CN107920130A - The method and apparatus of inside and outside network data synchronization - Google Patents
The method and apparatus of inside and outside network data synchronization Download PDFInfo
- Publication number
- CN107920130A CN107920130A CN201711288139.0A CN201711288139A CN107920130A CN 107920130 A CN107920130 A CN 107920130A CN 201711288139 A CN201711288139 A CN 201711288139A CN 107920130 A CN107920130 A CN 107920130A
- Authority
- CN
- China
- Prior art keywords
- data
- intranet
- hash value
- hash
- computing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The present invention provides a kind of method and apparatus of inside and outside network data synchronization.This method includes:Hash computing is carried out to the first data of the Intranet of outer net storage, obtains the first Hash Value;In outer network operation, the integrality of the first data is verified according to the first Hash Value;When determining the integrity verification failure of the first data, the first data that Intranet stores are synchronized in outer net.The legitimacy and uniformity of data in the case of the above method and device can be physically isolated with Logistics networks.
Description
Technical field
The present invention relates to the inside and outside network data under data field of synchronization, more particularly to a kind of network physical isolated instances is synchronous
Method and apparatus.
Background technology
With the development of information technology, network brings great convenience to the work and life of people.But network is pacified
The baptism that we face is also become entirely.Particularly in some fields more demanding to system, Information Security, except
Carry out outside the protection of system in itself, also there is higher limitation to network access.
At present, the data between existing database synchronously all carry out under on-line environment, and high in security requirement,
Data between the disparate databases of inside and outside network physical isolation are synchronous, it is most of all only focus on how derivative evidence.For example, using hard
The move medias such as disk, CD, tape copy data file, and the command tools then directly provided by database import.But this
Whether the data that sample imports outer net from Intranet distort, data whether really from the intranet server specified just must not and
Cicada.
It would therefore be highly desirable to provide a kind of method of data synchronization and device that can ensure intranet and extranet data consistency.
The content of the invention
The embodiment provides a kind of method and apparatus of inside and outside network data synchronization, Logistics networks physics is come with this
The uniformity of data under isolated instances.
First aspect, there is provided a kind of method of inside and outside network data synchronization, including:To the first number of the Intranet of outer net storage
According to hash computing is carried out, the first Hash Value is obtained;In outer network operation, the complete of the first data is verified according to the first Hash Value
Property;When determining the integrity verification failure of the first data, the first data that Intranet stores are synchronized in outer net.
In the first mode in the cards, the above method further includes:The second data of Intranet are obtained, the second data are
Incremental data;According to second the first data of data update, the data after being updated;Wherein, the Intranet of external online storage
First data carry out hash calculation process, obtain the first Hash Value, including:Hash computing is carried out to the data after renewal, is obtained
First Hash Value.
With reference to the first mode in the cards, in second of mode in the cards, in the Intranet stored to outer net
The first data carry out hash computing before, further include:The second Hash Value of Intranet transmission is received, wherein the second Hash Value is interior
Net carries out the second data what hash computing obtained;Hash computing is carried out to the second data, obtains the 3rd Hash Value;According to second
Hash Value and the 3rd Hash Value, verify integrality during the second data transfer.
With reference to first aspect, second of possible realization of the first of first aspect mode in the cards or first aspect
Mode, in the third mode in the cards, the integrality of above-mentioned the first data of verification, including:Periodically to the first data
Hash computing is carried out, obtains the 4th Hash Value, to verify whether the 4th Hash Value is consistent with the first Hash Value.
With reference to first aspect, second of possible realization of the first of first aspect mode in the cards or first aspect
Mode, in the 4th kind of mode in the cards, it is above-mentioned to outer net storage Intranet the first data carry out hash computing, obtain
To after the first Hash Value, further include:Computing is encrypted to the first Hash Value, obtains signature value;It is above-mentioned in outer network operation,
The integrality of the first data is verified according to the first Hash Value, including:In outer network operation, counted according to signature value periodic verification first
According to validity and integrality.
Second aspect, there is provided a kind of method of inside and outside network data synchronization, including:Hash fortune is carried out to the data of Intranet
Calculate, obtain the first Hash Value;In interior network operation, the integrality of the data of Intranet is verified according to the first Hash Value;In determining
During the integrity verification failure of the data of net, the data of Intranet are synchronized in outer net.
With reference to second aspect, in the first mode in the cards, the integrality of the data of above-mentioned verification Intranet, is wrapped
Include:Hash computing periodically is carried out to the data of Intranet, obtains the second Hash Value, with verify the second Hash Value whether with the first hash
Value is consistent.
With reference in the first of second aspect or second aspect mode in the cards, in second of mode in the cards
In, hash computing is carried out in the above-mentioned data to Intranet, after obtaining the first Hash Value, is further included:First Hash Value is carried out
Cryptographic calculation, obtains signature value;It is above-mentioned that the integrality of the data of Intranet is verified according to the first Hash Value in interior network operation, wrap
Include:In interior network operation, according to the validity and integrality of the data of signature value periodic verification Intranet.
The third aspect, there is provided a kind of device of inside and outside network data synchronization, including:Crypto-operation module, is used for:To outer net
First data of the Intranet of storage carry out hash computing, obtain the first Hash Value;In outer network operation, tested according to the first Hash Value
Demonstrate,prove the integrality of the first data;Import modul, for when determining the integrity verification failure of the first data, Intranet to be stored
First data are synchronized in outer net.
With reference to the third aspect, in the first mode in the cards, the device of above-mentioned inside and outside network data synchronization, is also wrapped
Include:Acquisition module, for obtaining the second data of Intranet, the second data are incremental data;Update module, for according to described
Two the first data of data update, the data after being updated;Crypto-operation module, it is miscellaneous specifically for being carried out to the data after renewal
Gather computing, obtain the first Hash Value.
With reference in the first mode in the cards, in second of mode in the cards, acquisition module, is additionally operable to
Second Hash Value of reception Intranet transmission before hash computing is carried out to the first data of the Intranet of outer net storage, wherein second is miscellaneous
Value of gathering is that Intranet obtains the progress hash computing of the second data;Crypto-operation module, is additionally operable to:Hash is carried out to the second data
Computing, obtains the 3rd Hash Value;According to the second Hash Value and the 3rd Hash Value, integrality during the second data transfer is verified.
With reference to the third aspect, second of the first mode or the third aspect in the cards of the third aspect may be realized
Mode, in the third mode in the cards, above-mentioned crypto-operation module be specifically used for periodically to the first data carry out it is miscellaneous
Gather computing, obtain the 4th Hash Value, to verify whether the 4th Hash Value is consistent with the first Hash Value.
Second with reference to the first mode or the third aspect in the cards of the third aspect, the third aspect may realization
Mode, in the 4th kind of mode in the cards, above-mentioned crypto-operation module, is additionally operable to:In the Intranet stored to outer net
First data carry out hash computing, after obtaining the first Hash Value, computing are encrypted to the first Hash Value, obtains signature value;
In outer network operation, according to the validity and integrality of signature value the first data of periodic verification.
Fourth aspect, there is provided a kind of device of inside and outside network data synchronization, including:Crypto-operation module, is used for:To Intranet
Data carry out hash computing, obtain the first Hash Value;In interior network operation, the data of Intranet are verified according to the first Hash Value
Integrality;Export module, for when determining the failure of the integrity verification of data of Intranet, the data of Intranet to be synchronized to outer net
In.
With reference to fourth aspect, in the first mode in the cards, above-mentioned crypto-operation module is specifically used for periodically right
The data of Intranet carry out hash computing, obtain the second Hash Value, to verify whether the second Hash Value is consistent with the first Hash Value.
With reference to the first of fourth aspect or fourth aspect mode in the cards, in second of mode in the cards
In, above-mentioned crypto-operation module, is additionally operable to:Hash computing is being carried out to the data of Intranet, after obtaining the first Hash Value, to the
Computing is encrypted in one Hash Value, obtains signature value;In interior network operation, according to having for the data of signature value periodic verification Intranet
Effect property and integrality.
Whether the embodiment of the present invention can distort according to the Hash Value verification data in outer net, if data are usurped
Change, the data in intranet server are imported into external network server by repetition.It is not the number being tampered that can so ensure data
According to, but the data synchronously to come, the data of intranet server specified are derived from, are valid datas.
Brief description of the drawings
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for
For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing, wherein:
Fig. 1 is the schematic frame diagram of intranet and extranet data synchronous system according to an embodiment of the invention;
Fig. 2 is the indicative flowchart of the method for inside and outside network data synchronization according to an embodiment of the invention;
Fig. 3 is the indicative flowchart of the procedure of inside and outside network data synchronization according to an embodiment of the invention;
Fig. 4 is the indicative flowchart of the procedure of inside and outside network data synchronization according to another embodiment of the present invention;
Fig. 5 is the indicative flowchart of the method for inside and outside network data synchronization according to another embodiment of the present invention;
Fig. 6 is the schematic diagram of intranet and extranet data synchronization unit according to an embodiment of the invention;
Fig. 7 is the schematic diagram of intranet and extranet data synchronization unit according to another embodiment of the present invention;
Fig. 8 is the schematic diagram of the intranet and extranet data synchronization unit of another embodiment according to the present invention;
Fig. 9 is the computer equipment block diagram according to an embodiment of the invention for intranet and extranet data synchronization unit.
Embodiment
With reference to each attached drawing, the present invention is further described in detail.
It should be appreciated that embodiment described herein is only the part of the embodiment of the present invention, rather than whole implementation
Example.Based on the embodiments of the present invention, those of ordinary skill in the art are obtained on the premise of creative work is not made
All other embodiment, belong to the scope of protection of the invention.
Fig. 1 is the schematic frame diagram of intranet and extranet data synchronous system 100 according to an embodiment of the invention.
Intranet and extranet data synchronous system 100 includes intranet server 110 and external network server 120.Inside and outside network data is synchronous
System 100 is a kind of system under the conditions of intranet and extranet physical isolation, and data storage mould can be included in intranet server 110
Block, this module can be any storable equipment such as database, local disk, network storage, the data derived from Intranet, just
It is derived from here.Export module can also be included in intranet server 110, it reads data memory module by analyzing
Data, storage medium is exported to by incremental data, and is signed to derived data.
Also data memory module is included in external network server 120, this module can be that database, local disk, network are deposited
Any storable equipment such as storage, for the storage of data in outer net, the data of Intranet are exactly to increase here when importing, delete
With modification data, moreover, this data memory module data need it is consistent with the data in intranet data memory module.
Certainly, not exclusively intranet server and the external network server of Intranet and outer net storage data.
Fig. 2 is the indicative flowchart of the method for inside and outside network data synchronization according to an embodiment of the invention.For example, Fig. 2
Embodiment can be performed by the external network server 120 in Fig. 1.The method of Fig. 2 includes following content.Below with reference to Fig. 1
Intranet and extranet data synchronous system 100 embodiment of Fig. 2 described.
210, hash computing is carried out to the first data of the Intranet of outer net storage, obtains the first Hash Value.
Specifically, the data of the intranet server 110 stored in external network server 120 can be that Intranet is transmitted for the first time
Can be data all in intranet server 110 or intranet server 110 increases, deletes to all data of outer net
To remove or amended data, data can be structural data either unstructured data, such as, binary data, can
Extended-boundary-condition method (Extensible Markup Language) data etc..Hash computing for example can be Hash
(Hash) computing, also referred to as hash operations, i.e., carry out computing using hash function and the data.
220, in outer network operation, the integrality of the first data is verified according to the first Hash Value.
Specifically, can be to all data for being stored in 120 data memory module of external network server in outer network operation
Hash computing is done again, obtains Hash Value, it is then miscellaneous according to the hash computing verification two done before in outer net to all data
Whether value of gathering is identical, to determine whether data distort, that is, determines the integrality of data.If for example, two hash
It is worth identical, then illustrates that data do not have to distort, that is to say, that data are complete, otherwise, illustrate that data are tampered, i.e. data
Integrity verification failure.
230, when determining the integrity verification failure of the first data, the first data that Intranet stores are synchronized to outer net
In.
It is when definite data are distorted, that is, during integrity verification failure, the data in intranet server 110 are same
Walk in external network server 120, until external network server 120 receives the first data of the above.
Based on the embodiment of the present invention, according to all numbers in outer net progress hash computing verification outer net data memory module
According to whether distorting, if data are distorted, the data in Intranet are imported into outer net, can so ensure to be synchronized to
The integrality of the data of outer net, ensures the uniformity of outer network data and intranet data.
Alternatively, further included as another embodiment, the above method:The second data of Intranet are obtained, the second data are increasing
Measure data;The first data are updated, the data after being updated according to the second data;Wherein, the of the Intranet of external online storage
One data carry out hash calculation process, obtain the first Hash Value, including:Hash computing is carried out to the data after renewal, obtains the
One Hash Value.
Specifically, incremental data can be data that Intranet is transmitted to outer net for the first time or afterwards in Intranet
Increase, the data deleted and changed.After external network server 120 receives the incremental data that intranet server 110 is transmitted, data are put
In the data memory module of external network server 120, the data stored originally in external network server 120 are updated, after obtaining renewal
Data.Then call crypto-operation module to carry out hash computing to all data after being updated in external network server 120, obtain
First Hash Value.This data when needing using this data or is periodically done into hash computing again, contrasts twice miscellaneous
Whether value of gathering is consistent, to verify this first Hash Value either with or without changing.If Hash Value does not change, illustrate at this time
Data can use;If Hash Value changes explanation, data are distorted, and at this moment will import the number in intranet server 110 again
According to.Wherein, hash computing is also referred to as Hash (Hash) function, and above-mentioned incremental data is the number that Intranet is transmitted to outer net for the first time
According to when, in outer net and no data.
Alternatively, as another embodiment, before the first data of the Intranet stored to outer net carry out hash computing, go back
Including:The second Hash Value of Intranet transmission is received, the progress hash computing of the second data is obtained wherein the second Hash Value is Intranet
's;Hash computing is carried out to the second data, obtains the 3rd Hash Value;According to the second Hash Value and the 3rd Hash Value, verification second
Integrality during data transfer.
Specifically, the incremental data in data memory module is exported to storage medium by intranet server 110, and will be led
The incremental data gone out carries out hash computing, obtains the second Hash Value;External network server 120 receives what intranet server 110 was transmitted
Incremental data and the second Hash Value, carry out hash computing to incremental data at this time and obtain the 3rd Hash Value;By the 3rd Hash Value and
Second Hash Value is compared, and if the identical data for illustrating if that to be transmitted through coming are accurate, continues follow-up step, if not
Distorted with explanation data, transmitting procedure is problematic, need to transmit data again.Wherein, storage medium can be hard disk, CD
Or any medium that can be stored such as tape.
Certainly, the incremental data in 110 data memory module of intranet server can also be carried out at signature before export
Reason, obtains signature value, and external network server 120 receives the incremental data and signature value that intranet server 110 is transmitted, to signature value into
Row decryption obtains Hash Value, and carrying out hash computing to incremental data at this time obtains a new Hash Value, by the Hash Value of decryption
New Hash Value is compared with this, if the identical data for illustrating if that to be transmitted through coming have validity and integrality, continuation
Follow-up step, if different explanation data are distorted, transmitting procedure need to transmit data again there occurs problem.
Based on the embodiment of the present invention, hash computing or label are carried out before the data export in intranet data memory module
Name processing can ensure the completeness and efficiency in Intranet data into outer net transmitting procedure, and can so identify signature
The identity of person, ensures the validity of identity, and it is to come from intranet server to determine data.
According to an embodiment of the invention, the integrality of above-mentioned the first data of verification, including:Periodically the first data are carried out miscellaneous
Gather computing, obtain the 4th Hash Value, to verify whether the 4th Hash Value is consistent with the first Hash Value.
For example, external network server 120 is using all data stored in trigger timing scan outer net data memory module,
Carry out hash computing and obtain the 4th Hash Value, then verify whether Hash Value at this time and above-mentioned first Hash Value are consistent.If
Unanimously, illustrate that the data that Intranet is transmitted through are not tampered with, there is integrality;If it is different, explanation Intranet passes to outer net
Data be the data being tampered, it is necessary to which the data of Intranet are passed to outer net again.
Alternatively, hash computing is carried out, is obtained as another embodiment, the first data of the above-mentioned Intranet to outer net storage
After first Hash Value, further include:Computing is encrypted to the first Hash Value, obtains signature value;In outer network operation, according to
The integrality of one the first data of Hash Value periodic verification, including:In outer network operation, according to signature value the first data of periodic verification
Validity and integrality.
For example, after all data do hash computing during external network server 120 is to its data memory module, will also be to miscellaneous
Computing is encrypted in value of gathering, and obtains signature value.When external network server 120 is using this data, it is necessary to first be carried out according to signature value
Verification.
Due to Hash Value and easily it is maliciously tampered, Hash Value is encrypted after computing herein, it is ensured that
Illegal person cannot distort Hash Value, ensure the validity and integrality of data when data use.
With reference to specific example, the embodiment of the present invention is described more fully.
Fig. 3 is the indicative flowchart of the procedure of inside and outside network data synchronization according to an embodiment of the invention.For example,
The embodiment of Fig. 3 can be performed by the external network server 120 in Fig. 1.The method of Fig. 3 includes following content.Below with reference to
The intranet and extranet data synchronous system 100 of Fig. 1 describes the embodiment of Fig. 3.
310, all data in intranet server 110 are imported into external network server 120 by hard disk for the first time, are updated
Data in the data memory module of external network server.
All data in intranet server 110 are imported into hard disk for the first time, and hash computing is carried out to data, and are signed,
Obtain signature value and data and signature value are imported into hard disk.Then data and signature value are imported into external network server from hard disk
In 120, verification signature, if allowing to import if, otherwise terminates and imports.
320, Hash operation is carried out to all data for importeding into external network server 120, obtains the first Hash Value, and to the
Computing is encrypted in one Hash Value, obtains signature value.
330, operationally, decrypted signature value, obtains the first Hash Value to outer net.
340, all data of trigger timing scan external network server 120 are periodically utilized, and the data of scanning are carried out
Hash computing, obtains the second Hash Value.
350, verify whether the first Hash Value and the second Hash Value are consistent.
360, if the first Hash Value and the second Hash Value are different, external network server 120 is out of service, prompts to carry out data
It is synchronous.
Fig. 4 is the indicative flowchart of the procedure of inside and outside network data synchronization according to another embodiment of the present invention.Example
Such as, the embodiment of Fig. 4 can be performed by the external network server 120 in Fig. 1.The method of Fig. 4 includes following content.Below will knot
The intranet and extranet data synchronous system 100 for closing Fig. 1 describes the embodiment of Fig. 4.
410, the incremental data in intranet server 110 is imported into external network server 120 by hard disk.
Incremental data in intranet server 110 is imported into hard disk, and hash computing is carried out to incremental data, and is signed,
Obtain signature value and data and signature value are imported into hard disk.Then incremental data and signature value are imported into outer net service from hard disk
In device 120, verification signature, if allowing to import if, otherwise terminates and imports.
415, incremental data is put into the data memory module of external network server 120, updates the data of external network server 120
Data in memory module.
420, hash operations are carried out to all data after the renewal in external network server 120, obtain the first Hash Value, and
Computing is encrypted to the first Hash Value, obtains signature value.
430, operationally, decrypted signature value, obtains the first Hash Value to outer net.
440, all data of trigger timing scan external network server 120 are periodically utilized, and the data of scanning are carried out
Hash computing, obtains the second Hash Value.
450, verify whether the first Hash Value and the second Hash Value are consistent.
460, if the first Hash Value and the second Hash Value are different, external network server 120 is out of service, prompts to carry out data
It is synchronous.
Fig. 5 is the indicative flowchart of the method for inside and outside network data synchronization according to another embodiment of the present invention.For example, figure
5 method can be performed by the intranet server of Fig. 1.The method of Fig. 5 includes following content.Below with reference to the intranet and extranet of Fig. 1
Data synchronous system 100 describes the embodiment of Fig. 2.
510, hash computing is carried out to the data of Intranet, obtains the first Hash Value;
Specifically, Intranet export data after, it is necessary to again to Intranet institute monitoring in need data progress hash
Computing.For example, after Intranet exports data for the first time, it is necessary to again to Intranet monitoring in need data carry out hash fortune
Calculate.Wherein, data can be structural data either unstructured data, such as, binary data, xml data etc..
520, in interior network operation, the integrality of the data of Intranet is verified according to the first Hash Value;
Specifically, in interior network operation, can to store in the data memory module of Intranet monitoring in need
Data do hash computing, obtain Hash Value, then compared with the Hash Value to prestore before, to determine whether intranet data is sent out
Changing, that is, determine the integrality of intranet data.
530, when determining the failure of the integrity verification of data of Intranet, the data of Intranet are synchronized in outer net.
When definite integrity verification fails, that is, when having incremental data, the data in Intranet are synchronized in outer net.
Based on the embodiment of the present invention, according to the institute in Intranet progress hash computing periodic verification intranet data memory module
There is the integrality of data, if during the integrity verification failure of data, the data in Intranet are imported into outer net.So can be with
Whether verification Intranet has incremental data, and incremental data is imported into outer net in time.
According to an embodiment of the invention, the integrality of the data of above-mentioned verification Intranet, including:Periodically to the data of Intranet into
Row hash computing, obtains the second Hash Value, to verify whether the second Hash Value is consistent with the first Hash Value.
For example, intranet server 110 is using all data stored in trigger timing scan intranet data memory module,
Carry out hash computing and obtain the 4th Hash Value, then verify whether Hash Value at this time and above-mentioned first Hash Value are consistent.If
Unanimously, illustrate that the data of Intranet do not change, there is integrality;If it is different, explanation Intranet generates incremental data, need
The data of Intranet are imported into outer net again.
Alternatively, as another embodiment, the above-mentioned data to Intranet carry out hash computing, obtain the first Hash Value it
Afterwards, further include:Computing is encrypted to the first Hash Value, obtains signature value;In interior network operation, verified according to the first Hash Value
The integrality of the data of Intranet, including:In interior network operation, according to the validity of the data of signature value periodic verification Intranet and complete
Whole property.
For example, after all data do hash computing during intranet server 110 is to its data memory module, will also be to miscellaneous
Computing is encrypted in value of gathering, and obtains signature value.When intranet server 110 is using this data, it is necessary to first be carried out according to signature value
Verify validity.
Due to Hash Value and easily it is maliciously tampered, Hash Value is encrypted after computing herein, it is ensured that
Illegal person cannot distort Hash Value, ensure the validity and integrality of data when data use.
It described above is according to the method for the embodiment of the present invention, it is real according to the present invention with reference to Fig. 3 to Fig. 5 descriptions separately below
Apply the intranet and extranet data synchronization unit of example.
Fig. 6 is the schematic diagram of intranet and extranet data synchronization unit 600 according to an embodiment of the invention.
Device 600 includes:Crypto-operation module 610 and import modul 620.Wherein, crypto-operation module 610, is used for:It is right
First data of the Intranet of outer net storage carry out hash computing, obtain the first Hash Value;In outer network operation, according to the first hash
The integrality of value the first data of verification;Import modul 620, in when determining the integrity verification failure of the first data, inciting somebody to action
First data of net storage are synchronized in outer net.
The crypto-operation module 610 of intranet and extranet data synchronization unit 600 and the operation of import modul 620 and function can join
210,220 and 230 method of Fig. 2 is examined, in order to avoid repeating, this will not be repeated here.
Fig. 7 is the schematic diagram of intranet and extranet data synchronization unit 700 according to another embodiment of the present invention.
Device 700 includes:Crypto-operation module 710, import modul 720, acquisition module 730 and update module 740.Its
In, acquisition module 730, for obtaining the second data of Intranet, the second data are incremental data;Update module 740, for basis
Second the first data of data update, the data after being updated;Crypto-operation module 710, specifically for the data after renewal
Hash computing is carried out, obtains the first Hash Value.
Crypto-operation module 710, acquisition module 730, the update module 740 of intranet and extranet data synchronization unit 700 operate and
Function may be referred to the 310 of Fig. 3,320 method and 410,420 method of Fig. 4, and in order to avoid repeating, this will not be repeated here.
According to an embodiment of the invention, acquisition module 730, are additionally operable to the first data progress in the Intranet stored to outer net
The second Hash Value of Intranet transmission is received before hash computing, wherein the second Hash Value is Intranet carries out hash fortune to the second data
Obtain;Crypto-operation module 710, is additionally operable to:Hash computing is carried out to the second data, obtains the 3rd Hash Value;According to
Two Hash Values and the 3rd Hash Value, verify integrality during the second data transfer.
The crypto-operation module 710 of intranet and extranet data synchronization unit 700 and the operation of acquisition module 730 and function can join
310 method of Fig. 3 and 410 method of Fig. 4 are examined, in order to avoid repeating, this will not be repeated here.
According to an embodiment of the invention, above-mentioned crypto-operation module 710, specifically for periodically carrying out hash to the first data
Computing, obtains the 4th Hash Value, to verify whether the 4th Hash Value is consistent with the first Hash Value.
The operation of the crypto-operation module 710 of intranet and extranet data synchronization unit 700 and function may be referred to Fig. 3 340,
350 and 360 method and the 440 of Fig. 4,450 and 460 method, in order to avoid repeating, this will not be repeated here.
According to an embodiment of the invention, above-mentioned crypto-operation module 710, is additionally operable to:The of the Intranet stored to outer net
One data carry out hash computing, after obtaining the first Hash Value, computing are encrypted to the first Hash Value, obtains signature value;
During outer network operation, according to the validity and integrality of signature value the first data of periodic verification.
The operation of the crypto-operation module 710 of intranet and extranet data synchronization unit 700 and function may be referred to Fig. 3 320,
330 method and the 420 of Fig. 4,430 method, in order to avoid repeating, this will not be repeated here.
Fig. 8 is the schematic diagram of the intranet and extranet data synchronization unit 800 of another embodiment according to the present invention.
Device 800 includes:Crypto-operation module 810 and export module 820.Wherein, crypto-operation module 810, is used for:It is right
The data of Intranet carry out hash computing, obtain the first Hash Value;In interior network operation, the number of Intranet is verified according to the first Hash Value
According to integrality;Export module 820, it is when the integrity verification for the data in definite Intranet fails, the data of Intranet are same
Walk in outer net.
The crypto-operation module 810 of intranet and extranet data synchronization unit 800 and the operation of export module 820 and function can join
510,520 and 530 method of Fig. 5 is examined, in order to avoid repeating, this will not be repeated here.
According to an embodiment of the invention, the data progress that above-mentioned crypto-operation module 810 is specifically used for periodically to Intranet is miscellaneous
Gather computing, the second Hash Value is obtained, to verify whether the second Hash Value is consistent with the first Hash Value.
It is corresponding that the operation of the crypto-operation module 810 of intranet and extranet data synchronization unit 800 and function may be referred to Intranet
Method, in order to avoid repeat, this will not be repeated here.
According to an embodiment of the invention, above-mentioned crypto-operation module, is additionally operable to:Hash fortune is carried out in the data to Intranet
Calculate, after obtaining the first Hash Value, computing is encrypted to the first Hash Value, obtains signature value;In interior network operation, according to label
The validity and integrality of the data of name value periodic verification Intranet.
It is corresponding that the operation of the crypto-operation module 810 of intranet and extranet data synchronization unit 800 and function may be referred to Intranet
Method, in order to avoid repeat, this will not be repeated here.
Fig. 9 is the block diagram of the computer equipment 900 according to an embodiment of the invention for the synchronization of inside and outside network data.
With reference to Fig. 9, device 900 includes processing component 910, it further comprises one or more processors, and by depositing
Memory resource representated by reservoir 920, can be by the instruction of the execution of processing component 910, such as application program for storing.Deposit
The application program stored in reservoir 920 can include it is one or more each correspond to the module of one group of instruction.This
Outside, processing component 910 is configured as execute instruction, to perform the method for above-mentioned inside and outside network data synchronization.
Device 900 can also include a power supply module and be configured as the power management of executive device 900, one it is wired or
Radio network interface is configured as device 900 being connected to network, and input and output (I/O) interface.Device 900 can be grasped
Make based on the operating system for being stored in memory 920, such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM,
FreeBSDTMIt is or similar.
A kind of non-transitorycomputer readable storage medium, when the instruction in storage medium is by the processing of above device 900
When device performs so that above device 900 is able to carry out a kind of method of inside and outside network data synchronization, including:To in outer net storage
First data of net carry out hash computing, obtain the first Hash Value;In outer network operation, according to the first number of the first Hash Value verification
According to integrality;When determining the integrity verification failure of the first data, the first data that Intranet stores are synchronized in outer net.
Those of ordinary skill in the art may realize that each exemplary recognize with reference to what the embodiments described herein described
Step is demonstrate,proved, can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually with hardware
Or software mode performs, application-specific and design constraint depending on technical solution.Professional technician can be right
Each specific application using distinct methods realizes described function, but this realizes it is not considered that beyond the present invention
Scope.
It is apparent to those skilled in the art that for convenience and simplicity of description, the method for foregoing description
With the specific work process of device, the corresponding process in preceding method embodiment is may be referred to, details are not described herein.
In several embodiments provided herein, it should be understood that disclosed apparatus and method, can pass through it
Its mode is realized.For example, device embodiment described above is only schematical, for example, the division of the unit, only
Only a kind of division of logic function, can there is other dividing mode when actually realizing, such as multiple units or component can be tied
Another system is closed or is desirably integrated into, or some features can be ignored, or do not perform.It is another, it is shown or discussed
Mutual coupling, direct-coupling or communication connection can be the INDIRECT COUPLING or logical by some interfaces, device or unit
Letter connection, can be electrical, machinery or other forms.
The unit illustrated as separating component may or may not be physically separate, be shown as unit
The component shown may or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
In network unit.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs
's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also
That unit is individually physically present, can also two or more units integrate in a unit.
If the function is realized in the form of SFU software functional unit and is used as independent production marketing or in use, can be with
It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words
The part to contribute to the prior art or the part of the technical solution can be embodied in the form of software product, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be
People's computer, server or network equipment etc.) perform all or part of step of each embodiment the method for the present invention.
And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of storage program actuating code.
The above description is merely a specific embodiment, but protection scope of the present invention is not limited thereto, any
Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained
Cover within protection scope of the present invention.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.
Claims (16)
- A kind of 1. method of inside and outside network data synchronization, it is characterised in that including:Hash computing is carried out to the first data of the Intranet of outer net storage, obtains the first Hash Value;In the outer network operation, the integrality of first data is verified according to first Hash Value;When determining the integrity verification failure of first data, first data that the Intranet is stored are synchronized to institute State in outer net.
- 2. the method for inside and outside network data synchronization according to claim 1, it is characterised in that further include:The second data of the Intranet are obtained, second data are incremental data;According to the first data, the data after being updated described in second data update;Wherein, the first data of the Intranet to outer net storage carry out hash computing, obtain the first Hash Value, including:Hash computing is carried out to the data after the renewal, obtains first Hash Value.
- 3. the method for inside and outside network data synchronization according to claim 2, it is characterised in that described in outer net storage Before first data of net carry out hash computing, further include:Receive the second Hash Value of Intranet transmission, wherein second Hash Value be the Intranet to second data into Row hash computing obtains;Hash computing is carried out to second data, obtains the 3rd Hash Value;According to second Hash Value and the 3rd Hash Value, integrality during second data transfer is verified.
- 4. the method for the inside and outside network data synchronization according to any one of claims 1 to 3, it is characterised in that described to test The integrality of first data is demonstrate,proved, including:Periodically to first data carry out hash computing, obtain the 4th Hash Value, with verify the 4th Hash Value whether with First Hash Value is consistent.
- 5. the method for the inside and outside network data synchronization according to any one of claims 1 to 3, it is characterised in that described right First data of the Intranet of outer net storage carry out hash computing, after obtaining the first Hash Value, further include:To first hash Computing is encrypted in value, obtains signature value;It is described that the integrality of first data is verified according to first Hash Value in the outer network operation, including:In the outer network operation, according to the validity and integrality of the first data described in the signature value periodic verification.
- A kind of 6. method of inside and outside network data synchronization, it is characterised in that including:Hash computing is carried out to the data of Intranet, obtains the first Hash Value;In the interior network operation, the integrality of the data of the Intranet is verified according to first Hash Value;When determining the failure of the integrity verification of data of the Intranet, the data of the Intranet are synchronized in the outer net.
- 7. the method for inside and outside network data synchronization according to claim 6, it is characterised in that the number of the verification Intranet According to integrality, including:Hash computing periodically is carried out to the data of the Intranet, the second Hash Value is obtained, whether to verify second Hash Value It is consistent with first Hash Value.
- 8. the method for the inside and outside network data synchronization according to claim 6 or 7, it is characterised in that in the number to Intranet According to hash computing is carried out, after obtaining the first Hash Value, further include:Computing is encrypted to first Hash Value, is signed Name value;It is described that the integrality of the data of the Intranet is verified according to first Hash Value in the interior network operation, including:In the interior network operation, according to the validity and integrality of the data of Intranet described in the signature value periodic verification.
- A kind of 9. device of inside and outside network data synchronization, it is characterised in that including:Crypto-operation module, is used for:Hash computing is carried out to the first data of the Intranet of outer net storage, obtains the first Hash Value; In the outer network operation, the integrality of first data is verified according to first Hash Value;Import modul, for when determining the integrity verification failure of first data, the Intranet is stored described the One data are synchronized in the outer net.
- 10. the device of inside and outside network data synchronization according to claim 9, it is characterised in that further include:Acquisition module, for obtaining the second data of the Intranet, second data are incremental data;Update module, for updating first data, the data after being updated;The crypto-operation module, specifically for carrying out hash computing to the data after the renewal, obtains first hash Value.
- 11. the device of inside and outside network data synchronization according to claim 10, it is characterised in that the acquisition module, is also used In the second hash that the Intranet transmission is received before the first data of the Intranet to outer net storage carry out hash computing Value, obtains second data progress hash computing wherein second Hash Value is the Intranet;The crypto-operation module, is additionally operable to:Hash computing is carried out to second data, obtains the 3rd Hash Value;According to institute The second Hash Value and the 3rd Hash Value are stated, verifies integrality during second data transfer.
- 12. the device of the inside and outside network data synchronization according to any one of claim 9 to 11, it is characterised in that described Crypto-operation module, specifically for periodically carrying out hash computing to first data, obtains the 4th Hash Value, with described in verification Whether the 4th Hash Value is consistent with first Hash Value.
- A kind of 13. device of inside and outside network data synchronization according to any one of claim 9 to 11, it is characterised in thatThe crypto-operation module, is additionally operable to:Hash computing is carried out in the first data of the Intranet to outer net storage, is obtained After first Hash Value, computing is encrypted to first Hash Value, obtains signature value;In the outer network operation, according to The validity and integrality of first data described in the signature value periodic verification.
- A kind of 14. device of inside and outside network data synchronization, it is characterised in that including:Crypto-operation module, is used for:Hash computing is carried out to the data of Intranet, obtains the first Hash Value;In the interior network operation When, according to the integrality of the data of first Hash Value verification Intranet;Export module, it is when the integrity verification for the data in the definite Intranet fails, the data of the Intranet are synchronous Into the outer net.
- 15. the device of inside and outside network data synchronization according to claim 14, it is characterised in thatThe crypto-operation module, specifically for periodically carrying out hash computing to the data of the Intranet, obtains the second Hash Value, To verify whether second Hash Value is consistent with first Hash Value.
- 16. the device of the inside and outside network data synchronization according to claims 14 or 15, it is characterised in that the crypto-operation mould Block, is additionally operable to:Hash computing is carried out in the data to Intranet, after obtaining the first Hash Value, to first Hash Value Computing is encrypted, obtains signature value;In the interior network operation, according to the data of Intranet described in the signature value periodic verification Validity and integrality.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711288139.0A CN107920130A (en) | 2017-12-07 | 2017-12-07 | The method and apparatus of inside and outside network data synchronization |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711288139.0A CN107920130A (en) | 2017-12-07 | 2017-12-07 | The method and apparatus of inside and outside network data synchronization |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107920130A true CN107920130A (en) | 2018-04-17 |
Family
ID=61897294
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711288139.0A Pending CN107920130A (en) | 2017-12-07 | 2017-12-07 | The method and apparatus of inside and outside network data synchronization |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107920130A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110572357A (en) * | 2019-07-25 | 2019-12-13 | 中国科学院信息工程研究所 | device and method for realizing safety information export |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102014133A (en) * | 2010-11-26 | 2011-04-13 | 清华大学 | Method for implementing safe storage system in cloud storage environment |
CN103139149A (en) * | 2011-11-25 | 2013-06-05 | 国民技术股份有限公司 | Method and system for accessing data in cloud storage |
CN104202168A (en) * | 2014-09-19 | 2014-12-10 | 浪潮电子信息产业股份有限公司 | Cloud data integrity verification method based on trusted third party |
US20160085769A1 (en) * | 2014-09-23 | 2016-03-24 | Amazon Technologies, Inc. | Synchronization of Shared Folders and Files |
CN107220560A (en) * | 2017-06-22 | 2017-09-29 | 北京航空航天大学 | A kind of embedded system data completeness protection method expanded based on data buffer storage |
-
2017
- 2017-12-07 CN CN201711288139.0A patent/CN107920130A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102014133A (en) * | 2010-11-26 | 2011-04-13 | 清华大学 | Method for implementing safe storage system in cloud storage environment |
CN103139149A (en) * | 2011-11-25 | 2013-06-05 | 国民技术股份有限公司 | Method and system for accessing data in cloud storage |
CN104202168A (en) * | 2014-09-19 | 2014-12-10 | 浪潮电子信息产业股份有限公司 | Cloud data integrity verification method based on trusted third party |
US20160085769A1 (en) * | 2014-09-23 | 2016-03-24 | Amazon Technologies, Inc. | Synchronization of Shared Folders and Files |
CN107220560A (en) * | 2017-06-22 | 2017-09-29 | 北京航空航天大学 | A kind of embedded system data completeness protection method expanded based on data buffer storage |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110572357A (en) * | 2019-07-25 | 2019-12-13 | 中国科学院信息工程研究所 | device and method for realizing safety information export |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA3028557C (en) | Blockchain configuration history for aircraft maintenance, modification, and activity tracking | |
CN106599713B (en) | A kind of database desensitization system and method based on big data | |
CN108881312A (en) | Intelligent contract upgrade method, system and relevant device and storage medium | |
US20140045462A1 (en) | Initialization of embedded secure elements | |
CN110443075A (en) | A kind of method and device of block chain intelligence contract verifying deployment | |
CN108804618A (en) | Configuration method for database, device, computer equipment and storage medium | |
CN106878363A (en) | A kind of information processing method, apparatus and system | |
CN107329853A (en) | Backup method, standby system and the electronic equipment of data-base cluster | |
CN111861285A (en) | Power distribution network material quality data high-reliability real-time management and control method and system based on block chain technology | |
CN111429995A (en) | Vaccine tracing method and system based on alliance chain | |
CN106843976A (en) | Method and apparatus for generating image file | |
CN107797819A (en) | Delta package generation method, computer-readable recording medium and server | |
CN113435174A (en) | System and method for constructing instrument digital object based on data dictionary | |
CN112039866A (en) | Design method of block chain-based data trusted configuration management system | |
Hailesellasie et al. | Intrusion detection in PLC-based industrial control systems using formal verification approach in conjunction with graphs | |
CN107977467A (en) | Database monitoring device | |
CN107621963A (en) | A kind of software deployment method, software deployment system and electronic equipment | |
CN106681760A (en) | Transaction processing method and device based on client engineering project management system | |
CN107920130A (en) | The method and apparatus of inside and outside network data synchronization | |
CN112363997B (en) | Data version management method, device and storage medium | |
CN107968764A (en) | A kind of authentication method and device | |
CN113034096B (en) | Intelligent research and development and production information system | |
CN109298869A (en) | A kind of generation method and relevant apparatus of target channel packet | |
CN111783133B (en) | Network resource management method based on block chain technology | |
CN113449034A (en) | Intelligent contract data security management method, system and storage medium based on block chain network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180417 |
|
RJ01 | Rejection of invention patent application after publication |