CN113904865A - Log transmission method and device based on asymmetric algorithm - Google Patents

Log transmission method and device based on asymmetric algorithm Download PDF

Info

Publication number
CN113904865A
CN113904865A CN202111266661.5A CN202111266661A CN113904865A CN 113904865 A CN113904865 A CN 113904865A CN 202111266661 A CN202111266661 A CN 202111266661A CN 113904865 A CN113904865 A CN 113904865A
Authority
CN
China
Prior art keywords
log
format
sending end
encrypted
sensitive
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111266661.5A
Other languages
Chinese (zh)
Inventor
蔡灵敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Property and Casualty Insurance Company of China Ltd
Original Assignee
Ping An Property and Casualty Insurance Company of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Property and Casualty Insurance Company of China Ltd filed Critical Ping An Property and Casualty Insurance Company of China Ltd
Priority to CN202111266661.5A priority Critical patent/CN113904865A/en
Publication of CN113904865A publication Critical patent/CN113904865A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Abstract

The embodiment of the invention relates to the technical field of data encryption, and particularly provides a log transmission method based on an asymmetric algorithm, which comprises the following steps: the sending end acquires log information and substitutes the log information into a preset log recording format to generate a format log; the sending end marks the sensitive elements according to the target position of the format log and generates sensitive information; and the sending end generates an encryption log according to the public key, the format log and the sensitive information. Sensitive information of the log is encrypted through a non-encryption algorithm, and the method of only encrypting the sensitive information instead of encrypting all logs is adopted, so that not only can the cost be saved, but also the readability and the searchability of other non-sensitive information in the log can be kept, and the analysis and the processing are convenient. The private key is kept in the hands of a few high-level administrators, so that the clear text can be obtained under the condition of high necessity, the private key is prevented from being scattered randomly, and the safety is improved.

Description

Log transmission method and device based on asymmetric algorithm
Technical Field
The invention relates to the technical field of data encryption, in particular to a log transmission method and device based on an asymmetric algorithm.
Background
Analyzing the system log is an important means for combing the system flow, positioning the production problem and optimizing the flow, but the requirement of protecting the privacy and the safety of the user brings new challenges to the log information recording. The method not only needs to record logic behaviors of a user and a system completely and reasonably, but also needs to prevent sensitive information of the user, such as name, mobile phone number, address, license plate number and the like, from directly recording the content of the information of the user, which can position the individual information of the user, in a log, and causing the risk of user information leakage.
At present, aiming at the processing of user sensitive information in a log, the main scheme adopted mainly comprises the steps of replacing the sensitive information of a user with asterisk for display, for example, processing the middle four digits of a mobile phone number into the form of asterisk.
However, the above solutions have disadvantages, and some user information, such as a mobile phone number, is a unique service index, and is replaced by an asterisk, so that the user information cannot reflect real user information, and cannot be searched and analyzed in a log.
Disclosure of Invention
In view of the above problems, the present application is proposed to provide a log transmission method and apparatus based on asymmetric algorithm, which overcome the problem of encryption of sensitive information in logs or at least partially solve the problem, and includes:
a log transmission method based on asymmetric algorithm relates to a sending end and a receiving end; the sending end stores a public key sent by the receiving end, and the receiving end stores a private key matched with the public key, wherein the method comprises the following steps:
the sending end acquires log information and substitutes the log information into a preset log recording format to generate a format log;
the sending end marks the sensitive elements according to the target position of the format log and generates sensitive information;
the sending end encrypts the sensitive information according to the public key and generates an encrypted log by the encrypted sensitive information and the format log;
and the sending end sends the encrypted log to the receiving end.
Preferably, the step of generating a format log by substituting the log information into a preset log recording format includes:
the sending end extracts the keywords in the log information and respectively determines the types of the keywords; wherein, the keyword is at least one;
and the sending end respectively fills the keywords into the log record format according to the types of the keywords to generate the format log.
Preferably, the step of marking the sensitive element by the sending end according to the target position of the format log and generating the sensitive information includes:
the sending end determines a sensitive element according to the target position of the format log;
the sending end adds a mark to the sensitive element; wherein the sensitive element comprises at least one; each of the sensitive elements respectively corresponds to a different mark;
and the sending end determines sensitive information according to the sensitive element and the mark.
Preferably, the step of generating, by the sending end, an encrypted log according to the preset asymmetric public key, the format log, and the sensitive information includes:
the sending end determines sensitive elements according to the marks;
and the sending end determines a ciphertext according to the public key and the sensitive element and generates an encrypted log according to the ciphertext, the sensitive information and the format log.
Preferably, the step of generating an encrypted log according to the ciphertext, the sensitive information, and the format log includes:
and replacing the sensitive information in the format log with a ciphertext to generate an encrypted log.
The log transmission method based on the asymmetric algorithm is also included for realizing the application, and relates to a sending end and a receiving end; the sending end stores a public key sent by the receiving end, and the receiving end stores a private key matched with the public key, wherein the method comprises the following steps:
the receiving end generates a public key and a private key according to an asymmetric algorithm;
and the receiving end acquires the encrypted log and generates a log plaintext according to the private key and the encrypted log.
Preferably, the step of generating a log plaintext according to the asymmetric private key and the encrypted log includes:
the receiving end determines sensitive elements according to the marks in the encrypted logs;
and determining a plaintext according to the private key and the sensitive element, and generating a log plaintext according to the plaintext and the encryption log.
The log transmission device based on the asymmetric algorithm is also included for realizing the application, and relates to the sending end and the receiving end; wherein, the sending end stores the public key sent by the receiving end, and the receiving end stores the private key adapted to the public key, and the device includes:
a format log generation module: the sending end is used for obtaining the log information and substituting the log information into a preset log recording format to generate a format log;
the sensitive information determining module: the sending end is used for marking the sensitive elements according to the target position of the format log and generating sensitive information;
an encryption log generation module: the sending end is used for encrypting the sensitive information according to the public key and generating an encrypted log by the encrypted sensitive information and the format log;
the encryption log sending module: and the sending end is used for sending the encrypted log to the receiving end.
The present application also includes an apparatus, which includes a processor, a memory, and a computer program stored on the memory and capable of running on the processor, and when executed by the processor, the computer program implements an asymmetric algorithm based log transmission method.
The present application also includes a computer-readable storage medium, wherein the computer-readable storage medium stores thereon a computer program, and the computer program, when executed by a processor, implements an asymmetric algorithm based log transmission method.
The application has the following advantages:
in an embodiment of the present application, the method relates to the transmitting end and the receiving end; the sending end stores a public key sent by the receiving end, and the receiving end stores a private key matched with the public key, wherein the method comprises the following steps: the sending end acquires log information and substitutes the log information into a preset log recording format to generate a format log; the sending end marks the sensitive elements according to the target position of the format log and generates sensitive information; the sending end encrypts the sensitive information according to the public key and generates an encrypted log by the encrypted sensitive information and the format log; and the sending end sends the encrypted log to the receiving end. Sensitive information of the log is encrypted through a non-encryption algorithm, so that the sensitive information of a user is shielded, meanwhile, the information of the log file can be inquired and analyzed, and the method is a better log desensitization scheme. General development and operation and maintenance personnel can analyze the behavior of a single user without contacting sensitive information of the user, corresponding logs can be inquired only by sending a ciphertext obtained by encrypting the sensitive information to a log system when customer service or the front end of the user feeds back an inquiry requirement, and each participant can do the inquiry because a public key is open, so that the asymmetric encryption ensures that the risk of private key leakage does not exist. The method only encrypts sensitive information rather than all logs is adopted, so that not only can the cost be saved, but also the readability and the searchability of other non-sensitive information in the logs can be kept, and the analysis and the processing are convenient. The private key is kept in the hands of a few high-level administrators, so that the clear text can be obtained under the condition of high necessity, the private key is prevented from being scattered randomly, and the safety is improved.
Drawings
In order to more clearly illustrate the technical solutions of the present application, the drawings needed to be used in the description of the present application will be briefly introduced below, and it is apparent that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive labor.
Fig. 1 is a flowchart illustrating steps of a log transmission method based on an asymmetric algorithm according to an embodiment of the present application;
FIG. 2 is a flowchart illustrating another step of a log transmission method based on an asymmetric algorithm according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an embodiment of an asymmetric algorithm-based log transmission method according to an embodiment of the present application;
fig. 4 is a block diagram illustrating a structure of a log transmission apparatus based on asymmetric algorithm according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, the present application is described in further detail with reference to the accompanying drawings and the detailed description. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In an embodiment of the present application, the method relates to the transmitting end and the receiving end; the sending end stores a public key sent by the receiving end, and the receiving end stores a private key matched with the public key, wherein the method comprises the following steps: the sending end acquires log information and substitutes the log information into a preset log recording format to generate a format log; the sending end marks the sensitive elements according to the target position of the format log and generates sensitive information; the sending end encrypts the sensitive information according to the public key and generates an encrypted log by the encrypted sensitive information and the format log; and the sending end sends the encrypted log to the receiving end. Sensitive information of the log is encrypted through a non-encryption algorithm, so that the sensitive information of a user is shielded, meanwhile, the information of the log file can be inquired and analyzed, and the method is a better log desensitization scheme. General development and operation and maintenance personnel can analyze the behavior of a single user without contacting sensitive information of the user, corresponding logs can be inquired only by sending a ciphertext obtained by encrypting the sensitive information to a log system when customer service or the front end of the user feeds back an inquiry requirement, and each participant can do the inquiry because a public key is open, so that the asymmetric encryption ensures that the risk of private key leakage does not exist. The method only encrypts sensitive information rather than all logs is adopted, so that not only can the cost be saved, but also the readability and the searchability of other non-sensitive information in the logs can be kept, and the analysis and the processing are convenient. The private key is kept in the hands of a few high-level administrators, so that the clear text can be obtained under the condition of high necessity, the private key is prevented from being scattered randomly, and the safety is improved.
Referring to fig. 1, a log transmission method of an asymmetric algorithm provided in an embodiment of the present application is shown, where the method includes:
s110, the sending end acquires log information and substitutes the log information into a preset log recording format to generate a format log;
s120, the sending end marks the sensitive elements according to the target position of the format log and generates sensitive information;
s130, the sending end encrypts the sensitive information according to the public key and generates an encrypted log by the encrypted sensitive information and the format log;
s140, the sending end sends the encrypted log to the receiving end.
Next, a log transfer method based on an asymmetric algorithm in the present exemplary embodiment will be further described.
In an embodiment of the present application, the method involves a transmitting end and a receiving end; the sending end stores a public key sent by the receiving end, and the receiving end stores a private key matched with the public key.
As an example, an appropriate asymmetric encryption algorithm is selected, and generally, an asymmetric encryption algorithm disclosed by RSA, SM2 (elliptic curve public key cryptography algorithm released by national cryptology authority in 12/17/2010) and the like can be used. Theoretically, any algorithm can achieve the encryption purpose of the scheme, but in an actual project, the algorithm is based on the influence and the popularization degree of the algorithm and the familiarity of project personnel to various algorithms. The embodiment of the application selects the RSA algorithm. The RSA algorithm principle is not described in detail herein.
RSA was proposed in 1977 together with ronard aldman (Leonard listerios), addi samor (Adi Shamir). RSA, an algorithm consisting of the first letters of their three surnames pieced together, is the first algorithm that can be used for both encryption and digital signatures, and is also easy to understand and operate. RSA is the most widely studied public key algorithm, has experienced various attacks in the last two decades from the introduction to the present, is gradually accepted by people, and is generally considered to be one of the most excellent public key schemes at present. The well-known RSA algorithm appeared in 1978, which generally consists in generating a pair of RSA keys, one of which is a secret key, to be stored by the user; the other is a public key which can be disclosed to the outside and even registered in a network server. To increase the security strength, the RSA key is at least 500 bits long, and 1024 bits are generally recommended. This makes the encryption computationally expensive. To reduce the amount of computation, it is common to use a combination of conventional encryption and public key encryption to transmit messages, i.e., the message is encrypted using a modified DES or IDEA session key, and then the session key and message digest are encrypted using an RSA key. After the other party receives the information, it decrypts it with different key and checks the information abstract.
The RSA algorithm is adopted, the safety of the algorithm is high, and the efficiency is relatively high. For example, in 1999, a Cray super computer takes 5 months to decompose 512-bit long keys, while the time required for decomposing a 768-bit RSA key is thousands of times that of 512 bits, while the time required for decomposing 1024 bits is thousands of times that of 768 bits, so that currently commonly used 1024 bits are relatively safe, and 2048 bits are absolutely safe; the method is suitable for a real environment, one-to-one or one-to-many, and by the characteristics of a public key encryption system, a user can enable a public key to correspond to a plurality of users, and then the logs sent by the user are respectively encrypted according to different public keys. Specifically, the telephone platform needs to use the RSA algorithm to form a corresponding public key and a corresponding private key, wherein the public key is externally disclosed and can be sent to a communication center station in any form, and the private key needs to be stored in a secret mode.
In a specific implementation, taking an actual project scenario as an example, in the phone call function, the communication station needs to call the phone platform interface to transmit a phone number. Specifically, the public key and the private key are generated by the telephone platform through the RSA algorithm, wherein the public key is externally disclosed and can be sent to a communication center in any form, and the private key needs to be stored in a secret mode.
As described in step S110, the sending end obtains log information, and substitutes the log information into a preset log recording format to generate a format log;
in an embodiment of the present invention, a specific process of "generating a format log by substituting the log information into a preset log record format" in step S110 may be further described with reference to the following description.
The sending end extracts the key words in the log information and respectively determines the types of the key words; wherein, the keyword is at least one; and the sending end respectively fills the keywords into the log record format according to the types of the keywords to generate the format log.
As an example, the log information is substituted into the format template for board arrangement, and the log information after board arrangement is taken as a format log. And the format log is the log which carries out the plate arrangement again on the log information according to the plate arrangement sequence of the log record format.
As described in step S120, the sending end marks the sensitive element according to the target position of the format log, and generates the sensitive information.
In an embodiment of the present invention, a specific process of "the sending end marks the sensitive element according to the target position of the format log and generates the sensitive information" in step S120 may be further described with reference to the following description.
The sending end determines a sensitive element according to the target position of the format log; the sending end adds a mark to the sensitive element; wherein the sensitive element comprises at least one; each of the sensitive elements respectively corresponds to a different mark; and the sending end determines sensitive information according to the sensitive element and the mark.
As an example, the sending end determines a format log according to the log information and the format template; and the sending end determines sensitive information in the log information according to the target position of the format log.
As described in step S130 above, the sending end encrypts the sensitive information according to the public key, and generates an encrypted log from the encrypted sensitive information and the format log.
In an embodiment of the present invention, a specific process of the step S130 that the sending end encrypts the sensitive information according to the public key and generates an encrypted log from the encrypted sensitive information and the format log may be further described with reference to the following description.
The sending end determines the sensitive elements according to the marks as described in the following steps; and the sending end determines a ciphertext according to the public key and the sensitive element and generates an encrypted log according to the ciphertext and the format log.
The sending end determines the sensitive elements according to the marks as described in the following steps; and the sending end determines a ciphertext according to the public key and the sensitive element, and replaces the sensitive information in the format log with the ciphertext to generate an encrypted log.
In one embodiment, the communication station encrypts the telephone number using the RSA algorithm and the public key in the log information printing process. First, a unified log record format, such as logRecord, is created in the system. All scenes needing to record logs call the method to realize, and the format is unified when the logs are printed and output.
When the log needs to be printed when a call is made, the code calls the following:
”logRecord(getClass().getName(),”
current customer number: "+ custo No"
Dialing the mobile phone number "+" rsaEncryFlag "+ rsaencrypt (telno)", ")"
Dial result "+ callResult)";
an example of a final output log is as follows:
callTelPlatform
current customer number 123456
Dialing mobile phone number rsaEncryFlag BEwek9LRhjdOqT6JA3MaloIrec/VR
Dialing the result: success of the method
Wherein callTelPlatform represents the name of the method for calling the log printing, and rsaEncryFlag is used as a mark field to represent that the next output is the encrypted mobile phone number. The client number does not belong to sensitive information and is output as plaintext. The telephone number is output as a ciphertext using the rea encryption. Thus, the aim of encrypting partial information is achieved.
The method and the device mainly achieve partial encryption of user sensitive information by using the asymmetric encryption technology in the log, provide corresponding matching and searching logic in subsequent log use, meet safety requirements, and simultaneously do not affect log analysis and use. The asymmetric cryptographic algorithm generates a public key and a private key, and the public key and the private key are a pair, generated by the public algorithm. When encrypted with a public key, decryption is only possible with the corresponding private key. The public key is public, and the private key is secret and cannot be transmitted to the outside, so that the security is realized.
Referring to fig. 2, a flowchart illustrating steps of implementing an asymmetric algorithm-based log transmission method according to an embodiment of the present application is shown, and specifically includes the following steps:
s210, the receiving end generates a public key and a private key according to an asymmetric algorithm;
s220, the receiving end obtains an encrypted log and generates a log plaintext according to the private key and the encrypted log;
as described in step S210, the receiving end generates the public key and the private key according to the asymmetric algorithm.
In an embodiment of the present invention, the specific process of the step S210 that the receiving end generates the public key and the private key according to the asymmetric algorithm may be further described with reference to the following description.
As described in step S220, the receiving end obtains the encrypted log, and generates a log plaintext according to the private key and the encrypted log.
In an embodiment of the present invention, a specific process of the receiving end obtaining the encrypted log in step S220 and generating a log plaintext according to the private key and the encrypted log may be further described with reference to the following description.
The receiving end determines sensitive elements according to the marks in the encrypted logs; and determining a plaintext according to the private key and the sensitive element, and generating a log plaintext according to the plaintext and the encryption log.
As an example, when a log file needs to be decrypted in some cases, since there is rsaEncryFlag in the log as a flag bit to be output, the flag bit is used as a node, and the subsequent fields are decrypted by using an RSA algorithm and a private key to obtain a plaintext of the mobile phone. Thus, the purpose of partial decryption of the log is achieved.
As an example, when a development or operation and maintenance person needs to search and analyze the encryption log, for example, the user needs to query the telephone dialing result of the client with the mobile phone number of 456789. At this time, because the public key in the scheme is externally disclosed, the public key can be directly used in an RSA algorithm to encrypt the mobile phone number 456789, and the final result is the same as the mobile phone ciphertext in log output, and is BEwek9LRhjdOqT6JA3 MalIrIrEc/VR. Therefore, in a large number of log files, the keyword can be used as a query condition to find out the log record information of the client in the system processing for analysis. Thus, the purpose of log search is achieved.
In a specific embodiment, the method comprises a system A and a system B, wherein the system A generates a public key A and a private key A through an asymmetric algorithm, the system A sends the public key A to the system B, and the system A reserves the private key A; the system B generates a public key B and a private key B through an asymmetric algorithm, the system B sends the public key B to the system A, and the system B reserves the private key B. The system A encrypts the log information through the public key B sent by the system B to generate an encrypted log, then sends the encrypted log encrypted through the public key B to the system B, and the system B decrypts the encrypted log encrypted through the public key B through the private key B.
In a specific embodiment, the system B encrypts the log information through the public key a sent by the system a to generate an encrypted log, the system B sends the encrypted log encrypted through the public key a to the system B, and the system a decrypts the encrypted log encrypted through the public key a through the private key a. Specifically, as shown in fig. 3, the sending end and the receiving end may be interchanged, and when the system a is the sending end, the system B is the receiving end; when the system B is the transmitting end, the system a is the receiving end.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
Referring to fig. 4, a log transmission apparatus of an asymmetric algorithm provided in an embodiment of the present application is shown;
the method specifically comprises the following steps:
format log generation module 410: the sending end is used for obtaining the log information and substituting the log information into a preset log recording format to generate a format log;
sensitive information determination module 420: the sending end is used for marking the sensitive elements according to the target position of the format log and generating sensitive information;
the encryption log generation module 430: the sending end is used for encrypting the sensitive information according to the public key and generating an encrypted log by the encrypted sensitive information and the format log;
the encryption log sending module 440: and the sending end is used for sending the encrypted log to the receiving end.
In an embodiment of the present invention, the format log generating module 410 includes:
the keyword determining module is used for the sending end to extract the keywords in the log information and respectively determine the types of the keywords; wherein, the keyword is at least one;
and the format log generation sub-module is used for filling the keywords into the log record format respectively by the sending end according to the types of the keywords to generate the format log.
In an embodiment of the present invention, the sensitive information determining module 420 includes:
in an embodiment of the present invention, the sensitive information determining sub-module includes:
sensitive element determination submodule: the sending end is used for determining the sensitive elements according to the target position of the format log;
a tag addition submodule: the sending end is used for adding a mark to the sensitive element; wherein the sensitive element comprises at least one; each of the sensitive elements respectively corresponds to a different mark;
a marker determination submodule: and the sending end is used for determining sensitive information according to the sensitive element and the mark.
In an embodiment of the present invention, the encryption log generating module 430 includes:
the mark determining element submodule is used for the sending end to determine the sensitive elements according to the marks;
and the encrypted log generation submodule is used for determining a ciphertext according to the public key and the sensitive element by the sending end and generating an encrypted log according to the ciphertext, the sensitive information and the format log.
In an embodiment of the present invention, the encryption log generation sub-module includes:
and the replacing submodule is used for replacing the sensitive information in the format log with a ciphertext to generate an encrypted log.
The application also includes a log transmission device based on asymmetric algorithm, and for the device embodiment, because it is basically similar to the method embodiment, the description is simpler, and the relevant points can be referred to the partial description of the method embodiment.
The method specifically comprises the following steps:
a generation module: the receiving end is used for generating a public key and a private key according to an asymmetric algorithm;
a log plaintext generation module: and the receiving end is used for acquiring the encrypted log and generating a log plaintext according to the private key and the encrypted log.
In an embodiment of the present invention, the log plaintext generating module includes:
according to the sensitive element submodule: the receiving end is used for determining the sensitive elements according to the marks in the encryption log;
a log plaintext generation submodule: and the encryption module is used for determining a plaintext according to the private key and the sensitive element and generating a log plaintext according to the plaintext and the encryption log.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
The present embodiment and the above embodiments have repeated operation steps, and the present embodiment is only described briefly, and the rest of the schemes may be described with reference to the above embodiments.
For the system embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
Referring to fig. 5, there is shown a computer device 12 of an asymmetric algorithm based log transmission method of the present application; may be implemented as the computer device 12, or may include the computer device 12 to implement all or part of the aforementioned functions or methods, the computer device 12 may be specifically described as follows:
the computer device 12 described above is embodied in the form of a general purpose computing device, and the computer device 12 components may include, but are not limited to: one or more processors or processing units 16, a memory 28, and a bus 18 that couples various system components including the memory 28 and the processing unit 16.
Bus 18 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, such architectures include, but are not limited to, Industry Standard Architecture (ISA) bus, micro-channel architecture (MAC) bus, enhanced ISA bus, audio Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Computer device 12 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by computer device 12 and includes both volatile and nonvolatile media, removable and non-removable media.
The memory 28 may include computer system readable media in the form of volatile memory, such as random access memory 30 and/or cache memory 32. Computer device 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from and write to non-removable, nonvolatile magnetic media (commonly referred to as "hard drives"). Although not shown in FIG. 5, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 18 by one or more data media interfaces. The memory may include at least one program product having a set (e.g., at least one) of program modules 42, with the program modules 42 configured to carry out the functions of embodiments of the application.
A program/utility 40 having a set (at least one) of program modules 42 may be stored, for example, in memory, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules 42, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 42 generally perform the functions and/or methodologies of the embodiments described herein.
Computer device 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, camera, etc.), with one or more devices that enable an operator to interact with computer device 12, and/or with any devices (e.g., network card, modem, etc.) that enable computer device 12 to communicate with one or more other computing devices. This communication may be via an I/O interface 22, the I/O interface 22 being connected to an external device. Also, computer device 12 may communicate with one or more networks (e.g., a Local Area Network (LAN)), a Wide Area Network (WAN), and/or a public network (e.g., the Internet) via network adapter 20. As shown in FIG. 5, the network adapter 20 communicates with the other modules of the computer device 12 via the bus 18. It should be appreciated that although not shown in FIG. 5, other hardware and/or software modules may be used in conjunction with computer device 12, including but not limited to: microcode, device drivers, redundant processing units 16, external disk drive arrays, RAID systems, tape drives, and data backup storage systems 34, etc.
The processing unit 16 executes programs stored in the memory 28 to execute various functional applications and data processing, for example, to implement an asymmetric algorithm-based log transmission method provided in the embodiment of the present application.
That is, the processing unit 16 implements, when executing the program,: the method involves a transmitting end and a receiving end; the sending end stores a public key sent by the receiving end, and the receiving end stores a private key matched with the public key, wherein the method comprises the following steps: the sending end acquires log information and substitutes the log information into a preset log recording format to generate a format log; the sending end marks the sensitive elements according to the target position of the format log and generates sensitive information; the sending end encrypts the sensitive information according to the public key and generates an encrypted log by the encrypted sensitive information and the format log; and the sending end sends the encrypted log to the receiving end.
In an embodiment of the present application, the present application further provides a computer-readable storage medium, on which a computer program is stored, which when executed by a processor, implements an asymmetric algorithm based log transmission method as provided in all embodiments of the present application.
That is, the program when executed by the processor implements: the method involves a transmitting end and a receiving end; the sending end stores a public key sent by the receiving end, and the receiving end stores a private key matched with the public key, wherein the method comprises the following steps: the sending end marks the sensitive elements according to the target position of the format log and generates sensitive information; the sending end encrypts the sensitive information according to the public key and generates an encrypted log by the encrypted sensitive information and the format log; and the sending end sends the encrypted log to the receiving end.
Any combination of one or more computer-readable media may be employed. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Computer program code for carrying out operations for aspects of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the operator's computer, partly on the operator's computer, as a stand-alone software package, partly on the operator's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the operator's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider). The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
While preferred embodiments of the present application have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the true scope of the embodiments of the application.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The log transmission method and device based on the asymmetric algorithm provided by the application are introduced in detail, a specific example is applied in the description to explain the principle and the implementation mode of the application, and the description of the embodiment is only used for helping to understand the method and the core idea of the application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.

Claims (10)

1. A log transmission method based on asymmetric algorithm is characterized in that the method relates to a sending end and a receiving end; the sending end stores a public key sent by the receiving end, and the receiving end stores a private key matched with the public key, wherein the method comprises the following steps:
the sending end acquires log information and substitutes the log information into a preset log recording format to generate a format log;
the sending end marks the sensitive elements according to the target position of the format log and generates sensitive information;
the sending end encrypts the sensitive information according to the public key and generates an encrypted log by the encrypted sensitive information and the format log;
and the sending end sends the encrypted log to the receiving end.
2. The asymmetric algorithm based log transmission method as claimed in claim 1, wherein the step of generating a format log by substituting the log information into a preset log record format comprises:
the sending end extracts the keywords in the log information and respectively determines the types of the keywords; wherein, the keyword is at least one;
and the sending end respectively fills the keywords into the log record format according to the types of the keywords to generate the format log.
3. The asymmetric-algorithm-based log transmission method according to claim 1, wherein the step of the sending end marking the sensitive element according to the target position of the format log and generating the sensitive information comprises:
the sending end determines a sensitive element according to the target position of the format log;
the sending end adds a mark to the sensitive element; wherein the sensitive element comprises at least one; each of the sensitive elements respectively corresponds to a different mark;
and the sending end determines sensitive information according to the sensitive element and the mark.
4. The asymmetric algorithm log transmission method according to claim 3, wherein the step of generating the encrypted log by the sending end according to the preset asymmetric public key, the format log and the sensitive information includes:
the sending end determines sensitive elements according to the marks;
and the sending end determines a ciphertext according to the public key and the sensitive element and generates an encrypted log according to the ciphertext, the sensitive information and the format log.
5. The asymmetric log transmission method as claimed in claim 4, wherein the step of generating an encrypted log according to the ciphertext, the sensitive information and the format log comprises:
and replacing the sensitive information in the format log with a ciphertext to generate an encrypted log.
6. A log transmission method based on asymmetric algorithm is characterized in that the method relates to a sending end and a receiving end; the sending end stores a public key sent by the receiving end, and the receiving end stores a private key matched with the public key, wherein the method comprises the following steps:
the receiving end generates a public key and a private key according to an asymmetric algorithm;
and the receiving end acquires the encrypted log and generates a log plaintext according to the private key and the encrypted log.
7. The asymmetric algorithm based log transmission method as claimed in claim 6, wherein the step of generating a log plaintext according to the asymmetric private key and the encrypted log comprises:
the receiving end determines sensitive elements according to the marks in the encrypted logs;
and determining a plaintext according to the private key and the sensitive element, and generating a log plaintext according to the plaintext and the encryption log.
8. A log transmission device based on asymmetric algorithm is characterized in that the device relates to a sending end and a receiving end; wherein, the sending end stores the public key sent by the receiving end, and the receiving end stores the private key adapted to the public key, and the device includes:
a format log generation module: the sending end is used for obtaining the log information and substituting the log information into a preset log recording format to generate a format log;
the sensitive information determining module: the sending end is used for marking the sensitive elements according to the target position of the format log and generating sensitive information;
an encryption log generation module: the sending end is used for encrypting the sensitive information according to the public key and generating an encrypted log by the encrypted sensitive information and the format log;
the encryption log sending module: and the sending end is used for sending the encrypted log to the receiving end.
9. An apparatus comprising a processor, a memory, and a computer program stored on the memory and capable of running on the processor, the computer program when executed by the processor implementing the asymmetric algorithm based log transfer method of any of claims 1 to 5.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the asymmetric algorithm-based log transmission method according to any one of claims 1 to 5.
CN202111266661.5A 2021-10-28 2021-10-28 Log transmission method and device based on asymmetric algorithm Pending CN113904865A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111266661.5A CN113904865A (en) 2021-10-28 2021-10-28 Log transmission method and device based on asymmetric algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111266661.5A CN113904865A (en) 2021-10-28 2021-10-28 Log transmission method and device based on asymmetric algorithm

Publications (1)

Publication Number Publication Date
CN113904865A true CN113904865A (en) 2022-01-07

Family

ID=79027659

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111266661.5A Pending CN113904865A (en) 2021-10-28 2021-10-28 Log transmission method and device based on asymmetric algorithm

Country Status (1)

Country Link
CN (1) CN113904865A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114500253A (en) * 2022-01-13 2022-05-13 北京特立信电子技术股份有限公司 Log information storage method and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107506660A (en) * 2017-08-09 2017-12-22 浪潮金融信息技术有限公司 A kind of daily record sensitive information processing method and system applied to financial self-service equipment
CN109614379A (en) * 2018-10-22 2019-04-12 中国平安人寿保险股份有限公司 Log-output method, device, computer storage medium and computer equipment
CN110109769A (en) * 2019-04-16 2019-08-09 深圳壹账通智能科技有限公司 Method for safety monitoring, device, equipment and the storage medium of application crash
CN110719203A (en) * 2019-10-12 2020-01-21 腾讯云计算(北京)有限责任公司 Operation control method, device and equipment of intelligent household equipment and storage medium
CN111581053A (en) * 2020-04-28 2020-08-25 广州锦行网络科技有限公司 Instant log output method and device based on RSA key pair under Windows platform
CN112835863A (en) * 2019-11-25 2021-05-25 北京京东尚科信息技术有限公司 Processing method and processing device of operation log

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107506660A (en) * 2017-08-09 2017-12-22 浪潮金融信息技术有限公司 A kind of daily record sensitive information processing method and system applied to financial self-service equipment
CN109614379A (en) * 2018-10-22 2019-04-12 中国平安人寿保险股份有限公司 Log-output method, device, computer storage medium and computer equipment
CN110109769A (en) * 2019-04-16 2019-08-09 深圳壹账通智能科技有限公司 Method for safety monitoring, device, equipment and the storage medium of application crash
CN110719203A (en) * 2019-10-12 2020-01-21 腾讯云计算(北京)有限责任公司 Operation control method, device and equipment of intelligent household equipment and storage medium
CN112835863A (en) * 2019-11-25 2021-05-25 北京京东尚科信息技术有限公司 Processing method and processing device of operation log
CN111581053A (en) * 2020-04-28 2020-08-25 广州锦行网络科技有限公司 Instant log output method and device based on RSA key pair under Windows platform

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114500253A (en) * 2022-01-13 2022-05-13 北京特立信电子技术股份有限公司 Log information storage method and storage medium
CN114500253B (en) * 2022-01-13 2024-03-12 北京特立信电子技术股份有限公司 Log information storage method and storage medium

Similar Documents

Publication Publication Date Title
CN110324143A (en) Data transmission method, electronic equipment and storage medium
CN111835511A (en) Data security transmission method and device, computer equipment and storage medium
CN109981287B (en) Code signing method and storage medium thereof
CN112287379B (en) Service data using method, device, equipment, storage medium and program product
US8220040B2 (en) Verifying that group membership requirements are met by users
US20140095860A1 (en) Architecture for cloud computing using order preserving encryption
US9641328B1 (en) Generation of public-private key pairs
CN112653556B (en) TOKEN-based micro-service security authentication method, device and storage medium
CN113836578A (en) Method and system for maintaining security of sensitive data of big data
US20200145389A1 (en) Controlling Access to Data
CN114443718A (en) Data query method and system
CN113961956A (en) Method, device, equipment and medium for generating and applying tagged network information service
CN114615031A (en) File storage method and device, electronic equipment and storage medium
CN114039785A (en) Data encryption, decryption and processing method, device, equipment and storage medium
CN113904865A (en) Log transmission method and device based on asymmetric algorithm
CN117240625A (en) Tamper-resistant data processing method and device and electronic equipment
CN111415155A (en) Encryption method, device, equipment and storage medium for chain-dropping transaction data
US9203607B2 (en) Keyless challenge and response system
CN116015846A (en) Identity authentication method, identity authentication device, computer equipment and storage medium
CN114726549A (en) Data security query method and system based on bidirectional RSA three-time transmission protocol
CN113946862A (en) Data processing method, device and equipment and readable storage medium
CN114117404A (en) User authentication method, device, equipment, system and storage medium
CN112733166A (en) license authentication and authorization function realization method and system
CN113343269B (en) Encryption method and device
CN114978620B (en) Encryption method and decryption method for identity identification number

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination