CN114553595B - Data secure transmission method and system based on message queue - Google Patents
Data secure transmission method and system based on message queue Download PDFInfo
- Publication number
- CN114553595B CN114553595B CN202210353716.4A CN202210353716A CN114553595B CN 114553595 B CN114553595 B CN 114553595B CN 202210353716 A CN202210353716 A CN 202210353716A CN 114553595 B CN114553595 B CN 114553595B
- Authority
- CN
- China
- Prior art keywords
- data
- subdata
- message queue
- sequence
- rearrangement
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data security transmission method and a data security transmission system based on a message queue, which relate to the technical field of data transmission and solve the technical problem that the data transmission security is low because data is not encrypted in the process of data transmission based on the message queue in the prior art; the sequence of a plurality of subdata is rearranged, a data rearrangement sequence and a data sending sequence are further obtained, the subdata is sequentially sent to a message queue according to data sending data, and the data rearrangement sequence is inserted among the subdata, so that encrypted transmission of target data is realized, and the safety of data transmission is ensured; the invention also encrypts the plurality of subdata respectively through different encryption algorithms, and interleaves the data rearrangement sequence among the plurality of subdata in the message queue, thereby reducing the possibility of target data leakage in the transmission process and further improving the safe transmission of the target data.
Description
Technical Field
The invention belongs to the technical field of data transmission, relates to a data security transmission technology, and particularly relates to a data security transmission method and system based on a message queue.
Background
The message queue is an important component in a distributed system, and can be understood as a container for storing messages in the message transmission process, and can be used in many scenes needing to control concurrency; secure transmission of data based on message queues is therefore of great importance.
The prior art (patent invention with publication number CN 107454186A) discloses a data security transmission method based on message queues, which replaces a strong isolation device between an internal network and an external network with a forward and reverse gatekeeper device, and combines ToprowMQ to realize message management of the forward and reverse gatekeeper device, so as to improve data transmission efficiency and security. In the prior art, in the process of data transmission, only data transmission management between an internal network and an external network is enhanced, data is not encrypted, and once the data is leaked, the data safety problem can be caused; therefore, a method and a system for secure data transmission based on message queues are needed.
Disclosure of Invention
The present invention is directed to solving at least one of the problems of the prior art; therefore, the invention provides a data security transmission method and system based on a message queue, which are used for solving the technical problem of low data transmission security caused by the fact that data are not encrypted in the data transmission process based on the message queue in the prior art.
The invention divides the target data through the set message queue service end to obtain a plurality of subdata, rearranges the sequence of the subdata to further obtain a data rearrangement sequence and a data sending sequence, sequentially sends the subdata to the message queue according to the data sending data, and inserts the data rearrangement sequence among the subdata to realize the encrypted transmission of the target data and ensure the safety of the data transmission.
In order to achieve the above object, a first aspect of the present invention provides a data security transmission system based on a message queue, which includes a production end, a message queue server and a consumption end, where the message queue server is respectively in communication and/or electrical connection with the production end and the consumption end;
the identity of the production end and the consumption end is verified through the message queue service end;
the production end produces message data and sends the message data to the message queue server, and the message queue server screens target data from the message data according to the data request of the consumption end;
the message queue service end divides the target data to obtain a plurality of subdata, rearranges the sequence of the subdata, generates a data rearrangement sequence by combining the sequence of the subdata before and after rearrangement, and determines the data sending sequence of the subdata;
and sending the plurality of subdata to a message queue according to the data sending sequence, and meanwhile, sending the data rearrangement sequence to the consuming end among the plurality of subdata in the message queue.
Preferably, the message queue server sends the sub-data to the consumer in a distribution mode; the distribution mode comprises a point-to-point mode and a publish/subscribe mode;
and when the message queue server side receives message data, generating a data request according to the distribution mode.
Preferably, the message queue server determines a dividing mode according to the data volume of the target data, and divides the target data into a plurality of sub-data according to the dividing mode; the dividing mode comprises the steps of dividing the data into a plurality of parts according to a preset number of parts or a preset data size.
Preferably, the dividing, by the message queue server, the target data according to a preset number of copies to obtain the plurality of sub data includes:
calculating the data volume of the target data;
when the data volume of the target data is smaller than a data volume threshold value, acquiring a preset number of copies, and dividing the target data into a plurality of subdata according to the preset number of copies; wherein the data amount threshold is set according to actual experience.
Preferably, when the data volume of the target data is greater than or equal to a data volume threshold, a preset data volume is obtained, and the target data is divided into a plurality of sub-data according to the preset data volume.
Preferably, the reordering of the sub-data by the message queue service end to obtain a data reordering sequence includes:
before rearrangement, a plurality of unrepeated natural numbers are randomly generated, and each natural number is associated with one subdata;
rearranging the associated subdata according to the sequence of natural numbers from large to small or from small to large to obtain a data rearrangement sequence; the data rearrangement sequence comprises a plurality of natural numbers and position numbers of the natural numbers before the corresponding sub-data rearrangement.
Preferably, when the message queue service end rearranges the sequence of the sub-data, optionally two encryption modes are used to encrypt the sub-data; and
and adding the encryption labels of the two encryption modes into the data rearrangement sequence.
The second aspect of the present invention provides a data secure transmission method based on a message queue, including:
the identity of a production end and a consumption end is verified through a message queue service end; the message queue server side screens target data from the message data sent by the production side according to the data request of the consumption side;
the message queue service end divides the target data to obtain a plurality of subdata, rearranges the sequence of the subdata, generates a data rearrangement sequence by combining the sequence of the subdata before and after rearrangement, and determines the data sending sequence of the subdata;
and sending the plurality of subdata to a message queue according to the data sending sequence, and simultaneously, inserting the data rearrangement sequence among the plurality of subdata in the message queue and sending the subdata to the consumption end.
Compared with the prior art, the invention has the beneficial effects that:
1. the invention divides the target data through the set message queue service end to obtain a plurality of subdata, rearranges the sequence of the subdata to further obtain a data rearrangement sequence and a data sending sequence, sequentially sends the subdata to the message queue according to the data sending data, and inserts the data rearrangement sequence among the subdata to realize the encrypted transmission of the target data and ensure the safety of the data transmission.
2. The invention also encrypts the plurality of subdata respectively through different encryption algorithms, records the encryption labels corresponding to the encryption algorithms in the data rearrangement sequence, and alternates the data rearrangement sequence among the plurality of subdata in the message queue, thereby reducing the possibility of target data leakage in the transmission process and further improving the safe transmission of the target data.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic diagram of the working steps of the present invention.
Detailed Description
The technical solutions of the present invention will be described below clearly and completely in conjunction with the embodiments, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The prior art (patent invention with publication number CN 107454186A) discloses a data security transmission method based on message queue, which replaces a strong isolation device between an internal network and an external network with a forward and reverse gatekeeper device, and combines with ToprowMQ to realize message management of the forward and reverse gatekeeper device, so as to improve data transmission efficiency and security. In the prior art, in the process of data transmission, only data transmission management between an internal network and an external network is enhanced, data is not encrypted, and once the data is leaked, the data safety problem can be caused.
The invention divides the target data through the set message queue service end to obtain a plurality of subdata, rearranges the sequence of the subdata to further obtain a data rearrangement sequence and a data sending sequence, sequentially sends the subdata to the message queue according to the data sending data, and inserts the data rearrangement sequence among the subdata to realize the encrypted transmission of the target data and ensure the safety of the data transmission.
Referring to fig. 1, an embodiment of the first aspect of the present application provides a data security transmission system based on a message queue, including a production end, a message queue server end, and a consumption end, where the message queue server end is respectively in communication and/or electrical connection with the production end and the consumption end;
the identity of a production end and a consumption end is verified through a message queue service end;
the production end produces message data and sends the message data to the message queue server, and the message queue server screens target data from the message data according to the data request of the consumption end;
the message queue service end divides the target data to obtain a plurality of subdata, rearranges the sequence of the subdata, generates a data rearrangement sequence by combining the sequence of the rearrangement of the subdata and determines the data sending sequence of the subdata;
and sending the plurality of subdata to a message queue according to the data sending sequence, and simultaneously inserting the data rearrangement sequence among the plurality of subdata in the message queue to be sent to a consumption end.
In the application, a production end and a consumption end are connected through a message queue server end; the production end is used for generating and publishing message data, the consumption end is used for subscribing the message data, and the message queue server side realizes data interaction between the production end and the consumption end according to corresponding data transmission rules; the production end and the consumption end are intelligent terminals such as smart phones and computers.
In the application, before data interaction between a production end and a consumption end is carried out, identity authentication needs to be carried out on the production end and the consumption end; the identity authentication mainly verifies the legality of the production end and the consumption end, and illegal data are prevented from being generated through an illegal intelligent terminal.
In the application, the message queue server side sends a plurality of subdata to the consumption side in a distribution mode; and when receiving the message data, the message queue server generates a data request according to a distribution mode.
It is understood that the distribution mode includes a point-to-point mode and a publish/subscribe mode; and after the message queue server receives the message data, generating a data request in time according to a distribution mode. It can be understood that, before generating the data request, the authority of the consuming side needs to be checked to ensure that the message data requested by the data request is consistent with the authority of the consuming side.
In a preferred embodiment, the message queue server determines a dividing mode according to the data volume of the target data, and divides the target data into a plurality of sub-data according to the dividing mode.
When the target data are completely sent, once the target data are leaked, the target data are completely stolen; in the embodiment, before data is transmitted, the target data is divided into the plurality of subdata, leakage of one subdata cannot cause the whole target data to be stolen, and the safety of data transmission can be improved.
In a specific embodiment, the dividing, by the message queue server, the target data according to the preset number of copies to obtain a plurality of sub data includes:
calculating the data volume of the target data;
when the data volume of the target data is smaller than the data volume threshold, acquiring a preset number of copies, and dividing the target data into a plurality of subdata according to the preset number of copies.
When the target data is divided according to the preset number of copies, the data size of the target data needs to be calculated first, and if the data size is too large, the data size of each sub-data is also large, which affects the transmission efficiency.
By way of illustration of the present embodiment:
assuming that the data volume of the target data is 5k, the threshold value of the data volume is 10k, and the preset number of copies is 5;
according to the technical solution of the present embodiment, the target data should be divided into 5 parts according to the preset number of parts, and then each sub-data size is 1k.
In other preferred embodiments, the target data may be a plurality of pieces of message data, when the data amount is determined, the plurality of pieces of message data should be comprehensively determined, and if the total data amount of the plurality of pieces of message data in the target data is smaller than the data amount threshold, the target data is divided according to the preset number of pieces.
It can be understood that, when the target data includes a plurality of pieces of message data, the plurality of pieces of message data in the target data may be divided in parallel or may be divided end to end when the target data is divided according to the preset number of pieces.
In another specific embodiment, when the data volume of the target data is greater than or equal to the data volume threshold, a preset data volume is obtained, and the target data is divided into a plurality of sub-data according to the preset data volume.
It can be understood that, for the sub-data divided according to the preset data size, the corresponding data size should not be greater than the preset data size, and the setting of the preset data size should be able to facilitate data transmission by the message queue.
In a preferred embodiment, the message queue service end reorders a plurality of sub-data to obtain a data reordering sequence, including:
before rearrangement, a plurality of unrepeated natural numbers are randomly generated, and each natural number is associated with one subdata;
and rearranging the associated subdata according to the sequence of the natural numbers from large to small or from small to large to obtain a data rearrangement sequence.
In the embodiment, a plurality of divided subdata are disorganized and rearranged to realize the safe transmission of the subdata; by way of illustration of the present embodiment:
assume 5 sub-data, and 5 non-repeating natural numbers [6,5,3,2,1]; the natural number 6 is associated with a first subdata, the natural number 5 is associated with a second subdata, and so on \8230 \\8230
Rearranging the natural numbers according to the sequence from small to large, wherein the sequence after rearrangement is [1,2,3,5,6], and the associated subdata is also rearranged according to the sequence;
a data rearrangement sequence [1,5], [2,4], [3,3], [5,2], [6,1] generated in the order before and after the natural number rearrangement; wherein [1,5] means that the subdata corresponding to the natural number 1 is in the position of No. 5 in the original target data.
It is understood that the data transmission order is the order after the rearrangement, as described in [1,2,3,5,6] above.
In another preferred embodiment, when the message queue service end rearranges the sequence of the sub-data, optionally two encryption modes are used to encrypt the sub-data; and
and adding the encryption labels of the two encryption modes into the data rearrangement sequence.
In this embodiment, after the consumer receives the data rearrangement sequence, the consumer adjusts the sub-data sequence to obtain the correct sequence of the target data, and then decrypts the sub-data through the encryption tag in the data rearrangement sequence, so as to obtain the complete readable target data. It can be understood that the mapping between the encryption tag and the encryption algorithm between the consumer side and the production side is shared.
It is worth noting that the data rearrangement sequence is interspersed among a plurality of subdata in the message queue, that is, complete target data can be obtained only when all the subdata and the data rearrangement sequence are obtained, and the data transmission safety problem caused by leakage of the data rearrangement sequence or individual subdata is avoided in the data transmission process.
An embodiment of a second aspect of the present application provides a data secure transmission method based on a message queue, including:
carrying out identity verification on a production end and a consumption end through a message queue service end; the message queue server side screens target data from message data sent by a production side according to a data request of a consumption side;
the message queue service end divides target data to obtain a plurality of subdata, the sequence of the subdata is rearranged, a data rearrangement sequence is generated by combining the sequence of the plurality of subdata before and after rearrangement, and meanwhile, the data sending sequence of the subdata is determined;
and sending the plurality of subdata to a message queue according to the data sending sequence, and simultaneously inserting the data rearrangement sequence among the plurality of subdata in the message queue to be sent to a consumption end.
The working principle of the invention is as follows:
carrying out identity verification on a production end and a consumption end through a message queue service end; and the message queue server side screens target data from the message data sent by the production side according to the data request of the consumption side.
The message queue service end divides target data to obtain a plurality of subdata, the sequence of the subdata is rearranged, a data rearrangement sequence is generated by combining the sequence of the subdata before and after rearrangement, and meanwhile, the data sending sequence of the subdata is determined.
And sending the plurality of subdata to a message queue according to the data sending sequence, and meanwhile, inserting the data rearrangement sequence among the plurality of subdata in the message queue to a consuming end.
Although the present invention has been described in detail with reference to the preferred embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted for elements thereof without departing from the scope of the present invention.
Claims (6)
1. A data security transmission system based on message queue, includes production end, message queue service end and consumption end, and message queue service end communicates and/or electric connection with production end, consumption end respectively, its characterized in that:
the identity of the production end and the consumption end is verified through the message queue service end;
the production end produces message data and sends the message data to the message queue server, and the message queue server screens target data from the message data according to the data request of the consumption end;
the message queue service end divides the target data to obtain a plurality of subdata, rearranges the sequence of the subdata, generates a data rearrangement sequence by combining the sequence of the plurality of subdata before and after rearrangement, and determines the data sending sequence of the subdata;
sending the plurality of subdata to a message queue according to the data sending sequence, and simultaneously, inserting the data rearrangement sequence among the plurality of subdata in the message queue and sending the subdata to the consumption end;
the message queue service end rearranges a plurality of the subdata to obtain a data rearrangement sequence, and the data rearrangement sequence comprises the following steps:
before rearrangement, a plurality of unrepeated natural numbers are randomly generated, and each natural number is associated with one subdata;
rearranging the associated subdata according to the sequence of natural numbers from large to small or from small to large to obtain a data rearrangement sequence; the data rearrangement sequence comprises a plurality of natural numbers and position numbers of the natural numbers before corresponding sub-data rearrangement;
when the message queue service end rearranges the sequence of the subdata, encrypting the subdata in an encryption mode; and
adding the encryption label of the encryption mode into the data rearrangement sequence; the data rearrangement sequence is inserted among a plurality of subdata in the message queue, and complete target data can be obtained only when all the subdata and the data rearrangement sequence are obtained.
2. The system according to claim 1, wherein the message queue server sends the sub-data to the consumer by a distribution method; the distribution mode comprises a point-to-point mode and a publish/subscribe mode;
and when the message queue server side receives the message data, generating a data request according to the distribution mode.
3. The system according to claim 1, wherein the message queue server determines a partition manner according to the data size of the target data, and partitions the target data into the sub-data according to the partition manner; the dividing mode comprises the steps of dividing the data into a plurality of parts according to a preset number of parts or a preset data size.
4. The system of claim 3, wherein the message queue server divides the target data according to a preset number of copies to obtain the sub-data, and the method comprises:
calculating the data volume of the target data; when the data volume of the target data is smaller than a data volume threshold value, acquiring a preset number of copies, and dividing the target data into a plurality of subdata according to the preset number of copies; wherein the data amount threshold is set according to actual experience.
5. The system for securely transmitting data based on the message queue according to claim 4, wherein when the data volume of the target data is greater than or equal to a threshold of the data volume, a preset data volume is obtained, and the target data is divided into the sub-data according to the preset data volume;
6. a message queue-based data secure transmission method, which is operated based on the message queue-based data secure transmission system of any one of claims 1 to 5, and comprises:
carrying out identity verification on a production end and a consumption end through a message queue service end; the message queue server side screens target data from the message data sent by the production side according to the data request of the consumption side;
the message queue service end divides the target data to obtain a plurality of subdata, rearranges the sequence of the subdata, generates a data rearrangement sequence by combining the sequence of the plurality of subdata before and after rearrangement, and determines the data sending sequence of the subdata;
and sending the plurality of subdata to a message queue according to the data sending sequence, and meanwhile, sending the data rearrangement sequence to the consuming end among the plurality of subdata in the message queue.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210353716.4A CN114553595B (en) | 2022-04-06 | 2022-04-06 | Data secure transmission method and system based on message queue |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210353716.4A CN114553595B (en) | 2022-04-06 | 2022-04-06 | Data secure transmission method and system based on message queue |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114553595A CN114553595A (en) | 2022-05-27 |
| CN114553595B true CN114553595B (en) | 2022-11-15 |
Family
ID=81665253
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210353716.4A Active CN114553595B (en) | 2022-04-06 | 2022-04-06 | Data secure transmission method and system based on message queue |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114553595B (en) |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080123848A1 (en) * | 2006-11-24 | 2008-05-29 | Vimicro Corporation | System and method for data security, encryption apparatus and decryption apparatus |
| CN105450266A (en) * | 2014-09-24 | 2016-03-30 | 中兴通讯股份有限公司 | Method, terminal and system for short-distance transmission of data |
| CN110908815B (en) * | 2019-12-03 | 2022-09-30 | 京东科技控股股份有限公司 | Message queue data early warning method, device and system and storage medium |
| CN112468407A (en) * | 2020-12-15 | 2021-03-09 | 东莞中国科学院云计算产业技术创新与育成中心 | Data subpackage transmission method and device, computer equipment and storage medium |
| CN114285670B (en) * | 2021-12-31 | 2022-11-15 | 安徽中科锟铻量子工业互联网有限公司 | Internet of things gateway data encryption communication method based on quantum random number key |
-
2022
- 2022-04-06 CN CN202210353716.4A patent/CN114553595B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN114553595A (en) | 2022-05-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112837160B (en) | Block chain-based cross-chain transaction method and device and computer-readable storage medium | |
| CN106506440B (en) | Method for verifying data integrity | |
| CN111799867B (en) | Mutual trust authentication method and system between charging equipment and charging management platform | |
| US5673318A (en) | Method and apparatus for data authentication in a data communication environment | |
| KR20190034505A (en) | Data conversion system and method | |
| CN103414682A (en) | Method for cloud storage of data and system | |
| CN110688666A (en) | Data encryption and storage method in distributed storage | |
| CN112738037B (en) | Data encryption communication method | |
| CN105516210A (en) | System and method for terminal security access authentication | |
| CN111490874B (en) | Distribution network safety protection method, system, device and storage medium | |
| CN114553595B (en) | Data secure transmission method and system based on message queue | |
| CN115499124B (en) | Data transmission method and system and electric automobile | |
| CN107534552B (en) | Method executed at server device, client device and server device | |
| CN116155491A (en) | Symmetric key synchronization method of security chip and security chip device | |
| CN114362998B (en) | Network security protection method based on edge cloud system | |
| EP3396896A1 (en) | Efficient calculation of message authentication codes for related data | |
| CN112069487B (en) | Intelligent equipment network communication safety implementation method based on Internet of things | |
| CN108462681A (en) | A kind of communication means of heterogeneous network, equipment and system | |
| EP3200388B1 (en) | User permission check system | |
| CN113271586A (en) | Power equipment body area network safety communication method and system and storage medium | |
| CN112395647A (en) | Block chain light node data acquisition system | |
| CN114666039B (en) | RFID group tag authentication system and method based on quantum cryptography network | |
| CN116599772B (en) | Data processing method and related equipment | |
| CN110958211A (en) | Data processing system and method based on block chain | |
| CN114531440B (en) | Industrial edge side data sharing system based on combination of active identification and block chain technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |