CN108683665A - Data ciphering method, system in fiber optic communication and data transmitting equipment - Google Patents
Data ciphering method, system in fiber optic communication and data transmitting equipment Download PDFInfo
- Publication number
- CN108683665A CN108683665A CN201810463197.0A CN201810463197A CN108683665A CN 108683665 A CN108683665 A CN 108683665A CN 201810463197 A CN201810463197 A CN 201810463197A CN 108683665 A CN108683665 A CN 108683665A
- Authority
- CN
- China
- Prior art keywords
- data
- light
- transmission
- ciphertext
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B10/00—Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
- H04B10/80—Optical aspects relating to the use of optical transmission for specific applications, not provided for in groups H04B10/03 - H04B10/70, e.g. optical power feeding or optical transmission through water
- H04B10/85—Protection from unauthorised access, e.g. eavesdrop protection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Optical Communication System (AREA)
Abstract
The present invention is suitable for fiber optic communication field, discloses data ciphering method, system and data transmitting equipment in a kind of fiber optic communication, and this method is applied to data transmitting equipment, including:Transmission data is obtained, judges whether carry encryption identification in transmission data;If transmission data carries encryption identification, the public key of data receiver is obtained;Asymmetric encryption is carried out to transmission data according to the public key of data receiver and generates ciphertext data;Digital signature is generated according to the transmission private key and ciphertext data to prestore;Ciphertext data and digital signature are packaged and generate the first message, and are converted into the first light data;It is random to generate light key, it is encrypted according to the first light data of light key pair and generates light ciphertext data;Light key is sent to data receiver by safe lane, light ciphertext data are sent to data receiver by common signal channel, light key is used to indicate data receiver and finally obtains transmission data.The present invention can improve safety and the confidentiality of data transmission.
Description
Technical field
The invention belongs to the data ciphering method in technical field of optical fiber communication more particularly to a kind of fiber optic communication, systems
And data transmitting equipment.
Background technology
Fiber optic communication is to make carrier wave using light wave, and information is reached to the logical of another place using optical fiber as transmission medium from one
Letter mode.Since fiber optic communication has many advantages, such as that bandwidth, message capacity are big, loss is low, repeater span is long, fiber optic communication by
It is widely used in various information transmission.
Due to light wave transmitted in optical cable be difficult leak from optical fiber, even if at turning, when bending radius very little,
The light wave released is also very faint so that and many users think that fiber optic communication itself is perfectly safe, and will not reveal the communication information,
Therefore existing fiber optic communication it is not intended that fiber optic communication privacy problem.But due to the development of Eavesdropping, this communication
The information that mode is transmitted, which is easy to be stolen, to be heard, safety and confidentiality are relatively low.
Invention content
In view of this, an embodiment of the present invention provides data ciphering method, system and data hairs in a kind of fiber optic communication
Equipment is sent, to solve the problems, such as that safety in the prior art and confidentiality are relatively low.
The first aspect of the embodiment of the present invention provides the data ciphering method in a kind of fiber optic communication, the method application
In data transmitting equipment, including:
Transmission data is obtained, and judges whether carry encryption identification in transmission data;
If it is determined that carrying encryption identification in transmission data, then the public key of data receiver is obtained;
Asymmetric encryption is carried out to transmission data according to the public key of data receiver and generates ciphertext data;
Digital signature is generated according to the transmission private key and ciphertext data to prestore;
Ciphertext data and digital signature are packaged and generate the first message, and the first message is converted into the first light data;
It is random to generate light key, and be encrypted according to the first light data of light key pair and generate light ciphertext data;
Light key is sent to data receiver by safe lane, and light ciphertext data are sent by common signal channel
To data receiver, light key is used to indicate data receiver and light ciphertext data is decrypted to obtain the first message, the
One message is used to indicate data receiver according to the digital signature of the first message and reception the first message of private key pair to prestore
Ciphertext data are decrypted, and obtain transmission data.
The second aspect of the embodiment of the present invention provides the data encryption system in a kind of fiber optic communication, the system application
In data transmitting equipment, including:
Judgment module for obtaining transmission data, and judges whether carry encryption identification in transmission data;
First processing module, for if it is determined that carry encryption identification in transmission data, then obtaining data receiver
Public key;
Ciphertext data generation module, for carrying out asymmetric encryption life to transmission data according to the public key of data receiver
At ciphertext data;
Digital signature generation module, for generating digital signature according to the transmission private key and ciphertext data that prestore;
Conversion module generates the first message for being packaged ciphertext data and digital signature, and the first message is converted into
First light data;
Light ciphertext data generation module for generating light key at random, and is added according to the first light data of light key pair
It is dense at light ciphertext data;
First sending module, for light key to be sent to data receiver by safe lane, and by light ciphertext number
It is sent to data receiver according to by common signal channel, light key is used to indicate data receiver and is solved to light ciphertext data
Close to obtain the first message, the first message is used to indicate data receiver according to the digital signature of the first message and the reception to prestore
The ciphertext data of the first message of private key pair are decrypted, and obtain transmission data.
The third aspect of the embodiment of the present invention provides a kind of data transmitting equipment, including memory, processor and deposits
The computer program that can be run in memory and on a processor is stored up, processor is realized as described above when executing computer program
The step of data ciphering method in fiber optic communication.
The fourth aspect of the embodiment of the present invention provides a kind of computer readable storage medium, computer readable storage medium
It is stored with computer program, the number in fiber optic communication as described above is realized when computer program is executed by one or more processors
The step of according to encryption method.
Existing advantageous effect is the embodiment of the present invention compared with prior art:In embodiments of the present invention, data are sent
Equipment carries out asymmetric encryption to transmission data according to the public key of data receiver and generates ciphertext data, according to the transmission to prestore
Private key and ciphertext data generate digital signature, and ciphertext data and digital signature are packaged and generate the first message, and by the first message
It is converted into the first light data, it is random to generate light key, and be encrypted according to the first light data of light key pair and generate light ciphertext number
According to light key being sent to data receiver by safe lane, and light ciphertext data are sent to number by common signal channel
According to receiving device;Data receiver is decrypted to obtain the first message according to the light key pair light ciphertext data received, and
It is decrypted according to the ciphertext data of the digital signature of the first message and reception the first message of private key pair to prestore, obtains transmission number
According to.The embodiment of the present invention can improve safety and the confidentiality of data transmission by asymmetric encryption techniques;It is signed by number
Name technology is able to verify that the integrality and authenticity of ciphertext data, knows whether ciphertext data are attacked;Pass through light key pair light
Data, which are encrypted, generates light ciphertext data, and light key is sent to data receiver by safe lane, by public
Light ciphertext data are sent to data receiver by channel, can ensure that light key is securely sent to data receiver, into
One step improves safety and the confidentiality of data transmission;The embodiment of the present invention ensures the safety of data transmission by triple protection
Property and confidentiality.
Description of the drawings
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art
Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description be only the present invention some
Embodiment for those of ordinary skill in the art without having to pay creative labor, can also be according to these
Attached drawing obtains other attached drawings.
Fig. 1 is the implementation process schematic diagram of the data ciphering method in the fiber optic communication that one embodiment of the invention provides;
Fig. 2 is the schematic block diagram of the data encryption system in the fiber optic communication that one embodiment of the invention provides;
Fig. 3 is the schematic block diagram for the data transmitting equipment that one embodiment of the invention provides.
Specific implementation mode
In being described below, for illustration and not for limitation, it is proposed that such as tool of particular system structure, technology etc
Body details, so as to provide a thorough understanding of the present application embodiment.However, it will be clear to one skilled in the art that there is no these specific
The application can also be realized in the other embodiments of details.In other situations, it omits to well-known system, device, electricity
The detailed description of road and method, so as not to obscure the description of the present application with unnecessary details.
It should be appreciated that ought use in this specification and in the appended claims, the instruction of term " comprising " is described special
Sign, entirety, step, operation, the presence of element and/or component, but be not precluded one or more of the other feature, entirety, step,
Operation, element, component and/or its presence or addition gathered.
It is also understood that the term used in this present specification is merely for the sake of the mesh for describing specific embodiment
And be not intended to limit the application.As present specification and it is used in the attached claims, unless on
Other situations are hereafter clearly indicated, otherwise " one " of singulative, "one" and "the" are intended to include plural form.
It will be further appreciated that the term "and/or" used in present specification and the appended claims is
Refer to any combinations and all possible combinations of one or more of associated item listed, and includes these combinations.
As used in this specification and in the appended claims, term " if " can be according to context quilt
Be construed to " when ... " or " once " or " in response to determination " or " in response to detecting ".Similarly, phrase " if it is determined that " or
" if detecting [described condition or event] " can be interpreted to mean according to context " once it is determined that " or " in response to true
It is fixed " or " once detecting [described condition or event] " or " in response to detecting [described condition or event] ".
In order to illustrate technical solutions according to the invention, illustrated below by specific embodiment.
Fig. 1 is the implementation process schematic diagram of the data ciphering method in the fiber optic communication that one embodiment of the invention provides, and is
Convenient for explanation, illustrate only and the relevant part of the embodiment of the present invention.The method is applied to data transmitting equipment.In optical fiber
In communication, data transmission is related to two sides, and a side is data transmitting equipment, and a side is data receiver, data transmitting equipment
Transmission data is sent to data receiver.In embodiments of the present invention, it would be desirable to which the data of transmission are known as transmission data, will
The equipment for sending transmission data is known as data transmitting equipment, and the equipment for receiving transmission data is known as data receiver.
The executive agent of the embodiment of the present invention can be data transmitting equipment.As shown in Figure 1, this method may include following
Step:
Step S101:Transmission data is obtained, and judges whether carry encryption identification in transmission data.
In embodiments of the present invention, it if carrying encryption identification in transmission data, is transmitted after transmission data is encrypted;
If not carrying encryption identification in transmission data, it is not necessary that transmission data is encrypted, can directly transmit.For example, for one
The data that a little all devices all would know that, can transmit without encryption;For comparing the data of privacy, then need to be encrypted laggard
Row transmission.The embodiment of the present invention is transmitted by different transmission datas using different transmission modes, both can guarantee privacy
Data are not leaked, and can improve the efficiency of transmission of non-private data.
Step S102:If it is determined that carrying encryption identification in transmission data, then the public key of data receiver is obtained.
In embodiments of the present invention, if it is determined that carrying encryption identification in transmission data, that is, judge that transmission data needs to add
It is close, then transmission data is encrypted using rivest, shamir, adelman first.In rivest, shamir, adelman, data transmitting equipment
Public key with data transmitting equipment and transmission private key, data receiver have the public key of data receiver and receive private
Key.The public key of data transmitting equipment and the public key of data receiver are disclosed, and any equipment can be got.Data are sent out
Equipment is sent to generate first password pair by rivest, shamir, adelman, first password is to the public key comprising data transmitting equipment and transmission
Private key.Data receiver generates the second password pair by rivest, shamir, adelman, and the second password is to including data receiver
Public key and receive private key.Wherein, rivest, shamir, adelman can be RSA (Ron Rivest Adi Shamir Leonard
Adleman, public key encryption algorithm) Encryption Algorithm.
Step S103:Asymmetric encryption is carried out to transmission data according to the public key of data receiver and generates ciphertext data.
In embodiments of the present invention, transmission data is carried out according to the public key of data receiver and rivest, shamir, adelman
Asymmetric encryption generates ciphertext data.By carrying out asymmetric encryption generation to transmission data according to the public key of data receiver
Ciphertext data can improve safety and the confidentiality of transmission data.
Step S104:Digital signature is generated according to the transmission private key and ciphertext data to prestore.
As further embodiment of this invention, digital signature is generated according to the transmission private key and ciphertext data to prestore, including:
Hash operation is carried out to ciphertext data and obtains summary info;
Summary info is encrypted to obtain digital signature according to the transmission private key to prestore.
In embodiments of the present invention, data transmitting equipment carries out Hash operation to ciphertext data and obtains summary info, by this
Summary info as the first summary info, and according to the transmission private key and rivest, shamir, adelman to prestore to summary info carry out it is non-
Symmetric cryptography obtains digital signature.Wherein, if Hash operation ensures that ciphertext data change, Hash is carried out to ciphertext data
The summary info that operation obtains can also change.Hash operation is that data transmitting equipment is appointed in advance with data receiver
's.
Data receiver carries out same Hash operation life after obtaining ciphertext data and digital signature, to ciphertext data
At the second summary info;The public key of data transmitting equipment is obtained, and digital signature is carried out according to the public key of data transmitting equipment
Decryption obtains third summary info;If the second summary info is identical with third summary info, illustrate that ciphertext data do not occur
Change, that is to say, that ciphertext data are not attacked;If the second summary info is different with third summary info, illustrate ciphertext
Data are changed, that is to say, that ciphertext data are attacked.
In embodiments of the present invention, by increasing digital signature, the integrality and authenticity of ciphertext data can be verified, is obtained
Know whether ciphertext data are attacked, increases one layer of protection again to transmission data.
Step S105:Ciphertext data and digital signature are packaged and generate the first message, and the first message is converted into first
Light data.
Ciphertext data and digital signature are packaged the message generated and are known as the first message.In fiber optic communication, need to report
Text is ultimately converted to light data, then transmits the light data by optical fiber.In embodiments of the present invention, any incite somebody to action may be used
First message is converted into the first light data by the method that message is ultimately converted to light data.Wherein, light data refers to that can lead to
The data-signal for crossing optical fiber transmission, is known as the first light data by the light data that the first message is converted into.
Step S106:It is random to generate light key, and be encrypted according to the first light data of light key pair and generate light ciphertext number
According to.
In embodiments of the present invention, data transmitting equipment, which may be used, any can generate the method for light key at random to generate
Light key.Light key is for being encrypted the first light data.
As further embodiment of this invention, it is encrypted according to the first light data of light key pair and generates light ciphertext data, packet
It includes:
Light key and the first light data are subjected to XOR operation, generate light ciphertext data.
XOR operation has the property that:If A and B, which carries out XOR operation, which obtains C, C and A progress XOR operation, to obtain
To B.The embodiment of the present invention utilizes this characteristic of XOR operation, and light key and the first light data, which are carried out XOR operation, obtains light
Ciphertext data.After data receiver receives light ciphertext data and light key, light ciphertext data and light key are carried out
XOR operation, you can obtain the first light data.
In embodiments of the present invention, by generating light key at random, and light key and the first light data are subjected to exclusive or fortune
It calculates, generates light ciphertext data, increase transmission data one layer of protection again, further improve safety and the guarantor of transmission data
Close property.
Step S107:Light key is sent to data receiver by safe lane, and light ciphertext data are passed through into public affairs
Channel is sent to data receiver altogether, and light key is used to indicate data receiver and is decrypted to obtain the to light ciphertext data
One message, the first message are used to indicate data receiver according to the digital signature of the first message and the reception private key pair to prestore the
The ciphertext data of one message are decrypted, and obtain transmission data.
In embodiments of the present invention, light key is sent to data receiver by safe lane, to ensure light key
It is not stolen to hear;Light ciphertext data are sent to data receiver by common signal channel, are heard even if light ciphertext data are stolen,
However eavesdropping user can not intercept light key, therefore light ciphertext data can not be cracked;Further, since transmission data passes through
Rivest, shamir, adelman is encrypted, even if eavesdropping user intercepts light ciphertext data and light key, and utilizes light key pair
Light ciphertext data are decrypted, and also can not really crack to obtain transmission data.
Data receiver is receiving light key that data transmitting equipment is sent by safe lane and data transmission is set
After the standby light ciphertext data sent by common signal channel, light key and light ciphertext data are subjected to XOR operation, obtain the first light
Data;First light data is converted into the first message, and parses the first message and obtains ciphertext data and digital signature;Obtain data
The public key of sending device, and it is whether correct according to the public key of data transmitting equipment and ciphertext data verification digital signature;If digital
Signature is correct, then is decrypted to ciphertext data according to the reception private key to prestore, obtains transmission data.
Wherein, data receiver can be used any method that light data can be converted into message and convert the first light data
At the first message.
Whether data receiver is correct according to the public key and ciphertext data verification digital signature of data transmitting equipment, packet
It includes:Data receiver carries out Hash operation to ciphertext data and obtains the second summary info;Data receiver is sent out according to data
Send the public key of equipment that digital signature is decrypted to obtain third summary info;Judge the second summary info and third summary info
It is whether identical;If the second summary info is identical with third summary info, it is determined that digital signature is correct;If the second summary info and
Third summary info differs, it is determined that digital signature is incorrect.
If digital signature is correct, illustrate that ciphertext data are not changed, ciphertext data are carried out according to the reception private key to prestore
Decryption, so that it may to obtain transmission data;If digital signature is incorrect, illustrates to be attacked in data transmission procedure, receive
Ciphertext data be not data transmitting equipment send ciphertext data, finally decrypt obtained transmission data nor data hair
Send the transmission data that equipment to be sent.Wherein, Hash operation is appointed in advance with data transmitting equipment.
As further embodiment of this invention, the data ciphering method in fiber optic communication further includes:
If it is determined that not carrying encryption identification in transmission data, then transmission data is packaged and generates the second message;
Second message is converted into the second light data, and the second light data is sent to data receiver by common signal channel and is set
Standby, the second light data is used to indicate data receiver and obtains transmission data according to the second light data.
In embodiments of the present invention, if not carrying encryption identification in transmission data, illustrate the transmission data without encryption, then
Directly transmission data is packaged and generates the second message, is turned the second message using any method that message can be converted into light data
It changes the second light data into, and the second light data is sent to data receiver by common signal channel.
Data receiver after receiving the second light data that data transmitting equipment is sent by common signal channel, using appoint
Second light data is converted into the second message by the method that light data can be converted into message by what, and is parsed the second message and transmitted
Data.
In embodiments of the present invention, by if it is determined that do not carry encryption identification in transmission data, being then packaged transmission data
Generate the second message;Second message is converted into the second light data, and the second light data is sent to data by common signal channel
Receiving device, the second light data are used to indicate data receiver and obtain transmission data according to the second light data, for being not necessarily to add
Close transmission data is sent directly to data receiver, can improve the efficiency of transmission of transmission data.
In embodiments of the present invention, safety and the confidentiality of data transmission can be improved by asymmetric encryption techniques;
It is able to verify that the integrality and authenticity of ciphertext data by digital signature technology, knows whether ciphertext data are attacked;Pass through
Light key pair light data, which is encrypted, generates light ciphertext data, and light key is sent to data receiver by safe lane and is set
It is standby, light ciphertext data are sent to by data receiver by common signal channel, can ensure that light key is securely sent to data
Receiving device further increases safety and the confidentiality of data transmission;The embodiment of the present invention ensures number by triple protection
Safety according to transmission and confidentiality.
As further embodiment of this invention, data transmitting equipment may be used another mode and determine whether to transmitting number
According to being encrypted, and how transmission data is encrypted.It is as follows:
Transmission data is obtained, encryption mode is carried in transmission data;
If encryption mode is the first encryption mode, the public key of data receiver is obtained;And then execute step S103
To step S107;
If encryption mode is the second encryption mode, transmission data is packaged and generates the second message;Second message is converted
Data receiver is sent to by common signal channel at the second light data, and by the second light data, the second light data is used to indicate
Data receiver obtains transmission data according to the second light data;
If encryption mode is third encryption mode, the public key of data receiver is obtained;And then execute step S103
To step S105;First light data is sent to data receiver by common signal channel, the first light data is used to indicate data
First light data is converted into the first message by receiving device, and the first message is used to indicate data receiver according to the first message
Digital signature and the ciphertext data of reception the first message of private key pair to prestore are decrypted, and obtain transmission data.
If encryption mode is the 4th encryption mode, transmission data is packaged and generates the second message, and the second message is turned
Change the second light data into;It is random to generate the second smooth key, and generation the is encrypted according to second the second light data of smooth key pair
Two smooth ciphertext data;Second smooth key is sent to data receiver by safe lane, and the second smooth ciphertext data are led to
It crosses common signal channel and is sent to data receiver, the second smooth key is used to indicate the second smooth ciphertext number of data receiver pair
According to being decrypted to obtain the second message, and transmission data is obtained according to the second message.
In embodiments of the present invention, encryption side when encryption identification is carried in the first encryption mode and above-mentioned transmission data
Formula is identical, i.e., first carries out asymmetric encryption to transmission data, then generate digital signature, finally light data is encrypted;The
Two encryption modes are identical as cipher mode when not carrying encryption identification in above-mentioned transmission data, that is, are not necessarily to carry out transmission data
Encryption can be transmitted;Third encryption mode is to carry out asymmetric encryption to transmission data, then generates digital signature;4th
Encryption mode is that the light data that transmission data is converted into is encrypted, wherein according to second the second light data of smooth key pair into
Row encryption generates the second smooth ciphertext data, including:Second smooth key and the second light data are subjected to XOR operation and generate the second light
Ciphertext data.The embodiment of the present invention can use different cipher modes to different transmission datas, both ensure private data
Safety and confidentiality, and the transmission rate of non-private data can be improved.
It should be noted that all citings in above-described embodiment are used for the purpose of explaining technical scheme of the present invention, and
It is not used in the restriction present invention.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each process
Execution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present invention constitutes any limit
It is fixed.
Fig. 2 is the schematic block diagram of the data encryption system in the fiber optic communication that one embodiment of the invention provides, for the ease of
Illustrate, only shows and the relevant part of the embodiment of the present invention.The system is applied to data transmitting equipment.
In embodiments of the present invention, the data encryption system 2 in fiber optic communication includes:
Judgment module 21 for obtaining transmission data, and judges whether carry encryption identification in transmission data;
First processing module 22, for if it is determined that carry encryption identification in transmission data, then obtaining data receiver
Public key;
Ciphertext data generation module 23, for carrying out asymmetric encryption to transmission data according to the public key of data receiver
Generate ciphertext data;
Digital signature generation module 24, for generating digital signature according to the transmission private key and ciphertext data that prestore;
Conversion module 25 generates the first message for being packaged ciphertext data and digital signature, and the first message is converted
At the first light data;
Light ciphertext data generation module 26 is carried out for generating light key at random, and according to the first light data of light key pair
Encryption generates light ciphertext data;
First sending module 27, for light key to be sent to data receiver by safe lane, and by light ciphertext
Data are sent to data receiver by common signal channel, and light key is used to indicate data receiver and is carried out to light ciphertext data
Decryption obtains the first message, and the first message is used to indicate data receiver according to the digital signature of the first message and connecing for prestoring
The ciphertext data for receiving the first message of private key pair are decrypted, and obtain transmission data.
Optionally, the data encryption system 2 in fiber optic communication further includes:
Second processing module, for if it is determined that not carrying encryption identification in transmission data, then by transmission data packing generation
Second message;
Second light data for the second message to be converted into the second light data, and is passed through public letter by the second sending module
Road is sent to data receiver, and the second light data is used to indicate data receiver and obtains transmission number according to the second light data
According to.
Optionally, digital signature generation module 24, including:
Summary info acquiring unit obtains summary info for carrying out Hash operation to ciphertext data;
Encryption unit, for summary info to be encrypted to obtain digital signature according to the transmission private key to prestore.
Optionally, light ciphertext data generation module 26 is additionally operable to light key and the first light data carrying out XOR operation, raw
At light ciphertext data.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each work(
Can unit, module division progress for example, in practical application, can be as needed and by above-mentioned function distribution by different
Functional unit, module are completed, i.e., the internal structure of the data encryption system in the fiber optic communication is divided into different functions
Unit or module, to complete all or part of the functions described above.Each functional unit, module in embodiment can integrate
Can also be that each unit physically exists alone in a processing unit, can also two or more units be integrated in
In one unit, the form that hardware had both may be used in above-mentioned integrated unit is realized, can also use the shape of SFU software functional unit
Formula is realized.In addition, the specific name of each functional unit, module is also only to facilitate mutually differentiation, is not limited to this Shen
Protection domain please.The specific work process of unit in above-mentioned apparatus, module can refer to the correspondence in preceding method embodiment
Process, details are not described herein.
Fig. 3 is the schematic block diagram for the data transmitting equipment that one embodiment of the invention provides.As shown in figure 3, the embodiment
Data transmitting equipment 3 includes:It one or more processors 30, memory 31 and is stored in the memory 31 and can be in institute
State the computer program 32 run on processor 30.The processor 30 is realized above-mentioned each when executing the computer program 32
The step in data ciphering method embodiment in fiber optic communication, such as step S101 to S107 shown in FIG. 1.Alternatively, described
Processor 30 realized when executing the computer program 32 each module in the data encryption system embodiment in above-mentioned fiber optic communication/
The function of unit, for example, module 21 to 27 shown in Fig. 2 function.
Illustratively, the computer program 32 can be divided into one or more module/units, it is one or
Multiple module/units are stored in the memory 31, and are executed by the processor 30, to complete the application.Described one
A or multiple module/units can be the series of computation machine program instruction section that can complete specific function, which is used for
Implementation procedure of the computer program 32 in the data transmitting equipment 3 is described.For example, the computer program 32 can be with
It is close to be divided into judgment module, first processing module, ciphertext data generation module, digital signature generation module, conversion module, light
Literary data generation module and the first sending module.
Judgment module for obtaining transmission data, and judges whether carry encryption identification in transmission data;
First processing module, for if it is determined that carry encryption identification in transmission data, then obtaining data receiver
Public key;
Ciphertext data generation module, for carrying out asymmetric encryption life to transmission data according to the public key of data receiver
At ciphertext data;
Digital signature generation module, for generating digital signature according to the transmission private key and ciphertext data that prestore;
Conversion module generates the first message for being packaged ciphertext data and digital signature, and the first message is converted into
First light data;
Light ciphertext data generation module for generating light key at random, and is added according to the first light data of light key pair
It is dense at light ciphertext data;
First sending module, for light key to be sent to data receiver by safe lane, and by light ciphertext number
It is sent to data receiver according to by common signal channel, light key is used to indicate data receiver and is solved to light ciphertext data
Close to obtain the first message, the first message is used to indicate data receiver according to the digital signature of the first message and the reception to prestore
The ciphertext data of the first message of private key pair are decrypted, and obtain transmission data.
Other modules or unit can refer to the description in embodiment shown in Fig. 2, and details are not described herein.
The data transmitting equipment can be the calculating such as desktop PC, notebook, palm PC and cloud server
Equipment.The data transmitting equipment 3 includes but are not limited to processor 30, memory 31.It will be understood by those skilled in the art that
Fig. 3 is only an example of data transmitting equipment, and the not restriction of structure paired data sending device 3 may include than diagram
More or fewer components, either combine certain components or different components, such as the data transmitting equipment 3 can be with
Including input equipment, output equipment, network access equipment, bus etc..
The processor 30 can be central processing unit (Central Processing Unit, CPU), can also be
Other general processors, digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit
(Application Specific Integrated Circuit, ASIC), field programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor can also be any conventional processor
Deng.
The memory 31 can be the internal storage unit of the data transmitting equipment, such as data transmitting equipment is hard
Disk or memory.The memory 31 can also be the External memory equipment of the data transmitting equipment, such as data transmission
The plug-in type hard disk being equipped in equipment, intelligent memory card (Smart Media Card, SMC), secure digital (Secure
Digital, SD) card, flash card (Flash Card) etc..Further, the memory 31 can also both include that data are sent
The internal storage unit of equipment also includes External memory equipment.The memory 31 for store the computer program 32 and
Other programs needed for the data transmitting equipment and data.The memory 31 can be also used for temporarily storing and export
Or the data that will be exported.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, is not described in detail or remembers in some embodiment
The part of load may refer to the associated description of other embodiments.
Those of ordinary skill in the art may realize that lists described in conjunction with the examples disclosed in the embodiments of the present disclosure
Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
It is implemented in hardware or software, depends on the specific application and design constraint of technical solution.Professional technician
Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed
Scope of the present application.
In embodiment provided herein, it should be understood that the data encryption system in disclosed fiber optic communication
And method, it may be implemented in other ways.For example, the data encryption system embodiment in fiber optic communication described above
It is only schematical, for example, the division of the module or unit, only a kind of division of logic function, in actual implementation may be used
To there is an other dividing mode, such as multiple units or component can be combined or can be integrated into another system or some
Feature can be ignored, or not execute.Another point, shown or discussed mutual coupling or direct-coupling or communication connection
It can be by some interfaces, the INDIRECT COUPLING or communication connection of device or unit, can be electrical, machinery or other shapes
Formula.
The unit illustrated as separating component may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, you can be located at a place, or may be distributed over multiple
In network element.Some or all of unit therein can be selected according to the actual needs to realize the mesh of this embodiment scheme
's.
In addition, each functional unit in each embodiment of the application can be integrated in a processing unit, it can also
It is that each unit physically exists alone, it can also be during two or more units be integrated in one unit.Above-mentioned integrated list
The form that hardware had both may be used in member is realized, can also be realized in the form of SFU software functional unit.
If the integrated module/unit be realized in the form of SFU software functional unit and as independent product sale or
In use, can be stored in a computer read/write memory medium.Based on this understanding, the application realizes above-mentioned implementation
All or part of flow in example method, can also instruct relevant hardware to complete, the meter by computer program
Calculation machine program can be stored in a computer readable storage medium, the computer program when being executed by processor, it can be achieved that on
The step of stating each embodiment of the method.Wherein, the computer program includes computer program code, the computer program generation
Code can be source code form, object identification code form, executable file or certain intermediate forms etc..The computer-readable medium
May include:Any entity or device, recording medium, USB flash disk, mobile hard disk, magnetic of the computer program code can be carried
Dish, CD, computer storage, read-only memory (ROM, Read-Only Memory), random access memory (RAM,
Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It should be noted that described
The content that computer-readable medium includes can carry out increasing appropriate according to legislation in jurisdiction and the requirement of patent practice
Subtract, such as in certain jurisdictions, according to legislation and patent practice, computer-readable medium do not include be electric carrier signal and
Telecommunication signal.
Embodiment described above is only to illustrate the technical solution of the application, rather than its limitations;Although with reference to aforementioned reality
Example is applied the application is described in detail, it will be understood by those of ordinary skill in the art that:It still can be to aforementioned each
Technical solution recorded in embodiment is modified or equivalent replacement of some of the technical features;And these are changed
Or replace, the spirit and scope of each embodiment technical solution of the application that it does not separate the essence of the corresponding technical solution should all
Within the protection domain of the application.
Claims (10)
1. the data ciphering method in a kind of fiber optic communication, which is characterized in that the method is applied to data transmitting equipment, packet
It includes:
Transmission data is obtained, and judges whether carry encryption identification in the transmission data;
If it is determined that carrying the encryption identification in the transmission data, then the public key of data receiver is obtained;
Asymmetric encryption is carried out to the transmission data according to the public key of the data receiver and generates ciphertext data;
Digital signature is generated according to the transmission private key to prestore and the ciphertext data;
The ciphertext data and the digital signature are packaged and generate the first message, and first message is converted into the first light
Data;
It is random to generate light key, and be encrypted according to the first light data described in the smooth key pair and generate light ciphertext data;
The smooth key is sent to the data receiver by safe lane, and the smooth ciphertext data are passed through public
Channel is sent to the data receiver, and the smooth key is used to indicate the data receiver to the smooth ciphertext data
It is decrypted to obtain first message, first message is used to indicate the data receiver according to first message
Digital signature and the reception private key that prestores the ciphertext data of first message are decrypted, obtain the transmission data.
2. the data ciphering method in fiber optic communication as described in claim 1, which is characterized in that further include:
If it is determined that not carrying the encryption identification in the transmission data, then the transmission data is packaged and generates the second message;
Second message is converted into the second light data, and second light data is sent to data by common signal channel and is connect
Receiving unit, second light data are used to indicate the data receiver and obtain the transmission number according to second light data
According to.
3. the data ciphering method in fiber optic communication as described in claim 1, which is characterized in that the transmission that the basis prestores
Private key and the ciphertext data generate digital signature, including:
Hash operation is carried out to the ciphertext data and obtains summary info;
The summary info is encrypted to obtain digital signature according to the transmission private key to prestore.
4. the data ciphering method in fiber optic communication as described in claim 1, which is characterized in that described according to the smooth key
First light data is encrypted and generates light ciphertext data, including:
The smooth key and first light data are subjected to XOR operation, generate light ciphertext data.
5. the data encryption system in a kind of fiber optic communication, which is characterized in that the system is applied to data transmitting equipment, packet
It includes:
Judgment module for obtaining transmission data, and judges whether carry encryption identification in the transmission data;
First processing module, for if it is determined that carry the encryption identification in the transmission data, then obtaining data receiver and setting
Standby public key;
Ciphertext data generation module, for carrying out asymmetric add to the transmission data according to the public key of the data receiver
It is dense at ciphertext data;
Digital signature generation module, for generating digital signature according to the transmission private key and the ciphertext data that prestore;
Conversion module generates the first message for being packaged the ciphertext data and the digital signature, and described first is reported
Text is converted into the first light data;
Light ciphertext data generation module, at random generate light key, and according to the first light data described in the smooth key pair into
Row encryption generates light ciphertext data;
First sending module, for the smooth key to be sent to the data receiver by safe lane, and will be described
Light ciphertext data are sent to the data receiver by common signal channel, and the smooth key is used to indicate the data receiver and sets
Standby that the smooth ciphertext data are decrypted to obtain first message, first message is used to indicate the data receiver and sets
The standby digital signature according to first message is decrypted the ciphertext data of first message with the reception private key to prestore,
Obtain the transmission data.
6. the data encryption system in fiber optic communication as claimed in claim 5, which is characterized in that further include:
Second processing module, for if it is determined that not carrying the encryption identification in the transmission data, then by the transmission data
It is packaged and generates the second message;
Second light data for second message to be converted into the second light data, and is passed through public affairs by the second sending module
Channel is sent to data receiver altogether, and second light data is used to indicate the data receiver according to second light
Data obtain the transmission data.
7. the data encryption system in fiber optic communication as claimed in claim 5, which is characterized in that the digital signature generates mould
Block, including:
Summary info acquiring unit obtains summary info for carrying out Hash operation to the ciphertext data;
Encryption unit, the transmission private key for prestoring according to are encrypted to obtain digital signature to the summary info.
8. the data encryption system in fiber optic communication as claimed in claim 5, which is characterized in that the smooth ciphertext data generate
Module is additionally operable to the smooth key and first light data carrying out XOR operation, generates light ciphertext data.
9. a kind of data transmitting equipment, including memory, processor and it is stored in the memory and can be in the processing
The computer program run on device, which is characterized in that the processor realizes such as claim 1 when executing the computer program
The step of to data ciphering method in any one of 4 fiber optic communications.
10. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage has computer journey
Sequence realizes the fiber optic communication as described in any one of Claims 1-4 when the computer program is executed by one or more processors
In data ciphering method the step of.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810463197.0A CN108683665A (en) | 2018-05-15 | 2018-05-15 | Data ciphering method, system in fiber optic communication and data transmitting equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810463197.0A CN108683665A (en) | 2018-05-15 | 2018-05-15 | Data ciphering method, system in fiber optic communication and data transmitting equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108683665A true CN108683665A (en) | 2018-10-19 |
Family
ID=63806470
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810463197.0A Pending CN108683665A (en) | 2018-05-15 | 2018-05-15 | Data ciphering method, system in fiber optic communication and data transmitting equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108683665A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111144519A (en) * | 2019-12-05 | 2020-05-12 | 阿里巴巴集团控股有限公司 | Data processing method, electronic tag and device |
CN111600829A (en) * | 2019-02-21 | 2020-08-28 | 杭州萤石软件有限公司 | Secure communication method and system for Internet of things equipment |
CN111800257A (en) * | 2020-06-01 | 2020-10-20 | 青岛海尔智能技术研发有限公司 | 3D model encryption transmission method and decryption method |
CN112906037A (en) * | 2021-03-26 | 2021-06-04 | 北京三快在线科技有限公司 | Communication encryption system, method and device |
CN113221188A (en) * | 2021-04-25 | 2021-08-06 | 亿海蓝(北京)数据技术股份公司 | AIS data evidence storing method, AIS data evidence obtaining device and AIS data evidence storing medium |
CN113794560A (en) * | 2021-11-05 | 2021-12-14 | 深邦智能科技(青岛)有限公司 | Super instrument data transmission encryption method and system |
CN115514509A (en) * | 2021-06-23 | 2022-12-23 | 中移物联网有限公司 | Information transmission method and device, electronic equipment and readable storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5812669A (en) * | 1995-07-19 | 1998-09-22 | Jenkins; Lew | Method and system for providing secure EDI over an open network |
CN101442409A (en) * | 2007-11-23 | 2009-05-27 | 东方钢铁电子商务有限公司 | Encipher method and system for B2B data exchange |
CN105978693A (en) * | 2016-04-19 | 2016-09-28 | 北京奇虎科技有限公司 | Terminal association method and system |
CN106412024A (en) * | 2016-09-07 | 2017-02-15 | 网易无尾熊(杭州)科技有限公司 | Page acquisition method and device |
CN107451483A (en) * | 2017-07-28 | 2017-12-08 | 佛山市南方数据科学研究院 | A kind of safe encryption method of data platform |
CN107659400A (en) * | 2017-09-29 | 2018-02-02 | 厦门科华恒盛股份有限公司 | A kind of quantum secret communication method and device based on mark identification |
-
2018
- 2018-05-15 CN CN201810463197.0A patent/CN108683665A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5812669A (en) * | 1995-07-19 | 1998-09-22 | Jenkins; Lew | Method and system for providing secure EDI over an open network |
CN101442409A (en) * | 2007-11-23 | 2009-05-27 | 东方钢铁电子商务有限公司 | Encipher method and system for B2B data exchange |
CN105978693A (en) * | 2016-04-19 | 2016-09-28 | 北京奇虎科技有限公司 | Terminal association method and system |
CN106412024A (en) * | 2016-09-07 | 2017-02-15 | 网易无尾熊(杭州)科技有限公司 | Page acquisition method and device |
CN107451483A (en) * | 2017-07-28 | 2017-12-08 | 佛山市南方数据科学研究院 | A kind of safe encryption method of data platform |
CN107659400A (en) * | 2017-09-29 | 2018-02-02 | 厦门科华恒盛股份有限公司 | A kind of quantum secret communication method and device based on mark identification |
Non-Patent Citations (2)
Title |
---|
刘前: "《计算机网络技术》", 31 January 2012 * |
曹东东,邓大鹏,朱峰,郭燕,李将: "光通信网物理层全光异或加解密技术研究", 《光通信研究》 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111600829A (en) * | 2019-02-21 | 2020-08-28 | 杭州萤石软件有限公司 | Secure communication method and system for Internet of things equipment |
CN111144519A (en) * | 2019-12-05 | 2020-05-12 | 阿里巴巴集团控股有限公司 | Data processing method, electronic tag and device |
CN111144519B (en) * | 2019-12-05 | 2023-04-18 | 阿里巴巴集团控股有限公司 | Data processing method, electronic tag and device |
CN111800257A (en) * | 2020-06-01 | 2020-10-20 | 青岛海尔智能技术研发有限公司 | 3D model encryption transmission method and decryption method |
CN112906037A (en) * | 2021-03-26 | 2021-06-04 | 北京三快在线科技有限公司 | Communication encryption system, method and device |
CN113221188A (en) * | 2021-04-25 | 2021-08-06 | 亿海蓝(北京)数据技术股份公司 | AIS data evidence storing method, AIS data evidence obtaining device and AIS data evidence storing medium |
CN113221188B (en) * | 2021-04-25 | 2024-02-02 | 亿海蓝(北京)数据技术股份公司 | AIS data evidence storage method, evidence obtaining method, device and storage medium |
CN115514509A (en) * | 2021-06-23 | 2022-12-23 | 中移物联网有限公司 | Information transmission method and device, electronic equipment and readable storage medium |
CN113794560A (en) * | 2021-11-05 | 2021-12-14 | 深邦智能科技(青岛)有限公司 | Super instrument data transmission encryption method and system |
CN113794560B (en) * | 2021-11-05 | 2024-05-10 | 深邦智能科技集团(青岛)有限公司 | Data transmission encryption method and system for ultrasonic treatment instrument |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108683665A (en) | Data ciphering method, system in fiber optic communication and data transmitting equipment | |
CN108282459B (en) | Data transmission method and system based on intelligent contract | |
CN100468438C (en) | Encryption and decryption method for realizing hardware and software binding | |
CN110460439A (en) | Information transferring method, device, client, server-side and storage medium | |
CN111131278B (en) | Data processing method and device, computer storage medium and electronic equipment | |
CN107294709A (en) | A kind of block chain data processing method, apparatus and system | |
CN108366069A (en) | A kind of mutual authentication method and system | |
CN105591737A (en) | Data encryption, decryption and transmission methods and systems | |
CN108964922A (en) | mobile terminal token activation method, terminal device and server | |
CN109417467A (en) | Montgomery Algorithm with side-channel attacks countermeasure | |
CN109800588B (en) | Dynamic bar code encryption method and device and dynamic bar code decryption method and device | |
CN102904713A (en) | Key exchange method for secret key encryption communication system | |
CN112823503B (en) | Data access method, data access device and mobile terminal | |
CN103546289A (en) | USB (universal serial bus) Key based secure data transmission method and system | |
CN109039611B (en) | Decruption key segmentation and decryption method, device, medium based on SM9 algorithm | |
CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
CN113742709B (en) | Information processing method and device, readable medium and electronic equipment | |
CN105306212B (en) | A kind of label decryption method that identity is hiding and safe by force | |
US11431489B2 (en) | Encryption processing system and encryption processing method | |
CN110191136A (en) | A kind of convenient and fast file secure transmission method and equipment | |
CN112910641B (en) | Verification method and device for cross-link transaction supervision, relay link node and medium | |
CN113038463B (en) | Communication encryption authentication experimental device | |
CN111786955B (en) | Method and apparatus for protecting a model | |
CN113159767A (en) | Transfer processing method, device and system based on block chain | |
CN109246581A (en) | A kind of method and apparatus of communication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181019 |
|
RJ01 | Rejection of invention patent application after publication |