CN112422510A - Data transmission method and system based on DMZ zone - Google Patents
Data transmission method and system based on DMZ zone Download PDFInfo
- Publication number
- CN112422510A CN112422510A CN202011139340.4A CN202011139340A CN112422510A CN 112422510 A CN112422510 A CN 112422510A CN 202011139340 A CN202011139340 A CN 202011139340A CN 112422510 A CN112422510 A CN 112422510A
- Authority
- CN
- China
- Prior art keywords
- data
- enterprise
- exchange platform
- end processor
- sends
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 230000005540 biological transmission Effects 0.000 title claims abstract description 26
- 238000012545 processing Methods 0.000 claims abstract description 12
- 238000013480 data collection Methods 0.000 claims description 10
- 230000004044 response Effects 0.000 claims description 4
- 239000000284 extract Substances 0.000 claims description 2
- 238000002955 isolation Methods 0.000 abstract description 4
- 230000008569 process Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a data transmission method and a system based on a DMZ zone, wherein the method comprises the following steps: responding to a data acquisition task sent by a second enterprise and received by the front-end processor, an application program of a first enterprise acquires source data based on data acquisition standards in the data acquisition task and sends the source data to the data sharing exchange platform; and the data sharing exchange platform of the first enterprise encrypts data after processing the source data based on the acquired data standard, and sends the encrypted data to the second enterprise through the front-end processor. The embodiment of the invention can realize network isolation through network environment configuration of the DMZ area to achieve the problem of protecting internal networks of enterprises, realize data encryption through an encryption algorithm to ensure the safety of data transmission, and adopt a sub-packet mode for unstructured data to reduce the data volume of each transmission and ensure the data transmission efficiency.
Description
Technical Field
The present invention relates to the field of data transmission technologies, and in particular, to a data transmission method and system based on a DMZ zone.
Background
Data sharing among enterprises has become a hot topic, and the value brought by the data is gradually accepted by the enterprises. At present, enterprises generally implement network isolation by setting an isolation Zone (DMZ), so that how to perform secure and effective data transmission and data sharing between enterprises with the effect of protecting the internal network of the enterprise is achieved, which has become an important research direction.
Disclosure of Invention
The present invention aims to solve the following technical problems at least to a certain extent:
how to transmit the data inside the enterprise is low in safety, and the efficiency is not guaranteed.
In a first aspect, an embodiment of the present invention provides a data transmission method based on a DMZ zone, where each enterprise is correspondingly provided with an application program, a data sharing switching platform, and a front-end processor, where the application program is used to manage internal data of the enterprise, each data sharing switching platform is arranged in a respective DMZ zone of each enterprise, each front-end processor is arranged in the same network environment, and each enterprise at least includes a first enterprise and a second enterprise, and the method includes:
responding to a data acquisition task sent by a second enterprise and received by the front-end processor, an application program of a first enterprise acquires source data based on data acquisition standards in the data acquisition task and sends the source data to the data sharing exchange platform;
and the data sharing exchange platform of the first enterprise encrypts data after processing the source data based on the acquired data standard, and sends the encrypted data to the second enterprise through the front-end processor.
In some examples, an application of a first enterprise, in response to the front-end processor receiving a data collection task sent by a second enterprise, includes:
after receiving data acquisition tasks sent by other enterprises, the front-end processor of the first enterprise sends the data acquisition tasks to the first enterprise data sharing exchange platform;
the data sharing exchange platform of the first enterprise decrypts the acquired data task to obtain the acquired data standard;
and the data sharing exchange platform of the first enterprise sends the collected data standard to the application program, so that the application program obtains source data according to the collected data standard.
In some examples, the source data includes structured data and unstructured data, the obtaining source data based on the collected data standard in the collected data task and sending the source data to the data sharing switching platform includes:
and the application program of the first enterprise respectively acquires structured data and unstructured data according to the acquisition standard and respectively sends the structured data and the unstructured data to the data sharing exchange platform.
In some examples, the sending structured data and unstructured data, respectively, to the data exchange platform comprises:
and the application program of the first enterprise packages the structured data in a DB file database, packages and names the unstructured data according to a preset format, and sends the packaged data to a data exchange platform of the first enterprise.
In some examples, the data sharing exchange platform of the first enterprise performs data encryption after performing data processing on the source data based on the collected data standard, and sends the encrypted data to the second enterprise through the front-end processor, including:
and the data sharing exchange platform of the first enterprise extracts the source data based on the acquired data standard, packages and encrypts the extracted source data, and sends the encrypted data to the second enterprise through the front-end processor of the first enterprise.
In some examples, each enterprise's data sharing exchange platform has a respective symmetric key and asymmetric key pair, the asymmetric key pair comprising a public key and a private key;
the data sharing exchange platform of the first enterprise encrypts data after processing the source data based on the collected data standard, and sends the encrypted data to the second enterprise through the front-end processor, including:
and the data exchange platform of the first enterprise encrypts the data through a symmetric key of the data exchange platform of the first enterprise, encrypts the symmetric key through a public key of the data sharing exchange platform of the second enterprise, and packages the encrypted data together and then sends the packaged data to the second enterprise through the front-end processor.
In a second aspect, the present invention provides a data transmission method based on DMZ zones, where each enterprise is correspondingly provided with an application program, a data sharing switching platform, and a front-end processor, where the application program is used to manage internal data of the enterprise, each data sharing switching platform is arranged in a respective DMZ zone of each enterprise, each front-end processor is arranged in the same network environment, and each enterprise at least includes a first enterprise and a second enterprise, and the method includes:
a data sharing exchange platform of a second enterprise generates a data acquisition task, and sends the data acquisition task to a first enterprise through a front-end processor, so that the first enterprise acquires data based on the data acquisition task, encrypts the data and sends the encrypted data to the second enterprise;
and after receiving the encrypted data of the first enterprise, the front-end processor of the second enterprise decrypts the encrypted data through the shared data exchange platform of the second enterprise to obtain the data acquired by the second enterprise based on the data acquisition task.
In some examples, the data sharing exchange platform of the second enterprise generates a data collection task and sends the data collection task to the first enterprise through a front-end processor, so that the first enterprise collects data based on the data collection task and sends the data to the second enterprise after encryption, including:
the data sharing exchange platform of the second enterprise generates a data acquisition standard, and encrypts the data acquisition standard to obtain a data acquisition task;
and the front-end processor of the second enterprise sends the data acquisition task to the first enterprise, so that the first enterprise decrypts the data acquisition task to obtain a data acquisition standard, acquires data based on the data acquisition standard, encrypts the data and sends the data to the second enterprise.
In some examples, each enterprise's data sharing exchange platform has a symmetric key and an asymmetric key pair, the asymmetric key pair comprising a public key and a private key;
after receiving the encrypted data of the first enterprise, the front-end processor of the second enterprise decrypts the encrypted data through the data sharing exchange platform of the second enterprise to obtain the data acquired by the second enterprise based on the data acquisition task, including:
the data sharing exchange platform of the second enterprise decrypts the first data in the encrypted data through a private key of the second enterprise to obtain a symmetric key of the data sharing exchange platform of the first enterprise;
and the data sharing exchange platform of the second enterprise decrypts the second data in the encrypted data through the symmetric key to obtain the data acquired by the second enterprise based on the data acquisition task.
In a third aspect, an embodiment of the present invention provides a data transmission system based on a DMZ zone, where each enterprise in the system is correspondingly provided with an application program, a data sharing switching platform, and a front-end processor, where the application program is used to manage data inside the enterprise, each data sharing switching platform is provided in a respective DMZ zone of each enterprise, each front-end processor is provided in the same network environment, and each enterprise includes at least a first enterprise and a second enterprise,
the application program of the first enterprise is used for responding to a data acquisition task received by the front-end processor and sent by a second enterprise, acquiring source data based on data acquisition standards in the data acquisition task, and sending the source data to the data sharing exchange platform;
the data sharing exchange platform of the first enterprise is used for carrying out data encryption after carrying out data processing on the source data based on the acquired data standard and sending the encrypted data to the second enterprise through the front-end processor;
the second enterprise data sharing exchange platform is used for generating a data acquisition task and sending the data acquisition task to a first enterprise through a front-end processor, so that the first enterprise acquires data based on the data acquisition task, encrypts the data and sends the encrypted data to the second enterprise; and the front-end processor used for the second enterprise decrypts the encrypted data through the shared data exchange platform of the second enterprise after receiving the encrypted data of the first enterprise to obtain the data acquired by the second enterprise based on the data acquisition task.
By the data transmission method and the data transmission system based on the DMZ zone, network isolation can be realized through network environment configuration of the DMZ zone, the problem of protecting an internal network of an enterprise is solved, data encryption is realized through an encryption algorithm, the safety of data transmission is ensured, the data volume of each transmission can be reduced by adopting a sub-packet mode for unstructured data, and the data transmission efficiency is ensured.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic diagram of a DMZ-based data transmission system framework according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a data transmission method based on a DMZ zone according to an embodiment of the present invention;
fig. 3 is a schematic flow chart of another data transmission method based on DMZ zones according to an embodiment of the present invention;
fig. 4 is a schematic diagram of an encryption process according to an embodiment of the present invention.
Detailed Description
In order to more clearly explain the overall concept of the present application, the following detailed description is given by way of example in conjunction with the accompanying drawings.
Fig. 1 is a schematic diagram of a data transmission system framework based on a DMZ zone according to an embodiment of the present invention, and as shown in fig. 1, the system includes a plurality of enterprises, each of which is provided with an application program, a data sharing exchange platform, and a front-end processor.
In particular, the application is used for managing data within an enterprise, and may be, for example, a business management system within the enterprise; each data sharing exchange platform is arranged in a respective DMZ zone of each enterprise; each front-end processor is arranged in the same network environment and can communicate with each other.
In some examples, the each enterprise includes at least a first enterprise and a second enterprise. In some specific application scenarios of the present invention, the second enterprise is a superior enterprise of the first enterprise.
Specifically, the application program of the first enterprise is used for responding to a data acquisition task received by the front-end processor and sent by a second enterprise, acquiring source data based on data acquisition standards in the data acquisition task, and sending the source data to the data sharing exchange platform;
specifically, the data sharing exchange platform of the first enterprise is configured to perform data encryption after performing data processing on the source data based on the collected data standard, and send the encrypted data to the second enterprise through the front-end processor;
specifically, the second enterprise data sharing exchange platform is used for generating a data acquisition task, and sending the data acquisition task to a first enterprise through a front-end processor, so that the first enterprise acquires data based on the data acquisition task, encrypts the data and sends the encrypted data to the second enterprise; and the front-end processor used for the second enterprise decrypts the encrypted data through the shared data exchange platform of the second enterprise after receiving the encrypted data of the first enterprise to obtain the data acquired by the second enterprise based on the data acquisition task.
The following describes a specific implementation and functions of the above system in the embodiment of the present invention with reference to fig. 2.
Fig. 2 is a schematic flow chart of a data transmission method based on a DMZ zone according to an embodiment of the present invention, as shown in fig. 2, the method includes:
s201, in response to the front-end processor receiving a data acquisition task sent by a second enterprise, an application program of a first enterprise acquires source data based on data acquisition standards in the data acquisition task, and sends the source data to the data sharing exchange platform.
S202, the data sharing exchange platform of the first enterprise encrypts data after processing the source data based on the acquired data standard, and sends the encrypted data to the second enterprise through the front-end processor.
In some preferred embodiments, the application of the first enterprise, in response to the front-end processor receiving the collected data task sent by the second enterprise, comprises:
after receiving data acquisition tasks sent by other enterprises, the front-end processor of the first enterprise sends the data acquisition tasks to the first enterprise data sharing exchange platform;
the data sharing exchange platform of the first enterprise decrypts the acquired data task to obtain the acquired data standard;
and the data sharing exchange platform of the first enterprise sends the collected data standard to the application program, so that the application program obtains source data according to the collected data standard.
In some preferred embodiments, the source data includes structured data and unstructured data, and accordingly, acquiring the source data based on the collected data standard in the collected data task and sending the source data to the data sharing switching platform includes:
and the application program of the first enterprise respectively acquires structured data and unstructured data according to the acquisition standard and respectively sends the structured data and the unstructured data to the data sharing exchange platform.
Specifically, the application program of the first enterprise packages the structured data in a DB file database, packages and names the unstructured data according to a preset format, and sends the packaged data to the data exchange platform of the first enterprise, respectively.
In some embodiments, the unstructured data larger than 50M is sent in a single zip packet, and the unstructured data smaller than 50M is sent in a zip packet, and reported one by one with the zip packet.
In some embodiments, the non-structured data zip packages are named uniformly, and the naming mode can be uniform social credit code _ service code _ version number _ timestamp _ uuid.
In some embodiments, each enterprise's data sharing exchange platform has a respective symmetric key and asymmetric key pair, the asymmetric key pair comprising a public key and a private key.
Correspondingly, the data sharing exchange platform of the first enterprise encrypts the data after processing the source data based on the collected data standard, and sends the encrypted data to the second enterprise through the front-end processor, including:
and the data exchange platform of the first enterprise encrypts the data through a symmetric key of the data exchange platform of the first enterprise, encrypts the symmetric key through a public key of the data sharing exchange platform of the second enterprise, and packages the encrypted data together and then sends the packaged data to the second enterprise through the front-end processor.
Fig. 3 is a schematic flow chart of another data transmission method based on DMZ zones according to an embodiment of the present invention, as shown in fig. 3, the method includes:
s301, a data sharing exchange platform of a second enterprise generates a data acquisition task, and sends the data acquisition task to a first enterprise through a front-end processor, so that the first enterprise acquires data based on the data acquisition task, encrypts the data and sends the data to the second enterprise;
s302, after receiving the encrypted data of the first enterprise, the front-end processor of the second enterprise decrypts the encrypted data through the shared data exchange platform of the second enterprise to obtain the data acquired by the second enterprise based on the data acquisition task.
In some examples, the data sharing exchange platform of the second enterprise generates a data collection task and sends the data collection task to the first enterprise through a front-end processor, so that the first enterprise collects data based on the data collection task and sends the data to the second enterprise after encryption, including:
the data sharing exchange platform of the second enterprise generates a data acquisition standard, and encrypts the data acquisition standard to obtain a data acquisition task;
and the front-end processor of the second enterprise sends the data acquisition task to the first enterprise, so that the first enterprise decrypts the data acquisition task to obtain a data acquisition standard, acquires data based on the data acquisition standard, encrypts the data and sends the data to the second enterprise.
The data sharing exchange platform of each enterprise is provided with a symmetric key and an asymmetric key pair, wherein the asymmetric key pair comprises a public key and a private key;
after receiving the encrypted data of the first enterprise, the front-end processor of the second enterprise decrypts the encrypted data through the data sharing exchange platform of the second enterprise to obtain the data acquired by the second enterprise based on the data acquisition task, and the method comprises the following steps:
the data sharing exchange platform of the second enterprise decrypts the first data in the encrypted data through a private key of the second enterprise to obtain a symmetric key of the data sharing exchange platform of the first enterprise;
and the data sharing exchange platform of the second enterprise decrypts the second data in the encrypted data through the symmetric key to obtain the data acquired by the second enterprise based on the data acquisition task.
Fig. 4 is a schematic view of an encryption process provided in an embodiment of the present invention, as shown in fig. 4, in an actual application process, a data sharing exchange platform of each enterprise generates a symmetric key (SM4 key file) by itself, and receives a public key (SM2 public key) sent by a second enterprise, then encrypts source data through the symmetric key, encrypts the symmetric key through the public key, and then sends the encrypted source data and the public key to other enterprises.
It will be appreciated that the encryption process may be applied to any phase of enterprise communication in embodiments of the present invention, such as the second enterprise sending the collected data task phase to the first enterprise, or the first enterprise sending the collected data phase to the second enterprise.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the application.
Claims (10)
1. A data transmission method based on DMZ zone is characterized in that each enterprise is correspondingly provided with an application program, a data sharing exchange platform and a front-end processor, wherein the application program is used for managing data inside the enterprise, each data sharing exchange platform is arranged in the respective DMZ zone of each enterprise, each front-end processor is arranged in the same network environment, each enterprise at least comprises a first enterprise and a second enterprise, and the method comprises the following steps:
responding to a data acquisition task sent by a second enterprise and received by the front-end processor, an application program of a first enterprise acquires source data based on data acquisition standards in the data acquisition task and sends the source data to the data sharing exchange platform;
and the data sharing exchange platform of the first enterprise encrypts data after processing the source data based on the acquired data standard, and sends the encrypted data to the second enterprise through the front-end processor.
2. The method of claim 1, wherein the application of the first enterprise, in response to the front-end processor receiving the collected data task sent by the second enterprise, comprises:
after receiving data acquisition tasks sent by other enterprises, the front-end processor of the first enterprise sends the data acquisition tasks to the first enterprise data sharing exchange platform;
the data sharing exchange platform of the first enterprise decrypts the acquired data task to obtain the acquired data standard;
and the data sharing exchange platform of the first enterprise sends the collected data standard to the application program, so that the application program obtains source data according to the collected data standard.
3. The method of claim 1, wherein the source data comprises structured data and unstructured data, and wherein obtaining the source data based on the collected data standard in the collected data task and sending the source data to the data sharing switching platform comprises:
and the application program of the first enterprise respectively acquires structured data and unstructured data according to the acquisition standard and respectively sends the structured data and the unstructured data to the data sharing exchange platform.
4. The method of claim 3, wherein sending structured data and unstructured data to the data exchange platform, respectively, comprises:
and the application program of the first enterprise packages the structured data in a DB file database, packages and names the unstructured data according to a preset format, and sends the packaged data to a data exchange platform of the first enterprise.
5. The method of claim 1, wherein the data sharing exchange platform of the first enterprise performs data encryption after performing data processing on the source data based on the collected data standard, and sends the encrypted data to the second enterprise through the front-end processor, comprising:
and the data sharing exchange platform of the first enterprise extracts the source data based on the acquired data standard, packages and encrypts the extracted source data, and sends the encrypted data to the second enterprise through the front-end processor of the first enterprise.
6. The method of claim 1, wherein the data-sharing switching platform of each enterprise has respective symmetric and asymmetric key pairs, the asymmetric key pair comprising a public key and a private key;
the data sharing exchange platform of the first enterprise encrypts data after processing the source data based on the collected data standard, and sends the encrypted data to the second enterprise through the front-end processor, including:
and the data exchange platform of the first enterprise encrypts the data through a symmetric key of the data exchange platform of the first enterprise, encrypts the symmetric key through a public key of the data sharing exchange platform of the second enterprise, and packages the encrypted data together and then sends the packaged data to the second enterprise through the front-end processor.
7. A data transmission method based on DMZ zone is characterized in that each enterprise is correspondingly provided with an application program, a data sharing exchange platform and a front-end processor, wherein the application program is used for managing data inside the enterprise, each data sharing exchange platform is arranged in the respective DMZ zone of each enterprise, each front-end processor is arranged in the same network environment, each enterprise at least comprises a first enterprise and a second enterprise, and the method comprises the following steps:
a data sharing exchange platform of a second enterprise generates a data acquisition task, and sends the data acquisition task to a first enterprise through a front-end processor, so that the first enterprise acquires data based on the data acquisition task, encrypts the data and sends the encrypted data to the second enterprise;
and after receiving the encrypted data of the first enterprise, the front-end processor of the second enterprise decrypts the encrypted data through the shared data exchange platform of the second enterprise to obtain the data acquired by the second enterprise based on the data acquisition task.
8. The method of claim 7, wherein the data sharing and exchanging platform of the second enterprise generates a data collection task and sends the data collection task to the first enterprise through a front-end processor, so that the first enterprise collects data based on the data collection task and sends the data to the second enterprise after encryption, and the method comprises the following steps:
the data sharing exchange platform of the second enterprise generates a data acquisition standard, and encrypts the data acquisition standard to obtain a data acquisition task;
and the front-end processor of the second enterprise sends the data acquisition task to the first enterprise, so that the first enterprise decrypts the data acquisition task to obtain a data acquisition standard, acquires data based on the data acquisition standard, encrypts the data and sends the data to the second enterprise.
9. The method of claim 7, wherein the data-sharing exchange platform of each enterprise has a symmetric key and an asymmetric key pair, the asymmetric key pair comprising a public key and a private key;
after receiving the encrypted data of the first enterprise, the front-end processor of the second enterprise decrypts the encrypted data through the data sharing exchange platform of the second enterprise to obtain the data acquired by the second enterprise based on the data acquisition task, including:
the data sharing exchange platform of the second enterprise decrypts the first data in the encrypted data through a private key of the second enterprise to obtain a symmetric key of the data sharing exchange platform of the first enterprise;
and the data sharing exchange platform of the second enterprise decrypts the second data in the encrypted data through the symmetric key to obtain the data acquired by the second enterprise based on the data acquisition task.
10. A data transmission system based on DMZ zone is characterized in that each enterprise in the system is correspondingly provided with an application program, a data sharing exchange platform and a front-end processor, wherein the application program is used for managing data in the enterprise, each data sharing exchange platform is arranged in the DMZ zone of each enterprise, each front-end processor is arranged in the same network environment, each enterprise at least comprises a first enterprise and a second enterprise, wherein,
the application program of the first enterprise is used for responding to a data acquisition task received by the front-end processor and sent by a second enterprise, acquiring source data based on data acquisition standards in the data acquisition task, and sending the source data to the data sharing exchange platform;
the data sharing exchange platform of the first enterprise is used for carrying out data encryption after carrying out data processing on the source data based on the acquired data standard and sending the encrypted data to the second enterprise through the front-end processor;
the second enterprise data sharing exchange platform is used for generating a data acquisition task and sending the data acquisition task to a first enterprise through a front-end processor, so that the first enterprise acquires data based on the data acquisition task, encrypts the data and sends the encrypted data to the second enterprise; and the front-end processor used for the second enterprise decrypts the encrypted data through the shared data exchange platform of the second enterprise after receiving the encrypted data of the first enterprise to obtain the data acquired by the second enterprise based on the data acquisition task.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011139340.4A CN112422510B (en) | 2020-10-22 | 2020-10-22 | Data transmission method and system based on DMZ zone |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011139340.4A CN112422510B (en) | 2020-10-22 | 2020-10-22 | Data transmission method and system based on DMZ zone |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112422510A true CN112422510A (en) | 2021-02-26 |
| CN112422510B CN112422510B (en) | 2023-01-20 |
Family
ID=74840472
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011139340.4A Active CN112422510B (en) | 2020-10-22 | 2020-10-22 | Data transmission method and system based on DMZ zone |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112422510B (en) |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101261675A (en) * | 2007-03-07 | 2008-09-10 | 英赛康特雷斯公司 | Secure method for loading service access data in an NFC chipset |
| CN102779186A (en) * | 2012-06-29 | 2012-11-14 | 浙江大学 | Whole process modeling method of unstructured data management |
| CN103116643A (en) * | 2013-02-25 | 2013-05-22 | 江苏物联网研究发展中心 | Hadoop-based intelligent medical data management method |
| CN103685532A (en) * | 2013-12-20 | 2014-03-26 | 代玉松 | Safety guarantee system and method used during data transmission process among enterprises based on cloud service |
| CN105160474A (en) * | 2015-09-06 | 2015-12-16 | 浪潮软件股份有限公司 | Data processing method for realizing heterogeneous database based on intelligent task scheduling platform |
| US20160366113A1 (en) * | 2015-06-09 | 2016-12-15 | Skyhigh Networks, Inc. | Wildcard search in encrypted text |
| CN107222583A (en) * | 2017-08-08 | 2017-09-29 | 江苏优闼数据科技有限公司 | A kind of data transmission method of fusion structure data and unstructured data |
| CN109150703A (en) * | 2018-08-23 | 2019-01-04 | 北方工业大学 | Intelligent cloud gateway for industrial Internet of things and communication method thereof |
| CN109257347A (en) * | 2018-09-10 | 2019-01-22 | 中国建设银行股份有限公司 | Communication means and relevant apparatus, storage medium suitable for data interaction between bank |
| CN109818831A (en) * | 2019-03-05 | 2019-05-28 | 山东浪潮通软信息科技有限公司 | A kind of system data dynamic monitoring device and method across private network based on DMZ |
| CN110061996A (en) * | 2019-04-25 | 2019-07-26 | 深圳市元征科技股份有限公司 | A kind of data transmission method, device, equipment and readable storage medium storing program for executing |
| CN110086816A (en) * | 2019-04-30 | 2019-08-02 | 广东电网有限责任公司 | A kind of data processing method under internal and external network switching platform environment |
| CN111258780A (en) * | 2020-01-15 | 2020-06-09 | 深圳市华傲数据技术有限公司 | System and method for data exchange based on front-end processor |
| CN111698546A (en) * | 2020-06-29 | 2020-09-22 | 平安国际智慧城市科技股份有限公司 | Video structured result transmission method and device, terminal equipment and storage medium |
-
2020
- 2020-10-22 CN CN202011139340.4A patent/CN112422510B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101261675A (en) * | 2007-03-07 | 2008-09-10 | 英赛康特雷斯公司 | Secure method for loading service access data in an NFC chipset |
| CN102779186A (en) * | 2012-06-29 | 2012-11-14 | 浙江大学 | Whole process modeling method of unstructured data management |
| CN103116643A (en) * | 2013-02-25 | 2013-05-22 | 江苏物联网研究发展中心 | Hadoop-based intelligent medical data management method |
| CN103685532A (en) * | 2013-12-20 | 2014-03-26 | 代玉松 | Safety guarantee system and method used during data transmission process among enterprises based on cloud service |
| US20160366113A1 (en) * | 2015-06-09 | 2016-12-15 | Skyhigh Networks, Inc. | Wildcard search in encrypted text |
| CN105160474A (en) * | 2015-09-06 | 2015-12-16 | 浪潮软件股份有限公司 | Data processing method for realizing heterogeneous database based on intelligent task scheduling platform |
| CN107222583A (en) * | 2017-08-08 | 2017-09-29 | 江苏优闼数据科技有限公司 | A kind of data transmission method of fusion structure data and unstructured data |
| CN109150703A (en) * | 2018-08-23 | 2019-01-04 | 北方工业大学 | Intelligent cloud gateway for industrial Internet of things and communication method thereof |
| CN109257347A (en) * | 2018-09-10 | 2019-01-22 | 中国建设银行股份有限公司 | Communication means and relevant apparatus, storage medium suitable for data interaction between bank |
| CN109818831A (en) * | 2019-03-05 | 2019-05-28 | 山东浪潮通软信息科技有限公司 | A kind of system data dynamic monitoring device and method across private network based on DMZ |
| CN110061996A (en) * | 2019-04-25 | 2019-07-26 | 深圳市元征科技股份有限公司 | A kind of data transmission method, device, equipment and readable storage medium storing program for executing |
| CN110086816A (en) * | 2019-04-30 | 2019-08-02 | 广东电网有限责任公司 | A kind of data processing method under internal and external network switching platform environment |
| CN111258780A (en) * | 2020-01-15 | 2020-06-09 | 深圳市华傲数据技术有限公司 | System and method for data exchange based on front-end processor |
| CN111698546A (en) * | 2020-06-29 | 2020-09-22 | 平安国际智慧城市科技股份有限公司 | Video structured result transmission method and device, terminal equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 朱晓明等: "《数字化时代的十大商业趋势》", 31 January 2015 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112422510B (en) | 2023-01-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2604926C (en) | System topology for secure end-to-end communications between wireless device and application data source | |
| CN108134764B (en) | Distributed data sharing and exchanging method and system | |
| CN110009201B (en) | Electric power data link system and method based on block chain technology | |
| EP2882208B1 (en) | Method, apparatus, system, and related device for data transmission | |
| EP3813298B1 (en) | Method and apparatus for establishing trusted channel between user and trusted computing cluster | |
| CN104468648A (en) | Data processing system and method | |
| US20120284768A1 (en) | Techniques for secure channel messaging | |
| WO2019169679A1 (en) | Terminal information transmission method and relevant products | |
| CN100542169C (en) | Remote IPSEC security association management | |
| US20170111329A1 (en) | Service Access Method and System, and Apparatus | |
| Saksonov et al. | Organization of information security in Industrial Internet of Things systems | |
| CN112968965B (en) | Metadata service method, server and storage medium for NFV network node | |
| CN109862526A (en) | Document transmission method, device, computer equipment and storage medium | |
| CN112422510B (en) | Data transmission method and system based on DMZ zone | |
| CN100499649C (en) | Method for realizing safety coalition backup and switching | |
| CN112491935A (en) | Water wave type broadcasting method and system for block chain | |
| KR20200129625A (en) | Blockchain based data transmission method in internet of things | |
| CN108173868A (en) | A kind of method, equipment and the storage device of one-to-many file distributing | |
| CN109150661A (en) | A kind of method for discovering equipment and device | |
| CN101895522A (en) | Host identity tag acquisition method and system | |
| CN113992379A (en) | Communication method, communication system, medium and electronic device for active identification device | |
| CN111581673B (en) | SAP electronic signature method and system | |
| CN110635927B (en) | Node switching method, network node and network system | |
| CN112765665A (en) | Data source management method and management platform | |
| JP5778862B2 (en) | Method and virtual IDM server for implementing cloud-based ID management (C-IDM) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230307 Address after: 250101 Inspur science and Technology Park, 1036 Inspur Road, hi tech Zone, Jinan City, Shandong Province Patentee after: Inspur Genersoft Co.,Ltd. Address before: 250101 Inspur science and Technology Park, 1036 Inspur Road, hi tech Zone, Jinan City, Shandong Province Patentee before: SHANDONG INSPUR GENESOFT INFORMATION TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right |