CN112615855B - Data secure transmission method based on government affair second batch platform - Google Patents

Data secure transmission method based on government affair second batch platform Download PDF

Info

Publication number
CN112615855B
CN112615855B CN202011492842.5A CN202011492842A CN112615855B CN 112615855 B CN112615855 B CN 112615855B CN 202011492842 A CN202011492842 A CN 202011492842A CN 112615855 B CN112615855 B CN 112615855B
Authority
CN
China
Prior art keywords
data
request
encryption
information
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011492842.5A
Other languages
Chinese (zh)
Other versions
CN112615855A (en
Inventor
李发明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen China Blog Imformation Technology Co ltd
Original Assignee
Shenzhen China Blog Imformation Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen China Blog Imformation Technology Co ltd filed Critical Shenzhen China Blog Imformation Technology Co ltd
Priority to CN202011492842.5A priority Critical patent/CN112615855B/en
Publication of CN112615855A publication Critical patent/CN112615855A/en
Application granted granted Critical
Publication of CN112615855B publication Critical patent/CN112615855B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates

Abstract

The invention provides a data security transmission method based on a government affair second batch platform, and belongs to the field of government affair informatization. The data security transmission method is used for preprocessing request data of government affair second batch services of a client and respectively judging the data to be encrypted, sensitive data and common data; carrying out preliminary filtering on the request data for the common data, and transmitting the common data when the data is safe; generating a dynamic key according to the dynamic key request and feeding back the dynamic key to the client to finish data encryption and communication encryption; selecting an encryption rule for the sensitive data according to the sensitive points to encrypt the sensitive data; in the communication encryption, an encryption path is generated, the encryption path comprises a certificate, and the data is transmitted and archived by a check station after being verified by the certificate. The invention realizes the data safety and the communication safety of necessary data during transmission, ensures the integrity of the data, realizes the rapid circulation of the data, improves the efficiency of the second approval business, and really realizes the second handling of the government affairs.

Description

Data secure transmission method based on government affair second batch platform
Technical Field
The invention belongs to the field of government affair service informatization, and particularly relates to a data security transmission method based on a government affair second batch platform.
Background
With the popularization of 'internet + government affair service' in the government affair informatization process, second approval is gradually realized in various approval processes, the fast operation of the approval processes is realized by constructing a government affair second approval platform, and meanwhile, the digitization and the sharing of the approval information are realized. A large amount of enterprise and personal related information is stored in the government affair second batch platform, and how to ensure the safety of the stored information in the transmission process is the premise of realizing second batch business.
In the prior art, a government affair second batch platform is not mature, a transmission method the same as other types of data is adopted in the data transmission process, the particularity of government affair business cannot be fully considered, the second batch business efficiency cannot be further improved, and meanwhile the safety of the government affair business cannot be guaranteed.
Disclosure of Invention
In view of the above-mentioned drawbacks and deficiencies in the prior art, the present invention is directed to a secure data transmission method based on a government affair second batch platform, which performs security layering on data through different protocols, ensures that the data is not changed during transmission, and ensures the integrity of the data.
In order to achieve the above purpose, the embodiment of the invention adopts the following technical scheme:
the embodiment of the invention provides a data security transmission method based on a government affair second batch platform, which comprises the following steps:
step S1, preprocessing the request data of the second batch of government affairs business of the client, judging the data to be encrypted when the request data contains an active encryption request, and turning to step S3; when the request data does not contain the active encryption request, searching whether the data contains fields related to personal information and enterprise information, if so, judging the data to be sensitive data, and turning to step S5, and if not, turning to step S2;
step S2, arranging a first check station on the platform, filtering the request data, transmitting the data according to the request path when the data is safe, and feeding back the transmission information to the client; when the data is judged to be unsafe, discarding the data packet and feeding back information for stopping transmission to the client;
step S3, the server side selects the corresponding encryption rule according to the dynamic key request in the data to be encrypted, and generates the dynamic key to feed back to the client side;
step S4, after the client inputs the fed-back dynamic key, the server confirms the information to be encrypted, encrypts the request data through the encryption algorithm in the input dynamic key, and enters step S6;
step S5, selecting corresponding encryption rules according to the sensitive points in the sensitive data, encrypting the request data judged as the sensitive data, and entering the step S6;
step S6, generating an encrypted path according to the path information in the request data and the encryption rule of the request information, wherein the encrypted path comprises the certificate passing through the subsequent check station;
step S7, the server transmits the request data which completes data encryption and communication encryption, backups the request data at the site of checking station key comparison, stores the request data in the second batch service database, and files; while data transmission is completed at the site.
As a preferred embodiment of the present invention, the encryption rules in step S3 and step S5 include:
the system comprises a key generation rule based on business requirements, a key generation rule based on personal identity information, a key generation rule based on personal fund traffic, a key generation rule based on enterprise legal affair information, a key generation rule based on enterprise technical information, a key generation rule based on enterprise fund traffic and a key generation rule based on enterprise tax information.
As a preferred embodiment of the present invention, the key generation rule in step S3 is actively selected by the dynamic key request of the client in the request data.
As a preferred embodiment of the present invention, the step S1 further includes: when the request data of the client contains an active encryption request, the server pre-judges the encryption request, and only determines the data conforming to the encryption request as the data to be encrypted; and feeding back the data which do not conform to the encryption request to the client to inquire whether the information is wrong or the encryption request is reselected.
As a preferred embodiment of the present invention, in the step S2, the data is transmitted according to the request path, and the data is transmitted according to the request path by using a point-to-point continuous transmission manner.
As a preferred embodiment of the present invention, in step S6, the certificate of the station is checked, and authentication is performed by a trusted third party established by a key rule, so that the client and the server mutually identify the identity of the other party at the check station, and the validity of the identity of the other party is ensured.
The technical scheme provided by the embodiment of the invention has the following beneficial effects:
(1) secret property: the data to be encrypted transmitted between the client and the server are encrypted, and the information acquired by an illegal eavesdropper in the network is meaningless ciphertext information.
(2) Integrity, namely, the integrity of the information is ensured by extracting the characteristic value of the transmitted information by using a cryptographic algorithm, and the path information is independently encrypted, so that the information to be transmitted can be ensured to all reach the destination, and the information between the server and the client is prevented from being damaged.
(3) And the authentication is that the client and the server mutually identify the identity of the other party by utilizing the certificate technology and the credible third party authentication, the certificate holders mutually exchange digital certificates when holding hands, and the validity of the identity of the other party is ensured through verification.
(4) And (3) timeliness: through the classification of different service data, the rapid circulation of the service data is realized, and the safety guarantee is provided for the second batch service of the government affair second batch platform.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a method for securely transmitting data based on government affair second batch service according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the present invention are shown in the drawings.
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict. The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
The embodiment of the invention provides a data secure transmission method based on a government affair second batch platform. The government affair second approval platform utilizes a big data intelligent engine to build a second approval business management system, and realizes a new second approval government affair service mode of online application, unmanned intervention automatic approval service and active and timely delivery of approval results of government affair businesses. Through the construction of the second approval business management system, the applicant submits application information through the Internet, the system compares and checks the application information in real time through data sharing and automatic circulation according to established rules, examination and approval decisions are automatically made, and examination and approval results are timely and actively informed to the applicant. The government affair second batch platform stores a great amount of privacy information, confidential information or key information related to enterprise and personal information, immeasurable loss is brought to the enterprise and the individual once the information is leaked or maliciously changed, and meanwhile, the public credibility of government departments is reduced, and the safety of data is ensured in the sharing and automatic circulation of the data. Meanwhile, data stored in the government affair second batch system is different from common big data to a certain extent, and a safe transmission mechanism of the common data cannot be completely suitable for a second batch platform, so that second batch business is realized.
Fig. 1 shows a flow chart of a data secure transmission method based on a government affair second batch platform according to an embodiment of the invention. As shown in fig. 1, the method for securely transmitting data based on the government affair second batch platform includes the following steps:
step S1, preprocessing the request data of the second batch of government affairs business of the client, judging the data to be encrypted when the request data contains an active encryption request, and turning to step S3; when the request data does not contain the active encryption request, searching whether the data contains fields related to personal information and enterprise information, if so, judging that the data is sensitive data, and turning to the step S5; if not, the flow proceeds to step S2.
In the step, according to the characteristics of government affair second batch business, the autonomy of the client is realized as much as possible, and the fast circulation among the businesses is realized, so that the transmitted request data is firstly preliminarily classified before data transmission. The classification fully embodies the autonomy of the client, and is firstly classified according to whether the client requires encryption or not.
Further, the method also comprises the following steps: when the request data of the client contains an active encryption request, the server pre-judges the encryption request, and only determines the data conforming to the encryption request as the data to be encrypted; and feeding back the data which do not conform to the encryption request to the client to inquire whether the information is wrong or the encryption request is reselected.
Step S2, arranging a first check station on the platform, filtering the request data, transmitting the data according to the request path when the data is safe, and feeding back the transmission information to the client; and when the data is not safe, discarding the data packet and feeding back the information for terminating the transmission to the client.
This step is a processing mode when the requirement for the security level is the lowest. The server passively filters the request data to ensure the security of the request data to the system. The filtering in this step is only a check and the data is not normally processed. Because the security level is low, a point-to-point continuous transmission mode needs to be adopted in transmission, and transmission is carried out according to a request path. And (4) discarding the data packet and feeding back information for terminating transmission to the client unless the obvious danger field is checked out to endanger the system security.
And step S3, the server generates a dynamic key according to the dynamic key request in the data to be encrypted and feeds the dynamic key back to the client.
In this step, different dynamic key generation rules are designed for different services, including: a key generation rule based on business requirements, a key generation rule based on personal identity information, a key generation rule based on personal fund traffic, a key generation rule based on enterprise legal information, a key generation rule based on enterprise technical information, a key generation rule based on enterprise fund traffic, a key generation rule based on enterprise tax information, and the like. The dynamic key request of the client includes the selection of the service type, and the key generation rule in this step is actively selected.
And regenerating the key based on the different key generation rules. And each key rule is designed by the client according to the actual service requirement. For example, based on the key generation rule of the service requirement, when the confidentiality requirements of the services are different, a random code may be adopted; based on the key generation rule of personal fund exchange, the encryption algorithm (MD5), random code and key validity period supported by both parties can be adopted, and the dynamic key is stored in the server, wherein the storage form can be Session, database or file, and the format of the dynamic key is (MD5+123456+2020/9/23/12:00: 00).
Step S4, after the client inputs the fed-back dynamic key, the server confirms the information to be encrypted, encrypts the request data through the encryption algorithm in the input dynamic key, and then enters step S6.
Step S5, according to the sensitive points in the sensitive data, selecting the corresponding encryption rules, encrypting the request data judged as sensitive data, and entering step S6.
In this step, the corresponding encryption rule includes: a key generation rule based on business requirements, a key generation rule based on personal identity information, a key generation rule based on personal fund traffic, a key generation rule based on enterprise legal information, a key generation rule based on enterprise technical information, a key generation rule based on enterprise fund traffic, a key generation rule based on enterprise tax information, and the like.
Step S6, generating an encrypted path according to the path information in the request data and the encryption rule of the request information, where the encrypted path includes the certificate that passes through the subsequent checkpoint, and ensures data security and communication security.
In this step, the certificate of the checkpoint is authenticated by a trusted third party formulated by a key rule, so that the client and the server mutually identify the identity of the other party at the checkpoint. In order to verify that the certificate holder is a legal user (not an impersonated user), the certificate holder exchanges digital certificates with each other when the check station is holding hands, and the validity of the identity of the other party is guaranteed through verification.
Step S7, the server transmits the request data which completes data encryption and communication encryption, backups the request data at the site of checking station key comparison, stores the request data in the second batch service database, and files; while data transmission is completed at the site.
According to the technical scheme, the data security transmission method based on the government affair second approval service provided by the embodiment of the invention has the advantages that the security channel is established between the client and the server, the data security and the communication security of necessary data during transmission are realized through security layering, meanwhile, a loose policy is adopted for unnecessary data, the integrity of the data is ensured, the rapid circulation of the data is realized in the shortest time, the efficiency of the second approval service is improved, and the second approval of government affairs is really realized.
The foregoing description is only exemplary of the preferred embodiments of the invention and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention herein disclosed is not limited to the particular combination of features described above, but also encompasses other arrangements formed by any combination of the above features or their equivalents without departing from the spirit of the invention. For example, the above features and (but not limited to) features having similar functions disclosed in the present invention are mutually replaced to form the technical solution.

Claims (4)

1. A data security transmission method based on government affair second batch platform is characterized in that,
the data security transmission method establishes a security channel between a client and a server, realizes data security and communication security of necessary data during transmission through security layering, and simultaneously adopts a loose policy on unnecessary data to ensure the integrity of the data, realizes rapid circulation of the data in the shortest time, improves the efficiency of second approval business, and realizes the second handling of the approval of government affairs;
the data secure transmission method comprises the following steps:
step S1, after preprocessing the request data of the second batch of government affairs business of the client, firstly, preliminarily classifying the transmitted request data, and classifying according to whether the client requires encryption; when the request data contains an active encryption request, the server pre-judges the encryption request, and only data conforming to the encryption request is judged as data to be encrypted; feeding back data which do not conform to the encryption request to the client to inquire whether the information is wrong or the encryption request is reselected; after determining that the data is to be encrypted, the process proceeds to step S3; when the request data does not contain the active encryption request, searching whether the data contains fields related to personal information and enterprise information, if so, judging the data to be sensitive data, and turning to step S5, and if not, turning to step S2;
step S2, a first check station is arranged on the platform to filter the request data, which is a processing mode when the requirement on the confidentiality level is lowest, and the server passively filters the request data to ensure the security of the request data to the system; when the data is safe, transmitting the data according to the request path, and feeding back transmission information to the client; when the data is judged to be unsafe, discarding the data packet and feeding back information for stopping transmission to the client;
step S3, the server side selects the corresponding encryption rule according to the dynamic key request in the data to be encrypted, and generates the dynamic key to feed back to the client side; a key generation rule actively selected by a dynamic key request of the client in the request data;
step S4, after the client inputs the fed-back dynamic key, the server confirms the information to be encrypted, encrypts the request data through the encryption algorithm in the input dynamic key, and enters step S6;
step S5, selecting corresponding encryption rules according to the sensitive points in the sensitive data, encrypting the request data judged as the sensitive data, and entering the step S6;
step S6, generating an encrypted path according to the path information in the request data and the encryption rule of the request information, wherein the encrypted path contains the certificate passing through the subsequent check station to ensure the data security and the communication security;
step S7, the server transmits the request data which completes data encryption and communication encryption, backups the request data at the site of checking station key comparison, stores the request data in the second batch service database, and files; while data transmission is completed at the site.
2. The method for securely transmitting data according to claim 1, wherein the encryption rules in steps S3 and S5 include:
the system comprises a key generation rule based on business requirements, a key generation rule based on personal identity information, a key generation rule based on personal fund traffic, a key generation rule based on enterprise legal affair information, a key generation rule based on enterprise technical information, a key generation rule based on enterprise fund traffic and a key generation rule based on enterprise tax information.
3. The method for securely transmitting data according to claim 1, wherein the data is transmitted according to the request path in step S2 by using a point-to-point continuous transmission manner.
4. The method for securely transmitting data according to claim 1, wherein in step S6, the certificate of the station is checked, and the authentication is performed by a trusted third party established by a key rule, so that the client and the server mutually identify the identity of the other party at the check station, and the validity of the identity of the other party is ensured.
CN202011492842.5A 2020-12-16 2020-12-16 Data secure transmission method based on government affair second batch platform Active CN112615855B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011492842.5A CN112615855B (en) 2020-12-16 2020-12-16 Data secure transmission method based on government affair second batch platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011492842.5A CN112615855B (en) 2020-12-16 2020-12-16 Data secure transmission method based on government affair second batch platform

Publications (2)

Publication Number Publication Date
CN112615855A CN112615855A (en) 2021-04-06
CN112615855B true CN112615855B (en) 2022-08-02

Family

ID=75240382

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011492842.5A Active CN112615855B (en) 2020-12-16 2020-12-16 Data secure transmission method based on government affair second batch platform

Country Status (1)

Country Link
CN (1) CN112615855B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109922128A (en) * 2019-01-08 2019-06-21 中金数据(武汉)超算技术有限公司 A kind of data safety exchange method suitable for across cloud service deployment environment
CN111464282A (en) * 2019-01-18 2020-07-28 百度在线网络技术(北京)有限公司 Data processing method and device based on homomorphic encryption

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10887291B2 (en) * 2016-12-16 2021-01-05 Amazon Technologies, Inc. Secure data distribution of sensitive data across content delivery networks
CA3043983C (en) * 2019-03-15 2021-10-26 ZenPayroll, Inc. Tagging and auditing sensitive information in a database environment
GB201915633D0 (en) * 2019-10-29 2019-12-11 Mash Daniel System and method for implementing articial intelligence models and customer models for smart contracts,chaincode, or logic using distributed ledgers

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109922128A (en) * 2019-01-08 2019-06-21 中金数据(武汉)超算技术有限公司 A kind of data safety exchange method suitable for across cloud service deployment environment
CN111464282A (en) * 2019-01-18 2020-07-28 百度在线网络技术(北京)有限公司 Data processing method and device based on homomorphic encryption

Also Published As

Publication number Publication date
CN112615855A (en) 2021-04-06

Similar Documents

Publication Publication Date Title
CN112073379B (en) Lightweight Internet of things security key negotiation method based on edge calculation
US9021090B2 (en) Network access firewall
US20070260872A1 (en) Automated electronic messaging encryption system
US20110113239A1 (en) Renewal of expired certificates
US20100138907A1 (en) Method and system for generating digital certificates and certificate signing requests
US20050114447A1 (en) Method and system for identity exchange and recognition for groups and group members
CN109361663B (en) Method, system and device for accessing encrypted data
JP2003067326A (en) Resource distribution system on network and mutual authentication system
JP2006520112A (en) Security key server, implementation of processes with non-repudiation and auditing
US7080409B2 (en) Method for deployment of a workable public key infrastructure
CN113065961A (en) Power block chain data management system
CN108462696B (en) Decentralized block chain intelligent identity authentication system
CN108881309A (en) Access method, device, electronic equipment and the readable storage medium storing program for executing of big data platform
US8085937B1 (en) System and method for securing calls between endpoints
CN108199866B (en) Social network system with strong privacy protection
CN110572392A (en) Identity authentication method based on HyperLegger network
CN111711607B (en) Block chain-based flow type micro-service trusted loading and verifying method
CN116260656B (en) Main body trusted authentication method and system in zero trust network based on blockchain
CN112615855B (en) Data secure transmission method based on government affair second batch platform
CN111614687A (en) Identity verification method, system and related device
CN111682934B (en) Method and system for storing, accessing and sharing comprehensive energy metering data
Dincer et al. Big data security: Requirements, challenges and preservation of private data inside mobile operators
CN114065282A (en) Data security sharing method and system under untrusted environment
Pranata et al. A distributed secure mechanism for resource protection in a digital ecosystem environment
KR102605368B1 (en) Method and server for verifying authenticity of mail

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant