CN110933035A - Configuration information transmission method, transmission system and storage device - Google Patents

Configuration information transmission method, transmission system and storage device Download PDF

Info

Publication number
CN110933035A
CN110933035A CN201911036561.6A CN201911036561A CN110933035A CN 110933035 A CN110933035 A CN 110933035A CN 201911036561 A CN201911036561 A CN 201911036561A CN 110933035 A CN110933035 A CN 110933035A
Authority
CN
China
Prior art keywords
preset
configuration information
mirror image
center
secret key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911036561.6A
Other languages
Chinese (zh)
Other versions
CN110933035B (en
Inventor
李停
钱海锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Tuya Information Technology Co Ltd
Original Assignee
Hangzhou Tuya Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Tuya Information Technology Co Ltd filed Critical Hangzhou Tuya Information Technology Co Ltd
Priority to CN201911036561.6A priority Critical patent/CN110933035B/en
Publication of CN110933035A publication Critical patent/CN110933035A/en
Application granted granted Critical
Publication of CN110933035B publication Critical patent/CN110933035B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles

Abstract

The application discloses a transmission method of configuration information, a transmission system and a storage device thereof, wherein the transmission method comprises the following steps: a preset configuration center establishes a new preset application program and correspondingly generates a preset secret key; sending the preset secret key to a packaging machine through a set interface so that the packaging machine sends a mirror image of the preset secret key to a mirror image center; acquiring configuration information of a preset application program, and symmetrically encrypting the configuration information through a preset secret key; and sending the encrypted configuration information to an application terminal of a preset application program so that the application terminal acquires the mirror image of the preset key from the mirror image center, analyzes the preset key, and decrypts the encrypted configuration information to acquire the configuration information. Through the mode, the corresponding configuration information is transmitted and encrypted by adopting the preset secret key, so that data encryption in the transmission process of the configuration information can be effectively realized, the preset secret key is injected into the mirror image center, and the unified management of the preset secret key is facilitated.

Description

Configuration information transmission method, transmission system and storage device
Technical Field
The present application relates to the field of information transmission technologies, and in particular, to a method for transmitting configuration information, a transmission system and a storage device thereof.
Background
At present, application programs distributed in different areas usually send pull http (hypertext transfer protocol) requests to corresponding configuration centers through an intranet, and configuration data of the applications are obtained from the corresponding configuration centers, wherein the configuration data are transmitted in a clear text mode, and an interface of the pull configuration is not subjected to authority isolation.
Therefore, the possibility exists that the relevant configuration information of all the applications can be obtained by using one node application terminal in the area in a mode of changing request parameter simulation, and therefore the information safety hazard is caused.
The existing technical means can only achieve the relative security that the outside of the area can not obtain the configuration information data of the area, but the data center of the area can not effectively prevent the security that the internal application terminal pulls the corresponding configuration information data, and the serious condition can cause the data of some online confidential configuration information to be leaked inside, thereby causing the security failure.
Disclosure of Invention
The transmission method can solve the problems that a local area data center cannot prevent an internal application terminal from pulling corresponding configuration data safely, and some confidential configuration data on a line can be leaked inside to cause safety faults under severe conditions.
In order to solve the technical problem, the application adopts a technical scheme that: a method for transmitting configuration information is provided, wherein the method for transmitting the configuration information comprises the following steps: a preset configuration center establishes a new preset application program and correspondingly generates a preset secret key; sending the preset secret key to a packaging machine through a set interface so that the packaging machine sends a mirror image of the preset secret key to a mirror image center; acquiring configuration information of a preset application program, and symmetrically encrypting the configuration information through a preset secret key; and sending the encrypted configuration information to an application terminal of a preset application program so that the application terminal acquires the mirror image of the preset key from the mirror image center, analyzes the preset key, and decrypts the encrypted configuration information to acquire the configuration information.
The method comprises the steps that a preset application program comprises at least two application programs and at least two secret keys are correspondingly generated, the preset configuration center creates the new preset application program, and after the step of correspondingly generating the preset secret keys, the preset secret keys are sent to a packaging machine through a set interface, so that the packaging machine can send the mirror images of the preset secret keys to a mirror image center before the step of sending the mirror images to the mirror image center, and the method further comprises the following steps: performing confusion processing on a preset secret key to generate a preset confusion secret key, wherein the preset confusion secret key comprises at least two confusion secret keys; the method comprises the following steps of sending a preset secret key to a packaging machine through a set interface, so that the packaging machine sends a mirror image of the preset secret key to a mirror image center, wherein the mirror image center comprises the following steps: sending the preset confusion key to a packaging machine through a set interface so that the packaging machine sends a mirror image of the preset confusion key to a mirror image center; the step of obtaining the configuration information of the preset application program to symmetrically encrypt the configuration information through a preset secret key comprises: acquiring configuration information of a preset application program, and symmetrically encrypting the configuration information through a preset confusion key; sending the encrypted configuration information to an application terminal of a preset application program, so that the application terminal acquires a mirror image of a preset key from a mirror image center, analyzes the preset key, decrypts the encrypted configuration information, and acquires the configuration information, wherein the step of acquiring the configuration information comprises the following steps: and sending the encrypted configuration information to an application terminal of a preset application program so that the application terminal acquires a mirror image of a preset confusion key from a mirror image center, analyzes the preset key, and decrypts the encrypted configuration information to acquire the configuration information.
The step of obtaining the configuration information of the preset application program to symmetrically encrypt the configuration information through the preset secret key comprises the following steps: the configuration information and the preset secret key of the preset application program are obtained according to a request for pulling the configuration http initiated to a preset configuration center by an application terminal of the preset application program, so that the configuration information is symmetrically encrypted through the preset secret key.
The method comprises the following steps that a preset configuration center comprises a first configuration center and a second configuration center, a new preset application program is established in the preset configuration center, and a corresponding preset secret key is generated, wherein the steps comprise: the first configuration center creates a new preset application program, correspondingly generates a preset secret key, and synchronously transmits the preset secret key to the second configuration center.
Wherein, will predetermine the key and send for the baling press through setting for the interface to make the baling press send the mirror image of predetermineeing the key to the step in mirror image center includes: the preset secret key is sent to the packaging machine through the set interface, so that the packaging machine drives the preset secret key into a preset path of the mirror image center, and the application container engine mirror image including the preset secret key is pushed to the mirror image center.
Wherein, will predetermine the key and send for the baling press through setting for the interface to make the baling press squeeze into the preset route of mirror image center with predetermineeing the key, and will include the step that the application container engine mirror image propelling movement of predetermineeing the key reaches the mirror image center and include: and sending the preset secret key to the packaging machine through a set interface, so that when the packaging machine sends a task of constructing the preset application program in the continuous integrated system, the code of the preset application program is pulled from the code warehouse to be driven into a preset path of the mirror image center together with the preset secret key, and the application container engine image comprising the preset secret key and the code is pushed to the mirror image center.
Wherein, the set interface is authenticated and limits the IP access of the packer corresponding to the preset configuration center.
In order to solve the above technical problem, the present application adopts another technical solution: there is provided a transmission system of configuration information, wherein the transmission system of configuration information includes: the system comprises a preset configuration center, a configuration processing center and a configuration processing center, wherein the preset configuration center is used for newly building a preset application program and correspondingly generating a preset secret key so as to symmetrically encrypt configuration information through the preset secret key when the configuration information of the preset application program is obtained; the packaging machine is coupled with the preset configuration center and used for receiving a preset secret key sent by the preset configuration center through a set interface; the mirror image center is coupled with the packaging machine and used for receiving a mirror image of a preset secret key sent by the packaging machine; and the application terminal is coupled with the preset configuration center and the mirror image center, and is used for receiving the encrypted configuration information sent by the preset configuration center, acquiring the mirror image of the preset secret key from the mirror image center, analyzing the preset secret key, and decrypting the encrypted configuration information to acquire the configuration information.
Wherein, transmission system still includes: a persistent integration system and code repository; the continuous integration system and the code warehouse are coupled with the packaging machine, and the packaging machine is further used for pulling the codes of the preset application programs from the code warehouse when the continuous integration system sends out tasks for constructing the preset application programs, so that the codes and the preset secret keys are driven into a preset path of the mirror image center together, and the application container engine image comprising the preset secret keys and the codes is pushed to the mirror image center.
In order to solve the above technical problem, the present application adopts another technical solution: there is provided a storage device having stored thereon program data executable to implement a transmission method as described in any one of the preceding.
The beneficial effect of this application is: different from the prior art, the method for transmitting the configuration information in the application comprises the following steps: a preset configuration center establishes a new preset application program and correspondingly generates a preset secret key; sending the preset secret key to a packaging machine through a set interface so that the packaging machine sends a mirror image of the preset secret key to a mirror image center; acquiring configuration information of a preset application program, and symmetrically encrypting the configuration information through a preset secret key; and sending the encrypted configuration information to an application terminal of a preset application program so that the application terminal acquires the mirror image of the preset key from the mirror image center, analyzes the preset key, and decrypts the encrypted configuration information to acquire the configuration information. In this way, this application is through adopting the secret key of predetermineeing to transmit the encryption to the configuration information of predetermineeing the application to can realize effectively that the data in the configuration information transmission process is encrypted, in order to prevent that the configuration information from being drawn by different applications and getting in the configuration center is predetermineeing inside, thereby cause secret configuration data to reveal in inside, and cause the safety fault, and will predetermine the secret key and squeeze into the mirror image center, also more be favorable to predetermineeing the unified management of secret key.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts. Wherein:
fig. 1 is a schematic flowchart of a first embodiment of a transmission method of configuration information according to the present application;
fig. 2 is a schematic flowchart of a second embodiment of the transmission method of configuration information according to the present application;
fig. 3 is a schematic flowchart of a third embodiment of the transmission method of configuration information according to the present application;
fig. 4 is a schematic flowchart of a fourth embodiment of the transmission method of configuration information according to the present application;
fig. 5 is a schematic flow chart of a fifth embodiment of the transmission method of configuration information according to the present application;
fig. 6 is a flowchart illustrating a sixth embodiment of the method for transmitting configuration information according to the present application;
fig. 7 is a schematic structural diagram of a first embodiment of the transmission system of the configuration information of the present application;
fig. 8 is a schematic structural diagram of a second embodiment of the transmission system of the configuration information of the present application;
FIG. 9 is a schematic diagram of an application scenario in a transmission system of configuration information according to the present application;
FIG. 10 is a schematic structural diagram of an embodiment of a memory device according to the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a schematic flow chart of a first embodiment of a transmission method of configuration information according to the present application, and the present embodiment includes the following steps:
s110: and the preset configuration center newly establishes a preset application program and correspondingly generates a preset secret key.
In this embodiment, when an application is newly created in a preset configuration center, a preset key of the application is further generated correspondingly, and the preset key is stored in a database of the preset configuration center. For example, an application a is newly created in a configuration center in an M area, and the configuration center further generates a secretekeya of the application a, and stores the secretekeya into a database of the configuration center, where the M area may be understood as an area in the concept of geographic location, such as north of lake, Jiangsu, Beijing, etc., and the configuration center corresponds to a server of a data configuration center in the area.
S120: and sending the preset secret key to the packaging machine through a set interface so that the packaging machine sends the mirror image of the preset secret key to the mirror image center.
In this embodiment, after a preset application is newly created in the preset configuration center and a preset key of the preset application is correspondingly generated, the preset key is further sent to the corresponding packing machine through a setting interface of the preset configuration center, or the packing machine directly pulls the preset key of the preset application from the preset configuration center through the setting interface.
The setting interface is authenticated and only the ip corresponding to the packer is restricted from accessing the setting interface, and other ip accesses are uniformly denied, so that the information security of the corresponding preset secret key is ensured.
After the packer acquires the preset secret key of the preset application program, a mirror image of the preset secret key is further constructed, and the mirror image of the preset secret key is pushed to a corresponding mirror image center.
S130: and acquiring configuration information of a preset application program, and symmetrically encrypting the configuration information through a preset secret key.
In this embodiment, when the preset configuration center obtains the corresponding configuration information of the preset application program, in order to ensure data security of the configuration information, the configuration information is further symmetrically encrypted by using the generated preset key.
S140: and sending the encrypted configuration information to an application terminal of a preset application program so that the application terminal acquires the mirror image of the preset key from the mirror image center, analyzes the preset key, and decrypts the encrypted configuration information to acquire the configuration information.
In this embodiment, after the configuration information of the preset application program is symmetrically encrypted by the preset key, the encrypted configuration information is further sent to an application terminal of the preset application program, where the application terminal may include a plurality of intelligent terminals at different application nodes.
After receiving the encrypted corresponding configuration information, the application terminal corresponding to the preset application program acquires the mirror image of the preset key which is constructed by the packaging machine and sent to the mirror image center from the corresponding mirror image center through the corresponding deployment script, and analyzes the actual preset key from the mirror image of the preset key to decrypt the encrypted configuration information, so that the configuration information of the preset application program is acquired.
Different from the prior art, the method for transmitting the configuration information in the application comprises the following steps: a preset configuration center establishes a new preset application program and correspondingly generates a preset secret key; sending the preset secret key to a packaging machine through a set interface so that the packaging machine sends a mirror image of the preset secret key to a mirror image center; acquiring configuration information of a preset application program, and symmetrically encrypting the configuration information through a preset secret key; and sending the encrypted configuration information to an application terminal of a preset application program so that the application terminal acquires the mirror image of the preset key from the mirror image center, analyzes the preset key, and decrypts the encrypted configuration information to acquire the configuration information. In this way, this application is through adopting the secret key of predetermineeing to transmit the encryption to the configuration information of predetermineeing the application, can realize effectively that the data in the configuration information transmission process is encrypted to prevent that configuration information from being drawn by different applications and obtaining inside the predetermined configuration center, thereby cause secret configuration data to reveal in inside, and cause the safety fault, and will predetermine the secret key and squeeze into the mirror image center, also more be favorable to predetermineeing the unified management of secret key.
Referring to fig. 2, fig. 2 is a flowchart illustrating a configuration information transmission method according to a second embodiment of the present application. It can be understood that the method for transmitting configuration information in this embodiment is a flowchart illustrating a detailed implementation manner of the method for transmitting configuration information in fig. 1, where a new preset application in a preset configuration center includes at least two applications, so as to generate at least two keys, and the embodiment includes the following steps:
s210, the preset obfuscating key is obfuscated to generate a preset obfuscated key, wherein the preset obfuscated key includes at least two obfuscating keys.
In this embodiment, the preset configuration center is newly built with at least two applications, and generates corresponding preset keys corresponding to each application, so as to further perform obfuscation processing on the generated at least two keys to obtain at least two obfuscated keys.
In a specific embodiment, the configuration center in the M zone is newly provided with an application a and an application B, and the configuration center further generates keys SecretKeyA and SecretKeyB of the application a and the application B correspondingly, so that after obfuscating the SecretKeyA and the SecretKeyB, the generated MixSecretKeyA and micescrretkeyb are stored in a database of the configuration center, wherein in other embodiments, the configuration center in the M zone may further establish a plurality of applications such as an application C and an application D, and generate a plurality of obfuscated keys correspondingly in turn, so as to further ensure the security of the preset keys, and cannot be traced back.
And S220, sending the preset confusion key to the packaging machine through a set interface so that the packaging machine sends the mirror image of the preset confusion key to the mirror image center.
In this embodiment, at least two application programs are newly created in the preset configuration center to correspondingly generate at least two secret keys, perform obfuscation processing, and after at least two obfuscated secret keys are correspondingly generated, further send each obfuscated secret key to a corresponding packer through a set interface of the preset configuration center, so that after the corresponding preset obfuscated secret key is obtained by the corresponding packer, a mirror image of the preset obfuscated secret key is constructed, and the mirror image of the preset obfuscated secret key is pushed to the corresponding mirror image center.
And S230, acquiring the configuration information of the preset application program, and symmetrically encrypting the configuration information through a preset confusion key.
In this embodiment, when the preset configuration center obtains the corresponding configuration information of the preset application program, in order to ensure data security of the configuration information, the configuration information is further symmetrically encrypted by using the generated preset obfuscating key.
And S240, sending the encrypted configuration information to an application terminal of a preset application program so that the application terminal acquires a mirror image of a preset confusion key from a mirror image center, analyzes the preset key, and decrypts the encrypted configuration information to acquire the configuration information.
In this embodiment, after the configuration information of the preset application program is symmetrically encrypted by using the preset obfuscating key, the encrypted configuration information is further sent to an application terminal of the preset application program, where the application terminal may include intelligent terminals at a plurality of different application nodes.
After receiving the encrypted corresponding configuration information, the application terminal corresponding to the preset application program acquires the mirror image of the preset confusion key which is constructed by the packaging machine and sent to the mirror image center from the corresponding mirror image center through the preset path, and reversely resolves the actual preset key from the mirror image of the preset confusion key so as to decrypt the encrypted configuration information, thereby acquiring the configuration information of the preset application program.
Referring to fig. 3, fig. 3 is a flowchart illustrating a third embodiment of a method for transmitting configuration information according to the present application. It can be understood that the transmission method of configuration information in this embodiment is a flowchart illustration of another detailed implementation of the transmission method of configuration information in fig. 1, and includes the following steps:
s310, S320, and S340 in fig. 3 are the same as S110, S120, and S140 in fig. 1, respectively, and for details, please refer to fig. 1 and the related description thereof, which are not repeated herein, and after S320 and before S340, the following steps are further included:
s330, acquiring configuration information and a preset secret key of the preset application program according to a request for pulling the configuration http initiated to a preset configuration center by an application terminal of the preset application program, and symmetrically encrypting the configuration information through the preset secret key.
In this embodiment, when the preset configuration center obtains the corresponding configuration information of the preset application program, in order to ensure data security of the configuration information, the preset configuration center further obtains the configuration information of the preset application program and a corresponding preset secret key according to a request for pulling configuration http, which is initiated to the preset configuration center by an application terminal of the preset application program, so as to symmetrically encrypt the corresponding configuration information through the preset secret key.
Referring to fig. 4, fig. 4 is a flowchart illustrating a fourth embodiment of a method for transmitting configuration information according to the present application. It can be understood that the transmission method of configuration information in this embodiment is a flowchart illustration of another detailed implementation of the transmission method of configuration information in fig. 1, where the preset configuration center includes a first configuration center and a second configuration center, and this embodiment includes the following steps:
wherein, the preset configuration center includes a first configuration center and a second configuration center, S420, S430, and S440 in fig. 4 are respectively the same as S120, S130, and S140 in fig. 1, and refer to fig. 1 and the related text description, which are not repeated herein, and before S420, the method further includes the following steps:
s410, the first configuration center creates a new preset application program, correspondingly generates a preset secret key, and synchronously transmits the preset secret key to the second configuration center.
In this embodiment, after newly creating a preset application program, and correspondingly generating a preset key of the application program, and storing the preset key in a database of the first configuration center, the first configuration center further transmits the preset key to the second configuration center synchronously. It is understood that the second configuration center may further include a plurality of configuration centers in different areas, and the first configuration center further synchronizes the preset key to the configuration center in each different area in a data synchronization manner after generating the corresponding preset key.
After receiving the encrypted configuration information, the application terminal corresponding to the preset application program existing in the first configuration center or the second configuration center can directly acquire the mirror image of the preset key constructed by the packaging machine and sent to the mirror image center from the mirror image center, and analyze the actual preset key from the mirror image of the preset key so as to decrypt the encrypted configuration information, thereby acquiring the configuration information of the preset application program.
In a specific embodiment, taking the first configuration center as a configuration center of an M area, and taking the second configuration center as a configuration center of an N area as an example, when an application a is newly created in the configuration center of the M area, and a secret key secetkeya of the application a is correspondingly generated, so as to store the secetkeya in a database of the configuration center, and further synchronously transmit the secetkeya to the configuration center of the N area, and send the secetkeya to a corresponding packer through a set interface of the configuration center of the M area, so that the packer pushes a constructed mirror image of the secetkeya to a corresponding mirror image center.
It can be understood that, in this embodiment, when there is a configuration center with multiple areas, the preset key of the preset application program can be synchronized from the main area to other areas in a data synchronization manner, for example, the preset key is synchronized from the first configuration center to the second configuration center, so as to facilitate uniform management of the preset key, and therefore, when there is leakage of the preset key in a certain area of an application terminal, the changed preset key and corresponding configuration information can be synchronously taken by other areas only by modifying the preset key of the application program in the main area, so that the corresponding application terminal can complete replacement of the new key after repackaging and deployment, thereby ensuring security and easy operability of encrypted transmission of the preset key and corresponding configuration information.
Referring to fig. 5, fig. 5 is a schematic flowchart illustrating a fifth embodiment of a method for transmitting configuration information according to the present application. It can be understood that the transmission method of configuration information in this embodiment is a flowchart illustration of another detailed implementation of the transmission method of configuration information in fig. 1, and includes the following steps:
s510, S530, and S540 in fig. 5 are respectively the same as S110, S130, and S140 in fig. 1, and specific reference to fig. 1 and the related text description is not repeated here, and after S510 and before S530, the following steps are further included:
s520, sending the preset secret key to the packaging machine through the set interface, so that the packaging machine drives the preset secret key into a preset path of the mirror image center, and pushing the application container engine mirror image including the preset secret key to the mirror image center.
In this embodiment, a preset application is newly created in a preset configuration center, and after a preset key of the preset application is correspondingly generated, the preset key is further sent to a corresponding packaging machine through a setting interface of the preset configuration center, so that after the packaging machine obtains the corresponding preset key, a mirror image of the preset key is created, and the mirror image of the preset key is driven into a preset path of a mirror image center, so as to push an application container engine mirror image (docker mirror image) including the preset key to the corresponding mirror image center.
The setting interface is authenticated and only the ip corresponding to the packer is restricted from accessing the setting interface, and other ip accesses are uniformly denied, so that the information security of the corresponding preset secret key is ensured.
Referring to fig. 6, fig. 6 is a schematic flowchart illustrating a fifth embodiment of a method for transmitting configuration information according to the present application. It can be understood that the transmission method of configuration information in this embodiment is a flowchart illustration of a detailed implementation manner of the transmission method of configuration information in fig. 5, and includes the following steps:
s610, S630, and S640 in fig. 6 are respectively the same as S510, S530, and S540 in fig. 1, and specific reference to fig. 1 and the related text description is not repeated here, and after S610 and before S630, the following steps are further included:
s620, sending the preset secret key to the packaging machine through the set interface, so that when the packaging machine sends a task of constructing the preset application program in the continuous integration system, the packaging machine pulls the code of the preset application program from the code warehouse to be driven into a preset path of the mirror image center together with the preset secret key, and pushes the application container engine mirror image including the preset secret key and the code to the mirror image center.
In this embodiment, a preset application is newly established in a preset configuration center, and after a preset key of the preset application is correspondingly generated, the preset key is further sent to a corresponding packer through a setting interface of the preset configuration center.
When the continuous integration system sends a task of constructing the preset application program to update the preset application program, the packer pulls the code of the preset application program from the corresponding code warehouse to compile the code of the preset application program so as to convert the code into a file in a text format which can be recognized by the application terminal, and packs the file together with the preset secret key and sends the file to a preset path of the mirror image center so as to further push the application container engine image comprising the preset secret key and the code to the mirror image center.
After receiving the encrypted corresponding configuration information, the application terminal corresponding to the preset application acquires the mirror image of the preset key and the code of the preset application, which is constructed by the packaging machine and sent to the mirror image center, from the corresponding mirror image center, analyzes the actual preset key and the code of the preset application from the mirror image, decrypts the encrypted configuration information through the preset key to acquire the configuration information of the preset application, and updates the preset application through the code of the preset application acquired by the mirror image center.
Based on the general inventive concept, the present application further provides an intelligent terminal, please refer to fig. 7, and fig. 7 is a schematic structural diagram of a first embodiment of the transmission system for configuration information according to the present application. The transmission system 70 of the configuration information includes a preset configuration center 710, a packaging machine 720, a mirror center 730, and an application terminal 740.
In this embodiment, the preset configuration center 710 is configured to newly create a preset application, and correspondingly generate a preset key of the preset application, so that when the configuration information of the preset application is obtained, the configuration information of the preset application is symmetrically encrypted by using the preset key.
The packer 720 is coupled to the provisioning center 710, and configured to receive a preset key sent by the provisioning center 710 through a set interface, and pack and send the preset key to the mirror center 730.
The application terminal 740 of the preset application program is integrated with the preset application program, and is coupled to the preset configuration center 710 and the mirror image center 730, so as to receive the encrypted configuration information sent by the preset configuration center 710, and obtain the mirror image of the preset key from the mirror image center 730, so as to decrypt the encrypted configuration information after analyzing the preset key, so as to obtain the corresponding configuration information.
Referring to fig. 8, fig. 8 is a schematic structural diagram of a second embodiment of the system for transmitting configuration information according to the present application. The present embodiment is different from the first embodiment of the intelligent terminal of the present application in fig. 7 in that the transmission system 70 of the configuration information further includes a persistent integration system 750 and a code repository 760.
In this embodiment, the packer is further configured to pull the code of the predetermined application from the code repository 760 when the persistent integration system 750 issues a task of constructing the predetermined application, to type the code into a predetermined path of the mirror center 730 together with the predetermined key, and to push the application container engine image including the predetermined key and the code of the predetermined application to the mirror center 730.
After receiving the encrypted corresponding configuration information, the application terminal 740 of the preset application program can obtain the image of the preset key and the code of the preset application program, which is constructed by the packer 720 and sent to the image center 730, from the image center 730, analyze the actual preset key and the code of the preset application program from the image, decrypt the encrypted configuration information through the preset key, obtain the configuration information of the preset application program, and update the preset application program through the code of the preset application program obtained from the image center 730.
Referring to fig. 9, fig. 9 is a schematic structural diagram of an application scenario of the transmission system for configuration information according to the present application.
In this embodiment, the persistent integration system needs to deploy an application a and an application B to two areas, namely an M area and an N area, where corresponding configuration centers are deployed, and the persistent integration system, a packer, a code warehouse (e.g., gitlab), and a mirror center (e.g., docker mirror) are deployed in the C area. In other embodiments, the persistent integration system may further involve deploying one or more applications a, e.g., application a, application B, and application C, to the M area or more areas, which is not limited in the present application.
When an application a and an application B are newly built in the configuration center in the M area, the configuration center generates keys SecretKeyA and SecretKeyB for the application a and the application B, respectively, performs obfuscation to generate MixSecretKeyA and MixSecretKeyB, stores the generated key data MixSecretKeyA and MixSecretKeyB in a database of the configuration center in the M area, and synchronizes the finally generated key data MixSecretKeyA and MixSecretKeyB to the configuration center in the N area or the configuration centers in other areas through data synchronization transmission.
When the persistent integration system sends a task of building the application a, the packer pulls corresponding application programs, such as codes of the application a and the application B, from the code repository to be compiled into a text format which can be recognized by an application terminal, and packs the application programs, and further pulls secret keys MixSecretKeyA and MixSecretKeyB, which are obfuscated by the application a and the application B, from a configuration center in the M area through a specified interface (which is authenticated and restricts only the corresponding ip of the packer to access the specified interface, and other ips uniformly refuse access).
When the packaging machine further constructs the mirror image of the application A, the mixed secret key MixSecretKeyA of the application A and the codes of the packaged application A and the packaged application B are input into a path appointed by a mirror image center, and the obtained docker mirror image is pushed to the corresponding mirror image center.
The application terminal of the application a in the M or N area pulls the mixescretkeya, the mixescretkeyb and the image of the codes of the application a and the application B from the image center through the deployment script, so that when the application a or the application B is started, the mixescretkeya or the mixescretkeyb is acquired through a specified path, and the actual secret key secreetkeya or secreetkeyb is inversely resolved.
When the intelligent terminal of the application A or the application B in the M or N area initiates a pull configuration http request to the configuration center of the corresponding area, so that the configuration center of the M or N area finds all configuration information of the application A or the application B and SecretKeyA or SecretKeyB according to the request, encrypts the configuration information by using a symmetric encryption mode through the SecretKeyA or SecretKeyB, and returns the encrypted configuration information to the intelligent terminal of the application A or the application B, so that the intelligent terminal of the application A or the application B obtains the encrypted configuration information, decrypts the configuration information according to the SecretKeyA or SecretKeyB obtained from the image, and the intelligent terminal of the application A or the application B obtains the required configuration information.
Based on the general inventive concept, the present application further provides a memory device, please refer to fig. 10, where fig. 10 is a schematic structural diagram of an embodiment of the memory device of the present application. In the storage device 100, there is stored program data 1010 that can be executed to implement any of the above-described methods for encapsulating video frame data.
In one embodiment, the storage device 100 may be a memory chip in a terminal, a hard disk, or a removable hard disk or a flash disk, an optical disk, or other readable and writable storage tool, and may also be a server or the like.
In the several embodiments provided in the present application, it should be understood that the disclosed method and apparatus may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of a processor or a memory is merely a logical division, and an actual implementation may have another division, for example, a plurality of processors and memories may be combined to implement the functions or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or connection may be an indirect coupling or connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
Different from the prior art, the method for transmitting the configuration information in the application comprises the following steps: a preset configuration center establishes a new preset application program and correspondingly generates a preset secret key; sending the preset secret key to a packaging machine through a set interface so that the packaging machine sends a mirror image of the preset secret key to a mirror image center; acquiring configuration information of a preset application program, and symmetrically encrypting the configuration information through a preset secret key; and sending the encrypted configuration information to an application terminal of a preset application program so that the application terminal acquires the mirror image of the preset key from the mirror image center, analyzes the preset key, and decrypts the encrypted configuration information to acquire the configuration information. In this way, this application is through adopting the secret key of predetermineeing to transmit the encryption to the configuration information of predetermineeing the application, can realize effectively that the data in the configuration information transmission process is encrypted to prevent that configuration information from being drawn by different applications and obtaining inside the predetermined configuration center, thereby cause secret configuration data to reveal in inside, and cause the safety fault, and will predetermine the secret key and squeeze into the mirror image center, also more be favorable to predetermineeing the unified management of secret key.
The above description is only for the purpose of illustrating embodiments of the present application and is not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the specification and the drawings of the present application or are directly or indirectly applied to other related technical fields, are also included in the scope of the present application.

Claims (10)

1. A method for transmitting configuration information, the method comprising:
a preset configuration center establishes a new preset application program and correspondingly generates a preset secret key;
sending the preset secret key to a packaging machine through a set interface so that the packaging machine sends the mirror image of the preset secret key to a mirror image center;
acquiring configuration information of the preset application program, and symmetrically encrypting the configuration information through the preset secret key;
and sending the encrypted configuration information to an application terminal of the preset application program, so that the application terminal acquires the mirror image of the preset secret key from the mirror image center, analyzes the preset secret key, and decrypts the encrypted configuration information to acquire the configuration information.
2. The transmission method according to claim 1, wherein the preset application includes at least two applications and at least two keys are correspondingly generated, after the step of creating a new preset application by the preset configuration center and correspondingly generating a preset key, the step of sending the preset key to the packing machine through a set interface is performed, so that before the step of sending the mirror image of the preset key to the mirror image center by the packing machine, the method further includes:
performing obfuscation processing on the preset secret key to generate a preset obfuscated secret key, wherein the preset obfuscated secret key comprises at least two obfuscated secret keys;
the step of sending the preset secret key to a packaging machine through a set interface so that the packaging machine sends the mirror image of the preset secret key to a mirror image center comprises the following steps:
sending the preset confusion key to the packaging machine through a set interface so that the packaging machine sends the mirror image of the preset confusion key to the mirror image center;
the step of obtaining the configuration information of the preset application program to symmetrically encrypt the configuration information through the preset secret key comprises:
acquiring configuration information of the preset application program, and symmetrically encrypting the configuration information through the preset confusion key;
the step of sending the encrypted configuration information to the application terminal of the preset application program to enable the application terminal to obtain the mirror image of the preset key from the mirror image center, and after analyzing the preset key, decrypting the encrypted configuration information to obtain the configuration information includes:
and sending the encrypted configuration information to an application terminal of the preset application program, so that the application terminal acquires the mirror image of the preset confusion key from the mirror image center, analyzes the preset key, and decrypts the encrypted configuration information to acquire the configuration information.
3. The transmission method according to claim 1, wherein the step of obtaining the configuration information of the preset application program to symmetrically encrypt the configuration information by using the preset key comprises:
and acquiring configuration information of the preset application program and the preset secret key according to a request for pulling configuration http initiated to the preset configuration center by the application terminal of the preset application program, so as to symmetrically encrypt the configuration information through the preset secret key.
4. The transmission method according to claim 1, wherein the preset configuration centers comprise a first configuration center and a second configuration center,
the method comprises the following steps that a preset application program is newly built in the preset configuration center, and a preset secret key is correspondingly generated, and comprises the following steps:
and the first configuration center newly builds the preset application program, correspondingly generates the preset secret key, and synchronously transmits the preset secret key to the second configuration center.
5. The transmission method according to claim 1, wherein the step of sending the preset key to a packer through a set interface, so that the packer sends the mirror image of the preset key to a mirror image center includes:
and sending the preset secret key to a packaging machine through a set interface so that the packaging machine drives the preset secret key into a preset path of the mirror image center, and pushing an application container engine mirror image comprising the preset secret key to the mirror image center.
6. The transmission method according to claim 5, wherein the step of sending the preset key to a packaging machine through a set interface, so that the packaging machine drives the preset key into a preset path of the mirror image center, and pushes the application container engine mirror image including the preset key to the mirror image center includes:
and sending the preset secret key to a packaging machine through a set interface, so that when a continuous integration system of the packaging machine sends a task for constructing the preset application program, the packaging machine pulls the code of the preset application program from a code warehouse, so as to be driven into a preset path of the mirror image center together with the preset secret key, and pushes an application container engine image comprising the preset secret key and the code to the mirror image center.
7. The transmission method according to claim 5,
and the set interface is authenticated and limits to only operate the IP access of the packaging machine corresponding to the preset configuration center.
8. A transmission system for configuration information, the transmission system comprising:
the system comprises a preset configuration center, a configuration processing center and a configuration processing center, wherein the preset configuration center is used for newly building a preset application program and correspondingly generating a preset secret key so as to symmetrically encrypt configuration information of the preset application program through the preset secret key when the configuration information is obtained;
the packer is coupled with the preset configuration center and used for receiving the preset secret key sent by the preset configuration center through a set interface;
the mirror image center is coupled with the packaging machine and used for receiving the mirror image of the preset secret key sent by the packaging machine;
and the application terminal is coupled with the preset configuration center and the mirror image center, and is used for receiving the encrypted configuration information sent by the preset configuration center, acquiring the mirror image of the preset secret key from the mirror image center, analyzing the preset secret key, and decrypting the encrypted configuration information to acquire the configuration information.
9. The transmission system according to claim 8, characterized in that the transmission system further comprises: a persistent integration system and code repository;
the continuous integration system and the code warehouse are both coupled to the packaging machine, and the packaging machine is further configured to pull the code of the preset application program from the code warehouse when the continuous integration system sends a task of constructing the preset application program, so as to be driven into a preset path of the mirror image center together with the preset key, and push an application container engine mirror image including the preset key and the code to the mirror image center.
10. A storage device, characterized in that the storage device stores program data that can be executed to implement the transmission method according to any one of claims 1 to 7.
CN201911036561.6A 2019-10-29 2019-10-29 Configuration information transmission method, transmission system and storage device Active CN110933035B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911036561.6A CN110933035B (en) 2019-10-29 2019-10-29 Configuration information transmission method, transmission system and storage device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911036561.6A CN110933035B (en) 2019-10-29 2019-10-29 Configuration information transmission method, transmission system and storage device

Publications (2)

Publication Number Publication Date
CN110933035A true CN110933035A (en) 2020-03-27
CN110933035B CN110933035B (en) 2022-02-18

Family

ID=69849740

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911036561.6A Active CN110933035B (en) 2019-10-29 2019-10-29 Configuration information transmission method, transmission system and storage device

Country Status (1)

Country Link
CN (1) CN110933035B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112073232A (en) * 2020-08-31 2020-12-11 北京健康之家科技有限公司 Distribution method and device of public resource configuration information and computer equipment

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106203015A (en) * 2016-06-30 2016-12-07 北京奇虎科技有限公司 The collocation method of application program, device and terminal unit
CN106648741A (en) * 2016-10-18 2017-05-10 广州视睿电子科技有限公司 Method and device for deploying application system
CN106817377A (en) * 2017-03-27 2017-06-09 努比亚技术有限公司 A kind of data encryption device, decryption device and method
CN107026824A (en) * 2016-02-02 2017-08-08 腾讯科技(深圳)有限公司 A kind of message encryption, decryption method and device
CN107332661A (en) * 2017-06-29 2017-11-07 环球智达科技(北京)有限公司 The method of data encryption
CN109189680A (en) * 2018-08-24 2019-01-11 苏州玩友时代科技股份有限公司 A kind of system and method for application publication and configuration
CN109257399A (en) * 2017-07-13 2019-01-22 上海擎感智能科技有限公司 Cloud platform application management method and management platform, storage medium
US20190052463A1 (en) * 2011-03-07 2019-02-14 Security First Corp. Secure file sharing method and system
CN109670325A (en) * 2018-12-21 2019-04-23 北京思源互联科技有限公司 A kind of devices and methods therefor of configuration file encryption and decryption
CN110138750A (en) * 2019-04-23 2019-08-16 上海数据交易中心有限公司 Encryption method, apparatus and system, storage medium, the terminal of configuration file
CN110321727A (en) * 2018-03-29 2019-10-11 阿里巴巴集团控股有限公司 The storage of application information, processing method and processing device

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190052463A1 (en) * 2011-03-07 2019-02-14 Security First Corp. Secure file sharing method and system
CN107026824A (en) * 2016-02-02 2017-08-08 腾讯科技(深圳)有限公司 A kind of message encryption, decryption method and device
CN106203015A (en) * 2016-06-30 2016-12-07 北京奇虎科技有限公司 The collocation method of application program, device and terminal unit
CN106648741A (en) * 2016-10-18 2017-05-10 广州视睿电子科技有限公司 Method and device for deploying application system
CN106817377A (en) * 2017-03-27 2017-06-09 努比亚技术有限公司 A kind of data encryption device, decryption device and method
CN107332661A (en) * 2017-06-29 2017-11-07 环球智达科技(北京)有限公司 The method of data encryption
CN109257399A (en) * 2017-07-13 2019-01-22 上海擎感智能科技有限公司 Cloud platform application management method and management platform, storage medium
CN110321727A (en) * 2018-03-29 2019-10-11 阿里巴巴集团控股有限公司 The storage of application information, processing method and processing device
CN109189680A (en) * 2018-08-24 2019-01-11 苏州玩友时代科技股份有限公司 A kind of system and method for application publication and configuration
CN109670325A (en) * 2018-12-21 2019-04-23 北京思源互联科技有限公司 A kind of devices and methods therefor of configuration file encryption and decryption
CN110138750A (en) * 2019-04-23 2019-08-16 上海数据交易中心有限公司 Encryption method, apparatus and system, storage medium, the terminal of configuration file

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112073232A (en) * 2020-08-31 2020-12-11 北京健康之家科技有限公司 Distribution method and device of public resource configuration information and computer equipment

Also Published As

Publication number Publication date
CN110933035B (en) 2022-02-18

Similar Documents

Publication Publication Date Title
CN105553951B (en) Data transmission method and device
WO2015180666A1 (en) Wireless network connection method, apparatus, and system
CN104052742A (en) Internet of things communication protocol capable of being encrypted dynamically
CN109194651B (en) Identity authentication method, device, equipment and storage medium
CN109067739B (en) Communication data encryption method and device
CN107172001B (en) Control method and device of website proxy server and key proxy server
CN109670325B (en) Device and method for encrypting and decrypting configuration file
CN111970240B (en) Cluster receiving and managing method and device and electronic equipment
US20180351737A1 (en) Communication apparatus, communication system, key sharing method, and computer program product
EP3738269A1 (en) Secure distributed key management system
CN110505053B (en) Quantum key filling method, device and system
CN106161363B (en) SSL connection establishment method and system
CN104767766A (en) Web Service interface verification method, Web Service server and client side
CN110933035B (en) Configuration information transmission method, transmission system and storage device
CN108418679B (en) Method and device for processing secret key under multiple data centers and electronic equipment
CN113992427B (en) Data encryption sending method and device based on adjacent nodes
CN113114646B (en) Risk parameter determination method and device, electronic equipment and storage medium
CN110602133B (en) Intelligent contract processing method, block chain management device and storage medium
CN114491641A (en) Method and system for realizing cross-network application of sensitive identity information
CN114710547A (en) Page display method, resource sending method, electronic equipment, server and medium
CN113852624A (en) Data cross-network transmission method, device and computer medium thereof
CN113452513B (en) Key distribution method, device and system
CN111431846B (en) Data transmission method, device and system
CN116527246A (en) Data protection method and electronic equipment
CN113193956A (en) Account information processing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant