CN110661883A - Data transmission device and method - Google Patents

Data transmission device and method Download PDF

Info

Publication number
CN110661883A
CN110661883A CN201910996283.2A CN201910996283A CN110661883A CN 110661883 A CN110661883 A CN 110661883A CN 201910996283 A CN201910996283 A CN 201910996283A CN 110661883 A CN110661883 A CN 110661883A
Authority
CN
China
Prior art keywords
request
module
data
server
server module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910996283.2A
Other languages
Chinese (zh)
Inventor
刘玉铭
于濂
施煜
李崧
燕洪生
袁一文
李蒨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Normal University
Original Assignee
Beijing Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Normal University filed Critical Beijing Normal University
Priority to CN201910996283.2A priority Critical patent/CN110661883A/en
Publication of CN110661883A publication Critical patent/CN110661883A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/562Brokering proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The embodiment of the application provides a data transmission device and a data transmission method. The device includes: the security module and the server module are in communication connection; the server module is used for receiving a request from an external device, determining a communication protocol for communicating with the security module based on the type of the request, and forwarding the request to the security module based on the communication protocol; and the safety module is used for carrying out corresponding processing on the request according to the communication protocol and returning a processing result to the external equipment through the server module.

Description

Data transmission device and method
Technical Field
The embodiment of the application relates to the technical field of communication, in particular to a data transmission device and a data transmission method.
Background
In the inspection process, data processing is often performed by using a security chip of a national power grid. At present, the security chip is mainly integrated on patrolling and examining terminal equipment, and this kind of integrated mode for every equipment of patrolling and examining all need an integrated security chip, and need to patrol and examine the circuit structure of terminal equipment inside and patrol and examine the base station and improve, can involve the improvement of software and hardware in the improvement process, change great, and every user all need to patrol and examine equipment when using the security chip and improve, and the cost is higher.
Disclosure of Invention
The embodiment of the application provides a data transmission device and a data transmission method, and inspection equipment and an inspection base station do not need to be improved.
In a first aspect, an embodiment of the present application provides a data transmission apparatus, including: the security module and the server module are in communication connection; the server module is used for receiving a request from an external device, determining a communication protocol for communicating with the security module based on the type of the request, and forwarding the request to the security module based on the communication protocol; and the safety module is used for carrying out corresponding processing on the request according to the communication protocol and returning a processing result to the external equipment through the server module.
In a second aspect, an embodiment of the present application provides a data transmission method, which is applied to a server module and is applied to the server module, where the server module is in communication connection with a security module, and the method includes: receiving a request from an external device; determining a communication protocol for communicating with a security module based on the type of the request; and forwarding the request to the security module based on the communication protocol so that the security module performs corresponding processing on the request according to the communication protocol, and sending the received processing result to the external device.
In a third aspect, an embodiment of the present application provides a data transmission method, which is applied to a security module, where the security module is connected to a server module, and the method includes:
receiving a request from an external device sent by a server module;
performing corresponding processing on the request according to the type of the request;
and sending the processing result to the server module so that the server module sends the processing result to the external equipment.
According to the data transmission device and method provided by the embodiment of the application, the server module and the safety module are arranged outside the equipment, and the equipment is in communication connection with the server module, so that the request of the external equipment is firstly sent to the server, then the server is communicated with the safety module to complete the processing corresponding to the request, and the processing result is returned to the external equipment, so that the effect of completing data processing outside the external equipment is achieved, one safety module can provide services for a plurality of external equipment, the problems that in the prior art, each piece of equipment needs to be modified, and the high cost is caused by the fact that each piece of equipment needs to be integrated with one safety chip are avoided.
Drawings
Fig. 1 is a schematic structural diagram of a data transmission device according to an embodiment of the present application;
FIG. 2 is a flow chart of an application scenario provided by another embodiment of the present application;
fig. 3 is a flowchart of a data transmission method according to an embodiment of the present application;
fig. 4 is a flowchart of a data transmission method according to an embodiment of the present application.
With the foregoing drawings in mind, certain embodiments of the disclosure have been shown and described in more detail below. These drawings and written description are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the concepts of the disclosure to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
The following describes the technical solutions of the present application and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
Fig. 1 is a schematic structural diagram of a data transmission device according to an embodiment of the present application. The embodiment of the present application provides a data transmission device, which addresses the above technical problems in the prior art, and as shown in fig. 1, the device 10 includes: a security module 11 and a server module 12 which are in communication connection; the server module 12 is configured to receive a request from an external device, determine a communication protocol for communicating with the security module 11 based on a type of the request, and forward the request to the security module 11 based on the communication protocol; and the security module 11 is configured to perform corresponding processing on the request according to the communication protocol, and return a processing result to the external device through the server module 12. Optionally, a hardware connection mode is adopted between the security module 11 and the server module 12, and the hardware connection mode may be a serial port mode; the Serial port may be a Universal Serial Bus (USB), RS232, SATA, PS/2, or RS 485.
Specifically, the security module 11 includes: a secure unit 111 and a secure unit interface module 112; the server module 12 includes server middleware 121 and a server interface module 122; the security unit 111, the security unit interface module 112, the server interface module 122 and the server middleware 121 are connected in sequence; the server interface module 122 is configured to convert data of the server middleware 121 into data in a serial port format, and send the data to the secure unit interface module 112; and the secure unit interface module 112 is configured to convert the data in the serial port format into data in a format that can be identified by the secure unit 111, and send the data to the secure unit 111 for data processing.
The security unit 111 may be a security chip of the national power grid, for example, a security chip with a model number SC 1437A. The secure element interface module 112 includes a first processing element (not shown) and an interface element (not shown); the first processing unit is used for carrying out format conversion on the data from the safety unit and sending the data to the server module, or carrying out format conversion on the data from the server module and sending the data to the safety module; the interface unit is used to connect with the server interface module 122. Optionally, the safety unit interface module 112 may further include a power supply unit (not shown in the figure) for supplying power to the safety unit 111.
Wherein the server middleware 121 includes an external communication interface 1211 and a second processing unit 1212; the external communication interface 1211 is used for communicating with an external device, and the second processing unit 1212 is used for processing data from the external device or the security module 11.
The above-described embodiments describe the request including at least one of encryption, decryption, obtaining device unique identification information, and verifying device unique identification information. Optionally, the server module 12 needs to establish a communication connection with the security module 11 before receiving a request from an external device. The method specifically comprises the following steps:
1. the server module 12 detects whether the security module 11 is connected after being started.
2. If the detection result is that the security module 11 is connected, sending a verification instruction to the security module 11 to verify the security module 11; if the detection result is that the security module 11 is not connected, the hardware connection event continues to be intercepted until the connection is successful.
Specifically, a verification instruction is sent to the security module 11 to verify the security module 11, and whether verification is successful is determined according to the response result of the security unit 111. The method comprises the following steps:
step 2.1, sending a startup verification request to the security module 11, wherein the startup verification request is communication data of a hexadecimal sequence: 0x550x 000 xA 00 x 010 x 000 x 000 x 000 x 5E.
Step 2.2, if the 29-byte sequence data returned by the safety unit 111 is not received, sending alarm information and recording the error event; if 29 bytes of sequence data are received, step 2.3 is performed. Assume that the received hexadecimal sequence is:
B1B2…B28B29
wherein B isi∈[0x00,0xFF],i=1,2…,29,BiIs a binary byte.
Step 2.3, if B1Not equal to 67 or B2Not equal to 132 or B3Not equal to 0 or B4Not equal to 0 or B5Not equal to 8, indicating a verification failure, an alarm message will be sent and the error event will be recorded, otherwise step 2.5 is executed.
And 2.4, calculating the received hexadecimal sequence according to a preset rule, and determining whether the verification is successful according to a calculation result.
Specifically, the received hexadecimal sequence is calculated according to the following formula:
Figure BDA0002239800660000041
if it is not
Figure BDA0002239800660000042
Indicating that the verification fails, sending alarm information and recording the error event; if it is notThe verification is successful.
Further, through the above steps 2.1 to 2.4, the server module 12 completes the establishment of the communication connection with the security module 11, and then starts polling for the request of the external device; wherein the request includes at least a scan from a national grid patrolThe format of the request can be a network access request format, and can also be a request encapsulation format conforming to any http/https access, including but not limited to a format for performing a network access request by using methods such as GET/POST, for example, xml, text, or json format, and when the request is in a text request format, the data format of the request is: operator parameter1 parameter2parameter3…parameternWherein operator is an operator of a command, usually a text string, parameteriIs a list of parameters that the operation requires, typically a text string or a string formed after hexadecimal conversion of a binary. After receiving the request of the external device, the server module 12 first determines the type of the request, and then constructs a corresponding communication protocol based on the different types of the request to communicate with the security module 11, so that the security module 11 determines the type of the request according to the pre-agreed communication protocol, and performs corresponding processing on the request. The process of processing the request by the data transmission device comprises the following four implementation modes:
in an alternative embodiment, the type of the request is an encryption request, and the functions of the modules in the data transmission apparatus are specifically as follows: the server module 12 is used for receiving an encryption request and data to be encrypted from an external device and forwarding the encryption request and the data to be encrypted to the security module 11; and the security module 11 is configured to encrypt data to be encrypted, and return the encrypted data to the external device through the server module 12.
Illustratively, the server module 12, upon receiving a request from an external device, first determines a type of the request, and then constructs a corresponding communication protocol to communicate with the security module 11 based on the different types of the request, including:
step 3.1, when the operator of the received command is "encrypt data", it is assumed that there are two parameters parameter1And parameter2Binary byte order of hexadecimalColumn, is data that needs to be encrypted, with two parameters, parameter1And parameter2The binary byte sequences of (a) are respectively: parameter1:
Figure BDA0002239800660000051
parameter2:
Figure BDA0002239800660000052
Step 3.2, the server module 12 sends the encrypted data and the encryption request to the security module 11, and the data format of the encrypted data and the encryption request (hexadecimal sequence) is as follows: 0x550x 000 xA 00 x 030 x00L 1L 20x 01
Figure BDA0002239800660000053
Wherein 0x550x 000 xA 00 x 030 x00L 1L 20x 01 is the communication protocol constructed by the server module 12, and L1 and L2 are hexadecimal numbers which convert the number m + n +1 to two bits, respectively;
Figure BDA0002239800660000054
as parameter1
Figure BDA0002239800660000055
As parameter2
Figure BDA0002239800660000056
The calculation is carried out according to the following rules:
step 3.3, the server module 12 waits for response data returned by the security element 111. If the received response data is less than or equal to 5 bytes, sending alarm information, recording the alarm event, and returning an error response;
step 3.4, if the received data is larger than 5 bytes, and the received hexadecimal sequence is as follows: r1R2…Rl- 1RlWherein R isi∈[0x00,0xFF]I is 1,2 …, and l is a binary byte. It is verified whether the response data is correct.
Specifically, whether the verification response data is correct or not can be verified in the following three ways:
the first mode is as follows: if R is1Not equal to 67 or R2Not equal to 132 or R3If not equal to 0, indicating that the verification fails, sending alarm information, recording the alarm event, and returning an error response; if R is1=67,R2132 and R3And 0, the verification is successful.
The second mode is as follows: if 256 × R4+R5If not equal to l-5, indicating that the verification fails, sending alarm information, recording the alarm event, and returning an error response; if 256 × R4+R5And l-5, the verification is successful.
The third mode is as follows: the hexadecimal sequence R is subjected to the following rule1R2…Rl-1RlAnd (3) calculating:
Figure BDA0002239800660000061
if it is not
Figure BDA0002239800660000062
If the verification fails, sending alarm information, recording the alarm event, and returning an error response; if it is not
Figure BDA0002239800660000063
The verification is successful.
And 3.5, after the verification is successful, constructing a response according to the same mode as the request, wherein:
when the request is text, the response data format is: r6R7…Rl-2Rl-1. When the request is xml or json, the response data format can be constructed by referring to the construction principle of text.
And 3.6, returning the constructed response to the requested external equipment in a mode corresponding to the request.
In another optional implementation, the type of the request is a decryption request, and the functions of each module in the data transmission apparatus are specifically as follows: a server module 12, configured to receive encrypted data from the external device and forward the encrypted data to the security module 11; the security module 11 is configured to decrypt the encrypted data, and return the decrypted data to the external device through the server module 12.
For the decryption embodiment, except that the format of the requested communication data is different from the format of the encrypted requested communication data, the processing procedure of the request may refer to the description about encryption in the above example, and will not be described again here. Specifically, the data format of the decryption request is: 0x550x 000 xA 00 x 040 x00L 1L 20x 01
Figure BDA0002239800660000064
In another optional implementation manner, when the type of the request is to acquire the unique device identification information, the functions of each module in the data transmission apparatus are specifically as follows: the server module 12 is configured to receive the read encoded data from the external device, and forward the encoded data to the security module 11; the security module 11 is configured to determine unique identification information of the device read by the external device according to the encoded data, and return the unique identification information to the external device through the server module 12.
For the embodiment of obtaining the device unique identification information, except that the format of the requested communication data is different from the format of the communication data requested by encrypting, the processing procedure of the request may refer to the description about encryption in the above example, and will not be described herein again. Specifically, the data format of the request for obtaining the unique device identification information is as follows: 0x550x 000 xA 00 x 050 x00L 1L 20x02
Figure BDA0002239800660000071
Figure BDA0002239800660000072
In another optional implementation manner, when the type of the request is the unique identification information of the authentication device, the functions of each module in the data transmission apparatus are specifically as follows: the server module 12 is configured to receive encoded data read by the external device and unique identification information of the read device, and forward the encoded data and the unique identification information to the security module 11; the security module 11 is configured to verify the encoded data and the unique identification information of the read device according to a preset rule, and return a verification result to the external device through the server module 12.
Illustratively, the server module 12, upon receiving a request from an external device, first determines a type of the request, and then constructs a corresponding communication protocol to communicate with the security module 11 based on the different types of the request, including:
step 4.1, when the operator of the received command is "unique identification information of verification device (VerifyMAC)", it is assumed that there are three parameters1、parameter2And parameter3(binary byte sequences that are hexadecimal), three parameters parameter1、parameter2And parameter3The binary byte sequences of (a) are respectively: parameter1:
Figure BDA0002239800660000073
parameter2:
Figure BDA0002239800660000074
parameter3:
Step 4.2, the server module 12 sends a request for verifying the unique device identification information to the security module 11, where the data format of the request for verifying the unique device identification information (hexadecimal sequence) is: 0x550x 000 xA 00 x 060 x00L 1L 20x02
Figure BDA0002239800660000076
Wherein 0x550x 000 xA 00 x 030 x00L 1L 20x 01 isThe communication protocol, L1 and L2, constructed by the server module 12, are hexadecimal with the number m + n +1 converted to two bits, respectively;
Figure BDA0002239800660000077
as parameter1
Figure BDA0002239800660000078
As parameter2
Figure BDA0002239800660000079
Is a parameter3
Figure BDA00022398006600000710
The calculation is carried out according to the following rules:
Figure BDA0002239800660000081
where XOR is the XOR operator.
Figure BDA0002239800660000082
Step 4.3, the server module 12 waits for response data returned by the security element 111. If the received response data is not equal to 6 bytes, sending alarm information, recording the alarm event, and returning an error response;
step 4.4, if the received data is equal to 6 bytes, verifying whether the response data is correct; assume that the received data is: r1R2R3R4R5R6Wherein R isi∈[0x00,0xFF]I is 1,2 …, and l is a binary byte.
Specifically, whether the verification response data is correct or not can be verified in the following two ways:
the first mode is as follows: if R is1Not equal to 67 or R2Not equal to 132 or R3Not equal to 0 or R4Not equal to 0 or R5If not equal to 0, the verification fails, alarm information is sent and recordedThe warning event returns an error response; if R is1=67、R2=132、R3=0、R40 and R5And 0, the verification is successful.
The second mode is as follows: for 6 bytes of data R according to the following rule1R2R3R4R5R6And (3) calculating:
Figure BDA0002239800660000083
if it is not
Figure BDA0002239800660000084
If the verification fails, sending alarm information, recording the alarm event, and returning an error response; if it is not
Figure BDA0002239800660000085
The verification is successful.
And 4.5, after the verification is successful, constructing a response according to the same mode as the request, wherein:
when the request is text, the response data format is: YES/NO. When the request is xml or json, the response data format can be constructed by referring to the construction principle of text.
And 4.6, returning the constructed response to the external equipment of the request in a mode corresponding to the request.
In different application scenarios, the processing procedure of the data transmission device may include two or more than two of the above four processing procedures. The two or more processing procedures have sequential execution relationship to complete service realization in different scenes. The following takes an inspection scene as an example, and details the above process of the embodiment of the present application are described:
fig. 2 is a flowchart in an application scenario provided in an embodiment of the present application. As shown in fig. 2, the data transmission apparatus operates specifically in the polling scenario as follows:
s201, after the server module 12 is started, detecting whether the security module 11 is connected.
S202, if the security module 11 is not connected, alarm information is sent, and an event that the security module 11 is not connected is recorded in a log.
S203, if the security module 11 is connected, the security module 11 is verified.
Specifically, the security module 11 may be authenticated by sending a power-on authentication command to the security module 11.
And S204, if the verification of the security module 11 fails, sending alarm information, and recording an event of the failure of the verification of the security module 11 in a log.
S205, if the verification of the security module 11 is successful, the external communication interface monitors whether there is a request of an external device.
And S206, if the external communication interface monitors the request of the external equipment, sending the request of the external equipment to the second processing unit.
For example, in an inspection scene, inspection equipment acquires inspection data of equipment to be inspected. These collected patrol data are typically encrypted data. The encrypted data including the inspection date, the inspection staff, and the like is uploaded to the server module 12 by the inspection equipment.
S207, the second processing unit identifies the type of the request.
S208, if the result of the identification by the second processing unit is encrypted data from the external device, the encrypted data is transmitted to the security module 11.
Due to the requirements of the national grid, the encrypted data needs to be decrypted by the security unit 111 (security chip of the national grid) to be processed in the server module 12.
S209, the security unit 111 in the security module 11 receives the encrypted data, decrypts the encrypted data, and returns the decrypted data to the server module 12.
S210, the second processing unit of the server module 12 processes the decryption process, and sends the processing result to the security unit 111.
Since the patrol equipment always receives the encrypted data, the server module 12 needs to send the processing result to the security unit 111 for encryption after completing the business logic of adding or replacing the decrypted data.
S211, the security unit 111 encrypts the processing result and returns the encrypted processing result to the second processing unit, and the second processing unit returns the encrypted processing result to the external device.
According to the embodiment of the application, the server module and the safety module are arranged outside the equipment, the equipment is in communication connection with the server module, the request of the external equipment is firstly sent to the server, the server is communicated with the safety module to complete the processing corresponding to the request, and the processing result is returned to the external equipment, so that the effect of completing data processing outside the external equipment is achieved, one safety module can serve a plurality of external equipment, the situation that in the prior art, each piece of equipment needs to be modified, and the high cost caused by the fact that each piece of equipment needs to be integrated with one safety chip is avoided.
Fig. 3 is a flowchart of a data transmission method according to another embodiment of the present application. On the basis of the foregoing embodiment, the data transmission method provided in this embodiment is applied to the server module 12, and specifically includes the following steps:
step S301 receives a request from an external device.
Optionally, the external device may be a polling scanning terminal, a polling base station, a terminal device of a polling person, or other computer or other server.
Step S302, determining a communication protocol for communicating with the security module 11 based on the type of the request.
Optionally, the type of the request includes an encryption request, a decryption request, verification device unique identification information, acquisition device unique identification information, and the like.
Step S303, forwarding the request to the security module 11 based on the communication protocol, so that the security module 11 performs corresponding processing on the request according to the communication protocol, and sending the received processing result to the external device.
The implementation process of this step can be referred to the description of the foregoing data transmission device embodiment section, and the description is not repeated here.
According to the embodiment of the application, the server module and the safety module are arranged outside the equipment, the equipment is in communication connection with the server module, the request of the external equipment is firstly sent to the server, the server is communicated with the safety module to complete the processing corresponding to the request, and the processing result is returned to the external equipment, so that the effect of completing data processing outside the external equipment is achieved, one safety module can serve a plurality of external equipment, the situation that in the prior art, each piece of equipment needs to be modified, and the high cost caused by the fact that each piece of equipment needs to be integrated with one safety chip is avoided.
Fig. 4 is a flowchart of a data transmission method according to another embodiment of the present application. On the basis of the foregoing embodiment, the data transmission method provided in this embodiment is applied to the security module 11, and specifically includes the following steps:
step S401 receives a request from an external device sent by the server module 12.
Optionally, the external device may be a polling scanning terminal, a polling base station, a terminal device of a polling person, or other computer or other server.
And step S402, performing corresponding processing on the request according to the type of the request.
Optionally, the type of the request includes an encryption request, a decryption request, verification device unique identification information, acquisition device unique identification information, and the like.
Step S403, sending the processing result to the server module 12, so that the server module 12 sends the processing result to the external device.
The implementation process of this step can be referred to the description of the foregoing data transmission device embodiment section, and the description is not repeated here.
Optionally, the type of the request includes an encryption request and a decryption request; when the type of the request is an encryption request, the correspondingly processing the request according to the type of the request comprises: encrypts or decrypts data from an external device forwarded by the server module 12 and transmits the encrypted or decrypted data to the server module 12.
Optionally, the type of the request includes obtaining unique identification information of the external device; the corresponding processing of the request according to the type of the request comprises: determining unique identification information of the device read by the external device according to the coded data from the external device forwarded by the server module 12; transmitting the determined unique identification information to the server module 12 to cause the server module 12 to transmit the determined unique identification information to the external device.
Optionally, the type of the request includes unique identification information for verifying the external device; the corresponding processing of the request according to the type of the request comprises: according to the coded data from the external equipment and the unique identification information of the read equipment forwarded by the server module 12; and verifying the coded data and the unique identification information of the read device according to a preset rule, and sending a verification result to the server module 12, so that the server module 12 sends the verification result to the external device.
According to the embodiment of the application, the server module and the safety module are arranged outside the equipment, the equipment is in communication connection with the server module, the request of the external equipment is firstly sent to the server, the server is communicated with the safety module to complete the processing corresponding to the request, and the processing result is returned to the external equipment, so that the effect of completing data processing outside the external equipment is achieved, one safety module can serve a plurality of external equipment, the situation that in the prior art, each piece of equipment needs to be modified, and the high cost caused by the fact that each piece of equipment needs to be integrated with one safety chip is avoided.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute some steps of the methods according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It is obvious to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working process of the device described above, reference may be made to the corresponding process in the foregoing method embodiment, which is not described herein again.
Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.

Claims (10)

1. A data transmission apparatus, comprising: a server module and a security module in communication connection;
the server module is used for receiving a request from an external device, determining a communication protocol for communicating with the security module based on the type of the request, and forwarding the request to the security module based on the communication protocol;
and the safety module is used for carrying out corresponding processing on the request according to the communication protocol and returning a processing result to the external equipment through the server module.
2. The apparatus of claim 1, wherein the type of the request comprises an encryption request or a decryption request;
the server module is used for receiving an encryption request and data to be encrypted from the external equipment and forwarding the encryption request and the data to be encrypted to the security module under the condition that the type of the request is an encryption request;
the security module is used for encrypting the data to be encrypted and returning the encrypted data to the external equipment through the server module;
the server module is used for receiving the encrypted data from the external equipment and forwarding the encrypted data to the security module under the condition that the type of the request is a decryption request;
and the security module is used for decrypting the encrypted data and returning the decrypted data to the external equipment through the server module.
3. The apparatus of claim 1, wherein the type of the request comprises obtaining unique identification information of the external device;
the server module is used for receiving the read coded data from the external equipment and forwarding the coded data to the security module;
and the security module is used for determining the unique identification information of the equipment read by the external equipment according to the coded data and returning the unique identification information to the external equipment through the server module.
4. The apparatus of claim 1, wherein the type of the request comprises unique identification information to authenticate the external device;
the server module is used for receiving the coded data read by the external equipment and the unique identification information of the read equipment and forwarding the coded data and the unique identification information to the security module;
and the safety module is used for verifying the coded data and the unique identification information of the read equipment according to a preset rule and returning a verification result to the external equipment through the server module.
5. The apparatus of any of claims 1-4, wherein the security module comprises: a security unit and a security unit interface module;
the server module comprises a server middleware and a server interface module;
the security unit, the security unit interface module, the server interface module and the server middleware are connected in sequence;
the server interface module is used for converting the data of the server middleware into data in a serial port format and sending the data to the safety unit interface module;
and the safety unit interface module is used for converting the data in the serial port format into data in a format which can be identified by the safety unit and sending the data to the safety unit for data processing.
6. A data transmission method, applied to a server module, wherein the server module is in communication connection with a security module, and the method includes:
receiving a request from an external device;
determining a communication protocol to communicate with the security module based on the type of the request;
and forwarding the request to the security module based on the communication protocol so that the security module performs corresponding processing on the request according to the communication protocol, and sending the received processing result to the external device.
7. A data transmission method, applied to a security module, wherein the security module is in communication connection with a server module, the method comprising:
receiving a request from an external device sent by the server module;
performing corresponding processing on the request according to the type of the request;
and sending the processing result to the server module so that the server module sends the processing result to the external equipment.
8. The method of claim 7, wherein the types of requests include an encryption request and a decryption request;
when the type of the request is an encryption request, the correspondingly processing the request according to the type of the request comprises:
and encrypting and/or decrypting the data from the external equipment forwarded by the server module, and sending the encrypted or decrypted data to the server module.
9. The method of claim 7, wherein the type of the request comprises obtaining unique identification information of the external device;
the corresponding processing of the request according to the type of the request comprises:
according to the coded data from the external equipment forwarded by the server module, determining the unique identification information of the equipment read by the external equipment;
and sending the determined unique identification information to the server module so that the server module sends the determined unique identification information to the external device.
10. The method of claim 7, wherein the type of the request comprises verifying unique identification information of the external device;
the corresponding processing of the request according to the type of the request comprises:
according to the coded data from the external equipment and the unique identification information of the read equipment, which are forwarded by the server module;
and verifying the coded data and the unique identification information of the read equipment according to a preset rule, and sending a verification result to the server module so that the server module sends the verification result to the external equipment.
CN201910996283.2A 2019-10-18 2019-10-18 Data transmission device and method Pending CN110661883A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910996283.2A CN110661883A (en) 2019-10-18 2019-10-18 Data transmission device and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910996283.2A CN110661883A (en) 2019-10-18 2019-10-18 Data transmission device and method

Publications (1)

Publication Number Publication Date
CN110661883A true CN110661883A (en) 2020-01-07

Family

ID=69041288

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910996283.2A Pending CN110661883A (en) 2019-10-18 2019-10-18 Data transmission device and method

Country Status (1)

Country Link
CN (1) CN110661883A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012011575A1 (en) * 2010-07-23 2012-01-26 日本電信電話株式会社 Cryptosystem, cryptographic communication method, encryption device, key-generating device, decryption device, content server device, program, and recording medium
CN106533671A (en) * 2016-11-29 2017-03-22 美的智慧家居科技有限公司 Information interactive method and system and apparatus thereof
CN106656484A (en) * 2016-11-25 2017-05-10 北京三未信安科技发展有限公司 PCI password card driving system and implementation method thereof
CN106971092A (en) * 2017-02-27 2017-07-21 无锡紫光存储***有限公司 USB encryption card management systems based on cloud platform
CN108307388A (en) * 2018-02-01 2018-07-20 北京华大智宝电子***有限公司 A kind of wireless security terminal and data ciphering method
CN108665267A (en) * 2018-07-05 2018-10-16 中国工商银行股份有限公司 Safety certification device and system
CN110086825A (en) * 2019-05-08 2019-08-02 国网江苏省电力有限公司 A kind of unmanned plane electric inspection process data safe transmission system and method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012011575A1 (en) * 2010-07-23 2012-01-26 日本電信電話株式会社 Cryptosystem, cryptographic communication method, encryption device, key-generating device, decryption device, content server device, program, and recording medium
CN106656484A (en) * 2016-11-25 2017-05-10 北京三未信安科技发展有限公司 PCI password card driving system and implementation method thereof
CN106533671A (en) * 2016-11-29 2017-03-22 美的智慧家居科技有限公司 Information interactive method and system and apparatus thereof
CN106971092A (en) * 2017-02-27 2017-07-21 无锡紫光存储***有限公司 USB encryption card management systems based on cloud platform
CN108307388A (en) * 2018-02-01 2018-07-20 北京华大智宝电子***有限公司 A kind of wireless security terminal and data ciphering method
CN108665267A (en) * 2018-07-05 2018-10-16 中国工商银行股份有限公司 Safety certification device and system
CN110086825A (en) * 2019-05-08 2019-08-02 国网江苏省电力有限公司 A kind of unmanned plane electric inspection process data safe transmission system and method

Similar Documents

Publication Publication Date Title
CN108833101B (en) Data transmission method of Internet of things equipment, internet of things equipment and authentication platform
US20180054423A1 (en) Method and Device for Providing a Key for Internet of Things (IoT) Communication
TWI642288B (en) Instant communication method and system
WO2019019887A1 (en) Server authentication method, apparatus and system for terminal access, server and computer readable storage medium
US11303453B2 (en) Method for securing communication without management of states
US9900296B2 (en) Securing communication within a network endpoint
CN103731266B (en) Method and system for authenticating electronic certificate
KR101835640B1 (en) Method for authentication of communication connecting, gateway apparatus thereof, and communication system thereof
CN103780609A (en) Cloud data processing method and device and cloud data security gateway
US11652640B2 (en) Systems and methods for out-of-band authenticity verification of mobile applications
CN107872315B (en) Data processing method and intelligent terminal
CN104104650A (en) Data file visit method and terminal equipment
CN109086588B (en) Authentication method and authentication equipment
CN114520730B (en) Data transmission method, device, system, computer equipment and storage medium
US9756044B2 (en) Establishment of communication connection between mobile device and secure element
CN103856938A (en) Encryption and decryption method, system and device
KR101745482B1 (en) Communication method and apparatus in smart-home system
WO2023141876A1 (en) Data transmission method, apparatus and system, electronic device, and readable medium
CN106789076B (en) Interaction method and device for server and intelligent equipment
CN110661883A (en) Data transmission device and method
CN109194490B (en) Power distribution network communication security authentication system and method
CN114915498B (en) Safety access gateway based on secret key protection
CN114125823B (en) Networking communication encryption method, server, household appliance, system and storage medium
CN112333656B (en) Gas meter data transmission method and gas meter
KR101132361B1 (en) Method and system for transferring data with improved security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200107

RJ01 Rejection of invention patent application after publication