CN117200992A - System and method for identifying false of data stream transmission - Google Patents
System and method for identifying false of data stream transmission Download PDFInfo
- Publication number
- CN117200992A CN117200992A CN202310975974.0A CN202310975974A CN117200992A CN 117200992 A CN117200992 A CN 117200992A CN 202310975974 A CN202310975974 A CN 202310975974A CN 117200992 A CN117200992 A CN 117200992A
- Authority
- CN
- China
- Prior art keywords
- data stream
- digital signature
- data
- server
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 50
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000012795 verification Methods 0.000 claims abstract description 66
- 238000012545 processing Methods 0.000 claims description 10
- 238000004891 communication Methods 0.000 claims description 4
- 238000004364 calculation method Methods 0.000 claims description 3
- 230000004044 response Effects 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 9
- 238000004422 calculation algorithm Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 241000272184 Falconiformes Species 0.000 description 1
- 241000566150 Pandion haliaetus Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a system and a method for authenticating data stream transmission, comprising a client and a server, wherein the client comprises a request sending module for sending a data stream request; the data forwarding module is used for forwarding the digital signature; the data reading module is used for judging whether to read the data stream according to the signature verification result; the server comprises a file storage module, a file storage module and a file storage module, wherein the file storage module is used for acquiring a data stream to be transmitted according to a data stream request; the XMS hardware module comprises a key acquisition unit, a digital signature unit and a digital signature verification unit; the file sending module is used for sending the digital signature and the corresponding data stream thereof and the signature verification result to the client. The application temporarily generates the public key and the private key based on the data stream to be transmitted, and the public key and the private key are only transmitted in the server, thereby ensuring the transmission safety and greatly improving the reliability in the data stream transmission fake identification process.
Description
Technical Field
The application relates to a system and a method for authenticating data stream transmission, belonging to the technical field of data transmission.
Background
The data transmission is to transmit data from a data source to a data terminal according to a certain flow, and the main function of the data transmission is to realize data transmission exchange between points. How to ensure efficient and safe transmission of data information is an important issue. For example, public key encryption algorithms of technologies widely used in the fields of computers and the internet at present are all based on three computational problems: integer decomposition problems, discrete logarithm problems, and elliptic curve problems, such as DH, ECDH, RSA, ECDSA, etc. But these challenges can be efficiently broken through the use of sufficiently powerful quantum computers and specific quantum algorithms, such as the Shor, grove algorithms.
Therefore, with the rapid development of quantum computers. All the existing digital identity verification, digital signature and even encryption modes of network security certificates can be cracked by the computing power of a quantum computer. In 2021, IBM introduced the first quantum processor "Eagle" with more than 100 qubits, and recently introduced the largest quantum computer processor "Osprey" from the company, containing 433 qubits. And when the quantum computer reaches 1024 quantum bits, all the existing network encryption can be broken. By then, all web page security certificates, all digital offices, signatures of online security file transfers can be forged, potentially resulting in a huge internet security crisis. It is difficult for people to recognize which web pages are truly secure and which documents are not altered, and serious challenges are faced from daily life, business contracts and even military secrets.
XMSS, an extended merck signature scheme (eXtendedMerkle Signature Scheme), as a hash-based high-efficiency, high-security post quantum cryptography, was standardized by the internet engineering task force (Internet Engineering Task Force, IETF) as early as 2018 and recommended by NIST as a stateful post quantum signature scheme in 2020. However, most of the existing XMSS implementations stay at the code level, have low availability, want to use XMSS technology at high cost, and have not been excellent enough. Cannot be used conveniently for the masses, so that the popularization is difficult.
In addition, the existing XMSS algorithm needs to perform hash operations tens of millions of times, and a general processor is low in implementation efficiency, and is difficult to calculate and obtain a key quickly, so that the requirements of a high-speed network cannot be met.
The university student mathematical modeling competition paper of the 'high education agency cup' submits an MD5 (Message-Digest Algorithm 5) code, however, the MD5 information summary Algorithm in the technology is not safe enough in the future and is easy to crack because the Algorithm does not have quantum resistance. In addition, the client-side submitting lacks a good hardware accelerating structure design, so that the condition that the number of queuing people is excessive and the waiting time is too long is easily caused during the submitting. In addition, the client needs to click to generate the MD5 code and upload the MD5 code after the user submits the MD5 code, and the signature verification operation is also exposed to the user, so that the operation is complicated.
The information disclosed in this background section is only for enhancement of understanding of the general background of the application and should not be taken as an acknowledgement or any form of suggestion that this information forms the prior art already known to a person of ordinary skill in the art.
Disclosure of Invention
The application aims to overcome the defects in the prior art and provides a system and a method for data stream transmission authentication.
In order to achieve the above purpose, the application is realized by adopting the following technical scheme:
in a first aspect, the application discloses a system for authenticating data stream transmission, which comprises a client and a server,
the client comprises:
the request sending module is used for sending a data stream request to the server;
the data forwarding module is used for receiving the digital signature and the corresponding data stream sent by the server and forwarding the digital signature to the server;
the data reading module is used for receiving and judging whether to read the data flow in the data forwarding module according to the signature verification result sent by the server;
the server includes:
the file storage module is used for acquiring a data stream to be transmitted according to a data stream request of the client;
the XMS hardware module comprises a key acquisition unit, a digital signature unit and a digital signature verification unit; the key acquisition unit generates a corresponding public key and a private key according to the data stream to be transmitted; the digital signature unit signs the data stream to be transmitted by using a private key to obtain a digital signature; the digital signature verification unit adopts a public key to verify the digital signature forwarded by the client to obtain a signature verification result;
and the file sending module is used for sending the digital signature and the corresponding data stream thereof and the signature verification result to the client.
Further, in the request sending module of the client, the data stream request includes a new data stream transmission request and a historical data stream transmission request.
Further, the digital signature unit includes:
the SHA256 subunit is used for carrying out bit width fixing processing on the data stream to be transmitted to obtain a data stream with fixed bit width;
the first WOTS subunit is used for carrying out single-time digital signature operation according to the data stream with the fixed bit width and the private key to obtain first WOTS-pk data;
a first L-TREE subunit configured to compress the first WOTS-pk data into first leaf node data;
a MERKLE subunit configured to compress the first leaf node data into root node data; and obtaining the digital signature of the XMSS according to the root node data.
Further, the digital signature verification unit includes:
the MSGchecksum subunit is used for carrying out integrity verification on the digital signature forwarded by the client, and obtaining a character string with fixed bit width by combining the abstract after the verification is passed;
the second WOTS subunit is used for carrying out WOTS chain operation on the character string with the fixed bit width to obtain second WOTS-pk data;
the second L-TREE subunit is used for carrying out depth-first calculation on the second WOTS-pk data to obtain an L-TREE hash value;
and the Authpath subunit is used for compressing the L-TREE hash value, verifying the correctness of the compressed L-TREE hash value by using the public key and obtaining a signature verification result.
Further, the determining whether to read the data flow in the data forwarding module includes:
responding to the pass of the signature verification result, and reading the data flow in the data forwarding module by the data reading module;
and in response to the signature verification result being not passed, the data forwarding module receives a new digital signature and a data stream corresponding to the new digital signature, forwards the new digital signature to the server for signature verification, and discards the digital signature and the data stream corresponding to the digital signature, which are not passed by the signature verification result stored previously.
Further, the file storage module and the file sending module are respectively connected with the XMSS hardware module through serial communication.
In a second aspect, the present application discloses a method for authenticating data stream transmission, which is suitable for a client of the system for authenticating data stream transmission in the first aspect, and includes the following steps:
a request sending module based on the client sends a data stream request to a server;
based on a data forwarding module of a client, receiving a digital signature and a corresponding data stream sent by a server, and forwarding the digital signature to the server;
and based on the data reading module of the client, receiving and judging whether to read the data flow in the data forwarding module according to the signature verification result sent by the server.
In a third aspect, the present application discloses a method for authenticating data stream transmission, which is applicable to the server of the system for authenticating data stream transmission in the first aspect, and includes the following steps:
the method comprises the steps that a file storage module based on a server obtains a data stream to be transmitted according to a data stream request of a client;
a key acquisition unit of an XMS hardware module based on a server generates a corresponding public key and a private key according to the data stream to be transmitted;
the digital signature unit of the XMS hardware module based on the server signs the data stream to be transmitted by using a private key to obtain a digital signature;
a file sending module based on a server for sending the digital signature and the corresponding data stream,
the digital signature verification unit based on the XMS hardware module of the server adopts a public key to verify the digital signature forwarded by the client to obtain a signature verification result and sends the signature verification result to the client;
and the file sending module based on the server sends the signature verification result to the client.
Compared with the prior art, the application has the beneficial effects that:
the data stream transmission fake-identifying system temporarily generates the public key and the private key based on the data stream to be transmitted, and the public key and the private key are only transmitted in the server, thereby ensuring the transmission safety and greatly improving the reliability in the data stream transmission fake-identifying process.
Drawings
FIG. 1 is a schematic diagram of a system for data stream transmission authentication;
FIG. 2 is a schematic diagram of a digital signature unit;
fig. 3 is a schematic diagram of a digital signature verification unit.
Detailed Description
The application is further described below with reference to the accompanying drawings. The following examples are only for more clearly illustrating the technical aspects of the present application, and are not intended to limit the scope of the present application.
Example 1
The embodiment 1 provides a system for authenticating data stream transmission, which comprises a client and a server,
the client comprises:
the request sending module is used for sending a data stream request to the server;
the data forwarding module is used for receiving the digital signature and the corresponding data stream sent by the server and forwarding the digital signature to the server;
the data reading module is used for receiving and judging whether to read the data flow in the data forwarding module according to the signature verification result sent by the server;
the server comprises:
the file storage module is used for acquiring a data stream to be transmitted according to a data stream request of the client;
the XMS hardware module comprises a key acquisition unit, a digital signature unit and a digital signature verification unit; the key acquisition unit generates a corresponding public key and a private key according to the data stream to be transmitted; the digital signature unit is used for signing the data stream to be transmitted by using the private key to obtain a digital signature and a corresponding data stream; the digital signature verification unit is used for verifying the digital signature forwarded by the client by adopting the public key to obtain a signature verification result;
the file sending module is used for sending the digital signature and the corresponding data stream thereof and the signature verification result to the client.
The technical conception of the application is as follows: the public key and the private key are temporarily generated based on the data stream to be transmitted, and the public key and the private key are only transmitted in the server, so that the transmission safety is ensured, and meanwhile, the reliability in the data stream transmission fake identification process is greatly improved.
The method comprises the following specific steps:
step 1: and based on the request sending module of the client, sending a data stream request to the server. Wherein the data stream request includes a new data stream transmission request and a historical data stream transmission request.
The specific service scenario is as follows:
and the first service scene, the client sends a new data stream transmission request to request some files needing anti-counterfeiting.
When applied to the service scenario, the receiving side sends a new data stream transmission request to the server side to trigger the relevant processing of the server side.
And sending a historical data stream flow request by the second service scene by the client side, and requesting the server side to play back the data stream which is received and stored before so as to view and verify.
When the method is applied to the second business scenario, the receiving side sends a historical data stream back request to the server side so as to trigger relevant processing of the server side.
Step 2: the method comprises the steps that a file storage module based on a server obtains a data stream to be transmitted according to a data stream request of a client;
and the same as the step 1, two business scenes exist correspondingly.
And responding to a new data stream transmission request sent by the client in the first service scenario, and requesting some files needing to be falsified.
When the method is applied to the service scene, the server receives a new data stream transmission request sent by the client, and acquires a corresponding new data stream to be transmitted.
And responding to the historical data stream flow request sent by the client, and requesting the server side to play back the data stream which is received and stored before so as to view and verify.
When the method is applied to the second service scenario, the server receives a historical data stream flow request sent by the client and acquires a corresponding historical data stream to be transmitted.
Step 3: and a key acquisition unit of the XMS hardware module based on the server generates a corresponding public key and a private key according to the data stream to be transmitted. The private key is sent to the digital signature unit, and the public key is sent to the digital signature verification unit.
When the method is applied to a business scene, the data stream to be transmitted is a new data stream, and a corresponding key pair such as a public key, a private key and the like is generated according to the new data stream.
When the method is applied to the second service scenario, the data stream to be transmitted is a historical data stream, and multiple playback of the historical data stream which is sent and stored before the server side can possibly occur, so that multiple key pairs are generated. It should be noted that this step generates a new corresponding key pair, such as a public key and a private key, according to the historical data stream, without using the old key pair before.
Step 4: and the digital signature unit of the XMS hardware module based on the server signs the data stream to be transmitted by using the private key to obtain a digital signature.
When the method is applied to the business scene, the private key is used for signing the new data stream to be transmitted, and a digital signature is obtained.
When the method is applied to the second service scene, the private key is used for signing the historical data stream to be transmitted, and a digital signature is obtained.
Specifically, the digital signature unit includes:
and the SHA256 subunit is used for carrying out bit width fixing processing on the data stream to be transmitted to obtain a data stream with fixed bit width. For example: the fixed 256-bit output data stream is obtained for the data stream based on the variable input length.
And the first WOTS subunit is used for carrying out single-time digital signature operation according to the data stream with the fixed bit width and the private key to obtain first WOTS-pk data. It should be noted that, the first WOTS subunit may be repeatedly invoked in the key generation and signature process, and the higher the multiplexing rate, the more efficient the design, and the better the overall performance. The multi-core multiplexing mode is adopted, so that the operation speed can be greatly improved.
And the first L-TREE subunit is used for compressing the first WOTS-pk data into first leaf node data. Based on the cost consideration of the hardware module, the first L-TREE subunit adopts a depth-first method, and the h-layer node of the computing binary TREE only needs h storage spaces and is far smaller than 2 in a standardized scheme h And a plurality of storage resources.
A MERKLE subunit configured to compress the first leaf node data into root node data; and obtaining the digital signature of the XMSS according to the root node data.
In addition, the application can also adopt BDS algorithm to accelerate the signature process in the digital signature process, for example, BDS can be hardware and configured in the hardware module to reduce the data volume of bus communication, thereby further accelerating the computation of XMS digital signature.
Step 5: and the file sending module based on the server sends the digital signature and the corresponding data stream to the client.
Step 6: and based on the data forwarding module of the client, the digital signature and the corresponding data stream thereof sent by the server are received, and the digital signature is forwarded to the server.
Here, the data stream is simply received, and the data stream is not read.
Step 7: and the digital signature verification unit of the XMS hardware module based on the server adopts a public key to verify the digital signature forwarded by the client to obtain a signature verification result.
The digital signature verification unit comprises:
and the MSGchecksum subunit is used for carrying out integrity verification on the digital signature forwarded by the client, and obtaining a character string with a fixed bit width by combining the abstract after the verification is passed. For example: and verifying the message integrity of the digital signature forwarded by the client and outputting a checksum summary in combination with the character string which becomes a length 268-bit.
The second WOTS subunit is used for carrying out WOTS chain operation on the character string with the fixed bit width to obtain second WOTS-pk data;
and the second L-TREE subunit is used for carrying out depth-first calculation on the second WOTS-pk data to obtain an L-TREE hash value. In the same process, based on the cost consideration of the hardware module, the second L-TREE subunit adopts a depth-first method, and the h-level node of the computing binary TREE only needs h storage spaces and is far smaller than 2 in the standardized scheme h And a plurality of storage resources.
And the Authpath subunit is used for compressing the L-TREE hash value, verifying the correctness of the compressed L-TREE hash value by using the public key and obtaining a signature verification result. Specifically, the method is used for Authath verification in the XMS signature scheme, the f_t function compression is continuously invoked on the received L-TREE hash value, and finally, the correctness of the signature is verified by using the received public key.
Step 8: and sending the signature verification result to the client based on the file sending module of the server.
It should be noted that, the file storage module and the file sending module are respectively connected with the XMSS hardware module through serial port communication.
Step 9: based on a data reading module of the client, receiving and judging whether to read the data flow in the data forwarding module according to the signature verification result sent by the server;
wherein, judging whether to read the data flow in the data forwarding module comprises:
and responding to the pass of the signature verification result, and reading the data flow in the data forwarding module by the data reading module. If the verification sign passes, the data is not tampered, and the client can read correctly.
And in response to the result of checking the signature being failed, the data forwarding module receives the new digital signature and the corresponding data stream thereof, forwards the new digital signature to the server for checking the signature, and discards the digital signature and the corresponding data stream thereof, which are stored in advance and have failed in the result of checking the signature.
If the signature verification fails for 3 consecutive times, it indicates that an attacker may eavesdrop on the port of the receiver, and the server switches the client port to prevent the attack from happening continuously.
Note that, the information records of the coming and going will be stored on both sides of the server and the client, and the records are left for the sender to ensure that the sent information is not forged/tampered by the sender. To prevent future sender's disallowing documents from being sent personally by themselves.
In summary, the digital signature designed in the application is used for ensuring the integrity of the transmission data stream, and the server side performs signature verification on the digital signature, so that both the client side and the server side of the receiver system can acquire the digital signature through the processing in the steps 1-9, and the server side can check the signature through the digital signature of the receiver to see whether the data is tampered.
The digital signature is temporarily generated in the digital signature process and is only used once, and a new digital signature can be regenerated when the digital signature is signed next time, so that the safety is improved.
Firstly, carrying out digital signature on a transmitted data stream by using a private key; secondly, for the public and private key pair used for encrypting the media stream, the public and private key pair is generated and then transmitted between the interiors of the hardware modules, and the transmission security of the key pair is ensured and the security in the transmission process of the data stream is further improved because the process is transmitted inside the hardware modules; at the same time, the data stream is digitally signed with a public key, which is temporarily generated based on the data stream and used only once, and a new key pair is regenerated the next time it is generated. In summary, the whole key performs the internal transmission of the module for the sensitive parameters involved in the transmission process, so the reliability of the data stream transmission in the fake identification process is greatly improved.
Example 2
The embodiment 2 provides a method for authenticating data stream transmission, which is suitable for the client of the system for authenticating data stream transmission in embodiment 1, and is characterized by comprising the following steps:
a request sending module based on the client sends a data stream request to a server;
based on a data forwarding module of the client, the digital signature and the corresponding data stream thereof sent by the server are received, and the digital signature is forwarded to the server;
and based on the data reading module of the client, receiving and judging whether to read the data flow in the data forwarding module according to the signature verification result sent by the server.
Example 3
The embodiment 3 provides a method for authenticating data stream transmission, which is applicable to the server of the system for authenticating data stream transmission in the embodiment 1, and is characterized by comprising the following steps:
the method comprises the steps that a file storage module based on a server obtains a data stream to be transmitted according to a data stream request of a client;
a key acquisition unit of an XMS hardware module based on a server generates a corresponding public key and private key according to a data stream to be transmitted;
the digital signature unit of the XMS hardware module based on the server signs the data stream to be transmitted by using a private key, obtains a digital signature and the corresponding data stream and sends the digital signature and the corresponding data stream to the client;
a file transmitting module based on a server for transmitting the digital signature and the corresponding data stream,
the digital signature verification unit based on the XMS hardware module of the server adopts a public key to verify the digital signature forwarded by the client to obtain a signature verification result and sends the signature verification result to the client;
and sending the signature verification result to the client based on the file sending module of the server.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing is only a preferred embodiment of the application, it being noted that: it will be apparent to those skilled in the art that various modifications and adaptations can be made without departing from the principles of the present application, and such modifications and adaptations are intended to be comprehended within the scope of the application.
Claims (8)
1. A data stream transmission fake identifying system is characterized by comprising a client and a server,
the client comprises:
the request sending module is used for sending a data stream request to the server;
the data forwarding module is used for receiving the digital signature and the corresponding data stream sent by the server and forwarding the digital signature to the server;
the data reading module is used for receiving and judging whether to read the data flow in the data forwarding module according to the signature verification result sent by the server;
the server includes:
the file storage module is used for acquiring a data stream to be transmitted according to a data stream request of the client;
the XMS hardware module comprises a key acquisition unit, a digital signature unit and a digital signature verification unit; the key acquisition unit generates a corresponding public key and a private key according to the data stream to be transmitted; the digital signature unit signs the data stream to be transmitted by using a private key to obtain a digital signature; the digital signature verification unit adopts a public key to verify the digital signature forwarded by the client to obtain a signature verification result;
and the file sending module is used for sending the digital signature and the corresponding data stream thereof and the signature verification result to the client.
2. The system of claim 1, wherein the data stream request comprises a new data stream transmission request and a history data stream transmission request in a request sending module of the client.
3. The system for authentication of data streaming according to claim 1, wherein the digital signature unit comprises:
the SHA256 subunit is used for carrying out bit width fixing processing on the data stream to be transmitted to obtain a data stream with fixed bit width;
the first WOTS subunit is used for carrying out single-time digital signature operation according to the data stream with the fixed bit width and the private key to obtain first WOTS-pk data;
a first L-TREE subunit configured to compress the first WOTS-pk data into first leaf node data;
a MERKLE subunit configured to compress the first leaf node data into root node data; and obtaining the digital signature of the XMSS according to the root node data.
4. The system for authentication of data streaming according to claim 1, wherein the digital signature verification unit comprises:
the MSGchecksum subunit is used for carrying out integrity verification on the digital signature forwarded by the client, and obtaining a character string with fixed bit width by combining the abstract after the verification is passed;
the second WOTS subunit is used for carrying out WOTS chain operation on the character string with the fixed bit width to obtain second WOTS-pk data;
the second L-TREE subunit is used for carrying out depth-first calculation on the second WOTS-pk data to obtain an L-TREE hash value;
and the Authpath subunit is used for compressing the L-TREE hash value, verifying the correctness of the compressed L-TREE hash value by using the public key and obtaining a signature verification result.
5. The system for authentication of data stream transmission according to claim 1, wherein said determining whether to read the data stream in the data forwarding module comprises:
responding to the pass of the signature verification result, and reading the data flow in the data forwarding module by the data reading module;
and in response to the signature verification result being not passed, the data forwarding module receives a new digital signature and a data stream corresponding to the new digital signature, forwards the new digital signature to the server for signature verification, and discards the digital signature and the data stream corresponding to the digital signature, which are not passed by the signature verification result stored previously.
6. The system of claim 1, wherein the file storage module and the file sending module are respectively connected with the XMSS hardware module through serial communication.
7. A method for authenticating data stream transmission, which is suitable for a client of the data stream transmission authentication system according to any one of claims 1 to 6, and is characterized by comprising the following steps:
a request sending module based on the client sends a data stream request to a server;
based on a data forwarding module of a client, receiving a digital signature and a corresponding data stream sent by a server, and forwarding the digital signature to the server;
and based on the data reading module of the client, receiving and judging whether to read the data flow in the data forwarding module according to the signature verification result sent by the server.
8. A method for authenticating data stream transmission, which is applicable to the server of the data stream transmission authentication system as defined in any one of claims 1 to 6, and is characterized by comprising the following steps:
the method comprises the steps that a file storage module based on a server obtains a data stream to be transmitted according to a data stream request of a client;
a key acquisition unit of an XMS hardware module based on a server generates a corresponding public key and a private key according to the data stream to be transmitted;
the digital signature unit of the XMS hardware module based on the server signs the data stream to be transmitted by using a private key to obtain a digital signature;
a file sending module based on a server for sending the digital signature and the corresponding data stream,
the digital signature verification unit based on the XMS hardware module of the server adopts a public key to verify the digital signature forwarded by the client to obtain a signature verification result and sends the signature verification result to the client;
and the file sending module based on the server sends the signature verification result to the client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310975974.0A CN117200992A (en) | 2023-08-04 | 2023-08-04 | System and method for identifying false of data stream transmission |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310975974.0A CN117200992A (en) | 2023-08-04 | 2023-08-04 | System and method for identifying false of data stream transmission |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117200992A true CN117200992A (en) | 2023-12-08 |
Family
ID=88989554
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310975974.0A Pending CN117200992A (en) | 2023-08-04 | 2023-08-04 | System and method for identifying false of data stream transmission |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117200992A (en) |
-
2023
- 2023-08-04 CN CN202310975974.0A patent/CN117200992A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10778428B1 (en) | Method for restoring public key based on SM2 signature | |
| US20200220735A1 (en) | Merkle signature scheme tree expansion | |
| US8850199B2 (en) | Hashing prefix-free values in a signature scheme | |
| CN109743171B (en) | Key series method for solving multi-party digital signature, timestamp and encryption | |
| CN112199649A (en) | Anonymous identity verification method under moving edge calculation based on block chain | |
| CN111555872B (en) | Communication data processing method, device, computer system and storage medium | |
| US10511445B1 (en) | Signature compression for hash-based signature schemes | |
| CA2555322C (en) | One way authentication | |
| US20130290713A1 (en) | Hashing prefix-free values in a certificate scheme | |
| CN107566360B (en) | A kind of generation method of data authentication code | |
| CN112491989A (en) | Data transmission method, device, equipment and storage medium | |
| CN113055188A (en) | Data processing method, device, equipment and storage medium | |
| WO2022099683A1 (en) | Data transmission method and apparatus, device, system, and storage medium | |
| CN110690969B (en) | Method and system for achieving bidirectional SSL/TLS authentication through multiparty cooperation | |
| CN115442047A (en) | Electronic signature method and system for business management file | |
| Shih et al. | Traceability for Vehicular Network Real-Time Messaging Based on Blockchain Technology. | |
| CN117997516A (en) | Bidirectional authentication and secure communication method and system for lightweight Internet of things equipment | |
| Kasodhan et al. | A new approach of digital signature verification based on BioGamal algorithm | |
| CN111432403A (en) | Data auditing method and device based on block chain | |
| CN107947939A (en) | Support the PDF endorsement methods and system of SM3 cryptographic Hash algorithm and SM2 Digital Signature Algorithms | |
| CN112926983A (en) | Block chain-based deposit certificate transaction encryption system and method | |
| Capkun et al. | Rosen: Robust and selective non-repudiation (for tls) | |
| CN117040750A (en) | Certificate request file generation method and device, electronic equipment and storage medium | |
| CN115001698B (en) | Aggregate signature method, apparatus, device and storage medium | |
| CN117200992A (en) | System and method for identifying false of data stream transmission |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |