CN114726591A - Data unified security authentication method, system, electronic equipment and storage medium - Google Patents
Data unified security authentication method, system, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114726591A CN114726591A CN202210278983.XA CN202210278983A CN114726591A CN 114726591 A CN114726591 A CN 114726591A CN 202210278983 A CN202210278983 A CN 202210278983A CN 114726591 A CN114726591 A CN 114726591A
- Authority
- CN
- China
- Prior art keywords
- message
- encryption
- model
- processed
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000004590 computer program Methods 0.000 claims description 5
- 238000004891 communication Methods 0.000 abstract description 4
- 230000005540 biological transmission Effects 0.000 abstract description 3
- 230000009286 beneficial effect Effects 0.000 description 5
- 238000005336 cracking Methods 0.000 description 5
- 230000006978 adaptation Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000003044 adaptive effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 150000003839 salts Chemical class 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The application relates to a method, a system, electronic equipment and a storage medium for unified security authentication of data, which relate to the technical field of network communication security, wherein the method comprises the steps of obtaining a message to be processed sent by a sending end; selecting an optimal encryption type corresponding to the message to be processed according to a preset optimal range comparison table; determining a pre-stored first encryption model corresponding to a preferred encryption type; processing the message to be processed according to the first encryption model to obtain an encrypted message; and sending the encrypted message to the sending end so that the sending end sends the encrypted message to the receiving end. The method and the device have the advantage of improving the safety factor of message transmission.
Description
Technical Field
The present application relates to the field of network communication security technologies, and in particular, to a method, a system, an electronic device, and a storage medium for unified security authentication of data.
Background
With the rapid development of the internet, data interaction between terminals is more and more frequent, so that data security is gradually one of important links in data interaction.
In the related art, when a user (i.e., a sending end) needs to encrypt a file, the sending end sends a certain message (i.e., a message to be processed) to a registration center, the registration center receives the message to be processed, and the registration center encrypts the message to be processed according to a pre-stored salt adding algorithm to obtain an encrypted message. The registration center sends the encrypted message to the sending end, and the sending end can obtain the encrypted message so as to improve the safety factor of the message.
In the process of implementing the application, the inventor finds that at least the following problems exist in the technology:
the registration center encrypts the messages in a single encryption mode according to the byte amount, the format and other factors of each message, so that the encrypted messages are easy to crack, and the safety coefficient of the messages is limited.
Disclosure of Invention
In order to solve the problem that the safety factor of a message is limited due to a single encryption mode, the application provides a data unified safety authentication method, a system, electronic equipment and a storage medium.
In a first aspect, the present application provides a method for unified security authentication of data, which adopts the following technical scheme:
a data unified security authentication method comprises the following steps:
acquiring a message to be processed sent by a sending end, wherein the message to be processed carries message attributes;
selecting an optimal encryption type corresponding to the message attribute according to a preset optimal range comparison table;
determining a pre-stored first encryption model corresponding to a preferred encryption type;
processing the message to be processed according to the first encryption model to obtain an encrypted message;
and sending the encrypted message to the sending end so that the sending end sends the encrypted message to the receiving end.
By adopting the technical scheme, the registration center selects the corresponding optimized encryption type according to the acquired message attribute and the optimized range comparison table. And the registration center determines a first encryption model corresponding to the preferred encryption type, and processes the message to be processed to obtain an encrypted message. The registration center sends the encrypted message back to the sending end, and the user can obtain the encrypted message. The registration center judges the encryption type of message adaptation by obtaining message attributes, and encrypts the message by an encryption model corresponding to the encryption type, so that on one hand, the safety factor of the message is improved, and the condition of cracking is reduced, and on the other hand, the unified encryption mode is helpful for reducing the possibility of errors of the message after the message is decrypted.
Optionally, after sending the encrypted packet to the sending end, the method further includes the following steps:
when a decryption request corresponding to the encrypted message sent by a receiving end is received, acquiring a decryption identifier of the receiving end;
selecting a pre-stored decryption type corresponding to the decryption identifier;
if the optimized encryption type is matched with the decryption type, decrypting the encrypted message according to a first encryption model to obtain an original message;
sending the original message to a receiving end;
otherwise, generating prompt information of message matching failure;
and sending the prompt information to a receiving end.
By adopting the technical scheme, the sending end sends the encrypted file to the receiving end, and the receiving end sends a decryption request to the registration center. And the registration center obtains a corresponding decryption type according to the obtained decryption identification of the receiving end, and when the decryption type of the receiving end is matched with the optimal encryption type, the encrypted message is decrypted through the first encryption model to obtain the original message. The receiving end can obtain a corresponding encryption model from the registration center, so that the message safety coefficient can be ensured, and the accuracy of the original message can be improved.
Optionally, after the prompt message indicating that the generated message matching fails, the method further includes the following steps:
updating a preset matching failure record table to obtain matching failure times and matching total number;
calculating to obtain a matching failure rate according to the total matching number and the matching failure times;
and if the matching failure rate exceeds a preset early warning threshold value, updating the preferred range comparison table based on the first encryption model.
By adopting the technical scheme, the registration center records the matching failure times of the message, calculates to obtain the matching failure rate, and adjusts the priority of the first encryption model when the matching failure rate exceeds the preset early warning threshold value, thereby being beneficial to reducing the decryption failure condition of the user and improving the use experience of the user.
Optionally, the message to be processed carries a signature to be processed;
after the message to be processed is processed according to the first encryption model to obtain an encrypted message, the method further comprises the following steps:
determining a pre-stored second encryption model according to the preferred encryption type;
processing the signature to be processed according to the second encryption model to obtain an encrypted signature;
adding the encrypted signature to an encrypted message.
By adopting the technical scheme, when the registration center identifies that the message to be processed carries the signature to be processed, the signature to be processed can be encrypted, and the encrypted signature is added into the encrypted message, so that the cracking difficulty is increased, and the safety factor of message transmission is further improved.
Optionally, the determining a pre-stored second encryption model according to the preferred encryption type includes the following steps:
acquiring a weight value in message attributes of a message to be processed;
if the weight value exceeds a preset important message threshold value, determining a second encryption model which is not associated with the first encryption model;
otherwise, a second cryptographic model associated with the first cryptographic model is selected.
By adopting the technical scheme, the registration center obtains the weight value of the message to be processed, and selects the second encryption model which is not associated with the first encryption model when the weight value exceeds the preset important message threshold value, so that the signature and the message are encrypted in different encryption modes, the cracking difficulty is further increased, and the safety factor of message transmission is further improved.
Optionally, the selecting a second encryption model associated with the first encryption model includes the following steps:
obtaining a model weight relation chain of a pre-stored first encryption model;
and selecting a corresponding second encryption model according to a preset low-weight selection rule and the model weight relation chain.
By adopting the technical scheme, when the registration center identifies that the weighted value of the message to be processed is lower than the threshold value of the important message, the same or lower encryption model can be selected, the decryption rate of the less important message at the receiving end is improved, and the experience of a user is improved.
Optionally, the selecting, according to the preset preferred range comparison table, a preferred encryption type corresponding to the message attribute includes the following steps:
acquiring the byte quantity of a message to be processed;
selecting a candidate encryption type corresponding to the byte amount from a preset encryption length comparison table;
and selecting an optimal encryption type corresponding to the message attribute from the candidate encryption types according to a preset optimal range comparison table.
By adopting the technical scheme, the registry screens the corresponding encryption types (namely candidate encryption types) according to the encryption length comparison table aiming at the messages with different byte quantities. The registration center screens the optimized encryption type corresponding to the message attribute from the candidate encryption types according to the optimized range comparison table, which is beneficial to reducing the condition that the message encryption time of a subsequent encryption model is longer, and further improving the encryption efficiency of the registration center.
In a second aspect, the present application provides a data unification security authentication system, which adopts the following technical scheme:
a data unification safety certification system, the system includes sending end, receiving end and registry, the registry includes:
the first acquisition module is used for acquiring a message to be processed sent by a sending end;
the first selection module is used for selecting an optimal encryption type corresponding to the message to be processed according to a preset optimal range comparison table;
a first determining module for determining a pre-stored first encryption model corresponding to a preferred encryption type;
a first obtaining module, configured to process the to-be-processed packet according to the first encryption model to obtain an encrypted packet;
and the first sending module is used for sending the encrypted message to the sending end so that the sending end sends the encrypted message to the receiving end.
By adopting the technical scheme, the registration center judges the encryption type of message adaptation by acquiring the message attribute and encrypts the message by the encryption model corresponding to the encryption type, so that on one hand, the safety coefficient of the message is improved, and the condition of cracking is reduced, and on the other hand, the encryption mode is unified, thereby being beneficial to reducing the possibility of errors of the message after the message is decrypted.
In a third aspect, the present application provides an electronic device, which adopts the following technical solutions:
optionally, the electronic device includes a processor and a memory, where at least one instruction, at least one program, a code set, or an instruction set is stored in the memory, and the at least one instruction, the at least one program, the code set, or the instruction set is loaded and executed by the processor to implement the method for unified security authentication of data according to the first aspect.
By adopting the technical scheme, the electronic equipment can realize the unified data security authentication method according to the related computer program stored in the memory, so that the cooperation among different source information when the adaptive encryption model is selected to encrypt the message is improved, and the effect of the message security coefficient is improved.
In a fourth aspect, the present application provides a computer-readable storage medium, which adopts the following technical solutions:
optionally, the storage medium has at least one instruction, at least one program, a set of codes, or a set of instructions stored therein, and the at least one instruction, the at least one program, the set of codes, or the set of instructions is loaded and executed by the processor to implement a method for unified security authentication of data according to the first aspect.
By adopting the technical scheme, the corresponding program can be stored, and the cooperation between different source information when the adaptive encryption model is selected to encrypt the message is further improved, so that the effect of the message safety factor is improved.
In summary, the present application includes at least one of the following beneficial technical effects:
1. the registration center judges the encryption type of message adaptation by obtaining message attributes, and encrypts the message by an encryption model corresponding to the encryption type, so that on one hand, the safety coefficient of the message is improved, and the condition of cracking is reduced, and on the other hand, the encryption mode is unified, which is beneficial to reducing the possibility of errors of the message after the message is decrypted;
2. the sending end sends the encrypted file to the receiving end, and the receiving end sends a decryption request to the registration center. And the registration center obtains a corresponding decryption type according to the obtained decryption identification of the receiving end, and when the decryption type of the receiving end is matched with the optimal encryption type, the encrypted message is decrypted through the first encryption model to obtain the original message. The receiving end can obtain a corresponding encryption model from the registration center, so that the message safety coefficient can be ensured, and the accuracy of the original message can be improved;
3. the registration center records the matching failure times of the messages, calculates the matching failure rate, and adjusts the priority of the first encryption model when the matching failure rate exceeds a preset early warning threshold value, so that the decryption failure condition of the user can be reduced, and the use experience of the user can be improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a block diagram of a unified data security authentication system according to an embodiment of the present application.
Fig. 2 is a schematic flowchart of a unified data security authentication method according to an embodiment of the present application.
Fig. 3 is a schematic flowchart of a unified data security authentication system according to an embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
The embodiment of the application provides a data unified security authentication method which can be applied to a data unified security authentication system. A framework structure of a data unified security authentication system may be as shown in fig. 1, and may include a registry, a sending end, and a receiving end. The registry may consist of a plurality of networked servers; the sending end can be a computer, a mobile phone or communication equipment with the function of a receiving end; the receiving end can be a computer, a mobile phone or a communication device with the function of the transmitting end. Specifically, the execution main body of the method may be a registration center, and is implemented by a sending end and a receiving end in an auxiliary manner, and the registration center is mainly used for encrypting an unencrypted message (i.e., a message to be processed) and feeding the unencrypted message back to the sending end, and simultaneously decrypting an encrypted message (i.e., the encrypted message) and feeding the decrypted message back to the receiving end. Specifically, the registration center receives a message to be processed sent by a sending end, processes the message to be processed to generate an encrypted message, and sends the encrypted message to the sending end. The sending end sends the encrypted message to the receiving end, and the receiving end sends a decryption request to the registration center. The registration center receives the decryption request, processes the encrypted message to generate an original message, and then sends the original message to the receiving end, so that the receiving end can acquire the original message and perform subsequent service processing through the original message.
The process flow shown in fig. 2 will be described in detail below with reference to the specific embodiments, and the contents may be as follows:
In an embodiment, a sending end sends a message to be processed to a registration center, and the registration center obtains the message to be processed sent by the sending end, where the message to be processed carries message attributes, and the message attributes may include the byte amount, format, label ratio, and IP address of the message.
Step 202, selecting an optimal encryption type corresponding to the message attribute according to a preset optimal range comparison table.
In an embodiment, the registry is preset with a preferred range comparison table, and the preferred range comparison table may be used to record encryption types corresponding to different character proportion ranges, for example: in the range of 0-50% mark space ratio, the corresponding preferred encryption types may be SM2, SM4, RSA, 3DES, AES, SHA 1. In the range of 50-100% by number, the corresponding preferred encryption type may be SM3, RSA, MD5, SHA 256. Meanwhile, the preferred range comparison table can be updated according to the requirements of technicians. That is, the registry selects the encryption type (i.e. the preferred encryption type) corresponding to the message attribute according to the preferred range comparison table.
Optionally, the byte amount of the message to be processed is obtained, and a candidate encryption type corresponding to the byte amount is selected from a preset encryption length comparison table. And selecting an optimal encryption type corresponding to the message attribute from the candidate encryption types according to a preset optimal range comparison table.
In the embodiment, the registration center is preset with an encryption length comparison table, and the encryption length comparison table is used for recording encryption types corresponding to messages with different byte quantities. For example: when the byte amount of the message does not exceed 100Mb, the encryption type may be SM2, 3DES, MD5, SHA 256. The registration center obtains the byte amount of the message to be processed, and selects an encryption type (i.e. a candidate encryption type) corresponding to the byte amount from the encryption length comparison table. And the registration center selects an optimal encryption type corresponding to the message attribute from the candidate encryption types according to a preset optimal range comparison table.
In step 203, a pre-stored first encryption model corresponding to a preferred encryption type is determined.
In an embodiment, the registry stores encryption models in advance, such as: the cryptographic model corresponding to SM2 may be the SM2 cryptographic algorithm. I.e. the registry determines which encryption model (i.e. the first encryption model) corresponds to the preferred type of encryption. When the registration center identifies that the preferred encryption types are multiple, one encryption type can be selected according to a selection sequence preset by a technician, or one encryption type can be selected by default.
And 204, processing the message to be processed according to the first encryption model to obtain an encrypted message.
In the embodiment, the registration center processes the message to be processed according to the first encryption model to obtain the encrypted message.
Optionally, the message to be processed carries the signature to be processed, and the pre-stored second encryption model is determined according to the preferred encryption type. And processing the signature to be processed according to the second encryption model to obtain an encrypted signature. The encrypted signature is added to the encrypted message.
In an embodiment, after the registry obtains the encrypted message, the registry determines a pre-stored second encryption model according to the preferred encryption type, where the second encryption model may be an encryption algorithm different from the first encryption model, or may be an encryption algorithm consistent with the first encryption model. And the registry processes the signature to be processed according to the second encryption model to obtain an encrypted signature. The registry adds the encrypted signature to the encrypted message.
Optionally, determining a pre-stored second encryption model according to the preferred encryption type specifically includes the following steps: and acquiring a weight value in the message attribute of the message to be processed. And if the weight value exceeds a preset important message threshold value, determining a second encryption model which is not associated with the first encryption model, otherwise, selecting the second encryption model which is associated with the first encryption model.
In the embodiment, the sending end stores the weight comparison table in advance, and the user can select a corresponding weight value according to the importance of the message. The registration center obtains the weight value in the message attribute of the message to be processed. And if the registration center identifies that the weight value exceeds a preset important message threshold value, determining a second encryption model which is not associated with the first encryption model, and otherwise, selecting the second encryption model which is associated with the first encryption model.
Optionally, selecting a second encryption model associated with the first encryption model specifically includes the following steps: and obtaining a pre-stored model weight relation chain of the first encryption model. And selecting a corresponding second encryption model according to a preset low-weight selection rule and a model weight relation chain.
In an embodiment, the registry stores in advance a model weight relationship chain, such as: 3DES-RSA-DES, SHA256-SHA 1. The registration center is also preset with a low weight selection rule, and when the registration center identifies that the weight value of a certain message is lower than the threshold value of the important message, the next-level encryption type is selected. For example: when the weight child of a certain message is lower than the important message threshold value and the first encryption model is the 3DES algorithm, the second encryption model can be the RSA algorithm. In addition, when a certain model weight relationship chain only corresponds to one encryption model, the default first encryption model and the default second encryption model are both the same encryption model.
In the embodiment, the registry sends the encrypted message to the sending end, so that the sending end sends the encrypted message to the receiving end, and the receiving end decrypts the encrypted message and starts service processing.
Optionally, when a decryption request corresponding to the encrypted message sent by the receiving end is received, the decryption identifier of the receiving end is obtained. And selecting a pre-stored decryption type corresponding to the decryption identifier, if the preferred encryption type is matched with the decryption type, decrypting the encrypted message according to the first encryption model to obtain an original message, and sending the original message to a receiving end, otherwise, generating prompt information of message matching failure, and sending the prompt information to the receiving end.
In an embodiment, after the registry sends the encrypted message to the sending end, when the registry receives a decryption request corresponding to the encrypted message sent by the receiving end, the decryption identifier of the receiving end is obtained. The registration center stores a plurality of decryption types in advance, and each decryption type is associated with different decryption identifiers. The registration center selects a decryption type corresponding to the decryption identification, when the preferred encryption type is consistent (namely matched) with the decryption type, the encrypted message is decrypted according to the first encryption model to obtain an original message, the original message is sent to the receiving end, and when the preferred encryption type is inconsistent with the decryption type, the registration center generates prompt information of message matching failure and sends the prompt information to the receiving end.
Optionally, the preset matching failure record table is updated to obtain the matching failure times and the matching total number. And calculating to obtain the matching failure rate according to the total matching number and the matching failure times. And if the matching failure rate exceeds a preset early warning threshold value, updating the preferred range comparison table based on the first encryption model.
In the embodiment, the registration center is preset with a matching failure record table, and the matching failure record table is used for recording the matching failure times and the matching total number. And after the registration center generates prompt information of message matching failure, calculating to obtain the matching failure rate according to the total matching number and the matching failure times. The registration center is preset with an early warning threshold, and the early warning threshold can be 10%, 20% or 50%. And if the registration center identifies that the matching failure rate exceeds a preset early warning threshold value, updating the comparison table of the preferred range based on the first encryption model. For example: when the mark proportion range is 50-100% and the corresponding optimized encryption type is SM3-RSA-MD5-SHA256, the matching failure rate corresponding to the SM3 algorithm exceeds a preset early warning threshold value, and then the corresponding optimized encryption type RSA-MD5-SHA256-SM3 enables the registration center to select the corresponding algorithm according to the sequence of the optimized encryption type.
Based on the same technical concept, the embodiment of the present application further discloses a data unification security authentication system, which includes a sending end, a receiving end and a registration center, as shown in fig. 3, the registration center includes:
the first acquisition module is used for acquiring a message to be processed sent by a sending end;
the first selection module is used for selecting an optimal encryption type corresponding to the message to be processed according to a preset optimal range comparison table;
a first determining module for determining a pre-stored first encryption model corresponding to a preferred encryption type;
the first obtaining module is used for processing the message to be processed according to the first encryption model to obtain an encrypted message;
and the first sending module is used for sending the encrypted message to the sending end so that the sending end sends the encrypted message to the receiving end.
Optionally, the second obtaining module is configured to obtain a decryption identifier of the receiving end when receiving a decryption request corresponding to the encrypted message sent by the receiving end;
the second selecting module is used for selecting a pre-stored decryption type corresponding to the decryption identifier;
the decryption module is used for decrypting the encrypted message according to the first encryption model when the optimized encryption type is matched with the decryption type to obtain an original message;
the second sending module is used for sending the original message to the receiving end;
the generating module is used for generating prompt information of message matching failure when the optimized encryption type is not matched with the decryption type;
and the third sending module is used for sending the prompt message to the receiving end.
Optionally, the second obtaining module is configured to update a preset matching failure record table to obtain matching failure times and a matching total number;
the calculating module is used for calculating to obtain the matching failure rate according to the total matching number and the matching failure times;
and the updating module is used for updating the preferred range comparison table based on the first encryption model when the matching failure rate exceeds a preset early warning threshold value.
Optionally, the second determining module is configured to determine a second pre-stored encryption model according to the preferred encryption type;
the third obtaining module is used for processing the signature to be processed according to the second encryption model to obtain an encrypted signature;
and the adding module is used for adding the encrypted signature to the encrypted message.
Optionally, the third obtaining module is configured to obtain a weight value in a packet attribute of the packet to be processed;
the third determining module is used for determining a second encryption model which is not associated with the first encryption model when the weight value exceeds a preset important message threshold value;
and the third selection module is used for selecting a second encryption model associated with the first encryption model when the weight value does not exceed the preset important message threshold value.
Optionally, the fourth obtaining module is configured to obtain a model weight relationship chain of a pre-stored first encryption model;
and the fourth selection module is used for selecting the corresponding second encryption model according to a preset low-weight selection rule and the model weight relation chain.
Optionally, the fifth obtaining module is configured to obtain a byte amount of the message to be processed;
the fifth selection module is used for selecting candidate encryption types corresponding to the byte amount from a preset encryption length comparison table;
and the sixth selection module is used for selecting the optimal encryption type corresponding to the message attribute from the candidate encryption types according to a preset optimal range comparison table.
The embodiment of the application also discloses an electronic device, which comprises a memory and a processor, wherein the memory is stored with a computer program which can be loaded by the processor and can execute the data unified security authentication method.
An embodiment of the present application further discloses a computer-readable storage medium, which stores a computer program that can be loaded by a processor and execute the above unified data security authentication method, and the computer-readable storage medium includes, for example: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above examples are only used to illustrate the technical solutions of the present application, and do not limit the scope of protection of the application. It is to be understood that the embodiments described are only some of the embodiments of the present application and not all of them. All other embodiments, which can be derived by a person skilled in the art from these embodiments without making any inventive step, are within the scope of the present application.
Claims (10)
1. A data unified security authentication method is characterized by comprising the following steps:
acquiring a message to be processed sent by a sending end, wherein the message to be processed carries message attributes;
selecting an optimal encryption type corresponding to the message attribute according to a preset optimal range comparison table;
determining a pre-stored first encryption model corresponding to a preferred encryption type;
processing the message to be processed according to the first encryption model to obtain an encrypted message;
and sending the encrypted message to the sending end so that the sending end sends the encrypted message to the receiving end.
2. The method for unified security authentication of data according to claim 1, further comprising the following steps after said sending of said encrypted message to the sending end:
when a decryption request corresponding to the encrypted message sent by a receiving end is received, acquiring a decryption identifier of the receiving end;
selecting a pre-stored decryption type corresponding to the decryption identifier;
if the optimized encryption type is matched with the decryption type, decrypting the encrypted message according to a first encryption model to obtain an original message;
sending the original message to a receiving end;
otherwise, generating prompt information of message matching failure;
and sending the prompt information to a receiving end.
3. The unified data security authentication method according to claim 2, further comprising the following steps after the prompt message indicating the failure of matching the generated message:
updating a preset matching failure record table to obtain matching failure times and matching total number;
calculating to obtain a matching failure rate according to the total matching number and the matching failure times;
and if the matching failure rate exceeds a preset early warning threshold value, updating the preferred range comparison table based on the first encryption model.
4. The unified data security authentication method according to claim 1, wherein the message to be processed carries a signature to be processed;
after the message to be processed is processed according to the first encryption model to obtain an encrypted message, the method further comprises the following steps:
determining a pre-stored second encryption model according to the preferred encryption type;
processing the signature to be processed according to the second encryption model to obtain an encrypted signature;
adding the encrypted signature to an encrypted message.
5. The method for unified security certification of data according to claim 4, wherein the determining the pre-stored second encryption model according to the preferred encryption type comprises the following steps:
acquiring a weight value in message attributes of a message to be processed;
if the weight value exceeds a preset important message threshold value, determining a second encryption model which is not associated with the first encryption model;
otherwise, a second cryptographic model associated with the first cryptographic model is selected.
6. The method for unified security certification of data according to claim 5, wherein said selecting the second encryption model associated with the first encryption model comprises the following steps:
obtaining a model weight relation chain of a pre-stored first encryption model;
and selecting a corresponding second encryption model according to a preset low-weight selection rule and the model weight relation chain.
7. The unified data security authentication method according to claim 1, wherein the selecting a preferred encryption type corresponding to the message attribute according to a preset preferred range comparison table comprises the following steps:
acquiring the byte quantity of a message to be processed;
selecting a candidate encryption type corresponding to the byte amount from a preset encryption length comparison table;
and selecting an optimal encryption type corresponding to the message attribute from the candidate encryption types according to a preset optimal range comparison table.
8. The unified data security authentication system is characterized by comprising a sending end, a receiving end and a registration center, wherein the registration center comprises:
the first acquisition module is used for acquiring a message to be processed sent by a sending end;
the first selection module is used for selecting an optimal encryption type corresponding to the message to be processed according to a preset optimal range comparison table;
a first determining module for determining a pre-stored first encryption model corresponding to a preferred encryption type;
a first obtaining module, configured to process the to-be-processed packet according to the first encryption model to obtain an encrypted packet;
and the first sending module is used for sending the encrypted message to the sending end so that the sending end sends the encrypted message to the receiving end.
9. An electronic device comprising a memory and a processor, the memory having stored thereon a computer program that can be loaded by the processor and that executes the method according to any of claims 1 to 7.
10. A computer-readable storage medium, in which a computer program is stored which can be loaded by a processor and which executes the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210278983.XA CN114726591B (en) | 2022-03-21 | 2022-03-21 | Data unified security authentication method, system, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210278983.XA CN114726591B (en) | 2022-03-21 | 2022-03-21 | Data unified security authentication method, system, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114726591A true CN114726591A (en) | 2022-07-08 |
| CN114726591B CN114726591B (en) | 2024-02-27 |
Family
ID=82236601
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210278983.XA Active CN114726591B (en) | 2022-03-21 | 2022-03-21 | Data unified security authentication method, system, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114726591B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101345761A (en) * | 2008-08-20 | 2009-01-14 | 深圳市同洲电子股份有限公司 | Private data transmission method and system |
| KR20090067017A (en) * | 2007-12-20 | 2009-06-24 | 중앙대학교 산학협력단 | A frame-based selective encryption methoad and apparatus for real time video transmission on voip |
| CN106254327A (en) * | 2016-07-28 | 2016-12-21 | 努比亚技术有限公司 | Information processor and method |
| CN107154916A (en) * | 2016-03-02 | 2017-09-12 | 阿里巴巴集团控股有限公司 | A kind of authentication information acquisition methods, offer method and device |
| CN111224958A (en) * | 2019-12-28 | 2020-06-02 | 合肥长远知识产权管理有限公司 | Data transmission method and system |
| CN113221152A (en) * | 2021-05-31 | 2021-08-06 | 中国农业银行股份有限公司 | Data processing method, device, apparatus, storage medium, and program |
-
2022
- 2022-03-21 CN CN202210278983.XA patent/CN114726591B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20090067017A (en) * | 2007-12-20 | 2009-06-24 | 중앙대학교 산학협력단 | A frame-based selective encryption methoad and apparatus for real time video transmission on voip |
| CN101345761A (en) * | 2008-08-20 | 2009-01-14 | 深圳市同洲电子股份有限公司 | Private data transmission method and system |
| CN107154916A (en) * | 2016-03-02 | 2017-09-12 | 阿里巴巴集团控股有限公司 | A kind of authentication information acquisition methods, offer method and device |
| CN106254327A (en) * | 2016-07-28 | 2016-12-21 | 努比亚技术有限公司 | Information processor and method |
| CN111224958A (en) * | 2019-12-28 | 2020-06-02 | 合肥长远知识产权管理有限公司 | Data transmission method and system |
| CN113221152A (en) * | 2021-05-31 | 2021-08-06 | 中国农业银行股份有限公司 | Data processing method, device, apparatus, storage medium, and program |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114726591B (en) | 2024-02-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2718689C2 (en) | Confidential communication control | |
| US10439804B2 (en) | Data encrypting system with encryption service module and supporting infrastructure for transparently providing encryption services to encryption service consumer processes across encryption service state changes | |
| US6567914B1 (en) | Apparatus and method for reducing transmission bandwidth and storage requirements in a cryptographic security system | |
| CN109150499B (en) | Method and device for dynamically encrypting data, computer equipment and storage medium | |
| CN107801165B (en) | Business short message pushing method and device, computer equipment and storage medium | |
| CN110099064B (en) | File processing method, device, equipment and storage medium based on Internet of things | |
| JP2007028014A (en) | Digital signature program, digital signature system, digital signature method and signature verification method | |
| CN114637987B (en) | Security chip firmware downloading method and system based on platform verification | |
| CN112738051B (en) | Data information encryption method, system and computer readable storage medium | |
| CN111970109B (en) | Data transmission method and system | |
| US20120144192A1 (en) | Method, device, and system for managing permission information | |
| CN115208705B (en) | Encryption and decryption method and device based on link data self-adaptive adjustment | |
| CN113515766A (en) | File transmission method and device | |
| CN112637109A (en) | Data transmission method, system, electronic device and computer readable medium | |
| CN115442032A (en) | Data processing method, system on chip and readable storage medium | |
| CN107872315B (en) | Data processing method and intelligent terminal | |
| CN115150821A (en) | Offline package transmission and storage method and device | |
| CN105933295A (en) | Credit distribution method, system and device | |
| CN114499836A (en) | Key management method, key management device, computer equipment and readable storage medium | |
| CN112311528B (en) | Data security transmission method based on cryptographic algorithm | |
| CN117118754B (en) | Information interaction management method, device, equipment and medium of Internet of things equipment | |
| CN101808100B (en) | Method and system for solving replay of remote update of information safety device | |
| CN116455572B (en) | Data encryption method, device and equipment | |
| CN113542187A (en) | File uploading and downloading method and device, computer device and medium | |
| CN114726591B (en) | Data unified security authentication method, system, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |