CN109787986A - File fragmentation public network safe transmission method - Google Patents
File fragmentation public network safe transmission method Download PDFInfo
- Publication number
- CN109787986A CN109787986A CN201910084493.4A CN201910084493A CN109787986A CN 109787986 A CN109787986 A CN 109787986A CN 201910084493 A CN201910084493 A CN 201910084493A CN 109787986 A CN109787986 A CN 109787986A
- Authority
- CN
- China
- Prior art keywords
- point
- file
- data
- public network
- subfile
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention proposes one kind under public network environment, the method for transmission file that can be safe and reliable.The method is characterized in that: 1) being transferred to the file of B point from A point, turn to minimum 2 subfiles transmitted by fragment in A point first.2) subfile transmitted is transferred to B point respectively by minimum two communication channels that are independent, being respectively in public network.3) among A point or B point, an a minimum of point has isolation node at it on the communication channel between public network.CPU on the isolation node is to run in the environment of non-OS, and only in the case where being isolated control a little, complete to receive the verifying of file, forwarding, abandon work.The method can effectively resist file in the transmission process under public network environment, the 4 kinds of typical security attacks that may be met with;And node is isolated to the natural immunity of various network attack means, to ensure that be isolated a little can also be from various network attacks.
Description
Technical field
The present invention relates to one kind under public network environment, the method for safe transmission file.
Background technique
File transmission is everybody indispensable primary demand of modern society.The file transmitted by public network, safe transmission
It is its basic demand.With internet application come it is more extensive, more and more files be by internet this up to now
Coverage area is most wide, transmission speed is high, transmits very convenient public network is transmitted.Pass through along with more and more files
Internet is transmitted, and the security assurance requirements of file transmission are also increasing.
In general, the file transfer activities carried out under the conditions of public network, safety will receive attacking from 3 aspects
It hits: 1) being intercepted.File will be transferred to B point from A point originally, but actual transmissions have arrived C point, and B point is confiscated.2) it is replaced
It changes.For file A from A point, that B point receives is file B.3) it is peeped.File has been transferred to B point, but text from A point
Part transfer copies have arrived C point.In the environment of applying more extensive internet instantly, the file transfer activities of progress can also
By another more severe and more intractable security attack --- Trojan horse attack, both under public network state, from A
The file of point transmission is added to virus in C point, is taken to B point, and the file transmitted by public network becomes challenge virus
Carrier.
Firewall is the standard configuration of current the Internet application server, but cruel reality is firewall above 4
In kind of challenge, being defeated without exception.
There is an urgent need to one kind in the industry transmits file under public network environment, is highly resistant to above 4 kinds of security challenges, safety
Document transmission method, with protection in this application range of internet and under going deep into the widest public network environment of the lives of the people, peace
Complete reliable transmission file, effectively resists above 4 kinds of attacks.
Summary of the invention
To cope under public network environment, the 4 kinds of security challenges necessarily faced in file transmission, the present invention is devised in public affairs
Under net environment, the technical solution of Implementation of File Transfer is carried out from A point to B point.Technical scheme is as follows:
1) on the public network between A point and B point, minimum two communication channels independently are established.Described is independent logical
Channel is interrogated it is characterized by: the two channels, or by different communication operators, or with different mechanicss of communication
Form.
2) it is transferred to the file of B point from A point, before transmission, first completes fragmentation work in A point, both needed to pass by portion
Defeated file, minimum variation are 2 parts of subfiles transmitted in public network, and a copy of it subfile is after making a variation by transmission text
Part, comprising restoring the control information of variation and the verification information of verification reception file correctness in another subfile;This two
One's share of expenses for a joint undertaking file is in public network, by communication channel independent, is transferred to B point from A point.The method of file variation includes but not
It is limited to following several basic skills: 1) is inserted into data and was inserted into the data of several bits both in burst of data string.2) it removes
Data, if both rejecting the data of the kilo byte in burst of data string from this serial data.3) replacement data, both by a string of numbers
According to the data in string, substituted with other data.4) segment data was divided into two serial datas both by burst of data string.
3) in A, B two o'clock, between the channel that an a minimum of point is connected with public network, insertion isolation node.It is described every
From node, it is characterised in that: 1) CPU on isolation node described in is run in the environment of operating system.2) described in
Be isolated node under the control for being isolated point (A point or B point), can only complete the verification of received file, forward (verification passes through,
The file received is forwarded to and is isolated node), abandon (verification do not pass through, abandon received file).
The advantages of the present invention program, is:
1) fragmentation of file, multi channel transmission mode so that intercepted on public network completely by transmission file it is difficult at
The growth of exponential form.As long as a possibility that variation rationally, obtains all or part of effective information from the subfile of fragmentation
It is substantially zeroed.Thus can effectively it evade under public network environment, the security risk peeped in document transmission process.Together
Reason, the various network security attacks based on peeping successfully also will effectively be contained.
2) design of the isolation node of the CPU operation under the support of non-OS, had both established and has been isolated point (A
Point or B point) with the communication channel between public network, and can effectively evade isolation node operating system on security breaches, to by every
From point (A point or B point) issuable harm.The isolation node described simultaneously by being isolated control a little, accordingly even when every
The subfile for being infected virus is had received from node, virus can also be filtered out or abandons entire infected subfile, to make
Obtain the carrier that can not be become challenge virus by transmission subfile.
3) CPU being isolated on node is run under non-OS, so that isolation node is to instantly and following various
Network attack means have natural immunity.This natural immunity to various network attack means, both can fully ensure that
The safety of file transmission under public network environment, and can guarantee and be isolated a little far from various network attacks.
Detailed description of the invention
Fig. 1: A point is the same as B point transmission channel schematic diagram.
Fig. 2: isolation 1 structural schematic diagram of node.
Fig. 3: isolation 3 structural schematic diagram of node.
Fig. 4: server and access terminals are connected to the network schematic diagram.
Fig. 5: the schematic diagram that mobile phone is connected with server.
Fig. 6: the schematic diagram that more mobile phones are connected with server.
Specific embodiment
The content of present invention is described in detail with embodiment with reference to the accompanying drawings of the specification.
Fig. 1 A point is the same as B point transmission channel schematic diagram.
Wherein:
1) A point, isolation node 1, computer 1, internet, computer 2, isolation node 2, B point, constitute and pass from A point to No. 1 of B point
Defeated channel.Transmission file on the channel after the most variation of prevailing transmission.
2) A point, isolation node 3, mobile network, isolation node 4, B point, constitute No. 2 transmission channels from A point to B point.It should
Transmission information on channel, is transmitted in the form of point-to-point short message.
3) A point, isolation node 5, telephone network, isolation node 6, B point, constitute No. 3 transmission channels from A point to B point.
In general, the transmission channel being made of No. 1 channel and No. 2 channels, is automatically performed the file transmission of fragmentation.3
Number transmission channel is completed mostly important transmission channel and is controlled then in directly the presencing of authorization staff of A point and B point
The transmitting and input of parameter.As A, B two o'clock simultaneously/SIM card in change isolation node 3/4 respectively, and by corresponding mobile phone
Number is input in the system of A, B two o'clock.
Fig. 2: isolation 1 structural schematic diagram of node.
Isolation node 1 is mainly made of CPU, RS232 communication port, RAM.It is installed additional on the RS232 mouth being wherein connected with A point
Photoisolator, to fully achieve isolation node with the electrical connection of A point.Another RS232 mouthfuls is connected with computer 1.
Isolation node 1 will receive the subfile transmitted from computer 1, be temporarily stored in RAM;By the subfile after verification, pass
It is defeated into A point.Not over the subfile of verification, then discard.
The CPU of node 1 is isolated because not being to operate under operating system environment, therefore 1) do not have to the safety danger for worrying system vulnerability
Evil.2) its virus to any form, there is natural immunocompetence.Even if isolation node has received the Ziwen of virus infection
Part, it can also filter out transmission subfile in the data flow for being infected virus.
Structure, the function that node 2 is isolated are identical with isolation node 1.
Fig. 3: isolation 3 structural schematic diagram of node.
Isolation node 3 is mainly made of CPU, RS232 communication port, GSM communication module, SIM card, RAM.Node 3 is isolated will
The short message by verifying received is transferred to A point by RS232 communication port.
Structure, the function that node 4 is isolated are identical with isolation node 3.
It is described in detail under Fig. 1 network structure with specific implementation process below, file fragmentation public network safety
The working principle of transmission method.
Task object: B point is transferred to from A point by file M:
Step 1:
The total bytes of file M are calculated, take " 0FFFFh " as the crc value of initial value.Obtain short message subfile 1, short message Ziwen
Part 1 includes filename, file size, the first byte value of file, the second byte value, crc value of file M.
Step 2:
It is 3 parts of substantially isometric subfiles (subfile 2/3/4) by file M cutting, equally calculates the text of these three subfiles
Part length, using 0FFFFh as initial value crc value.Obtain short message subfile 2/3/4.Short message subfile 2/3/4 includes to respectively correspond
The filename of three subfiles, file size, the first byte value of file, the second byte value, crc value.
Step 3:
By the data of subfile, with 7 bits for a data unit lengths, on the position D7 " 1 " of one bit of radom insertion or
" 0 ", it is random to insert " 1 " or " 0 " in the data bit lacked if the last byte is discontented with 8 bits.It gives birth to by this method
At subfile 5/6/7, the file size of these three subfiles is equally calculated, using 0FFFFh as initial value crc value.It obtains short
Believe subfile 5/6/7.Short message subfile 5/6/7 includes the filename, file size, file for respectively corresponding three subfiles
One byte value, the second byte value, crc value.
Step 4:
Subfile 5 is transferred to isolation node 2 by isolation node 1, computer 1, internet, computer 2 by A point, by short message subfile
2/5, by the way that node 3 is isolated in a manner of short message, issues isolation node 4.
Step 5:
Isolation node 2 calculates separately out the crc value of insertion random data bits and rejects the crc value of the random data bits of insertion, and
B point is reported, file 2 is then correctly uploaded into B point, mistake then abandons received data.
Step 6:
Step 4, step 5 are repeated, until B point receives subfile 2/3/4, last parameter of the B point in short message subfile 1, to receipts
To subfile 2/3/4 do last verifying, subfile 2/3/4 is then correctly spliced into file M.Mistake, which is then abandoned, to be received
Data.
Fig. 4: server and access terminals are connected to the network schematic diagram.
Fig. 4 is the connection schematic diagram of all Internet applications instantly.The safeguard protection of server is realized by firewall.
Under this network connection conditions, today safety firewall, centainly will appear security breaches tomorrow.And eventually from server to online
On the public network path for holding that length long, whoever does not know that how many eyes are being looked at from the data passed by the moment, but everyone
Both knowing about centainly has more than eyes looking at that from the data passed by the moment.On wechat, Alipay or Internetbank, this is checked
When should understand a lot of sensitivity digital (such as Bank Account Number) shown, it is seen that be by a lot of " * " plus several to have
The desensitization number that limit number is constituted.The reason of causing this phenomenon is exactly that today, nobody can guarantee, is run on public network
Come the sensitive data in the data flow run to, will not be peeped by people intentionally.So to the sensitive data in public transfers on network
(such as Bank Account Number), best bet is exactly that first desensitization (both a large amount of effective digital was substituted by " * ") is transmitted again at present.
Fig. 5: the schematic diagram that mobile phone is connected with server.
Fig. 5 is the schematic diagram that mobile phone is connected with server.In this figure, mobile phone is the same as there is 3 communication channels between server.
Channel 1: the short message channel being made of mobile phone, mobile network, isolation node 3, server.
Channel 2: the mobile network data channel being made of mobile phone, mobile network, server
Channel 3: the fixed network data channel being made of mobile phone, wifi, fixed network, computer 1, isolation node 1, server.
Under this condition of contact, check that sensitive data (such as checks bank's account on Alipay, wechat or Internetbank in mobile phone terminal
Number) when, server can be transferred on mobile phone terminal by two or three communication channel by complete sensitive data.
And if person of peeping will challenge the file fragmentation public network safe transmission method under the condition of contact such as Fig. 5, in public affairs
The online necessary condition for intercepting sensitive data is: 1) invading 3 communication lines.2) a data server is established, receives and intercepts
The data come are compared, integrate, restore to the data received.Person of peeping under the conditions of Fig. 5, under the conditions of Fig. 4
Person of peeping for, undoubtedly difficulty is significantly increased that (Fig. 5 will invade 3 communication lines, and pilferage is likely to success;As long as Fig. 4 enters
Invading 1 just can centainly steal success), efficiency declines to a great extent, and (in the case where all invading for 3, maximum probability cannot guarantee that Fig. 5
Effective sensitive data can be stolen, as long as Fig. 4 then invades a node in wherein 1 communication channel, as long as by this
The sensitive data of a node, is all necessarily stolen).
Fig. 6: the schematic diagram that more mobile phones are connected with server.
Fig. 6 is the schematic diagram that more mobile phones are connected with server.Under the condition of contact of this schematic diagram, mobile phone 1(or mobile phone 2)
It, will be increasingly complex with the communication channel between server.This complexity not only shows the increasing (incessantly just like figure of communication channel
Each mobile phone indicated in 5 also adds between " machine is man-machine " not being identified in Fig. 6, " machine with the channel between server
Communication channel between everybody machine "), the infinite extension of region where more showing mobile phone.With this condition, single with regard to sensitive data
This effective antitheft data security indicator for, a possibility that sensitive data is stolen, is greatly diminished, thus it is corresponding
The safety of the sensitive data of public network transmission is then greatly improved.
Claims (5)
1. file fragmentation public network safe transmission method, it is characterised in that: it is transferred to the file of B point by public network from A point, 1)
Before transmission, 2 at least are turned to by subfile to be transmitted by fragment in A point first;2) subfile described at least passes through two
A independent, in public network environment communication channel, is respectively transmitted to B point;3) among A point or B point, an a minimum of point
With having isolation node on the communication channel of every between public network.
2. fragmentation according to claim 1, it is characterised in that: the file for transmitting a needs, minimum variation are 2 parts
The subfile transmitted in public network, a copy of it subfile is after variation by transmission file, comprising extensive in another subfile
The control information and verification that make a variation again receive the verification information of file correctness;Two one's share of expenses for a joint undertaking files are in by independent
Communication channel under public network environment is transferred to B point from A point.
3. independent communication channel according to claim 1, it is characterised in that: the independent communication channel, or
It is runed respectively by different communication operators respectively, or with different mechanics of communication forms.
4. isolation node according to claim 1, it is characterised in that: 1) CPU on isolation node described in is not to grasp
Make to run in the environment of system;2) the isolation node described in can only be completed to be received under the control for being isolated point (A point or B point)
To file verification, forwarding (verification passes through, and the file received is forwarded to and is isolated node), abandon (verification do not pass through, throw
Abandon received file).
5. variation according to claim 2, it is characterised in that: the variation includes but is not limited to following several method:
1) insertion data were inserted into the data of several bits both in burst of data string;2) data are removed, it both will be in burst of data string
If the data of kilo byte rejected from this serial data;3) replacement data is counted both by the data in burst of data string with other
According to substitution;4) segment data was divided into two serial datas both by a serial data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910084493.4A CN109787986A (en) | 2019-01-29 | 2019-01-29 | File fragmentation public network safe transmission method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910084493.4A CN109787986A (en) | 2019-01-29 | 2019-01-29 | File fragmentation public network safe transmission method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109787986A true CN109787986A (en) | 2019-05-21 |
Family
ID=66502872
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910084493.4A Pending CN109787986A (en) | 2019-01-29 | 2019-01-29 | File fragmentation public network safe transmission method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109787986A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021138843A1 (en) * | 2020-01-08 | 2021-07-15 | 黄策 | Method for securely transmitting file fragments in public network |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1336753A (en) * | 2000-08-01 | 2002-02-20 | 科莫网络公司 | System and method for radio multiple channel data communication and image data transmission system |
| CN1493140A (en) * | 2001-02-20 | 2004-04-28 | �������繫˾ | Method and apparatus to permit data transmission to transverse firewalls |
| US20080137854A1 (en) * | 2006-11-20 | 2008-06-12 | Victor Bryan Friday | Secure data transmission utility system |
| CN104363221A (en) * | 2014-11-10 | 2015-02-18 | 青岛微智慧信息有限公司 | Network safety isolation file transmission control method |
| CN105897579A (en) * | 2015-10-21 | 2016-08-24 | 乐卡汽车智能科技(北京)有限公司 | Data transmission method and device |
| CN107154945A (en) * | 2017-05-31 | 2017-09-12 | 中南大学 | A kind of cloudy fragmentation method for secure storing and system based on correcting and eleting codes |
| CN108989324A (en) * | 2018-08-02 | 2018-12-11 | 泉州禾逸电子有限公司 | A kind of enciphered data transmission method |
-
2019
- 2019-01-29 CN CN201910084493.4A patent/CN109787986A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1336753A (en) * | 2000-08-01 | 2002-02-20 | 科莫网络公司 | System and method for radio multiple channel data communication and image data transmission system |
| CN1493140A (en) * | 2001-02-20 | 2004-04-28 | �������繫˾ | Method and apparatus to permit data transmission to transverse firewalls |
| US20080137854A1 (en) * | 2006-11-20 | 2008-06-12 | Victor Bryan Friday | Secure data transmission utility system |
| CN104363221A (en) * | 2014-11-10 | 2015-02-18 | 青岛微智慧信息有限公司 | Network safety isolation file transmission control method |
| CN105897579A (en) * | 2015-10-21 | 2016-08-24 | 乐卡汽车智能科技(北京)有限公司 | Data transmission method and device |
| CN107154945A (en) * | 2017-05-31 | 2017-09-12 | 中南大学 | A kind of cloudy fragmentation method for secure storing and system based on correcting and eleting codes |
| CN108989324A (en) * | 2018-08-02 | 2018-12-11 | 泉州禾逸电子有限公司 | A kind of enciphered data transmission method |
Non-Patent Citations (1)
| Title |
|---|
| 赵乃真等: "《电子商务技术与应用》", 31 January 2017 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021138843A1 (en) * | 2020-01-08 | 2021-07-15 | 黄策 | Method for securely transmitting file fragments in public network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102195788B1 (en) | Apparatus and method for enhancing security of data on a host computing device and a peripheral device | |
| RU2680736C1 (en) | Malware files in network traffic detection server and method | |
| KR101217647B1 (en) | Method and apparatus for defending against denial of service attacks in IP networks based on specified source/destination IP address pairs | |
| US20030074578A1 (en) | Computer virus containment | |
| CN101414914B (en) | Method and apparatus for filtrating data content, finite state automata and conformation apparatus | |
| CN104348789B (en) | For preventing the Web server and method of cross-site scripting attack | |
| EP1911241B9 (en) | Method for defending against denial of service attacks in ip networks by target victim self-identification and control | |
| CN111800401B (en) | Service message protection method, device, system and computer equipment | |
| CN104994094B (en) | Virtual platform safety protecting method based on virtual switch, device and system | |
| CN105847251B (en) | Using the industrial control system safety protecting method and system of S7 agreements | |
| KR20120136506A (en) | Node apparatus and method that prevent overflow of pending interest table in network system of name base | |
| EP3451608B1 (en) | Filter unit based data communication system including a blockchain platform | |
| CN110768965B (en) | Remote operation safety permission method for power grid dispatching based on message replacement | |
| EP2790354A1 (en) | Security management system having multiple relay servers, and security management method | |
| CN109787986A (en) | File fragmentation public network safe transmission method | |
| KR101834808B1 (en) | Apparatus and method for protecting file from encryption | |
| CN105577705B (en) | For the safety protecting method and system of IEC60870-5-104 agreements | |
| US11528284B2 (en) | Method for detecting an attack on a control device of a vehicle | |
| KR101889503B1 (en) | Method and apparatus for providing flight data protection | |
| CN106888185A (en) | A kind of industrial network security means of defence based on serial link | |
| CN104735043A (en) | Method for preventing suspicious data package from attacking PLC via industrial Ethernet | |
| CN105656937A (en) | HTTP protocol data leak prevention method and system based on deep content analysis | |
| WO2021138843A1 (en) | Method for securely transmitting file fragments in public network | |
| CN105577704B (en) | For the safety protecting method and system of IEC60870-5-101 agreements | |
| CA2621625C (en) | Communications systems firewall |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190521 |