CN115146284A - Data processing method and device, electronic equipment and storage medium - Google Patents

Data processing method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN115146284A
CN115146284A CN202110336674.9A CN202110336674A CN115146284A CN 115146284 A CN115146284 A CN 115146284A CN 202110336674 A CN202110336674 A CN 202110336674A CN 115146284 A CN115146284 A CN 115146284A
Authority
CN
China
Prior art keywords
data
requested
target
processing
interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110336674.9A
Other languages
Chinese (zh)
Inventor
王欢
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Anhui Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Anhui Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Anhui Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202110336674.9A priority Critical patent/CN115146284A/en
Publication of CN115146284A publication Critical patent/CN115146284A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a data processing method, a data processing device, electronic equipment and a storage medium. The data processing method comprises the following steps: receiving a data request sent by a client, wherein the data request comprises: data to be requested; determining the data type of the data to be requested based on the data request; calling a target processing interface corresponding to the data type of the data to be requested according to the data type of the data to be requested, and processing the data to be requested based on the target processing interface to obtain target data; and returning the target data to the client. By adopting the data processing method provided by the application, the SDK can be integrated at the application end, the development difficulty is effectively reduced, the time consumed for calling the network in the interface is reduced, the sensitive data is processed by using the target processing interface, and the technical effect of avoiding the sensitive data leakage is achieved.

Description

Data processing method and device, electronic equipment and storage medium
Technical Field
The present application relates to computer technologies, and in particular, to a data processing method and apparatus, an electronic device, and a storage medium.
Background
At present, various application systems play more and more important roles in the field of enterprise business support. When the information technology is used in a large scale, the operation efficiency of enterprises is greatly improved. The risk of leakage of system sensitive data such as personal information and the like is increased while the information technology realizes service interconnection and intercommunication and information open sharing.
At present, there are three main methods for protecting sensitive data of an application system: the first is to isolate the core database of the service information system carrying sensitive data from the internet through enhanced management, and to perform strong audit and control on the access operation of the system sensitive data, but this solution cannot protect the abuse of internal authorized personnel to the user data. The second is to deploy a data leakage prevention system, but most of the solutions are post-audit capability and cannot play a real-time precaution function. The third is to adopt an encryption technology, namely, sensitive data of a system is encrypted, so that the data leakage cannot be read, and the scheme is often unreasonable in use mode because core functions such as an encryption algorithm, key management and the like are not understood, thereby greatly reducing the security protection intensity of the data.
Disclosure of Invention
Embodiments of the present invention provide a data processing method, an apparatus, a device, and a computer storage medium, so as to achieve the technical effects of integrating an SDK at an application end, effectively reducing development difficulty, reducing network time consumption in a call interface, processing sensitive data by using a target processing interface, and avoiding sensitive data leakage.
The technical scheme of the application is as follows:
in a first aspect, a data processing method is provided, which is applied to an application server, in which at least one Crypto software development toolkit is integrated, and includes:
receiving a data request sent by a client, wherein the data request comprises: data to be requested;
determining the data type of the data to be requested based on the data request;
calling a target processing interface corresponding to the data type of the data to be requested according to the data type of the data to be requested, and processing the data to be requested based on the target processing interface to obtain target data;
and returning the target data to the client.
In a second aspect, there is provided a data processing apparatus, the apparatus being integrated in an application server, in which at least one crypt software development kit is integrated, the apparatus comprising:
a data request receiving module, configured to receive a data request sent by a client, where the data request includes: data to be requested;
the data type determining module is used for determining the data type of the data to be requested based on the data request;
the target data determining module is used for calling a target processing interface corresponding to the data type of the data to be requested according to the data type of the data to be requested, and processing the data to be requested based on the target processing interface to obtain target data;
and the target data returning module is used for returning the target data to the client.
In a third aspect, an embodiment of the present application provides an electronic device, which includes a processor, a memory, and a program or an instruction stored on the memory and executable on the processor, and when the program or the instruction is executed by the processor, the method of processing data according to any one of the embodiments of the present invention is implemented.
In a fourth aspect, the present application provides a computer storage medium, where computer program instructions are stored, and when the computer program instructions are executed by a processor, the computer program instructions implement the steps of the data processing method according to any one of the embodiments of the present invention.
The technical scheme provided by the embodiment of the application at least has the following beneficial effects:
according to the data processing method provided by the embodiment of the application, the data type of the data to be requested is determined by analyzing the data to be requested in the received data request, and the data type of the data to be requested is determined quickly based on the data identification of the data to be requested according to the data type of the data to be requested, so that the efficiency of identifying the data type is improved. The method comprises the steps of calling a target processing interface corresponding to the data type of the data to be requested according to the data type of the data to be requested, and processing the data to be requested by using the target processing interface, so that the corresponding processing interface is set according to the data type of the data to be requested to process the data to be requested, the chaos of data processing is avoided, the processing efficiency of the data to be requested is improved, and the problems that all data are processed by using the same processing interface, the interfaces are blocked, and further the data processing is delayed are solved. The method is applied to an application server, at least one Crypto software development toolkit is integrated in the application server, the development difficulty is effectively reduced by integrating the SDK at the application end, the network time consumption in the calling interface is reduced, the target processing interface is used for processing the data to be requested, and the technical effect of avoiding the leakage of the data to be requested is achieved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and, together with the description, serve to explain the principles of the application and are not to be construed as limiting the application.
Fig. 1 is a first flowchart illustrating a data processing method according to an embodiment of the present application;
fig. 2 is a schematic flowchart illustrating a data processing method according to an embodiment of the present application;
fig. 3 is a schematic flowchart diagram of a data processing method provided in an embodiment of the present application;
fig. 4 is a fourth schematic flowchart of a data processing method according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the technical solutions of the present application better understood by those of ordinary skill in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are intended to be illustrative only and are not intended to be limiting. It will be apparent to one skilled in the art that the present application may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the present application by illustrating examples thereof.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It should be understood that the data so used may be interchanged under appropriate circumstances such that embodiments of the application described herein may be implemented in sequences other than those illustrated or described herein. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples consistent with certain aspects of the application, as detailed in the appended claims.
Based on the background technology, various application systems play more and more important roles in the field of enterprise business support. The risk of leakage of system sensitive data such as personal information and the like is increased while the information technology realizes service interconnection and intercommunication and information open sharing.
Specifically, there are three main methods for protecting sensitive data of an application system at present: the first is that through reinforced management, the core database of the service information system bearing the sensitive data is isolated from the internet, and meanwhile, the access operation of the system sensitive data is strongly audited and controlled, but the scheme cannot prevent the abuse of internal authorized personnel to the user data. The second is to deploy a data leakage prevention system, but most of the solutions are post-audit capability and cannot play a real-time precaution function. The third is to adopt an encryption technology, namely, sensitive data of a system is encrypted, so that the data leakage cannot be read, and the scheme is often unreasonable in use mode because core functions such as an encryption algorithm, key management and the like are not understood, thereby greatly reducing the security protection intensity of the data.
Based on this, embodiments of the present application provide a data processing method and apparatus, an electronic device, and a storage medium, and by integrating a Software Development Kit (SDK) at an application end, development difficulty is effectively reduced, network time consumption in a call interface is reduced, a target processing interface is used to process sensitive data, and a technical effect of avoiding sensitive data leakage is achieved.
The data processing method provided by the embodiment of the present application is described in detail below with reference to the accompanying drawings.
Fig. 1 is a flowchart illustrating a data processing method provided in an embodiment of the present application, where the method may be applied to an application server, and at least one Crypto software development kit is integrated in the application server. As shown in fig. 1, the method may include steps S110-S140.
Step S110, receiving a data request sent by a client, where the data request includes: data to be requested.
The data request may be a request sent by a client to request data.
In an embodiment of the invention, the data to be requested is included in the data request. The data to be requested may be the data to be requested, and specifically, for example, an account number, a password, and the like of a certain application that is requested may be used.
Step S120, determining a data type of the data to be requested based on the data request.
In the embodiment of the invention, the data type of the data to be requested can be judged according to the received data request.
Specifically, the determining the data type of the data to be requested based on the data request may be: acquiring a field of data to be requested in a data request; under the condition that a field of data to be requested is determined to be a first data type identifier, determining that the data type of the data to be requested is a first data type; and under the condition that the field of the data to be requested is determined to be the second data type identifier, determining that the data type of the data to be requested is the second data type.
In an embodiment of the invention, the first data type may be a very specific type of data that needs to be encrypted and decrypted.
The first data type identifier may be an identifier indicating that the data is of a first data type.
The second data type may be type data of an unclear data type.
The second data type identification may be indicative of the same the data is an identification of the second data type.
After receiving the data to be requested, a field of the data to be requested may be obtained, the data to be requested is determined to be of a first data type when the field of the data to be requested is determined to be of a first data type identifier, and the data type of the data to be requested is determined to be of a second data type when the field of the data to be requested is determined to be of a second data type identifier.
Specifically, the identification of the data type identifier of the field of the data to be requested may be performed by a deep learning method, so that the identification efficiency and accuracy of the type of the data to be requested may be improved, and errors caused by human identification may be avoided.
The field of the data to be requested has the identification of the data to be requested, and the data type of the data to be requested can be determined by identifying the data identification of the data to be requested.
Step S130, according to the data type of the data to be requested, calling a target processing interface corresponding to the data type of the data to be requested, and processing the data to be requested based on the target processing interface to obtain target data.
The target processing interface may be an interface for processing the data to be requested, which corresponds to the data type of the data to be requested. Here, the processing of the data to be requested may be encrypting and/or decrypting the data to be requested.
The target data may be data obtained by processing the data to be requested based on the target processing interface.
In the embodiment of the invention, after the data type of the data to be requested is determined, the target processing interface corresponding to the data type of the data to be requested can be called according to the data type of the data to be requested, and the data to be requested is correspondingly processed based on the target processing interface to obtain the target data.
After the data type of the data to be requested is determined, a target processing interface corresponding to the data to be requested is determined according to the data type of the data to be requested, the data to be requested is processed based on the target processing interface, and the target data is obtained. Meanwhile, when the data to be requested is sensitive data (such as an account number, a password and the like), leakage of the data to be requested can be avoided.
In this embodiment of the present invention, after invoking a target processing interface corresponding to the data type of the data to be requested according to the data type of the data to be requested, the method may further include:
and under the condition that the client side is determined to have the use authority of the target data, processing the data to be requested based on the target processing interface.
After the target processing interface is determined, the corresponding access control strategy can be called by the interface, whether the client has the use authority for the data to be requested is judged based on the access control strategy, and under the condition that the client is determined to have the use authority for the data to be requested, the corresponding encryption and decryption strategy is called by the target processing interface to carry out encryption and decryption processing on the data to be processed, so that the target data is obtained.
After the data type of the data to be requested is determined, the use permission of the data to be requested is controlled according to the access control strategy, and the method has the advantages that the data to be requested can be used only by a client with the use permission of the data to be requested, and leakage of the data to be requested is avoided.
In one example, if it is determined that the client does not have the usage right for the data to be requested, the application server may generate alarm information and return the alarm information to the client to prompt the user that the data to be requested does not have the usage right.
Step S140, returning the target data to the client.
After the target data is obtained, the target data may be returned to the client, so that the client performs subsequent processing on the target data, such as storage, forwarding, presentation, and the like.
According to the data processing method provided by the embodiment of the invention, the data type of the data to be requested is determined by analyzing the data to be requested in the received data request, and the data type of the data to be requested is determined quickly based on the data identification of the data to be requested according to the data type of the data to be requested, so that the efficiency of identifying the data type is improved. According to the data type of the data to be requested, calling a target processing interface corresponding to the data type of the data to be requested to process the data to be requested by using the target processing interface, so that according to the data type of the data to be requested, the corresponding processing interfaces are arranged to process the data to be requested, so that the disorder of data processing is avoided, the processing efficiency of the data to be requested is improved, and the problem that the congestion of the interfaces and the delay of the data processing are caused because all the data are processed by the same processing interface is avoided. The method is applied to an application server, at least one Crypto software development toolkit is integrated in the application server, the development difficulty is effectively reduced by integrating the SDK at the application end, the time consumed by calling a network in an interface is reduced, the target processing interface is used for processing the data to be requested, and the technical effect of avoiding the leakage of the data to be requested is achieved.
In one example, when the data to be requested is of a first data type, the corresponding target processing interface is an exact match interface; and when the data to be requested is of the second data type, the corresponding target processing interface is a fuzzy matching interface.
In the embodiment of the present invention, a specific implementation manner for calling the target processing interface corresponding to the data to be requested according to the data type of the data to be requested is as follows:
and step S1301, encrypting and/or decrypting the data to be requested based on the accurate matching interface to obtain target data.
And under the condition that the data type of the data to be requested is determined to be the first data type, calling an accurate matching interface, calling a corresponding strategy based on the accurate matching interface, specifically an encryption and decryption strategy, and carrying out encryption and decryption processing on the data to be requested to obtain target data.
Step S1302, identifying data to be requested based on a fuzzy matching interface to obtain data to be processed in the data to be requested; and encrypting and/or decrypting the data to be processed to obtain the target data.
The data to be processed may be data to be encrypted and decrypted subsequently, which is obtained by identifying the data to be requested.
And under the condition that the data type of the data to be requested is determined to be the second data type, calling a fuzzy matching interface, identifying the data to be requested based on the fuzzy matching interface, specifically calling a data identification module based on the fuzzy matching interface, identifying the data to be requested based on the data identification module to obtain the data to be processed in the data to be requested, and then carrying out encryption and decryption processing on the data to be processed by utilizing an encryption and decryption strategy to obtain target data.
When it is unclear whether the data to be requested is specifically data needing encryption and decryption, the data to be processed in the data to be requested can be identified based on the fuzzy matching interface, so that the data to be processed can be encrypted and decrypted by using an encryption and decryption strategy.
In the embodiment of the invention, the data to be requested is identified based on the fuzzy matching interface to obtain the data to be processed in the data to be requested, and the specific implementation mode is as follows:
encoding data to be requested to obtain a feature vector corresponding to the data to be requested; obtaining a target characteristic vector corresponding to the data to be processed based on the fuzzy matching interface and an identification model for identifying the data to be processed in the data to be requested; and carrying out inverse coding on the target characteristic vector to obtain data to be processed.
The target feature vector is a feature vector corresponding to the data to be processed.
After the data to be requested is obtained, the data to be requested can be encoded based on a preset encoding algorithm to obtain a feature vector corresponding to the data to be requested, then an identification model for identifying the data to be processed in the data to be requested is called based on a fuzzy matching interface, specifically, the feature vector corresponding to the data to be requested is input into the identification model, the identification model identifies the feature vector to be processed, the feature vector to be processed is output, and the target feature vector is obtained. And performing inverse coding on the target characteristic vector to obtain data to be processed.
In the embodiment of the invention, the preset encoding algorithm is an algorithm capable of encoding data to be requested, and specifically, the preset encoding algorithm is an N-Gram algorithm. In the embodiment of the invention, the data to be requested is serialized by using an N-Gram algorithm to obtain the feature vector of the data to be requested.
It should be noted that, in the embodiment of the present invention, although the N-Gram algorithm is used to encode the data to be requested, the embodiment of the present invention is not limited to the use of the N-Gram algorithm, and may also use a national standard algorithm, which may be specifically selected according to the user's own needs, and is not limited herein. All algorithms capable of coding the data to be requested to obtain the feature vector belong to the protection scope of the embodiment of the invention.
In one example, before the application server receives the data sent by the client, the application server must establish a connection with the encryption and decryption service center, and the specific implementation manner is as follows, steps S90-S100:
and S90, sending a registration request to the encryption and decryption service center so that the encryption and decryption service center responds to the registration request, generates authentication information corresponding to the Crypto software development kit, and sends the authentication information to the application server.
Before the application server receives a data request sent by the client, the application server must establish connection with the encryption and decryption service center, specifically, the application server sends a registration request to the encryption and decryption service center, and the encryption and decryption service center generates authentication information corresponding to the Crypto software development kit based on the registration request and sends the authentication information to the application server.
In the embodiment of the present invention, the authentication information may be a unique identifier corresponding to the Crypto software development kit, and may be, for example, a unique digital certificate. The authentication information is used for identity authentication and establishing a secure channel in subsequent online or offline policy updating.
The application server receives the authentication information corresponding to the integrated Crypto software development toolkits, so that one Crypto software development toolkit is ensured to have the corresponding authentication information, the disorder of each Crypto software development toolkit is avoided, and the corresponding Crypto software development toolkit can be updated by utilizing the authentication information corresponding to the Crypto software development toolkit when each Crypto software development toolkit is updated in the subsequent process.
In the embodiment of the invention, the Crypto software development toolkit can be embedded into the application system and used as a plug-in of the application system. The application server establishes connection with the encryption and decryption service center, and the essence is to establish connection between the Crypto software development toolkit and the encryption and decryption service center. The establishment of the connection (namely registration) between the Crypto software development kit and the encryption and decryption service center can be carried out in an off-line mode and an on-line mode, and the Crypto software development kit and the encryption and decryption service center are not limited in the above and can be selected according to the requirements of users.
In the process of establishing a connection between the Crypto software development kit and the encryption and decryption service center, it is necessary to determine basic information (for example, configuration information of the application system) of the application system using the Crypto software development kit, an interface and a function module that are open to the application system, performance parameters (for example, update time, use time, and the like of the Crypto software development kit) of the Crypto software development kit, and the like.
After receiving the registration request sent by the application server, the encryption and decryption service center can generate a unique digital certificate corresponding to the Crypto software development kit based on the registration request, and send the unique digital certificate to the application server.
S100, configuring a protection strategy corresponding to the Crypto software development kit for the Crypto software development kit, and processing the data to be requested based on the protection strategy.
After the Crypto software development kit is registered, a protection strategy corresponding to the Crypto software development kit needs to be configured, and the protection strategy is used for protecting the security of the data to be requested, so that the application server can process the data to be requested based on the protection strategy.
In one example, after the above operations are completed, the application server may further send the log record to an encryption and decryption service center or other log management platform, so as to save the operation log of the Crypto software development kit.
In the embodiment of the present invention, the sending of the log record to the encryption and decryption service center or other log management platforms may be sending after each operation is completed, or may be sending periodically, where the sending may be set according to a user requirement, and is not limited herein.
Referring to fig. 2, the data processing method is performed in the application server, the encryption and decryption service center and the client, the information transmission among the three is shown in fig. 2.
The Crypto software development toolkit can be a set of data encryption plug-in, an application system is required to be deployed in an application server through localization, and data encryption and decryption services provided by the Crypto software development toolkit can be used through encryption and decryption expansion capacity of the Crypto software development toolkit. In order to facilitate understanding of the data processing method provided in the embodiment of the present invention, a specific example is described below.
Because cryptoSDK defaults to adopting the embedded encryption and decryption module to carry out data encryption and decryption operations, the decryption capability supported by the local application server influences the data encryption strength, and the data encryption strength directly influences the protection strength of the data. In order to enhance the data encryption and decryption capabilities of the local application terminal, the CryptoSDK supports encryption and decryption expansion capabilities, and forms beneficial supplement for the CryptoSDK. The CryptoSDK is mainly expanded through an external cipher machine and a server side encryption and decryption service. The external cipher machine is directly configured and used with the existing hardware equipment of the cipher machine; the access of the encryption and decryption service of the server side mainly refers to that the server side of the CryptoSDK supports data encryption and decryption service, and if the capacity of local application side equipment is limited, the client side can directly configure and use the data encryption and decryption service provided by the server side under the condition that no external encryption machine exists due to the limitation of hardware equipment.
Referring to fig. 3, in the embodiment of the present invention, the core function of CryptoSDK is as follows:
(1) Registration certificate
Certificate registration is a key action before data interaction between an application side SDK (cryptoSDK in an application server) and a server side key management platform (encryption and decryption service center) is realized, and is also an important basis for ensuring safe data transmission between the application side SDK and the server side. Therefore, before the application side SDK and the server side key formally communicate, certificate registration application is required.
The specific mode is as follows: and generating a private key by using a command line of the application side SDK, and encrypting and storing the private key by using a SHA 512-length password, wherein the private key cannot be seen to an application. And a private key is used for generating a certificate request file, the theme extension item in the certificate request file extracts the local MAC address and the IP address by default, and only basic information related to a service system needs to be manually input. The certificate request file generation is completed and, the SDK automatically sends the certificate request file to the server key management platform, and the key management platform finishes automatic signature issuing and responds to the application end SDK for automatic storage.
(2) Driver registration
The cryptoSDK is between the application and the database to realize the data operation proxy function, so that the driver registration is needed before the formal use. The drive registration needs manual entry of link addresses, account numbers, passwords and other related connection pool optimization parameters of a target database JDBC. When the SDK is registered, the database connection test is automatically carried out (the specific test mode is not described in detail in the embodiment of the invention), and after the test is successfully passed, the configured relevant connection information is written into the SDK for encryption storage. The configuration connection information is invisible to the user, and if database connection and account password change are needed, modification coverage can be performed through a command line. The CryptoSDK supports the configuration of multiple data sources for better seamless docking with a real environment.
The above steps are steps that before the application server receives the data sent by the client, the application server establishes connection with the encryption and decryption service center.
(3) Proxy gateway
CryptoSDK, which plays the role of a database from an application perspective. Sensitive information access operation of the application and the database is carried out through the CryptoSDK proxy gateway. The proxy gateway bears the core capabilities of database adaptation, data operation forwarding and the like, and is a core control component for realizing sensitive protection of the whole cryptoSDK.
(4) Service application
In order to simplify the operation of the application end, when the application end completes the certificate registration, the application end is automatically prompted to apply for the service, an operation example is given, and all encryption and decryption service lists supported by the key platform of the service end and data encryption and decryption algorithms and parameters supported by the local end (possibly a local cipher machine and a cipher machine corresponding to the encryption and decryption of the service end) are displayed at the same time. In order to facilitate the subsequent service application configuration of the user, the CryptoSDK simultaneously encrypts and stores the encryption and decryption services supported by the key platform in the local SDK. And the application maintenance personnel submits the configuration to realize the service application process by selecting the text, the file encryption and decryption algorithm and the parameter configuration related service configuration information which need to be used in the command line. And if the user wants to apply for the service subsequently, entering the SDK command line to finish configuration submission. The whole service application process adopts a two-way certificate mechanism to realize confidentiality, consistency and credibility of data transmission.
(5) Key exchange
Obtaining the key is the most key and the most important step in the whole cryptoSDK, and is the core base stone for realizing the protection of sensitive data (data to be requested). The key is used as key basic data in the data encryption and decryption process and is a key for realizing data encryption and decryption, so that the problems of confidentiality, consistency and credibility of key data transmission need to be guaranteed. The cryptoSDK carries out bidirectional authentication by using the principles of certificate public key encryption and private key decryption and adopting a bidirectional certificate mechanism through the characteristic of an asymmetric algorithm. The CryptoSDK comprises a private CA root certificate of a server side key management platform, mutual authentication is realized between two sides by utilizing the private CA root certificate, and the problem of credibility between the sides is guaranteed. Meanwhile, the two parties respectively use the public key of the other party to encrypt in the data communication process, so that the confidentiality problem in the data transmission process is guaranteed. In addition, in the data transmission process, the two sides form the summary of the data to be sent and then transmit the data, so that the problem of data consistency verification is solved. After obtaining the key from the server, a service and key corresponding relation table is formed in the local memory. Therefore, the SDK end does not need to acquire the key from the server end every time data encryption and decryption are carried out, on one hand, the service bearing pressure of the server end is reduced, and on the other hand, the performance of data encryption is improved. Meanwhile, in order to ensure the security of key data in the memory, the cryptoSDK adopts an AES-CTR mode when being written into the memory, so that one-time pad is realized, the encryption key is continuously updated, and the security of key cache data in the memory is ensured to the greatest extent.
(6) Sensitive information feature extraction
The data to be requested is subsequenced by the N-Gram algorithm, and calculating a characteristic value vector according to the probability of the occurrence of the characteristic sequence so as to reduce the vector dimension. Meanwhile, the N-Gram is based on the Markov chain, and each subsequence is mutually associated, so that the extracted characteristic value can better reflect the self characteristic of the data to be requested, and the accuracy of sensitive data identification is enhanced by combining with a sensitive data definition rule.
The key cryptoSDK is combined with a sensitive data definition rule, specifically, a machine learning algorithm is introduced, and combined with an N-Gram sensitive data extraction characteristic, sensitive data existing in the data to be requested, namely the data to be processed, such as information of a user name, a password, an identity card number, a telephone and the like included in the data to be requested, is actively discovered. Meanwhile, in order to increase the safety compliance of the local running environment and the support environment, the SDK periodically discovers whether sensitive plaintext data exists in the application program range, such as a configuration file and a database, and simultaneously detects whether sensitive plaintext data exists in the support environment of the application terminal. And automatically pushing alarm information to the server management platform according to the sensitive data in the found operating environment and the support environment.
(7) Encryption and decryption rule matching
And the sensitive data rules are centrally and uniformly managed and controlled by the server side. When the application terminal is initialized, the application terminal automatically establishes a secure link with the server terminal, acquires the rule definition of the full sensitive data, and writes the rule definition into a local cache. Meanwhile, in order to keep the sensitive data rule updated regularly, the application end establishes a link with the server end regularly to check the rule update. In the CryptoSDK, the division of labor and cooperation of respective functional modules are realized through a responsibility chain mode, and after the extraction of characteristic data is finished (after data to be processed is obtained), data matching is carried out according to a sensitive data definition rule. And carrying out data encryption operation on the data meeting the condition.
(8) File security encryption and decryption
As the interaction between the systems is closer, for example, the big data analysis system needs to acquire data from other application systems for analysis, the data may also be files, and thus the data files need to be transmitted over the network, but the data files may be attacked by hackers and other malicious adversaries during the transmission process, so that the data is mistransmitted, even the content is modified or intercepted, and the insecurity of the network transmission data brings huge hidden dangers to our lives.
The reliable transmission of the file is realized, and the safety and the effectiveness of the network file transmission are guaranteed. The file to be transmitted needs to be encrypted through an encryption algorithm first when the first party transmits data to the second party, the second party needs to decrypt the data through a corresponding decryption algorithm after receiving the file, the third party also possibly receives the file transmitted by the first party in the transmission process, but the third party does not have the corresponding decryption algorithm, so that the content transmitted by the first party cannot be known, and the safety of data transmission through a network is guaranteed.
(9) SDK cracking prevention
Since the introduction of the SDK is completely transparent to the application side, the client cannot obtain the data encryption and decryption keys. The problem of guaranteeing the safety of the SDK becomes a very critical problem, and a cracking prevention mechanism is introduced for the problem. The dynamic application protection system SDK prevents itself from being hacked by a variety of methods.
Firstly, the SDK is subjected to operations such as code obfuscation and slimming, and a running environment detection and anti-debugging mechanism is added for resisting anti-compilation or other reverse analysis means;
secondly, the SDK performs bidirectional verification with the dynamic application protection system server: namely, the client checks the server to prevent the server from forging, the server also performs signature and fingerprint verification on the client, and once abnormity occurs, communication is interrupted.
And finally, a signature mechanism is introduced, and the SDK can generate a latest signature value during some operations, so that the integrity of the file is guaranteed in real time. If there is a malicious modification or the like, there will be a signature value that is incorrect.
(10) Environmental self-test
The cryptoSDK guarantees the self-safety of the cryptoSDK and the safety of the server in order to enhance the safety of the environment of the host server, and supports the self-detection capability of the local environment. The following safety detection aspects are mainly completed:
A. and detecting the server base line, checking whether dangerous service is started or not, and whether safety configuration is in compliance or not. Such as whether the account password policy complexity policy is enabled.
B. The safety detection of the basic software package mainly verifies whether the basic software package with high-risk vulnerabilities exists or not by carrying out version detection on the basic software package of the server.
C. Whether the application program level refers to unsafe third-party dependence or not, such as whether a struts dependence package with a remote code execution vulnerability is used or not.
Through the execution of the data processing method, the following effects are achieved:
by integrating the encryption and decryption functions in the Crypto software development toolkit and placing the Crypto software development toolkit in the local of the application server, the encryption and decryption functions are placed in the local for use, leakage risks caused by data (sensitive data) to be requested of the application end in transmission are reduced, time consumed by a network in calling an interface is reduced, the application end can automatically expand the hardware level of the local server according to the data magnitude of the application end, the calling performance of the interface can be effectively improved, and meanwhile, the performance pressure of a key platform server is released.
