CN113472722A - Data transmission method, storage medium, electronic device and automatic ticket selling and checking system - Google Patents
Data transmission method, storage medium, electronic device and automatic ticket selling and checking system Download PDFInfo
- Publication number
- CN113472722A CN113472722A CN202010245608.6A CN202010245608A CN113472722A CN 113472722 A CN113472722 A CN 113472722A CN 202010245608 A CN202010245608 A CN 202010245608A CN 113472722 A CN113472722 A CN 113472722A
- Authority
- CN
- China
- Prior art keywords
- server
- client
- data
- private key
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Abstract
The disclosure relates to a data transmission method, a storage medium, an electronic device and an automatic fare collection system. The method comprises the following steps: the method comprises the steps that after encrypted first data sent by a client side in communication connection with a server are received, a first private key is obtained, wherein a first key pair comprising the first private key and a first public key is generated and stored in advance by the server; and decrypting the encrypted first data by using a first private key to obtain first data, wherein the data sent to the server by each client communicating with the server are obtained by using the first public key for encryption. Because the first private key is only stored in the server and does not need to be transmitted through the network, the risk of leakage of the first private key is reduced, and the security of data transmission is improved. In addition, the server only needs to generate and store a pair of public and private keys, so that the keys are more convenient to manage, and great convenience is brought to later-stage upgrading and maintenance of the AFC system.
Description
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a data transmission method, a storage medium, an electronic device, and an automatic fare collection system.
Background
The AFC system is an information system which realizes the whole process of ticket selling, ticket checking, charging, counting, clearing and settlement, operation management and the like of rail transit by comprehensively applying professional knowledge such as computers, networks, statistics, auditing, finance and the like. As shown in fig. 1, the AFC system is divided into five layers from top to bottom, which are an Automatic Cleaning Center (ACC), a Line Central Computer (LCC) subsystem, a Station Computer (SC) subsystem, and a Station field device (SLE). The station computer subsystem comprises a station computer SC, a Ticket Center (TC) and a Maintenance Center (MC); the SLE mainly includes a Ticket Vending Machine (TVM), a semi-Automatic Ticket Vending Machine (BOM), and an Automatic Ticket Gate Machine (AGM).
In the AFC system, data transmission is performed between an upper layer and a lower layer by a TCP/IP long connection, the upper layer serves as a TCP Server (Server), and the lower layer serves as a TCP Client (Client). The online data transmission use scene mainly comprises a space between the LCC subsystem and the SC subsystem (including SC, TC and MC) and a space between the SC subsystem and the SLE. When the LCC subsystem and the SC subsystem perform data transmission, the LCC serves as a server to communicate with SC, TC, and MC of all subordinate stations (where the subordinate SC, TC, and MC serve as clients) to complete operation management, ticket management, equipment management, and the like of the station of the local line. And when the SC subsystem and the SLE carry out data transmission, the SC subsystem is used as a server, the SLE is used as a client, and the SC subsystem is used for monitoring the running state of the SLE, collecting and counting various operation data and the like, and uploading the operation data to the LCC.
In AFC systems, Advanced Encryption Standard (AES) and dual Encryption algorithm based on 64 printable characters to represent binary data (Base64) are generally adopted to ensure the security of data transmission between the client and the server. Because AES is a symmetric encryption algorithm, both encryption and decryption sides need to store keys and need to exchange the keys by means of a network, and the keys have a leakage risk, so that the security of data transmission cannot be guaranteed. Moreover, the AFC system usually includes hundreds of clients (e.g., SLE), and since both encryption and decryption require to store keys, the number of keys that the server needs to store is very large, and the key management cost is high.
Disclosure of Invention
In order to overcome the problems in the related art, the present disclosure provides a data transmission method, a storage medium, an electronic device, and an automatic fare collection system.
In order to achieve the above object, according to a first aspect of the embodiments of the present disclosure, there is provided a data transmission method applied to a server in an automatic fare collection system, including:
after encrypted first data sent by a client side in communication connection with the server are received, a first private key is obtained, wherein a first key pair comprising the first private key and a first public key is generated and stored in the server in advance;
and decrypting the encrypted first data by using the first private key to obtain first data, wherein the data sent to the server by each client communicating with the server are obtained by using the first public key for encryption.
Optionally, the method further comprises:
acquiring a second private key corresponding to the client;
encrypting second data by using the second private key to obtain encrypted second data;
and sending the encrypted second data to the client.
Optionally, the obtaining a second private key corresponding to the client includes:
and determining a second private key corresponding to the client according to the pre-stored corresponding relationship between the client and the private key.
Optionally, the method further comprises:
after receiving an identity authentication message sent by the client, performing identity authentication on the client, wherein the client sends the identity authentication message to the server when establishing communication connection with the server;
if the server passes the identity authentication of the client, allowing the server to establish communication connection with the client;
and if the identity authentication of the server to the client is not passed, forbidding the server to establish communication connection with the client.
Optionally, the performing identity authentication on the client includes:
acquiring a second public key corresponding to the client;
decrypting the identity authentication message by using the second public key;
if the decryption is successful, the server passes the identity authentication of the client;
and if the decryption fails, the server fails to pass the identity authentication of the client.
Optionally, the method further comprises:
and if the first private key is detected to be leaked, regenerating the first key pair and storing a new first key pair.
According to a second aspect of the embodiments of the present disclosure, there is provided a data transmission method applied to a client in an automatic fare collection system, including:
acquiring a first public key corresponding to a server in communication connection with the client;
encrypting the first data by using the first public key to obtain encrypted first data;
and sending the encrypted first data to the server.
Optionally, the method further comprises:
and after receiving the encrypted second data sent by the server, decrypting the encrypted second data by using a second private key corresponding to the client to obtain second data, wherein the second private key is generated in advance by the client through a symmetric encryption algorithm.
Optionally, the method further comprises:
and when the communication connection is established with the server, sending an identity authentication message to the server.
Optionally, before the step of sending an identity authentication message to the server, the method further comprises:
generating a second key pair, wherein the second key pair comprises a second private key and a second public key;
and encrypting preset data or random numbers by using the second private key to obtain the identity authentication message.
According to a third aspect of embodiments of the present disclosure, there is provided a computer readable storage medium, on which a computer program is stored, which when executed by a processor, performs the steps of the method provided by the first aspect of the present disclosure.
According to a fourth aspect of embodiments of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method provided by the second aspect of the present disclosure.
According to a fifth aspect of embodiments of the present disclosure, there is provided an electronic apparatus including:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to implement the steps of the method provided by the first aspect of the present disclosure.
According to a sixth aspect of embodiments of the present disclosure, there is provided an electronic apparatus including:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to implement the steps of the method provided by the first or second aspect of the disclosure.
According to a seventh aspect of embodiments of the present disclosure, there is provided an automatic fare collection system, the system including:
a line central computer subsystem comprising at least one line central computer, wherein each line central computer is connected to at least one station computer on the line to which the line central computer is connected, respectively, for performing the steps of the method provided by the first aspect of the present disclosure;
a station computer subsystem, including at least one station computer, wherein each station computer is connected to at least one station field device in the station, for the steps of the method provided in the first aspect or the second aspect of the disclosure;
at least one station field device connected with a station computer in the station for executing the steps of the method provided by the second aspect of the disclosure.
In the technical scheme, when a client sends first data to a server, the first data is encrypted by using a first public key generated by the server through an asymmetric encryption algorithm in advance, and the encrypted first data is sent to the server; the server may then decrypt the encrypted first data using a first private key corresponding to the first public key to obtain the first data. Because the first private key is only stored in the server and does not need to be transmitted through the network, the risk of leakage of the first private key is reduced, and the security of data transmission is improved. In addition, because the data sent to the server by each client communicating with the server is obtained by encrypting the data by using the first public key, the server can decrypt the data sent by each client by using the first private key, and therefore, the server only needs to generate and store a pair of public and private keys. Therefore, the management of the key is more convenient, and great convenience is brought to the later-stage upgrading and maintenance of a special network communication structure (star-shaped communication network) such as an AFC system.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure without limiting the disclosure. In the drawings:
FIG. 1 is a block diagram of the architecture of an AFC system.
Fig. 2 is a flow chart illustrating a method of data transmission according to an example embodiment.
Fig. 3 is a flow chart illustrating a method of data transmission according to another exemplary embodiment.
Fig. 4 is a flow chart illustrating a method of data transmission according to another exemplary embodiment.
Fig. 5 is a flow chart illustrating a method of data transmission according to another exemplary embodiment.
FIG. 6 is a block diagram illustrating an electronic device in accordance with an example embodiment.
FIG. 7 is a block diagram illustrating an electronic device in accordance with an example embodiment.
Detailed Description
The following detailed description of specific embodiments of the present disclosure is provided in connection with the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present disclosure, are given by way of illustration and explanation only, not limitation.
Fig. 2 is a flow chart illustrating a method of data transmission according to an example embodiment. The method can be applied to a server in an AFC system, where the server can be any line central computer LCC in a line central computer subsystem (where the corresponding client can be each station computer SC on a line to which the line central computer LCC belongs and having a communication connection with the line central computer LCC), and can also be any station computer SC in a station computer subsystem (where the corresponding client is each station field device SLE in a station to which the station computer SC belongs and having a communication connection with the station computer SC).
As shown in fig. 2, the data transmission method applied to the server in the AFC system described above may include the following steps 201 and 202.
In step 201, after receiving encrypted first data sent by a client communicatively connected to a server, a first private key is obtained.
In the present disclosure, the server may generate and store a first key pair including a first private key and a first public key in advance, where the server may generate the first key pair through an asymmetric encryption algorithm such as an RSA encryption algorithm (RSA algorithm) or an elliptic encryption algorithm. In general, the server only needs to generate the first key pair once, and only needs to generate the first key pair again when the first key is leaked. And, a storage module may be disposed on the server for storing the first key pair.
The data sent to the server by each client communicating with the server is obtained by utilizing the first public key for encryption. Therefore, when a client in communication connection with the server needs to send data to the server, the client may first obtain the first public key by accessing a public database (storing the first public key of the server) or communicating with the server, then encrypt the first data by using the first public key, and send the encrypted first data to the server.
And after receiving the encrypted first data, the server acquires a first private key by accessing the storage module.
In step 202, the encrypted first data is decrypted by using the first private key to obtain the first data.
In the technical scheme, when a client sends first data to a server, the first data is encrypted by using a first public key generated by the server through an asymmetric encryption algorithm in advance, and the encrypted first data is sent to the server; the server may then decrypt the encrypted first data using a first private key corresponding to the first public key to obtain the first data. Because the first private key is only stored in the server and does not need to be transmitted through the network, the risk of leakage of the first private key is reduced, and the security of data transmission is improved. In addition, because the data sent to the server by each client communicating with the server is obtained by encrypting the data by using the first public key, the server can decrypt the data sent by each client by using the first private key, and therefore, the server only needs to generate and store a pair of public and private keys. Therefore, the management of the key is more convenient, and great convenience is brought to the later-stage upgrading and maintenance of a special network communication structure (star-shaped communication network) such as an AFC system.
In the present disclosure, when the server sends data to the client, data transmission may be performed in a symmetric encryption manner. Specifically, this can be realized by steps 301 to 303 shown in fig. 3.
In step 301, a second private key corresponding to the client is obtained.
In the disclosure, the second private key is generated in advance by the client through a symmetric Encryption algorithm (e.g., Data Encryption Standard (DES), Advanced Encryption Standard (AES), etc.). In general, the client only needs to generate the second private key once, and only when the second private key is leaked, the second private key needs to be generated again.
In one embodiment, the server may obtain the second private key by communicating with the client.
In another embodiment, the server may determine the second private key corresponding to the client according to a pre-stored correspondence between the client and the private key.
After generating the second private key, each client communicating with the server sends the second private key to the server, and the server receives each second private key and establishes a corresponding relationship between the client and the private key (for example, storing the second private key in a table form, as shown in table 1 below). Therefore, the server can obtain the private key (namely the second private key) corresponding to the corresponding client by inquiring the corresponding relation table, and the method is convenient and quick.
Table 1 correspondence table between client and private key
| Client terminal | Private key |
| Client 1 | Private key 1 |
| Client 2 | Private key 2 |
| …… | …… |
| Client n | Private key n |
In step 302, the second data is encrypted by using a second private key, so as to obtain encrypted second data.
In step 303, the encrypted second data is sent to the client.
And after receiving the encrypted second data sent by the server, the client decrypts the encrypted second data by using a second private key corresponding to the client to obtain the second data. The client can be provided with a storage module for storing the second private key, so that the client can obtain the second private key by accessing the module.
Therefore, the server and the client can achieve the bidirectional communication capability through the comprehensive use of the asymmetric encryption technology and the symmetric encryption technology. The server manages the first private key and the keys of the clients, and even if the key of one client is leaked, the client only needs to regenerate and send the key to the server. Therefore, the key management can be more convenient and reasonable.
In addition, in order to further ensure the security of data transmission between the server and the client, as shown in fig. 4, the method may further include the following steps 203 to 205.
In step 203, after receiving the identity authentication message sent by the client, the identity authentication is performed on the client.
In the present disclosure, the client may send an identity authentication message to the server when establishing a communication connection with the server. The identity authentication message may include an identity (e.g., an IP address, an ID, etc.) of the client or asymmetrically encrypted data. Specifically, the client may first generate a second key pair, where the second key pair includes a second private key and a second public key; then, the preset data (e.g., "HOW ARE YOU, AFC") or the random number is encrypted by using the second private key, resulting in an authentication message (i.e., asymmetrically encrypted data).
And after receiving the identity authentication message, the server authenticates the identity of the client. When the identity authentication message comprises the identity of the client, the server queries whether the locally stored list of the registered clients (comprising the identity of each registered client) contains the identity of the client, so that the identity authentication of the client can be realized. Specifically, if the locally stored list of registered clients includes the identity of the client, the server passes the identity authentication of the client; and if the locally stored registered client list does not contain the identity of the client, the server does not pass the identity authentication of the client.
When the identity authentication message comprises the data after asymmetric encryption, the server can acquire a second public key corresponding to the client by accessing a public database (storing the second public key of the client) or communicating with the client; then, the second public key is used for decrypting the identity authentication message; and if the decryption is successful, the server passes the identity authentication of the client. And if the decryption fails, the server fails to pass the identity authentication of the client. The principle of the identity authentication mode is as follows: the second public key and the second private key are paired, the second public key of the client can only be used for decrypting the information encrypted by the client through the second private key, and the second private key is only stored in the client and is not transmitted through a network, namely the risk of leakage of the second private key is very low. In this way, the server decrypts the identity authentication message by using the second public key corresponding to the client, and if the decryption is successful, the sender of the identity authentication message is determined to be the client, that is, the server passes the identity authentication of the client; if the decryption fails, the sender of the identity authentication message is determined not to be the client, that is, the server does not pass the identity authentication of the client.
In step 204, if the server passes the identity authentication of the client, the server is allowed to establish a communication connection with the client.
In step 205, if the identity authentication of the client by the server fails, the server is prohibited from establishing a communication connection with the client.
Optionally, in order to avoid a problem that security of data transmission cannot be guaranteed due to leakage of the first private key, the method further includes the following steps:
and if the first private key is detected to be leaked, regenerating the first key pair and storing a new first key pair.
Fig. 5 is a flow chart illustrating a method of data transmission according to an example embodiment. The method can be applied to a client in an AFC system, wherein the client can be any station computer SC in a station computer subsystem (wherein the corresponding server is a line central computer LCC of a line to which the station computer SC belongs), and can also be any station field device SLE (wherein the corresponding server is a station computer SC of a station to which the station field device SLE belongs).
As shown in fig. 5, the data transmission method applied to the client in the AFC system may include the following steps 501 to 503.
In step 501, a first public key corresponding to a server to which a client is communicatively connected is obtained.
In step 502, the first data is encrypted by using the first public key to obtain encrypted first data.
In step 503, the encrypted first data is sent to the server.
Optionally, the method may further include: and after receiving the encrypted second data sent by the server, decrypting the encrypted second data by using a second private key corresponding to the client to obtain the second data, wherein the second private key is generated in advance by the client through a symmetric encryption algorithm.
Optionally, the method may further include: and when the communication connection is established with the server, sending an identity authentication message to the server.
Optionally, before the step of sending the identity authentication message to the server, the method further comprises: generating a second key pair, wherein the second key pair comprises a second private key and a second public key; and encrypting preset data or random numbers by using the second private key to obtain the identity authentication message.
With regard to the method in the above-described client-side embodiment, the specific manner in which each step performs operations has been described in detail in the embodiment of the server-side method, and will not be elaborated here.
The present disclosure also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the server-side data transmission method provided by the present disclosure.
The present disclosure also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the client-side data transmission method provided by the present disclosure.
The present disclosure also provides an automatic fare collection system, the system comprising: the line central computer subsystem comprises at least one line central computer, wherein each line central computer is respectively connected with at least one station computer on the line to which the line central computer belongs and is used for executing the steps of the data transmission method on the server side; the station computer subsystem comprises at least one station computer, wherein each station computer is respectively connected with at least one station field device in the station and is used for executing the steps of a data transmission method on the server side or the steps of a data transmission method on the client side; at least one station field device, which is connected to the station computer in the station and is used to execute the steps of the client-side data transmission method.
Fig. 6 is a block diagram illustrating an electronic device 600 according to an example embodiment. As shown in fig. 6, the electronic device 600 may include: a processor 601 and a memory 602. The electronic device 600 may also include one or more of a multimedia component 603, an input/output (I/O) interface 604, and a communications component 605.
The processor 601 is configured to control the overall operation of the electronic device 600, so as to complete all or part of the steps in the above-mentioned data transmission method on the client side. The memory 602 is used to store various types of data to support operation at the electronic device 600, such as instructions for any application or method operating on the electronic device 600 and application-related data, such as contact data, transmitted and received messages, pictures, audio, video, and so forth. The Memory 602 may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM), Read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk or optical disk. The multimedia components 603 may include a screen and audio components. Wherein the screen may be, for example, a touch screen and the audio component is used for outputting and/or inputting audio signals. For example, the audio component may include a microphone for receiving external audio signals. The received audio signal may further be stored in the memory 602 or transmitted through the communication component 605. The audio assembly also includes at least one speaker for outputting audio signals. The I/O interface 604 provides an interface between the processor 601 and other interface modules, such as a keyboard, mouse, buttons, etc. These buttons may be virtual buttons or physical buttons. The communication component 605 is used for wired or wireless communication between the electronic device 600 and other devices. Wireless Communication, such as Wi-Fi, bluetooth, Near Field Communication (NFC), 2G, 3G, 4G, NB-IOT, eMTC, or other 5G, etc., or a combination of one or more of them, which is not limited herein. The corresponding communication component 605 may therefore include: Wi-Fi module, Bluetooth module, NFC module, etc.
In an exemplary embodiment, the electronic Device 600 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic components for performing the above-mentioned client-side data transmission method.
In another exemplary embodiment, a computer readable storage medium comprising program instructions is also provided, which when executed by a processor, implement the steps of the above-described client-side data transmission method. For example, the computer readable storage medium may be the memory 602 described above comprising program instructions executable by the processor 601 of the electronic device 600 to perform the client-side data transfer method described above.
Fig. 7 is a block diagram illustrating an electronic device 700 in accordance with an example embodiment. For example, the electronic device 700 may be provided as a server. Referring to fig. 7, an electronic device 700 includes a processor 722, which may be one or more in number, and a memory 732 for storing computer programs that are executable by the processor 722. The computer programs stored in memory 732 may include one or more modules that each correspond to a set of instructions. Further, the processor 722 may be configured to execute the computer program to perform the above-described server-side data transmission method.
Additionally, the electronic device 700 may also include a power component 726 that may be configured to perform power management of the electronic device 700 and a communication component 750 that may be configured to enable communication, e.g., wired or wireless communication, of the electronic device 700. The electronic device 700 may also include input/output (I/O) interfaces 758. The electronic device 700 may operate based on an operating system stored in memory 732, such as Windows Server, Mac OS XTM, UnixTM, Linux, and the like.
In another exemplary embodiment, a computer readable storage medium is also provided, which comprises program instructions, which when executed by a processor, implement the steps of the above-described server-side data transmission method. For example, the computer readable storage medium may be the memory 732 described above including program instructions that are executable by the processor 722 of the electronic device 700 to perform the data transmission method described above on the server side.
In another exemplary embodiment, a computer program product is also provided, which contains a computer program executable by a programmable apparatus, the computer program having code portions for performing the above-mentioned server-side data transmission method when executed by the programmable apparatus.
The preferred embodiments of the present disclosure are described in detail with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure.
It should be noted that the various features described in the above embodiments may be combined in any suitable manner without departing from the scope of the invention. In order to avoid unnecessary repetition, various possible combinations will not be separately described in this disclosure.
In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure, as long as it does not depart from the spirit of the present disclosure.
Claims (15)
1. A data transmission method is applied to a server in an automatic fare collection system, and is characterized by comprising the following steps:
after encrypted first data sent by a client side in communication connection with the server are received, a first private key is obtained, wherein a first key pair comprising the first private key and a first public key is generated and stored in the server in advance;
and decrypting the encrypted first data by using the first private key to obtain first data, wherein the data sent to the server by each client communicating with the server are obtained by using the first public key for encryption.
2. The method of claim 1, further comprising:
acquiring a second private key corresponding to the client;
encrypting second data by using the second private key to obtain encrypted second data;
and sending the encrypted second data to the client.
3. The method of claim 2, wherein the obtaining a second private key corresponding to the client comprises:
and determining a second private key corresponding to the client according to the pre-stored corresponding relationship between the client and the private key.
4. The method according to any one of claims 1-3, further comprising:
after receiving an identity authentication message sent by the client, performing identity authentication on the client, wherein the client sends the identity authentication message to the server when establishing communication connection with the server;
if the server passes the identity authentication of the client, allowing the server to establish communication connection with the client;
and if the identity authentication of the server to the client is not passed, forbidding the server to establish communication connection with the client.
5. The method of claim 4, wherein the authenticating the client comprises:
acquiring a second public key corresponding to the client;
decrypting the identity authentication message by using the second public key;
if the decryption is successful, the server passes the identity authentication of the client;
and if the decryption fails, the server fails to pass the identity authentication of the client.
6. The method according to any one of claims 1-3, further comprising:
and if the first private key is detected to be leaked, regenerating the first key pair and storing a new first key pair.
7. A data transmission method is applied to a client in an automatic fare collection system, and is characterized by comprising the following steps:
acquiring a first public key corresponding to a server in communication connection with the client;
encrypting the first data by using the first public key to obtain encrypted first data;
and sending the encrypted first data to the server.
8. The method of claim 7, further comprising:
and after receiving the encrypted second data sent by the server, decrypting the encrypted second data by using a second private key corresponding to the client to obtain second data, wherein the second private key is generated in advance by the client through a symmetric encryption algorithm.
9. The method according to claim 7 or 8, characterized in that the method further comprises:
and when the communication connection is established with the server, sending an identity authentication message to the server.
10. The method of claim 9, wherein prior to the step of sending an authentication message to the server, the method further comprises:
generating a second key pair, wherein the second key pair comprises a second private key and a second public key;
and encrypting preset data or random numbers by using the second private key to obtain the identity authentication message.
11. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 6.
12. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 7 to 10.
13. An electronic device, comprising:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to carry out the steps of the method of any one of claims 1 to 6.
14. An electronic device, comprising:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to carry out the steps of the method of any one of claims 7 to 10.
15. An automated fare collection system, characterized in that the system comprises:
a line central computer subsystem comprising at least one line central computer, wherein each line central computer is connected with at least one station computer on the line, and is used for executing the steps of the method of any one of claims 1-6;
a station computer subsystem comprising at least one station computer, wherein each station computer is respectively connected with at least one station field device in the station and is used for executing the steps of the method of any one of claims 1 to 10;
at least one station site device, connected to a station computer in the station, for carrying out the steps of the method according to any one of claims 7 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010245608.6A CN113472722A (en) | 2020-03-31 | 2020-03-31 | Data transmission method, storage medium, electronic device and automatic ticket selling and checking system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010245608.6A CN113472722A (en) | 2020-03-31 | 2020-03-31 | Data transmission method, storage medium, electronic device and automatic ticket selling and checking system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113472722A true CN113472722A (en) | 2021-10-01 |
Family
ID=77865526
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010245608.6A Pending CN113472722A (en) | 2020-03-31 | 2020-03-31 | Data transmission method, storage medium, electronic device and automatic ticket selling and checking system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113472722A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116260653A (en) * | 2023-03-20 | 2023-06-13 | 浪潮智慧科技有限公司 | Data transmission method, device and medium |
| CN117527419A (en) * | 2023-12-06 | 2024-02-06 | 北京东方通科技股份有限公司 | Safety transmission method for identification data |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102685739A (en) * | 2011-12-08 | 2012-09-19 | 北京高森明晨信息科技有限公司 | Authentication method and system for Android enterprise applications |
| CN102833246A (en) * | 2012-08-24 | 2012-12-19 | 南京大学 | Social video information security method and system |
| CN103607417A (en) * | 2012-12-03 | 2014-02-26 | 深圳市证通电子股份有限公司 | Network server supporting SSL protocol |
| US8719952B1 (en) * | 2011-03-25 | 2014-05-06 | Secsign Technologies Inc. | Systems and methods using passwords for secure storage of private keys on mobile devices |
| CN104219041A (en) * | 2014-09-23 | 2014-12-17 | 中国南方电网有限责任公司 | Data transmission encryption method applicable for mobile internet |
| CN105939343A (en) * | 2016-04-14 | 2016-09-14 | 江苏马上游科技股份有限公司 | Client and server bidirectional authentication method based on information secondary coding |
| CN109257387A (en) * | 2018-11-20 | 2019-01-22 | 郑州云海信息技术有限公司 | Method and apparatus for disconnection reconnecting |
| CN109450615A (en) * | 2018-11-16 | 2019-03-08 | 重庆邮电大学 | A kind of efficient OPC UA client and server data transfer encryption method |
-
2020
- 2020-03-31 CN CN202010245608.6A patent/CN113472722A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8719952B1 (en) * | 2011-03-25 | 2014-05-06 | Secsign Technologies Inc. | Systems and methods using passwords for secure storage of private keys on mobile devices |
| CN102685739A (en) * | 2011-12-08 | 2012-09-19 | 北京高森明晨信息科技有限公司 | Authentication method and system for Android enterprise applications |
| CN102833246A (en) * | 2012-08-24 | 2012-12-19 | 南京大学 | Social video information security method and system |
| CN103607417A (en) * | 2012-12-03 | 2014-02-26 | 深圳市证通电子股份有限公司 | Network server supporting SSL protocol |
| CN104219041A (en) * | 2014-09-23 | 2014-12-17 | 中国南方电网有限责任公司 | Data transmission encryption method applicable for mobile internet |
| CN105939343A (en) * | 2016-04-14 | 2016-09-14 | 江苏马上游科技股份有限公司 | Client and server bidirectional authentication method based on information secondary coding |
| CN109450615A (en) * | 2018-11-16 | 2019-03-08 | 重庆邮电大学 | A kind of efficient OPC UA client and server data transfer encryption method |
| CN109257387A (en) * | 2018-11-20 | 2019-01-22 | 郑州云海信息技术有限公司 | Method and apparatus for disconnection reconnecting |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116260653A (en) * | 2023-03-20 | 2023-06-13 | 浪潮智慧科技有限公司 | Data transmission method, device and medium |
| CN116260653B (en) * | 2023-03-20 | 2023-10-13 | 浪潮智慧科技有限公司 | Data transmission method, device and medium |
| CN117527419A (en) * | 2023-12-06 | 2024-02-06 | 北京东方通科技股份有限公司 | Safety transmission method for identification data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107465689B (en) | Key management system and method of virtual trusted platform module in cloud environment | |
| KR101508360B1 (en) | Apparatus and method for transmitting data, and recording medium storing program for executing method of the same in computer | |
| CN111435913B (en) | Identity authentication method and device for terminal of Internet of things and storage medium | |
| US9608971B2 (en) | Method and apparatus for using a bootstrapping protocol to secure communication between a terminal and cooperating servers | |
| CN112632521B (en) | Request response method and device, electronic equipment and storage medium | |
| CN110932850B (en) | Communication encryption method and system | |
| CN107920081A (en) | Login authentication method and device | |
| CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
| CN112766962A (en) | Method for receiving and sending certificate, transaction system, storage medium and electronic device | |
| CN110708291B (en) | Data authorization access method, device, medium and electronic equipment in distributed network | |
| CN109729000B (en) | Instant messaging method and device | |
| CN106465107A (en) | Authorization method and apparatus for management of embedded universal integrated circuit card | |
| CN107040501B (en) | Authentication method and device based on platform as a service | |
| CN114286416A (en) | Communication control method and device, electronic device and storage medium | |
| CN113472722A (en) | Data transmission method, storage medium, electronic device and automatic ticket selling and checking system | |
| CN111654503A (en) | Remote control method, device, equipment and storage medium | |
| CN111865897A (en) | Cloud service management method and device | |
| CN113613227B (en) | Data transmission method and device of Bluetooth equipment, storage medium and electronic device | |
| CN103152326A (en) | Distributed authentication method and authentication system | |
| CN114139176A (en) | Industrial internet core data protection method and system based on state secret | |
| CN112053477A (en) | Control system, method and device of intelligent door lock and readable storage medium | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| CN106972928B (en) | Bastion machine private key management method, device and system | |
| NL2027091B1 (en) | Orchestrated quantum key distribution | |
| CN112039921B (en) | Verification method for parking access, parking user terminal and node server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |