certain intermediate forms etc..The computer-readable medium may include: can
Carry any entity or device, recording medium, USB flash disk, mobile hard disk, magnetic disk, CD, computer of the computer program code
Memory, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access
Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It should be noted that the computer-readable medium
The content for including can carry out increase and decrease appropriate according to the requirement made laws in jurisdiction with patent practice, such as in certain departments
Method administrative area does not include electric carrier signal and telecommunication signal according to legislation and patent practice, computer-readable medium.
In conjunction with Fig. 3, the storage equipment 22 storage multiple instruction in the key management system 2 is to realize a kind of data
The multiple instruction can be performed to realize in transmission method, the processing equipment 23: receiving safety element in the electronic equipment
Stamped signature;Verify the stamped signature;When the stamped signature passes through verifying, application service voucher is obtained from the application service platform;
The first encryption data is generated according to the application service voucher;Generate the first random data;By the application service voucher, described
First encryption data and first random data are sent to the electronic equipment, so that electronic equipment verifying described first
Encryption data;When first encryption data passes through verifying, the second encryption data that the electronic equipment is sent is received;Verifying
Second encryption data.
Preferred embodiment according to the present invention, the processing equipment 23 also execute multiple instruction and include:
Obtain the second random data that the UID of safety element and the electronic equipment generate in the electronic equipment;
The key management system is generated in conjunction with the application service voucher and the UID using secure hash algorithm
First session key;
Second random data is encrypted in conjunction with first session key using AES encryption algorithm, described in generating
First encryption data.
Specifically, the processing equipment 23 can refer to phase in Fig. 3 corresponding embodiment to the concrete methods of realizing of above-metioned instruction
The description of step is closed, this will not be repeated here.
In several embodiments provided by the present invention, it should be understood that disclosed system, device and method can be with
It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the module
It divides, only a kind of logical function partition, there may be another division manner in actual implementation.
The module as illustrated by the separation member may or may not be physically separated, aobvious as module
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.Some or all of the modules therein can be selected to realize the mesh of this embodiment scheme according to the actual needs
's.
It, can also be in addition, each functional module in each embodiment of the present invention can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of hardware adds software function module.
It is obvious to a person skilled in the art that invention is not limited to the details of the above exemplary embodiments, Er Qie
In the case where without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.
Therefore, in all respects, the present embodiments are to be considered as illustrative and not restrictive, this
The range of invention is indicated by the appended claims rather than the foregoing description, it is intended that the equivalent requirements of the claims will be fallen in
All changes in meaning and scope are included in the present invention.Any attached associated diagram label in claim should not be considered as limit
Claim involved in making.
Furthermore, it is to be understood that one word of " comprising " does not exclude other units or steps, odd number is not excluded for plural number.In system claims
The multiple units or device of statement can also be implemented through software or hardware by a unit or device.Second equal words are used
It indicates title, and does not indicate any particular order.
Finally it should be noted that the above examples are only used to illustrate the technical scheme of the present invention and are not limiting, although reference
Preferred embodiment describes the invention in detail, those skilled in the art should understand that, it can be to of the invention
Technical solution is modified or equivalent replacement, without departing from the spirit and scope of the technical solution of the present invention.
Claims (10)
1. a kind of data transmission method, be applied to electronic equipment, which is characterized in that the electronic equipment and key management system and
Application service platform communicates, which comprises
When receiving data transfer instruction, the stamped signature of safety element in the electronic equipment is obtained;
The stamped signature to the key management system is sent to be verified;
When the stamped signature passes through verifying, application service voucher, the key management that the key management system is sent are received
The first encryption data and the first random data that system generates;
The second encryption data is generated according to the application service voucher;
Verify first encryption data;
When first encryption data passes through verifying, second encryption data is sent to the key management system and is carried out
Verifying;
When second encryption data passes through verifying, logs in the application service platform and carry out data transmission.
2. data transmission method as described in claim 1, which is characterized in that the data transfer instruction that receives includes following
Any one mode:
Detect the signal that the electronic equipment goes offline;Or
Receive the signal that the electronic equipment is transmitted every prefixed time interval trigger data;Or
Receive the signal in the transmission of preset time trigger data of the electronic equipment configuration;Or
Receive the signal of user's trigger data transmission.
3. data transmission method as described in claim 1, which is characterized in that described to generate the according to the application service voucher
Two encryption datas include:
The user identity for obtaining safety element in the electronic equipment proves UID;
It generates the electronics in conjunction with the application service voucher and the UID using elliptic curve encryption algorithm ECC Encryption Algorithm and sets
The second standby session key;
First random data is encrypted in conjunction with second session key using Advanced Encryption Standard AES encryption algorithm, with
Generate second encryption data.
4. data transmission method as described in claim 1, which is characterized in that the login application service platform is counted
Include: according to transmission
Receive the primary data uploaded;
When the primary data is the configuration data of the electronic equipment, the electronics is configured according to the configuration data and is set
It is standby;Or
When the primary data is data to be transmitted, using AES encryption algorithm, the data to be transmitted is encrypted, is passed
Defeated encrypted data to be transmitted.
5. data transmission method as claimed in claim 4, which is characterized in that the encrypted data to be transmitted packet of transmission
It includes:
When the data to be transmitted is that the terminal device communicated with the electronic equipment uploads, the data to be transmitted is sent out
It send to the application service platform;Or
When the data to be transmitted is that the application service platform uploads, the data to be transmitted is sent to the terminal and is set
It is standby.
6. data transmission method as described in claim 1, which is characterized in that the method also includes:
When second encryption data is unverified, the electronic equipment is forbidden to log in the application service platform.
7. a kind of data transmission method is applied to key management system, which is characterized in that the key management system is set with electronics
Standby and application service platform communicates, which comprises
Receive the stamped signature of safety element in the electronic equipment;
Verify the stamped signature;
When the stamped signature passes through verifying, application service voucher is obtained from the application service platform;
The first encryption data is generated according to the application service voucher;
Generate the first random data;
The application service voucher, first encryption data and first random data are sent to the electronic equipment,
So that the electronic equipment verifies first encryption data;
When first encryption data passes through verifying, the second encryption data that the electronic equipment is sent is received;
Verify second encryption data.
8. data transmission method as claimed in claim 7, which is characterized in that described to generate the according to the application service voucher
One encryption data includes:
Obtain the second random data that the UID of safety element and the electronic equipment generate in the electronic equipment;
The first of the key management system is generated in conjunction with the application service voucher and the UID using secure hash algorithm
Session key;
Second random data is encrypted, in conjunction with first session key to generate described first using AES encryption algorithm
Encryption data.
9. a kind of electronic equipment, which is characterized in that the electronic equipment includes:
Processor;And
Memory, the instruction stored in the memory are executed by the processor to realize as any in claim 1 to 6
One data transmission method.
10. a kind of computer readable storage medium, it is characterised in that: the instruction quilt stored in the computer readable storage medium
Processor in electronic equipment is executed to realize the data transmission method as described in any one of claim 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811186139.4A CN109361508B (en) | 2018-10-11 | 2018-10-11 | Data transmission method, electronic device and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811186139.4A CN109361508B (en) | 2018-10-11 | 2018-10-11 | Data transmission method, electronic device and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109361508A true CN109361508A (en) | 2019-02-19 |
| CN109361508B CN109361508B (en) | 2022-11-18 |
Family
ID=65348866
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811186139.4A Expired - Fee Related CN109361508B (en) | 2018-10-11 | 2018-10-11 | Data transmission method, electronic device and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109361508B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110011995A (en) * | 2019-03-26 | 2019-07-12 | 阿里巴巴集团控股有限公司 | Encryption and decryption approaches and device in multi-casting communication |
| CN110324143A (en) * | 2019-05-24 | 2019-10-11 | 平安科技(深圳)有限公司 | Data transmission method, electronic equipment and storage medium |
| CN111080296A (en) * | 2019-12-05 | 2020-04-28 | 深圳前海微众银行股份有限公司 | Verification method and device based on block chain system |
| CN111400701A (en) * | 2020-03-31 | 2020-07-10 | 广东金宇恒软件科技有限公司 | Public financial system for processing data at high speed |
| CN112100696A (en) * | 2019-06-17 | 2020-12-18 | 旺宏电子股份有限公司 | Memory device and safe reading method thereof |
| CN112242901A (en) * | 2019-07-16 | 2021-01-19 | 中国移动通信集团浙江有限公司 | Service verification method, device, device and computer storage medium |
| WO2021129511A1 (en) * | 2019-12-23 | 2021-07-01 | 华为技术有限公司 | Communication method, and related product |
| CN114710359A (en) * | 2022-04-15 | 2022-07-05 | 辽宁工控科技有限公司 | Industrial network dynamic key management method and industrial network encryption communication method |
| CN114785596A (en) * | 2022-04-22 | 2022-07-22 | 贵州爱信诺航天信息有限公司 | An industrial control service platform, method and storage medium based on domestic password |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101277234A (en) * | 2007-03-28 | 2008-10-01 | 华为技术有限公司 | A home network and login method |
| US20100268937A1 (en) * | 2007-11-30 | 2010-10-21 | Telefonaktiebolaget L M Ericsson (Publ) | Key management for secure communication |
| CN103346885A (en) * | 2013-06-26 | 2013-10-09 | 飞天诚信科技股份有限公司 | Method for activating token equipment |
| CN106549966A (en) * | 2016-10-31 | 2017-03-29 | 美的智慧家居科技有限公司 | Method, system, home appliance and mobile terminal that communication security grade switches |
| CN107094156A (en) * | 2017-06-21 | 2017-08-25 | 北京明朝万达科技股份有限公司 | A kind of safety communicating method and system based on P2P patterns |
-
2018
- 2018-10-11 CN CN201811186139.4A patent/CN109361508B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101277234A (en) * | 2007-03-28 | 2008-10-01 | 华为技术有限公司 | A home network and login method |
| US20100268937A1 (en) * | 2007-11-30 | 2010-10-21 | Telefonaktiebolaget L M Ericsson (Publ) | Key management for secure communication |
| CN103346885A (en) * | 2013-06-26 | 2013-10-09 | 飞天诚信科技股份有限公司 | Method for activating token equipment |
| CN106549966A (en) * | 2016-10-31 | 2017-03-29 | 美的智慧家居科技有限公司 | Method, system, home appliance and mobile terminal that communication security grade switches |
| CN107094156A (en) * | 2017-06-21 | 2017-08-25 | 北京明朝万达科技股份有限公司 | A kind of safety communicating method and system based on P2P patterns |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110011995A (en) * | 2019-03-26 | 2019-07-12 | 阿里巴巴集团控股有限公司 | Encryption and decryption approaches and device in multi-casting communication |
| CN110011995B (en) * | 2019-03-26 | 2021-04-09 | 创新先进技术有限公司 | Encryption and decryption method and device in multicast communication |
| CN110324143A (en) * | 2019-05-24 | 2019-10-11 | 平安科技(深圳)有限公司 | Data transmission method, electronic equipment and storage medium |
| CN110324143B (en) * | 2019-05-24 | 2022-03-11 | 平安科技(深圳)有限公司 | Data transmission method, electronic device and storage medium |
| WO2020237868A1 (en) * | 2019-05-24 | 2020-12-03 | 平安科技(深圳)有限公司 | Data transmission method, electronic device, server and storage medium |
| CN112100696A (en) * | 2019-06-17 | 2020-12-18 | 旺宏电子股份有限公司 | Memory device and safe reading method thereof |
| CN112242901A (en) * | 2019-07-16 | 2021-01-19 | 中国移动通信集团浙江有限公司 | Service verification method, device, device and computer storage medium |
| CN112242901B (en) * | 2019-07-16 | 2023-09-19 | 中国移动通信集团浙江有限公司 | Service verification methods, devices, equipment and computer storage media |
| CN111080296A (en) * | 2019-12-05 | 2020-04-28 | 深圳前海微众银行股份有限公司 | Verification method and device based on block chain system |
| CN111080296B (en) * | 2019-12-05 | 2023-12-01 | 深圳前海微众银行股份有限公司 | Verification method and device based on blockchain system |
| WO2021129511A1 (en) * | 2019-12-23 | 2021-07-01 | 华为技术有限公司 | Communication method, and related product |
| CN111400701A (en) * | 2020-03-31 | 2020-07-10 | 广东金宇恒软件科技有限公司 | Public financial system for processing data at high speed |
| CN114710359A (en) * | 2022-04-15 | 2022-07-05 | 辽宁工控科技有限公司 | Industrial network dynamic key management method and industrial network encryption communication method |
| CN114710359B (en) * | 2022-04-15 | 2024-02-06 | 沈阳邦粹科技有限公司 | Industrial network dynamic key management method and industrial network encryption communication method |
| CN114785596A (en) * | 2022-04-22 | 2022-07-22 | 贵州爱信诺航天信息有限公司 | An industrial control service platform, method and storage medium based on domestic password |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109361508B (en) | 2022-11-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11711219B1 (en) | PKI-based user authentication for web services using blockchain | |
| EP4120114A1 (en) | Data processing method and apparatus, smart device and storage medium | |
| CN109361508A (en) | Data transmission method, electronic equipment and computer readable storage medium | |
| CN108965230B (en) | Secure communication method, system and terminal equipment | |
| US10003582B2 (en) | Technologies for synchronizing and restoring reference templates | |
| US20160080157A1 (en) | Network authentication method for secure electronic transactions | |
| US9641340B2 (en) | Certificateless multi-proxy signature method and apparatus | |
| CN109067528A (en) | Crypto-operation, method, cryptographic service platform and the equipment for creating working key | |
| CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
| CN110177124A (en) | Identity identifying method and relevant device based on block chain | |
| CN109361512A (en) | Data transmission method | |
| CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
| CN113329004B (en) | Authentication method, system and device | |
| Chang et al. | A practical secure and efficient enterprise digital rights management mechanism suitable for mobile environment | |
| CN110266653A (en) | A kind of method for authenticating, system and terminal device | |
| CN106533677A (en) | User login method, user terminal and server | |
| US20240388438A1 (en) | Data processing method and apparatus, program product, computer device, and storage medium | |
| CN113328854B (en) | Service processing method and system based on block chain | |
| US11496287B2 (en) | Privacy preserving fully homomorphic encryption with circuit verification | |
| CN109005187A (en) | A kind of communication information guard method and device | |
| CN116095671B (en) | Resource sharing method based on meta universe and related equipment thereof | |
| CN114374519B (en) | Data transmission method, system and equipment | |
| CN112994882B (en) | Authentication method, device, medium and equipment based on block chain | |
| CN109547404A (en) | The acquisition methods and server of data | |
| CN105471579B (en) | A kind of trust login method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20221028 Address after: Room 701, 702, 705, Floor 6, Building 3, Yard 29, North Third Ring Road Middle, Xicheng District, Beijing 100032 Applicant after: Lianyang Guorong (Beijing) Technology Co.,Ltd. Address before: 518,000 1502 Tianliao Building, Tianliao Industrial Zone A, Taoyuan Street, Nanshan District, Shenzhen, Guangdong Applicant before: SHENZHEN JEANSWAY TECHNOLOGY Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20221118 |