CN114679324B

CN114679324B - Data exchange method, tool, system, equipment and medium

Info

Publication number: CN114679324B
Application number: CN202210324602.7A
Authority: CN
Inventors: 李刚; 朱恺真; 游冰; 杨建光; 马超阳; 姬同凯; 梁通; 关俊涛; 贺提胜
Original assignee: Sinomach Internet Research Institute Henan Co ltd
Current assignee: Sinomach Internet Research Institute Henan Co ltd
Priority date: 2021-12-15
Filing date: 2022-03-30
Publication date: 2024-03-12
Anticipated expiration: 2042-03-30
Also published as: CN114679324A

Abstract

The application discloses a data exchange method, a tool, a system, equipment and a medium, wherein the method comprises the following steps: acquiring data to be encrypted and a unique key rule identifier; selecting a target key rule configuration file packet corresponding to the key rule unique identifier; randomly selecting a key rule configuration file as a target key rule configuration file, and encrypting data to be encrypted to obtain an encrypted data packet; and binding the encrypted data packet, the unique key rule identifier and the rule characteristic information to obtain a bound data packet, and sending the bound data packet to a second data system so that the second data system decrypts the encrypted data packet based on the decryption rule to obtain decrypted data. According to the method, the target key rule configuration file is selected by utilizing the random selection method to encrypt the data to be encrypted, the corresponding decryption rule is determined in the second data system to decrypt the bound data packet, the adoption of a fixed algorithm and a key is avoided, and the safety of the data exchange process is improved.

Description

Data exchange method, tool, system, equipment and medium

Technical Field

The present invention relates to the field of information security and data exchange, and in particular, to a data exchange method, tool, system, device, and medium.

Background

Currently, the data transmission encryption method between systems can be classified into a data offline encryption technology, a data online encryption technology, and a data offline and online hybrid encryption technology. The data off-line encryption technology adopts a fixed form algorithm level key to encrypt and decrypt files, the encryption algorithm is single, and the key and encryption rule are overlapped and complicated; the data on-line encryption technology completely depends on a server to encrypt and decrypt data, encryption efficiency is difficult to guarantee, and public internet security is threatened when interaction with a remote encryption server is needed; the data off-line and on-line mixed encryption technology mostly adopts algorithms and secret keys to solidify locally, variable factors such as random numbers are acquired through a server side during encryption, and mixed encryption is carried out, but the problems that the realization technology is complex, the integration of a multi-terminal system is difficult and the like exist.

In summary, how to reduce the technical complexity and improve the security of data exchange is a problem to be solved.

Disclosure of Invention

Accordingly, the present invention is directed to a data exchange method, which can reduce the technical complexity and improve the security of data exchange. The specific scheme is as follows:

In a first aspect, the present application discloses a data exchange method applied to a data source end tool located in a first data system, where the first data system further includes a data source system; wherein the method comprises the following steps:

acquiring data to be encrypted and a unique key rule identifier sent by the data source system;

selecting a target key rule configuration file packet corresponding to the key rule unique identifier from a plurality of preset key rule configuration file packets; each key rule configuration file package comprises a plurality of different key rule configuration files;

randomly selecting a key rule configuration file from the target key rule configuration file packet as a target key rule configuration file, and encrypting the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet;

binding the encrypted data packet, the unique key rule identifier and rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet, and sending the bound data packet to a second data system through the data source system, so that the second data system determines a corresponding decryption rule based on the unique key rule identifier and the rule characteristic information, and decrypts the encrypted data packet based on the decryption rule to obtain corresponding decryption data.

Optionally, the obtaining the data to be encrypted and the unique identifier of the key rule sent by the data source system includes:

obtaining a structured data file to be encrypted, an unstructured data compression packet and a key rule unique identifier which are sent by the data source system; the structured data file comprises structured data, file names of unstructured data files associated with the structured data and corresponding association relations;

correspondingly, the encrypting the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet includes:

analyzing the structured data file to obtain the structured data, the file name and the association relationship in the structured data file;

checking whether the unstructured data files corresponding to the file names exist in the decompressed unstructured data compression package according to the association relation in the structured data files;

if so, carrying out corresponding format coding on the structured data according to the structured data format in the target key rule configuration file to obtain a coded structured data file, and encrypting and compressing the coded structured data file by utilizing an asymmetric key algorithm in the target key rule configuration file to obtain a corresponding structured data encryption compression packet;

And compressing the structured data encryption compression packet and the unstructured data file, and encrypting a compression result by utilizing a symmetric key algorithm in the target key rule configuration file to obtain an encrypted data packet.

Optionally, before the obtaining the data to be encrypted and the unique identifier of the key rule sent by the data source system, the method further includes:

acquiring a plurality of key rule configuration file packages which are respectively created by a rule engine system based on a plurality of groups of initial information input by a user terminal; the method comprises the steps that a rule engine system generates a root key and a unique key rule identifier by using a corresponding group of initial information, then generates a plurality of symmetric key algorithms, a plurality of asymmetric key algorithms and a plurality of groups of keys based on the root key, and obtains identifiers of different symmetric key algorithms, identifiers of different asymmetric key algorithms, a plurality of structured data formats, a plurality of unique data packet identifier generating algorithms and a unique data packet naming rule which are configured by user terminal in a self-defining manner, so as to obtain the unique key rule configuration file packet which corresponds to the unique key rule identifier and comprises a plurality of symmetric key algorithms, a corresponding identifier, a plurality of asymmetric key algorithms, a corresponding identifier, a plurality of structured data formats, a plurality of unique data packet identifier generating algorithms and a unique data packet naming rule.

Optionally, the selecting a key rule configuration file from the target key rule configuration file package at random as the target key rule configuration file includes:

extracting the data packet naming rule from the target key rule configuration file packet, randomly selecting a symmetric key algorithm, an asymmetric key algorithm, a structured data format and a data packet unique identifier generation algorithm, and recording corresponding identifiers to obtain the target key rule configuration file;

correspondingly, the binding the encrypted data packet, the unique identifier of the key rule and the rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet includes:

generating a unique data packet identifier by using a unique data packet identifier generating algorithm in the target key rule configuration file;

naming the encrypted data packet by using the data packet naming rule in the target key rule configuration file to obtain a target data packet name containing the unique key rule identifier, the rule characteristic information and the unique data packet identifier; the rule characteristic information is characteristic information obtained by arranging the identification of the structured data format, the identification of the symmetric key algorithm and the identification of the asymmetric key algorithm based on a data packet number arrangement rule in the data packet naming rule;

And taking the name of the target data packet as the corresponding name of the encrypted data packet to obtain the bound data packet.

Optionally, the obtaining rule engine system creates a plurality of key rule configuration file packages based on a plurality of sets of initial information input by the user terminal, and the obtaining rule engine system includes:

the method comprises the steps that a rule engine system obtains a plurality of key rule configuration file packages which are created based on a plurality of groups of initial key information input by a user terminal in different time periods respectively; the initial key information is key information meeting preset key construction conditions, which is acquired by the user terminal through a preset key information input interface; the preset key construction conditions include a first construction condition determined based on a preset character type and a second construction condition determined based on a preset key length.

Optionally, the sending, by the data source system, the bound data packet to a second data system includes:

and if the data volume of the bound data packet is larger than a preset data volume threshold, sending a plurality of small data packets obtained by splitting the bound data packet based on a unpacking technology to a second data system through the data source system.

In a second aspect, the present application discloses a data exchange method applied to a data center end tool in a second data system, where the second data system further includes a data center system; wherein the method comprises the following steps:

acquiring a bound data packet created by a data source end tool from the data center system; the data package after binding is a data package obtained by binding an encrypted data package, a key rule unique identifier and rule characteristic information corresponding to a target key rule configuration file by the data source end tool, wherein the encrypted data package is a data package obtained by encrypting data to be encrypted by the data source end tool through a target key rule configuration file randomly selected from a first target key rule configuration file package, and the first target key rule configuration file package is a key rule configuration file package corresponding to the key rule unique identifier selected by the data source end tool from a plurality of preset key rule configuration file packages;

searching a second target key rule configuration file package from a plurality of preset key rule configuration file packages by utilizing the unique key rule identifier in the bound data package, and searching the second target key rule configuration file package by utilizing the rule characteristic information in the bound data package so as to determine a corresponding decryption rule;

And carrying out decryption processing on the encrypted data packet in the bound data packet based on the decryption rule so as to obtain corresponding decrypted data.

In a third aspect, the present application discloses a data source side tool comprising:

the data acquisition module is used for acquiring the data to be encrypted and the unique key rule identifier, which are sent by the data source system; wherein the data source system and the data source end tool are both located in a first data system;

the configuration file package selection module is used for selecting a target key rule configuration file package corresponding to the key rule unique identifier from a plurality of preset key rule configuration file packages; each key rule configuration file package comprises a plurality of different key rule configuration files;

the configuration file selection module is used for randomly selecting a key rule configuration file from the target key rule configuration file packet to serve as a target key rule configuration file;

the data encryption module is used for encrypting the data to be encrypted by utilizing the target key rule configuration file so as to obtain an encrypted data packet;

and the data binding module is used for binding the encrypted data packet, the unique key rule identifier and rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet, and sending the bound data packet to a second data system through the data source system, so that the second data system determines a corresponding decryption rule based on the unique key rule identifier and the rule characteristic information, and carries out decryption processing on the encrypted data packet based on the decryption rule to obtain corresponding decryption data.

In a fourth aspect, the present application discloses a data center end tool comprising:

the data packet acquisition module is used for acquiring the bound data packet created by the data source end tool from the data center system; the data package after binding is a data package obtained by binding an encrypted data package, a key rule unique identifier and rule characteristic information corresponding to a target key rule configuration file by the data source end tool, wherein the encrypted data package is a data package obtained by encrypting data to be encrypted by the data source end tool through a target key rule configuration file randomly selected from a first target key rule configuration file package, and the first target key rule configuration file package is a key rule configuration file package corresponding to the key rule unique identifier selected by the data source end tool from a plurality of preset key rule configuration file packages; wherein the data center system and the data center end tool are both located in a second data system;

the first searching module is used for searching a second target key rule configuration file packet from a plurality of preset key rule configuration file packets by utilizing the unique key rule identifier in the bound data packet;

The second searching module is used for searching the second target key rule configuration file package by utilizing the rule characteristic information in the bound data package so as to determine a corresponding decryption rule;

and the data decryption module is used for decrypting the encrypted data packets in the bound data packets based on the decryption rule so as to obtain corresponding decrypted data.

In a fifth aspect, the present application discloses a data exchange system comprising a first data system comprising a data source end tool and a data source system and a second data system comprising a data center end tool and a data center system; wherein,

the data source system is used for sending data to be encrypted and a unique key rule identifier to the data source end tool;

the data source end tool is used for selecting a first target key rule configuration file packet corresponding to the key rule unique identifier from a plurality of preset key rule configuration file packets; each first key rule configuration file package comprises a plurality of different key rule configuration files; randomly selecting a key rule configuration file from the first target key rule configuration file packet as a target key rule configuration file, and encrypting the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet; binding the encrypted data packet, the unique key rule identifier and rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet;

The data center system is used for receiving the bound data packet which is sent by the data source system and obtained from the data source end tool;

the data center end tool is configured to search a second target key rule configuration file package from a plurality of preset key rule configuration file packages by using the unique key rule identifier in the bound data package, search the second target key rule configuration file package by using the rule characteristic information in the bound data package to determine a corresponding decryption rule, and then decrypt the encrypted data package in the bound data package based on the decryption rule to obtain corresponding decryption data.

In a sixth aspect, the present application discloses an electronic device comprising a processor and a memory; wherein the processor implements the previously disclosed data exchange method when executing the computer program stored in the memory.

In a seventh aspect, the present application discloses a computer-readable storage medium for storing a computer program; wherein the computer program, when executed by a processor, implements the data exchange method disclosed previously.

As can be seen, the method and the device acquire the data to be encrypted and the unique identifier of the key rule, which are sent by the data source system; selecting a target key rule configuration file packet corresponding to the key rule unique identifier from a plurality of preset key rule configuration file packets; each key rule configuration file package comprises a plurality of different key rule configuration files; randomly selecting a key rule configuration file from the target key rule configuration file packet as a target key rule configuration file, and encrypting the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet; binding the encrypted data packet, the unique key rule identifier and rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet, and sending the bound data packet to a second data system through the data source system, so that the second data system determines a corresponding decryption rule based on the unique key rule identifier and the rule characteristic information, and decrypts the encrypted data packet based on the decryption rule to obtain corresponding decryption data. Therefore, the method is easy to use, the technical complexity is reduced, in addition, the random selection method is used, the adoption of a fixed algorithm and a secret key is avoided, and the safety of the data exchange process is improved.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.

Fig. 1 is a flowchart of a data exchange method provided in the present application.

Fig. 2 is a schematic diagram of association between structured data and unstructured data files.

Fig. 3 is a schematic diagram of a specific encryption method provided in the present application.

Fig. 4 is a schematic diagram of a packet naming method according to the present application.

Fig. 5 is a flowchart of a data exchange method provided in the present application.

Fig. 6 is a schematic diagram of a process for creating a key rule profile package.

Fig. 7 is a schematic diagram of a process for data exchange provided herein.

Fig. 8 is a schematic diagram of a new key rule profile package creation process provided in the present application.

Fig. 9 is a schematic diagram of a data source tool provided in the present application.

Fig. 10 is a schematic diagram of a data center end tool provided in the present application.

Fig. 11 is a schematic diagram of a data exchange system according to the present application.

Fig. 12 is a block diagram of an electronic device provided in the present application.

Detailed Description

The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

The current inter-system data transmission encryption method has the problems of public internet security threat and complex realization technology. In order to overcome the problems, the application provides a data exchange scheme which can reduce technical complexity and improve the safety of a data exchange process.

Referring to fig. 1, an embodiment of the application discloses a data exchange method applied to a data source end tool located in a first data system, where the first data system further includes a data source system; wherein the method comprises the following steps:

Step S11: and acquiring the data to be encrypted and the unique key rule identifier sent by the data source system.

In this embodiment, before performing a data exchange process, a data exchange system needs to be established, and an initialization configuration is performed to perform data specification, and specifically, a rule engine system creates a plurality of key rule configuration file packages based on a plurality of sets of initial information input by a user terminal respectively; the method comprises the steps that a rule engine system generates a root key and a unique key rule identifier by using a corresponding group of initial information, then generates a plurality of symmetric key algorithms, a plurality of asymmetric key algorithms and a plurality of groups of keys based on the root key, and obtains identifiers of different symmetric key algorithms, identifiers of different asymmetric key algorithms, a plurality of structured data formats, a plurality of unique data packet identifier generating algorithms and a unique data packet naming rule which are configured by user terminal in a self-defining manner, so as to obtain the unique key rule configuration file packet which corresponds to the unique key rule identifier and comprises a plurality of symmetric key algorithms, a corresponding identifier, a plurality of asymmetric key algorithms, a corresponding identifier, a plurality of structured data formats, a plurality of unique data packet identifier generating algorithms and a unique data packet naming rule. The symmetric key algorithm is an encryption method adopting a single key cryptosystem, and the same key can be used for encrypting and decrypting information at the same time; the asymmetric key algorithm is an encryption method adopting a public key and a private key cryptosystem, wherein the public key is used for encrypting data, and the private key is used for decrypting data. It should be noted that, the public key corresponding to the asymmetric key algorithm is utilized when the key rule configuration file packet corresponding to the data source end tool is created, and the private key corresponding to the asymmetric key algorithm is utilized when the key rule configuration file packet corresponding to the data center end tool is created.

It may be understood that, in the process of creating the plurality of key rule configuration file packages by the rule engine system based on the plurality of sets of initial information input by the user terminal, the initial information may be initial key information, specifically, the initial key information is key information that satisfies a preset key construction condition and is acquired by the user terminal through a preset key information input interface, and in addition, the preset key construction condition includes a first construction condition determined based on a preset character type and a second construction condition determined based on a preset key length. For example, the preset character type corresponding to the first construction condition is an letter and a number, and the preset key length corresponding to the second construction condition is 8 bits.

It should be noted that, the process of creating the plurality of key rule profile packages by the rule engine system based on the plurality of sets of initial information input by the user terminal is in different time periods, but the plurality of key rule profile packages may exist at the same time. When the new key rule configuration file package needs to be created, new initial information input by the user terminal is acquired to create the new key rule configuration file package, and the old key rule configuration file package existing before can be deleted or can exist together with the new key rule configuration file package.

In this embodiment, obtaining the data to be encrypted sent by the data source system specifically includes obtaining a structured data file to be encrypted and an unstructured data compression packet sent by the data source system, where the structured data file includes structured data, a file name of the unstructured data file associated with the structured data, and a corresponding association relationship. As shown in fig. 2, the association relationship is embodied in a structured data interaction format. It should be noted that the structured data file in the data to be encrypted is in JSON (JavaScript Object Notation, JS object profile) format. Wherein the structured data is data which can be logically expressed and realized by a two-dimensional table structure, and strictly conforms to the data format and length specification; unstructured data is data opposite to structured data, is not suitable for being represented by a two-dimensional table, and comprises office documents in all formats, various reports, pictures, audio and video information and other files; it should be noted that, in order to ensure integration between cross-platform systems, JSON format is adopted during data exchange.

In this embodiment, before obtaining the unique identifier of the key rule sent by the data source system, the rule engine system is required to first generate the unique identifier of the key rule, and send the unique identifier of the key rule to the data source system; wherein, a group of initial information corresponds to a key rule unique identifier.

Step S12: selecting a target key rule configuration file packet corresponding to the key rule unique identifier from a plurality of preset key rule configuration file packets; each key rule profile package includes a plurality of different key rule profiles.

In this embodiment, after obtaining the unique key rule identifier sent by the data source system, selecting a target key rule configuration file packet corresponding to the unique key rule identifier from a plurality of preset key rule configuration file packets created by a rule engine system; each key rule profile package includes a plurality of different key rule profiles.

Step S13: and randomly selecting a key rule configuration file from the target key rule configuration file packet as a target key rule configuration file, and encrypting the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet.

In this embodiment, after determining the target key rule configuration file packet corresponding to the unique key rule identifier, a key rule configuration file is selected from the target key rule configuration file packet based on a random selection method to be used as a target key rule configuration file. Specifically, the data packet naming rule is extracted from the target key rule configuration file packet based on a random selection method, and a symmetric key algorithm, an asymmetric key algorithm, a structured data format and a data packet unique identifier generation algorithm are randomly selected and corresponding identifiers are recorded to obtain the target key rule configuration file. The random selection method has non-stationarity, and is beneficial to improving the safety of the data exchange process.

In this embodiment, after the target key rule configuration file is selected, further judgment is required to determine whether to perform the encryption process. Firstly judging whether the target key rule configuration file exists in the data source tool, and then judging whether the unstructured data file corresponding to the structured data file exists in the decompressed unstructured data compression packet. Specifically, the structured data file is analyzed to obtain the structured data, the file name and the association relationship in the structured data file, and then whether the unstructured data file corresponding to the file name exists in the decompressed unstructured data compression package or not is checked according to the association relationship in the structured data file; and if the unstructured data file corresponding to the file name exists in the unstructured data compression packet, carrying out corresponding format coding on the structured data according to a structured data format in the target key rule configuration file to obtain a coded structured data file, encrypting and compressing the coded structured data file by utilizing an asymmetric key algorithm in the target key rule configuration file to obtain a corresponding structured data encryption compression packet, and finally compressing the structured data encryption compression packet and the unstructured data file and encrypting a compression result by utilizing a symmetric key algorithm in the target key rule configuration file to obtain an encrypted data packet. As shown in fig. 3, the generation process of the encrypted data packet is shown; the encryption process uses a data envelope technology, wherein the data envelope technology is a technology for carrying out data security transmission by comprehensively utilizing the advantages of a symmetric encryption technology and an asymmetric encryption technology; the structured data file adopts an asymmetric key algorithm, the encrypted structured data file and unstructured data are combined, a final data packet is encrypted by adopting the symmetric key algorithm, and then the final data packet is used for transmission; the method not only plays a role of higher security of the asymmetric key algorithm, but also plays the advantages of high speed and good security of the symmetric key algorithm, and is beneficial to improving the security of the data exchange process.

Step S14: binding the encrypted data packet, the unique key rule identifier and rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet, and sending the bound data packet to a second data system through the data source system, so that the second data system determines a corresponding decryption rule based on the unique key rule identifier and the rule characteristic information, and decrypts the encrypted data packet based on the decryption rule to obtain corresponding decryption data.

In this embodiment, the rule feature information is feature information obtained by arranging the identifier of the structured data format, the identifier of the symmetric key algorithm, and the identifier of the asymmetric key algorithm based on the packet number arrangement rule in the packet naming rule.

In this embodiment, after a target key rule configuration file is selected and an encrypted data packet is further obtained, a unique data packet identifier is generated by using a unique data packet identifier generating algorithm in the target key rule configuration file. And binding the encrypted data packet, the unique key rule identifier, the unique data packet identifier and rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet. The binding in particular may represent a variety of situations.

In a specific embodiment, the naming rule of the data packet in the target key rule configuration file is utilized to conduct naming processing on the encrypted data packet so as to obtain a target data packet name containing the unique identifier of the key rule, the rule characteristic information and the unique identifier of the data packet, and then the target data packet name is used as a name corresponding to the encrypted data packet so as to obtain the bound data packet. The data packet naming rule is a rule obtained by arranging the unique key rule identifier, the rule characteristic information and the unique data packet identifier; the key rule unique identifier and the data packet unique identifier are fixed, and the symmetric key algorithm, the asymmetric key algorithm and the structured data structure identifier in the rule characteristic information are non-fixed, specifically determined by a data packet number arrangement rule. As shown in fig. 4, for the dynamic rule coding format corresponding to the packet naming rule, the unique key rule identifier, the rule feature information including the symmetric key algorithm identifier, the asymmetric key algorithm identifier, and the structured data format, and the arrangement rule of the unique packet identifier are specified.

In another specific embodiment, the rule characteristic information obtained by arranging the symmetric key algorithm, the asymmetric key algorithm and the structured data structure identifier according to the data packet number arrangement rule in a non-fixed manner is added with the fixed unique key rule identifier and the data packet unique identifier to form a target identifier file, and the target identifier file is bound with an encrypted data packet to obtain the bound data.

In this embodiment, when the data size of the bound data is too large, transmission is not facilitated. And if the data volume of the bound data packet is larger than a preset data volume threshold, sending a plurality of small data packets obtained by splitting the bound data packet based on a unpacking technology to a second data system through the data source system. At this time, the bound data packet is split into a plurality of small data packets, which is beneficial to accelerating the transmission speed.

As can be seen, the method and the device acquire the data to be encrypted and the unique identifier of the key rule, which are sent by the data source system; selecting a target key rule configuration file packet corresponding to the key rule unique identifier from a plurality of preset key rule configuration file packets; each key rule configuration file package comprises a plurality of different key rule configuration files; randomly selecting a key rule configuration file from the target key rule configuration file packet as a target key rule configuration file, and encrypting the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet; binding the encrypted data packet, the unique key rule identifier and rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet, and sending the bound data packet to a second data system through the data source system, so that the second data system determines a corresponding decryption rule based on the unique key rule identifier and the rule characteristic information, and decrypts the encrypted data packet based on the decryption rule to obtain corresponding decryption data. Therefore, the method and the device are based on the data specification, correspondingly set the structured data format, the dynamic rule coding format, the data transmission packet structure and the encryption rule, are favorable for realizing the mutual conversion between the structured and unstructured mixed structure original data with large data volume and the data encryption packet, reduce the technical complexity, utilize a random selection method to select a target key rule configuration file from a target key rule configuration file packet corresponding to the unique identification of the key rule to encrypt the data to be encrypted, determine a decryption rule corresponding to rule characteristic information corresponding to the target key rule configuration file in a second data system, decrypt the bound data packet, and avoid adopting a fixed algorithm and a key by using the random selection method, improve the safety of the data exchange process, and split and retransmit the bound data in the process of carrying out the bound data transmission, so that the transmission speed is accelerated.

Referring to fig. 5, an embodiment of the present application discloses a data exchange method applied to a data center end tool in a second data system, where the second data system further includes a data center system; wherein the method comprises the following steps:

step S21: acquiring a bound data packet created by a data source end tool from the data center system; the data package after binding is a data package obtained by binding an encrypted data package, a key rule unique identifier and rule characteristic information corresponding to a target key rule configuration file by the data source end tool, wherein the encrypted data package is a data package obtained by encrypting data to be encrypted by the data source end tool through a target key rule configuration file randomly selected from a first target key rule configuration file package, and the first target key rule configuration file package is a key rule configuration file package corresponding to the key rule unique identifier, wherein the key rule configuration file package is selected from a plurality of preset key rule configuration file packages by the data source end tool.

In this embodiment, after the first data system transmits the bound data packet to the second data system, the data source end tool first obtains the bound data packet created by the data source end tool from the data center system, and then performs corresponding processing on the bound data packet; specifically, the bound data packet is a data packet obtained by binding an encrypted data packet, a unique key rule identifier and rule characteristic information corresponding to a target key rule configuration file by the data source end tool; the encrypted data packet is a data packet obtained by the data source end tool through encrypting data to be encrypted by utilizing a target key rule configuration file randomly selected from a first target key rule configuration file packet, wherein the first target key rule configuration file packet is a key rule configuration file packet which is selected by the data source end tool from a plurality of preset key rule configuration file packets and corresponds to the key rule unique identifier. It should be noted that, the first target key rule configuration file packet is a key rule configuration file packet corresponding to the data source end tool, and a key corresponding to the asymmetric key algorithm in the first target key rule configuration file packet is a public key.

Step S22: and searching a second target key rule configuration file packet from a plurality of preset key rule configuration file packets by utilizing the unique key rule identifier in the bound data packet, and searching the second target key rule configuration file packet by utilizing the rule characteristic information in the bound data packet so as to determine a corresponding decryption rule.

In this embodiment, the unique key rule identifier is determined from the bound data packet, then a second target key rule configuration file packet corresponding to the unique key rule identifier is searched from a plurality of key rule configuration file packets, and if the second target key rule configuration file packet exists, the second target key rule configuration file packet is searched by using the rule characteristic information in the bound data packet to find a corresponding algorithm, so as to determine a corresponding decryption rule. The rule feature information is feature information obtained by arranging the identifier of the structured data format, the identifier of the symmetric key algorithm and the identifier of the asymmetric key algorithm based on a data packet number arrangement rule in the data packet naming rule, and it is noted that the second target key rule configuration file packet is a key rule configuration file packet corresponding to the data center end tool, and a key corresponding to the asymmetric key algorithm in the second target key rule configuration file packet is a private key.

Specifically, in one embodiment, unbinding the bound data to obtain a target data packet name and an encrypted data packet, obtaining the unique key rule identifier, the rule feature information and the unique data packet identifier based on a data packet naming rule by using the target data packet name, searching the second target key rule configuration file packet by using the rule feature information to find a corresponding algorithm, and determining a corresponding decryption rule.

In another specific embodiment, the bound data is unbinding to obtain a target identification file and an encrypted data packet, the target identification file is parsed to obtain the rule characteristic information, the key rule unique identifier and the data packet unique identifier, and then the rule characteristic information is utilized to search the second target key rule configuration file packet to find a corresponding algorithm, so as to determine a corresponding decryption rule.

Step S23: and carrying out decryption processing on the encrypted data packet in the bound data packet based on the decryption rule so as to obtain corresponding decrypted data.

In this embodiment, the decryption rule is obtained, and the encrypted data packet in the bound data packet is decrypted based on the decryption rule. Specifically, the identification of the structured data format, the identification of the symmetric key algorithm and the identification of the asymmetric key algorithm are determined from the rule characteristic information by using the data packet number arrangement rule, and the corresponding structured data format, the symmetric key algorithm and the asymmetric key algorithm are determined by using the identification; and then, carrying out decryption processing and decompression on the encrypted data packet by utilizing the symmetric key algorithm to obtain an encrypted compressed packet and an unstructured data file, then, carrying out decompression and decryption processing on the encrypted compressed packet by utilizing a private key corresponding to the asymmetric key algorithm to obtain an encoded structured data file, then, carrying out format decoding on the encoded structured data file to obtain structured data, and finally, obtaining decrypted data which are the structured data and the unstructured data file.

Therefore, the application acquires the bound data packet created by the data source end tool from the data center system; the data package after binding is a data package obtained by binding an encrypted data package, a key rule unique identifier and rule characteristic information corresponding to a target key rule configuration file by the data source end tool, wherein the encrypted data package is a data package obtained by encrypting data to be encrypted by the data source end tool through a target key rule configuration file randomly selected from a first target key rule configuration file package, and the first target key rule configuration file package is a key rule configuration file package corresponding to the key rule unique identifier selected by the data source end tool from a plurality of preset key rule configuration file packages; then, searching a second target key rule configuration file packet from a plurality of preset key rule configuration file packets by utilizing the unique key rule identifier in the bound data packet, and searching the second target key rule configuration file packet by utilizing the rule characteristic information in the bound data packet so as to determine a corresponding decryption rule; and finally, decrypting the encrypted data packet in the bound data packet based on the decryption rule to obtain corresponding decrypted data. According to the rule characteristic information, a decryption rule corresponding to the encryption process is determined, and then the decryption rule is utilized to decrypt the bound data packet so as to obtain decryption data comprising structured data and unstructured data files. The method can ensure the correctness of the decryption rule and the safety of the data exchange process.

Referring to FIG. 6, a process by which the rules engine system creates a key rule profile package is illustrated. The method specifically comprises the following steps:

firstly, a user terminal inputs a key consisting of 8-bit letters and numbers in a rule engine system, and the rule engine system generates a root key and a key configuration unique identifier according to the input result of the user terminal;

the second step, divergent the root key, generate each kind of symmetric key algorithm key, each kind of asymmetric key algorithm private key and public key respectively; the types of symmetric key algorithms include SM4 (original name SMs 4.0), AES (Advanced Encryption Standard ), etc.; the types of asymmetric key algorithms include SM2, RSA, etc.;

third, the user self-defines the configuration random factor, namely, the configuration dynamic combination rule, including multi-category symmetric key algorithm identification, multi-category asymmetric key algorithm identification, multi-category structured data format, multi-data packet unique identification algorithm (timestamp/UUID, etc.), and the dynamic arrangement rule of the data packet numbers of the non-fixed part in the data packet naming rule; the types of the structured data format include JSON (JavaScript Object Notation, JS, object profile), XML (eXtensible Markup Language ), SQLLITE, and the like;

A fourth step, the rule engine system generates a first key rule configuration file packet corresponding to the data source end tool based on the key rule unique identifier, the symmetric key algorithm key, the asymmetric key algorithm public key and the dynamic combination rule and generates a second key rule configuration file packet corresponding to the data center end tool based on the key rule unique identifier, the symmetric key algorithm key, the asymmetric key algorithm private key and the dynamic combination rule according to the steps;

and fifthly, the rule engine system respectively sends the first key rule configuration file packet corresponding to the data source end tool and the second key rule configuration file packet corresponding to the data center end tool, and the unique key configuration identification is recorded in the data source system.

Referring to fig. 7, the whole process of data exchange in the present application is shown, where the whole process of data exchange includes conversion of data to be encrypted into a bound data packet, transmission of the bound data packet, and conversion of the bound data packet into decrypted data, and specifically includes:

firstly, a data source system forms data to be encrypted into a structured data format; invoking a data source end tool integration interface through an HTTP (Hyper Text Transfer Protocol ) interface, and configuring a unique identifier, structured data and unstructured data compression packets by an incoming key to generate encrypted data packets;

Second, data checking: checking whether the unique key rule identifier corresponds to the first key rule configuration file packet, if not, returning an error, and ending the process; if so, analyzing the structured data, decompressing the unstructured data compression packet, checking whether the unstructured data files associated with the structured data exist, if not, returning error information, and if so, performing a third step;

thirdly, selecting a first key rule configuration file package corresponding to the key rule unique identifier, and randomly selecting a key rule configuration file from the first key rule configuration file package;

fourthly, according to the structured data format in the key rule configuration file, carrying out corresponding format coding on the structured data to generate a structured data file; encrypting and compressing the structured data file by utilizing a public key of the asymmetric key algorithm according to an asymmetric key algorithm in the key rule configuration file to obtain a structured data encryption compression packet; the structured data encryption compression package and the decompressed unstructured data file are combined and compressed, and are encrypted according to a symmetric key algorithm in a key rule configuration file, so that an encrypted data package is obtained; renaming the encrypted data packet by utilizing the unique data packet identifier in the key rule configuration file to obtain a bound data packet; recording the structured data format identifier, the asymmetric key algorithm identifier and the symmetric key algorithm identifier;

Fifthly, returning a unique data packet identifier and a storage path to the data source system so as to find a bound data packet;

sixthly, the data source system transmits the bound data packet according to the integrated specification of the data source system and the data center system;

and seventhly, after the data center system receives the bound data packet, calling a data center end tool integration interface to analyze, and then, firstly, carrying out data inspection by the data center end tool, analyzing the name of the target data packet to obtain a unique key rule identifier, and finding out a corresponding second key rule configuration file packet. If not, returning an error, and ending the process; if the finding is successful, performing an eighth step;

eighth, a symmetric key algorithm identifier, an asymmetric key algorithm identifier, a structured data format identifier and a data packet unique identifier are obtained according to the name of a target data packet, an encrypted data packet is decrypted according to a symmetric key algorithm corresponding to the symmetric key algorithm identifier based on a second key rule configuration file packet, an unstructured data file and a structured data encrypted compressed packet are obtained through decompression, then a private key in the asymmetric key algorithm corresponding to the asymmetric key algorithm identifier is decrypted to obtain a structured data file, and finally the structured data file is analyzed according to the structured data format identifier to obtain structured data; the symmetric key algorithm identifier, the asymmetric key algorithm identifier and the structured data format identifier form rule characteristic information;

And ninth, returning the structured data, the unstructured data files and the unique identifiers of the data packets to the data center system.

Referring to fig. 8, a process of creating a new key rule configuration file package by the rule engine system is illustrated, and the specific process is similar to the process of creating a key rule configuration file package by the rule engine system in fig. 6:

the first step, the user terminal generates a new root key and a unique identifier of the new key configuration in the rule engine system, and further generates a new key rule configuration file packet, referring to fig. 6;

and secondly, completing the configuration of a second new key rule configuration file packet corresponding to the data center end tool in the data center end tool, and recording a unique identifier of the new key configuration in the data center system. If the old key rule configuration file package is not needed, the old key rule configuration file package can be uninstalled or not;

and fourthly, completing the configuration of the first new key rule configuration file packet corresponding to the data source end tool in the data source end tool, and recording the unique identification of the new key configuration in the data source system. If the data center does not double the old key rule configuration file package any more, the old key rule configuration file package is unloaded, or the old key rule configuration file package is not unloaded.

The process firstly establishes the data specification by creating the key rule configuration file package and the like, standardizes the structured data format, the dynamic rule coding format, the data package structure and the encryption rule, can realize the mutual conversion between the structured and unstructured mixed structure original data with large data volume and the data encryption package, and reduces the technical complexity. The data security policy of the non-fixed mode is formulated, and the fact that each encrypted data packet is generated under the action of random factors (algorithm, structured file format and numbering rule) but can be correctly identified, analyzed and received is realized. The data exchange system is established, and the data exchange process is safer by a set of lightweight and easy-to-integrate data interaction tools and systems, which can meet the requirements of large-data-volume hybrid data transmission, multi-source platform integration, off-line encryption and decryption, key alternation and the like.

Referring to fig. 9, an embodiment of the present application discloses a data source end tool, including:

the data acquisition module 11 is used for acquiring the data to be encrypted and the unique key rule identifier sent by the data source system; wherein the data source system and the data source end tool are both located in a first data system;

a profile package selection module 12, configured to select a target key rule profile package corresponding to the key rule unique identifier from a plurality of preset key rule profile packages; each key rule configuration file package comprises a plurality of different key rule configuration files;

a profile selection module 13, configured to randomly select a key rule profile from the target key rule profile package as a target key rule profile;

a data encryption module 14, configured to encrypt the data to be encrypted using the target key rule configuration file to obtain an encrypted data packet;

and the data binding module 15 is configured to bind the encrypted data packet, the unique key rule identifier, and rule feature information corresponding to the target key rule configuration file to obtain a corresponding bound data packet, and send the bound data packet to a second data system through the data source system, so that the second data system determines a corresponding decryption rule based on the unique key rule identifier and the rule feature information, and performs decryption processing on the encrypted data packet based on the decryption rule to obtain corresponding decrypted data.

The more specific working process of each module may refer to the corresponding content disclosed in the foregoing embodiment, and will not be described herein.

As can be seen, the method and the device acquire the data to be encrypted and the unique identifier of the key rule, which are sent by the data source system; selecting a target key rule configuration file packet corresponding to the key rule unique identifier from a plurality of preset key rule configuration file packets; each key rule configuration file package comprises a plurality of different key rule configuration files; randomly selecting a key rule configuration file from the target key rule configuration file packet as a target key rule configuration file, and encrypting the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet; binding the encrypted data packet, the unique key rule identifier and rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet, and sending the bound data packet to a second data system through the data source system, so that the second data system determines a corresponding decryption rule based on the unique key rule identifier and the rule characteristic information, and decrypts the encrypted data packet based on the decryption rule to obtain corresponding decryption data. Therefore, the method and the device select the target key rule configuration file from the target key rule configuration file packet corresponding to the unique key rule identifier by utilizing the random selection method to encrypt the data to be encrypted, determine the decryption rule corresponding to the rule characteristic information corresponding to the target key rule configuration file in the second data system, and decrypt the bound data packet, wherein the random selection method is used, so that the adoption of a fixed algorithm and a secret key is avoided, and the safety of the data exchange process is improved.

Referring to fig. 10, an embodiment of the present application discloses a data center end tool, including:

a data packet obtaining module 21, configured to obtain, from the data center system, a bound data packet created by the data source tool; the data package after binding is a data package obtained by binding an encrypted data package, a key rule unique identifier and rule characteristic information corresponding to a target key rule configuration file by the data source end tool, wherein the encrypted data package is a data package obtained by encrypting data to be encrypted by the data source end tool through a target key rule configuration file randomly selected from a first target key rule configuration file package, and the first target key rule configuration file package is a key rule configuration file package corresponding to the key rule unique identifier selected by the data source end tool from a plurality of preset key rule configuration file packages; wherein the data center system and the data center end tool are both located in a second data system;

the first searching module 22 is configured to search a second target key rule configuration file packet from a preset plurality of key rule configuration file packets by using the unique identifier of the key rule in the bound data packet;

A second searching module 23, configured to search the second target key rule configuration file packet by using the rule feature information in the bound data packet, so as to determine a corresponding decryption rule;

and the data decryption module 24 is configured to decrypt the encrypted data packet in the bound data packet based on the decryption rule, so as to obtain corresponding decrypted data.

Therefore, the application acquires the bound data packet created by the data source end tool from the data center system; the data package after binding is a data package obtained by binding an encrypted data package, a key rule unique identifier and rule characteristic information corresponding to a target key rule configuration file by the data source end tool, wherein the encrypted data package is a data package obtained by encrypting data to be encrypted by the data source end tool through a first target key rule configuration file randomly selected from the target key rule configuration file package, and the first target key rule configuration file package is a key rule configuration file package corresponding to the key rule unique identifier selected by the data source end tool from a plurality of preset key rule configuration file packages; then, searching a second target key rule configuration file packet from a plurality of preset key rule configuration file packets by utilizing the unique key rule identifier in the bound data packet, and searching the second target key rule configuration file packet by utilizing the rule characteristic information in the bound data packet so as to determine a corresponding decryption rule; and finally, decrypting the encrypted data packet in the bound data packet based on the decryption rule to obtain corresponding decrypted data. According to the rule characteristic information, a decryption rule corresponding to the encryption process is determined, and then the decryption rule is utilized to decrypt the bound data packet so as to obtain decryption data comprising structured data and unstructured data files. The method can ensure the correctness of the decryption rule and the safety of the data exchange process.

Referring to fig. 11, an embodiment of the present application discloses a data exchange system, including a first data system 31 including a data source end tool and a data source system, and a second data system 32 including a data center end tool and a data center system; wherein,

the data source system 311 is configured to send data to be encrypted and a unique key rule identifier to the data source tool;

the data source end tool 312 is configured to select a first target key rule configuration file packet corresponding to the key rule unique identifier from a preset plurality of key rule configuration file packets; each first key rule configuration file package comprises a plurality of different key rule configuration files; randomly selecting a key rule configuration file from the first target key rule configuration file packet as a target key rule configuration file, and encrypting the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet; binding the encrypted data packet, the unique key rule identifier and rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet;

The data center system 321 is configured to receive the bound data packet obtained from the data source end tool and sent by the data source system;

the data center end tool 322 is configured to search a second target key rule configuration file package from a preset plurality of key rule configuration file packages by using the unique identifier of the key rule in the bound data package, search the second target key rule configuration file package by using the rule characteristic information in the bound data package to determine a corresponding decryption rule, and then decrypt the encrypted data package in the bound data package based on the decryption rule to obtain corresponding decrypted data.

For the more specific working process, reference may be made to the corresponding content disclosed in the foregoing embodiment, and no further description is given here.

As can be seen, the method and the device acquire the data to be encrypted and the unique identifier of the key rule, which are sent by the data source system; selecting a first target key rule configuration file packet corresponding to the key rule unique identifier from a plurality of preset key rule configuration file packets; each first key rule configuration file package comprises a plurality of different key rule configuration files; randomly selecting a key rule configuration file from the first target key rule configuration file packet as a target key rule configuration file, and encrypting the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet; binding the encrypted data packet, the unique key rule identifier and rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet, sending the bound data packet to a second data system through the data source system, searching a second target key rule configuration file packet from a plurality of preset key rule configuration file packets by utilizing the unique key rule identifier in the bound data packet, and searching the second target key rule configuration file packet by utilizing the rule characteristic information in the bound data packet to determine a corresponding decryption rule; and finally, decrypting the encrypted data packet in the bound data packet based on the decryption rule to obtain corresponding decrypted data. And carrying out decryption processing on the encrypted data packet based on the decryption rule to obtain corresponding decrypted data. Therefore, the method and the device select the target key rule configuration file from the first target key rule configuration file packet corresponding to the unique key rule identifier by using a random selection method to encrypt data to be encrypted, determine a decryption rule corresponding to an encryption process in the second data system according to the rule characteristic information, and decrypt the bound data packet by using the decryption rule to obtain decrypted data comprising structured data and unstructured data files. The method of random selection is used, so that the adoption of a fixed algorithm and a secret key is avoided, the correctness of a decryption rule is ensured, and the safety of a data exchange process is also ensured.

Further, the embodiment of the present application further provides an electronic device, where the electronic device 40 may specifically include: at least one processor 41, at least one memory 42, a power supply 43, an input output interface 44, a communication interface 45, and a communication bus 46. Wherein the memory 42 is adapted to store a computer program to be loaded and executed by the processor 41 for implementing the relevant steps of the data exchange method disclosed in any of the foregoing embodiments.

In this embodiment, the power supply 43 is used to provide an operating voltage for each hardware device on the electronic device 40; the communication interface 45 can create a data transmission channel between the electronic device 40 and an external device, and the communication protocol that the communication interface follows is any communication protocol that can be applied to the technical solution of the present application, and is not specifically limited herein.

The memory 42 may include a random access memory as a running memory and a nonvolatile memory for storage purposes of an external memory, and the storage resources include an operating system 421, a computer program 422, and the like.

The operating system 421 is used to manage and control various hardware devices on the electronic device 40 and the computer program 422 on the source host, and the operating system 421 may be Windows, unix, linux or the like. The computer program 422 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the data exchange method performed by the electronic device 40 as disclosed in any of the previous embodiments.

In this embodiment, the input/output interface 44 may specifically include, but is not limited to, a USB interface, a hard disk read interface, a serial interface, a voice input interface, a fingerprint input interface, etc.

Further, embodiments of the present application disclose a computer readable storage medium, where the computer readable storage medium includes random access Memory (Random Access Memory, RAM), memory, read-Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, magnetic disk, or optical disk, or any other form of storage medium known in the art. Wherein the computer program, when executed by a processor, implements the aforementioned data exchange method. For specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, and no further description is given here.

In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, so that the same or similar parts between the embodiments are referred to each other. For the device disclosed in the embodiment, since the device corresponds to the data exchange method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.

The steps of a training task resource schedule or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.

Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

The foregoing has outlined rather broadly the more detailed description of the data exchange method, tool, system, apparatus and medium of the present invention, wherein specific examples are provided herein to illustrate the principles and embodiments of the present invention, and the above examples are provided to facilitate the understanding of the method and core concepts of the present invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.

Claims

1. A data exchange method, characterized in that the method is applied to a data source end tool located in a first data system, and the first data system further comprises a data source system; wherein the method comprises the following steps:

Binding the encrypted data packet, the unique key rule identifier and rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet, and sending the bound data packet to a second data system through the data source system, so that the second data system determines a corresponding decryption rule based on the unique key rule identifier and the rule characteristic information, and decrypts the encrypted data packet based on the decryption rule to obtain corresponding decryption data;

the obtaining the data to be encrypted and the unique key rule identifier sent by the data source system includes: obtaining a structured data file to be encrypted, an unstructured data compression packet and a key rule unique identifier which are sent by the data source system; the structured data file comprises structured data, file names of unstructured data files associated with the structured data and corresponding association relations;

correspondingly, the encrypting the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet includes: analyzing the structured data file to obtain the structured data, the file name and the association relationship in the structured data file; checking whether the unstructured data files corresponding to the file names exist in the decompressed unstructured data compression package according to the association relation in the structured data files; if so, carrying out corresponding format coding on the structured data according to the structured data format in the target key rule configuration file to obtain a coded structured data file, and encrypting and compressing the coded structured data file by utilizing an asymmetric key algorithm in the target key rule configuration file to obtain a corresponding structured data encryption compression packet; and compressing the structured data encryption compression packet and the unstructured data file, and encrypting a compression result by utilizing a symmetric key algorithm in the target key rule configuration file to obtain an encrypted data packet.

2. The method for exchanging data according to claim 1, wherein before obtaining the data to be encrypted and the unique key rule identifier sent by the data source system, the method further comprises:

3. The data exchange method according to claim 2, wherein randomly selecting a key rule profile from the target key rule profile package as a target key rule profile comprises:

4. The data exchange method according to claim 2, wherein the acquisition rule engine system creates a plurality of the key rule profile packages based on a plurality of sets of initial information input by the user terminal, respectively, and includes:

5. The data exchange method according to any one of claims 1 to 4, wherein the sending, by the data source system, the bound data packet to a second data system includes:

6. A data exchange method, characterized by being applied to a data center end tool in a second data system, the second data system further comprising a data center system; wherein the method comprises the following steps:

Decrypting the encrypted data packet in the bound data packet based on the decryption rule to obtain corresponding decrypted data;

the data source end tool encrypts data to be encrypted by utilizing a target key rule configuration file randomly selected from a first target key rule configuration file packet, and the data source end tool comprises: the data source end tool acquires a structured data file to be encrypted, an unstructured data compression packet and a key rule unique identifier which are sent by a data source system; the structured data file comprises structured data, a file name of an unstructured data file associated with the structured data and a corresponding association relation, and the structured data file is analyzed to obtain the structured data, the file name and the association relation in the structured data file; checking whether the unstructured data files corresponding to the file names exist in the decompressed unstructured data compression package according to the association relation in the structured data files; if so, carrying out corresponding format coding on the structured data according to the structured data format in the target key rule configuration file to obtain a coded structured data file, and encrypting and compressing the coded structured data file by utilizing an asymmetric key algorithm in the target key rule configuration file to obtain a corresponding structured data encryption compression packet; and compressing the structured data encryption compression packet and the unstructured data file, and encrypting a compression result by utilizing a symmetric key algorithm in the target key rule configuration file to obtain the encrypted data packet.

7. A data source tool, comprising:

the data binding module is used for binding the encrypted data packet, the unique key rule identifier and rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet, and sending the bound data packet to a second data system through the data source system, so that the second data system determines a corresponding decryption rule based on the unique key rule identifier and the rule characteristic information, and decrypts the encrypted data packet based on the decryption rule to obtain corresponding decryption data;

Wherein, the data acquisition module includes: obtaining a structured data file to be encrypted, an unstructured data compression packet and a key rule unique identifier which are sent by the data source system; the structured data file comprises structured data, file names of unstructured data files associated with the structured data and corresponding association relations;

correspondingly, the data encryption module comprises: analyzing the structured data file to obtain the structured data, the file name and the association relationship in the structured data file; checking whether the unstructured data files corresponding to the file names exist in the decompressed unstructured data compression package according to the association relation in the structured data files; if so, carrying out corresponding format coding on the structured data according to the structured data format in the target key rule configuration file to obtain a coded structured data file, and encrypting and compressing the coded structured data file by utilizing an asymmetric key algorithm in the target key rule configuration file to obtain a corresponding structured data encryption compression packet; and compressing the structured data encryption compression packet and the unstructured data file, and encrypting a compression result by utilizing a symmetric key algorithm in the target key rule configuration file to obtain an encrypted data packet.

8. A data center end tool, comprising:

the data decryption module is used for decrypting the encrypted data packets in the bound data packets based on the decryption rule so as to obtain corresponding decrypted data;

9. A data exchange system comprising a first data system comprising a data source end tool and a data source system and a second data system comprising a data center end tool and a data center system; wherein,

the data source end tool is used for selecting a first target key rule configuration file packet corresponding to the key rule unique identifier from a plurality of preset key rule configuration file packets; each key rule configuration file package comprises a plurality of different key rule configuration files; randomly selecting a key rule configuration file from the first target key rule configuration file packet as a target key rule configuration file, and encrypting the data to be encrypted by using the target key rule configuration file to obtain an encrypted data packet; binding the encrypted data packet, the unique key rule identifier and rule characteristic information corresponding to the target key rule configuration file to obtain a corresponding bound data packet;

the data center end tool is configured to find a second target key rule configuration file packet from a preset plurality of key rule configuration file packets by using the unique key rule identifier in the bound data packet, find the second target key rule configuration file packet by using the rule characteristic information in the bound data packet to determine a corresponding decryption rule, and decrypt the encrypted data packet in the bound data packet based on the decryption rule to obtain corresponding decryption data;

10. An electronic device comprising a processor and a memory; wherein the processor, when executing the computer program stored in the memory, implements the data exchange method according to any one of claims 1 to 6.

11. A computer-readable storage medium storing a computer program; wherein the computer program, when executed by a processor, implements a data exchange method as claimed in any one of claims 1 to 6.