CN114679324A - Data exchange method, tool, system, equipment and medium - Google Patents
Data exchange method, tool, system, equipment and medium Download PDFInfo
- Publication number
- CN114679324A CN114679324A CN202210324602.7A CN202210324602A CN114679324A CN 114679324 A CN114679324 A CN 114679324A CN 202210324602 A CN202210324602 A CN 202210324602A CN 114679324 A CN114679324 A CN 114679324A
- Authority
- CN
- China
- Prior art keywords
- data
- configuration file
- rule
- key
- key rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 97
- 230000027455 binding Effects 0.000 claims abstract description 30
- 238000005516 engineering process Methods 0.000 claims description 16
- 238000004590 computer program Methods 0.000 claims description 13
- 238000007906 compression Methods 0.000 claims description 11
- 230000006835 compression Effects 0.000 claims description 11
- 238000010276 construction Methods 0.000 claims description 10
- 238000013144 data compression Methods 0.000 claims description 10
- 238000010187 selection method Methods 0.000 abstract description 11
- 230000005540 biological transmission Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 6
- 230000010354 integration Effects 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 2
- 230000002349 favourable effect Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000009870 specific binding Effects 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a data exchange method, tool, system, device and medium, the method includes: acquiring data to be encrypted and a unique identifier of a key rule; selecting a target key rule configuration file packet corresponding to the unique key rule identifier; randomly selecting a key rule configuration file as a target key rule configuration file, and encrypting data to be encrypted to obtain an encrypted data packet; and binding the encrypted data packet, the unique key rule identifier and the rule characteristic information to obtain a bound data packet, and sending the bound data packet to a second data system so that the second data system can decrypt the encrypted data packet based on a decryption rule to obtain decrypted data. According to the method and the device, the target key rule configuration file is selected by using a random selection method to encrypt the data to be encrypted, the corresponding decryption rule is determined by the second data system to decrypt the bound data packet, a fixed algorithm and a key are avoided, and the security of the data exchange process is improved.
Description
Technical Field
The present invention relates to the field of information security and data exchange, and in particular, to a data exchange method, tool, system, device, and medium.
Background
Currently, the data transmission encryption method between systems can be summarized as data offline encryption technology, data online encryption technology, and data offline and online mixed encryption technology. The data offline encryption technology mostly adopts a fixed form algorithm-level key to encrypt and decrypt files, the encryption algorithm is single, and the key and the encryption rule are more complicated; the data online encryption technology completely depends on a server side to encrypt and decrypt data, the encryption efficiency is difficult to guarantee, and the public internet security threat can be caused when the data online encryption technology needs to interact with a remote encryption server side; the off-line and on-line hybrid encryption technologies mostly adopt algorithms and keys to be solidified to the local, variable factors such as random numbers and the like are obtained through a server side during encryption, and hybrid encryption is carried out.
In summary, how to reduce the technical complexity and improve the security of data exchange becomes an urgent problem to be solved.
Disclosure of Invention
In view of the above, an object of the present invention is to provide a data exchange method, which can reduce the technical complexity and improve the security of data exchange. The specific scheme is as follows:
in a first aspect, the present application discloses a data exchange method, which is applied to a data source end tool located in a first data system, where the first data system further includes a data source system; wherein the method comprises the following steps:
acquiring data to be encrypted and a unique key rule identifier sent by the data source system;
selecting a target key rule configuration file packet corresponding to the unique key rule identifier from a plurality of preset key rule configuration file packets; each key rule configuration file package comprises a plurality of different key rule configuration files;
randomly selecting a key rule configuration file from the target key rule configuration file packet as a target key rule configuration file, and encrypting the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet;
and binding the encrypted data packet, the unique key rule identifier and the rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet, sending the bound data packet to a second data system through the data source system, so that the second data system determines a corresponding decryption rule based on the unique key rule identifier and the rule characteristic information, and decrypting the encrypted data packet based on the decryption rule to obtain corresponding decrypted data.
Optionally, the obtaining of the to-be-encrypted data and the unique key rule identifier sent by the data source system includes:
acquiring a structured data file to be encrypted, an unstructured data compression packet and a unique key rule identifier which are sent by the data source system; the structured data file comprises structured data, a file name of an unstructured data file which is associated with the structured data and a corresponding association relation;
correspondingly, the encrypting the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet includes:
analyzing the structured data file to obtain the structured data, the file name and the association relation in the structured data file;
checking whether an unstructured data file corresponding to the file name exists in the uncompressed unstructured data compression packet or not according to the incidence relation in the structured data file;
if so, carrying out corresponding format coding on the structured data according to the structured data format in the target key rule configuration file to obtain a coded structured data file, and encrypting and compressing the coded structured data file by using an asymmetric key algorithm in the target key rule configuration file to obtain a corresponding structured data encryption compression packet;
and compressing the structured data encryption compression packet and the unstructured data file, and encrypting a compression result by using a symmetric key algorithm in the target key rule configuration file to obtain an encrypted data packet.
Optionally, before the obtaining of the data to be encrypted and the unique key rule identifier sent by the data source system, the method further includes:
acquiring a plurality of key rule configuration file packages which are respectively established by a rule engine system based on a plurality of groups of initial information input by a user terminal; wherein the creation of any key rule profile package comprises the rule engine system generating a root key and a unique key rule identifier using a corresponding set of the initial information, a plurality of symmetric key algorithms, a plurality of asymmetric key algorithms, and a plurality of sets of keys are then generated based on the root key, and acquiring the user terminal self-defined configured identifiers of different symmetric key algorithms, identifiers of different asymmetric key algorithms, a plurality of structured data formats, a plurality of unique data packet identifier generation algorithms and data packet naming rules, and obtaining a key rule configuration file package which corresponds to the key rule unique identifier and comprises a plurality of symmetric key algorithms and corresponding identifiers, a plurality of asymmetric key algorithms and corresponding identifiers, a plurality of structured data formats, a plurality of data package unique identifier generation algorithms and a data package naming rule.
Optionally, the randomly selecting one key rule configuration file from the target key rule configuration file package as a target key rule configuration file includes:
extracting the data package naming rule from the target key rule configuration file package, randomly selecting a symmetric key algorithm, an asymmetric key algorithm, a structured data format and a data package unique identifier generation algorithm, and recording corresponding identifiers to obtain the target key rule configuration file;
correspondingly, the binding the encrypted data packet, the unique key rule identifier, and the rule feature information corresponding to the target key rule configuration file to obtain a corresponding bound data packet includes:
generating a data packet unique identifier by using a data packet unique identifier generation algorithm in the target key rule configuration file;
naming the encrypted data packet by using the data packet naming rule in the target key rule configuration file to obtain a target data packet name containing the unique key rule identifier, the rule characteristic information and the unique data packet identifier; the rule characteristic information is obtained by arranging the identification of the structured data format, the identification of the symmetric key algorithm and the identification of the asymmetric key algorithm based on the data packet number arrangement rule in the data packet naming rule;
and taking the target data packet name as a name corresponding to the encrypted data packet to obtain the bound data packet.
Optionally, the obtaining a plurality of key rule configuration file packages created by the rule engine system based on a plurality of sets of initial information input by the user terminal respectively includes:
acquiring a plurality of key rule configuration file packages which are respectively created by a rule engine system based on a plurality of groups of initial key information input by a user terminal at different time periods; the initial key information is the key information which is acquired by the user terminal through a preset key information input interface and meets the preset key construction condition; the preset key construction condition comprises a first construction condition determined based on the preset character type and a second construction condition determined based on the preset key length.
Optionally, the sending the bound data packet to a second data system by the data source system includes:
and if the data volume of the bound data packet is larger than a preset data volume threshold value, sending a plurality of small data packets obtained by splitting the bound data packet based on a unpacking technology to a second data system through the data source system.
In a second aspect, the present application discloses a data exchange method, which is applied to a data center tool in a second data system, where the second data system further includes a data center system; wherein the method comprises the following steps:
acquiring a bound data packet created by a data source end tool from the data center system; the bound data packet is obtained by binding an encrypted data packet, a unique key rule identifier and rule feature information corresponding to a target key rule configuration file by the data source end tool, the encrypted data packet is obtained by encrypting data to be encrypted by the data source end tool by using a target key rule configuration file randomly selected from a first target key rule configuration file packet, and the first target key rule configuration file packet is a key rule configuration file packet which is selected by the data source end tool from a plurality of preset key rule configuration file packets and corresponds to the unique key rule identifier;
searching a second target key rule configuration file package from a plurality of preset key rule configuration file packages by using the unique key rule identification in the bound data package, and searching the second target key rule configuration file package by using the rule characteristic information in the bound data package to determine a corresponding decryption rule;
and decrypting the encrypted data packet in the bound data packet based on the decryption rule to obtain corresponding decrypted data.
In a third aspect, the present application discloses a data source end tool, including:
the data acquisition module is used for acquiring data to be encrypted and a unique key rule identifier sent by a data source system; wherein the data source system and the data source end tool are both located on a first data system;
the configuration file package selection module is used for selecting a target key rule configuration file package corresponding to the unique key rule identifier from a plurality of preset key rule configuration file packages; each key rule configuration file package comprises a plurality of different key rule configuration files;
a configuration file selection module for randomly selecting a key rule configuration file from the target key rule configuration file package as a target key rule configuration file;
the data encryption module is used for encrypting the data to be encrypted by utilizing the target key rule configuration file to obtain an encrypted data packet;
and the data binding module is used for binding the encrypted data packet, the unique key rule identifier and the rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet, sending the bound data packet to a second data system through the data source system, so that the second data system determines a corresponding decryption rule based on the unique key rule identifier and the rule characteristic information, and decrypting the encrypted data packet based on the decryption rule to obtain corresponding decrypted data.
In a fourth aspect, the present application discloses a data center end tool, comprising:
the data packet acquisition module is used for acquiring a bound data packet created by the data source end tool from the data center system; the bound data packet is obtained by binding an encrypted data packet, a unique key rule identifier and rule feature information corresponding to a target key rule configuration file by the data source end tool, the encrypted data packet is obtained by encrypting data to be encrypted by the data source end tool by using a target key rule configuration file randomly selected from a first target key rule configuration file packet, and the first target key rule configuration file packet is a key rule configuration file packet which is selected by the data source end tool from a plurality of preset key rule configuration file packets and corresponds to the unique key rule identifier; wherein the data center system and the data center end tool are both located on a second data system;
the first searching module is used for searching a second target key rule configuration file package from a plurality of preset key rule configuration file packages by using the unique key rule identification in the bound data package;
the second searching module is used for searching the second target key rule configuration file package by utilizing the rule characteristic information in the bound data package so as to determine a corresponding decryption rule;
and the data decryption module is used for decrypting the encrypted data packet in the bound data packet based on the decryption rule so as to obtain corresponding decrypted data.
In a fifth aspect, the present application discloses a data exchange system, comprising a first data system and a second data system, wherein the first data system comprises a data source end tool and a data source system, and the second data system comprises a data center end tool and a data center system; wherein,
the data source system is used for sending data to be encrypted and a unique key rule identifier to the data source end tool;
the data source end tool is used for selecting a first target key rule configuration file packet corresponding to the unique key rule identifier from a plurality of preset key rule configuration file packets; each first key rule configuration file package comprises a plurality of different key rule configuration files; randomly selecting a key rule configuration file from the first target key rule configuration file packet as a target key rule configuration file, and encrypting the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet; binding the encrypted data packet, the unique key rule identifier and the rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet;
the data center system is configured to receive the bound data packet that is sent by the data source system and acquired from the data source end tool;
the data center end tool is configured to find a second target key rule configuration file package from a plurality of preset key rule configuration file packages by using the unique key rule identifier in the bound data package, find the second target key rule configuration file package by using the rule feature information in the bound data package to determine a corresponding decryption rule, and decrypt the encrypted data package in the bound data package based on the decryption rule to obtain corresponding decrypted data.
In a sixth aspect, the present application discloses an electronic device comprising a processor and a memory; wherein the processor implements the data exchange method disclosed above when executing the computer program stored in the memory.
In a seventh aspect, the present application discloses a computer readable storage medium for storing a computer program; wherein the computer program realizes the data exchange method disclosed in the foregoing when executed by a processor.
Therefore, the data to be encrypted and the unique key rule identification sent by the data source system are obtained; selecting a target key rule configuration file packet corresponding to the unique key rule identifier from a plurality of preset key rule configuration file packets; each key rule configuration file package comprises a plurality of different key rule configuration files; randomly selecting a key rule configuration file from the target key rule configuration file packet as a target key rule configuration file, and encrypting the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet; and binding the encrypted data packet, the unique key rule identifier and the rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet, sending the bound data packet to a second data system through the data source system, so that the second data system determines a corresponding decryption rule based on the unique key rule identifier and the rule characteristic information, and decrypting the encrypted data packet based on the decryption rule to obtain corresponding decrypted data. Therefore, the random selection method is used for selecting the target key rule configuration file from the target key rule configuration file package corresponding to the unique key rule identifier to encrypt the data to be encrypted, determining the decryption rule corresponding to the rule characteristic information corresponding to the target key rule configuration file in the second data system, and decrypting the bound data package.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 provides a flow chart of a data exchange method according to the present application.
FIG. 2 provides a schematic diagram of an association relationship between structured data and unstructured data files.
Fig. 3 provides a specific encryption method for the present application.
Fig. 4 is a schematic diagram of a data packet naming method provided in the present application.
Fig. 5 is a flow chart of a data exchange method according to the present application.
Fig. 6 is a schematic diagram of a key rule profile package creation process provided in the present application.
Fig. 7 provides a schematic diagram of a process of data exchange according to the present application.
Fig. 8 provides a schematic diagram of a new key rule profile package creation process according to the present application.
Fig. 9 provides a schematic diagram of a data source tool according to the present application.
FIG. 10 provides a schematic diagram of a data center end tool for the present application.
Fig. 11 provides a schematic diagram of a data exchange system according to the present application.
Fig. 12 provides a block diagram of an electronic device according to the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The existing data transmission encryption method between systems has the problems of public internet security threat and complex implementation technology. In order to overcome the problems, the application provides a data exchange scheme, which can reduce the technical complexity and improve the safety of the data exchange process.
Referring to fig. 1, an embodiment of the present application discloses a data exchange method, which is applied to a data source tool located in a first data system, where the first data system further includes a data source system; wherein, the method comprises the following steps:
step S11: and acquiring the data to be encrypted and the unique identifier of the key rule, which are sent by the data source system.
In this embodiment, before performing a data exchange process, a data exchange system needs to be established, and initialization configuration is performed to perform data specification, specifically, a rule engine system creates a plurality of key rule configuration file packages based on a plurality of sets of initial information input by a user terminal, respectively; wherein the creation of any key rule profile package comprises the rule engine system generating a root key and a unique key rule identifier using a corresponding set of the initial information, a plurality of symmetric key algorithms, a plurality of asymmetric key algorithms, and a plurality of sets of keys are then generated based on the root key, and acquiring the user terminal custom-configured identifiers of different symmetric key algorithms, identifiers of different asymmetric key algorithms, a plurality of structured data formats, a plurality of unique packet identifier generation algorithms and packet naming rules, and obtaining a key rule configuration file package which corresponds to the key rule unique identifier and comprises a plurality of symmetric key algorithms and corresponding identifiers, a plurality of asymmetric key algorithms and corresponding identifiers, a plurality of structured data formats, a plurality of data package unique identifier generation algorithms and a data package naming rule. The symmetric key algorithm is an encryption method adopting a single-key cryptosystem, and the same key can be used for encrypting and decrypting information at the same time; the asymmetric key algorithm is an encryption method adopting a public key and private key cryptosystem, wherein the public key is used for data encryption, and the private key is used for data decryption. It should be noted that the public key corresponding to the asymmetric key algorithm is used when the key rule configuration file packet corresponding to the data source end tool is created, and the private key corresponding to the asymmetric key algorithm is used when the key rule configuration file packet corresponding to the data center end tool is created.
It can be understood that, in the process of creating a plurality of key rule configuration file packages by the rule engine system based on a plurality of sets of initial information input by the user terminal, the initial information may be initial key information, specifically, the initial key information is key information that is acquired by the user terminal through a preset key information input interface and satisfies a preset key configuration condition, and in addition, the preset key configuration condition includes a first configuration condition determined based on a preset character type and a second configuration condition determined based on a preset key length. For example, the preset character type corresponding to the first construction condition is a letter and a number, and the preset key length corresponding to the second construction condition is 8 bits.
It should be noted that the process of creating a plurality of key rule profile packages by the rule engine system based on the plurality of sets of initial information input by the user terminal is performed at different time periods, but a plurality of key rule profile packages may exist at the same time. When a new key rule configuration file package needs to be created, new initial information input by a user terminal is obtained to create the new key rule configuration file package, and the old key rule configuration file package existing before can be deleted or can exist together with the new key rule configuration file package.
In this embodiment, the acquiring of the data to be encrypted, which is sent by the data source system, specifically includes acquiring a structured data file to be encrypted and an unstructured data compression packet, which are sent by the data source system, where the structured data file includes structured data, a file name of the unstructured data file associated with the structured data, and a corresponding association relationship. As shown in fig. 2, the association relationship is embodied in a structured data interaction format. Note that the structured data file in the data to be encrypted is in JSON (JavaScript Object Notation) format. The structured data is data which can be logically expressed and realized by a two-dimensional table structure and strictly conforms to the data format and length specification; the unstructured data are data relative to the structured data, and are not suitable for being represented by a two-dimensional table, including office documents of all formats, various reports, pictures, audio and video information and other files; it should be noted that, in order to ensure the integration between cross-platform systems, the JSON format is adopted for data exchange.
In this embodiment, before obtaining the unique key rule identifier sent by the data source system, the rule engine system is required to first generate the unique key rule identifier and send the unique key rule identifier to the data source system; wherein, a group of initial information corresponds to a unique identifier of the key rule.
Step S12: selecting a target key rule configuration file packet corresponding to the unique key rule identifier from a plurality of preset key rule configuration file packets; each of the key rule profile packages includes a plurality of different key rule profiles.
In this embodiment, after the unique key rule identifier sent by the data source system is obtained, a target key rule configuration file package corresponding to the unique key rule identifier is selected from a plurality of preset key rule configuration file packages created by a rule engine system; each of the key rule profile packages includes a plurality of different key rule profiles.
Step S13: and randomly selecting a key rule configuration file from the target key rule configuration file packet as a target key rule configuration file, and encrypting the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet.
In this embodiment, after the target key rule configuration file package corresponding to the unique key rule identifier is determined, a key rule configuration file is selected from the target key rule configuration file package as a target key rule configuration file based on a random selection method. Specifically, the data package naming rule is extracted from the target key rule configuration file package based on a random selection method, and a symmetric key algorithm, an asymmetric key algorithm, a structured data format and a data package unique identifier generation algorithm are randomly selected and corresponding identifiers are recorded, so that the target key rule configuration file is obtained. The random selection method is non-fixed, and is beneficial to improving the safety of the data exchange process.
In this embodiment, after the target key rule configuration file is selected, further determination is required to determine whether to perform the encryption process. Firstly, judging whether the target key rule configuration file exists in the data source tool, and then judging whether an unstructured data file corresponding to the structured data file exists in the decompressed unstructured data compression packet. Specifically, the structured data file is analyzed to obtain the structured data, the file name and the association relationship in the structured data file, and then according to the association relationship in the structured data file, whether an unstructured data file corresponding to the file name exists in the decompressed unstructured data compression package is checked; if the unstructured data compression package has an unstructured data file corresponding to the file name, performing corresponding format coding on the structured data according to a structured data format in the target key rule configuration file to obtain a coded structured data file, then encrypting and compressing the coded structured data file by using an asymmetric key algorithm in the target key rule configuration file to obtain a corresponding structured data encryption compression package, finally compressing the structured data encryption compression package and the unstructured data file, and encrypting a compression result by using a symmetric key algorithm in the target key rule configuration file to obtain an encrypted data package. As shown in fig. 3, the generation process of the encrypted data packet is shown; the encryption process uses a data envelope technology, and the data envelope technology is a technology for carrying out data secure transmission by comprehensively utilizing the advantages of a symmetric encryption technology and an asymmetric encryption technology; the structured data file adopts an asymmetric key algorithm, the encrypted structured data file and the unstructured data are combined, and a final data packet is encrypted by adopting a symmetric key algorithm and then used for transmission; the method not only plays the advantages of higher security of the asymmetric key algorithm, but also plays the advantages of high speed and good security of the symmetric key algorithm, and is beneficial to improving the security of the data exchange process.
Step S14: and binding the encrypted data packet, the unique key rule identifier and the rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet, sending the bound data packet to a second data system through the data source system, so that the second data system determines a corresponding decryption rule based on the unique key rule identifier and the rule characteristic information, and decrypting the encrypted data packet based on the decryption rule to obtain corresponding decrypted data.
In this embodiment, the rule feature information is feature information obtained by arranging the identifier of the structured data format, the identifier of the symmetric key algorithm, and the identifier of the asymmetric key algorithm based on the packet number arrangement rule in the packet naming rule.
In this embodiment, after a target key rule configuration file is selected and an encrypted data packet is further obtained, a data packet unique identifier is generated by using a data packet unique identifier generation algorithm in the target key rule configuration file. And then binding the encrypted data packet, the unique key rule identifier, the unique data packet identifier and the rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet. The specific binding may represent a variety of situations.
In a specific embodiment, the naming process is performed on the encrypted data packet by using the data packet naming rule in the target key rule configuration file to obtain a target data packet name including the unique key rule identifier, the rule feature information, and the unique data packet identifier, and then the target data packet name is used as a name corresponding to the encrypted data packet to obtain the bound data packet. The data packet naming rule is a rule obtained by arranging the unique key rule identifier, the rule characteristic information and the unique data packet identifier; the key rule unique identifier and the data packet unique identifier are fixed, and the symmetric key algorithm, the asymmetric key algorithm and the structured data structure identifier in the rule feature information are not fixed and are specifically determined by a data packet number arrangement rule. As shown in fig. 4, for the dynamic rule encoding format corresponding to the packet naming rule, the key rule unique identifier, the arrangement rule including the symmetric key algorithm identifier, the asymmetric key algorithm identifier, the rule feature information of the structured data format, and the packet unique identifier are specified.
In another specific embodiment, the fixed unique key rule identifier and the unique data package identifier may be added to form a target identifier file by using the non-fixed rule feature information obtained by arranging the symmetric key algorithm, the asymmetric key algorithm, and the structured data structure identifier according to the data package number arrangement rule, and the target identifier file is bound to the encrypted data package to obtain the bound data.
In this embodiment, when the data amount of the bound data is too large, it is not favorable for transmission. Therefore, if the data volume of the bound data packet is larger than a preset data volume threshold, a plurality of small data packets obtained by splitting the bound data packet based on the unpacking technology are sent to a second data system through the data source system. At this moment, the bound data packet is split into a plurality of small data packets, which is beneficial to accelerating the transmission speed.
Therefore, the data to be encrypted and the unique key rule identification sent by the data source system are obtained; selecting a target key rule configuration file packet corresponding to the unique key rule identifier from a plurality of preset key rule configuration file packets; each key rule configuration file package comprises a plurality of different key rule configuration files; randomly selecting a key rule configuration file from the target key rule configuration file packet as a target key rule configuration file, and encrypting the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet; and binding the encrypted data packet, the unique key rule identifier and the rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet, sending the bound data packet to a second data system through the data source system, so that the second data system determines a corresponding decryption rule based on the unique key rule identifier and the rule characteristic information, and decrypting the encrypted data packet based on the decryption rule to obtain corresponding decrypted data. Therefore, the application is based on data specifications, correspondingly sets the structured data format, the dynamic rule coding format, the data transmission package structure and the encryption rule, is favorable for realizing the mutual conversion between the original data and the data encryption package of the structured and unstructured mixed structure with large data volume, and reduces the technical complexity, selects a target key rule configuration file from a target key rule configuration file package corresponding to the unique key rule identification by using a random selection method to encrypt the data to be encrypted, determines a decryption rule corresponding to the rule characteristic information corresponding to the target key rule configuration file in a second data system, and decrypts the bound data package, wherein, the random selection method is used, the adoption of a fixed algorithm and a key is avoided, the safety of the data exchange process is improved, in addition, in the process of data transmission after binding, and the bound data is split and transmitted, so that the transmission speed is increased.
Referring to fig. 5, an embodiment of the present application discloses a data exchange method, which is applied to a data center tool in a second data system, where the second data system further includes a data center system; wherein, the method comprises the following steps:
step S21: acquiring a bound data packet created by a data source end tool from the data center system; the bound data packet is obtained by binding an encrypted data packet, a unique key rule identifier and rule feature information corresponding to a target key rule configuration file by the data source end tool, the encrypted data packet is obtained by encrypting data to be encrypted by the data source end tool by using a target key rule configuration file randomly selected from a first target key rule configuration file packet, and the first target key rule configuration file packet is a key rule configuration file packet which is selected by the data source end tool from a plurality of preset key rule configuration file packets and corresponds to the unique key rule identifier.
In this embodiment, after the first data system transmits the bound data packet to the second data system, the data source end tool first obtains the bound data packet created by the data source end tool from the data center system, and then performs corresponding processing on the bound data packet; specifically, the bound data packet is obtained by binding an encrypted data packet, a unique key rule identifier and rule feature information corresponding to a target key rule configuration file by the data source end tool; the encrypted data packet is obtained by encrypting data to be encrypted by the data source end tool by using a target key rule configuration file randomly selected from a first target key rule configuration file packet, and the first target key rule configuration file packet is a key rule configuration file packet which is selected by the data source end tool from a plurality of preset key rule configuration file packets and corresponds to the unique key rule identifier. It should be noted that the first target key rule configuration file package is a key rule configuration file package corresponding to the data source end tool, and a key corresponding to the asymmetric key algorithm in the first target key rule configuration file package is a public key.
Step S22: and searching a second target key rule configuration file package from a plurality of preset key rule configuration file packages by using the unique key rule identification in the bound data package, and searching the second target key rule configuration file package by using the rule characteristic information in the bound data package to determine a corresponding decryption rule.
In this embodiment, the unique key rule identifier is determined from the bound data packet, then a second target key rule configuration file packet corresponding to the unique key rule identifier is searched from a plurality of key rule configuration file packets, and if the second target key rule configuration file packet exists, the second target key rule configuration file packet is searched by using the rule feature information in the bound data packet to find a corresponding algorithm, so as to determine a corresponding decryption rule. The rule feature information is obtained by arranging an identifier of a structured data format, an identifier of a symmetric key algorithm and an identifier of an asymmetric key algorithm based on a data packet number arrangement rule in the data packet naming rule, and it is to be noted that the second target key rule configuration file packet is a key rule configuration file packet corresponding to the data center side tool, and a key corresponding to the asymmetric key algorithm in the second target key rule configuration file packet is a private key.
Specifically, in one embodiment, the bound data is unbound to obtain a target data packet name and an encrypted data packet, and based on the data packet naming rule, the unique key rule identifier, the rule characteristic information and the unique data packet identifier are obtained through the target data packet name, and the rule characteristic information is utilized, searching the second target key rule configuration file packet to find a corresponding algorithm and determine a corresponding decryption rule, wherein the process comprises the steps of determining the identifier of the structured data format, the identifier of the symmetric key algorithm and the identifier of the asymmetric key algorithm from the rule characteristic information by using a data packet number arrangement rule, and determining the corresponding structured data format, the symmetric key algorithm and the asymmetric key algorithm by using the identifier.
In another specific embodiment, the bound data is unbound to obtain a target identification file and an encrypted data packet, the target identification file is analyzed to obtain the rule characteristic information, the key rule unique identifier and the data packet unique identifier, and then the second target key rule configuration file packet is searched by using the rule characteristic information to find a corresponding algorithm to determine a corresponding decryption rule.
Step S23: and decrypting the encrypted data packet in the bound data packet based on the decryption rule to obtain corresponding decrypted data.
In this embodiment, the decryption rule is obtained, and the encrypted data packet in the bound data packet is decrypted based on the decryption rule. Specifically, the identifier of the structured data format, the identifier of the symmetric key algorithm, and the identifier of the asymmetric key algorithm are determined from the rule feature information by using the data packet number arrangement rule, and the corresponding structured data format, the symmetric key algorithm, and the asymmetric key algorithm are determined by using the identifiers; then, the encrypted data packet is decrypted and decompressed by the symmetric key algorithm to obtain an encrypted compressed packet and an unstructured data file, the encrypted compressed packet is decompressed and decrypted by a private key corresponding to the asymmetric key algorithm to obtain an encoded structured data file, the encoded structured data file is format-decoded to obtain structured data, and finally the obtained decrypted data are the structured data and the unstructured data file.
Therefore, the method and the device for data source end tool binding acquire the bound data packet created by the data source end tool from the data center system; the bound data packet is obtained by binding an encrypted data packet, a unique key rule identifier and rule feature information corresponding to a target key rule configuration file by the data source end tool, the encrypted data packet is obtained by encrypting data to be encrypted by the data source end tool by using a target key rule configuration file randomly selected from a first target key rule configuration file packet, and the first target key rule configuration file packet is a key rule configuration file packet which is selected by the data source end tool from a plurality of preset key rule configuration file packets and corresponds to the unique key rule identifier; then, by using the unique key rule identifier in the bound data packet, searching a second target key rule configuration file packet from a plurality of preset key rule configuration file packets, and by using the rule characteristic information in the bound data packet, searching the second target key rule configuration file packet to determine a corresponding decryption rule; and finally, decrypting the encrypted data packet in the bound data packet based on the decryption rule to obtain corresponding decrypted data. The method and the device determine a decryption rule corresponding to the encryption process according to the rule characteristic information, and then decrypt the bound data packet by using the decryption rule to obtain decrypted data comprising structured data and unstructured data files. The method can ensure the correctness of the decryption rule and also ensure the safety of the data exchange process.
Referring to FIG. 6, a process for the rules engine system to create a key rule profile package is shown. The method specifically comprises the following steps:
firstly, a user terminal inputs a secret key consisting of 8-bit letters and numbers in a rule engine system, and the rule engine system generates a root secret key and a secret key configuration unique identifier according to an input result of the user terminal;
secondly, the root key is dispersed, and each class of symmetric key algorithm key, each class of asymmetric key algorithm private key and each class of public key are respectively generated; the kinds of symmetric key algorithms include SM4 (original name SMs 4.0), AES (Advanced Encryption Standard), and the like; the kinds of asymmetric key algorithms include SM2, RSA, etc.;
thirdly, configuring random factors in a user-defined manner, namely configuring dynamic combination rules, wherein the dynamic combination rules comprise multi-class symmetric key algorithm identifications, multi-class asymmetric key algorithm identifications, multi-class structured data formats, unique identification algorithms (timestamps/UUIDs and the like) of various data packets, and dynamic arrangement rules of data packet numbers of non-fixed parts in the data packet naming rules; the types of the structured data formats include JSON (JavaScript Object notification, JS, Object Notation), XML (eXtensible Markup Language), sqlite, and the like;
fourthly, the rule engine system generates a first key rule configuration file packet corresponding to the data source end tool based on the key rule unique identifier, the symmetric key algorithm key, the asymmetric key algorithm public key and the dynamic combination rule and generates a second key rule configuration file packet corresponding to the data center end tool based on the key rule unique identifier, the symmetric key algorithm key, the asymmetric key algorithm private key and the dynamic combination rule according to the steps;
and fifthly, the rule engine system respectively sends the first key rule configuration file packets corresponding to the data source end tool and respectively sends the second key rule configuration file packets corresponding to the data center end tool, and the unique key configuration identification is recorded in the data source system.
Referring to fig. 7, a whole process of data exchange in the present application is shown, where the whole process of data exchange includes converting data to be encrypted into a bound data packet, transmitting the bound data packet, and converting the bound data packet into decrypted data, and specifically includes:
firstly, a data source system forms data to be encrypted into a structured data format; calling a data source end tool integration interface through an HTTP (Hyper Text Transfer Protocol) interface, and transmitting a key configuration unique identifier, structured data and an unstructured data compression packet for generating an encrypted data packet;
and step two, data checking: checking whether the first key rule configuration file packet corresponding to the unique identifier of the key rule exists, if not, returning an error, and ending this time; if the structured data exists, analyzing the structured data, decompressing the unstructured data compression packet, checking whether an associated unstructured data file exists in the structured data, if not, returning error information, ending the process, and if so, performing a third step;
thirdly, selecting a first key rule configuration file package corresponding to the unique key rule identification, and randomly selecting a key rule configuration file from the first key rule configuration file package;
fourthly, according to the structured data format in the key rule configuration file, carrying out corresponding format coding on the structured data to generate a structured data file; according to an asymmetric key algorithm in a key rule configuration file, encrypting and compressing the structured data file by using a public key of the asymmetric key algorithm to obtain a structured data encryption compression packet; the structured data encryption compression packet, the decompressed unstructured data file are merged and compressed and encrypted according to a symmetric key algorithm in a key rule configuration file to obtain an encrypted data packet; renaming the encrypted data packet by using the unique identifier of the data packet in the key rule configuration file to obtain a bound data packet; recording a structured data format identifier, an asymmetric key algorithm identifier and a symmetric key algorithm identifier;
fifthly, returning the unique identifier and the storage path of the data packet to the data source system so as to find the bound data packet;
sixthly, the data source system transmits the bound data packet according to the integration specification of the data source system and the data center system;
and seventhly, after the data center system receives the bound data packet, calling a data center end tool integration interface for analysis, then, firstly, carrying out data check by the data center end tool, analyzing the name of the target data packet to obtain a unique key rule identifier, and finding a corresponding second key rule configuration file packet. If not, returning an error, and ending this time; if the finding is successful, performing the eighth step;
eighthly, obtaining a symmetric key algorithm identifier, an asymmetric key algorithm identifier, a structured data format identifier and a unique data package identifier according to the name of a target data package, configuring a file package based on a second key rule, decrypting an encrypted data package according to a symmetric key algorithm corresponding to the symmetric key algorithm identifier, decompressing to obtain an unstructured data file and a structured data encrypted compressed package, then decompressing and decrypting a private key in the asymmetric key algorithm corresponding to the asymmetric key algorithm identifier to obtain a structured data file, and finally analyzing the structured data file according to the structured data format identifier to obtain structured data; the symmetric key algorithm identification, the asymmetric key algorithm identification and the structured data format identification form rule characteristic information;
and step nine, returning the structured data, the unstructured data files and the unique identifier of the data packet to the data center system.
Referring to fig. 8, a process of creating a new key rule configuration file package by the rule engine system is shown, and the specific process is similar to the process of creating a key rule configuration file package by the rule engine system in fig. 6:
firstly, a user terminal generates a new root key and a new key configuration unique identifier in a rule engine system, and further generates a new key rule configuration file package, referring to fig. 6;
and secondly, completing the configuration of a second new key rule configuration file packet corresponding to the data center end tool in the data center end tool, and recording a unique identifier of new key configuration in a data center system. If the old key rule configuration file package is not needed, the old key rule configuration file package can be unloaded or not;
and fourthly, completing the configuration of a first new key rule configuration file packet corresponding to the data source end tool in the data source end tool, and recording a unique identifier of the new key configuration in the data source system. If the data center no longer doubles as the old key rule configuration file package, it may or may not be offloaded.
In the process, firstly, a data specification is formulated by creating a key rule configuration file packet and the like, and a structured data format, a dynamic rule coding format, a data packet structure and an encryption rule are standardized, so that the mutual conversion between the original data and the data encryption packet of a large-data-volume structured and unstructured mixed structure can be realized, and the technical complexity is reduced. A data security strategy in a non-fixed mode is formulated, and each encrypted data packet is generated under the action of random factors (algorithms, structured file formats and numbering rules) and can be correctly identified, analyzed and received. A data exchange system is established, and a set of lightweight data interaction tools and a system which are easy to integrate and use are adopted, so that the requirements of large-data-volume mixed data transmission, multi-source platform integration, offline encryption and decryption, key alternation and the like are met, and the data exchange process is safer.
Referring to fig. 9, an embodiment of the present application discloses a data source end tool, including:
the data acquisition module 11 is configured to acquire data to be encrypted and a unique key rule identifier sent by a data source system; wherein the data source system and the data source end tool are both located on a first data system;
a configuration file package selection module 12, configured to select a target key rule configuration file package corresponding to the unique key rule identifier from a plurality of preset key rule configuration file packages; each key rule configuration file package comprises a plurality of different key rule configuration files;
a configuration file selection module 13, configured to randomly select a key rule configuration file from the target key rule configuration file package as a target key rule configuration file;
the data encryption module 14 is configured to encrypt the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet;
and the data binding module 15 is configured to bind the encrypted data packet, the unique key rule identifier, and the rule feature information corresponding to the target key rule configuration file to obtain a corresponding bound data packet, and send the bound data packet to a second data system through the data source system, so that the second data system determines a corresponding decryption rule based on the unique key rule identifier and the rule feature information, and decrypts the encrypted data packet based on the decryption rule to obtain corresponding decrypted data.
For more specific working processes of the modules, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
Therefore, the data to be encrypted and the unique key rule identification sent by the data source system are obtained; selecting a target key rule configuration file packet corresponding to the unique key rule identifier from a plurality of preset key rule configuration file packets; each key rule configuration file package comprises a plurality of different key rule configuration files; randomly selecting a key rule configuration file from the target key rule configuration file packet as a target key rule configuration file, and encrypting the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet; and binding the encrypted data packet, the unique key rule identifier and the rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet, sending the bound data packet to a second data system through the data source system, so that the second data system determines a corresponding decryption rule based on the unique key rule identifier and the rule characteristic information, and decrypting the encrypted data packet based on the decryption rule to obtain corresponding decrypted data. Therefore, the target key rule configuration file is selected from the target key rule configuration file packet corresponding to the unique key rule identifier by using a random selection method to encrypt data to be encrypted, the decryption rule corresponding to the rule characteristic information corresponding to the target key rule configuration file is determined in the second data system, and the bound data packet is decrypted, wherein the random selection method is used, so that the adoption of a fixed algorithm and a key is avoided, and the safety of a data exchange process is improved.
Referring to fig. 10, an embodiment of the present application discloses a data center end tool, including:
a data packet obtaining module 21, configured to obtain, from the data center system, a bound data packet created by the data source end tool; the bound data packet is obtained by binding an encrypted data packet, a unique key rule identifier and rule feature information corresponding to a target key rule configuration file by the data source end tool, the encrypted data packet is obtained by encrypting data to be encrypted by the data source end tool by using a target key rule configuration file randomly selected from a first target key rule configuration file packet, and the first target key rule configuration file packet is a key rule configuration file packet which is selected by the data source end tool from a plurality of preset key rule configuration file packets and corresponds to the unique key rule identifier; wherein the data center system and the data center end tool are both located on a second data system;
the first searching module 22 is configured to search a second target key rule configuration file package from a plurality of preset key rule configuration file packages by using the unique key rule identifier in the bound data package;
the second search module 23 is configured to search the second target key rule configuration file package by using the rule feature information in the bound data package to determine a corresponding decryption rule;
and the data decryption module 24 is configured to decrypt the encrypted data packet in the bound data packet based on the decryption rule to obtain corresponding decrypted data.
For more specific working processes of the modules, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
Therefore, the bound data packet created by the data source end tool is obtained from the data center system; the bound data packet is obtained by binding an encrypted data packet, a unique key rule identifier and rule feature information corresponding to a target key rule configuration file by the data source end tool, the encrypted data packet is obtained by encrypting data to be encrypted by the data source end tool by using a first target key rule configuration file randomly selected from a target key rule configuration file packet, and the first target key rule configuration file packet is a key rule configuration file packet which is selected by the data source end tool from a plurality of preset key rule configuration file packets and corresponds to the unique key rule identifier; then, by using the unique key rule identifier in the bound data packet, searching a second target key rule configuration file packet from a plurality of preset key rule configuration file packets, and by using the rule characteristic information in the bound data packet, searching the second target key rule configuration file packet to determine a corresponding decryption rule; and finally, decrypting the encrypted data packet in the bound data packet based on the decryption rule to obtain corresponding decrypted data. The method and the device determine a decryption rule corresponding to the encryption process according to the rule characteristic information, and then decrypt the bound data packet by using the decryption rule to obtain decrypted data comprising structured data and unstructured data files. The method can ensure the correctness of the decryption rule and the safety of the data exchange process.
Referring to fig. 11, an embodiment of the present application discloses a data exchange system, which includes a first data system 31 and a second data system 32, where the first data system includes a data source end tool and a data source system, and the second data system includes a data center end tool and a data center system; wherein,
the data source system 311 is configured to send data to be encrypted and a unique key rule identifier to the data source end tool;
the data source end tool 312 is configured to select a first target key rule configuration file packet corresponding to the unique key rule identifier from a plurality of preset key rule configuration file packets; each first key rule configuration file package comprises a plurality of different key rule configuration files; randomly selecting a key rule configuration file from the first target key rule configuration file packet as a target key rule configuration file, and encrypting the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet; binding the encrypted data packet, the unique key rule identifier and the rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet;
the data center system 321 is configured to receive the bound data packet obtained from the data source end tool and sent by the data source system;
the data center side tool 322 is configured to find a second target key rule configuration file package from a plurality of preset key rule configuration file packages by using the unique key rule identifier in the bound data package, find the second target key rule configuration file package by using the rule feature information in the bound data package, determine a corresponding decryption rule, and decrypt the encrypted data package in the bound data package based on the decryption rule to obtain corresponding decrypted data.
For the more specific working process, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
Therefore, the data to be encrypted and the unique key rule identification sent by the data source system are obtained; selecting a first target key rule configuration file package corresponding to the unique key rule identifier from a plurality of preset key rule configuration file packages; each first key rule configuration file package comprises a plurality of different key rule configuration files; randomly selecting a key rule configuration file from the first target key rule configuration file packet as a target key rule configuration file, and encrypting the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet; binding the encrypted data packet, the unique key rule identifier and the rule feature information corresponding to the target key rule configuration file to obtain a corresponding bound data packet, sending the bound data packet to a second data system through the data source system, then searching a second target key rule configuration file packet from a plurality of preset key rule configuration file packets by using the unique key rule identifier in the bound data packet, and searching the second target key rule configuration file packet by using the rule feature information in the bound data packet to determine a corresponding decryption rule; and finally, decrypting the encrypted data packet in the bound data packet based on the decryption rule to obtain corresponding decrypted data. And decrypting the encrypted data packet based on the decryption rule to obtain corresponding decrypted data. Therefore, the method selects the target key rule configuration file from the first target key rule configuration file packet corresponding to the unique key rule identifier by using a random selection method to encrypt the data to be encrypted, determines the decryption rule corresponding to the encryption process according to the rule characteristic information in the second data system, and decrypts the bound data packet by using the decryption rule to obtain the decrypted data comprising the structured data and the unstructured data file. The random selection method is used, so that the adoption of a fixed algorithm and a secret key is avoided, the correctness of a decryption rule is ensured, and the safety of a data exchange process is also ensured.
Further, an embodiment of the present application further provides an electronic device, where the electronic device 40 may specifically include: at least one processor 41, at least one memory 42, a power supply 43, an input output interface 44, a communication interface 45, and a communication bus 46. Wherein the memory 42 is used for storing a computer program, which is loaded and executed by the processor 41 to implement the relevant steps of the data exchange method disclosed in any of the foregoing embodiments.
In this embodiment, the power supply 43 is used to provide operating voltage for each hardware device on the electronic device 40; the communication interface 45 can create a data transmission channel between the electronic device 40 and an external device, and a communication protocol followed by the communication interface is any communication protocol applicable to the technical solution of the present application, and is not specifically limited herein.
In addition, the storage 42 is a non-volatile storage that may include a random access memory as a running memory and a storage purpose for an external memory, and the storage resources thereon include an operating system 421, a computer program 422, and the like, and the storage may be a transient storage or a permanent storage.
The operating system 421 is used to manage and control each hardware device and computer program 422 on the electronic device 40 on the source host, and the operating system 421 may be Windows, Unix, Linux, or the like. The computer program 422 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the data exchange method performed by the electronic device 40 disclosed in any of the foregoing embodiments.
In this embodiment, the input/output interface 44 may specifically include, but is not limited to, a USB interface, a hard disk reading interface, a serial interface, a voice input interface, a fingerprint input interface, and the like.
Further, embodiments of the present application disclose a computer-readable storage medium, where the computer-readable storage medium includes a Random Access Memory (RAM), a Memory, a Read-Only Memory (ROM), an electrically programmable ROM, an electrically erasable programmable ROM, a register, a hard disk, a magnetic disk, or an optical disk or any other form of storage medium known in the art. Wherein the computer program realizes the aforementioned data exchange method when executed by a processor. For the specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, which are not described herein again.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the data exchange method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the description of the method part.
The steps of training a task resource schedule or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The data exchange method, tool, system, device and medium provided by the present invention are described in detail above, and the principle and the implementation of the present invention are explained in this document by applying specific examples, and the description of the above examples is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (12)
1. A data exchange method is characterized in that the method is applied to a data source end tool positioned in a first data system, and the first data system also comprises a data source system; wherein the method comprises the following steps:
acquiring data to be encrypted and a unique key rule identifier sent by the data source system;
selecting a target key rule configuration file packet corresponding to the unique key rule identifier from a plurality of preset key rule configuration file packets; each key rule configuration file package comprises a plurality of different key rule configuration files;
randomly selecting a key rule configuration file from the target key rule configuration file packet as a target key rule configuration file, and encrypting the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet;
and binding the encrypted data packet, the unique key rule identifier and the rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet, sending the bound data packet to a second data system through the data source system, so that the second data system determines a corresponding decryption rule based on the unique key rule identifier and the rule characteristic information, and decrypting the encrypted data packet based on the decryption rule to obtain corresponding decrypted data.
2. The data exchange method according to claim 1, wherein the obtaining of the data to be encrypted and the unique identifier of the key rule sent by the data source system comprises:
acquiring a structured data file to be encrypted, an unstructured data compression packet and a unique key rule identifier which are sent by the data source system; the structured data file comprises structured data, a file name of an unstructured data file which is associated with the structured data and a corresponding association relation;
correspondingly, the encrypting the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet includes:
analyzing the structured data file to obtain the structured data, the file name and the association relation in the structured data file;
checking whether an unstructured data file corresponding to the file name exists in the uncompressed unstructured data compression packet or not according to the incidence relation in the structured data file;
if so, carrying out corresponding format coding on the structured data according to the structured data format in the target key rule configuration file to obtain a coded structured data file, and encrypting and compressing the coded structured data file by using an asymmetric key algorithm in the target key rule configuration file to obtain a corresponding structured data encryption compression packet;
and compressing the structured data encryption compression packet and the unstructured data file, and encrypting a compression result by using a symmetric key algorithm in the target key rule configuration file to obtain an encrypted data packet.
3. The data exchange method according to claim 2, wherein before acquiring the data to be encrypted and the unique key rule identifier sent by the data source system, the method further comprises:
acquiring a plurality of key rule configuration file packages which are respectively created by a rule engine system based on a plurality of groups of initial information input by a user terminal; wherein the creation of any key rule profile package comprises the rule engine system generating a root key and a key rule unique identifier using a corresponding set of the initial information, a plurality of symmetric key algorithms, a plurality of asymmetric key algorithms, and a plurality of sets of keys are then generated based on the root key, and acquiring the user terminal self-defined configured identifiers of different symmetric key algorithms, identifiers of different asymmetric key algorithms, a plurality of structured data formats, a plurality of unique data packet identifier generation algorithms and data packet naming rules, and obtaining a key rule configuration file package which corresponds to the key rule unique identifier and comprises a plurality of symmetric key algorithms and corresponding identifiers, a plurality of asymmetric key algorithms and corresponding identifiers, a plurality of structured data formats, a plurality of data package unique identifier generation algorithms and a data package naming rule.
4. The data exchange method according to claim 3, wherein the randomly selecting one key rule profile from the target key rule profile package as a target key rule profile comprises:
extracting the data package naming rule from the target key rule configuration file package, randomly selecting a symmetric key algorithm, an asymmetric key algorithm, a structured data format and a data package unique identifier generation algorithm, and recording corresponding identifiers to obtain the target key rule configuration file;
correspondingly, the binding the encrypted data packet, the unique key rule identifier, and the rule feature information corresponding to the target key rule configuration file to obtain a corresponding bound data packet includes:
generating a unique data packet identifier by using a unique data packet identifier generation algorithm in the target key rule configuration file;
naming the encrypted data packet by using the data packet naming rule in the target key rule configuration file to obtain a target data packet name containing the unique key rule identifier, the rule characteristic information and the unique data packet identifier; the rule characteristic information is obtained by arranging the identification of the structured data format, the identification of the symmetric key algorithm and the identification of the asymmetric key algorithm based on the data packet number arrangement rule in the data packet naming rule;
and taking the target data packet name as a name corresponding to the encrypted data packet to obtain the bound data packet.
5. The data exchange method according to claim 3, wherein the obtaining rule engine system creates a plurality of key rule profile packages based on a plurality of sets of initial information input by the user terminal, respectively, and comprises:
acquiring a plurality of key rule configuration file packages which are created by a rule engine system based on a plurality of groups of initial key information input by a user terminal at different time periods; the initial key information is the key information which is acquired by the user terminal through a preset key information input interface and meets the preset key construction condition; the preset key construction condition comprises a first construction condition determined based on the preset character type and a second construction condition determined based on the preset key length.
6. The data exchange method according to any one of claims 1 to 5, wherein the sending the bound data packet to a second data system through the data source system comprises:
and if the data volume of the bound data packet is larger than a preset data volume threshold value, sending a plurality of small data packets obtained by splitting the bound data packet based on a unpacking technology to a second data system through the data source system.
7. The data exchange method is applied to a data center end tool in a second data system, wherein the second data system also comprises a data center system; wherein the method comprises the following steps:
acquiring a bound data packet created by a data source end tool from the data center system; the bound data packet is obtained by binding an encrypted data packet, a unique key rule identifier and rule feature information corresponding to a target key rule configuration file by the data source end tool, the encrypted data packet is obtained by encrypting data to be encrypted by the data source end tool by using a target key rule configuration file randomly selected from a first target key rule configuration file packet, and the first target key rule configuration file packet is a key rule configuration file packet which is selected by the data source end tool from a plurality of preset key rule configuration file packets and corresponds to the unique key rule identifier;
searching a second target key rule configuration file package from a plurality of preset key rule configuration file packages by using the unique key rule identification in the bound data package, and searching the second target key rule configuration file package by using the rule characteristic information in the bound data package to determine a corresponding decryption rule;
and decrypting the encrypted data packet in the bound data packet based on the decryption rule to obtain corresponding decrypted data.
8. A data source end tool, comprising:
the data acquisition module is used for acquiring data to be encrypted and a unique key rule identifier sent by a data source system; wherein the data source system and the data source end tool are both located on a first data system;
the configuration file package selection module is used for selecting a target key rule configuration file package corresponding to the unique key rule identifier from a plurality of preset key rule configuration file packages; each key rule configuration file package comprises a plurality of different key rule configuration files;
a configuration file selection module for randomly selecting a key rule configuration file from the target key rule configuration file package as a target key rule configuration file;
the data encryption module is used for encrypting the data to be encrypted by utilizing the target key rule configuration file to obtain an encrypted data packet;
and the data binding module is used for binding the encrypted data packet, the unique key rule identifier and the rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet, sending the bound data packet to a second data system through the data source system, so that the second data system determines a corresponding decryption rule based on the unique key rule identifier and the rule characteristic information, and decrypting the encrypted data packet based on the decryption rule to obtain corresponding decrypted data.
9. A data center end tool, comprising:
the data packet acquisition module is used for acquiring a bound data packet created by the data source end tool from the data center system; the bound data packet is obtained by binding an encrypted data packet, a unique key rule identifier and rule feature information corresponding to a target key rule configuration file by the data source end tool, the encrypted data packet is obtained by encrypting data to be encrypted by the data source end tool by using a target key rule configuration file randomly selected from a first target key rule configuration file packet, and the first target key rule configuration file packet is a key rule configuration file packet which is selected by the data source end tool from a plurality of preset key rule configuration file packets and corresponds to the unique key rule identifier; wherein the data center system and the data center end tool are both located on a second data system;
the first searching module is used for searching a second target key rule configuration file package from a plurality of preset key rule configuration file packages by using the unique key rule identification in the bound data package;
the second searching module is used for searching the second target key rule configuration file package by utilizing the rule characteristic information in the bound data package so as to determine a corresponding decryption rule;
and the data decryption module is used for decrypting the encrypted data packet in the bound data packet based on the decryption rule so as to obtain corresponding decrypted data.
10. A data exchange system is characterized by comprising a first data system and a second data system, wherein the first data system comprises a data source end tool and a data source system, and the second data system comprises a data center end tool and a data center system; wherein,
the data source system is used for sending data to be encrypted and a unique key rule identifier to the data source end tool;
the data source end tool is used for selecting a first target key rule configuration file packet corresponding to the unique key rule identifier from a plurality of preset key rule configuration file packets; each first key rule configuration file package comprises a plurality of different key rule configuration files; randomly selecting a key rule configuration file from the first target key rule configuration file packet as a target key rule configuration file, and encrypting the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet; binding the encrypted data packet, the unique key rule identifier and the rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet;
the data center system is configured to receive the bound data packet that is sent by the data source system and acquired from the data source end tool;
the data center end tool is configured to find a second target key rule configuration file package from a plurality of preset key rule configuration file packages by using the unique key rule identifier in the bound data package, find the second target key rule configuration file package by using the rule feature information in the bound data package to determine a corresponding decryption rule, and decrypt the encrypted data package in the bound data package based on the decryption rule to obtain corresponding decrypted data.
11. An electronic device comprising a processor and a memory; wherein the processor, when executing the computer program stored in the memory, implements the data exchange method of any one of claims 1 to 7.
12. A computer-readable storage medium for storing a computer program; wherein the computer program when executed by a processor implements the data exchange method of any one of claims 1 to 7.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111535860 | 2021-12-15 | ||
| CN2021115358601 | 2021-12-15 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114679324A true CN114679324A (en) | 2022-06-28 |
| CN114679324B CN114679324B (en) | 2024-03-12 |
Family
ID=82076802
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210324602.7A Active CN114679324B (en) | 2021-12-15 | 2022-03-30 | Data exchange method, tool, system, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114679324B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118646598A (en) * | 2024-08-13 | 2024-09-13 | 浙江桢数科技有限公司 | Data encryption transmission method based on random key |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1503503A (en) * | 2002-11-26 | 2004-06-09 | ���µ�����ҵ��ʽ���� | Method and device for data encipher/deciphering |
| CN105760765A (en) * | 2016-02-04 | 2016-07-13 | 北京致远协创软件有限公司 | Data encrypting method and device and data decrypting method and device |
| CN107733639A (en) * | 2017-08-24 | 2018-02-23 | 上海壹账通金融科技有限公司 | Key management method, device and readable storage medium storing program for executing |
| CN108123800A (en) * | 2017-12-19 | 2018-06-05 | 腾讯科技(深圳)有限公司 | Key management method, device, computer equipment and storage medium |
| CN108737353A (en) * | 2017-04-25 | 2018-11-02 | 北京国双科技有限公司 | A kind of data ciphering method and device based on data analysis system |
| CN109728902A (en) * | 2018-06-01 | 2019-05-07 | 平安科技(深圳)有限公司 | Key management method, equipment, storage medium and device |
| CN112883388A (en) * | 2021-02-05 | 2021-06-01 | 浙江大华技术股份有限公司 | File encryption method and device, storage medium and electronic device |
-
2022
- 2022-03-30 CN CN202210324602.7A patent/CN114679324B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1503503A (en) * | 2002-11-26 | 2004-06-09 | ���µ�����ҵ��ʽ���� | Method and device for data encipher/deciphering |
| CN105760765A (en) * | 2016-02-04 | 2016-07-13 | 北京致远协创软件有限公司 | Data encrypting method and device and data decrypting method and device |
| CN108737353A (en) * | 2017-04-25 | 2018-11-02 | 北京国双科技有限公司 | A kind of data ciphering method and device based on data analysis system |
| CN107733639A (en) * | 2017-08-24 | 2018-02-23 | 上海壹账通金融科技有限公司 | Key management method, device and readable storage medium storing program for executing |
| CN108123800A (en) * | 2017-12-19 | 2018-06-05 | 腾讯科技(深圳)有限公司 | Key management method, device, computer equipment and storage medium |
| CN109728902A (en) * | 2018-06-01 | 2019-05-07 | 平安科技(深圳)有限公司 | Key management method, equipment, storage medium and device |
| CN112883388A (en) * | 2021-02-05 | 2021-06-01 | 浙江大华技术股份有限公司 | File encryption method and device, storage medium and electronic device |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118646598A (en) * | 2024-08-13 | 2024-09-13 | 浙江桢数科技有限公司 | Data encryption transmission method based on random key |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114679324B (en) | 2024-03-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP2776491B2 (en) | Tag determination method and device | |
| CN114329599B (en) | Data query method and device and storage medium | |
| CN107786331B (en) | Data processing method, device, system and computer readable storage medium | |
| CN112074889B (en) | Hidden search device and hidden search method | |
| CN107908632B (en) | Website file processing method and device, website file processing platform and storage medium | |
| CN112437060B (en) | Data transmission method and device, computer equipment and storage medium | |
| CN104601681A (en) | File fragmentation processing method and device | |
| CN105160210A (en) | Software authorization method and system, software terminal and software management party | |
| CN114285575B (en) | Image encryption and decryption method and device, storage medium and electronic device | |
| EP4020265A1 (en) | Method and device for storing encrypted data | |
| CN108737353B (en) | Data encryption method and device based on data analysis system | |
| CN115002141B (en) | File storage method and device based on block chain | |
| CN114679324B (en) | Data exchange method, tool, system, equipment and medium | |
| CN110008725B (en) | User structured data processing system | |
| CN115001869A (en) | Encryption transmission method and system | |
| CN114338527A (en) | IPv6 active identifier processing method and system | |
| CN112671796B (en) | Google Driver cloud service authentication acquisition method, device, equipment and storage medium | |
| CN117040750A (en) | Certificate request file generation method and device, electronic equipment and storage medium | |
| CN115906128A (en) | Character string processing method, device, equipment and medium | |
| CN114676451B (en) | Electronic document signing method and device, storage medium and electronic equipment | |
| CN113162628B (en) | Data encoding method, data decoding method, terminal and storage medium | |
| CN110517045B (en) | Block chain data processing method, device, equipment and storage medium | |
| CN115361376A (en) | Government affair file uploading method and device, electronic equipment and storage medium | |
| CN114866348B (en) | Data transmission method, device and equipment based on browser and storage medium | |
| CN117390687B (en) | Sensitive data query method and device, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |