[go: up one dir, main page]

CN118413392B - Trusted instruction transmission system - Google Patents

Trusted instruction transmission system Download PDF

Info

Publication number
CN118413392B
CN118413392B CN202410850521.XA CN202410850521A CN118413392B CN 118413392 B CN118413392 B CN 118413392B CN 202410850521 A CN202410850521 A CN 202410850521A CN 118413392 B CN118413392 B CN 118413392B
Authority
CN
China
Prior art keywords
sha256
host
instruction
data packet
packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410850521.XA
Other languages
Chinese (zh)
Other versions
CN118413392A (en
Inventor
纪风磊
李成哲
孙国栋
常高
张宝华
汪旭
段然
穆雪岩
朱立华
戴海青
乔泽兴
葛雷鸣
罗强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Ordnance Equipment Group Ordnance Equipment Research Institute
Original Assignee
China Ordnance Equipment Group Ordnance Equipment Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Ordnance Equipment Group Ordnance Equipment Research Institute filed Critical China Ordnance Equipment Group Ordnance Equipment Research Institute
Priority to CN202410850521.XA priority Critical patent/CN118413392B/en
Publication of CN118413392A publication Critical patent/CN118413392A/en
Application granted granted Critical
Publication of CN118413392B publication Critical patent/CN118413392B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0827Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving distinctive intermediate devices or communication paths
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a trusted instruction transmission system, which relates to the technical field of data transmission, and comprises: the host broadcasts a global clock data packet in the whole system every preset time period; encrypting the instruction data packet, and signing and abstracting the instruction data packet by using a host private key; issuing the encrypted instruction data packet to a terminal; at least one layer of intermediate machine, which signs the abstract of the received instruction data packet by using its private key; at least one terminal, after receiving the instruction data packet, checking signature abstracts of the host and the intermediate machine; decrypting the data packet to obtain a plaintext; SHA256 operations are performed on the data of the CONTENT field of the instruction packet.

Description

Trusted instruction transmission system
Technical Field
The invention belongs to the technical field of data transmission, and particularly relates to transmission of trusted instructions.
Background
In some application occasions, reliable and reliable encryption transmission of instructions is required, man-in-the-middle attacks and instruction retransmission attacks are prevented, the transmitted instructions are not tamperable and falsified, traceable and can be timely found once an encryption system is overcome.
The encryption communication of the current communication is based on the SSL protocol. It builds on the TCP protocol, and ensures confidentiality and integrity of communications through encryption and authentication. In SSL communication, an encryption channel is established between a server and a client by a public key encryption technique, transmitted data is encrypted, and data is subjected to array signature to prevent the data from being tampered.
At present, an SSL (secure socket layer) based encryption communication is issued by a third party CA, and the risk of leakage or cracking exists. SSL cannot prevent attack means such as retransmission of information. If the certificate is cracked, the sender and the terminal cannot be identified. .
Disclosure of Invention
To this end, the present invention proposes a trusted instruction transmission system comprising: a host, at least one layer of intermediate machines and at least one terminal; wherein,
The host broadcasts a global clock data packet in the whole system every preset time period; the host computer sends the instruction data packet to the terminal through the intermediate machine, encrypts the instruction data packet by using the public key of the terminal, and signature abstracts the encrypted instruction data packet by using the private key of the host computer; issuing the encrypted and signed instruction data packet to a terminal through a middleware machine;
the intermediate machine performs signature digest on the received instruction data packet by using a private key of the intermediate machine;
A terminal, which is internally provided with public keys of a host machine and an intermediate machine; after receiving the instruction data packet, sequentially checking the signature digest of the host by using the public key of the host, and checking the signature digest corresponding to the intermediate by using the public key of the intermediate; decrypting the encrypted data packet by using a private key of the terminal to obtain a plaintext; carrying out SHA256 operation on the data of the CONTENT field of the obtained plaintext instruction data packet, and when the result of the SHA256 operation is the same as the data of the CMD_SHA256 field of the instruction data packet, taking out the data of the SN field of the instruction data packet, and searching for a global clock data packet with the SN sequence number; when the data of the CMD_SHA256 field of the global clock data packet obtained by searching is the same as the data of the CMD_SHA256 field of the command data packet, the command data packet is not tampered and retransmitted.
Further, when the intermediate machine is connected with the host again after offline, the host re-transmits the global clock data packet which is not received when the intermediate machine is offline to the intermediate machine; when the terminal is connected with the intermediate machine, the intermediate machine re-transmits the global clock data packet which is not received when the intermediate machine is offline to the terminal.
Further, the middleware machine and the terminal permanently store the received global clock data packet.
Further, the global clock data includes the following fields in order: SHA256, pre_sha256, SN, cmd_sha256, RANDOM and SIG; wherein,
SHA256, which is the result obtained by SHA256 operation on all data from the pre_sha256 field to the end of the global clock packet;
pre_sha256 is the SHA256 value in the last global clock packet;
SN is the sequence number of the global clock data packet;
cmd_sha256 is the result of SHA256 operation performed on the encrypted instruction packet;
the RANDOM number is used for controlling the generation difficulty of the global clock data packet;
SIG, the host uses its private key to digest the signature from pre_sha256 to the RANDOM field.
Further, the host searches for a RANDOM number, fills the RANDOM field of the global clock packet, and then performs SHA256 operation on all data of the global clock packet from the beginning to the end of the pre_sha256 field, where the beginning of the sha256 operation result has an ASCII code with a predetermined number of characters of 0.
Further, the host computer stores the public key of the terminal and places the signature digest in the header of the instruction packet.
Further, the plain text of the instruction data packet issued by the host sequentially includes the following fields: SN, cmd_sha256, and CONTENT; wherein,
SN is the sequence number of the global clock packet where the encrypted data SHA256 of the present instruction packet is located;
cmd_sha256 is the result of SHA256 operation performed on the encrypted instruction packet;
CONTENT, which is the specific instruction CONTENT.
Further, the system further comprises: one or more backup hosts, which cooperate with the host to perform SHA256 operation; the backup host records all instructions of the host; when the host cannot work normally, a backup host replaces the host to work.
Further, communication between the host computer and the intermediate computer is performed through Bluetooth, WIFI or Ethernet.
The trusted instruction transmission system realizes high-reliability communication by combining the autonomous operating system with the blockchain technology, ensures reliable, trusted and untampered transmission of instructions.
Drawings
FIG. 1 is a schematic diagram of a trusted instruction transmission system according to the present invention;
FIG. 2 is a diagram illustrating the composition of an instruction packet according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. It will be apparent that the described embodiments are only some, but not all, embodiments of the invention. The following description of at least one exemplary embodiment is merely exemplary in nature and is in no way intended to limit the invention, its application, or uses.
As shown in fig. 1, the trusted instruction transmission system of the present invention may be composed of one host, at least one layer of intermediate machines, and at least one terminal. After the instruction is input into the host, the instruction is transmitted to the terminal through at least one layer of intermediate machine and finally received by the terminal.
The communication between the host and the intermediate machine and the communication between the intermediate machine and the terminal can be performed through Bluetooth, WIFI, ethernet and the like, and the message sent by the host is transmitted to the terminal equipment through one or more layers of intermediate machines.
The trusted instruction transmission system of the invention can also be provided with one or more backup hosts, and the backup hosts cooperate with the host to carry out SHA256 (a secure hash algorithm standard) operation and the like; the host is used to send global clock packets or command packets and the backup host records all commands of the host. Thus, when the host cannot work normally, one backup host can replace the host to work.
The host computer sends a data packet to all devices in the system as a global clock every preset time period. The preset time period may be 10 minutes, as determined by the host computing power and the difficulty of generating the global clock packet. The fields and byte numbers of the global clock packet may be designed according to actual needs, for example, the byte number of the global clock packet is 141 bytes, where,
SHA256, located between 1 and 32 bytes, is the result obtained by SHA256 operation on all data from the 33 th byte to the end of the global clock packet;
PRE_SHA256, located at the 33 th to 64 th bytes, is the 1 st to 32 th byte value in the last global clock packet, i.e. the SHA256 value in the last global clock packet;
SN, located in 65 th to 78 th bytes, is the sequence number of the global clock data packet;
Cmd_sha256, located at bytes 79 to 110, is the result of SHA256 operations performed on the encrypted instruction packet;
RANDOM, located at bytes 111 to 118, is a RANDOM number; the random number is used for controlling the generation difficulty of the global clock data packet.
SIG, located at 119 th to 141 th bytes, is a signature digest of 33 th to 118 th bytes for the host with its private key.
The host searches 8-bit RANDOM number RANDOM, fills the 111 th to 118 th bytes of the global clock data packet, and then carries out SHA256 operation on all data from the 33 th byte to the end of the data packet, wherein the head of a result obtained by the SHA256 operation needs to have a preset number of characters which are all 0 of ASCII codes. All global clock packets form a data chain by SHA256 and pre_sha 256. It is almost impossible for an attacker to forge this data chain, since it requires that the attacker not only possess the private key of the host, but at least acquire the data of the most recent global clock packet and have more computational power than the SHA256 of the host.
The global clock packet is broadcast by the host throughout the system. The host is always on, and the intermediate is usually on. When the intermediate machine is occasionally not on-line, after the intermediate machine is reconnected to the host machine, the host machine can issue a global clock data packet which is not received when the intermediate machine is off-line; after the terminal is connected with the intermediate machine, the intermediate machine can issue the global clock data packet which is not received when the terminal is offline. After receiving the global clock data packet, the middleware machine and the terminal permanently store the received global clock data packet.
The public key corresponding to the private key of the host is built in the operating systems of the intermediate machine and the terminal, and the encryption and decryption algorithm runs in the kernel space of the operating system, so that the public key is difficult to tamper. The public key of the terminal is stored in the host computer, and only the system administrator has permission to change.
The plaintext format of the instruction data packet which is issued by the host to the terminal is as follows:
SN, located in bytes 1 to 14, is the sequence number of the global clock packet where the encrypted data SHA256 of the present instruction packet is located.
Cmd_sha256, at bytes 15 to 46, is the result of SHA256 operations performed on the encrypted instruction packet.
CONTENT, beginning and ending in section 47, is the specific instruction CONTENT.
The host encrypts the command data packet by using the public key of the terminal, thereby ensuring that other devices except the terminal cannot crack the command.
The host uses its private key to carry out signature digest on the instruction data packet, and places the signature digest on the head of the instruction data packet. Each time a middleware machine passes, the middleware machine uses its private key to sign and digest the whole data packet it receives. The final packet is shown in fig. 2.
After receiving the instruction data packet, the terminal verifies the signature digest of the host by using the public key of the host, and then verifies the signature digest of each intermediate machine by using the public key of the intermediate machine in turn. When all signature digests are verified to be correct, the command data packet can be proved to be sent out from the host machine to be confirmed by the intermediate machine, and the transmission path is credible.
And then the terminal decrypts the encrypted data packet by using the private key of the terminal, and performs SHA256 operation on the CONTENT data of the instruction data packet after obtaining a plaintext. The result of the SHA256 operation is then compared to the data in the CMD_SHA256 field of the instruction packet. If the data packets are different, the data packets can be judged to be damaged or tampered in the transmission process. The packet may be discarded or may require retransmission. If the data in the SN field of the command data packet are the same, the data in the CMD_SHA256 field of the command data packet is checked if the data in the CMD_SHA256 field of the command data packet is the same as the data in the CMD_SHA256 field of the command data packet. If so, it can be fully confirmed that the data packet has not been tampered with and retransmitted. The receiving and decrypting of the terminal data are operated in the kernel space of the operating system, and the terminal data are transmitted to the trusted application for displaying after the integrity and the reliability of the data are confirmed, so that the instruction data are prevented from being acquired by the untrusted application.
If an attacker falsifies an instruction, it needs to falsify the propagation of a global clock packet to the whole network. It is very difficult to forge the tampered global clock packet because of the need to obtain history data, host signatures, and HASH capabilities beyond that of the host. If the attacker has this capability, the host will also immediately find out that a person is trying to attack. Because only the host can send global clock packets at the same time.
An attacker occasionally sends a successful global clock packet, which needs to compete with the host in the network, because once it stops sending packets, the host can take control of the network with the latest clock packet. While a sustained uninterrupted attack may result in a quick exposure of an attacker.
If the attacker cannot obtain the control right of the clock data packet, any tampering and falsification of the instruction data packet cannot be accepted by the terminal because the command data packet is not registered on the global clock data chain.
Even if an attacker obtains the control right of the global clock packet, the attacker needs to know the private key of the intermediate machine through the instruction path to be accepted by a certain terminal in order to attack a specific terminal. This will further increase the difficulty of the attacker.
The trusted instruction transmission system can complete the instruction transmission, is trusted and secret, is not tampered, is traceable, and can be discovered immediately once an attacker attacks. Can be used in the fields of national defense, business and the like which need high-reliability communication.
The above embodiments are only for illustrating the technical solution of the present invention and not for limiting the same, although the present invention has been described in detail with reference to the preferred embodiments, it will be understood by those skilled in the art: modifications may be made to the specific embodiments of the present invention or equivalents may be substituted for part of the technical features thereof; without departing from the spirit of the invention, it is intended to cover the scope of the invention as claimed.

Claims (9)

1. A trusted instruction transmission system, the system comprising: a host, at least one layer of intermediate machines and at least one terminal; wherein,
The host broadcasts a global clock data packet in the whole system every preset time period; the host computer sends the instruction data packet to the terminal through the intermediate machine, encrypts the instruction data packet by using the public key of the terminal, and signature abstracts the encrypted instruction data packet by using the private key of the host computer; issuing the encrypted and signed instruction data packet to a terminal through a middleware machine;
the intermediate machine performs signature digest on the received instruction data packet by using a private key of the intermediate machine;
A terminal, which is internally provided with public keys of a host machine and an intermediate machine; after receiving the instruction data packet, sequentially checking the signature digest of the host by using the public key of the host, and checking the signature digest corresponding to the intermediate by using the public key of the intermediate; decrypting the encrypted data packet by using a private key of the terminal to obtain a plaintext; carrying out SHA256 operation on the data of the CONTENT field of the obtained plaintext instruction data packet, and when the result of the SHA256 operation is the same as the data of the CMD_SHA256 field of the instruction data packet, taking out the data of the SN field of the instruction data packet, and searching for a global clock data packet with the SN sequence number; when the data of the CMD_SHA256 field of the global clock data packet obtained by searching is the same as the data of the CMD_SHA256 field of the command data packet, the command data packet is not tampered and retransmitted.
2. The trusted instruction transmission system of claim 1, wherein when the intermediate machine is reconnected to the host after being offline, the host resends global clock packets to the intermediate machine that were not received when the intermediate machine was offline; when the terminal is connected with the intermediate machine, the intermediate machine re-transmits the global clock data packet which is not received when the intermediate machine is offline to the terminal.
3. The trusted instruction transfer system of claim 2, wherein the intermediate machine and the terminal permanently store the received global clock packets.
4. The trusted instruction transmission system of claim 1, wherein the global clock data includes the following fields in order: SHA256, pre_sha256, SN, cmd_sha256, RANDOM and SIG; wherein,
SHA256, which is the result obtained by SHA256 operation on all data from the pre_sha256 field to the end of the global clock packet;
pre_sha256 is the SHA256 value in the last global clock packet;
SN is the sequence number of the global clock data packet;
cmd_sha256 is the result of SHA256 operation performed on the encrypted instruction packet;
the RANDOM number is used for controlling the generation difficulty of the global clock data packet;
SIG, the host uses its private key to digest the signature from pre_sha256 to the RANDOM field.
5. A trusted instruction transmission system as claimed in claim 3, characterized in that the host looks for a RANDOM number, fills the RANDOM field of the global clock packet, and then performs the SHA256 operation on all data of the global clock packet from the beginning to the end of the pre_sha256 field, the SHA256 operation resulting in a result having an ASCII code with a predetermined number of characters of 0 at the beginning.
6. The trusted instruction delivery system of claim 1, wherein the host maintains a public key of the terminal and places the signature digest in the header of the instruction packet.
7. The trusted instruction transmission system of claim 1, wherein the plaintext of the instruction packet issued by the host comprises the following fields in order: SN, cmd_sha256, and CONTENT; wherein,
SN is the sequence number of the global clock packet where the encrypted data SHA256 of the present instruction packet is located;
cmd_sha256 is the result of SHA256 operation performed on the encrypted instruction packet;
CONTENT, which is the specific instruction CONTENT.
8. The trusted instruction transmission system of claim 1, further comprising: one or more backup hosts, which cooperate with the host to perform SHA256 operation; the backup host records all instructions of the host; when the host cannot work normally, a backup host replaces the host to work.
9. The trusted instruction transfer system of claim 1, wherein communication between the host and the intermediate machine is via bluetooth, WIFI, or ethernet.
CN202410850521.XA 2024-06-28 2024-06-28 Trusted instruction transmission system Active CN118413392B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410850521.XA CN118413392B (en) 2024-06-28 2024-06-28 Trusted instruction transmission system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410850521.XA CN118413392B (en) 2024-06-28 2024-06-28 Trusted instruction transmission system

Publications (2)

Publication Number Publication Date
CN118413392A CN118413392A (en) 2024-07-30
CN118413392B true CN118413392B (en) 2024-09-06

Family

ID=92004653

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410850521.XA Active CN118413392B (en) 2024-06-28 2024-06-28 Trusted instruction transmission system

Country Status (1)

Country Link
CN (1) CN118413392B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113132099A (en) * 2021-04-06 2021-07-16 鼎铉商用密码测评技术(深圳)有限公司 Method and device for encrypting and decrypting transmission file based on hardware password equipment
CN117459235A (en) * 2023-09-15 2024-01-26 中通服创发科技有限责任公司 Method for realizing trusted control instruction for terminal equipment of Internet of things

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9118467B2 (en) * 2013-03-13 2015-08-25 Atmel Corporation Generating keys using secure hardware
CN118018302A (en) * 2024-03-04 2024-05-10 上海商米科技集团股份有限公司 Security protection system, method and computer readable medium for terminal equipment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113132099A (en) * 2021-04-06 2021-07-16 鼎铉商用密码测评技术(深圳)有限公司 Method and device for encrypting and decrypting transmission file based on hardware password equipment
CN117459235A (en) * 2023-09-15 2024-01-26 中通服创发科技有限责任公司 Method for realizing trusted control instruction for terminal equipment of Internet of things

Also Published As

Publication number Publication date
CN118413392A (en) 2024-07-30

Similar Documents

Publication Publication Date Title
US10516662B2 (en) System and method for authenticating the legitimacy of a request for a resource by a user
CN111555872B (en) Communication data processing method, device, computer system and storage medium
US20170180367A1 (en) System And Method For Encrypted And Authenticated Electronic Messaging Using A Central Address Book
CN114244508B (en) Data encryption method, device, equipment and storage medium
US12299179B2 (en) Cryptographic method for verifying data
CN105721500A (en) TPM-based Modbus/TCP security enhancement method
WO2020065633A1 (en) Method, user device, management device, storage medium and computer program product for key management
CN114830572B (en) A data transmission method, device, equipment, system and storage medium
JP2020532928A (en) Digital signature methods, devices and systems
CN114915396B (en) A hopping key digital communication encryption system and method based on national secret algorithm
CN111884811B (en) Block chain-based data evidence storing method and data evidence storing platform
US20110320359A1 (en) secure communication method and device based on application layer for mobile financial service
US20200351100A1 (en) Cryptographic method for verifying data
Annessi et al. It's about time: Securing broadcast time synchronization with data origin authentication
CN113242235A (en) System and method for encrypting and authenticating railway signal secure communication protocol RSSP-I
CN112202773B (en) Computer network information security monitoring and protection system based on internet
CN107566393A (en) A kind of dynamic rights checking system and method based on trust certificate
Bäumer et al. Terrapin Attack: Breaking {SSH} Channel Integrity By Sequence Number Manipulation
US11716367B2 (en) Apparatus for monitoring multicast group
CN115242392B (en) Method and system for realizing industrial information safety transmission based on safety transmission protocol
CN118413392B (en) Trusted instruction transmission system
CN110149205B (en) Method for protecting Internet of things terminal by using block chain
CN107104888A (en) A kind of safe instant communicating method
CN110995671A (en) Communication method and system
CN119420784B (en) Block chain-based energy equipment data communication method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant