CN107920130A - The method and apparatus of inside and outside network data synchronization - Google Patents

The method and apparatus of inside and outside network data synchronization Download PDF

Info

Publication number
CN107920130A
CN107920130A CN201711288139.0A CN201711288139A CN107920130A CN 107920130 A CN107920130 A CN 107920130A CN 201711288139 A CN201711288139 A CN 201711288139A CN 107920130 A CN107920130 A CN 107920130A
Authority
CN
China
Prior art keywords
data
intranet
hash value
hash
computing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711288139.0A
Other languages
Chinese (zh)
Inventor
郝立臣
刘伟东
刘莺莺
孙静
武文高
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING SURSEN ELECTRONIC TECHNOLOGY Co Ltd
Original Assignee
BEIJING SURSEN ELECTRONIC TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING SURSEN ELECTRONIC TECHNOLOGY Co Ltd filed Critical BEIJING SURSEN ELECTRONIC TECHNOLOGY Co Ltd
Priority to CN201711288139.0A priority Critical patent/CN107920130A/en
Publication of CN107920130A publication Critical patent/CN107920130A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The present invention provides a kind of method and apparatus of inside and outside network data synchronization.This method includes:Hash computing is carried out to the first data of the Intranet of outer net storage, obtains the first Hash Value;In outer network operation, the integrality of the first data is verified according to the first Hash Value;When determining the integrity verification failure of the first data, the first data that Intranet stores are synchronized in outer net.The legitimacy and uniformity of data in the case of the above method and device can be physically isolated with Logistics networks.

Description

The method and apparatus of inside and outside network data synchronization
Technical field
The present invention relates to the inside and outside network data under data field of synchronization, more particularly to a kind of network physical isolated instances is synchronous Method and apparatus.
Background technology
With the development of information technology, network brings great convenience to the work and life of people.But network is pacified The baptism that we face is also become entirely.Particularly in some fields more demanding to system, Information Security, except Carry out outside the protection of system in itself, also there is higher limitation to network access.
At present, the data between existing database synchronously all carry out under on-line environment, and high in security requirement, Data between the disparate databases of inside and outside network physical isolation are synchronous, it is most of all only focus on how derivative evidence.For example, using hard The move medias such as disk, CD, tape copy data file, and the command tools then directly provided by database import.But this Whether the data that sample imports outer net from Intranet distort, data whether really from the intranet server specified just must not and Cicada.
It would therefore be highly desirable to provide a kind of method of data synchronization and device that can ensure intranet and extranet data consistency.
The content of the invention
The embodiment provides a kind of method and apparatus of inside and outside network data synchronization, Logistics networks physics is come with this The uniformity of data under isolated instances.
First aspect, there is provided a kind of method of inside and outside network data synchronization, including:To the first number of the Intranet of outer net storage According to hash computing is carried out, the first Hash Value is obtained;In outer network operation, the complete of the first data is verified according to the first Hash Value Property;When determining the integrity verification failure of the first data, the first data that Intranet stores are synchronized in outer net.
In the first mode in the cards, the above method further includes:The second data of Intranet are obtained, the second data are Incremental data;According to second the first data of data update, the data after being updated;Wherein, the Intranet of external online storage First data carry out hash calculation process, obtain the first Hash Value, including:Hash computing is carried out to the data after renewal, is obtained First Hash Value.
With reference to the first mode in the cards, in second of mode in the cards, in the Intranet stored to outer net The first data carry out hash computing before, further include:The second Hash Value of Intranet transmission is received, wherein the second Hash Value is interior Net carries out the second data what hash computing obtained;Hash computing is carried out to the second data, obtains the 3rd Hash Value;According to second Hash Value and the 3rd Hash Value, verify integrality during the second data transfer.
With reference to first aspect, second of possible realization of the first of first aspect mode in the cards or first aspect Mode, in the third mode in the cards, the integrality of above-mentioned the first data of verification, including:Periodically to the first data Hash computing is carried out, obtains the 4th Hash Value, to verify whether the 4th Hash Value is consistent with the first Hash Value.
With reference to first aspect, second of possible realization of the first of first aspect mode in the cards or first aspect Mode, in the 4th kind of mode in the cards, it is above-mentioned to outer net storage Intranet the first data carry out hash computing, obtain To after the first Hash Value, further include:Computing is encrypted to the first Hash Value, obtains signature value;It is above-mentioned in outer network operation, The integrality of the first data is verified according to the first Hash Value, including:In outer network operation, counted according to signature value periodic verification first According to validity and integrality.
Second aspect, there is provided a kind of method of inside and outside network data synchronization, including:Hash fortune is carried out to the data of Intranet Calculate, obtain the first Hash Value;In interior network operation, the integrality of the data of Intranet is verified according to the first Hash Value;In determining During the integrity verification failure of the data of net, the data of Intranet are synchronized in outer net.
With reference to second aspect, in the first mode in the cards, the integrality of the data of above-mentioned verification Intranet, is wrapped Include:Hash computing periodically is carried out to the data of Intranet, obtains the second Hash Value, with verify the second Hash Value whether with the first hash Value is consistent.
With reference in the first of second aspect or second aspect mode in the cards, in second of mode in the cards In, hash computing is carried out in the above-mentioned data to Intranet, after obtaining the first Hash Value, is further included:First Hash Value is carried out Cryptographic calculation, obtains signature value;It is above-mentioned that the integrality of the data of Intranet is verified according to the first Hash Value in interior network operation, wrap Include:In interior network operation, according to the validity and integrality of the data of signature value periodic verification Intranet.
The third aspect, there is provided a kind of device of inside and outside network data synchronization, including:Crypto-operation module, is used for:To outer net First data of the Intranet of storage carry out hash computing, obtain the first Hash Value;In outer network operation, tested according to the first Hash Value Demonstrate,prove the integrality of the first data;Import modul, for when determining the integrity verification failure of the first data, Intranet to be stored First data are synchronized in outer net.
With reference to the third aspect, in the first mode in the cards, the device of above-mentioned inside and outside network data synchronization, is also wrapped Include:Acquisition module, for obtaining the second data of Intranet, the second data are incremental data;Update module, for according to described Two the first data of data update, the data after being updated;Crypto-operation module, it is miscellaneous specifically for being carried out to the data after renewal Gather computing, obtain the first Hash Value.
With reference in the first mode in the cards, in second of mode in the cards, acquisition module, is additionally operable to Second Hash Value of reception Intranet transmission before hash computing is carried out to the first data of the Intranet of outer net storage, wherein second is miscellaneous Value of gathering is that Intranet obtains the progress hash computing of the second data;Crypto-operation module, is additionally operable to:Hash is carried out to the second data Computing, obtains the 3rd Hash Value;According to the second Hash Value and the 3rd Hash Value, integrality during the second data transfer is verified.
With reference to the third aspect, second of the first mode or the third aspect in the cards of the third aspect may be realized Mode, in the third mode in the cards, above-mentioned crypto-operation module be specifically used for periodically to the first data carry out it is miscellaneous Gather computing, obtain the 4th Hash Value, to verify whether the 4th Hash Value is consistent with the first Hash Value.
Second with reference to the first mode or the third aspect in the cards of the third aspect, the third aspect may realization Mode, in the 4th kind of mode in the cards, above-mentioned crypto-operation module, is additionally operable to:In the Intranet stored to outer net First data carry out hash computing, after obtaining the first Hash Value, computing are encrypted to the first Hash Value, obtains signature value; In outer network operation, according to the validity and integrality of signature value the first data of periodic verification.
Fourth aspect, there is provided a kind of device of inside and outside network data synchronization, including:Crypto-operation module, is used for:To Intranet Data carry out hash computing, obtain the first Hash Value;In interior network operation, the data of Intranet are verified according to the first Hash Value Integrality;Export module, for when determining the failure of the integrity verification of data of Intranet, the data of Intranet to be synchronized to outer net In.
With reference to fourth aspect, in the first mode in the cards, above-mentioned crypto-operation module is specifically used for periodically right The data of Intranet carry out hash computing, obtain the second Hash Value, to verify whether the second Hash Value is consistent with the first Hash Value.
With reference to the first of fourth aspect or fourth aspect mode in the cards, in second of mode in the cards In, above-mentioned crypto-operation module, is additionally operable to:Hash computing is being carried out to the data of Intranet, after obtaining the first Hash Value, to the Computing is encrypted in one Hash Value, obtains signature value;In interior network operation, according to having for the data of signature value periodic verification Intranet Effect property and integrality.
Whether the embodiment of the present invention can distort according to the Hash Value verification data in outer net, if data are usurped Change, the data in intranet server are imported into external network server by repetition.It is not the number being tampered that can so ensure data According to, but the data synchronously to come, the data of intranet server specified are derived from, are valid datas.
Brief description of the drawings
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other Attached drawing, wherein:
Fig. 1 is the schematic frame diagram of intranet and extranet data synchronous system according to an embodiment of the invention;
Fig. 2 is the indicative flowchart of the method for inside and outside network data synchronization according to an embodiment of the invention;
Fig. 3 is the indicative flowchart of the procedure of inside and outside network data synchronization according to an embodiment of the invention;
Fig. 4 is the indicative flowchart of the procedure of inside and outside network data synchronization according to another embodiment of the present invention;
Fig. 5 is the indicative flowchart of the method for inside and outside network data synchronization according to another embodiment of the present invention;
Fig. 6 is the schematic diagram of intranet and extranet data synchronization unit according to an embodiment of the invention;
Fig. 7 is the schematic diagram of intranet and extranet data synchronization unit according to another embodiment of the present invention;
Fig. 8 is the schematic diagram of the intranet and extranet data synchronization unit of another embodiment according to the present invention;
Fig. 9 is the computer equipment block diagram according to an embodiment of the invention for intranet and extranet data synchronization unit.
Embodiment
With reference to each attached drawing, the present invention is further described in detail.
It should be appreciated that embodiment described herein is only the part of the embodiment of the present invention, rather than whole implementation Example.Based on the embodiments of the present invention, those of ordinary skill in the art are obtained on the premise of creative work is not made All other embodiment, belong to the scope of protection of the invention.
Fig. 1 is the schematic frame diagram of intranet and extranet data synchronous system 100 according to an embodiment of the invention.
Intranet and extranet data synchronous system 100 includes intranet server 110 and external network server 120.Inside and outside network data is synchronous System 100 is a kind of system under the conditions of intranet and extranet physical isolation, and data storage mould can be included in intranet server 110 Block, this module can be any storable equipment such as database, local disk, network storage, the data derived from Intranet, just It is derived from here.Export module can also be included in intranet server 110, it reads data memory module by analyzing Data, storage medium is exported to by incremental data, and is signed to derived data.
Also data memory module is included in external network server 120, this module can be that database, local disk, network are deposited Any storable equipment such as storage, for the storage of data in outer net, the data of Intranet are exactly to increase here when importing, delete With modification data, moreover, this data memory module data need it is consistent with the data in intranet data memory module.
Certainly, not exclusively intranet server and the external network server of Intranet and outer net storage data.
Fig. 2 is the indicative flowchart of the method for inside and outside network data synchronization according to an embodiment of the invention.For example, Fig. 2 Embodiment can be performed by the external network server 120 in Fig. 1.The method of Fig. 2 includes following content.Below with reference to Fig. 1 Intranet and extranet data synchronous system 100 embodiment of Fig. 2 described.
210, hash computing is carried out to the first data of the Intranet of outer net storage, obtains the first Hash Value.
Specifically, the data of the intranet server 110 stored in external network server 120 can be that Intranet is transmitted for the first time Can be data all in intranet server 110 or intranet server 110 increases, deletes to all data of outer net To remove or amended data, data can be structural data either unstructured data, such as, binary data, can Extended-boundary-condition method (Extensible Markup Language) data etc..Hash computing for example can be Hash (Hash) computing, also referred to as hash operations, i.e., carry out computing using hash function and the data.
220, in outer network operation, the integrality of the first data is verified according to the first Hash Value.
Specifically, can be to all data for being stored in 120 data memory module of external network server in outer network operation Hash computing is done again, obtains Hash Value, it is then miscellaneous according to the hash computing verification two done before in outer net to all data Whether value of gathering is identical, to determine whether data distort, that is, determines the integrality of data.If for example, two hash It is worth identical, then illustrates that data do not have to distort, that is to say, that data are complete, otherwise, illustrate that data are tampered, i.e. data Integrity verification failure.
230, when determining the integrity verification failure of the first data, the first data that Intranet stores are synchronized to outer net In.
It is when definite data are distorted, that is, during integrity verification failure, the data in intranet server 110 are same Walk in external network server 120, until external network server 120 receives the first data of the above.
Based on the embodiment of the present invention, according to all numbers in outer net progress hash computing verification outer net data memory module According to whether distorting, if data are distorted, the data in Intranet are imported into outer net, can so ensure to be synchronized to The integrality of the data of outer net, ensures the uniformity of outer network data and intranet data.
Alternatively, further included as another embodiment, the above method:The second data of Intranet are obtained, the second data are increasing Measure data;The first data are updated, the data after being updated according to the second data;Wherein, the of the Intranet of external online storage One data carry out hash calculation process, obtain the first Hash Value, including:Hash computing is carried out to the data after renewal, obtains the One Hash Value.
Specifically, incremental data can be data that Intranet is transmitted to outer net for the first time or afterwards in Intranet Increase, the data deleted and changed.After external network server 120 receives the incremental data that intranet server 110 is transmitted, data are put In the data memory module of external network server 120, the data stored originally in external network server 120 are updated, after obtaining renewal Data.Then call crypto-operation module to carry out hash computing to all data after being updated in external network server 120, obtain First Hash Value.This data when needing using this data or is periodically done into hash computing again, contrasts twice miscellaneous Whether value of gathering is consistent, to verify this first Hash Value either with or without changing.If Hash Value does not change, illustrate at this time Data can use;If Hash Value changes explanation, data are distorted, and at this moment will import the number in intranet server 110 again According to.Wherein, hash computing is also referred to as Hash (Hash) function, and above-mentioned incremental data is the number that Intranet is transmitted to outer net for the first time According to when, in outer net and no data.
Alternatively, as another embodiment, before the first data of the Intranet stored to outer net carry out hash computing, go back Including:The second Hash Value of Intranet transmission is received, the progress hash computing of the second data is obtained wherein the second Hash Value is Intranet 's;Hash computing is carried out to the second data, obtains the 3rd Hash Value;According to the second Hash Value and the 3rd Hash Value, verification second Integrality during data transfer.
Specifically, the incremental data in data memory module is exported to storage medium by intranet server 110, and will be led The incremental data gone out carries out hash computing, obtains the second Hash Value;External network server 120 receives what intranet server 110 was transmitted Incremental data and the second Hash Value, carry out hash computing to incremental data at this time and obtain the 3rd Hash Value;By the 3rd Hash Value and Second Hash Value is compared, and if the identical data for illustrating if that to be transmitted through coming are accurate, continues follow-up step, if not Distorted with explanation data, transmitting procedure is problematic, need to transmit data again.Wherein, storage medium can be hard disk, CD Or any medium that can be stored such as tape.
Certainly, the incremental data in 110 data memory module of intranet server can also be carried out at signature before export Reason, obtains signature value, and external network server 120 receives the incremental data and signature value that intranet server 110 is transmitted, to signature value into Row decryption obtains Hash Value, and carrying out hash computing to incremental data at this time obtains a new Hash Value, by the Hash Value of decryption New Hash Value is compared with this, if the identical data for illustrating if that to be transmitted through coming have validity and integrality, continuation Follow-up step, if different explanation data are distorted, transmitting procedure need to transmit data again there occurs problem.
Based on the embodiment of the present invention, hash computing or label are carried out before the data export in intranet data memory module Name processing can ensure the completeness and efficiency in Intranet data into outer net transmitting procedure, and can so identify signature The identity of person, ensures the validity of identity, and it is to come from intranet server to determine data.
According to an embodiment of the invention, the integrality of above-mentioned the first data of verification, including:Periodically the first data are carried out miscellaneous Gather computing, obtain the 4th Hash Value, to verify whether the 4th Hash Value is consistent with the first Hash Value.
For example, external network server 120 is using all data stored in trigger timing scan outer net data memory module, Carry out hash computing and obtain the 4th Hash Value, then verify whether Hash Value at this time and above-mentioned first Hash Value are consistent.If Unanimously, illustrate that the data that Intranet is transmitted through are not tampered with, there is integrality;If it is different, explanation Intranet passes to outer net Data be the data being tampered, it is necessary to which the data of Intranet are passed to outer net again.
Alternatively, hash computing is carried out, is obtained as another embodiment, the first data of the above-mentioned Intranet to outer net storage After first Hash Value, further include:Computing is encrypted to the first Hash Value, obtains signature value;In outer network operation, according to The integrality of one the first data of Hash Value periodic verification, including:In outer network operation, according to signature value the first data of periodic verification Validity and integrality.
For example, after all data do hash computing during external network server 120 is to its data memory module, will also be to miscellaneous Computing is encrypted in value of gathering, and obtains signature value.When external network server 120 is using this data, it is necessary to first be carried out according to signature value Verification.
Due to Hash Value and easily it is maliciously tampered, Hash Value is encrypted after computing herein, it is ensured that Illegal person cannot distort Hash Value, ensure the validity and integrality of data when data use.
With reference to specific example, the embodiment of the present invention is described more fully.
Fig. 3 is the indicative flowchart of the procedure of inside and outside network data synchronization according to an embodiment of the invention.For example, The embodiment of Fig. 3 can be performed by the external network server 120 in Fig. 1.The method of Fig. 3 includes following content.Below with reference to The intranet and extranet data synchronous system 100 of Fig. 1 describes the embodiment of Fig. 3.
310, all data in intranet server 110 are imported into external network server 120 by hard disk for the first time, are updated Data in the data memory module of external network server.
All data in intranet server 110 are imported into hard disk for the first time, and hash computing is carried out to data, and are signed, Obtain signature value and data and signature value are imported into hard disk.Then data and signature value are imported into external network server from hard disk In 120, verification signature, if allowing to import if, otherwise terminates and imports.
320, Hash operation is carried out to all data for importeding into external network server 120, obtains the first Hash Value, and to the Computing is encrypted in one Hash Value, obtains signature value.
330, operationally, decrypted signature value, obtains the first Hash Value to outer net.
340, all data of trigger timing scan external network server 120 are periodically utilized, and the data of scanning are carried out Hash computing, obtains the second Hash Value.
350, verify whether the first Hash Value and the second Hash Value are consistent.
360, if the first Hash Value and the second Hash Value are different, external network server 120 is out of service, prompts to carry out data It is synchronous.
Fig. 4 is the indicative flowchart of the procedure of inside and outside network data synchronization according to another embodiment of the present invention.Example Such as, the embodiment of Fig. 4 can be performed by the external network server 120 in Fig. 1.The method of Fig. 4 includes following content.Below will knot The intranet and extranet data synchronous system 100 for closing Fig. 1 describes the embodiment of Fig. 4.
410, the incremental data in intranet server 110 is imported into external network server 120 by hard disk.
Incremental data in intranet server 110 is imported into hard disk, and hash computing is carried out to incremental data, and is signed, Obtain signature value and data and signature value are imported into hard disk.Then incremental data and signature value are imported into outer net service from hard disk In device 120, verification signature, if allowing to import if, otherwise terminates and imports.
415, incremental data is put into the data memory module of external network server 120, updates the data of external network server 120 Data in memory module.
420, hash operations are carried out to all data after the renewal in external network server 120, obtain the first Hash Value, and Computing is encrypted to the first Hash Value, obtains signature value.
430, operationally, decrypted signature value, obtains the first Hash Value to outer net.
440, all data of trigger timing scan external network server 120 are periodically utilized, and the data of scanning are carried out Hash computing, obtains the second Hash Value.
450, verify whether the first Hash Value and the second Hash Value are consistent.
460, if the first Hash Value and the second Hash Value are different, external network server 120 is out of service, prompts to carry out data It is synchronous.
Fig. 5 is the indicative flowchart of the method for inside and outside network data synchronization according to another embodiment of the present invention.For example, figure 5 method can be performed by the intranet server of Fig. 1.The method of Fig. 5 includes following content.Below with reference to the intranet and extranet of Fig. 1 Data synchronous system 100 describes the embodiment of Fig. 2.
510, hash computing is carried out to the data of Intranet, obtains the first Hash Value;
Specifically, Intranet export data after, it is necessary to again to Intranet institute monitoring in need data progress hash Computing.For example, after Intranet exports data for the first time, it is necessary to again to Intranet monitoring in need data carry out hash fortune Calculate.Wherein, data can be structural data either unstructured data, such as, binary data, xml data etc..
520, in interior network operation, the integrality of the data of Intranet is verified according to the first Hash Value;
Specifically, in interior network operation, can to store in the data memory module of Intranet monitoring in need Data do hash computing, obtain Hash Value, then compared with the Hash Value to prestore before, to determine whether intranet data is sent out Changing, that is, determine the integrality of intranet data.
530, when determining the failure of the integrity verification of data of Intranet, the data of Intranet are synchronized in outer net.
When definite integrity verification fails, that is, when having incremental data, the data in Intranet are synchronized in outer net.
Based on the embodiment of the present invention, according to the institute in Intranet progress hash computing periodic verification intranet data memory module There is the integrality of data, if during the integrity verification failure of data, the data in Intranet are imported into outer net.So can be with Whether verification Intranet has incremental data, and incremental data is imported into outer net in time.
According to an embodiment of the invention, the integrality of the data of above-mentioned verification Intranet, including:Periodically to the data of Intranet into Row hash computing, obtains the second Hash Value, to verify whether the second Hash Value is consistent with the first Hash Value.
For example, intranet server 110 is using all data stored in trigger timing scan intranet data memory module, Carry out hash computing and obtain the 4th Hash Value, then verify whether Hash Value at this time and above-mentioned first Hash Value are consistent.If Unanimously, illustrate that the data of Intranet do not change, there is integrality;If it is different, explanation Intranet generates incremental data, need The data of Intranet are imported into outer net again.
Alternatively, as another embodiment, the above-mentioned data to Intranet carry out hash computing, obtain the first Hash Value it Afterwards, further include:Computing is encrypted to the first Hash Value, obtains signature value;In interior network operation, verified according to the first Hash Value The integrality of the data of Intranet, including:In interior network operation, according to the validity of the data of signature value periodic verification Intranet and complete Whole property.
For example, after all data do hash computing during intranet server 110 is to its data memory module, will also be to miscellaneous Computing is encrypted in value of gathering, and obtains signature value.When intranet server 110 is using this data, it is necessary to first be carried out according to signature value Verify validity.
Due to Hash Value and easily it is maliciously tampered, Hash Value is encrypted after computing herein, it is ensured that Illegal person cannot distort Hash Value, ensure the validity and integrality of data when data use.
It described above is according to the method for the embodiment of the present invention, it is real according to the present invention with reference to Fig. 3 to Fig. 5 descriptions separately below Apply the intranet and extranet data synchronization unit of example.
Fig. 6 is the schematic diagram of intranet and extranet data synchronization unit 600 according to an embodiment of the invention.
Device 600 includes:Crypto-operation module 610 and import modul 620.Wherein, crypto-operation module 610, is used for:It is right First data of the Intranet of outer net storage carry out hash computing, obtain the first Hash Value;In outer network operation, according to the first hash The integrality of value the first data of verification;Import modul 620, in when determining the integrity verification failure of the first data, inciting somebody to action First data of net storage are synchronized in outer net.
The crypto-operation module 610 of intranet and extranet data synchronization unit 600 and the operation of import modul 620 and function can join 210,220 and 230 method of Fig. 2 is examined, in order to avoid repeating, this will not be repeated here.
Fig. 7 is the schematic diagram of intranet and extranet data synchronization unit 700 according to another embodiment of the present invention.
Device 700 includes:Crypto-operation module 710, import modul 720, acquisition module 730 and update module 740.Its In, acquisition module 730, for obtaining the second data of Intranet, the second data are incremental data;Update module 740, for basis Second the first data of data update, the data after being updated;Crypto-operation module 710, specifically for the data after renewal Hash computing is carried out, obtains the first Hash Value.
Crypto-operation module 710, acquisition module 730, the update module 740 of intranet and extranet data synchronization unit 700 operate and Function may be referred to the 310 of Fig. 3,320 method and 410,420 method of Fig. 4, and in order to avoid repeating, this will not be repeated here.
According to an embodiment of the invention, acquisition module 730, are additionally operable to the first data progress in the Intranet stored to outer net The second Hash Value of Intranet transmission is received before hash computing, wherein the second Hash Value is Intranet carries out hash fortune to the second data Obtain;Crypto-operation module 710, is additionally operable to:Hash computing is carried out to the second data, obtains the 3rd Hash Value;According to Two Hash Values and the 3rd Hash Value, verify integrality during the second data transfer.
The crypto-operation module 710 of intranet and extranet data synchronization unit 700 and the operation of acquisition module 730 and function can join 310 method of Fig. 3 and 410 method of Fig. 4 are examined, in order to avoid repeating, this will not be repeated here.
According to an embodiment of the invention, above-mentioned crypto-operation module 710, specifically for periodically carrying out hash to the first data Computing, obtains the 4th Hash Value, to verify whether the 4th Hash Value is consistent with the first Hash Value.
The operation of the crypto-operation module 710 of intranet and extranet data synchronization unit 700 and function may be referred to Fig. 3 340, 350 and 360 method and the 440 of Fig. 4,450 and 460 method, in order to avoid repeating, this will not be repeated here.
According to an embodiment of the invention, above-mentioned crypto-operation module 710, is additionally operable to:The of the Intranet stored to outer net One data carry out hash computing, after obtaining the first Hash Value, computing are encrypted to the first Hash Value, obtains signature value; During outer network operation, according to the validity and integrality of signature value the first data of periodic verification.
The operation of the crypto-operation module 710 of intranet and extranet data synchronization unit 700 and function may be referred to Fig. 3 320, 330 method and the 420 of Fig. 4,430 method, in order to avoid repeating, this will not be repeated here.
Fig. 8 is the schematic diagram of the intranet and extranet data synchronization unit 800 of another embodiment according to the present invention.
Device 800 includes:Crypto-operation module 810 and export module 820.Wherein, crypto-operation module 810, is used for:It is right The data of Intranet carry out hash computing, obtain the first Hash Value;In interior network operation, the number of Intranet is verified according to the first Hash Value According to integrality;Export module 820, it is when the integrity verification for the data in definite Intranet fails, the data of Intranet are same Walk in outer net.
The crypto-operation module 810 of intranet and extranet data synchronization unit 800 and the operation of export module 820 and function can join 510,520 and 530 method of Fig. 5 is examined, in order to avoid repeating, this will not be repeated here.
According to an embodiment of the invention, the data progress that above-mentioned crypto-operation module 810 is specifically used for periodically to Intranet is miscellaneous Gather computing, the second Hash Value is obtained, to verify whether the second Hash Value is consistent with the first Hash Value.
It is corresponding that the operation of the crypto-operation module 810 of intranet and extranet data synchronization unit 800 and function may be referred to Intranet Method, in order to avoid repeat, this will not be repeated here.
According to an embodiment of the invention, above-mentioned crypto-operation module, is additionally operable to:Hash fortune is carried out in the data to Intranet Calculate, after obtaining the first Hash Value, computing is encrypted to the first Hash Value, obtains signature value;In interior network operation, according to label The validity and integrality of the data of name value periodic verification Intranet.
It is corresponding that the operation of the crypto-operation module 810 of intranet and extranet data synchronization unit 800 and function may be referred to Intranet Method, in order to avoid repeat, this will not be repeated here.
Fig. 9 is the block diagram of the computer equipment 900 according to an embodiment of the invention for the synchronization of inside and outside network data.
With reference to Fig. 9, device 900 includes processing component 910, it further comprises one or more processors, and by depositing Memory resource representated by reservoir 920, can be by the instruction of the execution of processing component 910, such as application program for storing.Deposit The application program stored in reservoir 920 can include it is one or more each correspond to the module of one group of instruction.This Outside, processing component 910 is configured as execute instruction, to perform the method for above-mentioned inside and outside network data synchronization.
Device 900 can also include a power supply module and be configured as the power management of executive device 900, one it is wired or Radio network interface is configured as device 900 being connected to network, and input and output (I/O) interface.Device 900 can be grasped Make based on the operating system for being stored in memory 920, such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTMIt is or similar.
A kind of non-transitorycomputer readable storage medium, when the instruction in storage medium is by the processing of above device 900 When device performs so that above device 900 is able to carry out a kind of method of inside and outside network data synchronization, including:To in outer net storage First data of net carry out hash computing, obtain the first Hash Value;In outer network operation, according to the first number of the first Hash Value verification According to integrality;When determining the integrity verification failure of the first data, the first data that Intranet stores are synchronized in outer net.
Those of ordinary skill in the art may realize that each exemplary recognize with reference to what the embodiments described herein described Step is demonstrate,proved, can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually with hardware Or software mode performs, application-specific and design constraint depending on technical solution.Professional technician can be right Each specific application using distinct methods realizes described function, but this realizes it is not considered that beyond the present invention Scope.
It is apparent to those skilled in the art that for convenience and simplicity of description, the method for foregoing description With the specific work process of device, the corresponding process in preceding method embodiment is may be referred to, details are not described herein.
In several embodiments provided herein, it should be understood that disclosed apparatus and method, can pass through it Its mode is realized.For example, device embodiment described above is only schematical, for example, the division of the unit, only Only a kind of division of logic function, can there is other dividing mode when actually realizing, such as multiple units or component can be tied Another system is closed or is desirably integrated into, or some features can be ignored, or do not perform.It is another, it is shown or discussed Mutual coupling, direct-coupling or communication connection can be the INDIRECT COUPLING or logical by some interfaces, device or unit Letter connection, can be electrical, machinery or other forms.
The unit illustrated as separating component may or may not be physically separate, be shown as unit The component shown may or may not be physical location, you can with positioned at a place, or can also be distributed to multiple In network unit.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs 's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also That unit is individually physically present, can also two or more units integrate in a unit.
If the function is realized in the form of SFU software functional unit and is used as independent production marketing or in use, can be with It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words The part to contribute to the prior art or the part of the technical solution can be embodied in the form of software product, the meter Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be People's computer, server or network equipment etc.) perform all or part of step of each embodiment the method for the present invention. And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of storage program actuating code.
The above description is merely a specific embodiment, but protection scope of the present invention is not limited thereto, any Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained Cover within protection scope of the present invention.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.

Claims (16)

  1. A kind of 1. method of inside and outside network data synchronization, it is characterised in that including:
    Hash computing is carried out to the first data of the Intranet of outer net storage, obtains the first Hash Value;
    In the outer network operation, the integrality of first data is verified according to first Hash Value;
    When determining the integrity verification failure of first data, first data that the Intranet is stored are synchronized to institute State in outer net.
  2. 2. the method for inside and outside network data synchronization according to claim 1, it is characterised in that further include:
    The second data of the Intranet are obtained, second data are incremental data;
    According to the first data, the data after being updated described in second data update;
    Wherein, the first data of the Intranet to outer net storage carry out hash computing, obtain the first Hash Value, including:
    Hash computing is carried out to the data after the renewal, obtains first Hash Value.
  3. 3. the method for inside and outside network data synchronization according to claim 2, it is characterised in that described in outer net storage Before first data of net carry out hash computing, further include:
    Receive the second Hash Value of Intranet transmission, wherein second Hash Value be the Intranet to second data into Row hash computing obtains;
    Hash computing is carried out to second data, obtains the 3rd Hash Value;
    According to second Hash Value and the 3rd Hash Value, integrality during second data transfer is verified.
  4. 4. the method for the inside and outside network data synchronization according to any one of claims 1 to 3, it is characterised in that described to test The integrality of first data is demonstrate,proved, including:
    Periodically to first data carry out hash computing, obtain the 4th Hash Value, with verify the 4th Hash Value whether with First Hash Value is consistent.
  5. 5. the method for the inside and outside network data synchronization according to any one of claims 1 to 3, it is characterised in that described right First data of the Intranet of outer net storage carry out hash computing, after obtaining the first Hash Value, further include:To first hash Computing is encrypted in value, obtains signature value;
    It is described that the integrality of first data is verified according to first Hash Value in the outer network operation, including:
    In the outer network operation, according to the validity and integrality of the first data described in the signature value periodic verification.
  6. A kind of 6. method of inside and outside network data synchronization, it is characterised in that including:
    Hash computing is carried out to the data of Intranet, obtains the first Hash Value;
    In the interior network operation, the integrality of the data of the Intranet is verified according to first Hash Value;
    When determining the failure of the integrity verification of data of the Intranet, the data of the Intranet are synchronized in the outer net.
  7. 7. the method for inside and outside network data synchronization according to claim 6, it is characterised in that the number of the verification Intranet According to integrality, including:
    Hash computing periodically is carried out to the data of the Intranet, the second Hash Value is obtained, whether to verify second Hash Value It is consistent with first Hash Value.
  8. 8. the method for the inside and outside network data synchronization according to claim 6 or 7, it is characterised in that in the number to Intranet According to hash computing is carried out, after obtaining the first Hash Value, further include:Computing is encrypted to first Hash Value, is signed Name value;
    It is described that the integrality of the data of the Intranet is verified according to first Hash Value in the interior network operation, including:
    In the interior network operation, according to the validity and integrality of the data of Intranet described in the signature value periodic verification.
  9. A kind of 9. device of inside and outside network data synchronization, it is characterised in that including:
    Crypto-operation module, is used for:Hash computing is carried out to the first data of the Intranet of outer net storage, obtains the first Hash Value; In the outer network operation, the integrality of first data is verified according to first Hash Value;
    Import modul, for when determining the integrity verification failure of first data, the Intranet is stored described the One data are synchronized in the outer net.
  10. 10. the device of inside and outside network data synchronization according to claim 9, it is characterised in that further include:
    Acquisition module, for obtaining the second data of the Intranet, second data are incremental data;
    Update module, for updating first data, the data after being updated;
    The crypto-operation module, specifically for carrying out hash computing to the data after the renewal, obtains first hash Value.
  11. 11. the device of inside and outside network data synchronization according to claim 10, it is characterised in that the acquisition module, is also used In the second hash that the Intranet transmission is received before the first data of the Intranet to outer net storage carry out hash computing Value, obtains second data progress hash computing wherein second Hash Value is the Intranet;
    The crypto-operation module, is additionally operable to:Hash computing is carried out to second data, obtains the 3rd Hash Value;According to institute The second Hash Value and the 3rd Hash Value are stated, verifies integrality during second data transfer.
  12. 12. the device of the inside and outside network data synchronization according to any one of claim 9 to 11, it is characterised in that described Crypto-operation module, specifically for periodically carrying out hash computing to first data, obtains the 4th Hash Value, with described in verification Whether the 4th Hash Value is consistent with first Hash Value.
  13. A kind of 13. device of inside and outside network data synchronization according to any one of claim 9 to 11, it is characterised in that
    The crypto-operation module, is additionally operable to:Hash computing is carried out in the first data of the Intranet to outer net storage, is obtained After first Hash Value, computing is encrypted to first Hash Value, obtains signature value;In the outer network operation, according to The validity and integrality of first data described in the signature value periodic verification.
  14. A kind of 14. device of inside and outside network data synchronization, it is characterised in that including:
    Crypto-operation module, is used for:Hash computing is carried out to the data of Intranet, obtains the first Hash Value;In the interior network operation When, according to the integrality of the data of first Hash Value verification Intranet;
    Export module, it is when the integrity verification for the data in the definite Intranet fails, the data of the Intranet are synchronous Into the outer net.
  15. 15. the device of inside and outside network data synchronization according to claim 14, it is characterised in that
    The crypto-operation module, specifically for periodically carrying out hash computing to the data of the Intranet, obtains the second Hash Value, To verify whether second Hash Value is consistent with first Hash Value.
  16. 16. the device of the inside and outside network data synchronization according to claims 14 or 15, it is characterised in that the crypto-operation mould Block, is additionally operable to:Hash computing is carried out in the data to Intranet, after obtaining the first Hash Value, to first Hash Value Computing is encrypted, obtains signature value;In the interior network operation, according to the data of Intranet described in the signature value periodic verification Validity and integrality.
CN201711288139.0A 2017-12-07 2017-12-07 The method and apparatus of inside and outside network data synchronization Pending CN107920130A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711288139.0A CN107920130A (en) 2017-12-07 2017-12-07 The method and apparatus of inside and outside network data synchronization

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711288139.0A CN107920130A (en) 2017-12-07 2017-12-07 The method and apparatus of inside and outside network data synchronization

Publications (1)

Publication Number Publication Date
CN107920130A true CN107920130A (en) 2018-04-17

Family

ID=61897294

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711288139.0A Pending CN107920130A (en) 2017-12-07 2017-12-07 The method and apparatus of inside and outside network data synchronization

Country Status (1)

Country Link
CN (1) CN107920130A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110572357A (en) * 2019-07-25 2019-12-13 中国科学院信息工程研究所 device and method for realizing safety information export

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102014133A (en) * 2010-11-26 2011-04-13 清华大学 Method for implementing safe storage system in cloud storage environment
CN103139149A (en) * 2011-11-25 2013-06-05 国民技术股份有限公司 Method and system for accessing data in cloud storage
CN104202168A (en) * 2014-09-19 2014-12-10 浪潮电子信息产业股份有限公司 Cloud data integrity verification method based on trusted third party
US20160085769A1 (en) * 2014-09-23 2016-03-24 Amazon Technologies, Inc. Synchronization of Shared Folders and Files
CN107220560A (en) * 2017-06-22 2017-09-29 北京航空航天大学 A kind of embedded system data completeness protection method expanded based on data buffer storage

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102014133A (en) * 2010-11-26 2011-04-13 清华大学 Method for implementing safe storage system in cloud storage environment
CN103139149A (en) * 2011-11-25 2013-06-05 国民技术股份有限公司 Method and system for accessing data in cloud storage
CN104202168A (en) * 2014-09-19 2014-12-10 浪潮电子信息产业股份有限公司 Cloud data integrity verification method based on trusted third party
US20160085769A1 (en) * 2014-09-23 2016-03-24 Amazon Technologies, Inc. Synchronization of Shared Folders and Files
CN107220560A (en) * 2017-06-22 2017-09-29 北京航空航天大学 A kind of embedded system data completeness protection method expanded based on data buffer storage

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110572357A (en) * 2019-07-25 2019-12-13 中国科学院信息工程研究所 device and method for realizing safety information export

Similar Documents

Publication Publication Date Title
CA3028557C (en) Blockchain configuration history for aircraft maintenance, modification, and activity tracking
CN106599713B (en) A kind of database desensitization system and method based on big data
CN108881312A (en) Intelligent contract upgrade method, system and relevant device and storage medium
US20140045462A1 (en) Initialization of embedded secure elements
CN110443075A (en) A kind of method and device of block chain intelligence contract verifying deployment
CN108804618A (en) Configuration method for database, device, computer equipment and storage medium
CN106878363A (en) A kind of information processing method, apparatus and system
CN107329853A (en) Backup method, standby system and the electronic equipment of data-base cluster
CN111861285A (en) Power distribution network material quality data high-reliability real-time management and control method and system based on block chain technology
CN111429995A (en) Vaccine tracing method and system based on alliance chain
CN106843976A (en) Method and apparatus for generating image file
CN107797819A (en) Delta package generation method, computer-readable recording medium and server
CN113435174A (en) System and method for constructing instrument digital object based on data dictionary
CN112039866A (en) Design method of block chain-based data trusted configuration management system
Hailesellasie et al. Intrusion detection in PLC-based industrial control systems using formal verification approach in conjunction with graphs
CN107977467A (en) Database monitoring device
CN107621963A (en) A kind of software deployment method, software deployment system and electronic equipment
CN106681760A (en) Transaction processing method and device based on client engineering project management system
CN107920130A (en) The method and apparatus of inside and outside network data synchronization
CN112363997B (en) Data version management method, device and storage medium
CN107968764A (en) A kind of authentication method and device
CN113034096B (en) Intelligent research and development and production information system
CN109298869A (en) A kind of generation method and relevant apparatus of target channel packet
CN111783133B (en) Network resource management method based on block chain technology
CN113449034A (en) Intelligent contract data security management method, system and storage medium based on block chain network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180417

RJ01 Rejection of invention patent application after publication