In the embodiment of the present invention, the CryptoSDK may also provide versions of different languages, and use the same Application Program Interface (API) for different platforms and different languages, so that a user can obtain the same use experience when using multiple platforms.
Through integrating Crypto software development toolkit in application server, the SDK is with complicated data package, parts such as user authentication, other people identity authentication are packed completely, and the application side calls and only needs to consider outer API, shields the concrete realization of inlayer completely, and convenient to use reduces the complexity of compiling and calling interface part code, has realized that application side integrated SDK is swift, and convenient to use reduces the effect of the development degree of difficulty.
According to the method, JAVA is used as a language which is difficult to encrypt and package codes in different SDKs, so that an internal code is confused, a class C language is used for self-defining a ClassLoader and encryption is carried out, and the leakage risk of specific data to be requested in the SDKs is completely avoided. Corresponding code encryption strategies are adopted in other languages, and interface calling safety of the platform and the application end is guaranteed.
The network authentication protocol kerberos is used for authentication during identity authentication and Key sharing, when other people request to exchange keys, a Key Distribution Center (KDC) and a socket are introduced to ensure the credibility of the identities of the other people, all data in interaction are encrypted and transmitted, and only a user who applies for exchanging the keys has the right to check the Key data, so that the safety of the Key data is ensured.
In one example, at least one Crypto software development kit is integrated in the application server, and after each Crypto software development kit obtains its key, for any two Crypto software development kits, one of the Crypto software development kits may need to obtain the same key as the other Crypto software development kit, and at this time, key sharing between the two Crypto software development kits needs to be implemented. The following describes key sharing methods S210 to S250 between two Crypto software development kits:
s210, a first software development kit and a second software development kit are obtained.
The first software development kit may be a Crypto software development kit integrated on the application server.
The second software development kit may be a different Crypto software development kit than the first software development kit integrated on the application server.
S220, receiving a key sharing request sent by the first software development kit to the second software development kit.
The key sharing request may be a request sent by the first software development kit to the second software development kit that requires sharing of a key of the second software development kit.
After the first software development kit and the second software development kit are obtained, if the first software development kit needs to share the key of the second software development kit, the first software development kit needs to send a key sharing request to the second software development kit.
And S230, receiving the authentication result of the first software development kit by the second software development kit.
When the second software development kit receives the key sharing request, the second software development kit needs to authenticate the first software development kit and authenticate whether the first software development kit can share the key of the second software development kit.
The specific authentication mode is that before the first software development kit and the second software development kit are used, the encryption and decryption service center obtains the corresponding digital certificates of the first software development kit and the second software development kit can authenticate whether the first software development kit is trusted by authenticating the digital certificate of the first software development kit.
And S240, under the condition that the authentication result is that the first software development kit is credible, establishing connection between the second software development kit and the first software development kit.
In the event that the second software development kit authenticates that the first software development kit is authentic, the second software development kit may establish a connection with the first software development kit. Specifically, the second software development kit may send a connection request to the first software development kit, and the first software development kit confirms the connection, so that the first software development kit and the second software development kit may establish the connection.
S250, sending the decryption data, the encryption method and the key required by the first software development kit to the first software development kit.
After the first software development kit and the second software development kit are connected, the second software development kit can send decryption data, an encryption mode and a secret key required by the first software development kit to the first software development kit, and secret key sharing between the first software development kit and the second software development kit is achieved.
After key sharing between the two software development kits is realized, the logs of the first software development kit and the second software development kit are required to be uploaded to an encryption and decryption service center or other log management platforms through operation processes of the logs.
In the embodiment of the present invention, the key sharing described above can be implemented only in an online manner.
It should be noted that, although the above-mentioned manner only shows the key sharing between two software development kits, those skilled in the art will understand that the above-mentioned key sharing method is applicable to the key sharing between a plurality of software development kits.
Referring to fig. 4, the key sharing is performed between the application server and the encryption and decryption service center, and information transmission between the application server and the encryption and decryption service center is shown in fig. 4.
Based on the same inventive concept, the embodiment of the application also provides a data processing device.
Fig. 5 illustrates a data processing apparatus provided in an embodiment of the present application, where the data processing apparatus is integrated in an application server, and at least one Crypto software development kit is integrated in the application server, and as shown in fig. 5, the data processing apparatus may include:
a data request receiving module 510, configured to receive a data request sent by a client, where the data request includes: data to be requested;
a data type determining module 520, configured to determine a data type of the data to be requested based on the data request;
a target data determining module 530, configured to invoke a target processing interface corresponding to the data type of the data to be requested according to the data type of the data to be requested, and process the data to be requested based on the target processing interface to obtain target data;
and a target data returning module 540, configured to return the target data to the client.
In some embodiments, the data type determination module 520 may include:
a field obtaining unit, configured to obtain a field of the data to be requested in the data request;
the first data type determining unit is used for determining that the data type of the data to be requested is a first data type under the condition that the field of the data to be requested is determined to be a first data type identifier;
and the second data type determining unit is used for determining that the data type of the data to be requested is the second data type under the condition that the field of the data to be requested is determined to be the second data type identifier.
In some embodiments, when the data to be requested is the first data type, the target processing interface is an exact match interface. Correspondingly, the target data determining module 530 may further include:
and the first processing unit is used for encrypting and/or decrypting the data to be requested based on the precise matching interface to obtain target data.
In some embodiments, when the data to be requested is the second data type, the target processing interface is an fuzzy matching interface. Correspondingly, the target data determining module 530 may further include:
the to-be-processed data determining unit is used for identifying the to-be-requested data based on the fuzzy matching interface to obtain the to-be-processed data in the to-be-requested data;
and the second processing unit is used for carrying out encryption and/or decryption processing on the data to be processed to obtain target data.
In some embodiments, the to-be-processed data determining unit may be specifically configured to:
encoding the data to be requested to obtain a feature vector corresponding to the data to be requested; obtaining a target characteristic vector corresponding to the data to be processed based on the fuzzy matching interface and an identification model for identifying the data to be processed in the data to be requested; and carrying out inverse coding on the target characteristic vector to obtain the data to be processed.
In some embodiments, the data processing apparatus may further include:
the authentication registration module is used for sending a registration request to an encryption and decryption service center so that the encryption and decryption service center responds to the registration request, generates authentication information corresponding to the Crypto software development toolkit and sends the authentication information to an application server; and configuring a protection strategy corresponding to the Crypto software development kit for the Crypto software development kit so as to process the data to be requested based on the protection strategy.
In some embodiments, the target data determination module 530 may further include:
and the data to be requested determining and processing unit is used for executing the step of processing the data to be requested based on a target processing interface under the condition that the client is determined to have the use authority of the target data.
The data processing apparatus provided in the embodiment of the present application may be configured to execute the data processing method provided in each of the above method embodiments, and the implementation principle and the technical effect are similar, and for the sake of brevity, no further description is given here.
Based on the same inventive concept, the embodiment of the application also provides the electronic equipment.
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in fig. 6, the electronic device may include a processor 601 and a memory 602 storing computer programs or instructions.
Specifically, the processor 601 may include a Central Processing Unit (CPU), or an Application Specific Integrated Circuit (ASIC), or may be configured as one or more Integrated circuits implementing embodiments of the present invention.
Memory 602 may include mass storage for data or instructions. By way of example, and not limitation, memory 602 may include a Hard Disk Drive (HDD), floppy Disk Drive, flash memory, optical Disk, magneto-optical Disk, tape, or Universal Serial Bus (USB) Drive or a combination of two or more of these. Memory 602 may include removable or non-removable (or fixed) media, where appropriate. The memory 602 may be internal or external to the integrated gateway disaster recovery device, where appropriate. In a particular embodiment, the memory 602 is a non-volatile solid-state memory. In a particular embodiment, the memory 602 includes Read Only Memory (ROM). Where appropriate, the ROM may be mask-programmed ROM, programmable ROM (PROM), erasable PROM (EPROM), electrically Erasable PROM (EEPROM), electrically rewritable ROM (EAROM), or flash memory, or a combination of two or more of these.
The processor 601 realizes any one of the base station failure detection methods in the above embodiments by reading and executing computer program instructions stored in the memory 602.
In one example, the electronic device may also include a communication interface 603 and a bus 610. As shown in fig. 6, the processor 601, the memory 602, and the communication interface 603 are connected via a bus 610 to complete communication therebetween.
The communication interface 603 is mainly used for implementing communication between modules, devices, units and/or devices in the embodiment of the present invention.
The bus 610 includes hardware, software, or both to couple the components of the electronic device to one another. By way of example, and not limitation, a bus may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industrial Standard Architecture (EISA) bus, a Front Side Bus (FSB), a Hyper Transport (HT) interconnect, an Industrial Standard Architecture (ISA) bus, an infiniband interconnect, a Low Pin Count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a video electronics standards association local (VLB) bus, or other suitable bus or a combination of two or more of these. Bus 610 may include one or more buses, where appropriate. Although specific buses have been described and shown in the embodiments of the invention, any suitable buses or interconnects are contemplated by the invention.
The electronic device may execute the video rate control method in the embodiment of the present invention, so as to implement the data processing method described in fig. 1 to fig. 4.
In addition, in combination with the data processing method in the foregoing embodiment, the embodiment of the present invention may be implemented by providing a readable storage medium. The readable storage medium has program instructions stored thereon; the program instructions, when executed by a processor, implement any of the data processing methods in the above embodiments.
It is to be understood that the invention is not limited to the precise arrangements and instrumentalities shown. A detailed description of known methods is omitted herein for the sake of brevity. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present invention are not limited to the specific steps described and illustrated, and those skilled in the art can make various changes, modifications and additions or change the order between the steps after comprehending the spirit of the present invention.
The functional blocks shown in the above-described structural block diagrams may be implemented as hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, plug-in, function card, or the like. When implemented in software, the elements of the invention are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine-readable medium or transmitted by a data signal carried in a carrier wave over a transmission medium or a communication link. A "machine-readable medium" may include any medium that can store or transfer information. Examples of a machine-readable medium include an electronic circuit, a semiconductor memory device, a ROM, a flash memory, an Erasable ROM (EROM), a floppy disk, a CD-ROM, an optical disk, a hard disk, an optical fiber medium, a Radio Frequency (RF) link, and so forth. The code segments may be downloaded via computer networks such as the internet, intranet, etc.
It should also be noted that the exemplary embodiments mentioned in this patent describe some methods or systems based on a series of steps or devices. However, the present invention is not limited to the order of the above-described steps, that is, the steps may be performed in the order mentioned in the embodiments, may be performed in an order different from the order in the embodiments, or may be performed simultaneously.
As described above, only the specific embodiments of the present invention are provided, and it can be clearly understood by those skilled in the art that, for convenience and simplicity of description, the specific working processes of the system, the module and the unit described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. It should be understood that the scope of the present invention is not limited thereto, and any equivalent modifications or substitutions can be easily made by those skilled in the art within the technical scope of the present invention.

Claims (10)

1. A data processing method is applied to an application server, at least one Crypto software development toolkit is integrated in the application server, and the data processing method comprises the following steps:
receiving a data request sent by a client, wherein the data request comprises: data to be requested;
determining the data type of the data to be requested based on the data request;
calling a target processing interface corresponding to the data type of the data to be requested according to the data type of the data to be requested, and processing the data to be requested based on the target processing interface to obtain target data;
and returning the target data to the client.
2. The method of claim 1, wherein the determining the data type of the data to be requested based on the data request comprises:
acquiring a field of the data to be requested in the data request;
determining that the data type of the data to be requested is a first data type under the condition that the field of the data to be requested is determined to be a first data type identifier;
and under the condition that the field of the data to be requested is determined to be the second data type identifier, determining that the data type of the data to be requested is the second data type.
3. The method of claim 2, wherein when the data to be requested is the first data type, the target processing interface is an exact match interface;
the processing the data to be requested based on the target processing interface to obtain the current data and returning the target data to the client comprises:
and encrypting and/or decrypting the data to be requested based on the accurate matching interface to obtain target data.
4. The method of claim 2, wherein when the data to be requested is the second data type, the target processing interface is a fuzzy matching interface;
the processing the data to be requested based on the target processing interface to obtain the current data and returning the target data to the client comprises:
identifying the data to be requested based on the fuzzy matching interface to obtain the data to be processed in the data to be requested;
and encrypting and/or decrypting the data to be processed to obtain target data.
5. The method according to claim 4, wherein the identifying the data to be requested based on the fuzzy matching interface to obtain the data to be processed in the data to be requested comprises:
encoding the data to be requested to obtain a feature vector corresponding to the data to be requested;
obtaining a target characteristic vector corresponding to the data to be processed based on the fuzzy matching interface and an identification model for identifying the data to be processed in the data to be requested;
and carrying out inverse coding on the target characteristic vector to obtain the data to be processed.
6. The method of claim 1, wherein prior to receiving the data request sent by the client, the method further comprises:
sending a registration request to an encryption and decryption service center so that the encryption and decryption service center generates authentication information corresponding to the Crypto software development kit in response to the registration request, and sending the authentication information to an application server; and configuring a protection strategy corresponding to the Crypto software development kit for the Crypto software development kit so as to process the data to be requested based on the protection strategy.
7. The method of claim 1, wherein after the invoking of the target processing interface corresponding to the data type of the data to be requested, the method further comprises:
and under the condition that the client side is determined to have the use authority of the target data, executing the step of processing the data to be requested based on a target processing interface.
8. A data processing apparatus, said apparatus being integrated into an application server, at least one crypt software development kit being integrated into said application server, said apparatus comprising:
a data request receiving module, configured to receive a data request sent by a client, where the data request includes: data to be requested;
the data type determining module is used for determining the data type of the data to be requested based on the data request;
and the target data determining module is used for calling a target processing interface corresponding to the data type of the data to be requested according to the data type of the data to be requested, processing the data to be requested based on the target processing interface to obtain target data, and returning the target data to the client.
9. An electronic device comprising a processor, a memory and a program or instructions stored on the memory and executable on the processor, the program or instructions when executed by the processor implementing the steps of the data processing method according to any one of claims 1 to 7.
10. A computer storage medium, characterized in that it has stored thereon computer program instructions which, when executed by a processor, implement a data processing method according to any one of claims 1 to 7.
CN202110336674.9A 2021-03-29 2021-03-29 Data processing method and device, electronic equipment and storage medium Pending CN115146284A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110336674.9A CN115146284A (en) 2021-03-29 2021-03-29 Data processing method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110336674.9A CN115146284A (en) 2021-03-29 2021-03-29 Data processing method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN115146284A true CN115146284A (en) 2022-10-04

Family

ID=83403379

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110336674.9A Pending CN115146284A (en) 2021-03-29 2021-03-29 Data processing method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115146284A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116915760A (en) * 2023-09-12 2023-10-20 哈尔滨工程大学三亚南海创新发展基地 Full-network data communication packaging method and system based on http

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116915760A (en) * 2023-09-12 2023-10-20 哈尔滨工程大学三亚南海创新发展基地 Full-network data communication packaging method and system based on http
CN116915760B (en) * 2023-09-12 2023-12-26 哈尔滨工程大学三亚南海创新发展基地 Full-network data communication packaging method and system based on http

Similar Documents

Publication Publication Date Title
US10826882B2 (en) Network-based key distribution system, method, and apparatus
US9197420B2 (en) Using information in a digital certificate to authenticate a network of a wireless access point
RU2434352C2 (en) Reliable authentication method and device
CN110519309B (en) Data transmission method, device, terminal, server and storage medium
US10432600B2 (en) Network-based key distribution system, method, and apparatus
CN110990827A (en) Identity information verification method, server and storage medium
US9055061B2 (en) Process of authentication for an access to a web site
US20090319793A1 (en) Portable device for use in establishing trust
CN108418691A (en) Dynamic network identity identifying method based on SGX
Jeong et al. An efficient authentication system of smart device using multi factors in mobile cloud service architecture
CN102916970B (en) Network-based PIN cache method
US11424915B2 (en) Terminal registration system and terminal registration method with reduced number of communication operations
CN111130799B (en) Method and system for HTTPS protocol transmission based on TEE
CN112272089B (en) Cloud host login method, device, equipment and computer readable storage medium
JP2017152880A (en) Authentication system, key processing coordination method, and key processing coordination program
CN111901303A (en) Device authentication method and apparatus, storage medium, and electronic apparatus
JP4874007B2 (en) Authentication system, server computer, program, and recording medium
CN112769789B (en) Encryption communication method and system
KR101206854B1 (en) Authentication system and method based by unique identifier
CN109474431B (en) Client authentication method and computer readable storage medium
CN115146284A (en) Data processing method and device, electronic equipment and storage medium
CN111898101A (en) Application security equipment verification method and device
JP2009199147A (en) Communication control method and communication control program
KR20170111809A (en) Bidirectional authentication method using security token based on symmetric key
CN116781359B (en) Portal security design method using network isolation and cryptograph

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination