Summary of the invention
Embodiments provide a kind of government data polyplant, data provide end, system and method, it is possible to ensure
Government data is carried out safe sharing.
A kind of government data polyplant, provides end to be connected with each data of peripheral hardware, including: polymerized unit, lookup rope
Draw unit and data transmission unit, wherein,
Described polymerized unit, provides each data in end to provide end to send for receiving each data of described peripheral hardware
The first corresponding encrypted characters string, is polymerized each the first encrypted characters string, and by each first encrypted characters string with corresponding
Data provide end set up corresponding relation;
Described lookup indexing units, for receiving the second encrypted characters string and authorized agreement that the terminal of peripheral hardware sends, and
Each the first encrypted characters string being polymerized with described polymerized unit by described second encrypted characters string matches, and determines and described
Target the first encrypted characters string that two encrypted characters strings match, the corresponding relation set up according to described polymerized unit, by described
Second encrypted characters string is sent to the target data of peripheral hardware corresponding to described target the first encrypted characters string with authorized agreement to be provided
End;
Described data transmission unit, for receiving the encryption data that the target data of described peripheral hardware provides end to send, and root
The authorized agreement received according to described lookup indexing units, is sent to the terminal of described peripheral hardware by described encryption data.
Preferably, described polymerized unit, including: the first encryption interface and index generation subelement, wherein,
Described first encryption interface, is used for arranging irreversible encryption method, provides end to send out each data of peripheral hardware
The critical data sent is encrypted, and forms the first encrypted characters string, and is sent respectively to by described first encrypted characters string described
Index generates subelement;
Described index generates subelement, for receiving the described first encrypted characters string that described first encryption interface sends,
And provide client information to store in the index list pre-set the data of described first encrypted characters string and corresponding peripheral hardware,
The data of the peripheral hardware setting up described first encrypted characters string and correspondence provide the association between client information.
Preferably, described lookup indexing units, including: the second encryption interface, coupling subelement and transmission subelement, its
In,
Described second encryption interface, is used for arranging irreversible encryption method, receives the search pass that the terminal of peripheral hardware sends
Key word and authorized agreement, encrypt described search key, forms the second encrypted characters string;
Described coupling subelement, for being polymerized list by the second encrypted characters string that described second encryption interface is formed with described
Each the first encrypted characters string of unit's polymerization mates, when described second encrypted characters string belongs to each first encrypted word described
During target the first encrypted characters string a part of in symbol string, determine that described second encrypted characters string is encrypted with described target first
Character string matches, the corresponding relation set up according to described polymerized unit, determines that the target data of peripheral hardware provides end;
Described transmission subelement, for the authorized agreement arrived by described second encryption interface and the second encryption of formation
Character string is sent to the target data offer end that described coupling subelement determines.
A kind of data provide end, including: separative element, symmetric cryptography unit, indexing units and transmitting element, wherein,
Described separative element, for identifying the data of storage, separates the critical data in described data with sensitive data,
And described critical data is sent to the government data polyplant of peripheral hardware;
Described symmetric cryptography unit, is used for arranging symmetric encryption method, and utilizes described symmetric encryption method, by described point
Encrypt from the isolated sensitive data of unit;
Described indexing units, for receiving the described encryption key data that the government data polyplant of described peripheral hardware sends
First encrypted characters string of rear formation, and set up the sensitive number of described first encrypted characters string and the encryption of described symmetric cryptography unit
Index relative between according to, and the second encrypted characters string that the government data polyplant receiving peripheral hardware sends, according to described the
Two encrypted characters strings, determine the target susceptibility data of encryption;
Described transmitting element, for sending the target susceptibility data of the encryption that described indexing units determines to described peripheral hardware
Government data polyplant.
Preferably, described data provide end, including:
Government data is open provides end and collage-credit data to provide any one or more in end.
A kind of government data paradigmatic system, including: any of the above-described described government data polyplant and any of the above-described institute
The data stated provide end.
A kind of government data polymerization, provides end to be connected with each data, including:
Receive the first corresponding encrypted characters string that each data described provide each data in end to provide end to send, will
Each the first encrypted characters string is polymerized;
End is provided to set up corresponding relation with corresponding data each first encrypted characters string;
When receiving the second encrypted characters string and the authorized agreement that terminal sends, by described second encrypted characters string with poly-
Each the first encrypted characters string closed matches;
Determine target the first encrypted characters string matched with described second encrypted characters string;
According to described corresponding relation, described second encrypted characters string and authorized agreement are sent to described target first and encrypt
The target data offer end that character string is corresponding;
Receive the encryption data that described target data provides end to send, and according to described authorized agreement, by described encryption number
According to being sent to described terminal.
Preferably, said method farther includes: arranges the first encryption interface, and encrypts setting in interface described first
Irreversible encryption method;
Each data described in described reception provide the first corresponding encrypted characters that each data in end provide end to send
String, including: the critical data providing end to send each data by described first encryption interface is encrypted, and forms first
Encrypted characters string, and described first encrypted characters string is stored in the index list pre-set.
Preferably, said method farther includes: arranges the second encryption interface, and encrypts setting in interface described second
Symmetric encryption method;
Described the second encrypted characters string and the authorized agreement receiving terminal transmission, including:
The search key sent by described second encryption interface terminal and authorized agreement, to described search key
Word is encrypted, and forms the second encrypted characters string;
Obtain described second encrypted characters string.
Preferably, described determine target the first encrypted characters string matched with described second encrypted characters string,
Target the first encrypted characters string in described second encrypted characters string belongs to each the first encrypted characters string described
A part of time, determine that described second encrypted characters string matches with described target the first encrypted characters string.
Embodiments provide a kind of government data polyplant, data provide end, system and method, government data
Polyplant, each data of this government data polyplant and peripheral hardware provide end to be connected, by polymerized unit receive described outside
If each data provide the first corresponding encrypted characters string that each data in end provide end to send, by each the first encryption
Character string is polymerized, and provides end to set up corresponding relation with corresponding data each first encrypted characters string;By searching rope
Draw unit and receive the second encrypted characters string and authorized agreement that the terminal of peripheral hardware sends, and by described second encrypted characters string and institute
Each the first encrypted characters string stating polymerized unit polymerization matches, and determines the target matched with described second encrypted characters string
First encrypted characters string, the corresponding relation set up according to described polymerized unit, by described second encrypted characters string and authorized agreement
The target data being sent to peripheral hardware corresponding to described target the first encrypted characters string provides end;Institute is received by data transmission unit
State the encryption data that the target data of peripheral hardware provides end to send, and the authorized agreement received according to described lookup indexing units,
Described encryption data is sent to the terminal of described peripheral hardware, the process carried out data transmission due to above-mentioned government data polyplant
It is all data such as the encrypted characters string and encryption data etc. of encryption, thus ensure that and government data is carried out safe sharing.
Detailed description of the invention
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearer, below in conjunction with the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
The a part of embodiment of the present invention rather than whole embodiments, based on the embodiment in the present invention, those of ordinary skill in the art
The every other embodiment obtained on the premise of not making creative work, broadly falls into the scope of protection of the invention.
As it is shown in figure 1, the embodiment of the present invention provides a kind of government data polyplant, this government data polyplant is with outer
If each data provide end to be connected, including: polymerized unit 101, search indexing units 102 and data transmission unit 103, its
In,
Described polymerized unit 101, provides each data in end to provide end to send out for receiving each data of described peripheral hardware
The the first corresponding encrypted characters string sent, is polymerized each the first encrypted characters string, and by each first encrypted characters string with
Corresponding data provide end to set up corresponding relation;
Described lookup indexing units 102, for receiving the second encrypted characters string and authorized agreement that the terminal of peripheral hardware sends,
And each the first encrypted characters string being polymerized with described polymerized unit 101 by described second encrypted characters string matches, determine with
Target the first encrypted characters string that described second encrypted characters string matches, the corresponding pass set up according to described polymerized unit 101
System, is sent to the target of peripheral hardware corresponding to described target the first encrypted characters string by described second encrypted characters string with authorized agreement
Data provide end;
Described data transmission unit 103, for receiving the encryption data that the target data of described peripheral hardware provides end to send, and
The authorized agreement received according to described lookup indexing units 102, is sent to the terminal of described peripheral hardware by described encryption data.
In the embodiment shown in fig. 1, each in each data offer end of described peripheral hardware is provided by polymerized unit
Data provide the first corresponding encrypted characters string that end sends, and are polymerized by each the first encrypted characters string, and by each first
Encrypted characters string provides end to set up corresponding relation with corresponding data;Sent by the terminal searching indexing units reception peripheral hardware
Second encrypted characters string and authorized agreement, and described second encrypted characters string is polymerized with described polymerized unit each first add
Close character string matches, and determines target the first encrypted characters string matched with described second encrypted characters string, according to described poly-
Close the corresponding relation that unit is set up, described second encrypted characters string and authorized agreement are sent to described target the first encrypted characters
The target data of the peripheral hardware that string is corresponding provides end;The target data being received described peripheral hardware by data transmission unit provides end to send
Encryption data, and the authorized agreement received according to described lookup indexing units, described encryption data is sent to described outside
If terminal, the process carried out data transmission due to above-mentioned government data polyplant is all the data such as encrypted characters string of encryption
With encryption data etc., thus ensure that and government data is carried out safe sharing.
As in figure 2 it is shown, in an alternative embodiment of the invention, described polymerized unit 101, including: the first encryption interface 201 He
Index generation subelement 202, wherein,
Described first encryption interface 201, is used for arranging irreversible encryption method, provides end to each data of peripheral hardware
The critical data sent is encrypted, and forms the first encrypted characters string, and described first encrypted characters string is sent respectively to institute
State index and generate subelement 202;
Described index generates subelement 202, for receiving described first encrypted word that described first encryption interface 201 sends
Symbol string, and provide client information to store the index column pre-set the data of described first encrypted characters string and corresponding peripheral hardware
In table, the data of the peripheral hardware setting up described first encrypted characters string and correspondence provide the association between client information.
As it is shown on figure 3, in still another embodiment of the process, described lookup indexing units 102, including: the second encryption interface
301, coupling subelement 302 and transmission subelement 303, wherein,
Described second encryption interface 301, is used for arranging irreversible encryption method, receives the search that the terminal of peripheral hardware sends
Keyword and authorized agreement, be encrypted described search key, forms the second encrypted characters string;
Described coupling subelement 302, the second encrypted characters string being used for forming described second encryption interface 301 is with described
Each the first encrypted characters string of polymerized unit 101 polymerization mates, when described second encrypted characters string belong to described each
During target the first encrypted characters string in the first encrypted characters string a part of, determine described second encrypted characters string and described mesh
Mark the first encrypted characters string to match, the corresponding relation set up according to described polymerized unit 101, determine that the target data of peripheral hardware carries
For end;
Described transmission subelement 303, for by the of the described second encryption authorized agreement that receives of interface 301 and formation
Two encrypted characters strings are sent to the target data offer end that described coupling subelement 302 determines.
As shown in Figure 4, the embodiment of the present invention provides a kind of data to provide end, and these data provide end, described with any of the above-described
Government data polyplant be connected, including separative element 401, symmetric cryptography unit 402, indexing units 403 and transmitting element
404, wherein,
Described separative element 401, the critical data in the data identifying storage and sensitive data, by described pass bond number
Separate according to sensitive data, and described critical data is sent to the government data polyplant of peripheral hardware;
Described symmetric cryptography unit 402, is used for arranging symmetric encryption method, and utilizes described symmetric encryption method, by institute
State the encryption of separative element 401 isolated sensitive data;
Described indexing units 403, for receiving the described critical data that the government data polyplant of described peripheral hardware sends
The the first encrypted characters string formed after encryption, and set up described first encrypted characters string and encrypt with described symmetric cryptography unit 402
Sensitive data between index relative, and receive peripheral hardware government data polyplant send the second encrypted characters string, root
According to described second encrypted characters string, determine the target susceptibility data of encryption;
Described transmitting element 404, for sending the target susceptibility data of the encryption that described indexing units 403 determines to described
The government data polyplant of peripheral hardware.
In an alternative embodiment of the invention, described data provide end, including: government data is open provides end and collage-credit data
Any one or more in end is provided.
The contents such as the information between each unit in said apparatus is mutual, execution process, owing to implementing with the inventive method
Example is based on same design, and particular content can be found in the narration in following the inventive method embodiment, and here is omitted.
As it is shown in figure 5, the embodiment of the present invention provides a kind of government data paradigmatic system, including: any of the above-described described political affairs
Business data aggregate device 501 and at least one any of the above-described described data provide end 502.
As shown in Figure 6, embodiments provide a kind of government data polymerization, provide end phase with each data
Even, the method may comprise steps of:
Step 601: receive the first corresponding encrypted characters that each data provide each data in end to provide end to send
String, is polymerized each the first encrypted characters string;
Step 602: provide end to set up corresponding relation with corresponding data each first encrypted characters string;
Step 603: when receiving the second encrypted characters string and the authorized agreement that terminal sends, by the second encrypted characters string
Match with each the first encrypted characters string being polymerized;
Step 604: determine target the first encrypted characters string matched with the second encrypted characters string;
Step 605: according to corresponding relation, the second encrypted characters string and authorized agreement are sent to target the first encrypted characters
The target data that string is corresponding provides end;
Step 606: receive the encryption data that target data provides end to send, and according to authorized agreement, encryption data is sent out
Give terminal.
In an embodiment of the invention, in order to be provided the critical data in end by each data, the first encryption is obtained
Character string, said method farther includes: arrange the first encryption interface, and described first encrypt interface is arranged irreversible
Encryption method;The detailed description of the invention of step 601, including: provide end to send out each data by described first encryption interface
The critical data sent is encrypted, and forms the first encrypted characters string, and is stored by described first encrypted characters string and pre-set
Index list in.The irreversible encryption method such as HSAH method that arranges in this step, md5 encryption method etc., Ke Yidan
To data are encrypted, and can not be decrypted, when utilizing same encryption method, during to same data encryption, adding of formation
Close character string is identical, then, it is only necessary to encrypted characters string i.e. can determine that the information of correspondence, and government data polyplant passes through
Store the first encrypted characters string and the relation of data offer end, then when determining target the first encrypted characters string, i.e. can determine that
Target data provides end while guaranteeing data security, and provides the foundation for data sharing.Such as: to critical data name,
It is abcdefg that identification card number and sex are encrypted formation the first encrypted characters string.
In an embodiment of the invention, in order to ensure to provide the accuracy of data, and realize the keyword of search is entered
Row encryption, said method farther includes: arranges the second encryption interface, and arranges symmetric cryptography in described second encryption interface
Method;In step 603, described in receive terminal send the second encrypted characters string and authorized agreement, including: by described second
The search key of encryption interface terminal transmission and authorized agreement, be encrypted described search key, form second
Encrypted characters string;Obtain described second encrypted characters string.Encryption method and the first encrypted characters string when the second encrypted characters string
Encryption method consistent time, identical information can corresponding identical encrypted characters string, such as: search key is in the method
Name, the second encrypted characters string of its correspondence is ab.
In an embodiment of the invention, in order to ensure the accuracy of coupling, the detailed description of the invention of step 604, including:
A part for target the first encrypted characters string in described second encrypted characters string belongs to each the first encrypted characters string described
Time, determine that described second encrypted characters string matches with described target the first encrypted characters string.Such as: above-mentioned second encrypted characters
String ab is a part of the first encrypted characters string abcdefg, then the second encrypted characters string and the first encrypted characters String matching are described.
Below as a example by the interaction of government data polyplant, data offer end and terminal room, launch explanation government affairs
Data aggregation method, as it is shown in fig. 7, this government data polymerization may include steps of:
Step 701: government data polyplant arranges the first encryption interface and the second encryption interface;
This first encryption interface primarily to provide end such as government data open offer end and collage-credit data to carry to data
Be encrypted for the critical data in end etc., this second encryption interface primarily to the search key that sends of ciphering terminal,
It addition, government data polyplant the respectively first encryption interface arranges irreversible encryption method in this step, second adds
The irreversible encryption method that contiguity mouth is arranged in irreversible encryption method, and these two encryption interfaces is consistent, from
And ensure that the follow-up encrypted characters String matching to being formed is accurately.
Step 702: provide end that symmetric encryption method is set in data;
The symmetric encryption method that arranges in this step primarily in subsequent step data provide end to separate
The information etc. of paying taxes of sensitive data such as user is encrypted, and this symmetric encryption method can make the terminal solution with authorized agreement
The sensitive data of this encryption close, thus ensure the safety of data.
Step 703: data provide the data of end identification self storage;
Such as: when data provide end to be tax system, the data of this tax system storage are mainly correlated with the tax
Government data, when data provide end to be public security system, this public security system is mainly the individual essential information etc. of user.
Step 704: data provide end to isolate critical data and sensitive data from data;
Such as: tax system is from the data self stored, and isolated critical data is Business Name, legal person, company
Addresses etc., sensitive data is company's tax affairs etc.;Public security system is from the data self stored, and isolated critical data is
Name, identification card number, sex etc., sensitive data is home address, phone, work unit etc..
Step 705: data provide end to utilize symmetric cryptography to be encrypted by sensitive data;
Tax affairs is encrypted by the i.e. tax system of above-mentioned steps 704;Public security system is to home address, phone, work
Office etc. are encrypted
Step 706: data provide end that critical data is sent to government data polyplant;
Step 707: the critical data providing end to send each data by the first encryption interface is encrypted, and is formed
First encrypted characters string;
The process of step 706 and step 707 completes the encryption to critical data, owing to encryption is irreversible encryption, i.e.
Critical data after encryption is also encryption for government data polyplant, and government data polyplant can not be to this
The critical data of encryption is decrypted, thus ensure that the safety of critical data.
Step 708: the first encrypted characters string is stored in the index list pre-set by government data polyplant;
Step 709: provide end to set up corresponding relation with corresponding data each first encrypted characters string;
As a example by the tax system mentioned by above-mentioned steps and public security system, step 708 and the detailed process of step 709: right
Tax system isolated critical data Business Name, legal person, CompanyAddress etc. are encrypted and form encrypted characters string 1, and
Index list make this encrypted characters string 1 corresponding with tax system;Critical data isolated to public security system is name, identity
Card number, sex etc. are encrypted formation encrypted characters string 2, and make this encrypted characters string 2 and public security system pair in index list
Should.
Step 710: data provide the first encrypted characters string that end storage is corresponding, and set up the first encrypted characters string with sensitive
Index relative between data;
The data of this step provide end to store the first encrypted characters string primarily to be further ensured that data provide end
Safety, even if the process of whole data sharing all completes in the case of data encryption.Such as: tax system is to encryption
Character string 1 stores, and sets up the index relative between the sensitive data 1 after the encryption of this encrypted characters string 1 correspondence, i.e. from
Encrypted characters string 1 can find sensitive data 1.
Each step above-mentioned is primarily to the basis that the realization of subsequent step is carried out prepares, by above steps
Each data provide the respective data that end is the most each held, and are encrypted data, it is ensured that the peace of data sharing simultaneously
Quan Xing, and the critical data after the simply storage encryption of government data polyplant, and critical data can not be decrypted, protecting
While holding government data privatization, it is achieved that sharing of government data.
Step 711: the search key sent by the second encryption interface terminal and authorized agreement, to search key
Word is encrypted, and forms the second encrypted characters string;
Such as: user sends, by terminal, the authorized agreement that search key is Business Name and this terminal, then to key
Word Business Name is encrypted.The most such as search key is name, the second encryption that the name that formed by this step is corresponding
Character string is ab.
Step 712: the second encrypted characters string is matched with each the first encrypted characters string in index list;
Such as: the second encrypted characters string ab successively with the first encrypted characters string 12345,67890 in index list,
Abcdefg etc. mates.
Step 713: determine target the first encrypted characters string matched with the second encrypted characters string;
The process that implements of this step: the target in the second encrypted characters string belongs to each the first encrypted characters string
During one encrypted characters string a part of, determine that the second encrypted characters string matches with target the first encrypted characters string.Such as: above-mentioned
A part in second encrypted characters string ab and the first encrypted characters string abcdefg is consistent, then the second encrypted characters string ab is described
Mate with the first encrypted characters string abcdefg.The not quite identical reason of two encrypted characters strings is that search key is often only
It is a part for above-mentioned critical data and is not necessarily complete critical data.
Step 714: according to corresponding relation, the second encrypted characters string and authorized agreement are sent to target the first encrypted characters
The target data that string is corresponding provides end;
Above-mentioned steps 709 has had built up the first encrypted characters string and data provide the corresponding relation between end, then logical
Cross above-mentioned corresponding relation to be easy to find the target data offer end that target the first encrypted characters string is corresponding.
Step 715: target data provides end according to the second encrypted characters string and authorized agreement, determines the sensitive number after encryption
According to, and the sensitive data after encryption is sent to government data polyplant;
Step 716: government data polyplant receives the sensitive data after encryption, and according to authorized agreement, after encrypting
Sensitive data be sent to terminal.
Due to the sensitive number in above-mentioned steps 710, after each data provide end to be the first encrypted characters string and encryption
Establish corresponding relation according to, after data provide end to confirm that authorized agreement is correct again, the sensitive data after encryption is passed through political affairs
Business data aggregate device is sent to terminal, and what this process government data polyplant obtained is the sensitive data of encryption, and only
There is the terminal with authorized agreement could sensitive data be decrypted, thus ensure that the safety of government data.
According to such scheme, various embodiments of the present invention, at least have the advantages that
1. each data in each data offer end of described peripheral hardware are provided by polymerized unit the right of end transmission is provided
The the first encrypted characters string answered, is polymerized each the first encrypted characters string, and by each first encrypted characters string with corresponding
Data provide end to set up corresponding relation;By searching the second encrypted characters string of the terminal transmission of indexing units reception peripheral hardware and awarding
Weigh agreement, and each the first encrypted characters string being polymerized with described polymerized unit by described second encrypted characters string matches, really
Fixed target the first encrypted characters string matched with described second encrypted characters string, the corresponding pass set up according to described polymerized unit
System, is sent to the target of peripheral hardware corresponding to described target the first encrypted characters string by described second encrypted characters string with authorized agreement
Data provide end;By data transmission unit receive described peripheral hardware target data provide end send encryption data, and according to
The authorized agreement that described lookup indexing units receives, is sent to the terminal of described peripheral hardware by described encryption data, due to above-mentioned
The process that government data polyplant carries out data transmission is all data such as the encrypted characters string and encryption data etc. of encryption, from
And ensure that and government data is carried out safe sharing.
2., by arranging irreversible encryption method in the first encryption interface, provide end to send out each data of peripheral hardware
The critical data sent is encrypted, and forms the first encrypted characters string, by arranging irreversible encryption side in the second encryption interface
Method, is encrypted the keyword of the terminal transmission of peripheral hardware, forms the second encrypted characters string so that enter government data polymerization dress
The data put are all through encryption, it is ensured that the safety of data transmission procedure.
3. the pass bond number after the government data polyplant in the embodiment of the present invention only carries out the encryption of critical data, encryption
According to mating between the keyword after encryption, and determine that target data provides end, and sensitive data remains each data
End oneself is provided to hold, while keeping government data privatization, it is achieved that sharing of government data.
It should be noted that in this article, the relational terms of such as first and second etc is used merely to an entity
Or operation separates with another entity or operating space, and not necessarily require or imply existence between these entities or operation
The relation of any this reality or order.And, term " includes ", " comprising " or its any other variant are intended to non-
Comprising of exclusiveness, so that include that the process of a series of key element, method, article or equipment not only include those key elements,
But also include other key elements being not expressly set out, or also include being consolidated by this process, method, article or equipment
Some key elements.In the case of there is no more restriction, statement the key element " including a 〃 " and limiting, do not arrange
Except there is also other same factor in including the process of described key element, method, article or equipment.
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can be passed through
The hardware that programmed instruction is relevant completes, and aforesaid program can be stored in the storage medium of embodied on computer readable, this program
Upon execution, perform to include the step of said method embodiment;And aforesaid storage medium includes: ROM, RAM, magnetic disc or light
In the various medium that can store program code such as dish.
Last it should be understood that the foregoing is only presently preferred embodiments of the present invention, it is merely to illustrate the skill of the present invention
Art scheme, is not intended to limit protection scope of the present invention.All made within the spirit and principles in the present invention any amendment,
Equivalent, improvement etc., be all contained in protection scope of the present invention.