CN110933087A - Sensitive information secure transmission method based on data bridging - Google Patents
Sensitive information secure transmission method based on data bridging Download PDFInfo
- Publication number
- CN110933087A CN110933087A CN201911214512.7A CN201911214512A CN110933087A CN 110933087 A CN110933087 A CN 110933087A CN 201911214512 A CN201911214512 A CN 201911214512A CN 110933087 A CN110933087 A CN 110933087A
- Authority
- CN
- China
- Prior art keywords
- data
- application
- server
- application platform
- carrier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a data bridging-based sensitive information secure transmission method, which comprises the following specific steps: s1, constructing a bridge file by the carrier application platform; s2, H5 application obtains authentication Token from the carrier application platform through the bridge file; s3, H5 application carries authentication Token to send data request to H5 application server; s4, H5 application server carries authentication Token to initiate data request to carrier application platform server; s5, after the carrier application platform server is verified, responding to the request of the H5 application server, generating data and transmitting the data to the H5 application server; s6, H5 application server transmits data to H5 application by encrypted data transmission. The sensitive information safe transmission method based on data bridging puts the transmission of sensitive data at the server side, and uses the symmetric encryption and white list filtering strategies of the server side on the basis of data bridging, so that the data is transmitted more safely and stably.
Description
Technical Field
The invention belongs to the field of sensitive information secure transmission, and particularly relates to a data bridging-based sensitive information secure transmission method.
Background
In the process of accessing the existing H5 to the application platform, the transmission of sensitive data is a key problem restricting the development of the application platform. When a user uses a mobile application, there are many places where personal privacy data are involved, such as personal identity information, family relationship data, and the like, and these information are generally transmitted in an encrypted manner, and the data encryption manner is also five-fold, which sets a threshold for the cross-platform universality of the H5 application. In order to solve the problem, more and more people start to use data bridging as a data transmission mode, and the data is called by using a packaging method (such as a JavaScript method of Android) inside each application platform. However, this calling method requires the bridge file to encapsulate various required data in advance so as to be compatible with the new application access. Therefore, a carrier application platform generates a lot of redundant codes, so that the service of the carrier application platform becomes complex and heavy, the stability of the carrier application platform is reduced, and the carrier application platform needs to be re-developed and released every time a new application is accessed, thereby greatly increasing the workload.
Disclosure of Invention
In view of this, the present invention is directed to a method for securely transmitting sensitive information based on data bridging, where the method places sensitive data transmission on a server, and uses symmetric encryption and white list filtering strategies of the server on the basis of data bridging, so as to more securely and stably transmit data.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
a sensitive information secure transmission method based on data bridging comprises the following specific steps:
s1, constructing a bridge file by the carrier application platform;
s2, H5 application obtains authentication Token from the carrier application platform through the bridge file;
s3, H5 application carries authentication Token to send data request to H5 application server;
s4, H5 application server carries authentication Token to initiate data request to carrier application platform server;
s5, after the carrier application platform server verifies the authentication Token, responding to the request of the H5 application server and generating data, and transmitting the data to the H5 application server;
s6, H5 application server transmits data to H5 application by encrypted data transmission.
Further, the data described in the above S3-S6 is sensitive data carrying user information, and the data is provided by the carrier application platform server.
Further, the H5 application server and the carrier application platform server have a white list filtering strategy, and the two parties add the other party to the accessible white list.
Further, in S1, the carrier application platform constructs a bridge file by using a JsBridge data bridging technology, and a method for uniformly interfacing with H5 is encapsulated in the bridge file, where the method includes an authentication Token necessary for acquiring sensitive data.
Further, in S3, the data of the request process, i.e. the request parameter and the response parameter, are transmitted in an encrypted manner for data security.
Further, in the verification step in S4, ip filtering and screening are performed by the white list system of the application platform server to ensure that the other side is a specific server.
Further, in S5, the carrier application platform server verifies the request from the H5 application server to the carrier application platform server through white list filtering and authentication Token.
Further, the communication among the H5 application server, the carrier application platform server and the mobile terminal respectively uses a symmetric encryption technology to encode and encrypt the transmitted data.
Compared with the prior art, the sensitive information secure transmission method based on data bridging has the following advantages:
according to the data bridging-based sensitive information secure transmission method, sensitive data are transmitted at the server side, on the basis of data bridging, the symmetric encryption and white list filtering strategies of the server side are used, data are transmitted more safely and stably, the simplicity of application of a carrier application platform is guaranteed, the increasing redundancy and heavy load caused by the access of H5 application are avoided, and the coupling between the application and the function is reduced; the invention is more consistent with the current mobile application servitization and productization ideas, and is a link for promoting intercommunication and interconnection among various business systems.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
fig. 1 is a schematic diagram of a secure transmission method for sensitive information based on data bridging according to an embodiment of the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first," "second," etc. may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means two or more unless otherwise specified.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present invention can be understood by those of ordinary skill in the art through specific situations.
The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
A sensitive information secure transmission method based on data bridging comprises the following specific steps:
s1, constructing a bridge file by the carrier application platform;
s2, H5 application obtains authentication Token from the carrier application platform through the bridge file;
s3, H5 application carries authentication Token to send data request to H5 application server;
s4, H5 application server carries authentication Token to initiate data request to carrier application platform server;
s5, after the carrier application platform server verifies the authentication Token, responding to the request of the H5 application server and generating data, and transmitting the data to the H5 application server;
s6, H5 application server transmits data to H5 application by encrypted data transmission.
The data described in the above S3-S6 are sensitive data carrying user information, and the data is provided by the carrier application platform server.
The H5 application server and the carrier application platform server have a white list filtering policy and both have added the other to an accessible white list.
The carrier application platform in S1 constructs a bridge file through JsBridge data bridging technology, a method for unified docking H5 application is packaged in the bridge file, and the method comprises authentication Token necessary for acquiring sensitive data.
In S3, the data of the request process, i.e. the request parameter and the response parameter, are transmitted in an encrypted manner for data security.
The verification step in S4 is to perform ip filtering and screening through the white list system of the application platform server to ensure that the other party is a specific server.
And in S5, the carrier application platform server verifies the request of the H5 application server for initiating data to the carrier application platform server through white list filtering and authentication Token.
The communication among the H5 application server, the carrier application platform server and the mobile terminal respectively uses a symmetric encryption technology to encode and encrypt the transmitted data.
As shown in fig. 1, the present invention provides a more secure and stable transmission scheme for H5 application access carrier application platform, and this solution requires the access parties to reach the following agreement:
(1) sensitive data is provided by a carrier application platform server;
(2) for communication security, both the H5 application server and the carrier application platform server need to have a common and necessary white list filtering strategy, and both sides add the other side to an accessible white list;
(3) for data transmission security, the communication between the server and the mobile terminal respectively carries out encoding encryption (such as AES, DES, IDEA and the like) on the transmitted data by using a safer symmetric encryption technology, and the encryption modes do not need to be unified;
based on this, the main steps of the present invention are shown in fig. 1:
step one, packaging a bridge file and a data interface:
a carrier application platform (APP) constructs a bridging file, wherein the carrier application platform (APP) is an APP, and the JsBridge is used for constructing a data bridging file for data exchange; a method for packaging a unified docking H5 application in a bridge file provides a Token (authentication Token) necessary for acquiring sensitive data, and a carrier application platform server provides a sensitive data acquisition interface, wherein the authentication Token is a necessary parameter.
Step two, the application of H5 initiates a data request:
s1: h5 application obtains authentication Token from carrier application platform through bridge file;
s2: the H5 application carries on the authentication Token and H5 application server to carry on the data request, for data security, the data of the request course, namely request parameter and response parameter, need to transmit through the symmetric encryption;
s3: the H5 application server takes the authentication Token to initiate a data request to the carrier application platform server, and the process needs to carry out ip filtering and screening through a white list system of the application platform server to ensure that a specific server can carry out data communication, thereby further ensuring the data security.
Step three, the carrier application platform server generates response data:
s4: after the carrier application platform server is subjected to white list filtering and authentication Token verification, responding to the request to generate data, and transmitting the data to the H5 application server after the data are filtered by a white list system of the H5 application server;
step four: h5 application server response data.
S5: the H5 application server presents the data to the H5 application after the symmetric encryption coding.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (8)
1. A sensitive information secure transmission method based on data bridging comprises the following specific steps:
s1, constructing a bridge file by the carrier application platform;
s2, H5 application obtains authentication Token from the carrier application platform through the bridge file;
s3, H5 application carries authentication Token to send data request to H5 application server;
s4, H5 application server carries authentication Token to initiate data request to carrier application platform server;
s5, after the carrier application platform server verifies the authentication Token, responding to the request of the H5 application server and generating data, and transmitting the data to the H5 application server;
s6, H5 application server transmits data to H5 application by encrypted data transmission.
2. The method for securely transmitting sensitive information based on data bridging according to claim 1, wherein: the data described in the above S3-S6 are sensitive data carrying user information, and the data is provided by the carrier application platform server.
3. The method for securely transmitting sensitive information based on data bridging according to claim 1, wherein: before executing the above-mentioned S1-S6, the H5 application server and the carrier application platform server have white list filtering policies, and both sides have added each other into an accessible white list.
4. The method for securely transmitting sensitive information based on data bridging according to claim 1, wherein: the carrier application platform in S1 constructs a bridge file through JsBridge data bridging technology, a method for unified docking H5 application is packaged in the bridge file, and the method comprises authentication Token necessary for acquiring sensitive data.
5. The method for securely transmitting sensitive information based on data bridging according to claim 1, wherein: in S3, the data of the request process, i.e. the request parameter and the response parameter, are transmitted in an encrypted manner for data security.
6. The method for securely transmitting sensitive information based on data bridging according to claim 1, wherein: the verification step in S4 is to perform ip filtering and screening through the white list system of the application platform server to ensure that the other party is a specific server.
7. The method for securely transmitting sensitive information based on data bridging according to claim 1, wherein: and in S5, the carrier application platform server verifies the request of the H5 application server for initiating data to the carrier application platform server through white list filtering and authentication Token.
8. The method for securely transmitting sensitive information based on data bridging according to claim 1, wherein: the communication among the H5 application server, the carrier application platform server and the mobile terminal respectively uses a symmetric encryption technology to encode and encrypt the transmitted data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911214512.7A CN110933087A (en) | 2019-12-02 | 2019-12-02 | Sensitive information secure transmission method based on data bridging |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911214512.7A CN110933087A (en) | 2019-12-02 | 2019-12-02 | Sensitive information secure transmission method based on data bridging |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110933087A true CN110933087A (en) | 2020-03-27 |
Family
ID=69848426
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911214512.7A Pending CN110933087A (en) | 2019-12-02 | 2019-12-02 | Sensitive information secure transmission method based on data bridging |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110933087A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102724204A (en) * | 2012-06-28 | 2012-10-10 | 电子科技大学 | Secure and trusted capability opening platform |
| CN103327043A (en) * | 2012-03-21 | 2013-09-25 | 腾讯科技(深圳)有限公司 | Method and system and relation chain platform server for pushing messages |
| US20170104756A1 (en) * | 2015-10-13 | 2017-04-13 | Secupi Security Solutions Ltd | Detection, protection and transparent encryption/tokenization/masking/redaction/blocking of sensitive data and transactions in web and enterprise applications |
| CN108346093A (en) * | 2018-01-19 | 2018-07-31 | 维沃移动通信有限公司 | A kind of revenue and expenditure record queries method and device |
| CN108629201A (en) * | 2018-04-24 | 2018-10-09 | 山东华软金盾软件股份有限公司 | A method of database illegal operation is blocked |
| CN108959864A (en) * | 2017-05-25 | 2018-12-07 | 阿里巴巴集团控股有限公司 | Funcall authentication, the method and apparatus of calling function and authority information method for building up |
| CN110381084A (en) * | 2019-08-07 | 2019-10-25 | 北京三快在线科技有限公司 | Single-node login system and method, storage medium and electronic equipment |
-
2019
- 2019-12-02 CN CN201911214512.7A patent/CN110933087A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103327043A (en) * | 2012-03-21 | 2013-09-25 | 腾讯科技(深圳)有限公司 | Method and system and relation chain platform server for pushing messages |
| CN102724204A (en) * | 2012-06-28 | 2012-10-10 | 电子科技大学 | Secure and trusted capability opening platform |
| US20170104756A1 (en) * | 2015-10-13 | 2017-04-13 | Secupi Security Solutions Ltd | Detection, protection and transparent encryption/tokenization/masking/redaction/blocking of sensitive data and transactions in web and enterprise applications |
| CN108959864A (en) * | 2017-05-25 | 2018-12-07 | 阿里巴巴集团控股有限公司 | Funcall authentication, the method and apparatus of calling function and authority information method for building up |
| CN108346093A (en) * | 2018-01-19 | 2018-07-31 | 维沃移动通信有限公司 | A kind of revenue and expenditure record queries method and device |
| CN108629201A (en) * | 2018-04-24 | 2018-10-09 | 山东华软金盾软件股份有限公司 | A method of database illegal operation is blocked |
| CN110381084A (en) * | 2019-08-07 | 2019-10-25 | 北京三快在线科技有限公司 | Single-node login system and method, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20230164540A1 (en) | Method and apparatus for accessing cellular network for sim profile | |
| US8639929B2 (en) | Method, device and system for authenticating gateway, node and server | |
| CN105379190B (en) | The system and method for being used to indicate service set identifier | |
| US9497630B2 (en) | Enhanced manageability in wireless data communication systems | |
| CN107846447A (en) | A kind of method of the home terminal access message-oriented middleware based on MQTT agreements | |
| KR102119586B1 (en) | Systems and methods for relaying data over communication networks | |
| CN102318386A (en) | Service-based authentication to a network | |
| CN104661171B (en) | Small data secure transmission method and system for MTC (machine type communication) equipment group | |
| CN110650009B (en) | Mobile network and communication method | |
| US10152587B2 (en) | Device pairing method | |
| CN104700021A (en) | Remote unlocking method and system | |
| CN103312677B (en) | Terminal, server and the method for building up of communication connection | |
| KR20200013053A (en) | Communication method and device | |
| CN108683641A (en) | A kind of data communications method, device, unmanned plane and computer storage media | |
| CN108011867B (en) | Safe encryption method and system for railway signals | |
| CN102255904B (en) | Communication network and terminal authentication method thereof | |
| CN110933087A (en) | Sensitive information secure transmission method based on data bridging | |
| CN110913004A (en) | Data security exchange method based on cloud platform | |
| CN103813318B (en) | A kind of information configuring methods, equipment and system | |
| CN111357305B (en) | Communication method, equipment, system and storage medium of movable platform | |
| CN114501398A (en) | Control system and method for networking WIFI equipment based on Bluetooth mesh | |
| CN107770769B (en) | Encryption method, network side equipment and terminal | |
| CN101369885A (en) | Method and system for security transmission of certificate document | |
| CN115801388B (en) | Message transmission method, device and storage medium | |
| CN106911468B (en) | A kind of method and apparatus for realizing key agreement |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200327 |