CN102916963B - Safe data exchange method, device, nodes and safe data exchange system - Google Patents
Safe data exchange method, device, nodes and safe data exchange system Download PDFInfo
- Publication number
- CN102916963B CN102916963B CN201210417301.5A CN201210417301A CN102916963B CN 102916963 B CN102916963 B CN 102916963B CN 201210417301 A CN201210417301 A CN 201210417301A CN 102916963 B CN102916963 B CN 102916963B
- Authority
- CN
- China
- Prior art keywords
- node
- data
- transmission
- security
- exchanged
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a safe data exchange method and a corresponding device. In data exchange, after being authenticated in terms of integrality and safety, a sending slave node and a receiving slave node in a safe data exchange system establish a special safe exchange progress with a host node; the host node extracts filtered and encrypted data to be exchanged from the sending slave node and transmits the data to be exchanged to the receiving slave node; and the data to be exchanged is decrypted by the receiving slave node. In the process, as the sending slave node and the receiving slave node are authenticated in terms of integrality and safety, and the data to be sent is filtered and encrypted, the safety and reliability of the data exchange process are enhanced, the safe data exchange is realized, the limitation of information isolated island is broken, and the exchange and sharing of information resources are promoted.
Description
Technical field
The invention belongs to computer security technique field, particularly relate to a kind of data security switching method, device, node and system.
Background technology
Started from 1999, the Internet starts to popularize in China, and the informatization of current China obtains huge development.Along with the development of the Internet, interconnecting of the Internet is more and more extensive with information sharing, for masses bring great convenience.But, some website, as the website etc. of government, military sectors and enterprises and institutions, for the consideration of fail safe, be usually set to Intranet, although wherein have accumulated a large amount of information, but due to the restriction of intranet and extranet, cannot realize information sharing, data that are independent in this kind of website, dispersion can form one by one " information island ", " data silo ", have a strong impact on further developing of its informatization, also bring inconvenience for carrying out of information work.Therefore, how to remove the isolation of intranet and extranet, safety the exchange realizing data syn-chronization, information resources between each information system and share, eliminate information island, be a major issue urgently to be resolved hurrily in China's internet system.
In prior art, the method for interchanging data realized under isolation environment mainly contains following four kinds:
One, will the data carving exchanged be needed to become CD, then directly CD access Intranet or outer net computer copy information, complete information exchange.Whole for information imprinting must be become CD by this method, convenient not, simultaneously because data can retain in an optical disc, so after partial data exchange, need to destroy the safety that CD carrys out guarantee information, operation inconvenience, therefore, occurred that second method is to realize the secure exchange of data.
Two, by mobile storage medium, as USB flash memory driver (USB flash disk, USB flash disk) direct copying information on internal, external network main frame.This Measures compare is convenient, but easily causes virus or wooden horse direct steal information on internal, external network main frame.Further, if Intranet computer infected wooden horse, probably make all computers of Intranet also to infect corresponding wooden horse, all sensitive information of such Intranet is all faced with the risk of leakage.
Three, use special computer as data exchange node, use the USB flash disk of Intranet and the USB flash disk of outer net to be connected described switching node computer respectively, and still keep away the attack of the viruses such as unavoidable ferry-boat wooden horse like this, poor stability.
Four, in view of the poor stability of the second and the third method, therefore there is again a kind of method relying on Mobile storage secure data-exchange intermediate computer to carry out data security exchange now, Mobile storage secure data-exchange intermediate computer, it is special mobile storage medium switch, connected by the computer of internal, external network, the immediate data of segregate internal network and external network exchanges physically.The method use special switching equipment, improve exchange efficiency to a certain extent, but, use this kind of method, every two internal, external network computers be connected all need machine in the middle of configuration mobile storage, and cost is large, cost is high, is not suitable for comprehensive popularization.
Given this, how application solutions exchanges data, becomes problem demanding prompt solution.
Summary of the invention
In view of this, the object of the present invention is to provide a kind of data security switching method, device, node and system, to solve, the prior art fail safe existing when carrying out exchanges data is low, cost is high, efficiency is low, is not suitable for the problem popularized in an all-round way.
The invention discloses a kind of data security switching method, comprising:
Corresponding configuration file is generated according to the configuration information received, described configuration file at least comprises: current exchangeable object, switching task, list of exchange and the security strategy configuration file needing the transmission of swap data to form from node and reception from node, described transmission from node and receive from node be from advance through examination & verification after be stored in host node choose from node set from node, described list of exchange comprise send catalogue and receive catalogue, and described configuration file is transferred to current need the transmission of swap data from node and receive from node;
According to the integrity verification information obtained from node with reception from the described transmission after initialization from node, from node, integrity verification is carried out from node and reception to described transmission, to carry out security verification from node to self from node and reception by the transmission of integrity verification, and after security verification terminates, produce and prove solicited message;
Receive described transmission from node and receive after the described proof solicited message of node-node transmission, to described transmission from node and receive carry out security verification from node;
After described security verification, respectively with described transmission from node with receive and set up Special safety from node and exchange process, extract described transmission from node to exchange process by described Special safety, the sensitive word to be filtered provided according to described security strategy configuration file and password carry out filtering, data to be exchanged after encryption;
From node, extract the data to be exchanged after described filtration, encryption from described transmission, described data to be exchanged is verified, and by described Special safety exchange process, the data to be exchanged after described checking is pushed to described reception from node.
Preferably, described host node from described initialized transmission from node with receive the integrity verification information that obtains from node and comprise the dynamic marks Dla that the Special safety transmitted with the described secure exchange card be connected from node exchanges the letter of identity CAn of process, Special safety exchanges process integrity flag Sla and Special safety exchange process.
Preferably, the method that described transmission carries out security verification from node and reception from node is specifically comprised:
After receiving described proof solicited message, produce server identification and a random number, and described server identification and random number transferred to described transmission and receive from node, so that the private key that described transmission exchanges process identity certificate CAn from node and reception from the Special safety that node calls described secure exchange card is signed to described server identification, random number and dynamic marks Dla;
Check the described random number after signature, and verify the legitimacy of described dynamic marks Dla, if be proved to be successful, be then the lawful authority of the follow-up access of private exchange course allocation according to described dynamic marks Dla, set up described host node with transmission from node, receive and be connected from internodal secure exchange process; If authentication failed, then produce and exchange rale violation warnings, terminate this exchanges data process.
In addition, the invention also discloses a kind of data security switching method, comprising:
Receive the configuration file of host node transmission, described configuration file at least comprises exchangeable object, switching task, list of exchange and security strategy configuration file;
By integrity verification information transmission to described host node, so that described host node carries out integrity verification;
After the integrity verification of host node, after receiving the request of startup switching task, security verification is carried out to self, and after passing through described security verification, the request of proof is sent to described host node, so that described host node carries out security verification, and after the security verification passing through described host node, set up Special safety with described host node and exchange process;
According to the switching task configuration file determination data to be exchanged in described configuration file, and described data to be exchanged is converted into transmission from the form needed for node;
According to the sensitive word to be filtered provided in described security strategy configuration file and password, after described data to be exchanged filtration, encryption, exchange process transmission to described host node by described Special safety.
Preferably, the method for self carrying out security verification is specifically comprised:
After receiving the request of startup of server switching task, process program is exchanged to current Special safety and measures;
Calculate the cryptographic Hash that described Special safety exchanges process, and the integrity flag that described cryptographic Hash and the Special safety in secure exchange card exchange process is mated, if the match is successful, then send to host node the request of proof, to make host node, security verification is carried out to it, if it fails to match, then interrupt this exchanges data process.
Preferably, the method for filter described data to be exchanged, encrypting specifically comprises:
Sensitive word to be filtered according to obtaining from described security strategy configuration file filters described data to be exchanged, and judges that whether filter result is correct, if correctly, then performs next step, if incorrect, then terminates this exchange process;
According to the password obtained from described security strategy configuration file, encapsulation encryption is carried out, to form message send queue to the data to be exchanged completing filtration.
In addition, the invention also discloses a kind of data security switching method, comprising:
Receive the configuration file of host node transmission, described configuration file at least comprises exchangeable object, switching task, list of exchange and security strategy configuration file;
By integrity verification information transmission to described host node, so that described host node carries out integrity verification;
After the integrity verification of host node, after receiving the request of startup switching task, security verification is carried out to self, and after passing through described security verification, the request of proof is sent to described host node, so that described host node carries out security verification, and after the security verification passing through described host node, set up Special safety with described host node and exchange process;
Extracted the data to be exchanged in described host node by described Special safety exchange process, according to the password obtained from described security strategy configuration file, described data to be exchanged is decrypted;
Described data to be exchanged is converted into and receives from the form needed for node and store.
Accordingly, the invention discloses a kind of data security switch, comprising:
Administration module, for generating corresponding configuration file according to the configuration information received, described configuration file at least comprises: the current exchangeable object needing the transmission of swap data to form from node and reception from node, switching task, list of exchange and security strategy configuration file, described transmission from node and receive from node be from advance through examination & verification after be stored in host node choose from node set from node, described list of exchange comprises transmission catalogue and receives catalogue, and described configuration file is transferred to current need the transmission of swap data from node and receive from node,
Integrity verification module, for according to the integrity verification information obtained from node with reception from the described transmission after initialization from node, carries out integrity verification to described from node;
Security verification module, for receive described transmission from node and receive after the proof solicited message of node-node transmission, to described transmission from node and receive carry out security verification from node;
Special safety exchanges process and sets up module, after passing through described security verification, respectively with described transmission from node with receive and set up Special safety from node and exchange process, described transmission is extracted from node, the data to be exchanged after the sensitive word to be filtered provided according to described security strategy configuration file and password are encrypted to exchange process by described Special safety;
Host node data forwarding module, for extracting described data to be exchanged after filtering, encrypting from node from described transmission, data to be exchanged after described encryption is verified, and by described Special safety exchange process, the data to be exchanged after described checking is pushed to described reception from node.
Preferably, described security verification module comprises:
Feedback unit, for after receiving described proof solicited message, produce server identification and a random number, and described server identification and random number transferred to described transmission and receive from node, so that the private key that described transmission exchanges process identity certificate CAn from node and reception from the Special safety that node calls described secure exchange card is signed to described server identification, random number and dynamic marks Dla;
Authentication unit, for checking the described random number after signature, and verify the legitimacy of described dynamic marks Dla, if be proved to be successful, be then the lawful authority of the follow-up access of private exchange course allocation according to described dynamic marks Dla, successfully set up described host node and be connected with from internodal secure exchange; If authentication failed, then produce and exchange rale violation warnings, terminate this exchanges data process.
In addition, the invention also discloses a kind of data security switch, it is characterized in that, comprising:
Receiver module, for receiving the configuration file of host node transmission, described configuration file at least comprises switching task, sends catalogue and security strategy configuration file;
Transport module, for by integrity verification information transmission extremely described host node, so that described host node carries out integrity verification;
Security verification module, for after the integrity verification of host node, after receiving the request of startup switching task, security verification is carried out to self, and by after described security verification, send the request of proof, so that described host node carries out security verification to described host node;
Special safety exchanges process and sets up module, for by after the security verification of host node, sets up Special safety exchange process with described host node;
Send from node adaptation module, for according to the switching task configuration file in described configuration file, determine data to be exchanged, and described data to be exchanged is converted into transmission from the form needed for node;
Data processing module, comprise filter and wrapper, described filter is used for filtering described data to be exchanged according to the sensitive word to be filtered provided in described security strategy configuration file, described wrapper is used for the password provided according to described security strategy configuration file, encapsulation is encrypted to the described data to be exchanged after filtering, the data to be exchanged after encryption encapsulation is exchanged process transmission to described host node by described Special safety.
Preferably, described security verification module comprises:
Metric element, for receive startup of server switching task request after, current private exchange process program is measured;
Matching unit, exchanges the cryptographic Hash of process, and the integrity flag that described cryptographic Hash and the Special safety in secure exchange card exchange process is mated for calculating Special safety;
Signature unit, the private key exchanging process identity certificate CAn for the Special safety called in described secure exchange card is signed to described server identification, random number and dynamic marks Dla, and server identification, random number and the dynamic marks Dla after signature is transferred to host node.
In addition, the invention also discloses a kind of data security switch, it is characterized in that, comprising:
Receiver module, for receiving the configuration file of host node transmission, described configuration file at least comprises switching task, sends catalogue and security strategy configuration file;
Transport module, for by integrity verification information transmission extremely described host node, so that described host node carries out integrity verification;
Security verification module, for after the integrity verification of host node, after receiving the request of startup switching task, security verification is carried out to self, and by after described security verification, send the request of proof, so that described host node carries out security verification to described host node;
Special safety exchanges process and sets up module, for by after the security verification of host node, sets up Special safety exchange process with described host node;
Decapsulation module, for being extracted the data to be exchanged in described host node by described Special safety exchange process, according to the password obtained from described security strategy configuration file, is decrypted described data to be exchanged;
Receive from node adaptation module, receive from the form needed for node for described data to be exchanged is converted into and stores.
Accordingly, the invention discloses a kind of host node, described host node comprises:
Administration module, integrity verification module, security verification module, Special safety exchange process and set up module and host node data forwarding module.
In addition, the invention also discloses a kind of transmission from node, comprising: receiver module, transport module, security verification module, Special safety exchange process and set up module, send from node adaptation module and data processing module.
In addition, the invention also discloses a kind of reception from node, comprising: receiver module, transport module, security verification module, Special safety exchange process and set up module, decapsulation module and reception from node adaptation module.
Accordingly, the invention also discloses a kind of data security switching system, comprising: host node as above, send from node and receive from node.
Data security switching method provided by the present invention, host node registered in advance is through the information from node set of examination & verification, corresponding configuration file is generated according to the configuration information received, determine to need swap data from node, and when transmitting data, host node carries out integrity verification and security verification to described from node, and after completing checking, described host node extracts and sends data to be exchanged from node, and after encryption, described data to be exchanged is pushed to and receives from node, thus complete the exchange of data.In this process, because the information from node set is through examination & verification, and host node has carried out the double verification of integrality and fail safe, enhances the fail safe of exchanges data.
Meanwhile, the data security switching method disclosed in this programme, do not need every two need swap data between node, connect Mobile storage secure data-exchange intermediate computer, decrease the cost of exchanges data.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the implementing platform structure chart of the data security switching method that the embodiment of the present invention provides;
Fig. 2 is the workflow diagram of a kind of data security switching method that the embodiment of the present invention provides;
Fig. 3 is that in a kind of data security switching method of providing of the embodiment of the present invention, host node is to the workflow diagram carrying out security verification from node;
Fig. 4 is the workflow diagram of another data security switching method that the embodiment of the present invention provides;
Fig. 5 is in a kind of data security switching method of providing of the embodiment of the present invention, from node, self is carried out to the workflow diagram of security verification;
Fig. 6 is the form of a kind of data to be exchanged that the embodiment of the present invention provides;
Fig. 7 is the workflow schematic diagram of another data security switching method that the embodiment of the present invention provides;
Fig. 8 is the structural representation of a kind of data security switch that the embodiment of the present invention provides;
Fig. 9 is the structural representation of another data security switch that the embodiment of the present invention provides;
Figure 10 is the structural representation of another data security switch that the embodiment of the present invention provides.
Embodiment
For making the object of the embodiment of the present invention, technical scheme and advantage clearly, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
For the purpose of quoting and know, the technical term hereinafter used, to write a Chinese character in simplified form or summary of abridging is explained as follows:
Node: node is divided into switched major node and exchanges from node, node is actual refers to a computer or other equipment be connected with network having separate physical address and have transmission or reception data function.
Data security exchanges from node: refer to the node needing swap data.Data security exchanges from can not direct swap data between node.Hereinafter usual referred to as from node.
Data security switched major node: refer to realize the node of different pieces of information secure exchange from exchanges data between node, be usually deployed on gateway.Usual referred to as host node hereinafter.Data security exchanges directly can not carry out exchanges data between node, must carry out secure exchange in the management of host node with under controlling.
Private exchange process: the trusted process carrying out data security exchange under controlled.
Queue: queue is the data structure of storing message, queue is self-existent for their application program of use.
Special safety exchanges pipeline: the one section of private communication passage being End to End Encryption.
Secure ID: the message that the switching node under isolation environment in data security exchange and swap data are formed all can be coupled with secure ID, and secure ID comprises confidentiality level, integrity grade and credible rank three parts.Secure ID set expression is for use Exla={ κ
1, κ
2... κ
n}={ κ=(ba, se, in, tr) | ba ∈ Ba, se ∈ Se, in ∈ In, tr ∈ Tr} represent the set of secure exchange mark, and wherein Ba represents the base attribute set of bound entity, and Ba is for distinguishing the classification of binding entity.As: if the entity of binding is switching domain, then its base attribute comprises the contents such as the IP address of node, Mac address, the port numbers that connects.If the entity of binding is swap data, then its base attribute comprises the contents such as the type of data, data creation time, the last modification time of data, size of data, the transmitting terminal of data and receiving terminal.If the entity object of binding is process, the contents such as its base attribute comprise that process performs No. ID, the user of process.Se represents confidentiality level, and In represents integrity grade, and Tr represents the credible rank of exchange.Entity (Se, In, Tr) for same type is the linear order that size can compare.Therefore there is dominance relation between the entity security mark for same type, and if only if
and tr'≤tr, then secure ID (ba, se, in, tr) arranges secure ID (ba, se', in', tr ').In addition it should be noted that confidentiality level Se, integrity grade In normally predefined is good, is a kind of static nature attribute, can not reflects the dynamic change in system implementation.The dynamic credible rank Tr that the present invention introduces mainly carries out unified presentation to the credible feature of multiple dimensions of entity, and the nonfunctional characteristics of dynamic credible feature reflection system is as the response time performed an action, the upper and lower civilian environment performed an action, the historical record etc. that performs an action.Therefore dynamic credible rank is here for reflecting the Dynamic Execution process of system, and the value of dynamic credible rank can along with the continuous execution occurrence dynamics change of system.
The invention discloses a kind of data security switching method, to solve the poor stability existed when carrying out data security and exchanging in prior art, the problem that cost is high.
Operating diagram shown in Figure 1, data security switching method disclosed in this programme, be applied to host node, send from node and receive from the data exchange system constructed by node, wherein, described transmission is the node sending data to be exchanged from node, described reception is the node needing to receive described data to be exchanged from node, and described host node is for realizing described transmission from node and the secure exchange receiving data from node.
Workflow schematic diagram shown in Figure 2, the method is that object is described with host node, specifically comprises the following steps:
Step S1, corresponding configuration file is generated according to the configuration information received, described configuration file at least comprises: the current exchangeable object needing the transmission of swap data to form from node and reception from node, switching task, list of exchange and security strategy configuration file, described transmission from node and receive from node be from advance through examination & verification after be stored in host node choose from node set from node, described list of exchange comprises transmission catalogue and receives catalogue, and described configuration file is transferred to current need the transmission of swap data from node and receive from node.
Before reception configuration information, host node needs to receive the log-on message from node, host node is audited from Node registry information, the foundation of its examination & verification is mainly according to whether having the authority of carrying out exchanges data from node, after examination & verification, the information from node set through examination & verification can store by described host node, that is, to be registered in described host node from node set through what audit, so that staff is when carrying out exchanges data at every turn, from described stored choose from node from node set.Complete to exchange after the registration of node, staff, by host node, issues certificate to the exchange of registration from node, to realize in exchange process, and the authentication of switching node
Wherein, described list of exchange refers to the store path of swap data, and described list of exchange comprises transmission catalogue and receives catalogue, can be one or more, supports the form such as drive, file.When configuring switching task, need to be switching task name in advance, described main frame can audit the uniqueness of switching task title, the pattern of wherein said switching task can select two sides exchange or in many ways exchange, and can be described switching task customization executor, described executor mainly based on RBAC(Role-Based Access Control, access control based roles) model be switching task distribute operational staff or role.
Two sides exchange and refer to when carrying out exchanges data, are carry out man-to-man exchange from node.In many ways exchange and refer to that transmit leg can be multiple in a switching task, recipient also can be multiple.If two sides exchange, send from node and receive from node can only be one.If in many ways exchange, send from node and to receive can be one or more from node, staff can send from node by being stored in advance in choosing from node set in host node and receiving from node.Further, send and not choose arbitrarily from node from node and reception, but choose according to its safe level, safe level sets according to the demand for security of protected information system.
In addition, also the information of the Starting mode of switching task can be added in described configuration information, so that described host node generates the configuration file of switching task Starting mode, this Starting mode specifically comprises: one is switching task, which is manually booted the execution of this switching task by start button by executor, to carry out exchanges data; One is custom starting, and which starts switching task automatically according to the start-up time of definition; One starts in the cycle, needs the time started according to definition, automatically start switching task, and according to time interval of each exchanges data, this switching task of periodically repeated execution.
In addition, the type setting switching task is needed staff, and when with the addition of switch type relevant information in configuration information, the information generating configuration file that host node can be correlated with according to described switch type, comprise switch type in described configuration file, described switch type comprises exchange files, mail transmission or database synchronization etc.When described switch type is exchange files, the title of swap file, size and creation-time can be customized simultaneously, be convenient to follow-uply select file to be exchanged to carry out exchanges data when carrying out exchanges data, and customize sensitive word in the type of kill file and file, be convenient to follow-uply to process swap file, improve fail safe; When described switch type is database synchronization, can customizes and need certain table in synchronous database, database or certain field in table; When switch type is mail exchange, the size of mail can be limited, the type of annex.The content of filtering posts.
In security strategy configuration file, comprise sensitive word and password, described sensitive word is used for filtering data to be exchanged, and described password is used for carrying out encryption and decryption to described data to be exchanged.
In addition, staff, when operating host node, needs to rely on the username and password of registered in advance just can enter the application system of described host node, to improve fail safe.
After generating configuration file, described configuration file can be handed down to the transmission that needs to carry out this exchanges data from node with receive from node by described host node, and described transmission is from node and receive and carry out initialization from node.
Step S2, basis are from the described transmission after initialization from node and receive the integrity verification information obtained from node, from node, integrity verification is carried out from node and reception to described transmission, to carry out security verification from node to self from node and reception by the described transmission of integrity verification, and after security verification terminates, produce and prove solicited message.
Secure exchange card (usb key) can inserted from node, in described secure exchange card, comprising following three information: one is being the letter of identity Can that Special safety exchanges process; Two is integrity flag Sla of Special safety exchanger, and this mark is a kind of static identity, is the cryptographic Hash of Special safety exchanger integrality being carried out to staticametric result; Three is dynamic marks Dla that Special safety exchanges process, and this mark is the cryptographic Hash of process secure ID Exla and the correct behavior sequence result performed.Described transmission obtains above-mentioned information from node from node and reception from described secure exchange card, as integrity verification information, and transfers in described host node, carries out integrity verification to make described host node according to above-mentioned information to described from node.TPM safety chip (Trusted PlatformModule, reliable platform module) is installed in described host node usually, can realizes the described integrity verification from node.
After by the integrity verification of described host node, send and can carry out security verification to self from node and reception from node, and by after described security verification, send to described host node and prove solicited message.
Step S3, receive described transmission from node and receive after the described proof solicited message of node-node transmission, to described transmission from node and receive carry out security verification from node.
Described transmission is initiated to prove request, to carry out security verification by described host node to described host node by SSL (Secure Sockets Layer, SSL) passage from node and reception from node.Certainly, also can pass through other passages, the present invention does not limit.If when described host node carries out security verification, find that described transmission exists potential safety hazard from node and reception from node, then produce and exchange rale violation warnings, stop exchanging; If by described security verification, then described host node can continue to perform next step.
Step S4, by after described security verification, respectively with described transmission from node with receive and set up Special safety from node and exchange process, and extracting described transmission from node by described Special safety exchange process, the sensitive word to be filtered provided according to described security strategy configuration file and password carry out the data to be exchanged after filtration, encryption.
Described Special safety exchanges process, for carrying out the private exchange process of exchanges data.Host node and send from node, receive and set up Special safety exchange process from node after, data to be exchanged is encrypted from node by described transmission, so as described host node from node, extracts filtration from described transmission, encrypt after data to be exchanged.
Step S5, from node, to extract the data to be exchanged after described filtration, encryption from described transmission after, described data to be exchanged is verified, and exchanges process by described Special safety the data to be exchanged after described checking is pushed to described reception from node.
Host node inside is generally divided into three districts: inter-process district, external treatment district and secure exchange treatment region, the area definition be connected with internal data treatment region node is inter-process district, the area definition be connected with public data treatment region node is external treatment district, can not direct communication between inter-process district and external treatment district, the exchanges data in two regions must be completed by credible exchange area.The exchange that its partitioning standards mainly connects according to the port of host node divides from the rank of node, if receive internal data treatment region node, namely there are the data from node-node transmission of intranet and extranet restriction, Ze Gai district is internal data treatment region; If receive public data treatment region node, namely there are not the data from node-node transmission of intranet and extranet restriction, Ze Gai district is external data treatment region.
After transmission to be encrypted data to be exchanged from node and to wait and process, message send queue can be formed, host node can periodically inquire about described transmission from node, and after inquiring described information transmit queue, by the exchanges data dedicated process on main switching node by SSL (Secure Sockets Layer, SSL) swap data is pulled in the secure exchange treatment region of main switching node, to ensure the fail safe in switched data transmission by passage.Described data to be exchanged exists with ciphertext form, no longer resolves to expressly, can prevent the secondary participating in causing due to third party from divulging a secret like this, can save again to decipher the process of encrypting again to swap data and substantially increase exchange efficiency.Wherein, secure exchange treatment region is by the trusted subjects of special identifier, and in internal data treatment region and external data treatment region and message queue, the rank of the secure ID of message is consistent.When extracting described data to be exchanged, implement multilvel security policy based on secure ID, to realize reading and writing message in different message queues, thus the safety realizing data forwards.
Described host node, being extracted described transmission after the data to be exchanged node, can be verified described data to be exchanged, to determine the integrality of described data to be exchanged.
After described host node extracts described data to be exchanged, described data to be exchanged can be pushed to by SSL passage and receive from node, thus realize the exchange of data.In addition, the process of exchanges data can adopt synchronous form, also can be asynchronous form.When adopting synchronous versions, after described host node extracts data to be exchanged, directly pushed to and received from node.When adopting asynchronous form, data to be exchanged can temporarily store by described host node, after the certain hour preset, again data to be exchanged is transferred to described reception from node, this mode is applicable to described reception from situations such as nodes break down, the information of the time value wherein preset, can determine according to the configuration information received.
By the operation of step S1 to step S5, host node to transmission from node with after receiving and carrying out integrity verification and security verification from node, and described transmission is from node with receive and set up Special safety exchange process between node.In addition, described transmission from node data to be exchanged can be encrypted, after setting up Special safety exchange process, described host node can extract described transmission encrypt from node after data to be exchanged, and by this data-pushing extremely described reception from node.In this process, because described host node has carried out the double verification of integrality and fail safe from node and reception from node to described transmission, carried out filtration, encryption, and exchanged by Special safety the exchange that process realizes data, therefore fail safe is higher.And, due in the present invention, do not need, at hardware facilities such as additional configuration Mobile storage secure data-exchange intermediate computers, to decrease cost.
In step s3, host node carries out the method for security verification as shown in Figure 3 from node and reception from node to transmission, specifically comprises:
Step S31, after receiving described proof solicited message, produce a server identification IDs and random number N s, and described server identification IDs and random number N s is transferred to described transmission from node with receive from node, so that described transmission is from node with receive and call from node the private key that Special safety described secure exchange card exchanges process identity certificate CAn and sign to described server identification IDs, random number N s and dynamic marks Dla.Specifically, public-key cryptosystem can be adopted to realize signature, to realize the discriminating to identity.
Described random number N s after step S32, inspection signature, and verify the legitimacy of described dynamic marks Dla, judge whether to be proved to be successful, if be proved to be successful, perform the operation of step S33, if authentication failed, then perform the operation of step S24.Described random number N s after host node inspection signature, for preventing Replay Attack; Further, when verifying the legitimacy of described dynamic marks Dla, can be verified by Markov process appraisal procedure.Certainly, other modes also can be adopted to verify, this programme does not limit.
Step S33, be the lawful authority of the follow-up access of private exchange course allocation according to described dynamic marks Dla, set up described host node and send from node, receive and exchange process from internodal Special safety;
Step S34, generation exchange rale violation warnings, terminate this exchanges data process.
By the operation of step S31 to step S34, host node can to described transmission from node with receive and carry out security verification from node, and with setting up Special safety from node and exchange process by security verification, ensure that the fail safe of subsequent exchange process.
In addition, the invention also discloses a kind of data security switching method, the method is that object is described with sending node, structural representation shown in Figure 4, and the method specifically comprises the following steps:
The configuration file of step S11, the transmission of reception host node, described configuration file at least comprises exchangeable object, switching task, list of exchange and security strategy configuration file.
Step S12, by integrity verification information transmission to described host node so that described host node carries out integrity verification.
Send and be plugged with secure exchange card USB Key from node, described secure exchange card includes following information: one is the letter of identity Can that Special safety exchanges process; Two is integrity flag Sla of Special safety exchanger, and this mark is a kind of static identity, is the cryptographic Hash of Special safety exchanger integrality being carried out to staticametric result; Three is dynamic marks Dla that Special safety exchanges process, and this mark is the cryptographic Hash of process secure ID Exla and the correct behavior sequence result performed.Wherein letter of identity Can refers to X.509 certificate, and described integrity flag Sla is the cryptographic Hash generated according to the correlation attribute information of switch software in advance.
Described transmission using dynamic marks Dla as integrity verification information transmission to host node, can carry out integrity verification by described host node to it from node.
Step S13, after the integrity verification of host node, after receiving the request of startup switching task, security verification is carried out to self, and after passing through described security verification, the request of proof is sent to described host node, so that described host node carries out security verification, and after the security verification passing through described host node, set up Special safety with described host node and exchange process.
After the integrity verification of host node, when needing to carry out exchanges data, described transmission can receive the request starting switching task from node, thus carry out security verification, and by after described security verification, set up Special safety with host node and exchange process, to carry out exchanges data.
Step S14, according to the switching task configuration file determination data to be exchanged in described configuration file, and described data to be exchanged is converted into send from the form needed for node.
Step S15, according to the sensitive word to be filtered provided in described security strategy configuration file and password, described data to be exchanged is filtered, after encryption, exchanges process transmission to described host node by described Special safety.
By the operation of step S11 to step S15, to send from node after integrity verification and security verification, data to be sent carried out format conversion, and carry out filtering, encryption, add the fail safe in data exchange process.
Wherein, in step S13, described transmission, from the node workflow schematic diagram shown in Figure 5 to the method for self carrying out security verification, specifically comprises:
Step S131, receive startup of server switching task request after, process program is exchanged to current Special safety and measures.
Step S132, calculate described Special safety and exchange the cryptographic Hash of process, and the integrity flag that described cryptographic Hash and the Special safety in secure exchange card exchange process is mated, judge matching result, if the match is successful, then perform the operation of step S133, if it fails to match, then perform the operation of step S134.
Step S133, to host node send prove request, to make host node, security verification is carried out to it.
Step S134, interrupt this exchanges data process.
By the operation of step S131 to step S134, to send from node according to the information got from secure exchange card, realize the security verification to self, improve follow-up fail safe, reliability of carrying out exchanges data.
In addition, in step S133, after described transmission sends from node to host node the request of proof, receive the described host node proving request, the server identification IDs of generation and random number N s can be transferred to described transmission from node, described transmission exchanges the private key of process identity certificate CAn to described server identification IDs from the Special safety that node can call described secure exchange card, random number N s and dynamic marks Dla signs, and by the server identification IDs after signature, random number N s and dynamic marks Dla transfers to host node, to carry out security verification to described transmission from node by described host node.
In addition, in step S15, the operation of filter data to be exchanged, encrypting, also contributes to the fail safe strengthening exchanges data.Specifically, the operation of filter data to be exchanged, encrypting, comprises the following steps:
Sensitive word to be filtered according to obtaining from described security strategy configuration file filters described data to be exchanged, and judges that whether filter result is correct.
If know according to judgement, filter result is correct, then according to the password obtained from described security strategy configuration file, carry out encapsulation encryption, to form message send queue to the data to be exchanged completing filtration.If know according to judgement, filter result is incorrect, then terminate this exchange process.
In addition, while in end, this exchanges process, described transmission can also send to host node from node and exchange warning message in violation of rules and regulations, to perform corresponding alert action by described host node, makes staff know the incorrect information of filter result,
In the operation of step S14, data to be exchanged is converted into and sends from the form needed for node, mainly based on the exploitation of open source software OpenAdaptor.The exploitation of OpenAdaptor software creates adaptor module, described OpenAdaptor software provides and passes through configuration file, just the exchanges data between system can be carried out the function of conversion automatically according to respective form, make the exchanges data between these application more flexible.The advantage of use OpenAdaptor is: reduce system, coupled degree, interface is more easily safeguarded in the environment of cross-system; Reusable, the global structure of OpenAdaptor is that the code reuse of application program provides necessary framework; Be easy to use, each adapter is defined by a simple configuration file.Because aptamers provides a set of assembly that can be purchased off the shelf, so usually do not need to write actual code just can build an adapter.
According to the information of the exchangeable object comprised in configuration file, list of exchange, described transmission determines data to be exchanged from node, and convert described data to be exchanged to XML(Extensible MarkupLanguage, extend markup language) file of form, also can be converted to the file of other form.Because OpenAdaptor acquiescence uses XML format, so can specify when resolving extended formatting file, as TXT is converted to XML, then a character string reader to be specified to read TXT text.After described data to be exchanged is converted to certain format, described data to be exchanged is stored to target database from node by described transmission, to be filtered described data to be exchanged from the filter in node by described transmission.
In addition, when filtering data to be exchanged, filter method disclosed in this invention, support OR-split, And-split, and the strobe utility of Multiple Combination mode, support that multiple file class detects, detect kind and not only comprise TXT and WORD document, also comprise the active file types such as PDF, EXCEL, PPT, RTF and HTML.Filter upper strata uses document subject feature vector technology, can be TXT form by the file transform of the forms such as PDF/Office, with IK Analyzer, preliminary treatment is carried out to text, filter retrieval and adopt two filter kernel+IKAnalyzer Chinese words segmentation, according to the exchanging policy of customization, filter kernel algorithm can realize intelligence and switch.
Wherein, IK Analyzer+Lucene filter algorithm is adopted to carry out the retrieval of high-accuracy to the sensitive information that may exist in the plain text after conversion under general mode; Less in amount of text, text is less, under switching task needs the particular case started immediately, adopt the simple efficient swap data of keyword information filtering algorithm to system of the present invention's design to filter, enable data security switching system at utmost balance filtration effect and exchange efficiency.
Wherein the concrete mode of filter operation is as follows: when Special safety exchanges process, after data to be exchanged converts default data format to, then start to filter described data to be exchanged.First to detect and send whether there is exchanging policy configuration file from node, if do not exist, then interrupt this exchanges data process; If exist, then according to described exchanging policy configuration file, start to perform filter operation.First to check whether and need to carry out content erotic infomation detection, when the content erotic infomation detection item comprising customization in described exchanging policy configuration file just checks, otherwise not need to check.Then, because lucene can only carry out index and retrieval to plain text document, file to be filtered is carried out text conversion, as carried out text conversion by PDFBox to pdf document, Lucene changes MS Office file from tape function process RTF class file and POI, to carry out text preliminary treatment to what need sensitive information to detect in loading file, be convenient to the follow-up work of Lucene.
Next, according to the granularity of data security switching system user collocation strategy, analyze in conjunction with number of files, type and the size in scanning swap file folder is also comprehensive, judge quantity and the size of swap file, to select filter algorithm according to judged result.Concrete, when transmission file Chinese version file is less, file is less, during switch mode requirement of real-time height, filter will adopt simple swap data filter algorithm efficiently, and this filter algorithm ensureing to filter on the basis of accuracy, at utmost can improve operational efficiency; When text is more, file is comparatively large, timing or when periodically starting switching task, adopts IK Analyzer(Chinese word segmentation machine) the full-text search engine kit of+Lucene(open source code) filter algorithm, reach and the high-accuracy of content filtered.
Wherein, data to be exchanged is divided into many groups by the simple filter algorithm that exchanges efficiently, concrete packet mode can according in data to be exchanged, the paragraph that lead-in is identical is divided into a group, by first group according to described content erotic infomation detection item, carries out the coupling of sensitive information, if the match is successful, then illustrate in data to be exchanged to there is sensitive information, then refusal sends this data to be exchanged, this exchanges data process interrupt.
It is more that conditions present meets text, file is larger, when timing or periodicity start the condition of switching task, then switch to IK Analyzer(Chinese word segmentation machine) the full-text search engine kit of+Lucene(open source code) filter algorithm, to carry out high-accuracy filtration to content, gather details, lay the foundation to audit analysis.
In described IK Analyzer+Lucene filter algorithm, first need data to be exchanged to be first converted to plain text document, to submit to Lucene to set up index, and carry out Chinese and English participle, the object of participle mainly removes non-retrieval word stopword, and English word is converted to small letter; After participle completes, word segmentation result is stored, and according to the filtering keys that user provides, the data to be exchanged after word segmentation processing is filtered.
After filtration terminates, can judge filtration, and when judging to learn that filter result is correct, encapsulation encryption be carried out to the data to be exchanged completing filtration.When encapsulating, can according to the level of security of data to be exchanged or priority etc., different cryptographic algorithm and Cipher Strength is adopted to carry out the encryption of varying strength to data to be exchanged, then the data to be exchanged after encryption is packaged into unified message format, and secure ID is tied in information header.Information encapsulation form as shown in Figure 6, wherein, information header comprises: Java messenger service target (Java Message Service Destination, JMSDestination), Java messenger service off period (Java Message Service Expiration, JMSExpiration), Java messaging service information mark (Java Message Service MessageID, JMSMessageID), Java messenger service priority (Java Message Service Priority, JMSPriority), Java messenger service sending mode (Java Message Service DeliveryMode, JMSDeliveryMode), Java messenger service time tag (Java Message ServiceTimeStamp, JMSTimeStamp), Java messenger service repeats to send (Java Message ServiceReDelivered, JMSReDelivered), Java messenger service replys (Java Message ServiceReplyto, JMS Replyto), Java messenger service relevance mark (Java Message ServiceCorrelationID, and Java message service type (Java Message ServiceType JMSCorrelationID), JMSType), imformosome can be divided into several types, comprise: without the message Message of pay(useful) load, simple text TextMessage, community set MapMessage, original value stream StreamMessage, the object ObjectMessage of byte stream BytesMessage and serializability, after packaging is accomplished, data to be exchanged is put into local information transmit queue, be convenient to host node query messages transmit queue, to extract data to be exchanged.
By the above-mentioned description to sending from node side data switching method, after data to be exchanged can be filtered from node by described transmission, carrying out encapsulation encryption, thus improve the fail safe of data exchange process.
In addition, the invention also discloses a kind of data security switching method, the method is to receive from node for executive agent is described, and structural representation shown in Figure 7, specifically comprises the following steps:
The configuration file of step S21, the transmission of reception host node, described configuration file at least comprises exchangeable object, switching task, list of exchange and security strategy configuration file;
Step S22, by integrity verification information transmission to described host node so that described host node carries out integrity verification;
Step S23, after the integrity verification of host node, after receiving the request of startup switching task, security verification is carried out to self, and after passing through described security verification, the request of proof is sent to described host node, so that described host node carries out security verification, and after the security verification passing through described host node, set up Special safety with described host node and exchange process;
Step S24, the process that to be exchanged by described Special safety extract the data to be exchanged in described host node, according to the password obtained from described security strategy configuration file, are decrypted described data to be exchanged;
Step S25, described data to be exchanged is converted into receives from the form needed for node and store.
Wherein in step S22 and step S23, described reception is from node-node transmission integrity verification information, and identical from node with transmission to the method for self carrying out security verification, due to through integrity verification and security verification, improve and receive from the fail safe of node, reliability.
In addition, in step s 24 which, receive from node when being decrypted the data to be exchanged received, decrypting process is the inverse process of ciphering process.
By the operation of step S21 to step S25, receive from node after integrality and security verification, receive the data to be exchanged from host node transmission, and described data to be exchanged is decrypted, to obtain from sending the data to be exchanged extracted from node.In this process, owing to have passed through the double verification of integrality and fail safe, and the data to be exchanged received is the data after filtration, encryption encapsulation, improves the fail safe in data exchange process, reliability.
In addition, this programme also discloses a kind of data security switch, structural representation shown in Figure 8, and this device comprises: administration module 11, integrity verification module 12, security verification module 13, Special safety exchange process and set up module 14 and host node data forwarding module 15, wherein
Described administration module 11, for generating corresponding configuration file according to the configuration information received, described configuration file at least comprises: the current exchangeable object needing the transmission of swap data to form from node and reception from node, switching task, list of exchange and security strategy configuration file, described transmission from node and receive from node be from advance through examination & verification after be stored in host node choose from node set from node, described list of exchange comprises transmission catalogue and receives catalogue, and described configuration file is transferred to current need the transmission of swap data from node and receive from node,
Described integrity verification module 12, for according to the integrity verification information obtained from node with reception from the described transmission after initialization from node, carries out integrity verification to described from node;
Described security verification module 13, for receive described transmission from node and receive after the proof solicited message of node-node transmission, to described transmission from node and receive carry out security verification from node;
Described Special safety exchanges process and sets up module 14, after passing through described security verification, respectively with described transmission from node with receive and set up Special safety from node and exchange process, extract described transmission from node to exchange process by described Special safety, the sensitive word to be filtered provided according to described security strategy configuration file and password carry out filtering, encrypt after data to be exchanged;
Described host node data forwarding module 15, for extracting the data to be exchanged after described filtration, encryption from node from described transmission, and pushes to described reception from node by described Special safety exchange process by the data to be exchanged after described filtration, encryption.
Above-mentioned disclosed data security switch, by integrity verification module 12 and security verification module 13, from node, integrality and fail safe double verification are carried out from node and transmission to reception, exchange process by Special safety and set up module 14, security procedure is set up from node and reception from node with described transmission, and from node, obtain the data to be exchanged after filtering, encrypting from described transmission, and pushed to described reception from node, thus complete the higher exchanges data of fail safe.
In addition, described security verification module 13 comprises: feedback unit and authentication unit, wherein,
Described feedback unit, for after receiving described proof solicited message, produce server identification and a random number, and described server identification and random number transferred to described transmission and receive from node, so that the private key that described transmission exchanges process identity certificate CAn from node and reception from the Special safety that node calls described secure exchange card is signed to described server identification, random number and dynamic marks Dla;
Described authentication unit, for checking the described random number after signature, and verify the legitimacy of described dynamic marks Dla, if be proved to be successful, be then the lawful authority of the follow-up access of private exchange course allocation according to described dynamic marks Dla, successfully set up described host node and be connected with from internodal secure exchange; If authentication failed, then produce and exchange rale violation warnings, terminate this exchanges data process.
Accordingly, the invention also discloses a kind of host node, described host node comprises above-mentioned data security switch, described data security switch comprises: administration module 11, integrity verification module 12, security verification module 13, Special safety exchange process and set up module 14 and host node data forwarding module 15, in addition, described security verification module 13 can comprise feedback unit and authentication unit.
In addition, the invention also discloses a kind of data security switch, structural representation shown in Figure 9, comprise: receiver module 21, transport module 22, security verification module 23, Special safety exchange process and set up module 24, send from node adaptation module 25 and data processing module 26, wherein
Described receiver module 21, for receiving the configuration file of host node transmission, described configuration file at least comprises switching task, sends catalogue and security strategy configuration file;
Described transport module 22, for by integrity verification information transmission extremely described host node, so that described host node carries out integrity verification;
Described security verification module 23, for after the integrity verification of host node, after receiving the request of startup switching task, security verification is carried out to self, and by after described security verification, send the request of proof, so that described host node carries out security verification to described host node;
Described Special safety exchanges process and sets up module 24, for by after the security verification of host node, sets up Special safety exchange process with described host node;
Described transmission, from node adaptation module 25, for according to the switching task configuration file in described configuration file, determines data to be exchanged, and described data to be exchanged is converted into transmission from the form needed for node;
Described data processing module 26, comprise filter and wrapper, described filter is used for filtering described data to be exchanged according to the sensitive word to be filtered provided in described security strategy configuration file, described wrapper is used for the password provided according to described security strategy configuration file, encapsulation is encrypted to the described data to be exchanged after filtering, the data to be exchanged after encryption encapsulation is exchanged process transmission to described host node by described Special safety.
Wherein, described security verification module 23 comprises: metric element, matching unit and signature unit, then
Described metric element, for receive startup of server switching task request after, current private exchange process program is measured;
Described matching unit, exchanges the cryptographic Hash of process, and the integrity flag that described cryptographic Hash and the Special safety in secure exchange card exchange process is mated for calculating Special safety;
Described signature unit, the private key exchanging process identity certificate CAn for the Special safety called in described secure exchange card is signed to described server identification, random number and dynamic marks Dla, and server identification, random number and the dynamic marks Dla after signature is transferred to host node.
Accordingly, the invention also discloses a kind of transmission from node, described transmission comprises data security switch from node, and described data security switch comprises: receiver module 21, transport module 22, security verification module 23, Special safety exchange process and set up module 24 and send from node adaptation module 25 and data processing module 26.In addition, described security verification module 23 can comprise: metric element, matching unit and signature unit.
In addition, structural representation shown in Figure 10, the invention also discloses a kind of data security switch, comprise: receiver module 31, transport module 32, security verification module 33, Special safety exchange process and set up module 34, decapsulation module 35 and receive from node adaptation module 36, wherein
Described receiver module 31, for receiving the configuration file of host node transmission, described configuration file at least comprises switching task, sends catalogue and security strategy configuration file;
Described transport module 32, for by integrity verification information transmission extremely described host node, so that described host node carries out integrity verification;
Described security verification module 33, for after the integrity verification of host node, after receiving the request of startup switching task, security verification is carried out to self, and by after described security verification, send the request of proof, so that described host node carries out security verification to described host node, wherein, described security verification module 33 can comprise: metric element, matching unit and signature unit;
Described Special safety exchanges process and sets up module 34, for by after the security verification of host node, sets up Special safety exchange process with described host node;
Described decapsulation module 35, for being extracted the data to be exchanged in described host node by described Special safety exchange process, according to the password obtained from described security strategy configuration file, is decrypted described data to be exchanged;
Described reception, from node adaptation module 36, receives from the form needed for node for described data to be exchanged being converted into and storing.
Accordingly, the invention also discloses a kind of reception from node, described reception comprises data security switch as above from node, and described data security switch comprises: receiver module 31, transport module 32, security verification module 33, Special safety exchange process and set up module 34, decapsulation module 35 and receive from node adaptation module 36.Described reception after the double verification through integrality, fail safe, can receive that host node transmits, after filtration, encryption node to be exchanged, and is decrypted, to obtain data to be exchanged from node.
In addition, the invention also discloses a kind of data security switching system, described system comprises: host node, send from node and receive from node, wherein, data security switch is comprised in described host node, described data security switch comprises: administration module, integrity verification module, security verification module, Special safety exchanges process and sets up module and host node adaptation module, described transmission comprises from the data security switch node: receiver module, transport module, security verification module and transmission are from node adaptation module, described reception comprises from the data security switch node: receiver module, transport module, security verification module and reception are from node adaptation module.
When needs carry out exchanges data, the transmission in data security switching system is from node and receive from node after the double verification of integrality and fail safe, and host node is set up Special safety and exchanged process.Described host node can extract the data to be exchanged after filtration, encryption from described transmission from node, and transmits it to described reception from node, is decrypted process by described reception from node.In this process, owing to having carried out the double verification of integrality and fail safe from node and reception from node to transmission, and data to be sent have been carried out to the process of filtration, encryption, enhance the fail safe in data exchange process, reliability, achieve the secure exchange of data, break the restriction of information island, facilitated the exchange of information resources and share.
Those of ordinary skill in the art can recognize, in conjunction with unit and the algorithm steps of each example of embodiment disclosed herein description, can realize with the combination of electronic hardware or computer software and electronic hardware.These functions perform with hardware or software mode actually, depend on application-specific and the design constraint of technical scheme.Professional and technical personnel can use distinct methods to realize described function to each specifically should being used for, but this realization should not thought and exceeds scope of the present invention.
Those skilled in the art can be well understood to, and for convenience and simplicity of description, the specific works process of the system of foregoing description, device and unit, with reference to the corresponding process in preceding method embodiment, can not repeat them here.
In several embodiments that the application provides, should be understood that disclosed system, apparatus and method can realize by another way.Such as, device embodiment described above is only schematic, such as, the division of described unit, be only a kind of logic function to divide, actual can have other dividing mode when realizing, such as multiple unit or assembly can in conjunction with or another system can be integrated into, or some features can be ignored, or do not perform.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, and the indirect coupling of device or unit or communication connection can be electrical, machinery or other form.
The described unit illustrated as separating component or can may not be and physically separates, and the parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of unit wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, also can be that the independent physics of unit exists, also can two or more unit in a unit integrated.
If described function using the form of SFU software functional unit realize and as independently production marketing or use time, can be stored in a computer read/write memory medium.Based on such understanding, the part of the part that technical scheme of the present invention contributes to prior art in essence in other words or this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform all or part of step of method described in each embodiment of the present invention.And aforesaid storage medium comprises: USB flash disk, portable hard drive, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. various can be program code stored medium.
In this specification, each embodiment adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiments, between each embodiment identical similar portion mutually see.For system disclosed in embodiment, because it corresponds to the method disclosed in Example, so description is fairly simple, relevant part illustrates see method part.
The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (16)
1. a data security switching method, is characterized in that, comprising:
Corresponding configuration file is generated according to the configuration information received, described configuration file at least comprises: current exchangeable object, switching task, list of exchange and the security strategy configuration file needing the transmission of swap data to form from node and reception from node, described transmission from node and receive from node be from advance through examination & verification after be stored in host node choose from node set from node, described list of exchange comprise send catalogue and receive catalogue, and described configuration file is transferred to current need the transmission of swap data from node and receive from node;
According to the integrity verification information obtained from node with reception from the described transmission after initialization from node, from node, integrity verification is carried out from node and reception to described transmission, to carry out security verification from node to self from node and reception by the transmission of integrity verification, and after security verification terminates, produce and prove solicited message;
Receive described transmission from node and receive after the described proof solicited message of node-node transmission, to described transmission from node and receive carry out security verification from node;
After described security verification, respectively with described transmission from node with receive and set up Special safety from node and exchange process, and exchange process by described Special safety and extract described transmission from node, the sensitive word to be filtered provided according to described security strategy configuration file and password carry out filtering, data to be exchanged after encryption;
Extract from node after the data to be exchanged after described filtration, encryption from described transmission, described data to be exchanged is verified, and by described Special safety exchange process, the data to be exchanged after described checking is pushed to described reception from node.
2. method according to claim 1, it is characterized in that, described host node from described initialized transmission from node with receive the integrity verification information that obtains from node and comprise: the integrity flag Sla that the Special safety transmitted with the described secure exchange card be connected from node exchanges the letter of identity CAn of process, Special safety exchanges process and Special safety exchange the dynamic marks Dla of process.
3. method according to claim 1, is characterized in that, specifically comprises the method that described transmission carries out security verification from node and reception from node:
After receiving described proof solicited message, produce server identification and a random number, and described server identification and random number are transferred to described transmission from node with receive from node, so that described transmission is from node with receive and call from node the private key that Special safety secure exchange card exchanges process identity certificate CAn and sign to described server identification, random number and dynamic marks Dla;
Check the described random number after signature, and verify the legitimacy of described dynamic marks Dla, if be proved to be successful, be then the lawful authority of the follow-up access of private exchange course allocation according to described dynamic marks Dla, set up described host node and send from node, receive from internodal Special safety exchange process; If authentication failed, then produce and exchange rale violation warnings, terminate this exchanges data process.
4. a data security switching method, is characterized in that, comprising:
Receive the configuration file of host node transmission, described configuration file at least comprises exchangeable object, switching task, list of exchange and security strategy configuration file;
By integrity verification information transmission to described host node, so that described host node carries out integrity verification;
After the integrity verification of host node, after receiving the request of startup switching task, security verification is carried out to self, and after passing through described security verification, the request of proof is sent to described host node, so that described host node carries out security verification, and after the security verification passing through described host node, set up Special safety with described host node and exchange process;
According to the switching task configuration file determination data to be exchanged in described configuration file, and described data to be exchanged is converted into transmission from the form needed for node;
According to the sensitive word to be filtered provided in described security strategy configuration file and password, after described data to be exchanged filtration, encryption, exchange process transmission to described host node by described Special safety.
5. method according to claim 4, is characterized in that, the method for self being carried out to security verification specifically comprises:
After receiving the request of startup of server switching task, process program is exchanged to current Special safety and measures;
Calculate the cryptographic Hash that described Special safety exchanges process, and the integrity flag that described cryptographic Hash and the Special safety in secure exchange card exchange process is mated, if the match is successful, then send to host node the request of proof, to make host node, security verification is carried out to it, if it fails to match, then interrupt this exchanges data process.
6. method according to claim 4, is characterized in that, the method for filter described data to be exchanged, encrypting specifically comprises:
Sensitive word to be filtered according to obtaining from described security strategy configuration file filters described data to be exchanged, and judges that whether filter result is correct, if correctly, then performs next step, if incorrect, then terminates this exchange process;
According to the password obtained from described security strategy configuration file, encapsulation encryption is carried out, to form message send queue to the data to be exchanged completing filtration.
7. a data security switching method, is characterized in that, comprising:
Receive the configuration file of host node transmission, described configuration file at least comprises exchangeable object, switching task, list of exchange and security strategy configuration file;
By integrity verification information transmission to described host node, so that described host node carries out integrity verification;
After the integrity verification of host node, after receiving the request of startup switching task, security verification is carried out to self, and after passing through described security verification, the request of proof is sent to described host node, so that described host node carries out security verification, and after the security verification passing through described host node, set up Special safety with described host node and exchange process;
Extracted the data to be exchanged in described host node by described Special safety exchange process, according to the password obtained from described security strategy configuration file, described data to be exchanged is decrypted;
Described data to be exchanged is converted into and receives from the form needed for node and store.
8. a data security switch, is characterized in that, comprising:
Administration module, for generating corresponding configuration file according to the configuration information received, described configuration file at least comprises: the current exchangeable object needing the transmission of swap data to form from node and reception from node, switching task, list of exchange and security strategy configuration file, described transmission from node and receive from node be from advance through examination & verification after be stored in host node choose from node set from node, described list of exchange comprises transmission catalogue and receives catalogue, and described configuration file is transferred to current need the transmission of swap data from node and receive from node,
Integrity verification module, for according to the integrity verification information obtained from node with reception from the described transmission after initialization from node, carries out integrity verification from node and reception from node to described transmission;
Security verification module, for receive described transmission from node and receive after the proof solicited message of node-node transmission, to described transmission from node and receive carry out security verification from node;
Special safety exchanges process and sets up module, after passing through described security verification, respectively with described transmission from node with receive and set up Special safety from node and exchange process, extract described transmission from node to exchange process by described Special safety, the sensitive word to be filtered provided according to described security strategy configuration file and password carry out filtering, encrypt after data to be exchanged;
Host node data forwarding module, for extracting described data to be exchanged after filtering, encrypting from node from described transmission, data to be exchanged after described encryption is verified, and by described Special safety exchange process, the data to be exchanged after described checking is pushed to described reception from node.
9. device according to claim 8, is characterized in that, described security verification module comprises:
Feedback unit, for after receiving described proof solicited message, produce server identification and a random number, and described server identification and random number transferred to described transmission and receive from node, so that the private key that described transmission exchanges process identity certificate CAn from node and reception from the Special safety that node calls described secure exchange card is signed to described server identification, random number and dynamic marks Dla;
Authentication unit, for checking the described random number after signature, and verify the legitimacy of described dynamic marks Dla, if be proved to be successful, be then the lawful authority of the follow-up access of private exchange course allocation according to described dynamic marks Dla, successfully set up described host node and be connected with from internodal secure exchange; If authentication failed, then produce and exchange rale violation warnings, terminate this exchanges data process.
10. a data security switch, is characterized in that, comprising:
Receiver module, for receiving the configuration file of host node transmission, described configuration file at least comprises switching task, sends catalogue and security strategy configuration file;
Transport module, for by integrity verification information transmission extremely described host node, so that described host node carries out integrity verification;
Security verification module, for after the integrity verification of host node, after receiving the request of startup switching task, security verification is carried out to self, and by after described security verification, send the request of proof, so that described host node carries out security verification to described host node;
Special safety exchanges process and sets up module, for by after the security verification of host node, sets up Special safety exchange process with described host node;
Send from node adaptation module, for according to the switching task configuration file in described configuration file, determine data to be exchanged, and described data to be exchanged is converted into transmission from the form needed for node;
Data processing module, comprise filter and wrapper, described filter is used for filtering described data to be exchanged according to the sensitive word to be filtered provided in described security strategy configuration file, described wrapper is used for the password provided according to described security strategy configuration file, encapsulation is encrypted to the described data to be exchanged after filtering, the data to be exchanged after encryption encapsulation is exchanged process transmission to described host node by described Special safety.
11. devices according to claim 10, is characterized in that, described security verification module comprises:
Metric element, for receive startup of server switching task request after, current private exchange process program is measured;
Matching unit, exchanges the cryptographic Hash of process, and the integrity flag that described cryptographic Hash and the Special safety in secure exchange card exchange process is mated for calculating Special safety;
Signature unit, the private key exchanging process identity certificate CAn for the Special safety called in described secure exchange card is signed to described server identification, random number and dynamic marks Dla, and server identification, random number and the dynamic marks Dla after signature is transferred to host node.
12. 1 kinds of data security switches, is characterized in that, comprising:
Receiver module, for receiving the configuration file of host node transmission, described configuration file at least comprises switching task, sends catalogue and security strategy configuration file;
Transport module, for by integrity verification information transmission extremely described host node, so that described host node carries out integrity verification;
Security verification module, for after the integrity verification of host node, after receiving the request of startup switching task, security verification is carried out to self, and by after described security verification, send the request of proof, so that described host node carries out security verification to described host node;
Special safety exchanges process and sets up module, for by after the security verification of host node, sets up Special safety exchange process with described host node;
Decapsulation module, for being extracted the data to be exchanged in described host node by described Special safety exchange process, according to the password obtained from described security strategy configuration file, is decrypted described data to be exchanged;
Receive from node adaptation module, receive from the form needed for node for described data to be exchanged is converted into and stores.
13. 1 kinds of host nodes, is characterized in that, comprising:
Data security switch described in any one of claim 8 to 9.
14. 1 kinds send from node, it is characterized in that, comprising:
Data security switch described in any one of claim 10 to 11.
15. 1 kinds receive from node, it is characterized in that, comprising:
Data security switch according to claim 12.
16. 1 kinds of data security switching systems, is characterized in that, comprising:
Host node as claimed in claim 13, send from node as claimed in claim 14, receive from node as claimed in claim 15.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210417301.5A CN102916963B (en) | 2012-10-26 | 2012-10-26 | Safe data exchange method, device, nodes and safe data exchange system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210417301.5A CN102916963B (en) | 2012-10-26 | 2012-10-26 | Safe data exchange method, device, nodes and safe data exchange system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102916963A CN102916963A (en) | 2013-02-06 |
| CN102916963B true CN102916963B (en) | 2014-12-31 |
Family
ID=47615197
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210417301.5A Active CN102916963B (en) | 2012-10-26 | 2012-10-26 | Safe data exchange method, device, nodes and safe data exchange system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102916963B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106802832A (en) * | 2017-01-06 | 2017-06-06 | 网易(杭州)网络有限公司 | Jenkins node states management method and device |
Families Citing this family (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105447380A (en) * | 2014-09-28 | 2016-03-30 | 上海贝尔股份有限公司 | Method and apparatus for detecting integrity of client code in PON (Passive Optical Network) network system |
| CN104504538B (en) * | 2015-01-09 | 2017-09-26 | 河北斯博思创新科技有限公司 | A kind of distributed talent's archive management system |
| CN104853346B (en) * | 2015-02-12 | 2018-10-19 | 数据通信科学技术研究所 | It is a kind of to realize that mobile terminal data flows to the method and system that bypassed |
| US10565588B2 (en) | 2015-03-12 | 2020-02-18 | International Business Machines Corporation | Cryptographic methods implementing proofs of work in systems of interconnected nodes |
| CN105897737B (en) * | 2016-05-17 | 2019-03-29 | 上海凭安网络科技有限公司 | A kind of method of secure data exchange |
| CN105897783B (en) * | 2016-07-01 | 2018-11-27 | 中国联合网络通信有限公司重庆市分公司 | It is a kind of controllably can pipe sensitive data switching technology implementation method |
| CN107707507A (en) * | 2016-08-08 | 2018-02-16 | 深圳中电长城信息安全系统有限公司 | Control method and system based on safe pool network data transmission |
| CN107995147B (en) * | 2016-10-27 | 2021-05-14 | 中国电信股份有限公司 | Metadata encryption and decryption method and system based on distributed file system |
| CN106778328B (en) * | 2016-11-23 | 2019-12-10 | 中国人民解放军信息工程大学 | Sensitive information security protection method and system |
| CN107633081A (en) * | 2017-09-26 | 2018-01-26 | 浙江极赢信息技术有限公司 | A kind of querying method and system of user profile of breaking one's promise |
| US10831911B2 (en) * | 2017-12-19 | 2020-11-10 | Industrial Technology Research Institute | Method, computer program product and processing system for generating secure alternative representation |
| CN109255263A (en) * | 2018-10-17 | 2019-01-22 | 北京京航计算通讯研究所 | Big data exchanges management system between net based on secure memory techniques |
| CN109800050B (en) * | 2018-11-22 | 2021-11-23 | 海光信息技术股份有限公司 | Memory management method, device, related equipment and system of virtual machine |
| CN109725983B (en) * | 2018-11-22 | 2021-07-27 | 海光信息技术股份有限公司 | Data exchange method, device, related equipment and system |
| US10909261B2 (en) | 2018-12-12 | 2021-02-02 | Industrial Technology Research Institute | Method and computer program product for generating secure alternative representation for numerical datum |
| CN109635583B (en) * | 2018-12-27 | 2021-07-27 | 中国电子科技集团公司第三十研究所 | Information security sharing and exchanging method and system based on data security label |
| CN111444683A (en) * | 2018-12-28 | 2020-07-24 | 北京奇虎科技有限公司 | Rich text processing method and device, computing equipment and computer storage medium |
| CN110290060B (en) * | 2019-07-15 | 2021-12-14 | 腾讯科技(深圳)有限公司 | Cross-network communication method, device and storage medium |
| CN110515916B (en) * | 2019-07-26 | 2022-12-23 | 济南浪潮数据技术有限公司 | Master-slave distributed file processing method, master node, slave node and system |
| CN110807587B (en) * | 2019-10-31 | 2023-08-15 | 神州数码融信软件有限公司 | Flow model security verification method and device |
| CN112287364A (en) * | 2020-10-22 | 2021-01-29 | 同盾控股有限公司 | Data sharing method, device, system, medium and electronic equipment |
| CN112416598B (en) * | 2020-12-01 | 2023-07-25 | 网易(杭州)网络有限公司 | Message processing method, device, electronic equipment and storage medium |
| CN112699390B (en) * | 2020-12-29 | 2023-07-25 | 中国联合网络通信集团有限公司 | Data processing method, device, electronic equipment, storage medium and program product |
| CN112866351B (en) * | 2020-12-31 | 2023-08-04 | 成都佳华物链云科技有限公司 | Data interaction method, device, server and storage medium |
| CN113312881B (en) * | 2021-05-06 | 2024-04-05 | 上海移远通信技术股份有限公司 | Frequency band information conversion method and device, electronic equipment and computer storage medium |
| CN113420002A (en) * | 2021-06-24 | 2021-09-21 | 阿波罗智联(北京)科技有限公司 | Data synchronization method and device, electronic equipment and storage medium |
| CN115510427B (en) * | 2022-11-21 | 2023-03-31 | 博智安全科技股份有限公司 | Cross-platform process running credible monitoring method and system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101025772A (en) * | 2006-02-24 | 2007-08-29 | 韩燕� | Time-division isolation data exchange method and device |
| CN101635730A (en) * | 2009-08-28 | 2010-01-27 | 深圳市永达电子股份有限公司 | Method and system for safe management of internal network information of small and medium-sized enterprises |
-
2012
- 2012-10-26 CN CN201210417301.5A patent/CN102916963B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101025772A (en) * | 2006-02-24 | 2007-08-29 | 韩燕� | Time-division isolation data exchange method and device |
| CN101635730A (en) * | 2009-08-28 | 2010-01-27 | 深圳市永达电子股份有限公司 | Method and system for safe management of internal network information of small and medium-sized enterprises |
Non-Patent Citations (2)
| Title |
|---|
| 李楠."内外网交换平台审计系统的研究与实现".《中国优秀硕士学位论文全文数据库(电子期刊)》.2012,(第3期),I139-328. * |
| 王珺."物理隔离环境中的电子邮件安全交换".《中国优秀硕士学位论文全文数据库(电子期刊)》.2008,(第7期),I139-167. * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106802832A (en) * | 2017-01-06 | 2017-06-06 | 网易(杭州)网络有限公司 | Jenkins node states management method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102916963A (en) | 2013-02-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102916963B (en) | Safe data exchange method, device, nodes and safe data exchange system | |
| KR101075844B1 (en) | Method for remote message attestation in a communication system | |
| WO2020237868A1 (en) | Data transmission method, electronic device, server and storage medium | |
| JP4240297B2 (en) | Terminal device, authentication terminal program, device authentication server, device authentication program | |
| CN110998556A (en) | Data isolation in blockchain networks | |
| US8347083B1 (en) | Encrypted cross-origin communication via an intermediary | |
| CN112217835B (en) | Message data processing method and device, server and terminal equipment | |
| US8566934B2 (en) | Apparatus and method for enhancing security of data on a host computing device and a peripheral device | |
| US20080307488A1 (en) | Systems And Methods For Enterprise Security With Collaborative Peer To Peer Architecture | |
| JP2009087035A (en) | Encryption client device, encryption package distribution system, encryption container distribution system, encryption management server device, solftware module management device and software module management program | |
| CN113435888B (en) | Account data processing method, device, equipment and storage medium | |
| CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
| CN113872932B (en) | SGX-based micro-service interface authentication method, system, terminal and storage medium | |
| WO2017066995A1 (en) | Method and device for preventing unauthorized access to server | |
| CN114244508A (en) | Data encryption method, device, equipment and storage medium | |
| US11258766B2 (en) | VNF package signing system and VNF package signing method | |
| CN108418679A (en) | The method, apparatus and electronic equipment of key are handled under a kind of multiple data centers | |
| CN112287312B (en) | Method and system for logging in Windows operating system | |
| CN104753879B (en) | Method and system, the method and system of cloud service provider certification terminal of terminal authentication cloud service provider | |
| CN109450643B (en) | Signature verification method realized on Android platform based on native service | |
| CN107070653A (en) | A kind of POS transaction encryptions system, method, POSP front servers and POS terminal | |
| TWI546698B (en) | Login system based on servers, login authentication server, and authentication method thereof | |
| CN106254341A (en) | Data fingerprint extracting method and system for centralized electronic data safety system | |
| CN108880785B (en) | Method, device, terminal and readable medium for detecting C + + virtual table quilt hook | |
| CN105323287B (en) | Third-party application program login method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |