CN111934879A - Data transmission encryption method, device, equipment and medium for internal and external network system - Google Patents

Data transmission encryption method, device, equipment and medium for internal and external network system Download PDF

Info

Publication number
CN111934879A
CN111934879A CN202010650015.8A CN202010650015A CN111934879A CN 111934879 A CN111934879 A CN 111934879A CN 202010650015 A CN202010650015 A CN 202010650015A CN 111934879 A CN111934879 A CN 111934879A
Authority
CN
China
Prior art keywords
data
ciphertext
encryption
public key
abstract
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010650015.8A
Other languages
Chinese (zh)
Other versions
CN111934879B (en
Inventor
黄家昌
薛伟
邱道椿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Ecan Information Technology Co ltd
Original Assignee
Fujian Ecan Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Ecan Information Technology Co ltd filed Critical Fujian Ecan Information Technology Co ltd
Priority to CN202010650015.8A priority Critical patent/CN111934879B/en
Publication of CN111934879A publication Critical patent/CN111934879A/en
Application granted granted Critical
Publication of CN111934879B publication Critical patent/CN111934879B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a method, a device, equipment and a medium for encrypting data transmission of an internal and external network system, wherein the method comprises the steps of generating a first public key, a first private key, a second public key and a second private key through a data encryption and decryption verification center arranged on a gateway server, issuing the first private key and the second public key to a client, and issuing the first public key and the second private key to a server; the data encryption and decryption verification center receives request information generated by the client based on the first private key, decrypts the request data by using the first public key based on the request information, and directly sends the request data to the server; and the data encryption and decryption verification center receives response information generated by the server based on the second private key, decrypts response data by using the second public key based on the response information, and directly sends the response data to the client. The invention has the advantages that: the data exchange function can be realized in an isolated state, and the system has a multi-level safety mechanism and can ensure the safety of cross-network data transmission.

Description

Data transmission encryption method, device, equipment and medium for internal and external network system
Technical Field
The invention relates to the technical field of computers, in particular to a method, a device, equipment and a medium for encrypting data transmission of an internal and external network system.
Background
In the process of promoting hospital informatization, patient information is highly centralized and electronized, and the electronized information contains various privacy and even some information is related to personal safety, social group safety and the like. As is well known, although electronic information can bring great convenience to information management, electronic information also faces the risk in terms of security, and the hidden danger of leaking core data is more and more prominent, for example, the problem of information theft and attack, how to ensure the security of information system data?
Generally, in a hospital information system, an extranet system mainly includes an OA system, a hospital website, and the like, and is mainly used for completing business such as administrative office work, document approval, and the like of a hospital. With the continuous development of hospital business, on the premise of ensuring information safety, development of WeChat public numbers, physical examination information, image information and the like are required to be provided for patients, and third-party distributor transaction cloud platforms, order acceptance and the like are also required to facilitate purchase of orders of consumables, medicines, reagents and the like of academies. The intranet mainly comprises an HIS system, an HRP system, an LIS system and the like, and the systems are core business systems of the hospital and are mainly used for comprehensively managing the hospital and people, properties and objects of all departments to which the hospital belongs, and collecting, storing, processing, extracting, transmitting, summarizing and processing data generated in all stages of medical activities to generate various information, so that a comprehensive and automatic management scheme is provided for the overall operation of the hospital. As can be seen from the above, with the continuous maturity of information systems, not only the information exchange between the intranet and the extranet is necessary, but also the number and frequency of the information exchange become larger and higher, and thus the contradiction becomes more and more prominent. Therefore, the safe interaction of the internal and external network data must provide safe storage and cooperative work of important data for users and hospitals on the premise of ensuring data safety, convenient operation and reliability.
At present, data exchange between internal and external network systems of a hospital mainly comprises the following modes: the first is to adopt the U disk to exchange files between the internal and external networks; the internal network and the external network are physically separated, but the required data needs to be exported from the internal network and then imported to the external network machine through a mobile storage medium such as a U disk. Although the method is safer, the investment is less; however, the ferry attack risk also exists in the method, the ferry attack means that a ferry trojan is installed aiming at the mobile storage device and is used for infecting the U disk for propagation, particularly sensitive files are written into the U disk by means of keyword matching and the like, and once the U disk is inserted into a computer connected with the internet, the sensitive files in the U disk are automatically sent to the computer designated by the internet; in addition, the mode also increases the workload of workers, and the convenience is greatly reduced.
The second is to deploy gateway and network gate products between the internal and external networks to perform data exchange management; in this way, the internal and external networks are logically isolated, and the security is improved; however, in some cases, the network is physically connected, and external hackers are likely to penetrate through the gateway or gatekeeper to the internal core service server, because of the risk of vulnerabilities of the device's own applications, operating system, database, and the directed attacks against a particular vulnerability will increase.
The third is to connect the inner and outer nets directly without protection. The mode is equivalent to directly placing all data and information of a hospital in a naked environment, and any person can take away the data at any time, so that the mode is very dangerous and belongs to a high-risk application mode.
As can be seen from the above, through the above 3 data exchange schemes, although the intercommunication of the internal and external network data can be realized to a certain extent; however, there is a certain security risk, so it is difficult to meet the requirements of enterprises for security, high efficiency, convenience, management, etc. of internal and external network file exchange.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a method, a device, equipment and a medium for encrypting data transmission of an internal and external network system, and solve the problems that the existing data exchange scheme has certain security risk and is difficult to meet the requirements of enterprises on the aspects of security, high efficiency, convenience, management and the like of file exchange of the internal and external networks.
In a first aspect, the present invention provides a method for encrypting data transmission in an intranet and extranet system, where the method includes:
generating a first public key, a first private key, a second public key and a second private key through a data encryption and decryption verification center deployed on a gateway server, issuing the first private key and the second public key to a client, and issuing the first public key and the second private key to a server;
the data encryption and decryption verification center receives request information generated by the client based on the first private key, decrypts the request data by using the first public key based on the request information, and directly sends the request data to the server;
and the data encryption and decryption verification center receives response information generated by the server based on the second private key, decrypts response data by using the second public key based on the response information, and directly sends the response data to the client.
Further, the method further comprises:
the data encryption and decryption verification center records a data transmission chain and at least comprises a sender, sending time, a sending URL (uniform resource locator), a sending address, a receiver, a receiving address and a receiving state of the recorded data;
and uniformly managing and tracking the transmission log of the data through a data encryption and decryption verification center.
Further, the request information generated by the data encryption and decryption verification center receiving client based on the first private key specifically includes:
encrypting the request data by using an AES encryption algorithm at the client to generate a data ciphertext, and generating a ciphertext summary of the data ciphertext by using an SHA1 algorithm; signing the ciphertext abstract by using a first private key and an RSA algorithm to generate an abstract signature, assembling the data ciphertext and the abstract signature into request information, and sending the request information to a data encryption and decryption verification center;
the decrypting the request data by using the first public key based on the request information specifically includes:
the data encryption and decryption verification center receives request information sent by a client by using a message queue, and decomposes the request information into a data ciphertext and a digest signature after receiving the request information; the data encryption and decryption verification center acquires a first public key from the server side, checks the digest signature by using the first public key and an RSA algorithm to obtain a ciphertext digest, and generates the ciphertext digest for the data ciphertext by using an SHA1 algorithm; comparing the ciphertext abstract which is successfully signed with the generated ciphertext abstract, and if the ciphertext abstract is consistent, decrypting the data ciphertext by using an AES encryption algorithm to obtain request data; if the cipher abstracts are not consistent, the data cipher text is not decrypted, and the process is ended.
Further, the step of receiving, by the data encryption/decryption verification center, response information generated by the server based on the second private key specifically includes:
encrypting the response data by using an AES encryption algorithm at the server side to generate a data ciphertext, and generating a ciphertext abstract for the data ciphertext by using an SHA1 algorithm; signing the ciphertext abstract by using a second private key and an RSA algorithm to generate an abstract signature, assembling the data ciphertext and the abstract signature into response information, and sending the response information to a data encryption and decryption verification center;
the decrypting the response data by using the second public key based on the response information specifically includes:
the data encryption and decryption verification center receives response information sent by a server by using a message queue, and after receiving the response information, the response information is decomposed into a data ciphertext and a digest signature; the data encryption and decryption verification center acquires a second public key from the client, checks the digest signature by using the second public key and an RSA algorithm to obtain a ciphertext digest, and generates the ciphertext digest for the data ciphertext by using an SHA1 algorithm; comparing the ciphertext abstract which is successfully signed with the generated ciphertext abstract, and if the ciphertext abstract is consistent, decrypting the data ciphertext by using an AES encryption algorithm to obtain response data; if the cipher abstracts are not consistent, the data cipher text is not decrypted, and the process is ended.
In a second aspect, the invention provides an internal and external network system data transmission encryption device, which comprises a key generation module, a request data processing module and a response data processing module;
the key generation module is used for generating a first public key, a first private key, a second public key and a second private key through a data encryption and decryption verification center deployed on the gateway server, issuing the first private key and the second public key to the client and issuing the first public key and the second private key to the server;
the request data processing module is used for receiving request information generated by the client based on the first private key through the data encryption and decryption verification center, decrypting request data by using a first public key based on the request information, and directly sending the request data to the server;
and the response data processing module is used for receiving response information generated by the server based on the second private key by the data encryption and decryption verification center, decrypting response data by using the second public key based on the response information, and directly sending the response data to the client.
Furthermore, the device also comprises a data recording module and a tracking management module;
the data recording module is used for recording a data transmission chain by the data encryption and decryption verification center and at least comprises a sender, sending time, a sending URL (uniform resource locator), a sending address, a receiver, a receiving address and a receiving state of recorded data;
and the tracking management module is used for uniformly managing and tracking the transmission log of the data through the data encryption and decryption verification center.
Further, the request information generated by the data encryption and decryption verification center receiving client based on the first private key specifically includes:
encrypting the request data by using an AES encryption algorithm at the client to generate a data ciphertext, and generating a ciphertext summary of the data ciphertext by using an SHA1 algorithm; signing the ciphertext abstract by using a first private key and an RSA algorithm to generate an abstract signature, assembling the data ciphertext and the abstract signature into request information, and sending the request information to a data encryption and decryption verification center;
the decrypting the request data by using the first public key based on the request information specifically includes:
the data encryption and decryption verification center receives request information sent by a client by using a message queue, and decomposes the request information into a data ciphertext and a digest signature after receiving the request information; the data encryption and decryption verification center acquires a first public key from the server side, checks the digest signature by using the first public key and an RSA algorithm to obtain a ciphertext digest, and generates the ciphertext digest for the data ciphertext by using an SHA1 algorithm; comparing the ciphertext abstract which is successfully signed with the generated ciphertext abstract, and if the ciphertext abstract is consistent, decrypting the data ciphertext by using an AES encryption algorithm to obtain request data; if the cipher abstracts are not consistent, the data cipher text is not decrypted, and the process is ended.
Further, the step of receiving, by the data encryption/decryption verification center, response information generated by the server based on the second private key specifically includes:
encrypting the response data by using an AES encryption algorithm at the server side to generate a data ciphertext, and generating a ciphertext abstract for the data ciphertext by using an SHA1 algorithm; signing the ciphertext abstract by using a second private key and an RSA algorithm to generate an abstract signature, assembling the data ciphertext and the abstract signature into response information, and sending the response information to a data encryption and decryption verification center;
the decrypting the response data by using the second public key based on the response information specifically includes:
the data encryption and decryption verification center receives response information sent by a server by using a message queue, and after receiving the response information, the response information is decomposed into a data ciphertext and a digest signature; the data encryption and decryption verification center acquires a second public key from the client, checks the digest signature by using the second public key and an RSA algorithm to obtain a ciphertext digest, and generates the ciphertext digest for the data ciphertext by using an SHA1 algorithm; comparing the ciphertext abstract which is successfully signed with the generated ciphertext abstract, and if the ciphertext abstract is consistent, decrypting the data ciphertext by using an AES encryption algorithm to obtain response data; if the cipher abstracts are not consistent, the data cipher text is not decrypted, and the process is ended.
In a third aspect, the present invention provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of the first aspect when executing the program.
In a fourth aspect, the invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the method of the first aspect.
One or more technical solutions provided in the embodiments of the present invention have at least the following technical effects or advantages:
1. the data exchange function can be realized in an isolated state, and a multi-level safety mechanism is provided, so that the safety of cross-network data transmission can be ensured; the method specifically comprises the steps of establishing a data security transmission tunnel by adopting a data transmission encryption algorithm, supporting data off-disk encryption, ensuring that data cannot be intercepted and sniffed, and avoiding data leakage risks.
2. Recording a data transmission chain in detail to enable data to have traceability; the log management and query functions are provided, so that the life cycle management of data exchange can be ensured; the visibility and continuous tracking function of the whole data exchange process are provided, the visibility of the whole data exchange process can be improved, and the service operation efficiency is improved.
3. The message queue RabbitMQ is used for processing request and response information, so that the requirements of the hospital on timeliness, accuracy and reliability of large-volume service data transmission can be perfectly met; the system can not only play a role in the data moving link between networks, but also serve more links such as hospitals and external data exchange. Therefore, the time consumption of data exchange can be reduced, and the working efficiency can be improved.
4. The data is encrypted in the whole process, the integrity and the non-tampering of the data can be ensured, the integrity and the correctness of a batch of service data can be ensured, and the subsequent tampering behavior can be prevented.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
The invention will be further described with reference to the following examples with reference to the accompanying drawings.
FIG. 1 is a block diagram of a system involved in the present invention;
fig. 2 is a flowchart of a data transmission encryption method for an intranet and extranet system according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an internal and external network system data transmission encryption device according to a second embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device according to a third embodiment of the invention;
fig. 5 is a schematic structural diagram of a medium according to a fourth embodiment of the present invention.
Detailed Description
The embodiment of the application provides an internal and external network system data transmission encryption method, device, equipment and medium, and is used for solving the problems that the existing data exchange scheme has certain security risk and is difficult to meet the requirements of enterprises on the aspects of security, high efficiency, convenience, management and the like of internal and external network file exchange.
The technical scheme in the embodiment of the application has the following general idea: a data encryption and decryption verification center is deployed on a gateway server, a public key and a private key pair are generated for 2 times by the data encryption and decryption verification center, the private key generated for the first time and the public key generated for the second time are issued to a client, and the public key generated for the first time and the private key generated for the second time are issued to a server; when the data encryption and decryption verification center receives request information generated by the client based on the first private key, the request data is decrypted by using the first public key based on the request information, and the request data is directly sent to the server; and when the data encryption and decryption verification center receives response information generated by the server based on the second private key, the response data is decrypted by using the second public key based on the response information, and the response data is directly sent to the client.
Before describing the specific embodiment, a system framework corresponding to the method of the embodiment of the present application is described, and as shown in fig. 1, the system is roughly divided into three parts: the system comprises a gateway server, a client and a server; wherein, a data encryption and decryption verification center is deployed on the gateway server; the client is in communication connection with the data encryption and decryption verification center, and the server is in communication connection with the data encryption and decryption verification center. During work, the data encryption and decryption verification center receives request data encrypted by the client, decrypts the encrypted request data and sends the decrypted request data to the server; and receiving the response data encrypted by the server through the data encryption and decryption verification center, decrypting the encrypted response data and sending the decrypted response data to the client.
Example one
This embodiment provides an internal and external network system data transmission encryption method, as shown in fig. 2, the method includes:
the method comprises the steps that a first public key, a first private key, a second public key and a second private key are generated through a data encryption and decryption verification center deployed on a gateway server, the first private key and the second public key are issued to a client, and the first public key and the second private key are issued to a server; the first private key and the second private key are used for realizing a signature function of data, and the first public key and the second public key are used for realizing a signature verification function; for example, in the specific implementation of the present invention, the data encryption/decryption verification center may generate 2 times public key and private key pairs according to the difference between the internal network system and the external network system, issue the first generated private key and the second generated public key to the internal network system, and issue the first generated public key and the second generated private key to the external network system (or issue the first generated private key and the second generated public key to the external network system, and issue the first generated public key and the second generated private key to the internal network system), so that the internal network system and the external network system can respectively implement signature and signature verification functions;
the data encryption and decryption verification center receives request information generated by the client based on the first private key, decrypts the request data by using the first public key based on the request information, and directly sends the request data to the server;
the data encryption and decryption verification center receives response information generated by the server based on the second private key, decrypts response data by using a second public key based on the response information, and directly sends the response data to the client;
when the data encryption and decryption verification center is implemented specifically, the data encryption and decryption verification center is deployed on the gateway server, and the gateway server can be communicated with the server of the client or the server, so that the request data or the response data can be directly sent to the client or the server after the data encryption and decryption verification center decrypts the request data or the response data.
In this embodiment, the method further includes:
the data encryption and decryption verification center records a data transmission chain and at least comprises a sender, sending time, a sending URL (uniform resource locator), a sending address, a receiver, a receiving address and a receiving state of the recorded data; of course, the present invention is not limited to this, and other data information may be recorded according to actual needs when the present invention is implemented;
the transmission logs of the data are managed and tracked in a unified way through a data encryption and decryption verification center; in specific implementation, the data encryption and decryption verification center can provide log management and query functions; the data encryption and decryption verification center can also provide visibility and continuous tracking of the whole data exchange process, so that related management personnel can continuously track the position and the current state of a data packet, the visibility of the whole data exchange process is greatly improved, and the service operation efficiency is improved. Meanwhile, an approval process can be added to ensure the compliance of the transmission content, and the content of the data packet can be analyzed, the sensitive content can be extracted in multiple dimensions, the transmission verification of the data can be realized and the like according to different safety requirements. Namely, the data encryption and decryption verification center can specifically cover multi-link full-chain data exchange services of 'sending application', -content filtering and auditing ', -behavior compliance auditing', -automatic delivery ', -delivery notice-, -data packet delivery- -receiving tracking', and the like.
In this embodiment, the request information generated by the data encryption and decryption verification center receiving client based on the first private key specifically includes:
encrypting the request data by using an AES encryption algorithm at the client to generate a data ciphertext so as to prevent private data from being leaked, and generating a ciphertext abstract for the data ciphertext by using an SHA1 algorithm, wherein the ciphertext abstract is used for a receiver to check whether the data ciphertext is tampered in the network transmission process; signing the ciphertext abstract by using a first private key and an RSA algorithm to generate an abstract signature, wherein the abstract signature is used for authenticating the identity of a requester by a receiver, assembling the data ciphertext and the abstract signature into request information, and sending the request information to a data encryption and decryption verification center; when the encryption method is implemented specifically, the encryption string used by the AES encryption algorithm is also provided by the data encryption and decryption verification center, and different encryption strings can be provided according to different systems specifically;
the decrypting the request data by using the first public key based on the request information specifically includes:
the data encryption and decryption verification center receives request information sent by a client by using a message queue RabbitMQ, and decomposes the request information into a data ciphertext and a digest signature after receiving the request information; the data encryption and decryption verification center acquires a first public key from the server side, checks the digest signature by using the first public key and an RSA algorithm to obtain a ciphertext digest, and generates the ciphertext digest for the data ciphertext by using an SHA1 algorithm; comparing the ciphertext abstract which is successfully signed with the generated ciphertext abstract, and if the ciphertext abstract is consistent, decrypting the data ciphertext by using an AES encryption algorithm to obtain request data; if the cipher abstracts are not consistent, the data cipher text is not decrypted, and the process is ended. The purpose of receiving the request information sent by the client by using the message queue RabbitMQ is mainly to support a large amount of data request processing, and simultaneously request data can be processed more asynchronously.
In this embodiment, the step of receiving, by the data encryption/decryption verification center, response information generated by the server based on the second private key is specifically:
encrypting the response data by using an AES encryption algorithm at the server to generate a data ciphertext so as to prevent private data from being leaked, and generating a ciphertext abstract for the data ciphertext by using an SHA1 algorithm, wherein the ciphertext abstract is used for a receiver to check whether the data ciphertext is tampered in the network transmission process; signing the ciphertext abstract by using a second private key and an RSA algorithm to generate an abstract signature, wherein the abstract signature is used for authenticating the identity of a requester by a receiver, assembling the data ciphertext and the abstract signature into response information, and sending the response information to a data encryption and decryption verification center; when the encryption method is implemented specifically, the encryption string used by the AES encryption algorithm is also provided by the data encryption and decryption verification center, and different encryption strings can be provided according to different systems specifically;
the decrypting the response data by using the second public key based on the response information specifically includes:
the data encryption and decryption verification center receives response information sent by a server by using a message queue RabbitMQ, and after receiving the response information, the response information is decomposed into a data ciphertext and a digest signature; the data encryption and decryption verification center acquires a second public key from the client, checks the digest signature by using the second public key and an RSA algorithm to obtain a ciphertext digest, and generates the ciphertext digest for the data ciphertext by using an SHA1 algorithm; comparing the ciphertext abstract which is successfully signed with the generated ciphertext abstract, and if the ciphertext abstract is consistent, decrypting the data ciphertext by using an AES encryption algorithm to obtain response data; if the cipher abstracts are not consistent, the data cipher text is not decrypted, and the process is ended. The purpose of receiving the response information sent by the server side by using the message queue RabbitMQ is mainly to support a large amount of data response processing, and meanwhile, response data can be processed better asynchronously.
Based on the same inventive concept, the application also provides a device corresponding to the method in the first embodiment, which is detailed in the second embodiment.
Example two
In this embodiment, an internal and external network system data transmission encryption apparatus is provided, as shown in fig. 3, the apparatus includes a key generation module, a request data processing module, and a response data processing module;
the key generation module is used for generating a first public key, a first private key, a second public key and a second private key through a data encryption and decryption verification center deployed on the gateway server, issuing the first private key and the second public key to the client, and issuing the first public key and the second private key to the server; the first private key and the second private key are used for realizing a signature function of data, and the first public key and the second public key are used for realizing a signature verification function; for example, in the specific implementation of the present invention, the data encryption/decryption verification center may generate 2 times public key and private key pairs according to the difference between the internal network system and the external network system, issue the first generated private key and the second generated public key to the internal network system, and issue the first generated public key and the second generated private key to the external network system (or issue the first generated private key and the second generated public key to the external network system, and issue the first generated public key and the second generated private key to the internal network system), so that the internal network system and the external network system can respectively implement signature and signature verification functions;
the request data processing module is used for receiving request information generated by the client based on the first private key through the data encryption and decryption verification center, decrypting request data by using a first public key based on the request information, and directly sending the request data to the server;
the response data processing module is used for the data encryption and decryption verification center to receive response information generated by the server based on the second private key, decrypt response data by using a second public key based on the response information and directly send the response data to the client;
when the data encryption and decryption verification center is implemented specifically, the data encryption and decryption verification center is deployed on the gateway server, and the gateway server can be communicated with the server of the client or the server, so that the request data or the response data can be directly sent to the client or the server after the data encryption and decryption verification center decrypts the request data or the response data.
In this embodiment, the apparatus further includes a data recording module and a tracking management module;
the data recording module is used for recording a data transmission chain by the data encryption and decryption verification center and at least comprises a sender, sending time, a sending URL (uniform resource locator), a sending address, a receiver, a receiving address and a receiving state of recorded data; of course, the present invention is not limited to this, and other data information may be recorded according to actual needs when the present invention is implemented;
the tracking management module is used for uniformly managing and tracking the transmission logs of the data through the data encryption and decryption verification center; in specific implementation, the data encryption and decryption verification center can provide log management and query functions; the data encryption and decryption verification center can also provide visibility and continuous tracking of the whole data exchange process, so that related management personnel can continuously track the position and the current state of a data packet, the visibility of the whole data exchange process is greatly improved, and the service operation efficiency is improved. Meanwhile, an approval process can be added to ensure the compliance of the transmission content, and the content of the data packet can be analyzed, the sensitive content can be extracted in multiple dimensions, the transmission verification of the data can be realized and the like according to different safety requirements. Namely, the data encryption and decryption verification center can specifically cover multi-link full-chain data exchange services of 'sending application', -content filtering and auditing ', -behavior compliance auditing', -automatic delivery ', -delivery notice-, -data packet delivery- -receiving tracking', and the like.
In this embodiment, the request information generated by the data encryption and decryption verification center receiving client based on the first private key specifically includes:
encrypting the request data by using an AES encryption algorithm at the client to generate a data ciphertext so as to prevent private data from being leaked, and generating a ciphertext abstract for the data ciphertext by using an SHA1 algorithm, wherein the ciphertext abstract is used for a receiver to check whether the data ciphertext is tampered in the network transmission process; signing the ciphertext abstract by using a first private key and an RSA algorithm to generate an abstract signature, wherein the abstract signature is used for authenticating the identity of a requester by a receiver, assembling the data ciphertext and the abstract signature into request information, and sending the request information to a data encryption and decryption verification center; when the encryption method is implemented specifically, the encryption string used by the AES encryption algorithm is also provided by the data encryption and decryption verification center, and different encryption strings can be provided according to different systems specifically;
the decrypting the request data by using the first public key based on the request information specifically includes:
the data encryption and decryption verification center receives request information sent by a client by using a message queue RabbitMQ, and decomposes the request information into a data ciphertext and a digest signature after receiving the request information; the data encryption and decryption verification center acquires a first public key from the server side, checks the digest signature by using the first public key and an RSA algorithm to obtain a ciphertext digest, and generates the ciphertext digest for the data ciphertext by using an SHA1 algorithm; comparing the ciphertext abstract which is successfully signed with the generated ciphertext abstract, and if the ciphertext abstract is consistent, decrypting the data ciphertext by using an AES encryption algorithm to obtain request data; if the cipher abstracts are not consistent, the data cipher text is not decrypted, and the process is ended. The purpose of receiving the request information sent by the client by using the message queue RabbitMQ is mainly to support a large amount of data request processing, and simultaneously request data can be processed more asynchronously.
In this embodiment, the step of receiving, by the data encryption/decryption verification center, response information generated by the server based on the second private key is specifically:
encrypting the response data by using an AES encryption algorithm at the server to generate a data ciphertext so as to prevent private data from being leaked, and generating a ciphertext abstract for the data ciphertext by using an SHA1 algorithm, wherein the ciphertext abstract is used for a receiver to check whether the data ciphertext is tampered in the network transmission process; signing the ciphertext abstract by using a second private key and an RSA algorithm to generate an abstract signature, wherein the abstract signature is used for authenticating the identity of a requester by a receiver, assembling the data ciphertext and the abstract signature into response information, and sending the response information to a data encryption and decryption verification center; when the encryption method is implemented specifically, the encryption string used by the AES encryption algorithm is also provided by the data encryption and decryption verification center, and different encryption strings can be provided according to different systems specifically;
the decrypting the response data by using the second public key based on the response information specifically includes:
the data encryption and decryption verification center receives response information sent by a server by using a message queue RabbitMQ, and after receiving the response information, the response information is decomposed into a data ciphertext and a digest signature; the data encryption and decryption verification center acquires a second public key from the client, checks the digest signature by using the second public key and an RSA algorithm to obtain a ciphertext digest, and generates the ciphertext digest for the data ciphertext by using an SHA1 algorithm; comparing the ciphertext abstract which is successfully signed with the generated ciphertext abstract, and if the ciphertext abstract is consistent, decrypting the data ciphertext by using an AES encryption algorithm to obtain response data; if the cipher abstracts are not consistent, the data cipher text is not decrypted, and the process is ended. The purpose of receiving the response information sent by the server side by using the message queue RabbitMQ is mainly to support a large amount of data response processing, and meanwhile, response data can be processed better asynchronously.
Since the apparatus described in the second embodiment of the present invention is an apparatus used for implementing the method of the first embodiment of the present invention, based on the method described in the first embodiment of the present invention, a person skilled in the art can understand the specific structure and the deformation of the apparatus, and thus the details are not described herein. All the devices adopted in the method of the first embodiment of the present invention belong to the protection scope of the present invention.
Based on the same inventive concept, the application provides an electronic device embodiment corresponding to the first embodiment, which is detailed in the third embodiment.
EXAMPLE III
The embodiment provides an electronic device, as shown in fig. 4, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, any one of the first embodiment modes may be implemented.
Since the electronic device described in this embodiment is a device used for implementing the method in the first embodiment of the present application, based on the method described in the first embodiment of the present application, a specific implementation of the electronic device in this embodiment and various variations thereof can be understood by those skilled in the art, and therefore, how to implement the method in the first embodiment of the present application by the electronic device is not described in detail herein. The equipment used by those skilled in the art to implement the methods in the embodiments of the present application is within the scope of the present application.
Based on the same inventive concept, the application provides a storage medium corresponding to the fourth embodiment, which is described in detail in the fourth embodiment.
Example four
The present embodiment provides a computer-readable storage medium, as shown in fig. 5, on which a computer program is stored, and when the computer program is executed by a processor, any one of the embodiments can be implemented.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, the present invention may take the form of an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus, and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The technical scheme provided in the embodiment of the application at least has the following technical effects or advantages:
1. the data exchange function can be realized in an isolated state, and a multi-level safety mechanism is provided, so that the safety of cross-network data transmission can be ensured; the method specifically comprises the steps of establishing a data security transmission tunnel by adopting a data transmission encryption algorithm, supporting data off-disk encryption, ensuring that data cannot be intercepted and sniffed, and avoiding data leakage risks.
2. Recording a data transmission chain in detail to enable data to have traceability; the log management and query functions are provided, so that the life cycle management of data exchange can be ensured; the visibility and continuous tracking function of the whole data exchange process are provided, the visibility of the whole data exchange process can be improved, and the service operation efficiency is improved.
3. The message queue RabbitMQ is used for processing request and response information, so that the requirements of the hospital on timeliness, accuracy and reliability of large-volume service data transmission can be perfectly met; the system can not only play a role in the data moving link between networks, but also serve more links such as hospitals and external data exchange. Therefore, the time consumption of data exchange can be reduced, and the working efficiency can be improved.
4. The data is encrypted in the whole process, the integrity and the non-tampering of the data can be ensured, the integrity and the correctness of a batch of service data can be ensured, and the subsequent tampering behavior can be prevented.
Although specific embodiments of the invention have been described above, it will be understood by those skilled in the art that the specific embodiments described are illustrative only and are not limiting upon the scope of the invention, and that equivalent modifications and variations can be made by those skilled in the art without departing from the spirit of the invention, which is to be limited only by the appended claims.

Claims (10)

1. A data transmission encryption method for an internal and external network system is characterized in that: the method comprises the following steps:
generating a first public key, a first private key, a second public key and a second private key through a data encryption and decryption verification center deployed on a gateway server, issuing the first private key and the second public key to a client, and issuing the first public key and the second private key to a server;
the data encryption and decryption verification center receives request information generated by the client based on the first private key, decrypts the request data by using the first public key based on the request information, and directly sends the request data to the server;
and the data encryption and decryption verification center receives response information generated by the server based on the second private key, decrypts response data by using the second public key based on the response information, and directly sends the response data to the client.
2. The internal and external network system data transmission encryption method according to claim 1, characterized in that: the method further comprises the following steps:
the data encryption and decryption verification center records a data transmission chain and at least comprises a sender, sending time, a sending URL (uniform resource locator), a sending address, a receiver, a receiving address and a receiving state of the recorded data;
and uniformly managing and tracking the transmission log of the data through a data encryption and decryption verification center.
3. The internal and external network system data transmission encryption method according to claim 1, characterized in that: the request information generated by the data encryption and decryption verification center receiving client based on the first private key specifically comprises:
encrypting the request data by using an AES encryption algorithm at the client to generate a data ciphertext, and generating a ciphertext summary of the data ciphertext by using an SHA1 algorithm; signing the ciphertext abstract by using a first private key and an RSA algorithm to generate an abstract signature, assembling the data ciphertext and the abstract signature into request information, and sending the request information to a data encryption and decryption verification center;
the decrypting the request data by using the first public key based on the request information specifically includes:
the data encryption and decryption verification center receives request information sent by a client by using a message queue, and decomposes the request information into a data ciphertext and a digest signature after receiving the request information; the data encryption and decryption verification center acquires a first public key from the server side, checks the digest signature by using the first public key and an RSA algorithm to obtain a ciphertext digest, and generates the ciphertext digest for the data ciphertext by using an SHA1 algorithm; comparing the ciphertext abstract which is successfully signed with the generated ciphertext abstract, and if the ciphertext abstract is consistent, decrypting the data ciphertext by using an AES encryption algorithm to obtain request data; if the cipher abstracts are not consistent, the data cipher text is not decrypted, and the process is ended.
4. The internal and external network system data transmission encryption method according to claim 1, characterized in that: the response information generated by the data encryption and decryption verification center receiving server side based on the second private key specifically comprises:
encrypting the response data by using an AES encryption algorithm at the server side to generate a data ciphertext, and generating a ciphertext abstract for the data ciphertext by using an SHA1 algorithm; signing the ciphertext abstract by using a second private key and an RSA algorithm to generate an abstract signature, assembling the data ciphertext and the abstract signature into response information, and sending the response information to a data encryption and decryption verification center;
the decrypting the response data by using the second public key based on the response information specifically includes:
the data encryption and decryption verification center receives response information sent by a server by using a message queue, and after receiving the response information, the response information is decomposed into a data ciphertext and a digest signature; the data encryption and decryption verification center acquires a second public key from the client, checks the digest signature by using the second public key and an RSA algorithm to obtain a ciphertext digest, and generates the ciphertext digest for the data ciphertext by using an SHA1 algorithm; comparing the ciphertext abstract which is successfully signed with the generated ciphertext abstract, and if the ciphertext abstract is consistent, decrypting the data ciphertext by using an AES encryption algorithm to obtain response data; if the cipher abstracts are not consistent, the data cipher text is not decrypted, and the process is ended.
5. A data transmission encryption device for internal and external network systems is characterized in that: the device comprises a key generation module, a request data processing module and a response data processing module;
the key generation module is used for generating a first public key, a first private key, a second public key and a second private key through a data encryption and decryption verification center deployed on the gateway server, issuing the first private key and the second public key to the client and issuing the first public key and the second private key to the server;
the request data processing module is used for receiving request information generated by the client based on the first private key through the data encryption and decryption verification center, decrypting request data by using a first public key based on the request information, and directly sending the request data to the server;
and the response data processing module is used for receiving response information generated by the server based on the second private key by the data encryption and decryption verification center, decrypting response data by using the second public key based on the response information, and directly sending the response data to the client.
6. The data transmission encryption device for the intranet and extranet system according to claim 5, wherein: the device also comprises a data recording module and a tracking management module;
the data recording module is used for recording a data transmission chain by the data encryption and decryption verification center and at least comprises a sender, sending time, a sending URL (uniform resource locator), a sending address, a receiver, a receiving address and a receiving state of recorded data;
and the tracking management module is used for uniformly managing and tracking the transmission log of the data through the data encryption and decryption verification center.
7. The data transmission encryption device for the intranet and extranet system according to claim 5, wherein: the request information generated by the data encryption and decryption verification center receiving client based on the first private key specifically comprises:
encrypting the request data by using an AES encryption algorithm at the client to generate a data ciphertext, and generating a ciphertext summary of the data ciphertext by using an SHA1 algorithm; signing the ciphertext abstract by using a first private key and an RSA algorithm to generate an abstract signature, assembling the data ciphertext and the abstract signature into request information, and sending the request information to a data encryption and decryption verification center;
the decrypting the request data by using the first public key based on the request information specifically includes:
the data encryption and decryption verification center receives request information sent by a client by using a message queue, and decomposes the request information into a data ciphertext and a digest signature after receiving the request information; the data encryption and decryption verification center acquires a first public key from the server side, checks the digest signature by using the first public key and an RSA algorithm to obtain a ciphertext digest, and generates the ciphertext digest for the data ciphertext by using an SHA1 algorithm; comparing the ciphertext abstract which is successfully signed with the generated ciphertext abstract, and if the ciphertext abstract is consistent, decrypting the data ciphertext by using an AES encryption algorithm to obtain request data; if the cipher abstracts are not consistent, the data cipher text is not decrypted, and the process is ended.
8. The data transmission encryption device for the intranet and extranet system according to claim 5, wherein: the response information generated by the data encryption and decryption verification center receiving server side based on the second private key specifically comprises:
encrypting the response data by using an AES encryption algorithm at the server side to generate a data ciphertext, and generating a ciphertext abstract for the data ciphertext by using an SHA1 algorithm; signing the ciphertext abstract by using a second private key and an RSA algorithm to generate an abstract signature, assembling the data ciphertext and the abstract signature into response information, and sending the response information to a data encryption and decryption verification center;
the decrypting the response data by using the second public key based on the response information specifically includes:
the data encryption and decryption verification center receives response information sent by a server by using a message queue, and after receiving the response information, the response information is decomposed into a data ciphertext and a digest signature; the data encryption and decryption verification center acquires a second public key from the client, checks the digest signature by using the second public key and an RSA algorithm to obtain a ciphertext digest, and generates the ciphertext digest for the data ciphertext by using an SHA1 algorithm; comparing the ciphertext abstract which is successfully signed with the generated ciphertext abstract, and if the ciphertext abstract is consistent, decrypting the data ciphertext by using an AES encryption algorithm to obtain response data; if the cipher abstracts are not consistent, the data cipher text is not decrypted, and the process is ended.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1 to 4 when executing the program.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1 to 4.
CN202010650015.8A 2020-07-08 2020-07-08 Encryption method, device, equipment and medium for data transmission of internal and external network system Active CN111934879B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010650015.8A CN111934879B (en) 2020-07-08 2020-07-08 Encryption method, device, equipment and medium for data transmission of internal and external network system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010650015.8A CN111934879B (en) 2020-07-08 2020-07-08 Encryption method, device, equipment and medium for data transmission of internal and external network system

Publications (2)

Publication Number Publication Date
CN111934879A true CN111934879A (en) 2020-11-13
CN111934879B CN111934879B (en) 2023-09-12

Family

ID=73313442

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010650015.8A Active CN111934879B (en) 2020-07-08 2020-07-08 Encryption method, device, equipment and medium for data transmission of internal and external network system

Country Status (1)

Country Link
CN (1) CN111934879B (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112769759A (en) * 2020-12-22 2021-05-07 北京深思数盾科技股份有限公司 Information processing method, information gateway, server and medium
CN112910994A (en) * 2021-01-29 2021-06-04 重庆长安汽车股份有限公司 Remote uploading and acquiring method for application logs
CN112953725A (en) * 2021-02-23 2021-06-11 浙江大华技术股份有限公司 Method and device for determining private key of equipment, storage medium and electronic device
CN113162752A (en) * 2021-04-26 2021-07-23 建信金融科技有限责任公司 Data processing method and device based on hybrid homomorphic encryption
CN113225352A (en) * 2021-05-28 2021-08-06 国网绿色能源有限公司 Data transmission method and device, electronic equipment and storage medium
CN113518078A (en) * 2021-06-01 2021-10-19 中国铁道科学研究院集团有限公司 Cross-network data sharing method, information demander, information provider and system
CN113591159A (en) * 2021-07-30 2021-11-02 支付宝(杭州)信息技术有限公司 Credibility measurement method and credible computing node
CN113630382A (en) * 2021-07-08 2021-11-09 浙江清华长三角研究院 System management method for data compliance safety circulation
CN113852595A (en) * 2021-07-29 2021-12-28 四川天翼网络服务有限公司 Cross-network-segment encrypted communication method for embedded equipment
CN115118461A (en) * 2022-06-07 2022-09-27 讯飞智元信息科技有限公司 Data processing method and device, electronic equipment and storage medium
CN115801388A (en) * 2022-11-11 2023-03-14 中国联合网络通信集团有限公司 Message transmission method, device and storage medium
CN116545706A (en) * 2023-05-15 2023-08-04 合芯科技(苏州)有限公司 Data security transmission control system, method and device and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030084292A1 (en) * 2001-10-22 2003-05-01 Pierce Shaun D. Using atomic messaging to increase the security of transferring data across a network
US20050050329A1 (en) * 2003-08-26 2005-03-03 International Business Machines Corporation System and method for secure remote access
US20090187760A1 (en) * 2008-01-23 2009-07-23 Microsoft Corporation Security Mechanism within a Local Area Network
US10333903B1 (en) * 2015-06-16 2019-06-25 Amazon Technologies, Inc. Provisioning network keys to devices to allow them to provide their identity

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030084292A1 (en) * 2001-10-22 2003-05-01 Pierce Shaun D. Using atomic messaging to increase the security of transferring data across a network
US20050050329A1 (en) * 2003-08-26 2005-03-03 International Business Machines Corporation System and method for secure remote access
US20090187760A1 (en) * 2008-01-23 2009-07-23 Microsoft Corporation Security Mechanism within a Local Area Network
US10333903B1 (en) * 2015-06-16 2019-06-25 Amazon Technologies, Inc. Provisioning network keys to devices to allow them to provide their identity

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112769759A (en) * 2020-12-22 2021-05-07 北京深思数盾科技股份有限公司 Information processing method, information gateway, server and medium
CN112910994A (en) * 2021-01-29 2021-06-04 重庆长安汽车股份有限公司 Remote uploading and acquiring method for application logs
CN112953725A (en) * 2021-02-23 2021-06-11 浙江大华技术股份有限公司 Method and device for determining private key of equipment, storage medium and electronic device
CN112953725B (en) * 2021-02-23 2022-12-06 浙江大华技术股份有限公司 Method and device for determining private key of equipment, storage medium and electronic device
CN113162752B (en) * 2021-04-26 2022-07-19 建信金融科技有限责任公司 Data processing method and device based on hybrid homomorphic encryption
CN113162752A (en) * 2021-04-26 2021-07-23 建信金融科技有限责任公司 Data processing method and device based on hybrid homomorphic encryption
CN113225352A (en) * 2021-05-28 2021-08-06 国网绿色能源有限公司 Data transmission method and device, electronic equipment and storage medium
CN113518078A (en) * 2021-06-01 2021-10-19 中国铁道科学研究院集团有限公司 Cross-network data sharing method, information demander, information provider and system
CN113630382A (en) * 2021-07-08 2021-11-09 浙江清华长三角研究院 System management method for data compliance safety circulation
CN113852595A (en) * 2021-07-29 2021-12-28 四川天翼网络服务有限公司 Cross-network-segment encrypted communication method for embedded equipment
CN113852595B (en) * 2021-07-29 2024-02-02 四川天翼网络服务有限公司 Cross-network-segment encryption communication method for embedded equipment
CN113591159A (en) * 2021-07-30 2021-11-02 支付宝(杭州)信息技术有限公司 Credibility measurement method and credible computing node
CN115118461A (en) * 2022-06-07 2022-09-27 讯飞智元信息科技有限公司 Data processing method and device, electronic equipment and storage medium
CN115801388A (en) * 2022-11-11 2023-03-14 中国联合网络通信集团有限公司 Message transmission method, device and storage medium
CN115801388B (en) * 2022-11-11 2024-04-09 中国联合网络通信集团有限公司 Message transmission method, device and storage medium
CN116545706A (en) * 2023-05-15 2023-08-04 合芯科技(苏州)有限公司 Data security transmission control system, method and device and electronic equipment
CN116545706B (en) * 2023-05-15 2024-01-23 合芯科技(苏州)有限公司 Data security transmission control system, method and device and electronic equipment

Also Published As

Publication number Publication date
CN111934879B (en) 2023-09-12

Similar Documents

Publication Publication Date Title
CN111934879B (en) Encryption method, device, equipment and medium for data transmission of internal and external network system
Duggineni Impact of controls on data integrity and information systems
JP6736657B2 (en) A computerized system that securely delivers and exchanges cyber threat information in a standardized format
CN108076057B (en) Data security system and method based on block chain
JP6527590B2 (en) System and method for detecting covert channel network intrusion based on offline network traffic
JP2017112592A (en) System and method for encrypted transmission of web page
CN104991526A (en) Industrial control system safe support framework and data safe transmission and storage method thereof
CN112287379B (en) Service data using method, device, equipment, storage medium and program product
CN110889130A (en) Database-based fine-grained data encryption method, system and device
CN114357492B (en) Medical data privacy fusion method and device based on blockchain
CN105577639A (en) Trusted device control messages
CN115580413B (en) Zero-trust multi-party data fusion calculation method and device
CN117313122A (en) Data sharing and exchanging management system based on block chain
US10635826B2 (en) System and method for securing data in a storage medium
CN111901338A (en) Data security protection method for application block chain
CN111585995A (en) Method and device for transmitting and processing safety wind control information, computer equipment and storage medium
CN114978664A (en) Data sharing method and device and electronic equipment
Harkins et al. The ransomware assault on the healthcare sector
Gupta et al. A light weight centralized file monitoring approach for securing files in cloud environment
Yang et al. Improved lightweight cloud storage auditing protocol for shared medical data
CN110232570B (en) Information supervision method and device
White et al. Transitioning to quantum-safe cryptography on IBM Z
CN111507723A (en) Digital asset management transaction encryption method
Goswami et al. Investigation on storage level data integrity strategies in cloud computing: classification, security obstructions, challenges and vulnerability
Zeng et al. Based on the role of Internet of Things security in the management of enterprise human resource information leakage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant