CN104660641A - Data transmission method in enterprise network - Google Patents
Data transmission method in enterprise network Download PDFInfo
- Publication number
- CN104660641A CN104660641A CN201310598188.XA CN201310598188A CN104660641A CN 104660641 A CN104660641 A CN 104660641A CN 201310598188 A CN201310598188 A CN 201310598188A CN 104660641 A CN104660641 A CN 104660641A
- Authority
- CN
- China
- Prior art keywords
- data
- token
- download
- user
- exchange system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention relates to the technical field of network data transmission, in particular to a data transmission method. According to the data transmission method, a data file source is isolated from a data exchange system to ensure that the data source is not accessed by anyone other than a system administrator; a one-off downloading token is used for downloading data, so that when a user does not have a data file using right, the user cannot acquire a data file through technical means even if the user knows an identifier of the data file; during logging, a second token is acquired and is bound with terminal information, a bound terminal can use the downloading token and the second token in a non-logging state to acquire complete data file contents in a breakpoint transmission mode, and the second token is updated after each request and the downloading token is abolished after the whole data file is acquired, so that a one-off data channel is achieved, and accordingly, the safety of data transmission is ensured.
Description
Technical field
The present invention relates to network data Transfer Technology field, particularly relate to a kind of data transferring method.
Background technology
Generally all encrypting and decrypting process and network switch process is there is in network bottom layer in enterprise network in the process of transmitting network data, under this network environment, message transmission rate is unstable and often interrupt, and the internal data of enterprise network needs to limit it by the scope known usually, its fail safe must be ensured, so in enterprise network internal delivery data, must above-mentioned two problems be solved.
Existing data transmission has a variety of method, common are FTP, mailing system, share directory, site resource, the methods such as procedure site, for the demand of enterprise network internal data transmission, usually there is following problem in traditional data transferring method: a) data cube computation lacks fail safe, and the mode of website or file server directly being placed resource cannot stop the download of disabled user to receive to use; B) cannot the availability of authentication of users, if user take address then can downloading data, some are had to the data of specific granting object, its fail safe can not be guaranteed; C) the checking and rights of using complex management of data file, uses FTP mode or share directory mode, and priority assignation operation is very consuming time, is not suitable for carrying out a large amount of the type operations on the server.D) traditional procedure site output file side operator is reportedly passed does not have continuity, when enterprise network through the hardware device such as gateway and encryption equipment, network connects and often interrupts, and cannot ensure the integrality of data.E) traditional breakpoint transmission mechanism uses a disclosed URL, this URL to be known that rear non-designated reception user also can obtain data content usually, and Information Security can not be guaranteed.F) the direct delivery means based on TCP connection exploitation can ensure the safety of data through conservative control, but under the scene of institute of many factories collaborative work, there is the difficult problem of deployment.G) use the large data efficiency of SSL mode transfer very low, and the network bottom layer of enterprise network is equipped with hardware encipher equipment usually, makes necessity that SSL does not apply.H) common data transfer mode does not have enough detailed record of the audit usually, cannot obtain the transmitting state of primary data.
Summary of the invention
Object of the present invention:
The present invention proposes a kind of method that enterprise network internal data is transmitted, for realizing the safe transmission of the internal data of enterprise network, and realizing the breakpoint transmission ability of large data on this safe transmission path.
Technical scheme of the present invention:
The present invention proposes a kind of enterprise network internal data transmission method, the method comprises the following steps:
The first step, in the data exchange system in the data exchange server of enterprise network, is arranged the reception user of the data file that will transmit.
Second step, receives user by account and password logon checking, enters the data exchange system on server.
3rd step, the data file list that data exchange system can receive returns to this reception user.
4th step, the data file identifier provided in user submit data listed files is provided, data exchange system generates the download token bound with this reception subscriber identity information, and return to this reception user, regard as effectively by this download token, this download token cannot be received user by other beyond this reception user and use simultaneously.
5th step, the download token of acquisition is submitted to data exchange system by this reception user.After data exchange system receives and downloads token, the size of data threshold values according to presetting judges the data file size that will download, if data file size is less than threshold values, enters the 6th step.If data file size is greater than threshold values, flow process enters the 7th step.
6th step, keeping under the state logged in, data exchange system returns the data flow of the data file that will download to receiving user, and regards as expired by the download token of submission, if user successfully receives all parts of the data file that will download, download flow process and terminate.The all data of data file receiving and will download if user fails, then return the 4th step and again obtain token and download.
7th step, data exchange system generates the second token, and the second token, download token and end message is bound, and is returned to reception user.Enter the 8th step afterwards.
8th step, receive user after binding and can submit to data exchange system the data area downloading the data file that token, the second token, end message and this request are downloaded at any time, after receiving above-mentioned information, data exchange system returns the data block of this request to reception user, and upgrade the second token, be encapsulated into the head of the data block message returned, repeatedly repeat said process, the mode that can realize breakpoint downloads this data file.After download completes, receive user and submit to confirmation to data exchange system, data exchange system regards as expired by downloading relevant download token with this.
Threshold values described in 5th step is: according to enterprise network server and the network distance of terminal and the network transmission quality that receive user, the numerical value pre-set.Rational threshold values can ensure that the data that major part is less than threshold values can disposablely be transmitted.
Maintenance logging status described in 6th step is: receive user not out of date by the session status obtained after login authentication, and data exchange system does not put the user profile of preserving in null session state.
End message described in 7th step for: accept the NIC address of the main frame that user uses or CPU sequence number or hard disk address or mainboard numbering or IP address.
Advantage of the present invention:
1) data file source and data exchange system keep apart by the present invention, ensure that data source is not had access to by anyone outside system manager.
2) disposable download token downloading data is used can to ensure to accept user when not having data file rights of using, even if know that the identifier of data file also cannot obtain data file by technological means.
3) the second token is obtained when logging in, and by its binding terminal information, the terminal of then binding can use in non-logging status and download token and the second token with the complete content data file of breakpoint transmission pattern acquiring, and the second token is upgraded after each request, abolish after whole data file has obtained and download token, achieve the disposable of data path, thus ensure that the safety of transfer of data.
Accompanying drawing explanation
Fig. 1 is the flow chart of this method.
Embodiment:
Execution mode: by Web service mode construction data exchange system, multipad framework is used to build large data files receiving tool, receiving user uses the page to obtain data file list, and the small data file of received threshold definition, use large data files receiving tool to obtain the content of the large data files of threshold values definition, data transmission procedure is divided into following steps:
The first step, builds interactive interface in data exchange system, and for importing data film source list, and arrange the reception user of these data files, operation system is arranged by the reception user of this interface to the data file that will transmit.
Second step, receives user by account and password logon checking, enters the data exchange system on server.
3rd step, data exchange system returns to this reception user with the data file that tabular form can receive, and each of list at least comprises the title of data file and data file is the data file identifier that data file is distributed in data exchange system.
4th step, the data file identifier provided in reception user submit data listed files is to data exchange system, data exchange system is generated by current session information carries out with this reception subscriber identity information the download token bound and returns to user, regard as effectively by this download token, this download token cannot be received user by other beyond this reception user and use simultaneously.Why employing download token instead of directly usage data file identifier carry out request data stream, be because download token there is disposable feature, and data file identifier is thick-and-thin, downloads the fail safe of token higher than data file identifier.
5th step, the download token of acquisition is submitted to data exchange system by this reception user, after data exchange system receives and downloads token, according to the size downloading the data file that token is bound, and data exchange system is for the size of data threshold values set by this reception user, both are contrasted, if data file size is less than threshold values, illustrate that the unobstructed degree of the network between the terminal that reception user uses and data exchange server enough completes the transmission of whole file in once asking, then proceed to the 6th step, if data file size is greater than threshold values, illustrate that the unobstructed degree of the network between the terminal that reception user uses and data exchange server is not well positioned to meet the transmission completing whole file in once asking, then proceed to the 7th step.
6th step, data exchange system reads current session status, if session status does not interrupt, and the subscriber identity information in session status can be corresponding with download token successful, and download token did not lose efficacy, then data exchange system returns the data flow of the data file that will download to reception user, and regards as expired by the download token of submission.If again submit to this token to data exchange system after download token lost efficacy, data exchange system will return the expired information of token and not return data stream.If user successfully receives all data in the data file that will download, then download flow process and terminate.The all data of data file receiving and will download if user fails, then return the 4th step and again obtain token and download.When this step of execution, if there is the situation about receiving that fails frequently, then coupled system keeper adjusts data file size threshold values.
7th step, data exchange system reads current session status, if session status does not interrupt, and the subscriber identity information in session status can be corresponding with download token successful, and download token did not lose efficacy, then data exchange system generates the second token bound with download token, and is returned to reception user.If use hardware information to bind, then receive user after receiving the second token, submit to the hardware information of terminal to data exchange system, download token, the second token and end message are bound by data exchange system; If use the mode that the network information is bound, then IP address, the first token and the second token are just bound by the period generated at the second token.The 8th step is entered after binding.
8th step, no matter whether there is session status, receiving user uses large data files receiving tool to submit download token to data exchange system at any time, second token, the data area of the data file that end message and this request are downloaded, after receiving above-mentioned information, data exchange system is verified the information submitted to, if the download token receiving user's submission did not lose efficacy, and the second token submitted to is considered effectively or stand-by state, then return the data block of this request to reception user, upgrade the second token simultaneously, the second token submitted to is regarded as token for subsequent use, if reception user fails receive response, the second old token then still can be used to obtain new token, if receive user successfully receive response, the second new token is then used when next time asks, the second old token was lost efficacy, repeatedly repeat said process, can realize downloading this data file in breakpoint mode, and the second token in downloading process is changed at any time, cannot be stolen.After whole data file has been downloaded, receive user and submit to confirmation to data exchange system, download token regards as expired by data exchange system, and the second token bound with it is also thereupon expired.
Use the method to make use of the unpredictability of token code fully, in conjunction with dynamic disposable token code, make to receive user and can download small data file at any time, or download large data files in breakpoint mode.And ensure that the safety of downloading process.Data exchange system can by the mode of open interface, realize data file source to be managed independently by operation system, data file for the setting of reception user controlled voluntarily by operation system, thus support that multiple needs transmit the business of internal data in enterprise network.
Operate in large data files download tool in the terminal receiving user this as instrumental matter, do not need frequent upgrading, data exchange system uses the forming types of web application, can support to upgrade fast.Adopt this execution mode can adapt to the changes in demand feature faster of production line scene.
Embodiment 1:
For the project data delivery system between certain research institute and multiple manufactory, certain research institute needs design data to be delivered to multiple manufactory by enterprise network, so this research institute deploys the project data delivery system of responsible design data file distributing, and use ASP.NET application framework to construct the data exchange system of responsible data transmission according to the method in the present invention, and develop the large data files download tool that can meet embodiment step 8 in the present invention, be supplied to manufactory to use, the existing implementation process that the method is described for this scene:
The first step, in the middle of project data delivery system, the designer of design department submits design data to, and specified the manufactory needing to receive data by project data delivery system according to project demand, after completing data transmission flow, project data delivery system by the FTP address of design data and need the manufactory receiving this design data to submit to data importing that data exchange system provides with interface is set, enable it receive existence that user knows design data.And the username and password of the FTP service of data to be sent openly can be accessed to data exchange system.
Second step, is needed to receive the username and password that the data receiver person specified in the manufactory of design data uses pre-assigned reception user, is signed in the data exchange system of certain research institute by browser.
3rd step, the data exchange system of certain research institute carries out certification to the information of the data receiver person of accessing system, after verifying the correctness of its username and password, the identity information of this data receiver person is obtained from database, and write the session status that ASP.NET framework sets up automatically, from the identity information of data receiver person, obtaining the account information that it receives user, presenting to data receiver person by webpage in the form of a list by sending to the design data of this data receiver person.
4th step, data receiver person clicks " file A ", the submission event of triggering page, in the parameter first data file identifier of " file A " write submitted to, then by submission of sheet pattern, this data file identifier is sent to the background page handling procedure 1 of data exchange system.Handling procedure 1 uses GUID technology to generate and downloads token code, and this download token code, the identifier receiving user and the identifier three of data file that submits to are bound, write into Databasce, the state of putting this download token code is available, returns downloading page with this token code afterwards to the browser end of data receiver person.
5th step, performs download action in the middle of the downloading page that this data receiver person returns in data exchange system, the token code of acquisition is submitted to the background page handling procedure 2 of data exchange system with list pattern.Handling procedure 2 passes through reading database, learn the size of asked file, and learn that the file size threshold values that it obtains data file is glibly 50M according to the identity information of data receiver person, and " file A " size is 40M, then by using the position of the project data delivery system data file of FTP address, user name, password and this time request disclosed in data exchange system.This file is read in internal memory and writes in response message, " Content-Disposition " field of the HTTP stem of response message is set to " attachment; Filename=< filename > ".Send response message subsequently.And more new database, the information of the data token code of submission is changed to expired.Data receiver person can obtain the complete binary content of data file at browser end, and clicks " preservation " to receive design data file.If because of network problem, this step has failed, then data receiver person returns to the 4th step and again obtains token and the download completing " file A ".
6th step, data receiver person clicks " file B ", and other are with the 4th step.Page handling procedure 1 generates the download token code of binding " file B ", and returns downloading page.
7th step, performs download action in the middle of the downloading page that this data receiver person returns in data exchange system, the token code of acquisition is submitted to the background page handling procedure 2 of data exchange system with list pattern.Handling procedure 2 passes through reading database, learn the size of asked file, and learn that the file size threshold values that it obtains data file is glibly 50M according to the identity information of data receiver person, and the size of " file B " is 800M, then data exchange system generates the second token code bound with download token code, obtain the IP address of the terminating machine of the data receiver person obtained through NAT address transition simultaneously, and bind with download token code, and by these binding information write into Databasces, the the second all token code bound with download token code also can set up binding incidence relation with IP address thereupon.The value write response message of token code and the second token code will be downloaded; form following " DataToken:< downloads the code value > of token code; the code value > of StartToken:< second token code; the size > of DataSize:< data file in units of byte ", " Content-Disposition " field of the HTTP stem of response message is set to " attachment; Filename=rcvDefination.frcvd ".Send response message subsequently.Data receiver person can obtain a data receiver statement file at browser end, it is large data files download tool that the acquiescence that the terminal machine of data receiver person pre-sets " * .frcvd " form opens program, and data receiver person clicks " opening " and starts large data files download tool.Flow process enters the 8th step.
8th step, large data files download tool starts the file of download request, token will be downloaded, the value of the second token, the starting position of data file and data block size submit to the handling procedure 3 of data exchange system as parameter, the handling procedure 3 of data exchange system is according to the information deposited in database, to the IP address of request message, the download token submitted to and the second token judge, if meet binding information, and download token and be in the state do not lost efficacy, then continue judgement second token, if the second token status is " inefficacy ", then think that this time request is for illegal request, and by the details of request write audit log file, and return sky message, if the state of the second token is " enabling ", then in response message, writes the appropriate section of the data file specified by this request, and generate the second new token, add the content of new second token at response message head.To state be that second token of " for subsequent use " is set to " inefficacy " before, and the second old token status will be set to " for subsequent use ", and with download token and bind the second new token, the second new token status is initialized as " enabling ".If user fails receive this secondary response, the second old token is then used again to initiate request, in the middle of handling procedure 3, if the second token received, be " for subsequent use " by reading database by its state recognition, then handling procedure 3 returned content part is empty message, is second token of " enabling " at response message stem write state, makes download tool initiate request using the second new token as parameter next time.Large data files download tool, by this step of execution repeatedly, can obtain the content of complete data file.Enter the 9th step afterwards.
9th step, user, by browser logon data switching system, obtains listed files, and the state of " file B " that can find is for " in download ", click the download token that " confirmations " can abolish acquisition in the middle of the 6th step, with illegal request possible under stoping non-logging status.
Claims (4)
1. an enterprise network internal data transmission method, is characterized in that, the method comprises the following steps:
The first step, in the data exchange system in the data exchange server of enterprise network, is arranged the reception user of the data file that will transmit;
Second step, receives user by account and password logon checking, enters the data exchange system on server;
3rd step, the data file list that data exchange system can receive returns to this reception user;
4th step, the data file identifier provided in user submit data listed files is provided, data exchange system generates the download token bound with this reception subscriber identity information, and return to this reception user, regard as effectively by this download token, this download token cannot be received user by other beyond this reception user and use simultaneously;
5th step, the download token of acquisition is submitted to data exchange system by this reception user, and after data exchange system receives and downloads token, the size of data threshold values according to presetting judges the data file size that will download, if data file size is less than threshold values, enter the 6th step; If data file size is greater than threshold values, flow process enters the 7th step;
6th step, keeping under the state logged in, data exchange system returns the data flow of the data file that will download to receiving user, and regards as expired by the download token of submission, if user successfully receives all data of the data file that will download, download flow process and terminate; The all data of data file receiving and will download if user fails, then return the 4th step and again obtain token and download;
7th step, data exchange system generates the second token, and the second token, download token and end message is bound, and is returned to reception user, enters the 8th step afterwards;
8th step, receive user after binding and can submit download token to data exchange system at any time, second token, the data area of the data file that end message and this request are downloaded, after receiving above-mentioned information, data exchange system returns the data block of this request to reception user, and upgrade the second token, be encapsulated into the head of the data block message returned, repeatedly repeat said process, the mode that can realize breakpoint downloads this data file, after download completes, receiving user submits to confirmation to data exchange system, data exchange system regards as expired by downloading relevant download token with this.
2. a kind of enterprise network internal data transmission method as claimed in claim 1, it is characterized in that, the threshold values described in the 5th step is: according to enterprise network server and the network distance of terminal and the network transmission quality that receive user, the numerical value pre-set.
3. a kind of enterprise network internal data transmission method as claimed in claim 1, it is characterized in that, maintenance logging status described in 6th step is: receive user not out of date by the session status obtained after login authentication, and data exchange system does not put the user profile of preserving in null session state.
4. a kind of enterprise network internal data transmission method as claimed in claim 1, it is characterized in that, the end message described in the 7th step for: accept the NIC address of the main frame that user uses or CPU sequence number or hard disk address or mainboard numbering or IP address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310598188.XA CN104660641B (en) | 2013-11-25 | 2013-11-25 | A kind of enterprise network internal data transmission method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310598188.XA CN104660641B (en) | 2013-11-25 | 2013-11-25 | A kind of enterprise network internal data transmission method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104660641A true CN104660641A (en) | 2015-05-27 |
| CN104660641B CN104660641B (en) | 2018-05-18 |
Family
ID=53251340
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310598188.XA Active CN104660641B (en) | 2013-11-25 | 2013-11-25 | A kind of enterprise network internal data transmission method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104660641B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105592083A (en) * | 2015-12-18 | 2016-05-18 | 北京奇虎科技有限公司 | Method and device for terminal to have access to server by using token |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6643696B2 (en) * | 1997-03-21 | 2003-11-04 | Owen Davis | Method and apparatus for tracking client interaction with a network resource and creating client profiles and resource database |
| CN1845103A (en) * | 2006-04-30 | 2006-10-11 | 中国工商银行股份有限公司 | File transmission method and system |
| KR20070051156A (en) * | 2005-11-14 | 2007-05-17 | 주식회사 유베이션 | File identification system in distributed network and method thereof |
| CN101068245A (en) * | 2007-03-30 | 2007-11-07 | 腾讯科技(深圳)有限公司 | Shared file issuing and downloading method and file sharing control system |
-
2013
- 2013-11-25 CN CN201310598188.XA patent/CN104660641B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6643696B2 (en) * | 1997-03-21 | 2003-11-04 | Owen Davis | Method and apparatus for tracking client interaction with a network resource and creating client profiles and resource database |
| KR20070051156A (en) * | 2005-11-14 | 2007-05-17 | 주식회사 유베이션 | File identification system in distributed network and method thereof |
| CN1845103A (en) * | 2006-04-30 | 2006-10-11 | 中国工商银行股份有限公司 | File transmission method and system |
| CN101068245A (en) * | 2007-03-30 | 2007-11-07 | 腾讯科技(深圳)有限公司 | Shared file issuing and downloading method and file sharing control system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105592083A (en) * | 2015-12-18 | 2016-05-18 | 北京奇虎科技有限公司 | Method and device for terminal to have access to server by using token |
| CN105592083B (en) * | 2015-12-18 | 2020-06-12 | 北京奇虎科技有限公司 | Method and device for terminal to access server by using token |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104660641B (en) | 2018-05-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9766914B2 (en) | System and methods for remote maintenance in an electronic network with multiple clients | |
| CN105871838B (en) | A kind of log-in control method and customer center platform of third party's account | |
| CN104348777B (en) | The access control method and system of a kind of mobile terminal to third-party server | |
| CN102479304B (en) | Method, client and system for software access control | |
| CN113691597B (en) | Block chain contract deployment method, device, equipment and storage medium | |
| CN107122674B (en) | Access method of oracle database applied to operation and maintenance auditing system | |
| DE60221113T2 (en) | PROCESS AND SYSTEM FOR THE REMOTE AND MANAGEMENT OF PERSONNEL SECURITY DEVICES | |
| US9425956B2 (en) | Method and system for transferring firmware or software to a plurality of devices | |
| CN106209726B (en) | Mobile application single sign-on method and device | |
| CN101083659B (en) | Security policy and environment for portable equipment | |
| CN103685554A (en) | Upgrading method, device and system | |
| CN105306433B (en) | A kind of method and apparatus accessing virtual machine server | |
| CN105808990B (en) | Method and apparatus based on the control URL access of IOS system | |
| WO2020119729A1 (en) | Base station starting method and apparatus, and computer storage medium and device | |
| CN112860791A (en) | Cross-network data synchronous control system, method and storage medium | |
| US20040047347A1 (en) | Method, system and apparatus for reprogramming a digital electronic device via a computer network | |
| CN106909826B (en) | Password substitution device and system | |
| CN106357727A (en) | Method and system to upload files to multiple servers simultaneously | |
| CN102685115B (en) | Resource access method, resource management device and system | |
| CN109409109A (en) | Data processing method, device, processor and server in network service | |
| CN104660641A (en) | Data transmission method in enterprise network | |
| CN106936615A (en) | A kind of message processing method and device | |
| US7852782B2 (en) | Method of creating a split terminal between a base terminal and equipments connected in series | |
| CN102375953A (en) | Software certification method and software certification device | |
| CN110162941A (en) | A kind of terminal log-on message store method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |