CN114640543A - Method for cross-domain data encryption transmission and data matching in encryption state - Google Patents
Method for cross-domain data encryption transmission and data matching in encryption state Download PDFInfo
- Publication number
- CN114640543A CN114640543A CN202210430731.4A CN202210430731A CN114640543A CN 114640543 A CN114640543 A CN 114640543A CN 202210430731 A CN202210430731 A CN 202210430731A CN 114640543 A CN114640543 A CN 114640543A
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- key
- space
- primary
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 230000005540 biological transmission Effects 0.000 title claims abstract description 31
- 230000007246 mechanism Effects 0.000 claims abstract description 154
- 238000011161 development Methods 0.000 claims abstract description 26
- 230000008520 organization Effects 0.000 claims description 39
- 238000013507 mapping Methods 0.000 claims description 30
- 230000003111 delayed effect Effects 0.000 claims description 18
- 230000004927 fusion Effects 0.000 claims description 8
- 230000006872 improvement Effects 0.000 description 9
- 238000013515 script Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 4
- 239000000126 substance Substances 0.000 description 4
- 101150064138 MAP1 gene Proteins 0.000 description 2
- 101100075995 Schizosaccharomyces pombe (strain 972 / ATCC 24843) fma2 gene Proteins 0.000 description 2
- 101100456045 Schizosaccharomyces pombe (strain 972 / ATCC 24843) map3 gene Proteins 0.000 description 2
- 238000004422 calculation algorithm Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/062—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
Abstract
The invention provides a method for data encryption transmission across network domains and data matching in an encryption state, which relates to the technical field of data security and comprises the following steps: respectively carrying out primary key MD5 encryption and other field AES encryption on each mechanism data of the mechanism space and each mechanism exclusive model data of the data space; fusing after encryption and transmitting to a development space, and performing secondary MD5 encryption on the primary key after fusing; matching the fused mechanism data with the fused mechanism exclusive model data according to the primary key encrypted by the MD5 for the second time to obtain a matching result set; correspondingly transmitting the matching result set back to each mechanism in the mechanism space according to the transmission channel of each mechanism in the mechanism space; each mechanism restores the main key by pressing MD5 and decrypts the fields except the main key by pressing AES to obtain the exclusive model result of the mechanism. The invention realizes that the data can be used and can not be seen when multiple mechanisms use the government affair data space data together, thereby avoiding the leakage risk of government affair data transmission.
Description
Technical Field
The invention relates to the technical field of data security, in particular to a method for cross-domain data encryption transmission and data matching in an encryption state.
Background
With the information construction, when data are transmitted in batch between companies, between departments and systems, and between systems, if the data are transmitted in clear text, a lawless person can eavesdrop on a communication channel to steal the data. The encryption technology is a common security means, and important data is changed into messy codes (encrypted) by using the technology and then transmitted, so that the security in the data transmission process can be ensured. The encrypted data is usually decrypted after being transmitted to the destination, which requires the operator of the destination to have the associated key and to see the plaintext after decryption.
At present, in some specific data development scenes, the data security and confidentiality requirements are high, data encryption transmission is required, and matching of data tables from various different sources is performed under the condition that a data developer cannot see decrypted data, so that the problem that the application field and the use purpose of data are difficult to monitor is avoided, and challenges are provided for data development and data security.
Therefore, it is desirable to provide a method for matching encrypted transmission of data across network domains with data.
Disclosure of Invention
Aiming at the problems, the invention provides a method for cross-domain data encryption transmission and data matching in an encryption state.
In order to achieve the above object, the present invention provides a method for cross-domain data encryption transmission and data matching in an encrypted state, comprising:
respectively performing primary key first-time MD5 encryption on each mechanism data stored in a mechanism space and each mechanism exclusive model data stored in a data space, and performing AES encryption on fields except the primary key;
respectively transmitting the encrypted mechanism data and the encrypted mechanism exclusive model data to a development space, respectively performing data fusion on the mechanism data and the mechanism exclusive model data, and respectively performing secondary MD5 encryption on a main key of the fused data;
matching the fused mechanism data with the fused mechanism exclusive model data according to the primary key encrypted by the MD5 for the second time to obtain a matching result set;
correspondingly transmitting the matching result set back to each mechanism in the mechanism space according to the transmission channel of each mechanism in the mechanism space;
and each mechanism in the mechanism space restores the main key of the exclusive model data in the returned data according to MD5 and decrypts the fields except the main key according to AES to obtain the exclusive model result of the mechanism.
As a further improvement of the present invention, the primary key first MD5 encryption of each organization data stored in the organization space and each organization-specific model data stored in the data space includes:
each organization respectively masters a delay secret key;
splicing the main key of each mechanism data stored in the mechanism space with the delayed key of the mechanism to obtain a new character string, and respectively carrying out MD5 encryption on the obtained character string;
and splicing the main key of the exclusive model data of each organization stored in the data space with the extension key of the organization to obtain a new character string, and respectively carrying out MD5 encryption on the obtained character string.
As a further improvement of the invention, the extended key is generated by a random key generation program, and meets one or more of the requirements of having lower case letters, numbers and special characters, having no Chinese and English meanings and having the length of not less than 8.
As a further improvement of the present invention, the fields except the primary key are AES encrypted, including:
each organization respectively masters an AES key;
and the encryption program encrypts the mechanism data and the contents of each line except the main key in the mechanism exclusive model data respectively based on the AES key of each mechanism.
As a further improvement of the invention, the AES key is generated by a random key generation program and meets one or more of the requirements of having lower case and upper case numbers and special characters, having no Chinese and English meanings and having the length of not less than 8.
As a further improvement of the invention, fields except the primary key can be encrypted by using Base 64;
correspondingly, each mechanism in the data space restores the returned mechanism data main key according to MD5, and decrypts fields except the main key according to Base64 to obtain the exclusive model result of the mechanism.
As a further improvement of the invention, the method comprises the following steps: the second-time MD5 encryption of the primary key of the fused data respectively includes:
the administrator of the development space masters a secondary extension key;
splicing the fused main key of the mechanism data and the secondary delayed key into a new character string, and carrying out secondary MD5 encryption on the character string;
and splicing the primary key of the fused mechanism exclusive model data and the secondary delayed key into a new character string, and carrying out secondary MD5 encryption on the character string.
As a further improvement of the present invention, the matching result set is correspondingly transmitted back to each mechanism in the mechanism space according to the transmission channel of each mechanism in the mechanism space; the method comprises the following steps:
establishing a third mapping relation table of the encrypted data of the primary encryption main key, the secondary encryption main key and other fields except the main key for each mechanism data stored in the mechanism space;
matching the third mapping relation table and the matching result set according to the secondary encryption main key to obtain an intermediate data field, wherein the intermediate data field comprises a mechanism id after AES encryption, a main key of a data object after MD5 primary encryption and a mechanism exclusive model data content after AES encryption;
the return channel program decrypts and restores the mechanism id encrypted by the AES;
and according to the mechanism id, returning the line to which the mechanism id after AES encryption in the matching result table belongs to a corresponding mechanism.
As a further improvement of the present invention,
performing primary MD5 encryption on each mechanism data stored in the mechanism space, and establishing a first mapping relation table of primary encryption main keys and other fields except the main keys after AES encryption is performed on the fields except the main keys;
after a plurality of mechanisms are fused, performing secondary MD5 encryption on the primary key, and establishing a second mapping relation table of the secondary encryption primary key and the primary encryption primary key;
and associating the first mapping relation table and the second mapping relation table according to the primary encryption main key to obtain the third mapping relation table.
Compared with the prior art, the invention has the following beneficial effects:
the invention transmits the data to the development space after encrypting the data for the first time, and managers in the development space can not know the real data of each mechanism; a development space manager fuses the data and then carries out secondary encryption, so that the development space manager cannot know the real data of each organization and cannot know which organization the matched data belong to; in the whole data development process, developers can only carry out data matching according to business logic, and do not know the actual meaning of the matching result. In the data transmission process and after data development space, even if data leakage occurs, a person acquiring the data cannot know the data content, the data can be invisible, and the application field and the use purpose of the data are effectively monitored.
The MD5 encryption adopted by the invention is extremely difficult to crack and can not be decrypted under the existing information technology, and the possibility of library collision is further reduced by carrying out MD5 after the main key + key.
The matching link of the invention utilizes the characteristic that the same string of characters have the same transcoding result by the MD5 transcoding algorithm, encrypts the data main keys of the same data table at the data sending end and the receiving end respectively, and then matches the data main keys at the receiving end, thereby not only realizing data encryption transmission, but also achieving the purpose that a data developer cannot see the special application scene of the data main keys.
Drawings
Fig. 1 is a flowchart of a method for cross-domain data encryption transmission and data matching in an encrypted state according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a system for cross-domain data encryption transmission and data matching in an encrypted state according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be described clearly and completely with reference to the drawings in the embodiments of the present invention, it is obvious that the described embodiments are a part of embodiments of the present invention, but not all embodiments, and the implementation steps of the embodiments are not limited by S1, S2 and the like. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
The invention is described in further detail below with reference to the attached drawing figures:
as shown in fig. 1 and 2, a method for cross-domain data encryption transmission and data matching in an encrypted state provided by the present invention includes:
s1, respectively carrying out primary key MD5 encryption on each mechanism data stored in the mechanism space and each mechanism exclusive model data stored in the data space, and respectively carrying out AES encryption on fields except the primary key;
wherein the content of the first and second substances,
(1) each organization respectively masters a delay secret key;
splicing the main key of each mechanism data stored in the mechanism space with the delayed key of the mechanism to obtain a new character string, and respectively carrying out MD5 encryption on the obtained character string;
and splicing the main key of the exclusive model data of each organization stored in the data space with the delayed key of the organization to obtain a new character string, and respectively carrying out MD5 encryption on the obtained character string.
The extended key is generated by a random key generation program and meets one or more of the requirements of having upper and lower case numbers and special characters, having no Chinese and English meanings and having the length of not less than 8.
(2) Each organization respectively masters an AES key;
the encryption program respectively encrypts the mechanism data and the contents of each line except the main key in the mechanism exclusive model data based on the AES key of each mechanism;
the AES key is generated by a random key generation program and meets one or more of the requirements of having upper and lower case numbers and special characters, having no Chinese and English meanings and having the length of not less than 8.
Further, in the above-mentioned case,
the fields except the primary key can be encrypted by Base64, and when the encryption method is adopted, each organization can encrypt data without mastering the corresponding key.
In particular, the method comprises the following steps of,
for the organization data stored in the organization space:
(1) the mechanism spaces are mutually independent and physically isolated;
(2) the organization data is shown in the following table:
(3) the MD5+ key encryption method is that an organization self-masters a delayed key { org }, wherein org represents each organization, then the key { org } is spliced by pk values to form a delayed character string, and then MD5 encryption is carried out on the delayed character string; if the extended key of institution 1 is denoted keyorg1, then the MD5 encryption formula is MD5(pk + keyorg 1). The primary key generated in this step is named MD5pk1, as shown after encryption in the table above; the table generated by this step is named B0{ org }, where org denotes each organization.
(4) The encryption program carries out AES encryption on fields except the primary key of B0{ org }, the contents of each encrypted field are shown in the table, and the encrypted organization data table is named as B1{ org }; meanwhile, a mapping table map1 is generated, and the mapping relation between AES (org _ id) and MD5pk1 is recorded.
For organization specific data stored in the data space:
(1) in the government data space, for example, the proprietary model data of the organization are represented, for example, as follows:
(2) the MD5+ key method is that an organization self-masters a delayed key { org }, the delayed key is consistent with delayed keys of all organizations stored in an organization space, wherein org represents all the organizations, then the key { org } is spliced by pk values to form a delayed character string, and then the delayed character string is subjected to MD5 encryption; if the extended key of mechanism 1 is denoted keyorg1, then the MD5 encryption formula is MD5(pk + keyorg 1). The primary key generated by this step is named MD5pk1, as shown after encryption of the above table, and the table generated by this step is named M0{ org }, where org denotes each organization;
(3) the confidential program AES encrypts the fields of M0{ org } except the primary key, the contents of the encrypted fields are shown in the table, and the data table generated after encryption is named as M1{ org }.
S2, respectively transmitting the encrypted mechanism data and the encrypted mechanism-specific model data to a development space, respectively performing data fusion on the mechanism data and the mechanism-specific model data, and respectively performing secondary MD5 encryption on a main key of the fused data;
wherein, the first and the second end of the pipe are connected with each other,
(1) the encrypted mechanism data stored in the mechanism space and the exclusive model data of each mechanism stored in the data space are transmitted to the development space through a datax configuration data transmission task;
(2) the method comprises the steps of fusing a plurality of organization data to obtain an organization data table by compiling a database script, fusing a plurality of organization exclusive model data, and carrying out periodic scheduling (such as daily) through a scheduling program;
(3) a manager of the development space masters a secondary extension key;
splicing the primary key and the secondary delayed key of the fused mechanism data into a new character string, and carrying out secondary MD5 encryption on the character string;
and splicing the primary key and the secondary delayed key of the fused mechanism exclusive model data into a new character string, and carrying out secondary MD5 encryption on the character string.
Further, in the above-mentioned case,
the secondary extended key is generated by a special random key generation program, has upper-case and lower-case numbers and special characters, cannot have Chinese and English meanings, and has the length not less than 8.
In particular, the method comprises the following steps of,
(1) configuring a data transmission task through datax, transmitting the encrypted mechanism data to a development space, combining each mechanism data table B1{ org } into 1 table through an SQL script in a Union mode by a transmission program in the transmission process, realizing the fusion of a plurality of mechanism data, and naming the generated table as B2;
the MD5+ key method includes that an administrator of a development space masters a delay key _ dev, then the key _ dev is spliced with a main key MD5pk1 value in a fusion table B2 to form a delay character string, and then MD5 encryption is carried out on the delay character string; at this time, the encryption formula is MD5(MD5pk1+ key _ dev), the table generated in this step is named B3, the table primary key generated in this step is named MD5pk2, and meanwhile, mapping table map2 is generated, and the mapping relationship between MD5pk1 and MD5pk2 is recorded.
(2) Configuring a data transmission task through datax, transmitting the encrypted exclusive model data of each organization to a development space, combining each organization table M1{ org } into 1 table through an SQL script in a Union mode by a transmission program in the transmission process, realizing the fusion of the exclusive model data of a plurality of organizations, and naming the generated table as M2;
here, the MD5+ key method is that an administrator of the development space grasps a deferred key _ dev (which is consistent with the deferred key _ dev of the post-fusion mechanism data), then concatenates the key _ dev with the value of the primary key MD5pk1 in the fusion table M2 to form a deferred character string, and then performs MD5 encryption on the deferred character string, where the encryption formula is MD5(MD5pk2+ key _ dev), the generated table is named as M3, and the generated table primary key is named as MD5pk 2.
S3, matching the fused mechanism data with the fused mechanism exclusive model data according to the primary key encrypted by the MD5 for the second time to obtain a matching result set;
wherein the content of the first and second substances,
the mechanism data fusion table B3 encrypted by the primary key for the second time and the mechanism exclusive model table M3 encrypted by the primary key encrypted by the secondary MD5 are matched to generate a matching result
The mechanism data table connection can be carried out by writing scripts and pressing a main key, such as: writing SQL script, performing join operation on the main key MD5pk2 in the B3 table and the main key MD5pk2 in the M3 table, and the resulting table generated by this step is named BM, and is shown as the following table:
in particular, the method comprises the following steps of,
the mapping table map1 and map2 are associated by the primary key MD5pk2 encrypted by the MD5 for the second time, and the mapping relationship of AES (org _ id), MD5pk1, and MD5pk2 is recorded, so that the mapping table map3 is obtained, which is a matching result set, and the following table is illustrated as an example:
| name of field | Description of the invention | Remarks for note | Decryption |
| Pk | Primary key of MD5 once-encrypted data object | MD5pk1 | |
| org_id | AES encryptionRear organization id | AES(org_id) | org_id |
| Pk2 | Primary key of MD5 secondary encrypted data object | MD5pk2 |
S4, correspondingly transmitting the matching result set back to each mechanism in the mechanism space according to the transmission channel of each mechanism in the mechanism space;
wherein the content of the first and second substances,
the matched result is transmitted back to the corresponding mechanism in the data space according to each mechanism channel through the management program;
further, in the above-mentioned case,
(1) performing primary MD5 encryption on each mechanism data stored in the mechanism space, and establishing a first mapping relation table of primary encryption primary keys and other fields except the primary keys after AES encryption is performed on the fields except the primary keys;
(2) after a plurality of organization data are fused, performing secondary MD5 encryption on the primary key, and establishing a second mapping relation table of the secondary encryption primary key and the primary encryption primary key;
(3) associating the first mapping relation table and the second mapping relation table according to the primary encryption primary key to obtain a third mapping relation table, namely: a primary encryption main key, a secondary encryption main key and a mapping relation table of data after other fields except the main key are encrypted;
(4) matching the third mapping relation table with a matching result set according to the secondary encryption main key to obtain an intermediate data field, wherein the intermediate data field comprises a mechanism id after AES encryption, a main key of a data object after MD5 primary encryption and a mechanism exclusive model data content after AES encryption;
(5) the return channel program decrypts and restores the mechanism id encrypted by the AES;
(6) and according to the mechanism id, returning the line to which the mechanism id belongs after AES encryption in the matching result table to the corresponding mechanism.
In particular, the method comprises the following steps of,
the return channel program matches BM with map3, and backtracks MD5pk1 mapped by MD5pk2 by MD5pk2 association;
after matching, the contents of the intermediate data fields are as follows: AES (org _ id), MD5pk1, model _ cont;
the return pass program decrypts the AES (org _ id) to org _ id;
and returning the corresponding AES (org _ id) to the corresponding mechanism according to the org _ id.
And S5, each mechanism in the mechanism space restores the main key of the exclusive model data in the returned data according to MD5, and decrypts the fields except the main key according to AES to obtain the exclusive model result of the mechanism.
Wherein the content of the first and second substances,
correspondingly, if the fields except the main key can be encrypted by adopting Base64, each mechanism in the data space restores the returned mechanism data by pressing the main key MD5, and decrypts the fields except the main key by pressing the Base64, so as to obtain the exclusive model result of the mechanism.
In particular, the method comprises the following steps of,
each mechanism receives data of the mechanism, and the field contents are AES (org _ id), MD5pk1 and AES (model _ cont); the resulting table is named R1;
generating a mapping relation of the mechanism original data, recording the mapping relation of a main key pk and MD5pk1, and generating a result table map 0;
through SQL scripts, the result table R1 and map0 are associated, the association field is MD5pk1, pk mapped by MD5pk1 is traced back, the content of the generated result data field is pk, model _ cont, and the generated result table is named as R2.
The invention has the advantages that:
(1) the invention transmits the data to the development space after encrypting the data for the first time, and managers in the development space can not know the real data of each mechanism; a development space manager fuses the data and then carries out secondary encryption, so that the development space manager cannot know the real data of each organization and cannot know which organization the matched data belong to; in the whole data development process, developers can only carry out data matching according to business logic, and do not know the actual meaning of the matching result. In the data transmission process and after data development space, even if data leakage occurs, a person who acquires the data cannot know the data content, the data can be used and invisible, and the application field and the use purpose of the data are effectively monitored.
(2) The MD5 encryption adopted by the invention is extremely difficult to crack and can not be decrypted under the existing information technology, and the possibility of library collision is further reduced by carrying out MD5 after the main key + key.
(3) The matching link of the invention utilizes the characteristic that the same string of characters are transcoded by the MD5 transcoding algorithm to have the same result, the data main keys of the same data table are respectively encrypted at the data sending end and the receiving end, and then the data main keys are matched at the receiving end, thereby not only realizing data encryption transmission, but also achieving the special application scene that data developers can not see the data main keys.
The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes will occur to those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (9)
1. A method for data encryption transmission across network domains and data matching in an encryption state is characterized by comprising the following steps:
respectively performing primary key MD5 encryption on each mechanism data stored in a mechanism space and each mechanism exclusive model data stored in a data space, and performing AES encryption on fields except the primary key;
respectively transmitting the encrypted mechanism data and the encrypted mechanism exclusive model data to a development space, respectively performing data fusion on the mechanism data and the mechanism exclusive model data, and respectively performing secondary MD5 encryption on a main key of the fused data;
matching the fused mechanism data with the fused mechanism exclusive model data according to the primary key encrypted by the MD5 for the second time to obtain a matching result set;
correspondingly transmitting the matching result set back to each mechanism in the mechanism space according to the transmission channel of each mechanism in the mechanism space;
and each mechanism in the mechanism space restores the main key of the exclusive model data in the returned data according to MD5 and decrypts the fields except the main key according to AES to obtain the exclusive model result of the mechanism.
2. The method of claim 1, wherein: the main key first-time MD5 encryption of each mechanism data stored in the mechanism space and each mechanism exclusive model data stored in the data space respectively comprises the following steps:
each organization respectively masters a delay secret key;
splicing the main key of each mechanism data stored in the mechanism space with the delayed key of the mechanism to obtain a new character string, and respectively carrying out MD5 encryption on the obtained character string;
and splicing the main key of the exclusive model data of each organization stored in the data space with the extension key of the organization to obtain a new character string, and respectively carrying out MD5 encryption on the obtained character string.
3. The method of claim 2, wherein: the extended key is generated by a random key generation program and meets one or more of the requirements of having upper and lower case numbers and special characters, having no Chinese and English meanings and having the length not less than 8.
4. The method of claim 1, wherein: the fields except the main key are encrypted by AES, and the method comprises the following steps:
each organization respectively masters an AES key;
and the encryption program encrypts the mechanism data and the contents of each line except the main key in the mechanism exclusive model data respectively based on the AES key of each mechanism.
5. The method according to claim 1 or 4, characterized in that: the AES key is generated by a random key generation program and meets one or more of the requirements of having upper and lower case numbers and special characters, having no Chinese and English meanings and having the length of not less than 8.
6. The method of claim 1, wherein: fields other than the primary key may be encrypted using Base 64;
correspondingly, each mechanism in the data space restores the returned mechanism data main key according to MD5, and decrypts fields except the main key according to Base64 to obtain the exclusive model result of the mechanism.
7. The method of claim 1, wherein: the method comprises the following steps: the second-time MD5 encryption of the primary key of the fused data respectively includes:
the administrator of the development space masters a secondary extension key;
splicing the fused main key of the mechanism data and the secondary delayed key into a new character string, and carrying out secondary MD5 encryption on the character string;
and splicing the primary key of the fused mechanism exclusive model data and the secondary delayed key into a new character string, and carrying out secondary MD5 encryption on the character string.
8. The method of claim 1, wherein: correspondingly transmitting the matching result set back to each mechanism in the mechanism space according to the transmission channel of each mechanism in the mechanism space; the method comprises the following steps:
establishing a third mapping relation table of the encrypted data of the primary encryption main key, the secondary encryption main key and other fields except the main key for each mechanism data stored in the mechanism space;
matching the third mapping relation table and the matching result set according to the secondary encryption main key to obtain an intermediate data field, wherein the intermediate data field comprises a mechanism id after AES encryption, a main key of a data object after MD5 primary encryption and a mechanism exclusive model data content after AES encryption;
the return channel program decrypts and restores the mechanism id encrypted by the AES;
and according to the mechanism id, returning the line to which the mechanism id after AES encryption in the matching result table belongs to a corresponding mechanism.
9. The method of claim 8, wherein: the method comprises the following steps:
performing primary MD5 encryption on each mechanism data stored in the mechanism space, and establishing a first mapping relation table of primary encryption main keys and other fields except the main keys after AES encryption is performed on the fields except the main keys;
after a plurality of mechanisms are fused, performing secondary MD5 encryption on the primary key, and establishing a second mapping relation table of the secondary encryption primary key and the primary encryption primary key;
and associating the first mapping relation table and the second mapping relation table according to the primary encryption main key to obtain the third mapping relation table.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210430731.4A CN114640543B (en) | 2022-04-22 | 2022-04-22 | Method for matching data between cross-network domain data encryption transmission and encryption state |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210430731.4A CN114640543B (en) | 2022-04-22 | 2022-04-22 | Method for matching data between cross-network domain data encryption transmission and encryption state |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114640543A true CN114640543A (en) | 2022-06-17 |
| CN114640543B CN114640543B (en) | 2024-02-13 |
Family
ID=81952159
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210430731.4A Active CN114640543B (en) | 2022-04-22 | 2022-04-22 | Method for matching data between cross-network domain data encryption transmission and encryption state |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114640543B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106789975A (en) * | 2016-12-07 | 2017-05-31 | 广东京奥信息科技有限公司 | A kind of method of the text encryption transmission with byte stream is preserved |
| CN108197505A (en) * | 2017-12-29 | 2018-06-22 | 泰康保险集团股份有限公司 | Block chain business data processing method, device and electronic equipment |
| US20200119903A1 (en) * | 2018-10-11 | 2020-04-16 | Fungible, Inc. | Multimode cryptographic processor |
| CN111859446A (en) * | 2020-06-16 | 2020-10-30 | 北京农业信息技术研究中心 | Agricultural product traceability information sharing-privacy protection method and system |
| CN112751855A (en) * | 2020-12-30 | 2021-05-04 | 合肥大多数信息科技有限公司 | Cross-browser user data security management system based on encryption technology |
| CN113709730A (en) * | 2021-07-12 | 2021-11-26 | 陕西能源职业技术学院 | Terminal security validity checking method |
-
2022
- 2022-04-22 CN CN202210430731.4A patent/CN114640543B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106789975A (en) * | 2016-12-07 | 2017-05-31 | 广东京奥信息科技有限公司 | A kind of method of the text encryption transmission with byte stream is preserved |
| CN108197505A (en) * | 2017-12-29 | 2018-06-22 | 泰康保险集团股份有限公司 | Block chain business data processing method, device and electronic equipment |
| US20200119903A1 (en) * | 2018-10-11 | 2020-04-16 | Fungible, Inc. | Multimode cryptographic processor |
| CN111859446A (en) * | 2020-06-16 | 2020-10-30 | 北京农业信息技术研究中心 | Agricultural product traceability information sharing-privacy protection method and system |
| CN112751855A (en) * | 2020-12-30 | 2021-05-04 | 合肥大多数信息科技有限公司 | Cross-browser user data security management system based on encryption technology |
| CN113709730A (en) * | 2021-07-12 | 2021-11-26 | 陕西能源职业技术学院 | Terminal security validity checking method |
Non-Patent Citations (1)
| Title |
|---|
| 孙砚辉;胡毅;毕筱雪;刘劲松;: "数字化车间信息安全机制的设计与实现", 组合机床与自动化加工技术, no. 12, 20 December 2017 (2017-12-20) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114640543B (en) | 2024-02-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109120639B (en) | Data cloud storage encryption method and system based on block chain | |
| US20230014599A1 (en) | Data processing method and apparatus for blockchain system | |
| CN104283688B (en) | A kind of USBKey security certification systems and safety certifying method | |
| CN110417781A (en) | File encryption management method, client and server based on block chain | |
| CN105245505A (en) | Data transmitting method and device, data receiving method and device, and receiving-transmitting system | |
| US20230328043A1 (en) | Privacy protection method and system for financial data sharing based on federated learning | |
| CN106067874B (en) | It is a kind of by the method for data record to server end, terminal and server | |
| CN111625852B (en) | Electronic signature method based on document and user private key under hybrid cloud architecture | |
| CN113190584B (en) | Concealed trace query method based on oblivious transmission protocol | |
| CN109800588A (en) | Bar code dynamic encrypting method and device, bar code dynamic decryption method and device | |
| CN103457932A (en) | Data safety storage method and system under cloud computing environment | |
| CN111274599A (en) | Data sharing method based on block chain and related device | |
| CN109257347A (en) | Communication means and relevant apparatus, storage medium suitable for data interaction between bank | |
| CN110535641A (en) | Key management method and device, computer equipment and storage medium | |
| CN104243149A (en) | Encrypting and decrypting method, device and server | |
| US20010014156A1 (en) | Common key generating method, common key generator, cryptographic communication method and cryptographic communication system | |
| WO2023178919A1 (en) | Sort query system and method based on oblivious transfer protocol | |
| CN106060073A (en) | Channel key negotiation method | |
| CN114329605A (en) | Cipher card key management method and device | |
| CN103916237A (en) | Method and system for managing user encrypted-key retrieval | |
| CN114640543B (en) | Method for matching data between cross-network domain data encryption transmission and encryption state | |
| CN109274690A (en) | Group's data ciphering method | |
| CN112929169B (en) | Key negotiation method and system | |
| US20010009583A1 (en) | Secret key registration method, secret key register, secret key issuing method, cryptographic communication method and cryptographic communication system | |
| Mahmoud et al. | Encryption based on multilevel security for relational database EBMSR |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |