CN115001713A - Instant message encryption system based on commercial cryptographic algorithm in medical field - Google Patents

Instant message encryption system based on commercial cryptographic algorithm in medical field Download PDF

Info

Publication number
CN115001713A
CN115001713A CN202210655165.7A CN202210655165A CN115001713A CN 115001713 A CN115001713 A CN 115001713A CN 202210655165 A CN202210655165 A CN 202210655165A CN 115001713 A CN115001713 A CN 115001713A
Authority
CN
China
Prior art keywords
instant message
encryption
instant
message
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210655165.7A
Other languages
Chinese (zh)
Other versions
CN115001713B (en
Inventor
王爽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Dr Ma Network Technology Co ltd
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202210655165.7A priority Critical patent/CN115001713B/en
Publication of CN115001713A publication Critical patent/CN115001713A/en
Application granted granted Critical
Publication of CN115001713B publication Critical patent/CN115001713B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/88Medical equipments

Abstract

The invention provides an instant message encryption system based on a medical field commercial cryptographic algorithm, which comprises a cryptographic service management module, a cryptographic service management platform and a cryptographic service management module, wherein the cryptographic service management platform is established based on the medical field commercial cryptographic algorithm and provides cryptographic service management for a user party; the user side comprises an instant message sending side and an instant message receiving side; the user identity authentication module is used for registering and authenticating the user identity of the user party on the basis of the password service management platform; the instant message encryption module is used for encrypting the instant message based on the password service management platform to generate an encrypted instant message; the instant message transmission module transmits the encrypted instant message from the instant message sender to the instant message receiver by means of the instant message sending server; and the instant message acquisition module is used for the instant message receiver to decrypt the encrypted instant message and acquire the instant message. The invention can improve the accuracy of the encryption of the instant message and realize the safe transmission of the instant message.

Description

Instant message encryption system based on commercial cryptographic algorithm in medical field
Technical Field
The invention relates to the technical field of instant message encryption, in particular to an instant message encryption system based on a commercial cryptographic algorithm in the medical field.
Background
In the medical field, the data security of medical equipment relates to the lives of people and the privacy of patients, belongs to extremely sensitive core data, the data can only be transmitted between authorized personnel and patients of medical institutions, and any illegal leakage can cause huge influence; by adopting the national commercial cipher standard, the data can be ensured to be ensured in the aspects of integrity, privacy, authenticable and the like; in the instant message transmission, the situation that the encryption method is not new enough and the encryption effect is not good enough exists, and the national commercial password standard based on the medical field is needed to be applied to the instant message encryption system, so that the data transmission safety is ensured.
Disclosure of Invention
The invention provides an instant message encryption system based on a commercial cryptographic algorithm in the medical field, which can improve the accuracy of instant message encryption and realize the safe transmission of instant messages.
An instant message encryption system based on a medical field commercial cryptographic algorithm, comprising:
the password service management module is used for establishing a password service management platform based on a commercial password algorithm in the medical field and providing password service management for a user party; the user side comprises an instant message sending side and an instant message receiving side;
the user identity authentication module is used for registering and authenticating the user identity of the user party based on the password service management platform;
the instant message encryption module is used for encrypting the instant message based on the password service management platform to generate an encrypted instant message;
the instant message transmission module is used for transmitting the encrypted instant message from the instant message sender to the instant message receiver by means of the instant message sending server;
and the instant message acquisition module is used for the instant message receiver to decrypt the encrypted instant message and acquire the instant message.
Further, the cryptographic service management module comprises a commercial cryptographic algorithm selection unit and a service function deployment unit;
the commercial cipher algorithm selecting unit is used for selecting an SM2 public key algorithm, an SM3 Hash cipher algorithm and an SM4 block cipher algorithm in the commercial cipher algorithms in the medical field as the encryption algorithm of the instant message; using an SM2 public key algorithm to generate a digital signature and a signature for the instant message; using an SM3 hash cryptographic algorithm to compute an instant message fingerprint; using an SM4 block cipher algorithm for block-encrypting instant messages;
the service function deployment unit is used for setting a signature verification server and an electronic signature server based on an SM2 public key algorithm.
Further, the user identity authentication module comprises an identity registration unit and an identity authentication unit;
the identity registration unit comprises a user party selecting registration information and sending the registration information to a password service management platform; the registration information comprises an identity, a password and a random number; after receiving the registration information, the password service management platform checks the validity of the identity, and if the identity exists, the password service management platform sends information for reselecting the identity to the user; otherwise, the password service management platform selects a random number, stores the identity, the password and the random number into the smart card and issues the smart card to the user side; after receiving the smart card, the user side stores the random number into the smart card to complete registration;
the identity authentication unit comprises an instant message sender selecting a first random number and creating a first instant message sending request to an instant message receiver; the instant message receiver checks the first time stamp information after receiving the first instant message sending request, and if the first time stamp information is incorrect, the session is terminated; if the first timestamp information is correct, the instant message receiver selects a second random number and creates a second instant message sending request to the instant message sender; the instant message receiver checks the second time stamp information after receiving the second instant message sending request, and if the second time stamp information is incorrect, the session is terminated; and if the second timestamp information is correct, finishing the mutual authentication of the instant message sender and the instant message receiver.
Further, the user identity authentication module comprises a password modification unit, which is used for modifying the encrypted password by the user; the password modification unit comprises an identity confirmation subunit and a password resetting subunit;
the identity confirmation subunit comprises a user side, a password service management platform and an identity confirmation subunit, wherein the user side inputs an identity and a password and sends a password modification request mark to the password service management platform; the password service management platform and the user side perform mutual authentication, if the authentication is successful, password modification is allowed, and the request expression is received; if the authentication is unsuccessful, the password modification is refused;
the password resetting subunit comprises a password service management platform which sends a request mark and a request success code to a user side, and the user side inputs a new password through the intelligent card equipment;
or the password service management platform sends a short message verification code to the mobile phone of the user party, and the user party sends the short message verification code, the request mark and the new password to the password service management platform;
and the password service management platform receives the new password of the user party, resets the account of the user party, modifies the password of the user party in the database, and sends feedback information of successful resetting to the user party.
Further, the instant message encryption module comprises a session key generation unit and an instant message encryption unit;
the session key generation unit is used for generating a user side public key and a user side private key pair by using an SM2 public key algorithm and an SM3 Hash cipher algorithm according to preset security parameters; generating an encrypted session key by using the digital certificate of the instant message sender, the digital signature and the user public key of the instant message receiver;
the instant message encryption unit is used for encrypting the instant message by using SM2 group cryptographic algorithm to generate the encrypted instant message.
Furthermore, the instant message encryption unit further comprises an instant message security level classification unit, which is used for classifying instant messages into high-level messages, medium-level messages and low-level messages according to the sequence of security levels from high to low based on the corresponding influence objects and the generated influence degrees after the data security is damaged; and aiming at the messages with different security levels, corresponding encryption strategies are adopted.
Further, the instant messaging module is configured to deliver encrypted instant messages based on extensible messaging and presence protocols; the method comprises the following steps:
the instant message sender sends the instant message sending content to the instant message sending server; the instant message sending content comprises an instant message sender digital certificate, an instant message sender digital signature, an instant message receiver user identity, an encrypted instant message and the session key;
the instant message sending server receives the instant message sending content and sends the instant message receiving content to an instant message receiver according to the user identity of the instant message receiver; the instant message receiving content includes an instant message sender digital certificate, an instant message sender digital signature, an encrypted instant message, and the session key.
Furthermore, the instant message transmission module further comprises an instant message protection unit, wherein the instant message protection unit comprises a message data desensitization subunit, a message data watermark adding subunit and a message data real-time monitoring subunit;
the message data desensitization subunit is used for making a data desensitization strategy according to the transmission requirement of the instant message, and desensitizing and transmitting the sensitive data;
the message data watermark adding subunit is used for adding a watermark to the important instant message and storing the message data watermark separately;
and the message data real-time monitoring subunit is used for monitoring the message data flow in real time based on a flow mirror mode and alarming the possible message data leakage event.
Further, the instant message obtaining module comprises that the instant message receiver verifies the digital certificate of the instant message sender and the digital signature of the instant message sender, and after the verification is passed, the session key is decrypted by using the private key of the user side of the instant message receiver to obtain the instant message.
Furthermore, the instant message acquisition module further comprises an instant message receiving management unit, which is used for managing the received encrypted instant message; the instant message management module comprises an encrypted instant message display unit, an encrypted instant message query unit and an encrypted instant message error feedback unit;
the encrypted instant message display unit is used for receiving the identity icon identification of an instant message sender, the encryption level of the instant message, the sending time of the instant message and the processing mode of the instant message at the same time when receiving the instant message sent by a group or a plurality of instant message senders; the identity icon identification represents the identity of the instant message sender; the processing mode comprises viewable and decrypted storage, viewable and temporary storage, viewable and non-storable only and non-repeatable viewing after one-time viewing;
the encrypted instant message query unit is used for querying historical instant messages sent by a user party corresponding to the identity icon identification based on the identity icon identification and displaying query results according to a time sequence;
and the encrypted instant message error feedback unit is used for sending an error feedback message to the instant message server and resending the instant message sending request to the instant message sender when the received encrypted instant message cannot be checked.
Furthermore, the instant message encryption module also comprises an instant message encryption template generation unit which is used for generating an encryption template according to the security level of the instant message, the type of the instant message and the encryption strategy;
the message encryption template generating unit comprises an encryption template data acquiring subunit, an encryption template testing subunit and an encryption template determining subunit;
the encryption template data subunit is used for acquiring the security level of the instant message, the type of the instant message and the encryption algorithm of the instant message based on the big data;
the encryption template testing subunit is used for establishing an encryption template data set matched with the instant message security level, the type of the instant message and the encryption algorithm of the instant message in three ways according to a preset matching rule; testing and evaluating an encryption template according to a preset instant message transmission safety evaluation index; the safety evaluation indexes comprise encryption complexity, data integrity and data transmission speed;
and the encryption template determining subunit is used for obtaining the optimal encryption template data according to the test evaluation result and using the optimal encryption template data as the instant message encryption template.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and drawings.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is a schematic diagram of an instant message encryption system based on a commercial cryptographic algorithm in the medical field according to the present invention;
FIG. 2 is a schematic diagram of a cryptographic service management module of an instant messaging encryption system based on a commercial cryptographic algorithm in the medical field according to the present invention;
fig. 3 is a schematic diagram of an instant message encryption module of an instant message encryption system based on a commercial cryptographic algorithm in the medical field according to the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.
An instant message encryption system based on a medical field commercial cryptographic algorithm, as shown in fig. 1, comprises:
the password service management module is used for establishing a password service management platform based on a commercial password algorithm in the medical field and providing password service management for a user party; the user side comprises an instant message sending side and an instant message receiving side;
the user identity authentication module is used for registering and authenticating the user identity of the user party based on the password service management platform;
the instant message encryption module is used for encrypting the instant message based on the password service management platform to generate an encrypted instant message;
the instant message transmission module is used for transmitting the encrypted instant message from the instant message sender to the instant message receiver by means of the instant message sending server;
and the instant message acquisition module is used for the instant message receiver to decrypt the encrypted instant message and acquire the instant message.
The working principle of the technical scheme is as follows: the establishment of the encryption system of the instant message needs to establish a password service management platform by utilizing a commercial password algorithm in the medical field, and realize the transmission of the encrypted instant message after the identity authentication is carried out on an instant message sender and a receiver; the embodiment comprises a password service management module, a password service management module and a password service management module, wherein the password service management module is used for establishing a password service management platform based on a commercial password algorithm in the medical field and providing password service management for a user party; the user side comprises an instant message sending side and an instant message receiving side;
the user identity authentication module is used for registering and authenticating the user identity of the user party based on the password service management platform;
the instant message encryption module is used for encrypting the instant message based on the password service management platform to generate an encrypted instant message;
the instant message transmission module is used for transmitting the encrypted instant message from the instant message sender to the instant message receiver by means of the instant message sending server;
and the instant message acquisition module is used for the instant message receiver to decrypt the encrypted instant message and acquire the instant message.
The beneficial effects of the above technical scheme are: by adopting the scheme provided by the embodiment, the accuracy of the encryption of the instant message can be improved, and the safe and reliable transmission of the instant message is realized.
In one embodiment, as shown in fig. 2, the cryptographic service management module includes a commercial cryptographic algorithm selection unit, a service function deployment unit;
the commercial cipher algorithm selecting unit is used for selecting an SM2 public key algorithm, an SM3 Hash cipher algorithm and an SM4 block cipher algorithm in the commercial cipher algorithms in the medical field as the encryption algorithm of the instant message; using an SM2 public key algorithm to generate a digital signature and a signature for the instant message; using an SM3 hash cryptographic algorithm to compute an instant message fingerprint; using an SM4 block cipher algorithm for block-encrypting instant messages;
the service function deployment unit is used for setting a signature verification server and an electronic signature server based on an SM2 public key algorithm.
The working principle of the technical scheme is as follows: the M2 elliptic curve public key cryptographic algorithm is a public key cryptographic algorithm independently designed in China and is used for realizing functions of digital signature key negotiation, data encryption and the like. The SM3 hash algorithm is suitable for generation and verification of digital signature and verification message authentication codes and generation of random numbers in commercial password application, and can meet the security requirements of various password applications. The SM4 block cipher algorithm is used for realizing encryption and decryption operations of data to ensure confidentiality of data and information. The present embodiment is based on the use of these commercial cryptographic algorithms for encryption applications; the password service management module comprises a commercial password algorithm selection unit and a service function deployment unit;
the commercial cipher algorithm selecting unit is used for selecting an SM2 public key algorithm, an SM3 Hash cipher algorithm and an SM4 block cipher algorithm in the commercial cipher algorithms in the medical field as the encryption algorithm of the instant message; using SM2 public key algorithm to generate digital signature and signature for instant message; using an SM3 hash cryptographic algorithm to compute an instant message fingerprint; using the SM4 block cipher algorithm for block encryption of instant messages;
the service function deployment unit is used for setting a signature verification server and an electronic signature server based on an SM2 public key algorithm.
The beneficial effects of the above technical scheme are: by adopting the scheme provided by the embodiment, the encryption of the instant message is determined by utilizing the commercial cryptographic algorithm in the medical field, so that the security of the encryption of the instant message is ensured.
In one embodiment, the user identity authentication module comprises an identity registration unit and an identity authentication unit;
the identity registration unit comprises that a user selects registration information and sends the registration information to a password service management platform; the registration information comprises an identity, a password and a random number; the password service management platform checks the validity of the identity after receiving the registration information, and if the identity exists, the password service management platform sends information for reselecting the identity to the user; otherwise, the password service management platform selects a random number, stores the identity, the password and the random number into the smart card and issues the smart card to the user side; after receiving the smart card, the user side stores the random number into the smart card to complete registration;
the identity authentication unit comprises an instant message sender selecting a first random number and creating a first instant message sending request to an instant message receiver; the instant message receiver checks the first time stamp information after receiving the first instant message sending request, and if the first time stamp information is incorrect, the session is terminated; if the first timestamp information is correct, the instant message receiver selects a second random number and creates a second instant message sending request to the instant message sender; the instant message receiver checks the second time stamp information after receiving the second instant message sending request, and if the second time stamp information is incorrect, the session is terminated; and if the second timestamp information is correct, finishing the mutual authentication of the instant message sender and the instant message receiver.
The working principle of the technical scheme is as follows: identity authentication is the process of identifying the true identity of a communicating party through various cryptographic algorithms and authentication factors. After the identity authentication is successful, both parties of the instant message communication establish a session key for use in subsequent communication; the intelligent card is arranged on the user side and used for storing a user identity digital certificate and electronic seal data; the embodiment passes through double-factor authentication of double factors, firstly passes through the authentication of the intelligent card, and then continues to carry out single-factor identity authentication; the user identity authentication module of the embodiment comprises an identity registration unit and an identity authentication unit;
the identity registration unit comprises a user party selecting registration information and sending the registration information to a password service management platform; the registration information comprises an identity, a password and a random number; the password service management platform checks the validity of the identity after receiving the registration information, and if the identity exists, the password service management platform sends information for reselecting the identity to the user; otherwise, the password service management platform selects a random number, stores the identity, the password and the random number into the smart card and issues the smart card to the user side; after receiving the smart card, the user side stores the random number into the smart card to complete registration;
the identity authentication unit comprises an instant message sender selecting a first random number and creating a first instant message sending request to an instant message receiver; the instant message receiver checks the first time stamp information after receiving the first instant message sending request, and if the first time stamp information is incorrect, the session is terminated; if the first time stamp information is correct, the instant message receiver selects a second random number and creates a second instant message sending request to the instant message sender; the instant message receiver checks the second time stamp information after receiving the second instant message sending request, and if the second time stamp information is incorrect, the session is terminated; and if the second timestamp information is correct, finishing the mutual authentication of the instant message sender and the instant message receiver.
The beneficial effects of the above technical scheme are: by adopting the scheme provided by the embodiment, the identity of the sending party and the identity of the receiving party of the instant message can be effectively verified through the user identity dual-factor authentication, and a foundation is provided for the safe and reliable transmission of the instant message.
In one embodiment, as shown in fig. 3, the instant message encryption module includes a session key generation unit and an instant message encryption unit;
the session key generation unit is used for generating a user side public key and a user side private key pair by using an SM2 public key algorithm and an SM3 Hash cipher algorithm according to preset security parameters; generating an encrypted session key by using the digital certificate of the instant message sender, the digital signature and the user public key of the instant message receiver;
the instant message encryption unit is used for encrypting the instant message by using SM2 group cryptographic algorithm to generate the encrypted instant message.
The working principle of the technical scheme is as follows: the instant message encryption module comprises a session key generation unit and an instant message encryption unit;
the session key generation unit is used for generating a user side public key and a user side private key pair by using an SM2 public key algorithm and an SM3 Hash cipher algorithm according to preset security parameters; generating an encrypted session key by using the digital certificate of the instant message sender, the digital signature and the user public key of the instant message receiver;
the instant message encryption unit is used for encrypting the instant message by using SM2 group cryptographic algorithm to generate the encrypted instant message.
The beneficial effects of the above technical scheme are: by adopting the scheme provided by the embodiment, the pertinence of the instant message encryption is improved by generating the key and encrypting the instant message by using different cryptographic algorithms, and the quality of the instant message encryption is favorably improved.
In one embodiment, the instant message encryption unit further includes an instant message security level classification unit, configured to classify instant messages into high-level messages, medium-level messages, and low-level messages according to a sequence from high to low in security level, based on a corresponding influence object and a generated influence degree after data security is damaged; and aiming at the messages with different security levels, corresponding encryption strategies are adopted.
The working principle of the technical scheme is as follows: the instant message encryption unit also comprises an instant message security level classification unit which is used for classifying instant messages into high-level messages, medium-level messages and low-level messages according to the sequence of security levels from high to low based on the corresponding influence objects and the generated influence degrees after the data security is damaged; and aiming at the messages with different security levels, corresponding encryption strategies are adopted. Such as setting user-side personal information, message data relating to user privacy as high-level data, management-type data (logs, configuration information, etc.) as medium-level data, and public data as low-level data; different encryption strategies are adopted for data of different levels, high-complexity encryption algorithms and means are adopted for high-level data, common complex encryption algorithms and means are adopted for medium-level data, and simple encryption algorithms and means are adopted for low-level data, so that confidentiality and integrity of instant message data in the processes of transmission, storage and use are guaranteed, and meanwhile, on the basis of an access control means, access of a user to the data of different levels is limited on the basis of a security mark.
The beneficial effects of the above technical scheme are: by adopting the scheme provided by the embodiment, the instant message is encrypted by different strategies by distinguishing different security levels, so that the efficiency and the quality of the instant message encryption can be improved.
In one embodiment, the instant messaging module is configured to deliver encrypted instant messages based on an extensible messaging and presence protocol; the method comprises the following steps:
the instant message sender sends the instant message sending content to the instant message sending server; the instant message sending content comprises an instant message sender digital certificate, an instant message sender digital signature, an instant message receiver user identity, an encrypted instant message and the session key;
the instant message sending server receives the instant message sending content and sends the instant message receiving content to an instant message receiver according to the identity of the instant message receiver; the instant message receiving content includes an instant message sender digital certificate, an instant message sender digital signature, an encrypted instant message, and the session key.
The working principle of the technical scheme is as follows: the extensible messaging and presence protocol defines three roles: the system comprises a client, a server and a gateway, wherein the client, the server and the gateway can be arbitrarily interconnected and communicated; the present embodiment delivers encrypted instant messages based on this protocol; the method comprises the following steps:
the instant message sender sends the instant message sending content to the instant message sending server; the instant message sending content comprises an instant message sender digital certificate, an instant message sender digital signature, an instant message receiver user identity, an encrypted instant message and the session key;
the instant message sending server receives the instant message sending content and sends the instant message receiving content to an instant message receiver according to the user identity of the instant message receiver; the instant message receiving content includes an instant message sender digital certificate, an instant message sender digital signature, an encrypted instant message, and the session key.
The beneficial effects of the above technical scheme are: by adopting the scheme provided by the embodiment, the instant message can be ensured to complete transmission safely and completely by utilizing the instant message transfer protocol.
In one embodiment, the instant messaging module further comprises an instant message protection unit, wherein the instant message protection unit comprises a message data desensitization subunit, a message data watermarking addition subunit and a message data real-time monitoring subunit;
the message data desensitization subunit is used for making a data desensitization strategy according to the transmission requirement of the instant message, and desensitizing and transmitting the sensitive data;
the message data watermark adding subunit is used for adding a watermark to the important instant message and storing the message data watermark separately;
and the message data real-time monitoring subunit is used for monitoring the message data flow in real time based on a flow mirror mode and alarming the possible message data leakage event.
The working principle of the technical scheme is as follows: based on the transmission requirements of different instant messages, the instant messages need to be preliminarily processed and monitored in real time so as to protect the safety of data; the instant message transmission module also comprises an instant message protection unit, wherein the instant message protection unit comprises a message data desensitization subunit, a message data watermark adding subunit and a message data real-time monitoring subunit;
the message data desensitization subunit is used for formulating a data desensitization strategy according to the transmission requirement of the instant message, and transmitting the desensitized sensitive data;
the message data watermark adding subunit is used for adding a watermark to the important instant message and storing the message data watermark separately;
and the message data real-time monitoring subunit is used for monitoring the message data flow in real time based on a flow mirror mode and alarming the possible message data leakage event.
The beneficial effects of the above technical scheme are: by adopting the scheme provided by the embodiment, the message data protection unit can realize the protection of sensitive message data, the real-time monitoring of the message data leakage event and the real-time tracing of the message data leakage condition, and the safety of message transmission is improved.
In one embodiment, the instant message obtaining module includes that the instant message receiver verifies the digital certificate of the instant message sender and the digital signature of the instant message sender, and when the verification is passed, the session key is decrypted by using the private key of the user side of the instant message receiver to obtain the instant message.
The working principle of the technical scheme is as follows: the instant message acquisition module comprises that an instant message receiver verifies the digital certificate of the instant message sender and the digital signature of the instant message sender, and after the verification is passed, the session key is decrypted by using a private key of a user side of the instant message receiver to acquire the instant message.
The beneficial effects of the above technical scheme are: by adopting the scheme provided by the embodiment, the instant message receiver decrypts the message after receiving the message to obtain the instant message, thereby ensuring the security of instant message transmission.
In one embodiment, the instant message obtaining module further includes an instant message receiving management unit, configured to manage the received encrypted instant message; the instant message management module comprises an encrypted instant message display unit, an encrypted instant message query unit and an encrypted instant message error feedback unit;
the encrypted instant message display unit is used for receiving the identity icon identification of an instant message sender, the encryption level of the instant message, the sending time of the instant message and the processing mode of the instant message at the same time when receiving the instant message sent by a group or a plurality of instant message senders; the identity icon identification represents the identity of the instant message sender; the processing mode comprises viewable and decrypted storage, viewable and temporary storage, viewable and non-storable only and non-repeatable viewing after one-time viewing;
the encrypted instant message query unit is used for querying historical instant messages sent by a user side corresponding to the identity icon identification based on the identity icon identification and displaying query results according to a time sequence;
and the encrypted instant message error feedback unit is used for sending an error feedback message to the instant message server and resending the instant message sending request to the instant message sender when the received encrypted instant message cannot be checked.
The working principle of the technical scheme is as follows: after receiving the instant message, the instant message receiver needs to consider management under the condition of numerous messages and the condition that the received instant message cannot be checked, and needs to mark or feed back problems to the instant message; the instant message receiving management unit of the embodiment is used for managing the received encrypted instant message; the instant message management module comprises an encrypted instant message display unit, an encrypted instant message query unit and an encrypted instant message error feedback unit;
the encrypted instant message display unit is used for receiving the identity icon identification of an instant message sender, the encryption level of the instant message, the sending time of the instant message and the processing mode of the instant message at the same time when receiving the instant message sent by a group or a plurality of instant message senders; the identity icon identification represents the identity of the instant message sender; the processing mode comprises viewable and decrypted storage, viewable and temporary storage, viewable and non-storable only and non-repeatable viewing after one-time viewing;
the encrypted instant message query unit is used for querying historical instant messages sent by a user side corresponding to the identity icon identification based on the identity icon identification and displaying query results according to a time sequence;
and the encrypted instant message error feedback unit is used for sending an error feedback message to the instant message server and resending the instant message sending request to the instant message sender when the received encrypted instant message cannot be checked.
In the process of sending the instant message, an instant message sender sends the instant message and receives the instant message sent by an instant message receiver, the number of enqueue messages and the number of dequeue messages in a message queue are asymmetric, and the problem of dynamic load balance of a system needs to be considered in order to ensure the self-adaptive distribution of system resources; in order to dynamically adjust the number of the instant message receiving processing processes and the instant message sending processing processes, the loads of a message receiving queue and a message sending queue are calculated and predicted, the increasing rate of the instant message load and the processing capacity of a single instant message processing process in a fixed time period are calculated according to the number of messages output and newly increased by the instant message queue and the processing processes in the fixed time period, and the measurement of the message queue load prediction is calculated; determining whether the process number of message processing needs to be dynamically adjusted according to the instant message load increase rate and the size of the instant message processing process number;
Figure BDA0003687301570000141
Figure BDA0003687301570000151
in the above formula, t is a fixed time period, P i Set to the number of newly added instant messages of the message queue, P O Number of messages output for message queue, r 0 For instant messaging load growth rate, r 1 Dynamically adjusting the reference value; when r is 0 A value less than 0 and r 1 When the value of (1) is greater than 0, the number of message processing processes can be reduced; when r is 0 If the value is greater than 0 and the number of the message processing processes does not reach the maximum number of the system, the message processing processes can be increased; when r is 0 If the value is greater than 0 and the number of message processing processes has reached the maximum number of systems, then dynamic balancing of the instant messaging system is performed.
The beneficial effects of the above technical scheme are: by adopting the scheme provided by the embodiment, the instant message receiving party can effectively manage the instant message, so that the receiving efficiency of the instant message can be improved, and the message which cannot be checked can be timely fed back; by using the dynamic equilibrium message queue, the system efficiency when receiving instant messages and sending instant messages are asymmetric can be effectively improved.
In one embodiment, the instant message encryption module further comprises an instant message encryption template generation unit, configured to generate an encryption template according to the security level of the instant message, the type of the instant message, and the encryption policy;
the message encryption template generating unit comprises an encryption template data acquiring subunit, an encryption template testing subunit and an encryption template determining subunit;
the encryption template data subunit is used for acquiring the security level of the instant message, the type of the instant message and the encryption algorithm of the instant message based on the big data;
the encryption template testing subunit is used for establishing an encryption template data set matched with the instant message security level, the type of the instant message and the encryption algorithm of the instant message in three ways according to a preset matching rule; testing and evaluating an encryption template according to a preset instant message transmission safety evaluation index; the safety evaluation indexes comprise encryption complexity, data integrity and data transmission speed;
and the encryption template determining subunit is used for obtaining the optimal encryption template data according to the test evaluation result and using the optimal encryption template data as the instant message encryption template.
The working principle of the technical scheme is as follows: in order to encrypt the instant message more specifically, it is necessary to establish an instant message encryption template to improve the quality and efficiency of instant message encryption; the embodiment also comprises an instant message encryption template generating unit, which is used for generating an encryption template according to the security level of the instant message, the type of the instant message and the encryption strategy;
the message encryption template generating unit comprises an encryption template data acquiring subunit, an encryption template testing subunit and an encryption template determining subunit;
the encryption template data subunit is used for acquiring the security level of the instant message, the type of the instant message and the encryption algorithm of the instant message based on the big data;
the encryption template testing subunit is used for establishing an encryption template data set matched with the instant message security level, the type of the instant message and the encryption algorithm of the instant message in three ways according to a preset matching rule; testing and evaluating an encryption template according to a preset instant message transmission safety evaluation index; the safety evaluation indexes comprise encryption complexity, data integrity and data transmission speed;
and the encryption template determining subunit is used for obtaining the optimal encryption template data according to the test evaluation result and using the optimal encryption template data as the instant message encryption template.
The beneficial effects of the above technical scheme are: by adopting the scheme provided by the embodiment, the instant message encryption template is established, so that the instant message can be encrypted more conveniently, and the efficiency of encrypting and sending the instant message is improved.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (10)

1. An instant message encryption system based on a medical field commercial cryptographic algorithm, comprising:
the password service management module is used for establishing a password service management platform based on a commercial password algorithm in the medical field and providing password service management for a user party; the user side comprises an instant message sending side and an instant message receiving side;
the user identity authentication module is used for registering and authenticating the user identity of the user party based on the password service management platform;
the instant message encryption module is used for encrypting the instant message based on the password service management platform to generate an encrypted instant message;
the instant message transmission module is used for transmitting the encrypted instant message from the instant message sender to the instant message receiver by means of the instant message sending server;
and the instant message acquisition module is used for the instant message receiver to decrypt the encrypted instant message and acquire the instant message.
2. The system for encrypting the instant message based on the commercial cryptographic algorithm in the medical field as claimed in claim 1, wherein the cryptographic service management module comprises a commercial cryptographic algorithm selection unit, a service function deployment unit;
the commercial cipher algorithm selecting unit is used for selecting an SM2 public key algorithm, an SM3 Hash cipher algorithm and an SM4 block cipher algorithm in the commercial cipher algorithms in the medical field as the encryption algorithm of the instant message; using SM2 public key algorithm to generate digital signature and signature for instant message; using an SM3 hash cryptographic algorithm to compute an instant message fingerprint; using the SM4 block cipher algorithm for block encryption of instant messages;
the service function deployment unit is used for setting a signature verification server and an electronic signature server based on an SM2 public key algorithm.
3. The system for encrypting the instant message based on the medical field commercial cryptographic algorithm of claim 1, wherein the user identity authentication module comprises an identity registration unit and an identity authentication unit;
the identity registration unit comprises that a user selects registration information and sends the registration information to a password service management platform; the registration information comprises an identity, a password and a random number; the password service management platform checks the validity of the identity after receiving the registration information, and if the identity exists, the password service management platform sends information for reselecting the identity to the user; otherwise, the password service management platform selects a random number, stores the identity, the password and the random number into the smart card and issues the smart card to the user side; after receiving the smart card, the user side stores the random number into the smart card to complete registration;
the identity authentication unit comprises an instant message sender selecting a first random number and creating a first instant message sending request to an instant message receiver; the instant message receiver checks the first time stamp information after receiving the first instant message sending request, and if the first time stamp information is incorrect, the session is terminated; if the first timestamp information is correct, the instant message receiver selects a second random number and creates a second instant message sending request to the instant message sender; the instant message receiver checks the second time stamp information after receiving the second instant message sending request, and if the second time stamp information is incorrect, the session is terminated; and if the second timestamp information is correct, finishing the mutual authentication of the instant message sender and the instant message receiver.
4. The system of claim 1, wherein the instant message encryption module comprises a session key generation unit and an instant message encryption unit;
the session key generation unit is used for generating a user side public key and a user side private key pair by using an SM2 public key algorithm and an SM3 Hash cipher algorithm according to preset security parameters; generating an encrypted session key by using the digital certificate and the digital signature of the instant message sender and the public key of the user of the instant message receiver;
the instant message encryption unit is used for encrypting the instant message by using an SM2 public key cryptographic algorithm to generate the encrypted instant message.
5. The system of claim 4, wherein the instant message encryption unit further comprises an instant message security level classification unit for classifying instant messages into high-level messages, medium-level messages and low-level messages according to the security level from high to low based on the corresponding influence objects and the generated influence degrees after the data security is damaged; and aiming at the messages with different security levels, corresponding encryption strategies are adopted.
6. The system of claim 1, wherein the instant messaging module is configured to deliver the encrypted instant message based on an extensible messaging and presence protocol; the method comprises the following steps:
the instant message sender sends the instant message sending content to the instant message sending server; the instant message sending content comprises an instant message sender digital certificate, an instant message sender digital signature, an instant message receiver user identity, an encrypted instant message and the session key;
the instant message sending server receives the instant message sending content and sends the instant message receiving content to an instant message receiver according to the user identity of the instant message receiver; the instant message receiving content includes an instant message sender digital certificate, an instant message sender digital signature, an encrypted instant message, and the session key.
7. The system of claim 6, wherein the instant message module further comprises an instant message protection unit, the instant message protection unit comprises a message data desensitization subunit, a message data watermarking subunit, and a message data real-time monitoring subunit;
the message data desensitization subunit is used for making a data desensitization strategy according to the transmission requirement of the instant message, and desensitizing and transmitting the sensitive data;
the message data watermark adding subunit is used for adding a watermark to the important instant message and storing the message data watermark separately;
and the message data real-time monitoring subunit is used for monitoring the message data flow in real time based on a flow mirror mode and alarming the possible message data leakage event.
8. The system of claim 6, wherein the instant message acquiring module comprises the instant message receiver verifying the instant message sender digital certificate and the instant message sender digital signature, and when the verification is passed, decrypting the session key using the user private key of the instant message receiver to acquire the instant message.
9. The system of claim 8, wherein the instant message acquiring module further comprises an instant message receiving management unit for managing the received encrypted instant message; the instant message management module comprises an encrypted instant message display unit, an encrypted instant message query unit and an encrypted instant message error feedback unit;
the encrypted instant message display unit is used for receiving the identity icon identification of an instant message sender, the encryption level of the instant message, the sending time of the instant message and the processing mode of the instant message at the same time when receiving the instant message sent by a group or a plurality of instant message senders; the identity icon identification represents the identity of the instant message sender; the processing mode comprises viewable and decrypted storage, viewable and temporary storage, viewable and non-storable only and non-repeatable viewing after one-time viewing;
the encrypted instant message query unit is used for querying historical instant messages sent by a user side corresponding to the identity icon identification based on the identity icon identification and displaying query results according to a time sequence;
and the encrypted instant message error feedback unit is used for sending an error feedback message to the instant message server and resending the instant message sending request to the instant message sender when the received encrypted instant message cannot be checked.
10. The system of claim 5, wherein the instant message encryption module further comprises an instant message encryption template generating unit for generating an encryption template according to the security level of the instant message, the type of the instant message and the encryption policy;
the message encryption template generating unit comprises an encryption template data acquiring subunit, an encryption template testing subunit and an encryption template determining subunit;
the encryption template data subunit is used for acquiring the security level of the instant message, the type of the instant message and the encryption algorithm of the instant message based on the big data;
the encryption template testing subunit is used for establishing an encryption template data set matched with the instant message security level, the type of the instant message and the encryption algorithm of the instant message in three ways according to a preset matching rule; testing and evaluating an encryption template according to a preset instant message transmission safety evaluation index; the safety evaluation indexes comprise encryption complexity, data integrity and data transmission speed;
and the encryption template determining subunit is used for obtaining the optimal encryption template data according to the test evaluation result and using the optimal encryption template data as the instant message encryption template.
CN202210655165.7A 2022-06-10 2022-06-10 Instant message encryption system based on commercial cryptographic algorithm in medical field Active CN115001713B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210655165.7A CN115001713B (en) 2022-06-10 2022-06-10 Instant message encryption system based on commercial cryptographic algorithm in medical field

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210655165.7A CN115001713B (en) 2022-06-10 2022-06-10 Instant message encryption system based on commercial cryptographic algorithm in medical field

Publications (2)

Publication Number Publication Date
CN115001713A true CN115001713A (en) 2022-09-02
CN115001713B CN115001713B (en) 2023-08-25

Family

ID=83033262

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210655165.7A Active CN115001713B (en) 2022-06-10 2022-06-10 Instant message encryption system based on commercial cryptographic algorithm in medical field

Country Status (1)

Country Link
CN (1) CN115001713B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150341174A1 (en) * 2014-05-25 2015-11-26 Fujitsu Limited Relational Encryption
US20150350251A1 (en) * 2014-06-02 2015-12-03 Blackberry Limited System and method for assigning security levels for instant messaging contacts across device partitions
CN105812251A (en) * 2016-05-25 2016-07-27 天津光电安辰信息技术有限公司 Instant messaging encryption system based on domestic commercial cryptography algorithms and implementation method of instant messaging encryption system based on domestic commercial cryptography algorithms
CN106027530A (en) * 2016-05-25 2016-10-12 天津光电安辰信息技术有限公司 Instant message encryption system based on smartphone and implementation method thereof
US20170118026A1 (en) * 2014-05-28 2017-04-27 Datang Mobile Communications Equipment Co., Ltd. Encrypted communication method and apparatus
CN114006736A (en) * 2021-10-22 2022-02-01 中易通科技股份有限公司 Instant communication message protection system and method based on hardware password equipment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150341174A1 (en) * 2014-05-25 2015-11-26 Fujitsu Limited Relational Encryption
US20170118026A1 (en) * 2014-05-28 2017-04-27 Datang Mobile Communications Equipment Co., Ltd. Encrypted communication method and apparatus
US20150350251A1 (en) * 2014-06-02 2015-12-03 Blackberry Limited System and method for assigning security levels for instant messaging contacts across device partitions
CN105812251A (en) * 2016-05-25 2016-07-27 天津光电安辰信息技术有限公司 Instant messaging encryption system based on domestic commercial cryptography algorithms and implementation method of instant messaging encryption system based on domestic commercial cryptography algorithms
CN106027530A (en) * 2016-05-25 2016-10-12 天津光电安辰信息技术有限公司 Instant message encryption system based on smartphone and implementation method thereof
CN114006736A (en) * 2021-10-22 2022-02-01 中易通科技股份有限公司 Instant communication message protection system and method based on hardware password equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
奚宇航;黄一平;苏检德;王淑沛;: "基于国密算法的即时通信加密软件系统的设计与实现", 计算机应用与软件, no. 06, pages 309 - 314 *

Also Published As

Publication number Publication date
CN115001713B (en) 2023-08-25

Similar Documents

Publication Publication Date Title
US10595201B2 (en) Secure short message service (SMS) communications
CN1565117B (en) Data certification method and apparatus
US8499156B2 (en) Method for implementing encryption and transmission of information and system thereof
CN110535868A (en) Data transmission method and system based on Hybrid Encryption algorithm
CN107454079A (en) Lightweight device authentication and shared key machinery of consultation based on platform of internet of things
US11870891B2 (en) Certificateless public key encryption using pairings
CN101466079A (en) Method, system and WAPI terminal for transmitting e-mail
KR101706117B1 (en) Apparatus and method for other portable terminal authentication in portable terminal
CN101340436A (en) Method and apparatus implementing remote access control based on portable memory apparatus
CN113346995B (en) Method and system for preventing falsification in mail transmission process based on quantum security key
CN103118363A (en) Method, system, terminal device and platform device of secret information transmission
CN111914291A (en) Message processing method, device, equipment and storage medium
CN105281910A (en) Internet of things lock with CA digital certificate serving as network access identity identifier and network access identity identification method
EP1079565A2 (en) Method of securely establishing a secure communication link via an unsecured communication network
US20020018570A1 (en) System and method for secure comparison of a common secret of communicating devices
CN111583482A (en) Access control system based on two-dimensional code and control method thereof
CN108401494B (en) Method and system for transmitting data
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
CN107104888B (en) Safe instant messaging method
US11431514B1 (en) Systems for determining authenticated transmissions of encrypted payloads
US20220038267A1 (en) Methods and devices for secured identity-based encryption systems with two trusted centers
CN111770081A (en) Role authentication-based big data confidential file access method
CN115001713B (en) Instant message encryption system based on commercial cryptographic algorithm in medical field
JPH1079732A (en) Network security system and method therefor
CN108352990B (en) Method and system for transmitting data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20221118

Address after: 518000 Room 601, East Tower, Nanshan Software Park, No. 10128, Shennan Avenue, Yuehai street, Nanshan District, Shenzhen, Guangdong Province

Applicant after: Shenzhen Dr. Ma Network Technology Co.,Ltd.

Address before: 518000 No. 3039 Baoan North Road, Luohu District, Shenzhen, Guangdong.

Applicant before: Wang Shuang

GR01 Patent grant
GR01 Patent grant