CN110881029B - Data transmission control method and device, storage medium and terminal - Google Patents

Data transmission control method and device, storage medium and terminal Download PDF

Info

Publication number
CN110881029B
CN110881029B CN201911014968.9A CN201911014968A CN110881029B CN 110881029 B CN110881029 B CN 110881029B CN 201911014968 A CN201911014968 A CN 201911014968A CN 110881029 B CN110881029 B CN 110881029B
Authority
CN
China
Prior art keywords
sub
strings
data
string
rule
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911014968.9A
Other languages
Chinese (zh)
Other versions
CN110881029A (en
Inventor
张志鹏
赵红方
冯勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Bestone Information Technology Co ltd
Original Assignee
Shanghai Bestone Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Bestone Information Technology Co ltd filed Critical Shanghai Bestone Information Technology Co ltd
Priority to CN201911014968.9A priority Critical patent/CN110881029B/en
Publication of CN110881029A publication Critical patent/CN110881029A/en
Application granted granted Critical
Publication of CN110881029B publication Critical patent/CN110881029B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The data transmission control method, device, storage medium and terminal provided by the application comprise the following steps: the data provider adds the transmission time stamp to the original data based on a convention algorithm to obtain a first character string; intercepting and rearranging the first character string according to a preset first rule and a preset second rule to obtain a first rearranged sub-character string; adding the user information data to the first rearranged sub-string to obtain a second string; intercepting and rearranging the second character string according to a preset third rule and a preset fourth rule to obtain a second rearranged sub-character string; and transmitting the encrypted data formed by assembling the first character string and the second rearranged sub-character string according to a preset format to a data receiver. In the data transmission process of the data provider and the data receiver, the data content is encrypted and processed by using the timestamp information and the user information data, and the data receiver is checked, so that the data is not easy to crack and forge, and the risk of the data content being attacked and stolen by a third party is reduced.

Description

Data transmission control method and device, storage medium and terminal
Technical Field
The present invention relates to the field of data communications technologies, and in particular, to a data transmission control method, a data transmission control device, a storage medium, and a terminal.
Background
The rapid development of network technology makes data transmission go deep into aspects of life, and the following network security problem becomes the focus of attention. For example, in data transmission, an illegal person may steal a character string, and directly send a random character string to a server, so that there is a risk of stealing user data.
To date, many techniques have been proposed for data transmission control methods, such as shifting, exclusive-or, etc. operations on plaintext data by using a key, so as to encrypt the data, and if the data cannot be decrypted correctly, only an unintelligible string (i.e. a scrambling code) can be obtained. However, since the length of the key is fixed, the time of breaking by the exhaustion method is shorter and shorter, and the security of data is lower and lower. In particular, many encryption principles are known, and new encryption methods are required for secure transmission of data.
Disclosure of Invention
The application provides a data transmission control method, a data transmission control device, a storage medium and a terminal, which can ensure the safety of user data transmission in a convenient mode and reduce the risk of attack, embezzlement or tampering.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
the first aspect of the present application provides a data transmission control method, including: at a data provider, the data provider adds a transmission time stamp to original data based on a contract algorithm to obtain a first character string carrying the transmission time stamp;
intercepting at least two first sub-strings from the first strings according to a preset first rule;
rearranging the intercepted first sub-strings according to a preset second rule to obtain first rearranged sub-strings;
adding the first rearranged sub-string with the user information data to obtain a second string carrying the user information data;
intercepting at least two second sub-strings from the second strings according to a preset third rule;
rearranging the intercepted second sub-strings according to a preset fourth rule to obtain second rearranged sub-strings;
and transmitting the encrypted data formed by assembling the first character string and the second rearranged sub-character string according to a preset format to a data receiver.
In a preferred embodiment, the first string comprises at least two parts, each separated by an 8-bit hexadecimal number FF: the first part is a 17-bit transmission time stamp, which is the current time of original data transmission, arranged in order of year (YYYY) month (MM) day (DD) time (HH) in (MM) seconds (ss) milliseconds (SSS); the second part is the length of the original data.
In a preferred embodiment, the second string comprises at least two parts, each separated by an 8-bit hexadecimal number FF: the first part is the length of the first rearranged substring and the second part is 18 bits of user information data.
In a preferred embodiment, the user information data comprises a unique identification of the user at the data provider, which may be a unique application identification, such as AppID; or the user information data includes an identification card number of the user.
Preferably, the method further comprises: receiving a response of the data receiver to the encrypted data transmission, the response comprising:
and the receiving data receiver processes and checks the encrypted data, and transmits error information when the check is not passed.
In a preferred embodiment, after the first substring is intercepted, the characters in the first substring are rearranged according to a preset fifth rule, and then each first substring rearranged according to the preset fifth rule is rearranged according to a preset second rule, so as to obtain a first rearranged substring.
In a preferred embodiment, after the second substring is intercepted, the characters in the second substring are rearranged according to a preset sixth rule, and then each rearranged second substring according to the preset sixth rule is rearranged according to a preset fourth rule, so as to obtain a second rearranged substring.
Preferably, the data transmission control method, at a data receiving side, includes:
-receiving encrypted data sent by a data provider;
-intercepting at least two first substrings from the first strings according to a preset first rule;
-rearranging the intercepted first substrings according to a second preset rule;
-adding the rearranged first substring to the user information data to obtain a second string carrying the user information data;
-intercepting at least two second substrings from the second character strings according to a preset third rule;
rearranging the intercepted second substrings according to a preset fourth rule to obtain a third rearranged substring;
-comparing the second rearranged sub-string with the third rearranged sub-string to obtain a comparison result;
and when the comparison result shows that the second rearrangement sub-string is matched with the third rearrangement sub-string, the verification is passed, the first string is decrypted based on a convention algorithm, the insertion position of the transmission time stamp is calculated, and the transmission time stamp is removed from the first string, so that initial original data is obtained.
More preferably, the method further comprises: when the comparison result shows that the second rearrangement sub-character string is not matched with the third rearrangement sub-character string, the verification is not passed, and the first character string is not decrypted or error information is sent to the data provider.
A second aspect of the present application provides a data transmission apparatus, comprising: a data providing terminal and a data receiving terminal; the data providing terminal includes:
a counter configured to generate a transmission time stamp for the original data;
the encryption unit is configured to add a transmission time stamp to the original data based on a convention algorithm to obtain an encrypted first character string, intercept at least two first sub-character strings from the first character string according to a preset first rule, and rearrange the intercepted first sub-character strings according to a preset second rule to obtain a first rearranged sub-character string; adding user information data to the first rearranged sub-strings to obtain second strings carrying the user information data, intercepting at least two second sub-strings from the second strings according to a preset third rule, and rearranging the intercepted second sub-strings according to a preset fourth rule to obtain second rearranged sub-strings; and
The first communication unit is configured to send the encrypted data formed by assembling the first character string and the second rearranged sub-character string according to a preset format to the data receiving terminal so that the data receiving terminal can perform data verification.
In a preferred embodiment, the first string comprises at least two parts, each separated by an 8-bit hexadecimal number FF: the first part is a 17-bit transmission time stamp, which is the current time of original data transmission, arranged in order of year (YYYY) month (MM) day (DD) time (HH) in (MM) seconds (ss) milliseconds (SSS); the second part is the length of the original data.
In a preferred embodiment, the second string comprises at least two parts, each separated by an 8-bit hexadecimal number FF: the first part is the length of the first rearranged substring and the second part is 18 bits of user information data.
In a preferred embodiment, the user information data comprises a unique identification of the user at the data provider, which may be a unique application identification, such as AppID; or the user information data includes an identification card number of the user.
Preferably, the data providing terminal receives a response of the data receiving terminal for encrypted data transmission, the response including:
And receiving error information sent by the data receiving terminal when the encrypted data is processed and checked and the check is not passed.
In a preferred embodiment, after the first substring is intercepted, the characters in the first substring are rearranged according to a preset fifth rule, and then each first substring rearranged according to the preset fifth rule is rearranged according to a preset second rule, so as to obtain a first rearranged substring.
In a preferred embodiment, after the second substring is intercepted, the characters in the second substring are rearranged according to a preset sixth rule, and then each rearranged second substring according to the preset sixth rule is rearranged according to a preset fourth rule, so as to obtain a second rearranged substring.
Preferably, the data receiving terminal of the data transmission device includes:
-a second communication unit configured to acquire data generated by assembling the first character string and the second rearranged sub-character string according to a predetermined format, which is transmitted by the data providing terminal;
the processing unit is configured to intercept at least two first sub-strings from the first strings according to a preset first rule, rearrange the intercepted first sub-strings according to a preset second rule, add user information data to the rearranged first sub-strings to obtain second strings carrying the user information data, intercept at least two second sub-strings from the second strings according to a preset third rule, and rearrange the intercepted second sub-strings according to a preset fourth rule to obtain third rearranged sub-strings;
The verification unit is configured to compare the second rearrangement sub-character string with the triple arrangement sub-character string to obtain a comparison result;
and the decryption unit is configured to decrypt the first character string based on the agreed algorithm when the verification passes, calculate the insertion position of the transmission time stamp, and reject the transmission time stamp from the first character string to obtain initial original data.
More preferably, the data transmission apparatus further includes:
and the response triggering unit is configured to not decrypt the first character string or send error information to the data providing terminal when the comparison result obtained by the checking unit indicates that the check fails.
Preferably, the first rule includes: according to a preset direction, characters with preset lengths are intercepted from the first character string according to preset positions to serve as first sub-character strings.
More preferably, the preset direction includes: the direction from the head end to the tail end of the first character string, or the direction from the tail end to the head end of the first character string, or the direction from the two ends to the middle of the first character string, or the direction from the preset position to the two ends of the first character string.
More preferably, according to a preset direction, intercepting, as a first sub-string, a character of a preset length from the first string according to a preset position, including: and calling a character string interception function according to a preset direction by taking a preset position as a parameter, and intercepting the first character strings to obtain at least two first sub-character strings.
More preferably, for example, the preset position is m bits, the preset length is n bits, and the preset direction is from the head end to the tail end, n characters are intercepted backward from the mth character of the first character string, that is, the mth bit to the (m+n-1) th bit are intercepted.
More preferably, for example, the preset position is m bits, the preset length is n bits, m is greater than or equal to n, and the preset direction is from the preset position to both ends, then starting from the mth character (without the mth character) of the first character string, n characters are intercepted for the character string before the mth character and the character string after the mth character, namely, the (m+1) th bit to the (m+n) th bit and the (m-1) th bit to the (m-n) th bit are intercepted, so that two character strings can be obtained.
In the present invention, m and n are each independently a natural number.
Preferably, the first substring may be at least 20 bytes, preferably at least 25 bytes.
Preferably, the first substring is preferably no more than 100 bytes.
Preferably, the third rule includes: and according to a preset direction, intercepting characters with preset lengths from the second character string according to a preset position to serve as second sub-character strings.
More preferably, the preset direction includes: the direction from the head end to the tail end of the second character string, or the direction from the tail end to the head end of the second character string, or the direction from the two ends to the middle of the second character string, or the direction from the preset position to the two ends of the second character string.
More preferably, according to a preset direction, intercepting, as a second sub-string, a character of a preset length from the second string according to a preset position, including: and calling a character string interception function according to a preset direction by taking the preset position as a parameter, and intercepting the second character strings to obtain at least two second sub-character strings.
Preferably, the third rule is the same as or different from the first rule.
Preferably, the second rule includes: and sequentially connecting the first substrings from front to back to generate a first rearranged substring.
For example, two first sub-strings are intercepted, namely string1 and string2, and are connected in sequence from front to back to obtain string1string2, which is the first rearranged sub-string.
Preferably, the second rule includes: and sequentially connecting the first substrings from back to front to generate a first rearranged substring.
For example, two first sub-strings are intercepted, namely string1 and string2, and are connected in sequence from back to front to obtain string2string1, which is the first rearranged sub-string.
Preferably, the second rule includes:
sequentially connecting the first substrings from front to back;
and arranging the character strings which are connected in sequence in an ascending order, wherein the letters before the numbers are behind or the numbers before the letters are behind, so as to generate a first rearranged sub-character string.
For example, two first sub-strings are intercepted, namely string1 and string2, and are connected in sequence from front to back to obtain string1string2; the character strings string1 and string2 are arranged in an ascending order, digits are arranged behind the preceding letters, and the character string 12 ggiinnrsstt is obtained after the arrangement, and is the first rearranged sub-character string.
Preferably, the second rule includes:
sequentially connecting the first substrings from front to back;
and arranging the character strings which are connected in sequence in a descending order, wherein the letters before the numbers are behind or the numbers before the letters are behind, so as to generate a first rearranged sub-character string.
For example, two first sub-strings are intercepted, namely string1 and string2, and are connected in sequence from front to back to obtain string1string2; the character strings string1 and string2 are arranged in a descending order, digits are arranged behind the preceding letters, and the character string 12 ttssrrnnigg is obtained after the arrangement, and is the first rearranged substring.
Preferably, the second rule includes:
sequentially connecting the first substrings from back to front;
and arranging the character strings which are connected in sequence in an ascending order, wherein the letters before the numbers are behind or the numbers before the letters are behind, so as to generate a first rearranged sub-character string.
Preferably, the second rule includes:
sequentially connecting the first substrings from back to front;
and arranging the character strings which are connected in sequence in a descending order, wherein the letters before the numbers are behind or the numbers before the letters are behind, so as to generate a first rearranged sub-character string.
Preferably, the fourth rule includes: and sequentially connecting the second substrings from front to back to generate a second rearranged substring.
Preferably, the fourth rule includes: and sequentially connecting the second substrings from back to front to generate a second rearranged substring.
Preferably, the fourth rule includes:
sequentially connecting the second substrings from front to back;
and arranging the character strings which are connected in sequence in an ascending order, wherein the letters before the numbers are behind or the numbers before the letters are behind, so as to generate a second rearrangement sub-character string.
Preferably, the fourth rule includes:
Sequentially connecting the second substrings from front to back;
and arranging the character strings connected in sequence in a descending order, wherein the letters before the numbers are behind or the numbers before the letters are behind, and generating a second rearrangement sub-character string.
Preferably, the fourth rule includes:
sequentially connecting the second substrings from back to front;
and arranging the character strings which are connected in sequence in an ascending order, wherein the letters before the numbers are behind or the numbers before the letters are behind, so as to generate a second rearrangement sub-character string.
Preferably, the fourth rule includes:
sequentially connecting the second substrings from back to front;
and arranging the character strings connected in sequence in a descending order, wherein the letters before the numbers are behind or the numbers before the letters are behind, and generating a second rearrangement sub-character string.
Preferably, the fourth rule is the same as or different from the second rule.
In a preferred embodiment, the fifth rule comprises:
the characters of each first substring are arranged in descending order independently with the preceding letter followed or the preceding letter followed.
In a preferred embodiment, the fifth rule comprises:
the characters of each first substring are arranged in ascending order independently with the preceding letter followed by the number or the preceding letter followed by the number.
In a preferred embodiment, the sixth rule comprises:
the characters of each second substring are arranged in descending order independently with the preceding letter followed or the preceding letter followed.
In a preferred embodiment, the sixth rule comprises:
the characters of each second substring are arranged in ascending order independently with the preceding letter followed by the number or the preceding letter followed by the number.
In a preferred embodiment, the fifth rule and the sixth rule are the same or different.
A third aspect of the present application provides a data storage medium having stored thereon computer instructions which when executed perform the steps of a data transmission control method as described above.
A fourth aspect of the present application provides a terminal comprising a memory and a processor, the memory having stored thereon computer instructions executable on the processor, the processor executing the steps of the data transmission control method as described above when the computer instructions are executed.
Compared with the prior art, the technical scheme of the invention has the following beneficial effects:
according to the data transmission control method, in the data transmission process of the data provider and the data receiver, the data content is encrypted by using the timestamp information and the user information data, the encrypted data content is intercepted and rearranged, and the data receiver is checked, so that the data is not easy to crack and forge, the data transmission control method has good safety, and for any data flow, the encrypted transmission can be rapidly carried out, the transmission safety of the user data is effectively ensured, and the risks of attack and theft of the data content by a third party are reduced.
Detailed Description
The invention provides a data transmission control method, a data transmission control device, a storage medium and a terminal, and the invention is further described in detail below by taking examples to make the purposes, technical schemes and effects of the invention clearer and more definite. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
It is to be noted that the terms "first," "second," and the like in the description and in the claims are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order, and it is to be understood that the data so used may be interchanged where appropriate. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Embodiment one:
the data transmission control method of the present embodiment includes:
at the data provider:
S01: the data provider adds a transmission time stamp to the original data based on a convention algorithm to obtain a first character string carrying the transmission time stamp;
wherein the first string comprises at least two parts, each separated by an 8-bit hexadecimal number FF: the first part is a 17-bit transmission time stamp, which is the current time of original data transmission, arranged in order of year (YYYY) month (MM) day (DD) time (HH) in (MM) seconds (ss) milliseconds (SSS); the second part is the length of the original data.
S02: according to a preset first rule, two first sub-strings are intercepted from the first string; the method comprises the following steps: starting from the 50 th character of the first string, 25 characters are intercepted backwards, namely, the 50 th bit to the 74 th bit are intercepted, and the first sub-string 1 is obtained. Starting from the 100 th character of the second string, 25 characters are intercepted backwards, and the second sub-string 2 is obtained.
If the length of the sub-string intercepted from the preset position is smaller than the remaining length of the first string in the intercepting process, the characters with the preset position as the end position of the first string and the total preset length from the beginning of the data of the first string can be formed into a first sub-string. For example, the first character string is "s5sss5555aaa6w4fwe1555alfarg21rg", and if 20 characters need to be intercepted from the 25 th character, the 25 th character is "f", 20 characters "farg21rg s5sss5555aaa" in total after the 25 th character and from the beginning of the data of the first character string are formed into one first sub-character string.
S03: rearranging the intercepted first sub-strings according to a preset second rule to obtain first rearranged sub-strings; the method comprises the following steps: string1 and string2 are connected in sequence from front to back to obtain a first rearranged substring string1string2;
s04: adding the first rearranged sub-string with the user information data to obtain a second string carrying the user information data; the user information data may include, for example, a unique identification of the user at the data provider, which may be stored in association with login information, digital resources, profile information, etc. of the user at the data provider.
Wherein the second string comprises at least two parts, each separated by an 8-bit hexadecimal number FF: the first portion is the length of the first rearranged substring and the second portion is 18 bits of user information data, which may include, for example, the user's second generation identification number.
S05: intercepting at least two second sub-strings from the second strings according to a preset third rule; the method comprises the following steps: starting from the 50 th character of the second string, 25 characters are intercepted backwards, namely, the 50 th bit to the 74 th bit are intercepted, and the second sub-string 3 is obtained. Starting from the 100 th character of the second string, 25 characters are intercepted backwards, and the second sub-string 4 is obtained. If the length of the sub-string intercepted from the preset position is smaller than the remaining length of the second string in the intercepting process, the characters with the preset position as the end position of the second string and the total preset length from the beginning of the second string data can be formed into a second sub-string.
S06: rearranging the intercepted second sub-strings according to a preset fourth rule to obtain second rearranged sub-strings; the method comprises the following steps: string3 and string4 are connected in order from front to back to obtain a second rearrangement substring string3string4;
s07: and transmitting the encrypted data formed by assembling the first character string and the second rearranged sub-character string according to a preset format to a data receiver.
At the data receiving side:
s08: receiving encrypted data sent by a data provider;
s09: according to a preset first rule, two first sub-strings string1', string2' are intercepted from the first string;
s10: rearranging the intercepted first sub-strings according to a preset second rule to obtain a string1'string2';
s11: adding user information data into the rearranged character strings string1'string2' to obtain a second character string carrying the user information data;
s12: according to a preset third rule, intercepting at least two second sub-strings string3', string4' from the second character string;
s13: rearranging the intercepted second substrings according to a preset fourth rule to obtain a third rearranged substring string3'string4';
S14: comparing the third rearranged sub-string 3'string4' with the second rearranged sub-string 3string4 to obtain a comparison result;
s15: and when the comparison result shows that the third rearranged sub-string is matched with the second rearranged sub-string, the first string is decrypted based on a convention algorithm through verification, the insertion position of the sending time stamp is calculated, and the sending time stamp is removed from the first string, so that initial original data is obtained.
In this embodiment, the data provider may be the owner of the user data, and the data receiver may be the user of the user data. For example, the data consumer may be one server and the data provider another server, both operated by different operators. As another example, the data consumer may be an application installed on the user terminal that is connected to an application server of the data consumer, and the data provider may be another server and communicate with the data consumer.
In this embodiment, the data provider encrypts the user information data with the time stamp based on the contract algorithm, extracts the substring, rearranges and encrypts the substring, and processes the substring to obtain encrypted data, thereby effectively ensuring the security of the user data. When the scheme of the embodiment of the invention is applied to third party logging, even if lawless persons intercept user data, the user data cannot be decrypted to obtain the original data of the user, and the user data cannot be tampered or imitated.
Embodiment two:
the data transmission control method of the present embodiment includes:
at the data provider:
s01: the data provider adds a transmission time stamp to the original data based on a convention algorithm to obtain a first character string carrying the transmission time stamp;
wherein the first string comprises at least two parts, each separated by an 8-bit hexadecimal number FF: the first part is a 17-bit transmission time stamp, which is the current time of original data transmission, arranged in order of year (YYYY) month (MM) day (DD) time (HH) in (MM) seconds (ss) milliseconds (SSS); the second part is the length of the original data.
S02: according to a preset first rule, two first sub-strings string1 and string2 are intercepted from the first string;
s03: rearranging the intercepted first sub-strings according to a preset second rule to obtain first rearranged sub-strings; the method comprises the following steps: string1 and string2 are connected in sequence from back to front to obtain a first rearranged substring string2string1;
s04: adding the first rearranged sub-string with the user information data to obtain a second string carrying the user information data; wherein the second string comprises at least two parts, each separated by an 8-bit hexadecimal number FF: the first portion is the length of the first rearranged substring and the second portion is 18 bits of user information data, which may include, for example, the user's second generation identification number.
S05: according to a preset third rule, two second sub-strings string3 and string4 are intercepted from the second string;
s06: rearranging the intercepted second sub-strings according to a preset fourth rule to obtain second rearranged sub-strings; the method comprises the following steps: string3 and string4 are connected in sequence from back to front to obtain a second rearrangement substring string4string3;
s07: and transmitting the encrypted data formed by assembling the first character string and the second rearranged sub-character string according to a preset format to a data receiver.
At the data receiving side:
s08: the received data provider transmits encrypted data;
s09: according to a preset first rule, two first sub-strings string1', string2' are intercepted from the first string;
s10: rearranging the intercepted first sub-strings according to a preset second rule to obtain rearranged strings string2'string1';
s11: adding user information data into the rearranged character string2'string1' to obtain a second character string carrying the user information data;
s12: according to a preset third rule, intercepting at least two second sub-strings string3', string4' from the second character string;
S13: rearranging the intercepted second substrings according to a preset fourth rule to obtain a third rearranged substring string4'string3';
s14: comparing the second rearranged sub-string 4string3 with the third rearranged sub-string 4'string3' to obtain a comparison result;
s15: and when the comparison result shows that the second rearrangement sub-string is matched with the third rearrangement sub-string, the first string is decrypted based on a convention algorithm through verification, the insertion position of the transmission time stamp is calculated, and the transmission time stamp is removed from the first string, so that initial original data is obtained.
Embodiment III:
the data transmission control method of the present embodiment includes:
at the data provider:
s01: the data provider adds a transmission time stamp to the original data based on a convention algorithm to obtain a first character string carrying the transmission time stamp;
wherein the first string comprises at least two parts, each separated by an 8-bit hexadecimal number FF: the first part is a 17-bit transmission time stamp, which is the current time of original data transmission, arranged in order of year (YYYY) month (MM) day (DD) time (HH) in (MM) seconds (ss) milliseconds (SSS); the second part is the length of the original data.
S02: according to a preset first rule, two first sub-strings string1 and string2 are intercepted from the first string;
s03: rearranging the intercepted first sub-strings according to a preset second rule to obtain first rearranged sub-strings, wherein the rearranging sub-strings specifically comprise: string1 and string2 are connected in the order from front to back to obtain character string1 and string2; the character strings string1 and string2 are arranged in an ascending order, digits are arranged behind the preceding letters, and the character string 12 ggiinnrsstt is obtained after the arrangement, and is the first rearranged sub-character string.
S04: adding the first rearranged sub-string with the user information data to obtain a second string carrying the user information data; wherein the second string comprises at least two parts, each separated by an 8-bit hexadecimal number FF: the first portion is the length of the first rearranged substring and the second portion is non-18 bits of user information data, which may include, for example, the user's second generation identification number.
S05: according to a preset third rule, two second sub-strings string3 and string4 are intercepted from the second string;
s06: rearranging the intercepted second sub-strings according to a preset fourth rule to obtain second rearranged sub-strings; the method comprises the following steps: string3 and string4 are connected in order from front to back to obtain a second rearrangement substring string3string4;
S07: and transmitting the encrypted data formed by assembling the first character string and the second rearranged sub-character string according to a preset format to a data receiver.
At the data receiving side:
s08: the received data provider transmits encrypted data;
s09: according to a preset first rule, two first sub-strings string1', string2' are intercepted from the first string;
s10: rearranging the intercepted first sub-strings according to a preset second rule to obtain rearranged strings 12 ggiinnrsstt';
s11: adding user information data to the rearranged character string 12 ggiinnrsstt' to obtain a second character string carrying the user information data;
s12: according to a preset third rule, intercepting at least two second sub-strings string3', string4' from the second character string;
s13: rearranging the intercepted second substrings according to a preset fourth rule to obtain a third rearranged substring string3'string4';
s14: comparing the second rearrangement sub-string 3string4 with the third rearrangement sub-string 3'string4' to obtain a comparison result;
s15: and when the comparison result shows that the second rearrangement sub-string is matched with the third rearrangement sub-string, the first string is decrypted based on a convention algorithm through verification, the insertion position of the transmission time stamp is calculated, and the transmission time stamp is removed from the first string, so that initial original data is obtained.
Embodiment four:
the data transmission control method of the present embodiment includes:
at the data provider:
s01: the data provider adds a transmission time stamp to the original data based on a convention algorithm to obtain a first character string carrying the transmission time stamp;
wherein the first string comprises at least two parts, each separated by an 8-bit hexadecimal number FF: the first part is a 17-bit transmission time stamp, which is the current time of original data transmission, arranged in order of year (YYYY) month (MM) day (DD) time (HH) in (MM) seconds (ss) milliseconds (SSS); the second part is the length of the original data.
S02: according to a preset first rule, two first sub-strings string1 and string2 are intercepted from the first string;
s03: according to a fifth preset rule, the first substrings are rearranged respectively and independently, specifically, the characters of the two first substrings string1 and string2 are arranged respectively and independently in descending order, and the digits are followed by the preceding letter or the digits are followed by the preceding letter, thereby obtaining string1 1 、string2 1
S04: rearranging the rearranged characters among the first sub-strings according to a preset second rule to obtain first rearranged sub-strings, wherein the rearranging sub-strings specifically comprise: string1 1 、string2 1 Connecting the strings in the order from front to back to obtain a first rearranged substring string1 1 string2 1
S05: adding the first rearranged sub-string with the user information data to obtain a second string carrying the user information data; wherein the second string comprises at least two parts, each separated by an 8-bit hexadecimal number FF: the first portion is the length of the first rearranged substring and the second portion is 18 bits of user information data, which may include, for example, the user's second generation identification number.
S06: according to a preset third rule, two second sub-strings string3 and string4 are intercepted from the second string;
s07: rearranging the second substrings independently of their respective characters according to a preset sixth rule, specifically, arranging the characters of the two second substrings string3, string4 in descending order independently of each other, and obtaining string3 with the preceding letter followed by the preceding letter or the preceding letter followed by the preceding letter 1 、string4 1
S08: rearranging the rearranged characters among the second sub-character strings according to a preset fourth rule to obtain second rearranged sub-character strings; the method comprises the following steps: string3 1 、string4 1 Connecting the strings in the order from front to back to obtain a second rearrangement string3 1 string4 1
S09: and transmitting the encrypted data formed by assembling the first character string and the second rearranged sub-character string according to a preset format to a data receiver.
At the data receiving side:
s10: the received data provider transmits encrypted data;
s11: according to a preset first rule, two first sub-strings string1', string2' are intercepted from the first string;
s12: according to a fifth preset rule, rearranging the first substrings respectively and independently, specifically, arranging the characters of the two first substrings string1', string2' respectively and independently in descending order, and obtaining string1 by leading letters to follow or leading letters to follow 1 ’、string2 1 ’;
S13: rearranging the rearranged characters among the first substrings according to a preset second rule, wherein the rearranging is specifically as follows: string1 1 ’、string2 1 ' concatenating in front-to-back order to obtain rearranged string1 1 ’string2 1 ’。
S14: string1 of rearranged character string 1 ’string2 1 ' adding user information data to obtain a second character string carrying the user information data; wherein the second string comprises at least two parts, each separated by an 8-bit hexadecimal number FF: the first portion is the length of the first rearranged substring and the second portion is 18 bits of user information data, which may include, for example, the user's second generation identification number.
S15: according to a preset third rule, two second sub-strings string3', string4' are intercepted from the second character string;
s16: rearranging the second substrings independently of their respective characters according to a preset sixth rule, specifically, arranging the characters of the two second substrings string3', string4' in descending order independently of each other, and obtaining string3 with the preceding letter followed by the number or the preceding letter followed by the number 1 ’、string4 1 ’;
S17: rearranging the rearranged characters among the second sub-strings according to a preset fourth rule to obtain a third rearranged sub-string; the method comprises the following steps: string3 1 ’、string4 1 ' concatenating in front-to-back order to obtain third re-ranking substring string3 1 ’string4 1 ’;
S18: string3 of second rearrangement substring 1 string4 1 And third rearrangement substring string3 1 ’string4 1 ' comparing to obtain a comparison result;
s19: and when the comparison result shows that the second rearrangement sub-string is matched with the third rearrangement sub-string, the first string is decrypted based on a convention algorithm through verification, the insertion position of the transmission time stamp is calculated, and the transmission time stamp is removed from the first string, so that initial original data is obtained.
Further, the embodiment of the invention also discloses a storage medium, on which computer instructions are stored, and the technical scheme of the data transmission control method described in the above embodiment is executed when the computer instructions run. Preferably, the storage medium may include a computer-readable storage medium such as a non-volatile (non-volatile) memory or a non-transitory (non-transitory) memory. The storage medium may include ROM, RAM, magnetic or optical disks, and the like.
Further, the embodiment of the invention also discloses a terminal, which comprises a memory and a processor, wherein the memory stores computer instructions capable of running on the processor, and the processor executes the technical scheme of the data transmission control method in the embodiment when running the computer instructions. Preferably, the terminal may be a User Equipment (UE).
The above description of the specific embodiments of the present invention has been given by way of example only, and the present invention is not limited to the above described specific embodiments. Any equivalent modifications and substitutions for the present invention will occur to those skilled in the art, and are also within the scope of the present invention. Accordingly, equivalent changes and modifications are intended to be included within the scope of the present invention without departing from the spirit and scope thereof.

Claims (10)

1. A data transmission control method, characterized by comprising:
the data provider adds a transmission time stamp to the original data based on a convention algorithm to obtain a first character string carrying the transmission time stamp;
intercepting at least two first sub-strings from the first strings according to a preset first rule;
after the first sub-character strings are intercepted, rearranging characters in the first sub-character strings according to a preset fifth rule, rearranging each first sub-character string rearranged according to the preset fifth rule according to a preset second rule, and obtaining a first rearranged sub-character string;
adding the first rearranged sub-string with user information data to obtain a second string carrying the user information data, wherein the user information data comprises a unique identifier of a user at a data provider or an identity card number of the user;
intercepting at least two second sub-strings from the second strings according to a preset third rule;
after intercepting the second sub-character strings, rearranging characters in the second sub-character strings according to a preset sixth rule, and rearranging each rearranged second sub-character string according to a preset fourth rule to obtain second rearranged sub-character strings;
The first character string and the second rearranged sub-character string are assembled according to a preset format to form encrypted data, and the encrypted data is sent to a data receiver;
the second rule includes: sequentially connecting the first sub-strings from front to back to generate a first rearranged sub-string; or, sequentially connecting the first substrings from back to front to generate a first rearranged substring; or sequentially connecting the first sub-strings in the sequence from front to back, arranging the character strings after being sequentially connected in an ascending order, and generating a first rearranged sub-string after the letters before or after the letters before; or sequentially connecting the first substrings in the sequence from front to back, arranging the character strings after being sequentially connected in a descending order, and generating a first rearranged substring after the letters before or after the letters before; or, sequentially connecting the first substrings from back to front, arranging the character strings after being sequentially connected in an ascending order, and generating a first rearranged substring after the letters before or after the letters before; or sequentially connecting the first substrings from back to front, arranging the character strings after being sequentially connected in a descending order, and generating a first rearranged substring after the letters before or after the letters before;
The fourth rule includes: sequentially connecting the second sub-strings from front to back to generate a second rearranged sub-string; or, sequentially connecting the second sub-strings from back to front to generate a second rearranged sub-string; or sequentially connecting the second sub-strings in the sequence from front to back, arranging the character strings after being sequentially connected in an ascending order, and generating a second rearrangement sub-string after the letters before or after the letters before; or sequentially connecting the second sub-strings in the order from front to back, arranging the character strings after being sequentially connected in a descending order, and generating a second rearrangement sub-string after the letters before or after the letters before; or, sequentially connecting the second sub-strings from back to front, arranging the character strings sequentially connected in an ascending order, and generating a second rearranged sub-string after the preceding letter or the preceding letter; or, sequentially connecting the second sub-strings from back to front, arranging the character strings after being sequentially connected in a descending order, and generating a second rearrangement sub-string after the letters before or after the letters before;
The fifth rule includes: arranging the characters of each first substring in descending order independently, wherein the letters are followed by the digits or the letters are followed by the digits; or, the characters of each first substring are respectively and independently arranged in ascending order, and the letters in front of the numbers are behind or the numbers in front of the letters are behind;
the sixth rule includes: arranging the characters of each second substring in descending order independently with the preceding letter followed by the number or the preceding letter followed by the number; or, the characters of each second substring are respectively and independently arranged in ascending order, and the letters in front of the numbers are behind or the numbers in front of the letters are behind;
wherein the first rule is the same as or different from the third rule.
2. The data transmission control method according to claim 1, characterized in that the method further comprises: receiving a response of the data receiver to the encrypted data transmission, the response comprising:
and the receiving data receiver processes and checks the encrypted data, and transmits error information when the check is not passed.
3. The data transmission control method according to claim 1, characterized in that, at the data receiving side, it comprises:
Receiving encrypted data sent by a data provider;
intercepting at least two first sub-strings from the first strings according to a preset first rule;
after the first sub-character string is intercepted, rearranging characters in the first sub-character string according to a preset fifth rule;
rearranging each first sub-character string after rearranging the characters according to a preset second rule;
adding user information data to the rearranged first sub-strings to obtain second strings carrying the user information data, wherein the user information data comprises a unique identifier of a user at a data provider or an identity card number of the user;
intercepting at least two second sub-strings from the second strings according to a preset third rule;
after intercepting the second sub-character string, rearranging characters in the second sub-character string according to a preset sixth rule;
rearranging the rearranged characters of each second sub-string according to a preset fourth rule to obtain a third rearranged sub-string;
comparing the second rearrangement sub-character string with the third rearrangement sub-character string to obtain a comparison result;
and when the comparison result shows that the second rearrangement sub-string is matched with the third rearrangement sub-string, the first string is decrypted based on a convention algorithm through verification, the insertion position of the transmission time stamp is calculated, and the transmission time stamp is removed from the first string, so that initial original data is obtained.
4. The data transmission control method according to claim 3, wherein when the comparison result indicates that the second rearrangement sub-string does not match the third rearrangement sub-string, the check is failed, the first string is not decrypted, or an error message is sent to the data provider.
5. A data transmission apparatus, comprising: a data providing terminal and a data receiving terminal; the data providing terminal includes:
a counter configured to generate a transmission time stamp for the original data;
the encryption unit is configured to add a transmission time stamp to the original data to obtain an encrypted first character string based on a convention algorithm, intercept at least two first sub-character strings from the first character string according to a preset first rule, rearrange characters in the first sub-character strings according to a preset fifth rule after intercept the first sub-character strings, and rearrange each first sub-character string rearranged according to the preset fifth rule according to a preset second rule to obtain a first rearranged sub-character string; adding user information data to the first rearranged sub-strings to obtain second strings carrying the user information data, intercepting at least two second sub-strings from the second strings according to a preset third rule, rearranging characters in the second sub-strings according to a preset sixth rule after intercepting the second sub-strings, and rearranging the second sub-strings rearranged according to the preset sixth rule according to a preset fourth rule to obtain second rearranged sub-strings; and
The first communication unit is configured to send encrypted data formed by assembling the first character string and the second rearranged sub-character string according to a preset format to the data receiving terminal so that the data receiving terminal can perform data verification;
the second rule includes: sequentially connecting the first sub-strings from front to back to generate a first rearranged sub-string; or, sequentially connecting the first substrings from back to front to generate a first rearranged substring; or sequentially connecting the first sub-strings in the sequence from front to back, arranging the character strings after being sequentially connected in an ascending order, and generating a first rearranged sub-string after the letters before or after the letters before; or sequentially connecting the first substrings in the sequence from front to back, arranging the character strings after being sequentially connected in a descending order, and generating a first rearranged substring after the letters before or after the letters before; or, sequentially connecting the first substrings from back to front, arranging the character strings after being sequentially connected in an ascending order, and generating a first rearranged substring after the letters before or after the letters before; or sequentially connecting the first substrings from back to front, arranging the character strings after being sequentially connected in a descending order, and generating a first rearranged substring after the letters before or after the letters before;
The fourth rule includes: sequentially connecting the second sub-strings from front to back to generate a second rearranged sub-string; or, sequentially connecting the second sub-strings from back to front to generate a second rearranged sub-string; or sequentially connecting the second sub-strings in the sequence from front to back, arranging the character strings after being sequentially connected in an ascending order, and generating a second rearrangement sub-string after the letters before or after the letters before; or sequentially connecting the second sub-strings in the order from front to back, arranging the character strings after being sequentially connected in a descending order, and generating a second rearrangement sub-string after the letters before or after the letters before; or, sequentially connecting the second sub-strings from back to front, arranging the character strings sequentially connected in an ascending order, and generating a second rearranged sub-string after the preceding letter or the preceding letter; or, sequentially connecting the second sub-strings from back to front, arranging the character strings after being sequentially connected in a descending order, and generating a second rearrangement sub-string after the letters before or after the letters before;
The fifth rule includes: arranging the characters of each first substring in descending order independently, wherein the letters are followed by the digits or the letters are followed by the digits; or, the characters of each first substring are respectively and independently arranged in ascending order, and the letters in front of the numbers are behind or the numbers in front of the letters are behind;
the sixth rule includes: arranging the characters of each second substring in descending order independently with the preceding letter followed by the number or the preceding letter followed by the number; or, the characters of each second substring are respectively and independently arranged in ascending order, and the letters in front of the numbers are behind or the numbers in front of the letters are behind;
wherein the first rule is the same as or different from the third rule.
6. The data transmission apparatus according to claim 5, wherein the data providing terminal receives a response from the data receiving terminal for transmission of encrypted data, the response comprising:
and receiving error information sent by the data receiving terminal when the encrypted data is processed and checked and the check is not passed.
7. The data transmission apparatus according to claim 5, wherein the data receiving terminal comprises:
A second communication unit configured to acquire data generated by assembling the first character string and the second rearranged sub-character string according to a predetermined format, the data being transmitted by the data providing terminal;
a processing unit configured to intercept at least two first sub-strings from the first strings according to a preset first rule, rearrange the characters in the intercepted first sub-strings according to a preset fifth rule, rearrange each rearranged first sub-string according to a preset second rule, add user information data to the rearranged first sub-strings to obtain second strings carrying the user information data, intercept at least two second sub-strings from the second strings according to a preset third rule, rearrange the characters in the intercepted second strings according to a preset sixth rule, rearrange each rearranged second sub-string according to a preset fourth rule to obtain third rearranged sub-strings;
the verification unit is configured to compare the second rearrangement sub-character string with the triple-rearrangement sub-character string to obtain a comparison result;
and the decryption unit is configured to decrypt the first character string based on the agreed algorithm when the verification passes, calculate the insertion position of the transmission time stamp, and reject the transmission time stamp from the first character string to obtain initial original data.
8. The data transmission apparatus according to claim 7, wherein the data transmission apparatus further comprises:
and the response triggering unit is configured to not decrypt the first character string or send error information to the data providing terminal when the comparison result obtained by the checking unit indicates that the check fails.
9. A storage medium having stored thereon computer instructions which, when run, perform the steps of the data transmission control method of any of claims 1 to 4.
10. A terminal comprising a memory and a processor, the memory having stored thereon computer instructions executable on the processor, wherein the processor, when executing the computer instructions, performs the steps of the data transmission control method of any of claims 1 to 4.
CN201911014968.9A 2019-10-24 2019-10-24 Data transmission control method and device, storage medium and terminal Active CN110881029B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911014968.9A CN110881029B (en) 2019-10-24 2019-10-24 Data transmission control method and device, storage medium and terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911014968.9A CN110881029B (en) 2019-10-24 2019-10-24 Data transmission control method and device, storage medium and terminal

Publications (2)

Publication Number Publication Date
CN110881029A CN110881029A (en) 2020-03-13
CN110881029B true CN110881029B (en) 2023-04-25

Family

ID=69728420

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911014968.9A Active CN110881029B (en) 2019-10-24 2019-10-24 Data transmission control method and device, storage medium and terminal

Country Status (1)

Country Link
CN (1) CN110881029B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112084511A (en) * 2020-08-27 2020-12-15 欧菲微电子技术有限公司 Encryption method and device of service life information, storage medium and electronic equipment

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6829602B2 (en) * 2002-12-12 2004-12-07 Microsoft Corporation System and method for using a compressed trie to estimate like predicates
CN107077541B (en) * 2014-03-24 2020-01-03 华为技术有限公司 Partial URL signature system and method applied to dynamic self-adaptive streaming media
CN105099692B (en) * 2014-05-22 2020-01-14 创新先进技术有限公司 Security verification method and device, server and terminal
CN105591737A (en) * 2016-01-27 2016-05-18 浪潮(北京)电子信息产业有限公司 Data encryption, decryption and transmission methods and systems
CN107483199A (en) * 2017-10-10 2017-12-15 重庆浩品峰电子商务有限公司 Information Authentication method and device
CN110034926B (en) * 2019-03-08 2021-11-05 平安科技(深圳)有限公司 Internet of things dynamic password generation and verification method and system and computer equipment
CN110071917B (en) * 2019-04-18 2021-06-29 中国联合网络通信集团有限公司 User password detection method, device, apparatus and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
A type of sorting based on homomorphic encryption;Xu Chen;《2013 IEEE 4th International Conference on Electronics Information and Emergency Communication》;全文 *
一种自定义顺序的字符串排序算法;张海军等;《小型微型计算机***》(第09期);全文 *

Also Published As

Publication number Publication date
CN110881029A (en) 2020-03-13

Similar Documents

Publication Publication Date Title
CN110691087B (en) Access control method, device, server and storage medium
CN109756343A (en) Authentication method, device, computer equipment and the storage medium of digital signature
CN111555872B (en) Communication data processing method, device, computer system and storage medium
CN110213195B (en) Login authentication method, server and user terminal
CN107294964B (en) Information transmission method
CN110661746B (en) Train CAN bus communication security encryption method and decryption method
CN101156347A (en) Secure encryption system, device and method
CN110061967B (en) Service data providing method, device, equipment and computer readable storage medium
CN107920052B (en) Encryption method and intelligent device
CN106789075B (en) POS digital signature anti-cutting system
CN111884811B (en) Block chain-based data evidence storing method and data evidence storing platform
CN101582896A (en) Third-party network authentication system and authentication method thereof
CN109728896A (en) A kind of incoming call certification and source tracing method and process based on block chain
CN110868400B (en) Data transmission method, device, storage medium and terminal
CN115276978A (en) Data processing method and related device
CN110881029B (en) Data transmission control method and device, storage medium and terminal
CN111262645B (en) Data transmission method, device, storage medium and terminal
CN113761578A (en) Document true checking method based on block chain
CN110830451B (en) Data transmission method, device, storage medium and terminal
CN112948896A (en) Signature information verification method and information signature method
CN110881028B (en) Data transmission control method and device, storage medium and terminal
CN111064697B (en) Data transmission method, device, storage medium and terminal
CN116488810A (en) Identity authentication method, identity authentication system, and readable storage medium
CN113965327B (en) Key grouping method and key grouping management system of hardware password equipment
CN109412799A (en) System and method for generating local key

Legal Events

Date Code Title Description
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant