CN116155496B - National soil transformation investigation data transmission method and device based on national secret algorithm - Google Patents
National soil transformation investigation data transmission method and device based on national secret algorithm Download PDFInfo
- Publication number
- CN116155496B CN116155496B CN202211353531.XA CN202211353531A CN116155496B CN 116155496 B CN116155496 B CN 116155496B CN 202211353531 A CN202211353531 A CN 202211353531A CN 116155496 B CN116155496 B CN 116155496B
- Authority
- CN
- China
- Prior art keywords
- data
- task
- investigation
- homeland
- signature file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
According to the method and the device for transmitting the homeland change investigation data based on the homeland secret algorithm, the intelligent investigation cloud platform system is constructed, when the homeland change investigation related data is transmitted in the intelligent investigation cloud platform system, the SM4 and SM2 mixed encryption algorithm is adopted to encrypt and decrypt the homeland change investigation related data, and compared with the existing homeland change investigation industry, the method and the device for transmitting the homeland change investigation data based on the homeland secret algorithm only adopt a single encryption algorithm to transmit the data in a network environment, so that the processing speed of encrypting and decrypting the data in the platform system can be optimized, and the data transmission safety of the platform system is improved; and meanwhile, after the homeland change investigation data are obtained, the SM3 and SM2 mixed encryption algorithm is adopted to carry out data signature and verification processing on the homeland change investigation data, so that the consistency of various homeland change investigation data between province level and county level can be ensured.
Description
Technical Field
The invention relates to the technical field of computer data security transmission, in particular to a national land change investigation data transmission method and device based on a national secret algorithm.
Background
The territorial change investigation data is taken as an important basis for natural resource management work, and is widely applied to work such as territorial space planning and implementation, cultivated land protection, ecological restoration, resource saving intensive utilization and the like. With the advent of the internet era, the traditional method for transmitting data by adopting media such as optical discs and hard discs and paper forms of labels has become unable to adapt to the development of society, but the online data transmission mode based on the network environment is widely used, but the risks of capturing, interrupting, falsifying and forging the data are also existed. Geographic data in the current network transmission environment is mainly protected by signing a secret agreement, making related legal deterrents, verifying digital signatures, encrypting and the like. Such as against attacks such as interception, the information can be prevented from falling into the hands of unauthorized users by means of encryption. Against attacks such as interruption, falsification and the like, the data can be authenticated in a digital signature manner, the other party is prevented from repudiation or falsification, and meanwhile, whether the data is modified during transmission can be confirmed through integrity authentication. Among them, the data encryption technology is a major issue for ensuring the data security in network transmission.
In the homeland change investigation industry at present, a single encryption algorithm such as SM3 is generally selected for data transmission in a network environment, and the integrity verification method such as digital signature provided by the algorithm only verifies whether the data is modified or not, so that the data cannot be prevented from being illegally stolen. The SM2 algorithm is generally slower in encryption and decryption speed due to the fact that the SM2 algorithm relates to complex modular operation with large bit width, and is only suitable for encrypting small data. The SM4 algorithm requires an additional secure channel to distribute keys, which are complicated to manage and difficult to guarantee. Meanwhile, various single encryption algorithms face serious security challenges due to development of various password attack technologies, and if a network environment is adopted for data transmission, a large number of public keys and private keys are generated, so that the distribution and management of the keys are difficult.
Disclosure of Invention
The invention aims to solve the technical problems that: the method and the device for transmitting the national soil change investigation data based on the national cryptographic algorithm are provided, so that the processing speed of encrypting and decrypting the system data is improved, and the safety of the system data transmission is improved.
In order to solve the technical problems, the invention provides a national soil transformation investigation data transmission method based on a national cryptographic algorithm, which comprises the following steps:
An intelligent investigation cloud platform system is established, wherein the intelligent investigation cloud platform system comprises an external network system, and the external network system comprises a homeland investigation cloud platform, a county-level hub machine and an outside industry investigation evidence-providing APP;
controlling the county-level hub machine and the field investigation evidence-providing APP to respectively send task data acquisition requests to the homeland investigation cloud platform, so that when the homeland investigation cloud platform receives the task data acquisition requests, the SM4 and SM2 mixed encryption algorithm is adopted to encrypt task data to be sent, first task data corresponding to a receiver are generated, and the first task data are correspondingly transmitted to the county-level hub machine and the field investigation evidence-providing APP;
controlling the county-level hub machine and the field investigation evidence-providing APP to respectively receive the first task data, and after the first task data are received, adopting an SM4 and SM2 mixed encryption algorithm to decrypt the first task data to obtain corresponding task data;
controlling the county-level hub machine and the field investigation and verification APP to perform task processing according to the task data respectively to generate corresponding task processing result data, judging whether the task processing result data belongs to homeland change investigation data, if so, performing data signing processing on the task processing result data based on an SM3 and SM2 mixed encryption algorithm to generate a signature file;
And controlling the county-level hub machine and the field investigation evidence-providing APP to encrypt the signature file by adopting an SM4 and SM2 hybrid encryption algorithm to generate a corresponding first signature file, and sending the first signature file to the homeland investigation cloud platform, so that the homeland investigation cloud platform decrypts the first signature file by adopting the SM4 and SM2 hybrid encryption algorithm after receiving the first signature file, and the signature file is obtained.
In a possible implementation manner, the constructed intelligent investigation cloud platform system further comprises an intranet system, wherein the intranet system comprises a provincial level auditing system and an internal auditing system, and the internal auditing system comprises a county level internal industry pre-auditing module, a single image spot library building module, county level achievement auditing software and county level change achievement quality inspection software;
controlling the provincial auditing system, sending a signature file acquisition request to the homeland investigation cloud platform, so that when the homeland investigation cloud platform receives the signature file acquisition request, adopting an SM4 and SM2 mixed encryption algorithm to encrypt the signature file, generating a second signature file, and transmitting the second signature file to the provincial auditing system;
And controlling the provincial auditing system to receive the second signature file, decrypting the second signature file by adopting an SM4 and SM2 hybrid encryption algorithm to obtain a corresponding signature file, and performing data signature verification processing on the signature file based on the SM3 and SM2 hybrid encryption algorithm to obtain a verification result.
In one possible implementation manner, the county-level hub machine is controlled to perform task processing according to the task data, and corresponding task processing result data is generated, which specifically includes:
after the county-level hub machine obtains corresponding task data, distributing the first task data to obtain a plurality of task distribution data, encrypting each task distribution data by adopting an SM4 and SM2 hybrid encryption algorithm to generate a plurality of first task distribution data, and transmitting the plurality of first task distribution data to the internal auditing system;
the internal auditing system is controlled to receive corresponding first task allocation data, after the first task allocation data is received, the SM4 and SM2 mixed encryption algorithm is adopted to decrypt the first task allocation data to obtain corresponding task allocation data, and task processing is carried out according to the task allocation data to generate corresponding task allocation processing result data; carrying out encryption processing on each task allocation processing result data by adopting an SM4 and SM2 mixed encryption algorithm to generate a plurality of encryption task allocation processing result data, and transmitting the plurality of encryption task allocation processing result data to the county-level hub machine;
And controlling the county-level junction machine to receive the plurality of encrypted task allocation processing result data, adopting an SM4 and SM2 mixed encryption algorithm to decrypt each encrypted task allocation processing result data to obtain a plurality of task allocation processing result data, and integrating all task allocation processing result data to obtain task processing result data corresponding to the county-level junction machine.
In one possible implementation manner, before controlling the internal auditing system to perform task processing according to the task allocation data and generating corresponding task allocation processing result data, the method further includes:
controlling the provincial auditing system to perform data signing processing on basic data by adopting an SM3 and SM2 mixed encryption algorithm to generate a basic data signing file, wherein the basic data comprises a basic library, images, field patterns and reference data;
and carrying out encryption processing on the basic data signature file by adopting an SM4 and SM2 mixed encryption algorithm, generating an encrypted basic data signature file, and sending the encrypted basic data signature file to the internal auditing system, so that the internal auditing system can carry out decryption processing on the encrypted basic data signature file by adopting an SM4 and SM2 mixed encryption algorithm after receiving the encrypted basic data signature file, so as to obtain a basic data signature file, and carrying out data signature verification processing on the basic data signature file by adopting an SM3 and SM2 mixed encryption algorithm, so as to obtain a basic data signature verification result.
In one possible implementation manner, the field investigation and verification APP is controlled to receive the first task data, and after the first task data is received, the first task data is decrypted by adopting an SM4 and SM2 hybrid encryption algorithm to obtain corresponding task data, which specifically includes:
and controlling the field investigation evidence APP to receive the first task data, storing the first task data in a local memory of the field investigation evidence APP after receiving the first task data, acquiring task address data on the first task data, acquiring current positioning information of the field investigation evidence APP in real time, and decrypting the first task data by adopting an SM4 and SM2 mixed encryption algorithm when the current positioning information is consistent with the first task address data to obtain corresponding task data.
In a possible implementation manner, the encryption processing is performed on the task data to be sent by adopting an SM4 and SM2 hybrid encryption algorithm, so as to generate first task data corresponding to a receiver, which specifically includes:
and generating a random password based on an SM4 algorithm, encrypting task data to be transmitted by adopting an SM4 symmetric encryption algorithm based on the random password, generating encrypted task data, acquiring and carrying out encryption processing on the random password by adopting an SM2 asymmetric encryption algorithm based on a public key of a receiver, generating an encrypted random password, and generating first task data corresponding to the receiver according to the encrypted task data and the encrypted random password.
In one possible implementation manner, the decryption processing is performed on the first task data by adopting an SM4 and SM2 hybrid encryption algorithm to obtain corresponding task data, and specifically includes:
and obtaining and decrypting the encrypted random password by adopting an SM2 asymmetric encryption algorithm based on a private key of a decryption party to obtain the random password, and decrypting the encrypted task data by adopting an SM4 symmetric encryption algorithm based on the random password to obtain the corresponding task data.
In one possible implementation manner, the data signature is performed on the task processing result data based on an SM3 and SM2 hybrid encryption algorithm, and a signature file is generated, which specifically includes:
and acquiring a hash value of the task processing result data based on an SM3 algorithm, acquiring and signing the hash value by adopting an SM2 algorithm based on a private key of a signature generating party, and writing the signature value into the task processing result data to generate a signature file.
In one possible implementation manner, the data signature verification process is performed on the signature file based on an SM3 and SM2 hybrid encryption algorithm to obtain a verification result, which specifically includes:
acquiring a hash value corresponding to the signature file based on an SM3 algorithm, reading a signature value in the signature file, and reading a signature generating party public key;
And carrying out signature verification on the signature file by adopting an SM2 algorithm according to the hash value, the signature value and the signature generating party public key to obtain a verification result, if the verification result is the same, the signature file is considered to be correct, and if the verification result is not the same, the signature file is considered to be tampered.
In one possible implementation manner, before controlling the county-level terminal and the field investigation proving APP to send task data acquisition requests to the homeland investigation cloud platform respectively, the method further includes:
controlling the territory investigation cloud platform, the county terminal machine, the field investigation evidence-providing APP, the provincial auditing system and the internal auditing system to respectively generate a corresponding public key and a private key;
and storing the public key and the private key corresponding to the county-level hub machine and the internal auditing system by adopting a hardware dongle mode.
In a possible implementation manner, the signature file decryption module is configured to send the first signature file to the homeland investigation cloud platform, and specifically includes:
and copying the first signature file to obtain a first main signature file and a first auxiliary signature file, and respectively transmitting the first main signature file and the second auxiliary signature file to the homeland investigation cloud platform based on a double transmission link, wherein the double transmission link comprises a main transmission link and an auxiliary transmission link.
In one possible implementation manner, the data signature verification process is performed on the signature file based on an SM3 and SM2 hybrid encryption algorithm to obtain a verification result, which specifically includes:
when the provincial auditing system obtains a signature file, wherein the signature file comprises a main signature file and an auxiliary signature file;
performing data signature verification processing on the master signature file based on an SM3 and SM2 mixed encryption algorithm to obtain a master signature file verification result;
if the verification results of the main signature files are the same, the data signature verification processing is not carried out on the auxiliary signature files, and if the verification results of the main signature files are different, the data signature verification processing is carried out on the auxiliary signature files based on an SM3 and SM2 hybrid encryption algorithm, so that the auxiliary signature file verification results are obtained;
if the verification results of the auxiliary signature files are the same, the auxiliary signature files are reserved, and if the verification results of the auxiliary signature files are different, a signature file tamper warning is sent.
The invention also provides a national soil transformation investigation data transmission device based on the national cryptographic algorithm, which comprises: the system comprises a system construction module, a task data encryption module, a task data decryption module, a task processing result data signature module and a signature file decryption module;
The system construction module is used for constructing an intelligent investigation cloud platform system, wherein the intelligent investigation cloud platform system comprises an external network system, and the external network system comprises a homeland investigation cloud platform, a county-level hub machine and an outside industry investigation evidence-holding APP;
the task data encryption module is used for controlling the county-level junction machine and the field investigation evidence-providing APP to respectively send task data acquisition requests to the homeland investigation cloud platform, so that when the homeland investigation cloud platform receives the task data acquisition requests, the SM4 and SM2 mixed encryption algorithm is adopted to encrypt task data to be sent, first task data corresponding to a receiver are generated, and the first task data are correspondingly transmitted to the county-level junction machine and the field investigation evidence-providing APP;
the task data decryption module is used for controlling the county-level junction machine and the field investigation evidence-providing APP to respectively receive the first task data, and after the first task data is received, adopting an SM4 and SM2 mixed encryption algorithm to decrypt the first task data to obtain corresponding task data;
the task processing result data signing module is used for controlling the county-level hub machine and the field investigation evidence-holding APP to respectively conduct task processing according to the task data to generate corresponding task processing result data, judging whether the task processing result data belong to homeland change investigation data, if so, conducting data signing processing on the task processing result data based on an SM3 and SM2 mixed encryption algorithm to generate a signature file;
The signature file decryption module is used for controlling the county-level hub machine and the field investigation evidence-holding APP to encrypt the signature file by adopting an SM4 and SM2 hybrid encryption algorithm, generating a corresponding first signature file, and sending the first signature file to the homeland investigation cloud platform, so that the homeland investigation cloud platform decrypts the first signature file by adopting the SM4 and SM2 hybrid encryption algorithm after receiving the first signature file, and the signature file is obtained.
In a possible implementation manner, the intelligent investigation cloud platform system constructed in the system construction module further comprises an intranet system, wherein the intranet system comprises a provincial auditing system and an internal auditing system, and the internal auditing system comprises a county-level internal industry pre-auditing module, a single-image spot library construction module, county-level result auditing software and county-level change result quality inspection software.
The invention provides a national soil change investigation data transmission device based on a national cryptographic algorithm, which further comprises: a signature verification module;
the signature verification module is used for controlling the provincial auditing system, sending a signature file acquisition request to the homeland investigation cloud platform, enabling the homeland investigation cloud platform to encrypt the signature file by adopting an SM4 and SM2 mixed encryption algorithm when receiving the signature file acquisition request, generating a second signature file, and transmitting the second signature file to the provincial auditing system;
And controlling the provincial auditing system to receive the second signature file, decrypting the second signature file by adopting an SM4 and SM2 hybrid encryption algorithm to obtain a corresponding signature file, and performing data signature verification processing on the signature file based on the SM3 and SM2 hybrid encryption algorithm to obtain a verification result.
In one possible implementation manner, the task processing result data signing module is configured to control the county level hub machine to perform task processing according to the task data, and generate corresponding task processing result data, where the task processing result data signing module specifically includes:
after the county-level hub machine obtains corresponding task data, distributing the first task data to obtain a plurality of task distribution data, encrypting each task distribution data by adopting an SM4 and SM2 hybrid encryption algorithm to generate a plurality of first task distribution data, and transmitting the plurality of first task distribution data to the internal auditing system;
the internal auditing system is controlled to receive corresponding first task allocation data, after the first task allocation data is received, the SM4 and SM2 mixed encryption algorithm is adopted to decrypt the first task allocation data to obtain corresponding task allocation data, and task processing is carried out according to the task allocation data to generate corresponding task allocation processing result data; carrying out encryption processing on each task allocation processing result data by adopting an SM4 and SM2 mixed encryption algorithm to generate a plurality of encryption task allocation processing result data, and transmitting the plurality of encryption task allocation processing result data to the county-level hub machine;
And controlling the county-level junction machine to receive the plurality of encrypted task allocation processing result data, adopting an SM4 and SM2 mixed encryption algorithm to decrypt each encrypted task allocation processing result data to obtain a plurality of task allocation processing result data, and integrating all task allocation processing result data to obtain task processing result data corresponding to the county-level junction machine.
The invention provides a national soil change investigation data transmission device based on a national cryptographic algorithm, which further comprises: a base data distribution module;
the system comprises a basic data distribution module, a provincial level auditing system, a provincial level auditing module and a provincial level auditing module, wherein the basic data distribution module is used for controlling the provincial level auditing system to carry out data signing processing on basic data by adopting an SM3 and SM2 mixed encryption algorithm to generate a basic data signing file, and the basic data comprises a basic library, images, field image spots and reference data;
the basic data distribution module is used for encrypting the basic data signature file by adopting an SM4 and SM2 mixed encryption algorithm to generate an encrypted basic data signature file, and sending the encrypted basic data signature file to the internal auditing system, so that the internal auditing system decrypts the encrypted basic data signature file by adopting the SM4 and SM2 mixed encryption algorithm after receiving the encrypted basic data signature file to obtain a basic data signature file, and performs data signature verification on the basic data signature file by adopting an SM3 and SM2 mixed encryption algorithm to obtain a basic data signature verification result.
In a possible implementation manner, the task data decryption module is configured to control the field investigation and verification APP to receive the first task data, and after receiving the first task data, decrypt the first task data by using an SM4 and SM2 hybrid encryption algorithm to obtain corresponding task data, and specifically includes:
and controlling the field investigation evidence APP to receive the first task data, storing the first task data in a local memory of the field investigation evidence APP after receiving the first task data, acquiring task address data on the first task data, acquiring current positioning information of the field investigation evidence APP in real time, and decrypting the first task data by adopting an SM4 and SM2 mixed encryption algorithm when the current positioning information is consistent with the first task address data to obtain corresponding task data.
In a possible implementation manner, the task data encryption module is configured to encrypt task data to be sent by using an SM4 and SM2 hybrid encryption algorithm, and generate first task data corresponding to a receiver, where the first task data specifically includes:
And generating a random password based on an SM4 algorithm, encrypting task data to be transmitted by adopting an SM4 symmetric encryption algorithm based on the random password, generating encrypted task data, acquiring and carrying out encryption processing on the random password by adopting an SM2 asymmetric encryption algorithm based on a public key of a receiver, generating an encrypted random password, and generating first task data corresponding to the receiver according to the encrypted task data and the encrypted random password.
In one possible implementation manner, the task data decryption module is configured to decrypt the first task data by using an SM4 and SM2 hybrid encryption algorithm to obtain corresponding task data, and specifically includes:
and obtaining and decrypting the encrypted random password by adopting an SM2 asymmetric encryption algorithm based on a private key of a decryption party to obtain the random password, and decrypting the encrypted task data by adopting an SM4 symmetric encryption algorithm based on the random password to obtain the corresponding task data.
In one possible implementation manner, the task processing result data signing module performs data signing on the task processing result data based on an SM3 and SM2 hybrid encryption algorithm to generate a signature file, and specifically includes:
And acquiring a hash value of the task processing result data based on an SM3 algorithm, acquiring and signing the hash value by adopting an SM2 algorithm based on a private key of a signature generating party, and writing the signature value into the task processing result data to generate a signature file.
In one possible implementation manner, the signature file decryption module is configured to perform data signature verification processing on the signature file based on an SM3 and SM2 hybrid encryption algorithm to obtain a verification result, and specifically includes:
acquiring a hash value corresponding to the signature file based on an SM3 algorithm, reading a signature value in the signature file, and reading a signature generating party public key;
and carrying out signature verification on the signature file by adopting an SM2 algorithm according to the hash value, the signature value and the signature generating party public key to obtain a verification result, if the verification result is the same, the signature file is considered to be correct, and if the verification result is not the same, the signature file is considered to be tampered.
The invention provides a national soil change investigation data transmission device based on a national cryptographic algorithm, which further comprises: a key generation module;
the key generation module is used for controlling the homeland investigation cloud platform, the county level hub machine, the field investigation evidence-providing APP, the provincial level auditing system and the internal auditing system to respectively generate a corresponding public key and a private key;
And the key generation module is used for storing the public key and the private key corresponding to the county-level junction machine and the internal auditing system in a hardware dongle mode.
In one possible implementation manner, the sending the first signature file to the homeland investigation cloud platform specifically includes:
and copying the first signature file to obtain a first main signature file and a first auxiliary signature file, and respectively transmitting the first main signature file and the second auxiliary signature file to the homeland investigation cloud platform based on a double transmission link, wherein the double transmission link comprises a main transmission link and an auxiliary transmission link.
In one possible implementation manner, the signature file decryption module is configured to perform data signature verification processing on the signature file based on an SM3 and SM2 hybrid encryption algorithm to obtain a verification result, and specifically includes:
when the provincial auditing system obtains a signature file, wherein the signature file comprises a main signature file and an auxiliary signature file;
performing data signature verification processing on the master signature file based on an SM3 and SM2 mixed encryption algorithm to obtain a master signature file verification result;
if the verification results of the main signature files are the same, the data signature verification processing is not carried out on the auxiliary signature files, and if the verification results of the main signature files are different, the data signature verification processing is carried out on the auxiliary signature files based on an SM3 and SM2 hybrid encryption algorithm, so that the auxiliary signature file verification results are obtained;
If the verification results of the auxiliary signature files are the same, the auxiliary signature files are reserved, and if the verification results of the auxiliary signature files are different, a signature file tamper warning is sent.
The invention also provides a terminal device, which comprises a processor, a memory and a computer program stored in the memory and configured to be executed by the processor, wherein the processor realizes the homeland changing investigation data transmission method based on the national encryption algorithm when executing the computer program.
The invention also provides a computer readable storage medium, which comprises a stored computer program, wherein the computer program controls equipment where the computer readable storage medium is located to execute the homeland transformation investigation data transmission method based on the homeland secret algorithm according to any one of the above.
Compared with the prior art, the method and the device for transmitting the homeland transformation investigation data based on the national cryptographic algorithm have the following beneficial effects:
the method comprises the steps of controlling a homeland investigation cloud platform to encrypt task data to be sent by adopting an SM4 and SM2 hybrid encryption algorithm by constructing an intelligent investigation cloud platform system, and generating first task data corresponding to a receiver; controlling the county-level hub machine and the field investigation evidence-providing APP to decrypt the received first task data by adopting an SM4 and SM2 hybrid encryption algorithm to obtain corresponding task data; and performing task processing according to the task data to generate corresponding task processing result data, performing data signing processing on the task processing result data belonging to homeland change investigation data by adopting an SM3 and SM2 hybrid encryption algorithm to generate signature files, performing encryption processing on the signature files to generate corresponding first signature files, and sending the first signature files to the homeland investigation cloud platform, so that the homeland investigation cloud platform decrypts the first signature files by adopting an SM4 and SM2 hybrid encryption algorithm after receiving the first signature files to obtain the signature files. Compared with the prior art, the technical scheme provided by the invention can improve the processing speed of encrypting and decrypting the system data and improve the safety of the system data transmission.
Drawings
FIG. 1 is a schematic flow chart of an embodiment of a method for transmitting homeland transformation survey data based on a national cryptographic algorithm;
FIG. 2 is a schematic diagram of an embodiment of a device for transmitting homeland transformation survey data based on a national cryptographic algorithm;
FIG. 3 is a schematic diagram of a construction of another embodiment of a device for transmitting homeland transformation survey data based on a national cryptographic algorithm;
fig. 4 is a schematic structural diagram of another embodiment of a homeland transformation investigation data transmission device based on a national cryptographic algorithm;
fig. 5 is a schematic structural diagram of another embodiment of a homeland transformation investigation data transmission device based on a national cryptographic algorithm.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
Referring to fig. 1, fig. 1 is a flow chart of an embodiment of a homeland transformation investigation data transmission method based on a homeland secret algorithm, as shown in fig. 1, the method includes steps 101 to 105, specifically as follows:
step 101: an intelligent investigation cloud platform system is built, wherein the intelligent investigation cloud platform system comprises an external network system, and the external network system comprises a homeland investigation cloud platform, a county-level hub machine and an outside industry investigation evidence-providing APP.
In an embodiment, the built intelligent investigation cloud platform system further comprises an intranet system, wherein the intranet system comprises a provincial level auditing system and an internal auditing system, and the internal auditing system comprises a county level internal industry pre-auditing module, a single-image spot library building module, county level achievement auditing software and county level change achievement quality inspection software.
In an embodiment, an external network system of the intelligent investigation cloud platform system is mainly used for carrying out transmission operations such as data distribution, return and reporting; the intranet system of the intelligent investigation cloud platform system is mainly used for carrying out transmission operations of data distribution, feedback and auditing.
In one embodiment, when detecting that an external network system of the intelligent investigation cloud platform system transmits data to an internal network system, performing file ferry by adopting a single-phase network gate; when detecting that the intranet system of the intelligent investigation cloud platform system transmits data to the extranet system, adopting an optical disk ferrying mode to transmit data.
In an embodiment, in order to improve the security of data transmission, encryption transmission is required to be performed on the data in the intelligent investigation cloud platform system, so that the homeland investigation cloud platform, the county-level hub machine, the field investigation verification APP, the provincial level auditing system and the internal auditing system are controlled to generate corresponding public keys and private keys respectively for data encryption transmission.
Specifically, the homeland investigation cloud platform and the provincial auditing system respectively generate a pair of public and private keys; the county-level junction machine and the internal auditing system respectively generate county-level quantity pair public and private keys according to respective county-level quantity correspondence; for the field investigation proving APP, a pair of public and private keys for users are generated after the users log in the APP.
In an embodiment, a hardware dongle mode is adopted to store the public key and the private key corresponding to the county-level hub machine and the internal auditing system.
Specifically, the county-level hub machine and the internal auditing system adopt a hardware dongle mode to carry out authorization authentication, and each county corresponding to the county-level hub machine and the internal auditing system generates a hub machine dongle and an internal auditing system dongle; the hardware dongle is an encryption product inserted on a USB port of the computer, a private key of the hardware dongle and a public key of the other party are stored in the dongle, and after the software obtains the secret key from the dongle, encryption and decryption processing is carried out on the data; dongles are issued by provincial level for data encryption.
Specifically, the hinge machine dongle and the internal auditing system dongle respectively store private keys of the hinge machine dongle and public keys of the other party, are used for safe transmission of intranet data, are generally two in each, and comprise a main hinge machine dongle, an auxiliary hinge machine dongle, a main internal auditing system dongle and an auxiliary internal auditing system dongle, wherein the auxiliary hinge machine dongle and the auxiliary internal auditing system dongle are respectively used for cloning after the main hinge machine dongle and the main internal auditing system dongle are damaged.
In one embodiment, public and private keys of the intelligent investigation cloud platform system are managed by using a PKI digital certificate system. CA is the issuing authority for certificates, which is the core of the public key infrastructure (Public Key Infrastructure, PKI); the CA is the authority responsible for issuing certificates, authenticating certificates, managing issued certificates. If the user wants to obtain a certificate belonging to the user, he shall firstly apply for the certificate, after the CA knows the identity of the applicant, a public key is allocated to the user, and the CA binds the public key and the identity information of the applicant together and signs the public key, then forms a certificate and sends the certificate to the applicant; if a user wants to authenticate the authenticity of another certificate, he verifies the signature on that certificate with the public key of the CA, and once verified, the certificate is considered valid; the certificate is actually an authentication of the public key of the user issued by the certificate issuing authority CA; the content of the certificate includes: information of the electronic visa, public key user information, public keys, signature and validity period of authorities, and the like; the format and the verification method of the certificate verify according to the requirements of the national encryption algorithm.
In an embodiment, the intelligent investigation cloud platform system relates to that public keys which need to be transmitted on line in an external network system are required to be signed and shared through a CA, and the public keys comprise an outside industry investigation evidence-providing APP public key, a hub machine dongle public key, an inside auditing system dongle public key and a homeland investigation cloud platform public key. The private key of the CA is stored on the CA server in an encrypted mode, and the public key of the CA is obtained through calling the interface of the CA.
Step 102: and controlling the county-level hub machine and the field investigation evidence-providing APP to respectively send task data acquisition requests to the homeland investigation cloud platform, so that when the homeland investigation cloud platform receives the task data acquisition requests, the SM4 and SM2 mixed encryption algorithm is adopted to encrypt task data to be sent, first task data corresponding to a receiver is generated, and the first task data is correspondingly transmitted to the county-level hub machine and the field investigation evidence-providing APP.
In an embodiment, the homeland investigation cloud platform has a homeland investigation task data storage function, when homeland investigation is required, related homeland investigation task data are issued on the homeland investigation cloud platform by a user, and the homeland investigation task data are stored in the homeland investigation cloud platform.
In an embodiment, when a homeland investigation task needs to be executed, the county-level hub machine of the foreign network system and the field investigation proving APP may respectively send a task data acquisition request to the homeland investigation cloud platform.
In one embodiment, the SM4 algorithm is a packet data algorithm of the wireless local area network standard. SM4 symmetric encryption, also known as private key encryption or session key encryption, i.e., the sender and receiver of information use the same key to encrypt and decrypt data. Its advantages are high encrypting and decrypting speed and high data volume.
In one embodiment, the SM2 algorithm benefits from an elliptic curve cryptosystem, which is an asymmetric encryption, by which a key pair (i.e., public and private keys) can be obtained. The private key is held by the key pair owner and cannot be published, and the public key is published to other people by the key pair owner. Encryption and decryption operations can be accomplished by a public key and a private key, for example, the information sender uses the public key to encrypt and the information receiver uses the private key to decrypt. Signature verification can also be accomplished by the public and private keys, i.e., the information sender encrypts with the private key and the information receiver decrypts with the public key to verify. Because the public key can be disclosed outwards, convenient management of the key can be realized, and the security of information transmission is also high, the encryption algorithm becomes the most widely used encryption algorithm with the most advanced technology at present.
In an embodiment, after receiving the task data acquisition request, the homeland investigation cloud platform correspondingly acquires related task data based on a sender sending the task data acquisition request, and encrypts the task data to be sent based on an SM4 and SM2 hybrid encryption algorithm to generate first task data corresponding to a receiver.
Specifically, a random password is generated based on an SM4 algorithm, the task data to be sent is encrypted by adopting an SM4 symmetric encryption algorithm based on the random password, encrypted task data is generated, a public key of a receiver is obtained, when the receiver is the field investigation evidence APP, the public key of the field investigation evidence APP is obtained, when the receiver is the county-level hub machine, the public key of the county-level hub machine is obtained, the random password is encrypted by adopting an SM2 asymmetric encryption algorithm based on the public key of the receiver, encrypted random password is generated, first task data corresponding to the receiver is generated according to the encrypted task data and the encrypted random password, namely the encrypted task data and the encrypted random password are compressed into one file, and the size of a data packet is reduced.
In the embodiment, the encryption is performed by adopting the SM4 and SM2 mixed encryption algorithm, so that the encryption of data can be realized, the random password used for encrypting the data can be encrypted, the security of the password can be ensured, and the security in the data transmission process is further improved.
In one embodiment, after the first task data is generated, the first task data is correspondingly transmitted to the county-level junction machine and the field investigation and evidence application.
Step 103: and controlling the county-level hub machine and the field investigation evidence-providing APP to respectively receive the first task data, and after the first task data are received, adopting an SM4 and SM2 mixed encryption algorithm to decrypt the first task data to obtain corresponding task data.
In an embodiment, the field investigation and verification APP is controlled to receive the first task data, after the first task data is received, the first task data is stored in a local memory of the field investigation and verification APP, task address data on the first task data is obtained, current positioning information of the field investigation and verification APP is obtained in real time, and when the current positioning information is consistent with the first task address data, an SM4 and SM2 hybrid encryption algorithm is adopted to decrypt the first task data to obtain corresponding task data.
As an illustration in this embodiment: after a field staff logs in a field investigation and evidence Application (APP), a public key and a private key of a pair of field investigation and evidence Application (APP) users are generated, the field staff acquires task data on the homeland investigation cloud platform through the field investigation and evidence application, the homeland investigation cloud platform encrypts the task data with the public key of the field investigation and evidence application users and sends the encrypted task data to the field investigation and evidence application after receiving a request, the field investigation and evidence application receives the data and stores the data locally, and when the field staff arrives at the field, the field staff decrypts the task data through the public key of the field staff and displays the decrypted task data in the field investigation and evidence application.
In an embodiment, when the field investigation and verification APP decrypts the first task data, an APP private key is obtained and based on the field investigation and verification APP private key, the encrypted random password is decrypted by adopting an SM2 asymmetric encryption algorithm to obtain the random password, and the encrypted task data is decrypted by adopting an SM4 symmetric encryption algorithm based on the random password to obtain the corresponding task data.
In an embodiment, when the county-level hub machine decrypts the first task data, the county-level hub machine obtains and decrypts the encrypted random password by using an SM2 asymmetric encryption algorithm based on a private key of the county-level hub machine to obtain the random password, and decrypts the encrypted task data by using an SM4 symmetric encryption algorithm based on the random password to obtain the corresponding task data.
Step 104: and controlling the county-level junction machine and the field investigation and verification APP to perform task processing according to the task data respectively to generate corresponding task processing result data, judging whether the task processing result data belongs to homeland change investigation data, and if so, performing data signing processing on the task processing result data based on an SM3 and SM2 mixed encryption algorithm to generate a signature file.
In an embodiment, the county-level hub machine is a transmission hub of the internal auditing system and the homeland investigation cloud platform, and because the internal auditing system includes a plurality of county-level software, and each county has its corresponding county-level software, if each county-level software is directly docked to the homeland investigation cloud platform, overload of data operation data of the homeland investigation cloud platform is easy to be caused, and the operation efficiency of the homeland investigation cloud platform is unfavorable, therefore, the county-level hub machine is used as the transmission hub of the internal auditing system and the homeland investigation cloud platform, and the effect of uploading and downloading data is achieved.
In an embodiment, after the county-level hub machine obtains the corresponding task data, the county-level hub machine distributes the first task data according to the internal auditing system connected with the county-level hub machine to obtain a plurality of task distribution data, the county-level hub machine encrypts each task distribution data by adopting an SM4 and SM2 hybrid encryption algorithm to generate a plurality of first task distribution data, and the plurality of first task distribution data is sent to the internal auditing system.
Specifically, a random password is generated based on an SM4 algorithm, encryption is performed on a plurality of task allocation data by adopting an SM4 symmetric encryption algorithm based on the random password, corresponding encrypted task allocation data is generated, a public key of a receiver is obtained in a hub encryption dog, when the receiver is the county-level internal pre-examination module, the public key of the county-level internal pre-examination module is obtained, when the receiver is the single-pattern spot library building module, the public key of the single-pattern spot library building module is obtained, when the receiver is the county-level result auditing software, the public key of the county-level result auditing software is obtained, when the receiver is the county-level change result quality inspection software, the public key of the county-level change result quality inspection software is obtained, encryption processing is performed on the random password by adopting an SM2 asymmetric encryption algorithm based on the public key of the receiver, and encrypted random password is generated, and first task allocation data corresponding to the receiver is generated according to the encrypted task allocation data and the encrypted random password.
In an embodiment, the internal auditing system is controlled to receive corresponding first task allocation data, after the first task allocation data is received, the internal auditing system adopts an SM4 and SM2 hybrid encryption algorithm to decrypt the first task allocation data to obtain corresponding task allocation data, and performs task processing according to the task allocation data to generate corresponding task allocation processing result data.
Specifically, a private key of the county-level industry pre-examination module is obtained when the decryption party is the county-level industry pre-examination module, a private key of the county-level industry pre-examination module is obtained when the decryption party is the single-pattern spot database building module, a private key of the single-pattern spot database building module is obtained when the decryption party is the county-level result examination software, a private key of county-level result examination software is obtained when the decryption party is the county-level result change quality inspection software, a private key of the county-level result change quality inspection software is obtained when the decryption party is the county-level result change quality inspection software, an SM2 asymmetric encryption algorithm is adopted to decrypt the encrypted random password based on the private key to obtain the random password, and an SM4 symmetric encryption algorithm is adopted to decrypt the encrypted task allocation data based on the random password to obtain corresponding task allocation data.
In an embodiment, before the internal auditing system is controlled to perform task processing according to the task allocation data to generate corresponding task allocation processing result data, the provincial auditing system is further controlled to perform data signing processing on basic data by adopting an SM3 and SM2 hybrid encryption algorithm to generate a basic data signing file, wherein the basic data comprises a basic library, images, field patterns and reference data.
Specifically, a hash value of the basic data is obtained based on an SM3 algorithm, a private key of a signature generating party, namely the provincial auditing system private key, is obtained and generated, the hash value is signed by adopting an SM2 algorithm to obtain a signature value, and the signature value is written into the basic data to generate a basic data signature file.
In one embodiment, the SM3 algorithm is a message digest; MD5 can be understood as a comparison. Message digest is a digital fingerprint for a block of data, the digital fingerprint being a string of fixed length characters, message digest for different messages being different; the SM3 algorithm belongs to a one-way encryption cryptosystem, and can only calculate a hash value for plaintext information, but cannot reversely calculate corresponding plaintext data from the hash value.
In an embodiment, the provincial level audit system further adopts an SM4 and SM2 hybrid encryption algorithm to encrypt the basic data signature file, so as to generate an encrypted basic data signature file.
Specifically, a random password is generated based on an SM4 algorithm, a base data signature file is encrypted by adopting an SM4 symmetric encryption algorithm based on the random password, a corresponding first encrypted base data signature file is generated, a public key of a receiving party is obtained, namely, the public key of the county-level internal auditing system is obtained, the random password is encrypted by adopting an SM2 asymmetric encryption algorithm based on the public key of the receiving party, an encrypted random password is generated, and an encrypted base data signature file is generated according to the first encrypted base data signature file and the encrypted random password.
In an embodiment, the encrypted basic data signature file is sent to the internal auditing system, so that after the internal auditing system receives the encrypted basic data signature file, the encrypted basic data signature file is decrypted by adopting an SM4 and SM2 hybrid encryption algorithm to obtain a basic data signature file, and the basic data signature file is subjected to data signature verification by adopting an SM3 and SM2 hybrid encryption algorithm to obtain a basic data signature file verification result.
Specifically, an SM3 and SM2 mixed encryption algorithm is adopted to carry out data signature verification processing on the basic data signature file, when a basic data signature file verification result is obtained, a hash value corresponding to the basic data signature file is obtained based on the SM3 algorithm, a signature value in the basic data signature file is read, a signature generating party public key is read, the basic data signature file is subjected to signature verification by adopting the SM2 algorithm according to the hash value, the signature value and the signature generating party public key, the verification result is obtained, if the verification result is the same, the basic data signature file is considered to be correct, and if the verification result is not the same, the basic data signature file is considered to be tampered.
In an embodiment, the internal auditing system performs task processing according to the basic data signature file and the task allocation data, and generates corresponding task allocation processing result data.
In an embodiment, after obtaining the corresponding task allocation processing result data, the internal auditing system further adopts an SM4 and SM2 hybrid encryption algorithm to encrypt each task allocation processing result data, generates a plurality of encrypted task allocation processing result data, and sends the plurality of encrypted task allocation processing result data to the county hub machine.
Specifically, a random password is generated based on an SM4 algorithm, a plurality of task allocation data are encrypted by adopting an SM4 symmetric encryption algorithm based on the random password, corresponding encrypted task allocation data are generated, a public key of a receiver is obtained from an internal auditing system encryption dog, namely the county hub public key is obtained, encryption processing is carried out on the random password by adopting an SM2 asymmetric encryption algorithm based on the public key of the receiver, an encrypted random password is generated, and a plurality of encrypted task allocation processing result data are generated according to the encrypted task allocation data and the encrypted random password.
In an embodiment, the county-level hub machine is controlled to receive the plurality of encrypted task allocation processing result data, and the SM4 and SM2 mixed encryption algorithm is adopted to decrypt each encrypted task allocation processing result data to obtain a plurality of task allocation processing result data, and all task allocation processing result data are integrated to obtain task processing result data corresponding to the county-level hub machine.
In an embodiment, the field investigation proving APP performs task processing according to the task data, and generates corresponding task processing result data; specifically, field workers combine the decrypted task data to take field photographs and fill in attributes of the target data until field information acquisition is completed, and task processing result data corresponding to field investigation evidence APP is generated.
In an embodiment, homeland change investigation data judgment is performed on task processing result data corresponding to the county-level terminal machine and task processing result data corresponding to the field investigation evidence application respectively, and when the task processing result data belongs to the homeland change investigation data, data signature processing is performed on the task processing result data to generate a signature file; the homeland change investigation data comprise basic data, single-pattern spot database creation results and change range line results.
Specifically, whether the data of each task processing result is any one of basic data, single-pattern spot library construction results and change range line results is judged, if yes, the data of the task processing result is considered to be homeland change investigation data, and if not, the data of the task processing result is considered to be not homeland change investigation data.
In one embodiment, when performing data signing processing on task processing result data, a hash value of the task processing result data is obtained through an SM3 algorithm, a private key of a signature generating party is obtained and based on the hash value, the SM2 algorithm is adopted to sign the hash value to obtain a signature value, and the signature value is written into the task processing result data to generate a signature file.
Step 105: and controlling the county-level hub machine and the field investigation evidence-providing APP to encrypt the signature file by adopting an SM4 and SM2 hybrid encryption algorithm to generate a corresponding first signature file, and sending the first signature file to the homeland investigation cloud platform, so that the homeland investigation cloud platform decrypts the first signature file by adopting the SM4 and SM2 hybrid encryption algorithm after receiving the first signature file, and the signature file is obtained.
In an embodiment, the county-level hub machine encrypts the signature file by adopting an SM4 and SM2 hybrid encryption algorithm, and generates a first signature file corresponding to the county-level hub machine.
Specifically, a random password is generated based on an SM4 algorithm, a signature file is encrypted by adopting an SM4 symmetric encryption algorithm based on the random password, a corresponding encrypted signature file is generated, a public key of a receiver is obtained from a hub machine dongle, a public key of a homeland investigation cloud platform is obtained, the random password is encrypted by adopting an SM2 asymmetric encryption algorithm based on the public key of the receiver, an encrypted random password is generated, and a first signature file corresponding to the receiver is generated according to the encrypted signature file and the encrypted random password.
In an embodiment, the field investigation evidence APP adopts an SM4 and SM2 hybrid encryption algorithm to encrypt the signature file, so as to generate a first signature file corresponding to the field investigation evidence APP.
Specifically, a random password is generated based on an SM4 algorithm, a signature file is encrypted by adopting an SM4 symmetric encryption algorithm based on the random password, a corresponding encrypted signature file is generated, a public key of a national survey cloud platform is obtained and based on the public key, the random password is encrypted by adopting an SM2 asymmetric encryption algorithm, an encrypted random password is generated, and a first signature file corresponding to a receiving party is generated according to the encrypted signature file and the encrypted random password.
In an embodiment, when the county-level hub machine and the field investigation evidence application send the first signature file to the homeland investigation cloud platform, the county-level hub machine and the field investigation evidence application copy the first signature files corresponding to the county-level hub machine and the field investigation evidence application to obtain two identical first signature files, wherein the first signature files and the first auxiliary signature files are respectively sent to the homeland investigation cloud platform based on a dual transmission link, the dual transmission link comprises a main transmission link and an auxiliary transmission link, the main transmission link is used for transmitting the first main signature files, and the auxiliary transmission link is used for transmitting the first auxiliary signature files.
In an embodiment, the homeland investigation cloud platform adopts an SM4 and SM2 hybrid encryption algorithm to decrypt the first main signature file and the first auxiliary signature file respectively, so as to obtain the corresponding signature files.
Specifically, an SM2 asymmetric encryption algorithm is adopted to decrypt the encrypted random password to obtain the random password based on a private key of the national survey cloud platform, and an SM4 symmetric encryption algorithm is adopted to decrypt the first master signature file to obtain a master signature file corresponding to the first master signature file based on the random password. And decrypting the first auxiliary signature file based on the same method to obtain an auxiliary signature file corresponding to the first auxiliary signature file.
In an embodiment, after the homeland investigation cloud platform obtains the main signature file and the auxiliary signature file, the main signature file and the auxiliary signature file are stored in a memory of the homeland investigation cloud platform.
In an embodiment, the provincial auditing system is controlled to send a signature file acquisition request to the homeland investigation cloud platform, so that when the homeland investigation cloud platform receives the signature file acquisition request, an SM4 and SM2 mixed encryption algorithm is adopted to encrypt the signature file, a second signature file is generated, and the second signature file is transmitted to the provincial auditing system.
Specifically, a random password is generated based on an SM4 algorithm, the encryption of a master signature file is respectively carried out by adopting an SM4 symmetric encryption algorithm based on the random password, an encrypted master signature file is generated, a public key of a receiver, namely a provincial auditing system public key is obtained, the encryption of the random password is carried out by adopting an SM2 asymmetric encryption algorithm, an encrypted random password is generated, and a second master signature file is generated according to the encrypted master signature file and the encrypted random password; and encrypting the secondary signature file based on the same encryption mode to generate a second secondary signature file, and integrating the second main signature file and the second secondary signature file to obtain a second signature file.
In an embodiment, the provincial level auditing system is controlled to receive the second signature file, and the second signature file is decrypted by adopting an SM4 and SM2 mixed encryption algorithm to obtain the corresponding signature file.
Specifically, an SM2 asymmetric encryption algorithm is adopted to decrypt the encrypted random password to obtain the random password based on a provincial auditing system private key, and an SM4 symmetric encryption algorithm is adopted to decrypt the second master signature file to obtain a master signature file corresponding to the second master signature file based on the random password. And decrypting the second auxiliary signature file based on the same method to obtain an auxiliary signature file corresponding to the second auxiliary signature file.
In one embodiment, after the provincial level auditing system obtains the signature file, performing data signature verification processing on the signature file based on an SM3 and SM2 hybrid encryption algorithm to obtain a verification result; the signature file comprises a main signature file and an auxiliary signature file.
Specifically, a hash value corresponding to the master signature file is obtained based on an SM3 algorithm, a signature value in the basic data signature file is read, a signature generating party public key is read, and signature verification is carried out on the master signature file by adopting an SM2 algorithm according to the hash value, the signature value and the signature generating party public key to obtain a verification result.
In an embodiment, if the verification result of the primary signature file is the same, the primary signature file is considered to be correct, and then the data signature verification process is not required to be performed on the second secondary signature file; if the verification results of the second master signature file are different, the master signature file is considered to be tampered, the master signature file is abandoned, and data signature verification processing is carried out on the auxiliary signature file based on an SM3 and SM2 hybrid encryption algorithm, so that the auxiliary signature file verification result is obtained.
In an embodiment, if the verification results of the sub signature files are the same, the sub signature files are reserved, the sub signature files are used as final signature files, and if the verification results of the second sub signature files are different, a signature file tamper warning is sent.
In the embodiment, signature files are generated on various homeland change survey data which need to be uploaded to a homeland survey cloud platform through an SM3 and SM2 hybrid encryption algorithm, so that after the county level reports task processing result data, the provincial level checks the generated digital signature through the homeland survey cloud platform, thereby avoiding local error data or staggered data versions and ensuring consistency of various homeland change survey data between the provincial level and the county level; and when the signature files are transmitted, the two same signature files are subjected to parameters through the double transmission links, so that the integrity of data transmission can be realized based on the other link when a single transmission link fails, and the transmission safety is improved.
In summary, the homeland change investigation data transmission method based on the homeland encryption algorithm provided by the invention considers that the encryption and decryption speeds of the SM4 algorithm are high, so that the encryption and decryption methods are suitable for encrypting large data, but the key management is difficult, and the SM2 algorithm is the first-advanced safe algorithm, but has the characteristic of low encryption and decryption speeds, the whole system is designed to take the advantages and disadvantages of a sending type, the data content is firstly encrypted by SM4 symmetrically, and the generated SM4 random password is encrypted by SM2, so that the transmission speed of data between systems is ensured, and the safety of data transmission is ensured; meanwhile, based on the generation of signature files and the verification of the signature files through an SM3 and SM2 mixed encryption algorithm, consistency of various homeland change investigation data between province level and county level can be ensured.
Example 2
Referring to fig. 2, fig. 2 is a schematic structural diagram of an embodiment of a homeland transformation investigation data transmission device based on a homeland cryptographic algorithm, and as shown in fig. 2, the structure includes a system construction module 201, a task data encryption module 202, a task data decryption module 203, a task processing result data signature module 204 and a signature file decryption module 205, which are specifically as follows:
the system construction module 201 is configured to construct an intelligent investigation cloud platform system, where the intelligent investigation cloud platform system includes an external network system, and the external network system includes a homeland investigation cloud platform, a county-level hub machine, and an outside industry investigation evidence-providing APP.
The task data encryption module 202 is configured to control the county-level hub machine and the field investigation and evidence application to respectively send task data acquisition requests to the homeland investigation cloud platform, so that when the homeland investigation cloud platform receives the task data acquisition requests, the SM4 and SM2 hybrid encryption algorithm is adopted to encrypt task data to be sent, first task data corresponding to a receiver is generated, and the first task data is correspondingly transmitted to the county-level hub machine and the field investigation and evidence application.
The task data decryption module 203 is configured to control the county-level hub machine and the field investigation and verification APP to respectively receive the first task data, and after receiving the first task data, decrypt the first task data by using an SM4 and SM2 hybrid encryption algorithm to obtain corresponding task data.
The task processing result data signing module 204 is configured to control the county-level hub machine and the field investigation and verification APP to perform task processing according to the task data, generate corresponding task processing result data, determine whether the task processing result data belongs to homeland change investigation data, and if yes, perform data signing processing on the task processing result data based on an SM3 and SM2 hybrid encryption algorithm, so as to generate a signature file.
The signature file decryption module 205 is configured to control the county-level hub machine and the field investigation evidence-holding APP to encrypt the signature file by using an SM4 and SM2 hybrid encryption algorithm, generate a corresponding first signature file, and send the first signature file to the homeland investigation cloud platform, so that the homeland investigation cloud platform decrypts the first signature file by using the SM4 and SM2 hybrid encryption algorithm after receiving the first signature file, and obtains the signature file.
In an embodiment, the intelligent investigation cloud platform system constructed in the system construction module 201 further includes an intranet system, where the intranet system includes a provincial audit system and an internal audit system, and the internal audit system includes a county-level internal pre-audit module, a single-image spot library construction module, county-level result audit software and county-level change result quality inspection software.
In an embodiment, the homeland transformation investigation data transmission device based on the homeland secret algorithm provided by the invention further comprises: fig. 3 is a schematic structural diagram of a country-to-earth change investigation data transmission device based on a country-to-earth algorithm according to another embodiment of the present invention, as shown in fig. 3, by the signature verification module 206.
In an embodiment, the signature verification module 206 is configured to control the provincial auditing system, send a signature file acquisition request to the homeland investigation cloud platform, so that when the homeland investigation cloud platform receives the signature file acquisition request, the signature file is encrypted by adopting an SM4 and SM2 hybrid encryption algorithm to generate a second signature file, and transmit the second signature file to the provincial auditing system; and controlling the provincial auditing system to receive the second signature file, decrypting the second signature file by adopting an SM4 and SM2 hybrid encryption algorithm to obtain a corresponding signature file, and performing data signature verification processing on the signature file based on the SM3 and SM2 hybrid encryption algorithm to obtain a verification result.
In an embodiment, the task processing result data signing module 204 is configured to control the county level hub machine to perform task processing according to the task data, and generate corresponding task processing result data, and specifically includes: after the county-level hub machine obtains corresponding task data, distributing the first task data to obtain a plurality of task distribution data, encrypting each task distribution data by adopting an SM4 and SM2 hybrid encryption algorithm to generate a plurality of first task distribution data, and transmitting the plurality of first task distribution data to the internal auditing system; the internal auditing system is controlled to receive corresponding first task allocation data, after the first task allocation data is received, the SM4 and SM2 mixed encryption algorithm is adopted to decrypt the first task allocation data to obtain corresponding task allocation data, and task processing is carried out according to the task allocation data to generate corresponding task allocation processing result data; carrying out encryption processing on each task allocation processing result data by adopting an SM4 and SM2 mixed encryption algorithm to generate a plurality of encryption task allocation processing result data, and transmitting the plurality of encryption task allocation processing result data to the county-level hub machine; and controlling the county-level junction machine to receive the plurality of encrypted task allocation processing result data, adopting an SM4 and SM2 mixed encryption algorithm to decrypt each encrypted task allocation processing result data to obtain a plurality of task allocation processing result data, and integrating all task allocation processing result data to obtain task processing result data corresponding to the county-level junction machine.
In an embodiment, the homeland transformation investigation data transmission device based on the homeland secret algorithm provided by the invention further comprises: a base data distribution module 207; fig. 4 is a schematic structural diagram of another embodiment of a homeland transformation investigation data transmission device based on a national cryptographic algorithm according to the present invention.
In an embodiment, the base data distribution module 207 is configured to control the provincial level audit system to perform data signing processing on base data by adopting an SM3 and SM2 hybrid encryption algorithm to generate a base data signature file, where the base data includes a base library, an image, a field map spot and reference data; and carrying out encryption processing on the basic data signature file by adopting an SM4 and SM2 mixed encryption algorithm, generating an encrypted basic data signature file, and sending the encrypted basic data signature file to the internal auditing system, so that the internal auditing system can carry out decryption processing on the encrypted basic data signature file by adopting an SM4 and SM2 mixed encryption algorithm after receiving the encrypted basic data signature file, so as to obtain a basic data signature file, and carrying out data signature verification processing on the basic data signature file by adopting an SM3 and SM2 mixed encryption algorithm, so as to obtain a basic data signature verification result.
In an embodiment, the task data decryption module 203 is configured to control the field investigation and verification APP to receive the first task data, and after receiving the first task data, decrypt the first task data by using an SM4 and SM2 hybrid encryption algorithm to obtain corresponding task data, and specifically includes: and controlling the field investigation evidence APP to receive the first task data, storing the first task data in a local memory of the field investigation evidence APP after receiving the first task data, acquiring task address data on the first task data, acquiring current positioning information of the field investigation evidence APP in real time, and decrypting the first task data by adopting an SM4 and SM2 mixed encryption algorithm when the current positioning information is consistent with the first task address data to obtain corresponding task data.
In an embodiment, the task data encryption module 202 is configured to encrypt task data to be sent by using an SM4 and SM2 hybrid encryption algorithm to generate first task data corresponding to a receiver, and specifically includes: and generating a random password based on an SM4 algorithm, encrypting task data to be transmitted by adopting an SM4 symmetric encryption algorithm based on the random password, generating encrypted task data, acquiring and carrying out encryption processing on the random password by adopting an SM2 asymmetric encryption algorithm based on a public key of a receiver, generating an encrypted random password, and generating first task data corresponding to the receiver according to the encrypted task data and the encrypted random password.
In an embodiment, the task data decryption module 203 is configured to decrypt the first task data by using an SM4 and SM2 hybrid encryption algorithm to obtain corresponding task data, and specifically includes: and obtaining and decrypting the encrypted random password by adopting an SM2 asymmetric encryption algorithm based on a private key of a decryption party to obtain the random password, and decrypting the encrypted task data by adopting an SM4 symmetric encryption algorithm based on the random password to obtain the corresponding task data.
In one embodiment, the task processing result data signing module 204 performs data signing on the task processing result data based on an SM3 and SM2 hybrid encryption algorithm to generate a signature file, and specifically includes: and acquiring a hash value of the task processing result data based on an SM3 algorithm, acquiring and signing the hash value by adopting an SM2 algorithm based on a private key of a signature generating party, and writing the signature value into the task processing result data to generate a signature file.
In an embodiment, the signature file decryption module 205 is configured to perform a data signature verification process on the signature file based on an SM3 and SM2 hybrid encryption algorithm to obtain a verification result, and specifically includes: acquiring a hash value corresponding to the signature file based on an SM3 algorithm, reading a signature value in the signature file, and reading a signature generating party public key; and carrying out signature verification on the signature file by adopting an SM2 algorithm according to the hash value, the signature value and the signature generating party public key to obtain a verification result, if the verification result is the same, the signature file is considered to be correct, and if the verification result is not the same, the signature file is considered to be tampered.
In an embodiment, the invention provides a homeland transformation investigation data transmitting device based on a homeland secret algorithm, which further comprises: a key generation module 200; fig. 5 is a schematic structural diagram of another embodiment of a homeland transformation investigation data transmission device based on a national cryptographic algorithm according to the present invention.
In an embodiment, the key generation module 200 is configured to control the homeland investigation cloud platform, the county level hub machine, the field investigation evidence APP, the provincial level audit system, and the internal audit system to generate a corresponding public key and a private key respectively; and storing the public key and the private key corresponding to the county-level hub machine and the internal auditing system by adopting a hardware dongle mode.
In an embodiment, the signature file decryption module 205 is configured to send the first signature file to the homeland investigation cloud platform, and specifically includes: and copying the first signature file to obtain a first main signature file and a first auxiliary signature file, and respectively transmitting the first main signature file and the second auxiliary signature file to the homeland investigation cloud platform based on a double transmission link, wherein the double transmission link comprises a main transmission link and an auxiliary transmission link.
In an embodiment, the signature file decryption module 205 is configured to perform data signature verification processing on the signature file based on an SM3 and SM2 hybrid encryption algorithm to obtain a verification result, and specifically includes: when the provincial auditing system obtains a signature file, wherein the signature file comprises a main signature file and an auxiliary signature file; performing data signature verification processing on the master signature file based on an SM3 and SM2 mixed encryption algorithm to obtain a master signature file verification result; if the verification results of the main signature files are the same, the data signature verification processing is not carried out on the auxiliary signature files, and if the verification results of the main signature files are different, the data signature verification processing is carried out on the auxiliary signature files based on an SM3 and SM2 hybrid encryption algorithm, so that the auxiliary signature file verification results are obtained; if the verification results of the auxiliary signature files are the same, the auxiliary signature files are reserved, and if the verification results of the auxiliary signature files are different, a signature file tamper warning is sent.
It will be clear to those skilled in the art that, for convenience and brevity of description, reference may be made to the corresponding process in the foregoing method embodiment for the specific working process of the above-described apparatus, which is not described in detail herein.
It should be noted that, the above embodiment of the homeland changing survey data transmission apparatus based on the national cryptographic algorithm is merely illustrative, and the modules described as separate components may or may not be physically separated, and components displayed as modules may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
On the basis of the embodiment of the homeland changing investigation data transmission method based on the homeland secret algorithm, another embodiment of the invention provides homeland changing investigation data transmission terminal equipment based on the homeland secret algorithm, which comprises a processor, a memory and a computer program stored in the memory and configured to be executed by the processor, wherein the homeland changing investigation data transmission method based on the homeland secret algorithm of any embodiment of the invention is realized when the processor executes the computer program.
Illustratively, in this embodiment the computer program may be partitioned into one or more modules, which are stored in the memory and executed by the processor to perform the present invention. The one or more modules may be a series of computer program instruction segments capable of performing a specific function for describing the execution of the computer program in the national defense modification survey data transmission terminal device based on the national cryptographic algorithm.
The homeland change investigation data transmission terminal equipment based on the national secret algorithm can be computing equipment such as a desktop computer, a notebook computer, a palm computer and a cloud server. The national soil change investigation data transmission terminal equipment based on the national cryptographic algorithm can comprise, but is not limited to, a processor and a memory.
The processor may be a central processing unit (Central Processing Unit, CPU), other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. The general processor may be a microprocessor or the processor may also be any conventional processor, etc., and the processor is a control center of the national land change investigation data transmission terminal device based on the national secret algorithm, and connects various parts of the whole national land change investigation data transmission terminal device based on the national secret algorithm by using various interfaces and lines.
The memory may be used to store the computer program and/or the module, and the processor may implement various functions of the homeland change survey data transmission terminal device based on the cryptographic algorithm by running or executing the computer program and/or the module stored in the memory and calling the data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the cellular phone, etc. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as a hard disk, memory, plug-in hard disk, smart Media Card (SMC), secure Digital (SD) Card, flash Card (Flash Card), at least one disk storage device, flash memory device, or other volatile solid-state storage device.
On the basis of the embodiment of the homeland changing investigation data transmission method based on the national cryptographic algorithm, another embodiment of the invention provides a storage medium, which comprises a stored computer program, wherein when the computer program runs, equipment where the storage medium is located is controlled to execute the homeland changing investigation data transmission method based on the national cryptographic algorithm of any embodiment of the invention.
In this embodiment, the storage medium is a computer-readable storage medium, and the computer program includes computer program code, where the computer program code may be in a source code form, an object code form, an executable file, or some intermediate form, and so on. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth. It should be noted that the computer readable medium contains content that can be appropriately scaled according to the requirements of jurisdictions in which such content is subject to legislation and patent practice, such as in certain jurisdictions in which such content is subject to legislation and patent practice, the computer readable medium does not include electrical carrier signals and telecommunication signals.
In summary, according to the homeland transformation investigation data transmission method and device based on the homeland secret algorithm, an intelligent investigation cloud platform system is constructed, and the homeland investigation cloud platform is controlled to encrypt task data to be transmitted by adopting an SM4 and SM2 hybrid encryption algorithm, so that first task data corresponding to a receiver is generated; controlling the county-level hub machine and the field investigation evidence-providing APP to decrypt the received first task data by adopting an SM4 and SM2 hybrid encryption algorithm to obtain corresponding task data; and performing task processing according to the task data to generate corresponding task processing result data, performing data signing processing on the task processing result data belonging to homeland change investigation data by adopting an SM3 and SM2 hybrid encryption algorithm to generate signature files, performing encryption processing on the signature files to generate corresponding first signature files, and sending the first signature files to the homeland investigation cloud platform, so that the homeland investigation cloud platform decrypts the first signature files by adopting an SM4 and SM2 hybrid encryption algorithm after receiving the first signature files to obtain the signature files. Compared with the prior art, the technical scheme provided by the invention can improve the processing speed of encrypting and decrypting the system data and improve the safety of the system data transmission.
The foregoing is merely a preferred embodiment of the present invention, and it should be noted that modifications and substitutions can be made by those skilled in the art without departing from the technical principles of the present invention, and these modifications and substitutions should also be considered as being within the scope of the present invention.
Claims (13)
1. A national soil transformation investigation data transmission method based on a national cryptographic algorithm is characterized by comprising the following steps:
an intelligent investigation cloud platform system is established, wherein the intelligent investigation cloud platform system comprises an external network system, and the external network system comprises a homeland investigation cloud platform, a county-level hub machine and an outside industry investigation evidence-providing APP;
controlling the county-level hub machine and the field investigation evidence-providing APP to respectively send task data acquisition requests to the homeland investigation cloud platform, so that when the homeland investigation cloud platform receives the task data acquisition requests, the SM4 and SM2 mixed encryption algorithm is adopted to encrypt task data to be sent, first task data corresponding to a receiver are generated, and the first task data are correspondingly transmitted to the county-level hub machine and the field investigation evidence-providing APP;
controlling the county-level hub machine and the field investigation evidence-providing APP to respectively receive the first task data, and after the first task data are received, adopting an SM4 and SM2 mixed encryption algorithm to decrypt the first task data to obtain corresponding task data;
Controlling the county-level hub machine and the field investigation and verification APP to perform task processing according to the task data respectively to generate corresponding task processing result data, judging whether the task processing result data belongs to homeland change investigation data, if so, performing data signing processing on the task processing result data based on an SM3 and SM2 mixed encryption algorithm to generate a signature file;
and controlling the county-level hub machine and the field investigation evidence-providing APP to encrypt the signature file by adopting an SM4 and SM2 hybrid encryption algorithm to generate a corresponding first signature file, and sending the first signature file to the homeland investigation cloud platform, so that the homeland investigation cloud platform decrypts the first signature file by adopting the SM4 and SM2 hybrid encryption algorithm after receiving the first signature file, and the signature file is obtained.
2. The method for transmitting the homeland change investigation data based on the national cryptographic algorithm as claimed in claim 1, wherein the constructed intelligent investigation cloud platform system further comprises an intranet system, wherein the intranet system comprises a provincial level auditing system and an internal auditing system, and the internal auditing system comprises a county level internal industry pre-auditing module, a single-image spot library building module, county level achievement auditing software and county level change achievement quality inspection software;
Controlling the provincial auditing system, sending a signature file acquisition request to the homeland investigation cloud platform, so that when the homeland investigation cloud platform receives the signature file acquisition request, adopting an SM4 and SM2 mixed encryption algorithm to encrypt the signature file, generating a second signature file, and transmitting the second signature file to the provincial auditing system;
and controlling the provincial auditing system to receive the second signature file, decrypting the second signature file by adopting an SM4 and SM2 hybrid encryption algorithm to obtain a corresponding signature file, and performing data signature verification processing on the signature file based on the SM3 and SM2 hybrid encryption algorithm to obtain a verification result.
3. The method for transmitting the homeland change survey data based on the national cryptographic algorithm as claimed in claim 2, wherein the step of controlling the county-level junction machine to perform task processing according to the task data to generate corresponding task processing result data specifically comprises the following steps:
after the county-level hub machine obtains corresponding task data, distributing the first task data to obtain a plurality of task distribution data, encrypting each task distribution data by adopting an SM4 and SM2 hybrid encryption algorithm to generate a plurality of first task distribution data, and transmitting the plurality of first task distribution data to the internal auditing system;
The internal auditing system is controlled to receive corresponding first task allocation data, after the first task allocation data is received, the SM4 and SM2 mixed encryption algorithm is adopted to decrypt the first task allocation data to obtain corresponding task allocation data, and task processing is carried out according to the task allocation data to generate corresponding task allocation processing result data; carrying out encryption processing on each task allocation processing result data by adopting an SM4 and SM2 mixed encryption algorithm to generate a plurality of encryption task allocation processing result data, and transmitting the plurality of encryption task allocation processing result data to the county-level hub machine;
and controlling the county-level junction machine to receive the plurality of encrypted task allocation processing result data, adopting an SM4 and SM2 mixed encryption algorithm to decrypt each encrypted task allocation processing result data to obtain a plurality of task allocation processing result data, and integrating all task allocation processing result data to obtain task processing result data corresponding to the county-level junction machine.
4. The method for transmitting homeland change survey data based on a cryptographic algorithm as claimed in claim 3, wherein the controlling the internal auditing system performs task processing according to the task allocation data, and before generating corresponding task allocation processing result data, further comprises:
Controlling the provincial auditing system to perform data signing processing on basic data by adopting an SM3 and SM2 mixed encryption algorithm to generate a basic data signing file, wherein the basic data comprises a basic library, images, field patterns and reference data;
and carrying out encryption processing on the basic data signature file by adopting an SM4 and SM2 mixed encryption algorithm, generating an encrypted basic data signature file, and sending the encrypted basic data signature file to the internal auditing system, so that the internal auditing system can carry out decryption processing on the encrypted basic data signature file by adopting an SM4 and SM2 mixed encryption algorithm after receiving the encrypted basic data signature file, so as to obtain a basic data signature file, and carrying out data signature verification processing on the basic data signature file by adopting an SM3 and SM2 mixed encryption algorithm, so as to obtain a basic data signature verification result.
5. The method for transmitting homeland change survey data based on a national cryptographic algorithm as claimed in claim 1, wherein the method for controlling the field survey proof APP to receive the first task data, and after receiving the first task data, decrypting the first task data by using an SM4 and SM2 hybrid encryption algorithm to obtain corresponding task data comprises the following steps:
And controlling the field investigation evidence APP to receive the first task data, storing the first task data in a local memory of the field investigation evidence APP after receiving the first task data, acquiring task address data on the first task data, acquiring current positioning information of the field investigation evidence APP in real time, and decrypting the first task data by adopting an SM4 and SM2 mixed encryption algorithm when the current positioning information is consistent with the first task address data to obtain corresponding task data.
6. The method for transmitting homeland change investigation data based on a national encryption algorithm according to claim 1, wherein the method for transmitting homeland change investigation data based on the national encryption algorithm is characterized in that the method for transmitting the homeland change investigation data comprises the following steps:
and generating a random password based on an SM4 algorithm, encrypting task data to be transmitted by adopting an SM4 symmetric encryption algorithm based on the random password, generating encrypted task data, acquiring and carrying out encryption processing on the random password by adopting an SM2 asymmetric encryption algorithm based on a public key of a receiver, generating an encrypted random password, and generating first task data corresponding to the receiver according to the encrypted task data and the encrypted random password.
7. The method for transmitting the homeland change survey data based on the national encryption algorithm according to claim 6, wherein the decrypting processing is performed on the first task data by adopting an SM4 and SM2 hybrid encryption algorithm to obtain the corresponding task data, and the method specifically comprises the following steps:
and obtaining and decrypting the encrypted random password by adopting an SM2 asymmetric encryption algorithm based on a private key of a decryption party to obtain the random password, and decrypting the encrypted task data by adopting an SM4 symmetric encryption algorithm based on the random password to obtain the corresponding task data.
8. The method for transmitting homeland change survey data based on the cryptographic algorithm of claim 1, wherein the data signature is performed on the task processing result data based on the SM3 and SM2 hybrid encryption algorithm, and the signature file is generated, specifically comprising:
and acquiring a hash value of the task processing result data based on an SM3 algorithm, acquiring and signing the hash value by adopting an SM2 algorithm based on a private key of a signature generating party, and writing the signature value into the task processing result data to generate a signature file.
9. The method for transmitting the homeland change investigation data based on the national encryption algorithm according to claim 2, wherein the method is characterized in that the signature file is subjected to data signature verification processing based on an SM3 and SM2 mixed encryption algorithm to obtain a verification result, and specifically comprises the following steps:
Acquiring a hash value corresponding to the signature file based on an SM3 algorithm, reading a signature value in the signature file, and reading a signature generating party public key;
and carrying out signature verification on the signature file by adopting an SM2 algorithm according to the hash value, the signature value and the signature generating party public key to obtain a verification result, if the verification result is the same, the signature file is considered to be correct, and if the verification result is not the same, the signature file is considered to be tampered.
10. The method for transmitting homeland transformation survey data based on the national cryptographic algorithm as set forth in claim 2, wherein before controlling the county-level junction machine and the field survey proving APP to respectively transmit task data acquisition requests to the homeland survey cloud platform, further comprising:
controlling the territory investigation cloud platform, the county terminal machine, the field investigation evidence-providing APP, the provincial auditing system and the internal auditing system to respectively generate a corresponding public key and a private key;
and storing the public key and the private key corresponding to the county-level hub machine and the internal auditing system by adopting a hardware dongle mode.
11. The utility model provides a country soil change investigation data transmission device based on secret algorithm which characterized in that includes: the system comprises a system construction module, a task data encryption module, a task data decryption module, a task processing result data signature module and a signature file decryption module;
The system construction module is used for constructing an intelligent investigation cloud platform system, wherein the intelligent investigation cloud platform system comprises an external network system, and the external network system comprises a homeland investigation cloud platform, a county-level hub machine and an outside industry investigation evidence-holding APP;
the task data encryption module is used for controlling the county-level junction machine and the field investigation evidence-providing APP to respectively send task data acquisition requests to the homeland investigation cloud platform, so that when the homeland investigation cloud platform receives the task data acquisition requests, the SM4 and SM2 mixed encryption algorithm is adopted to encrypt task data to be sent, first task data corresponding to a receiver are generated, and the first task data are correspondingly transmitted to the county-level junction machine and the field investigation evidence-providing APP;
the task data decryption module is used for controlling the county-level junction machine and the field investigation evidence-providing APP to respectively receive the first task data, and after the first task data is received, adopting an SM4 and SM2 mixed encryption algorithm to decrypt the first task data to obtain corresponding task data;
the task processing result data signing module is used for controlling the county-level hub machine and the field investigation evidence-holding APP to respectively conduct task processing according to the task data to generate corresponding task processing result data, judging whether the task processing result data belong to homeland change investigation data, if so, conducting data signing processing on the task processing result data based on an SM3 and SM2 mixed encryption algorithm to generate a signature file;
The signature file decryption module is used for controlling the county-level hub machine and the field investigation evidence-holding APP to encrypt the signature file by adopting an SM4 and SM2 hybrid encryption algorithm, generating a corresponding first signature file, and sending the first signature file to the homeland investigation cloud platform, so that the homeland investigation cloud platform decrypts the first signature file by adopting the SM4 and SM2 hybrid encryption algorithm after receiving the first signature file, and the signature file is obtained.
12. A terminal device comprising a processor, a memory and a computer program stored in the memory and configured to be executed by the processor, the processor implementing the homeland transformation investigation data transmission method based on the homeland cryptographic algorithm according to any of claims 1 to 10 when executing the computer program.
13. A computer readable storage medium, characterized in that the computer readable storage medium comprises a stored computer program, wherein the computer program, when run, controls a device in which the computer readable storage medium is located to perform the homeland transformation investigation data transmission method based on the homeland cryptographic algorithm according to any of claims 1 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211353531.XA CN116155496B (en) | 2022-10-31 | 2022-10-31 | National soil transformation investigation data transmission method and device based on national secret algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211353531.XA CN116155496B (en) | 2022-10-31 | 2022-10-31 | National soil transformation investigation data transmission method and device based on national secret algorithm |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116155496A CN116155496A (en) | 2023-05-23 |
| CN116155496B true CN116155496B (en) | 2023-07-21 |
Family
ID=86355161
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211353531.XA Active CN116155496B (en) | 2022-10-31 | 2022-10-31 | National soil transformation investigation data transmission method and device based on national secret algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116155496B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109831302A (en) * | 2017-11-23 | 2019-05-31 | 杭州天谷信息科技有限公司 | PDF electronic signature method and system based on national secret algorithm |
| CN112469003A (en) * | 2021-02-04 | 2021-03-09 | 南京理工大学 | Traffic sensor network data transmission method, system and medium based on hybrid encryption |
| CN113590906A (en) * | 2021-08-11 | 2021-11-02 | 江西省国土空间调查规划研究院 | Land utilization change proof checking system |
-
2022
- 2022-10-31 CN CN202211353531.XA patent/CN116155496B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109831302A (en) * | 2017-11-23 | 2019-05-31 | 杭州天谷信息科技有限公司 | PDF electronic signature method and system based on national secret algorithm |
| CN112469003A (en) * | 2021-02-04 | 2021-03-09 | 南京理工大学 | Traffic sensor network data transmission method, system and medium based on hybrid encryption |
| CN113590906A (en) * | 2021-08-11 | 2021-11-02 | 江西省国土空间调查规划研究院 | Land utilization change proof checking system |
Non-Patent Citations (1)
| Title |
|---|
| 一种基于国密算法的云数据加密方案研究;陈庄;齐锋;叶成荫;;信息安全研究(第07期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116155496A (en) | 2023-05-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107231351B (en) | Electronic certificate management method and related equipment | |
| CN107566116B (en) | Method and apparatus for digital asset weight registration | |
| CN101212293B (en) | Identity authentication method and system | |
| US20210014072A1 (en) | Method for information processing and non-transitory computer readable storage medium | |
| CN104320257B (en) | Electronic record verification method and device | |
| US8806206B2 (en) | Cooperation method and system of hardware secure units, and application device | |
| CN102025503B (en) | Data security implementation method in cluster environment and high-security cluster | |
| CN113326541B (en) | Cloud edge collaborative multi-mode private data transfer method based on intelligent contract | |
| CN101783800A (en) | Embedded system safety communication method, device and system | |
| CN113556363A (en) | Data sharing method and system based on decentralized and distributed proxy re-encryption | |
| CN101610150A (en) | Third party's digital signature method and data transmission system | |
| CN103580868A (en) | Secure transmission method of electronic official document secure transmission system | |
| CN105554018A (en) | Network real name verification method | |
| CN110569672A (en) | efficient credible electronic signature system and method based on mobile equipment | |
| CN101764694A (en) | Device, method and system for protecting data | |
| CN102907041B (en) | A kind of data-sharing systems, data distribution systems and data guard method | |
| CN111917543A (en) | User access cloud platform security access authentication system and application method thereof | |
| CN110611679A (en) | Data transmission method, device, equipment and system | |
| CN113365264A (en) | Block chain wireless network data transmission method, device and system | |
| US11777745B2 (en) | Cloud-side collaborative multi-mode private data circulation method based on smart contract | |
| CN116155496B (en) | National soil transformation investigation data transmission method and device based on national secret algorithm | |
| CN111382451A (en) | Security level identification method and device, electronic equipment and storage medium | |
| CN115913677A (en) | Block chain-based collaboration edge storage data privacy protection system and method | |
| CN112950356B (en) | Personal loan processing method, system, equipment and medium based on digital identity | |
| CN101661573A (en) | Method for producing electronic seal and method for using electronic seal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |