CN115865495A - Data transmission control method and device, electronic equipment and readable storage medium - Google Patents
Data transmission control method and device, electronic equipment and readable storage medium Download PDFInfo
- Publication number
- CN115865495A CN115865495A CN202211527443.7A CN202211527443A CN115865495A CN 115865495 A CN115865495 A CN 115865495A CN 202211527443 A CN202211527443 A CN 202211527443A CN 115865495 A CN115865495 A CN 115865495A
- Authority
- CN
- China
- Prior art keywords
- data
- public key
- target data
- target
- decrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 230000005540 biological transmission Effects 0.000 title claims abstract description 48
- 238000013523 data management Methods 0.000 claims abstract description 56
- 238000012795 verification Methods 0.000 claims description 33
- 238000007726 management method Methods 0.000 description 9
- 238000012545 processing Methods 0.000 description 9
- 238000001514 detection method Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 8
- 230000006870 function Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000003993 interaction Effects 0.000 description 5
- 238000013475 authorization Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 235000019800 disodium phosphate Nutrition 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The disclosure provides a data transmission control method, a data transmission control device, an electronic device and a readable storage medium. The data transmission control method is applied to a data management server, and comprises the following steps: sending the first public key to the first data system, wherein a first private key matched with the first public key is stored in the data management server; receiving target data sent by a first data system, wherein the target data is encrypted by the first data system through a first public key; decrypting the target data by a first private key matched with the first public key; encrypting the decrypted target data through a second public key, wherein the second public key is received from a second data system; and sending the target data encrypted by the second public key to the second data system.
Description
Technical Field
The embodiment of the disclosure relates to the technical field of computers, and in particular relates to a data transmission control method and device, an electronic device and a readable storage medium.
Background
With the development of information technology, information management of data is a trend, and in order to realize interaction and utilization of data, various data generally need to be transmitted in different data systems, and data may include many important or private information, so that security and privacy in the data transmission process need to be improved.
Disclosure of Invention
The embodiment of the disclosure provides a data transmission control method and device, a data management server, electronic equipment and a readable storage medium.
To solve the above problem, the present disclosure is implemented as follows:
in a first aspect, an embodiment of the present disclosure provides a data transmission control method, which is applied to a data management server, and the method includes the following steps:
sending the first public key to the first data system, wherein a first private key matched with the first public key is stored in the data management server;
receiving target data sent by a first data system, wherein the target data is encrypted by the first data system through a first public key;
decrypting the target data by a first private key matching the first public key;
encrypting the decrypted target data through a second public key, wherein the second public key is received from a second data system;
and sending the target data encrypted by the second public key to the second data system.
In some embodiments, before encrypting the decrypted target data by the second public key, the method further includes:
digitally signing the target data in a decrypted state by using the first private key;
the encrypting the decrypted target data by a second public key includes:
and encrypting the target data subjected to digital signature by a second public key.
In some embodiments, before the digitally signing the target data in the decrypted state with the first private key, the method further comprises:
confirming whether a first public key is stored in the second data system;
executing a step of digitally signing the target data in a decrypted state with the first private key under a condition that a first public key is stored in the second data system;
and under the condition that the first public key is not stored in the second data system, encrypting the decrypted target data which is not subjected to digital signature by using a second public key.
In some embodiments, the digitally signing the target data in a decrypted state with the first private key comprises:
generating a hash value of the target data through a hash algorithm;
adding a timestamp and a random character string in the hash value, and encrypting by using the first private key to obtain a digital signature; the encrypting the decrypted target data by a second public key includes:
encrypting the digital signature using the second public key.
In some embodiments, before encrypting the decrypted target data by the second public key, the method further includes:
verifying verification information of a first data system corresponding to the target data, wherein the verification information comprises at least one of an IP address and hardware information;
and under the condition that the verification information passes the verification, executing a step of encrypting the decrypted target data through a second public key.
In some embodiments, the verifying the verification information of the first data system corresponding to the target data includes:
acquiring a corresponding relation between the IP address and the hardware information;
extracting target hardware information contained in the target data decrypted by the first private key;
checking whether a target IP address of a first data system sending the target data and the target hardware information meet the corresponding relation;
and confirming that the verification information passes verification under the condition of meeting the corresponding relation.
In a second aspect, an embodiment of the present disclosure provides a data transmission control apparatus, applied to a data management server, including:
a first public key sending module, configured to send the first public key to the first data system, where a first private key matched with the first public key is stored in the data management server;
the target data receiving module is used for receiving target data sent by a first data system, wherein the target data is encrypted by the first data system through a first public key;
the decryption module is used for decrypting the target data through a first private key matched with the first public key;
the encryption module is used for encrypting the decrypted target data through a second public key, wherein the second public key is received from a second data system;
and the data sending module is used for sending the target data encrypted by the second public key to the second data system.
In some of these embodiments, further comprising:
the digital signature module is used for digitally signing the target data in a decrypted state by utilizing the first private key;
the encryption module is specifically configured to encrypt the target data subjected to the digital signature by using a second public key.
In a third aspect, an embodiment of the present disclosure provides an electronic device, including: a memory, a processor, and a program stored on the memory and executable on the processor; the processor is used for reading the program in the memory to realize the steps in the data transmission control method.
In a fourth aspect, the disclosed embodiments provide a readable storage medium for storing a program, which when executed by a processor implements the steps in the data transmission control method as described in any one of the above.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings needed to be used in the description of the embodiments of the present disclosure will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic flow chart of a data transmission control method provided in an embodiment of the present disclosure;
fig. 2 is an architecture diagram of a data transmission control system provided by an embodiment of the present disclosure;
fig. 3 is a block diagram of a key pair management module provided by an embodiment of the present disclosure;
FIG. 4 is a block diagram of a data encryption module provided by an embodiment of the present disclosure;
fig. 5 is another schematic flow chart of a data transmission control method according to an embodiment of the disclosure
Fig. 6 is a schematic structural diagram of a data transmission control device according to an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of an electronic device provided in the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are some, but not all embodiments of the present disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
The terms "first," "second," and the like in the embodiments of the present disclosure are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Further, as used herein, "and/or" means at least one of the connected objects, e.g., a and/or B and/or C, means 7 cases including a alone, B alone, C alone, and both a and B present, B and C present, a and C present, and a, B, and C present.
The embodiment of the disclosure provides a data transmission control method.
As shown in fig. 1, the method is applied to a data management server in a data transmission control system.
As shown in fig. 2, in an exemplary embodiment, the data transmission control system includes a first data system, a data management server, and a second data system, each communicatively coupled to the data management server.
As shown in fig. 2, the data management server includes an adapter module for managing data interaction between the data management server and the first data system, a processor module, a controller module, and a repeater module for managing data interaction between the data management server and the second data system. The controller module is used for controlling the working processes of the adapter module, the processor module and the repeater module.
Referring to fig. 2 to 4, the processor module includes a data encryption module and a key pair management module, where the adapter module, the processor module, the controller module, and the repeater module are configured to perform encryption and decryption control on data, and the key pair management module is configured to implement a first key management function, a second key management function, an address information management function, and a data interface function, where the key pair management module performs data transmission based on a data interface. The data encryption module is used for generating a first secret key and encrypting data, and the data encryption module also comprises a data interface for data transmission.
As shown in fig. 1 and 5, in one embodiment, the method comprises the steps of:
step 101: and sending the first public key to the first data system, wherein a first private key matched with the first public key is stored in the data management server.
In some embodiments, the data management server generates a first public key and a first private key that match each other, and then sends the first public key to the first data system.
Specifically, in this embodiment, the data management server first generates a first secret key, where the first secret key includes a first public key and a first private key that are matched with each other, and it can be understood that when the first public key is used to encrypt data, the first private key is required to be used to decrypt the data.
When each data system accesses the data management server, the data management server sends the first public key to each data system, which may be, for example, the first data system and the second data system.
It is understood that, in implementation, the data system may be sent only for the data system with the data sending requirement, where the data system with the data sending requirement refers to the data system that needs to send data to other data systems through the data management platform. For data systems that only need to accept data, but do not need to send data, the first public key may not be obtained.
In other embodiments, it is necessary to send the first public key to all data systems accessing the data management server, and further perform secondary encryption and decryption on the transmitted data, so as to further improve the security of data transmission.
Taking the first data system as an exemplary illustration, when the first data system needs to send the target data to the data management server, the first data system sends the target data encrypted by the first public key to the data management server, that is, the first data system first encrypts the target data by the first public key and then sends the target data encrypted by the first public key to the data management server.
Step 102: receiving target data sent by a first data system, wherein the target data is encrypted by the first data system through a first public key. The data management server in this embodiment may be understood as providing a data management interface or a data transmission platform for data transmission, and it should be understood that, in order to implement different services, different data systems generally need to be provided, and in order to implement service communication, different data systems need to perform data interaction.
For example, each company can manage data information of employees through its own company data system, when a physical examination needs to be arranged for the employees, the data information of the employees can be exported from the company data system and then sent to a physical examination data system of a physical examination organization so as to establish a physical examination plan and perform health management on the employees, and in the process, data needs to be transmitted from the company data system to the physical examination data system through a data management interface.
To reduce administrative costs, the data management interface may service data interactions between multiple different data systems.
In one embodiment, the target data may include one or more of the following information: the system comprises an access authorization code, an application id (Number), a service system id, a user information object, a user main key, an identity card, a mobile phone Number, a resident name, an index data set, an organization id, an index id, a batch id, detection time, a detection result, an extension field, a device information object, a device SN (Serial Number) code, a device name, a commodity type id, a device model, an index definition Map set, an index id, an index unit, an index code and an index name.
In the above information, the access authorization code is used to implement access authorization verification, and the application id and the service system id are used to indicate the specific service used by the user. User information objects, user main keys, identity cards, mobile phone numbers, resident names and the like are used for representing identity information, contact ways and the like of users, and related data need to be collected and transmitted under the conditions that authorization of the users is obtained and various regulations and privacy restrictions are met. The mechanism id, the index id, the batch id, the detection time, the detection result, the equipment information object, the equipment SN code, the equipment name, the commodity type id and the equipment model represent relevant information such as items to be detected, the detection result and the equipment used for detection. The extension field user stores extension information, which may be, for example, an identification code or the like available to a plurality of persons for one device. The index definition Map set, the index id, the index unit, the index code and the index name are used for representing information related to the detection index.
Step 103: and decrypting the target data through a first private key matched with the first public key.
The data management server stores the first private key corresponding to the first public key, so that after the data management server receives the target data encrypted by the first public key, the data management server can decrypt the target data sent by the first data system through the first private key.
In some of these embodiments, the method further comprises:
checking information of a first data system corresponding to the target number, wherein the checking information comprises at least one of IP address and hardware information;
and under the condition that the verification information passes the verification, executing a step of encrypting the decrypted target data through a second public key.
In some embodiments, to further improve the security of data transmission, security verification may also be performed on the target data before or after decryption of the target data.
In an exemplary embodiment, an IP (Internet Protocol) address white list may be established, when target data is decrypted, the IP address of the first data system is checked, if the IP address of the first data system is an IP address in the IP address white list, it is considered that verification is passed, transmission of the target data is allowed, and if the IP address is not verified, transmission of the target data is prohibited, so that an unauthorized data system can be directly prevented from sending data, and security is improved.
In some embodiments, cross-checking may also be performed according to the above information and the IP address included in the target data.
In some embodiments, verifying the verification information of the first data system corresponding to the target data includes:
acquiring a corresponding relation between the IP address and the hardware information;
extracting target hardware information contained in the target data decrypted by the first private key;
checking whether a target IP address of a first data system sending the target data and the target hardware information meet the corresponding relation;
and confirming that the verification information passes the verification under the condition of meeting the corresponding relation.
In an exemplary embodiment, an IP address and hardware information of each data system that may be the first data system may be collected first, and the hardware information may be hardware information such as an SN code and a physical address of the device, and after the IP address and the hardware information are collected, a corresponding relationship is established.
When the method is implemented, the IP address corresponding to the target information is verified, meanwhile, whether the corresponding relation between the SN code of the equipment and the IP address meets the pre-collected and stored corresponding relation is verified, if yes, the SN code of the equipment is considered to pass the verification, and if not, the SN code of the equipment is considered to be possibly tampered.
In other embodiments, the target data may be checked in different manners, such as a physical address, a hardware address, and a data hash value (hash), so as to improve security of data transmission.
By adding the verification process, the legality of data system access can be ensured, and the possibility that secret key leakage endangers information safety is reduced.
In some embodiments, the method further comprises:
and digitally signing the target data in a decrypted state by using the first private key.
Correspondingly, encrypting the decrypted target data by a second public key includes:
and encrypting the target data subjected to digital signature by a second public key.
In some of these embodiments, the target data is twice encrypted by a digital signature.
In some embodiments, when the secondary encryption and decryption are required, the target data is digitally signed by the first private key, and the secondary encryption data is attached to the target data in a decrypted state.
In some embodiments, the step of digitally signing comprises:
generating a hash value of the target data through a hash algorithm;
adding a timestamp and a random character string into the hash value, and encrypting by using the first private key to obtain a digital signature; the encrypting the decrypted target data by a second public key includes:
encrypting the digital signature using the second public key.
Here, the digital signature includes a timestamp and may also include an encryption field, which may include, for example, a random string or the like. When the method is implemented, a hash value of the target data is generated through a hash algorithm, and then a timestamp and a random character string are added to the hash value to complete the digital signature of the target data.
It is understood that the second encryption includes the encryption of the digital signature of the first private key and the second public key, and correspondingly, the decryption process of the target data also includes the decryption of the second private key and the decryption of the first public key.
Step 104: and encrypting the decrypted target data through a second public key, wherein the second public key is received from a second data system.
Next, the digitally signed target data is encrypted with the second public key.
In some embodiments, prior to step 104, the method further comprises:
and receiving a second public key sent by the second data system.
In this embodiment, the second public keys correspond to the second data systems, specifically, each of the second public keys uniquely corresponds to one of the second data systems, and each of the second data systems may correspond to one or more sets of keys, where each set of keys includes a public key and a key that match each other.
In one exemplary embodiment, the second data system first generates a set of second keys that include a second public key and a second private key.
And when the second data system accesses the data management server, sending the second public key to the data management server. And when the data management server needs to send data to the second data system, encrypting the target data by using the second public key.
It should be understood that, in the above process, if the first public key is not stored in the second data system, the data management server does not need to digitally sign the target data in the decrypted state before sending the target data to the second data system.
In some embodiments, before step 104, the method further comprises:
digitally signing the target data in a decrypted state by using the first private key;
the encrypting the decrypted target data by a second public key includes:
and encrypting the target data subjected to digital signature by a second public key.
If the second data system stores the first public key, the data management server may refer to the above steps to perform digital signature on the target data in the decrypted state before sending the target data to the second data system, so as to further improve security.
In the case where the target data is digitally signed by the first public key, step 104 includes:
and encrypting the target data and the data information by using the second public key.
In some embodiments, before the digitally signing the target data in the decrypted state with the first private key, the method further comprises:
confirming whether a first public key is stored in the second data system;
executing a step of digitally signing the target data in a decrypted state with the first private key under a condition that a first public key is stored in the second data system;
and under the condition that the first public key is not stored in the second data system, encrypting the decrypted target data which is not subjected to digital signature by using a second public key.
In this embodiment, it may be detected whether the first public key is stored in the second data system, and in implementation, it may be detected whether a sending record of the first public key is sent to the second data system, or query information may be sent to the second data system, and then it is determined whether the first public key is stored in the second data system according to a reply result of the second data system.
If the first public key exists in the second data system, the step of digitally signing is performed with reference to the above procedure.
If the first public key does not exist in the second data system, the target data may be encrypted only once, and specifically, for the target data in a decrypted state, the target data may be encrypted only by the second public key and then sent to the second data system.
In some other embodiments, the first public key may be sent to the second data system first, and then the target data is encrypted twice with reference to the above process, so as to ensure the security of data transmission.
Step 105: and sending the target data encrypted by the second public key to the second data system.
And after the target data is encrypted through the second public key, sending the encrypted target data to the second data system.
After receiving the target data, the second data system decrypts the target data by using the second private key, and further needs to perform de-signing on the target data by using the first public key under the condition that the target data is digitally signed by using the first private key, so that the target data to be transmitted is obtained.
It is to be understood that the number of data systems may be multiple, and each data system may also have access to multiple data management platforms. In this embodiment, since the target data is encrypted by the second public key provided by the second data system, even if the target data is erroneously transmitted to another data system, the other data system cannot decrypt and sign the target data, so as to ensure the uniqueness of the path confirmation of the target data, that is, the second data system can uniquely confirm the corresponding data management server by using the first public key, and at the same time, ensure the uniqueness of the path decryption, sign-off and reading of the data, and ensure that the target data cannot be read by the other data system.
The embodiment of the present disclosure also provides a data management server, which is configured to execute the steps of the above data transmission control method embodiment and can achieve similar or identical technical effects.
The embodiment of the present disclosure further provides a data transmission control method applied to a data transmission control system, where the data transmission control system includes a first data system, a data management server, and a second data system, and both the first data system and the second data system are in communication connection with the data management server, and the method includes the following steps:
the data management server generates a first public key and a first private key which are matched with each other;
the data management server sends the first public key to the first data system and the second data system;
the first data system sends target data encrypted by the first public key to the data management server;
the data management server decrypts the target data through the first private key;
the data management server digitally signs the decrypted target data through the first private key;
the second data system generates a second public key and a second private key;
the second data system sends the second public key to the data management server;
the data management server encrypts the digitally signed target data through a second public key;
the data management server sends the target data signed by the second public key to the second data system;
the second data system decrypts the target data through a second private key;
and the second book system signs off the decrypted target data through the second private key.
For each step of the data transmission control method of this embodiment, reference may be made to the data transmission method embodiment described above, and details are not described here again.
The embodiment of the present disclosure further provides a data transmission control system, where the data transmission control system includes a first data system, a data management server, and a second data system, and both the first data system and the second data system are in communication connection with the data management server; the data transmission control system of the present embodiment is configured to execute the respective steps of the data transmission control method described above.
The embodiment of the disclosure also provides a data transmission control device, which is applied to the data management server.
As shown in fig. 6, in one embodiment, the data transmission control device 600 includes:
a first public key sending module 601, configured to send the first public key to the first data system, where a first private key matched with the first public key is stored in the data management server;
a target data receiving module 602, configured to receive target data sent by a first data system, where the target data is encrypted by the first data system through a first public key;
a decryption module 603, configured to decrypt the target data through a first private key matching the first public key;
an encrypting module 604, configured to encrypt the decrypted target data with a second public key, where the second public key is received from a second data system;
a data sending module 605, configured to send the target data encrypted by the second public key to the second data system.
In some of these embodiments, further comprising:
the digital signature module is used for digitally signing the target data in a decrypted state by utilizing the first private key;
the encryption module 604 is specifically configured to encrypt the target data that is digitally signed by a second public key.
In some of these embodiments, further comprising:
the first public key detection module is used for confirming whether a first public key is stored in the second data system;
the digital signature module is configured to perform a step of digitally signing the target data in a decrypted state by using the first private key under the condition that the first public key is stored in the second data system;
and under the condition that the first public key is not stored in the second data system, encrypting the decrypted target data which is not subjected to digital signature by using a second public key.
In some of these embodiments, the digital signature module. The method comprises the following steps:
the hash value operator module is used for generating a hash value of the target data through a hash algorithm;
the adding submodule is used for adding a timestamp and a random character string in the hash value;
the encryption module 604 is specifically configured to encrypt the hash value added with the timestamp and the random character string by using a first private key to obtain a digital signature; and encrypting the digital signature using the second public key.
In some of these embodiments, further comprising:
the verification module is used for verifying verification information of a first data system corresponding to the target data, and the verification information comprises at least one of an IP address and hardware information;
the encrypting module 604 is configured to perform a step of encrypting the decrypted target data by using a second public key when the verification information passes the verification.
In some of these embodiments, the verification module comprises:
the corresponding relation obtaining submodule is used for obtaining the corresponding relation between the IP address and the hardware information;
the extraction submodule is used for extracting target hardware information contained in the target data decrypted by the first private key;
the verification submodule is used for verifying whether the corresponding relation between the target IP address of the first data system for sending the target data and the target hardware information is met;
and the confirming submodule is used for confirming that the verification information passes the verification under the condition of meeting the corresponding relation.
The data transmission control apparatus 600 of this embodiment can implement the steps of the data transmission control method embodiment, and can implement substantially the same technical effects, which are not described herein again.
The embodiment of the disclosure also provides an electronic device. Referring to fig. 7, an electronic device may include a processor 701, a memory 702, and a program 7021 stored on the memory 702 and executable on the processor 701.
When the program 7021 is executed by the processor 701, any steps in the foregoing method embodiments may be implemented to achieve the same beneficial effects, which are not described in detail herein.
Those skilled in the art will appreciate that all or part of the steps of the method according to the above embodiments may be implemented by hardware associated with program instructions, and the program may be stored in a readable medium.
The embodiments of the present disclosure also provide a readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, any step in the foregoing method embodiments may be implemented, and the same technical effect may be achieved, and in order to avoid repetition, details are not repeated here.
The storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.
It should be noted that the above division of each module is only a division of a logic function, and the actual implementation may be wholly or partially integrated into one physical entity, or may be physically separated. And these modules can be realized in the form of software called by processing element; or may be implemented entirely in hardware; and part of the modules can be realized in the form of calling software by the processing element, and part of the modules can be realized in the form of hardware. For example, the determining module may be a processing element separately set up, or may be implemented by being integrated in a chip of the apparatus, or may be stored in a memory of the apparatus in the form of program code, and the function of the determining module is called and executed by a processing element of the apparatus. Other modules are implemented similarly. In addition, all or part of the modules can be integrated together or can be independently realized. The processing element described herein may be an integrated circuit having signal processing capabilities. In implementation, each step of the above method or each module above may be implemented by an integrated logic circuit of hardware in a processor element or an instruction in the form of software.
For example, the various modules, units, sub-units or sub-modules may be one or more integrated circuits configured to implement the above methods, such as: one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs), etc. For another example, when some of the above modules are implemented in the form of a Processing element scheduler code, the Processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor that can invoke the program code. As another example, these modules may be integrated together, implemented in the form of a system-on-a-chip (SOC).
While the foregoing is directed to the preferred embodiment of the present disclosure, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the principles of the disclosure, and it is intended that such changes and modifications be considered as within the scope of the disclosure.
Claims (10)
1. A data transmission control method is applied to a data management server, and comprises the following steps:
sending the first public key to the first data system, wherein a first private key matched with the first public key is stored in the data management server;
receiving target data sent by a first data system, wherein the target data is encrypted by the first data system through a first public key;
decrypting the target data by a first private key matching the first public key;
encrypting the decrypted target data through a second public key, wherein the second public key is received from a second data system;
and sending the target data encrypted by the second public key to the second data system.
2. The method of claim 1, wherein before the encrypting the decrypted target data by the second public key, the method further comprises:
digitally signing the target data in a decrypted state by using the first private key;
the encrypting the decrypted target data by a second public key includes:
and encrypting the target data subjected to digital signature by a second public key.
3. The method of claim 2, wherein prior to said digitally signing said target data in a decrypted state with said first private key, said method further comprises:
confirming whether a first public key is stored in the second data system;
executing a step of digitally signing the target data in a decrypted state with the first private key under a condition that a first public key is stored in the second data system;
and under the condition that the first public key is not stored in the second data system, encrypting the decrypted target data which is not subjected to digital signature by using a second public key.
4. The method of claim 1, wherein said digitally signing the target data in a decrypted state with the first private key comprises:
generating a hash value of the target data through a hash algorithm;
adding a timestamp and a random character string in the hash value, and encrypting by using the first private key to obtain a digital signature; the encrypting the decrypted target data by a second public key includes:
encrypting the digital signature using the second public key.
5. The method of any one of claims 1 to 4, wherein prior to said encrypting the decrypted target data with the second public key, the method further comprises:
verifying verification information of a first data system corresponding to the target data, wherein the verification information comprises at least one of an IP address and hardware information;
and under the condition that the verification information passes the verification, executing a step of encrypting the decrypted target data through a second public key.
6. The method of claim 5, wherein the verifying the verification information of the first data system corresponding to the target data comprises:
acquiring a corresponding relation between the IP address and the hardware information;
extracting target hardware information contained in the target data decrypted by a first private key;
checking whether a target IP address of a first data system sending the target data and the target hardware information meet the corresponding relation;
and confirming that the verification information passes verification under the condition of meeting the corresponding relation.
7. A data transmission control apparatus applied to a data management server, the data transmission control apparatus comprising:
a first public key sending module, configured to send the first public key to the first data system, where a first private key matched with the first public key is stored in the data management server;
the target data receiving module is used for receiving target data sent by a first data system, wherein the target data is encrypted by the first data system through a first public key;
the decryption module is used for decrypting the target data through a first private key matched with the first public key;
the encryption module is used for encrypting the decrypted target data through a second public key, wherein the second public key is received from a second data system;
and the data sending module is used for sending the target data encrypted by the second public key to the second data system.
8. The apparatus of claim 7, further comprising:
the digital signature module is used for digitally signing the target data in a decrypted state by utilizing the first private key;
the encryption module is specifically configured to encrypt the digitally signed target data by using a second public key.
9. An electronic device, comprising: a memory, a processor, and a program stored on the memory and executable on the processor; the processor is configured to read a program in the memory to implement the steps of the data transmission control method according to any one of claims 1 to 6.
10. A readable storage medium storing a program which when executed by a processor implements the steps in the data transmission control method according to any one of claims 1 to 6.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211527443.7A CN115865495A (en) | 2022-11-30 | 2022-11-30 | Data transmission control method and device, electronic equipment and readable storage medium |
| PCT/CN2023/122569 WO2024114095A1 (en) | 2022-11-30 | 2023-09-28 | Data transmission control method and apparatus, electronic device, and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211527443.7A CN115865495A (en) | 2022-11-30 | 2022-11-30 | Data transmission control method and device, electronic equipment and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115865495A true CN115865495A (en) | 2023-03-28 |
Family
ID=85668715
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211527443.7A Pending CN115865495A (en) | 2022-11-30 | 2022-11-30 | Data transmission control method and device, electronic equipment and readable storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN115865495A (en) |
| WO (1) | WO2024114095A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024114095A1 (en) * | 2022-11-30 | 2024-06-06 | 京东方科技集团股份有限公司 | Data transmission control method and apparatus, electronic device, and readable storage medium |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101262791B1 (en) * | 2010-04-21 | 2013-05-09 | (주)메이즈텍 | Encryption control system |
| CN104468627B (en) * | 2014-12-30 | 2018-09-04 | 成都三零瑞通移动通信有限公司 | A kind of data ciphering method and system carrying out terminal data backup by server |
| CN105656624A (en) * | 2016-02-29 | 2016-06-08 | 浪潮(北京)电子信息产业有限公司 | Client side, server and data transmission method and system |
| CN113472722A (en) * | 2020-03-31 | 2021-10-01 | 比亚迪股份有限公司 | Data transmission method, storage medium, electronic device and automatic ticket selling and checking system |
| CN115865495A (en) * | 2022-11-30 | 2023-03-28 | 京东方科技集团股份有限公司 | Data transmission control method and device, electronic equipment and readable storage medium |
-
2022
- 2022-11-30 CN CN202211527443.7A patent/CN115865495A/en active Pending
-
2023
- 2023-09-28 WO PCT/CN2023/122569 patent/WO2024114095A1/en unknown
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024114095A1 (en) * | 2022-11-30 | 2024-06-06 | 京东方科技集团股份有限公司 | Data transmission control method and apparatus, electronic device, and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2024114095A1 (en) | 2024-06-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2434352C2 (en) | Reliable authentication method and device | |
| JP4866863B2 (en) | Security code generation method and user device | |
| EP3639502A1 (en) | Securitization of temporal digital communications with authentication and validation of user and access devices | |
| CN110990827A (en) | Identity information verification method, server and storage medium | |
| JP2019519827A (en) | Two-channel authentication agent system and method capable of detecting false alteration of application | |
| EP2690840B1 (en) | Internet based security information interaction apparatus and method | |
| CN104160652A (en) | Method and system for distributed off-line logon using one-time passwords | |
| CN107181714A (en) | Verification method and device, the generation method of service code and device based on service code | |
| US20140172741A1 (en) | Method and system for security information interaction based on internet | |
| CN107690791A (en) | Method for making the certification safety in electronic communication | |
| CN104636680A (en) | Verification of authenticity of a maintenance means and provision and obtainment of a license key for use therein | |
| CN111161056A (en) | Method, system and equipment for improving transaction security of digital assets | |
| JP4696449B2 (en) | Encryption apparatus and method | |
| CN110650021A (en) | Authentication terminal network real-name authentication method and system | |
| CN110266653B (en) | Authentication method, system and terminal equipment | |
| WO2024114095A1 (en) | Data transmission control method and apparatus, electronic device, and readable storage medium | |
| CN108449322A (en) | Identity registration, authentication method, system and relevant device | |
| Otterbein et al. | The German eID as an authentication token on android devices | |
| CN105072136B (en) | A kind of equipment room safety certifying method and system based on virtual drive | |
| CN105743883B (en) | A kind of the identity attribute acquisition methods and device of network application | |
| CN111783070B (en) | File information acquisition method, device, equipment and storage medium based on block chain | |
| CN103514540A (en) | USBKEY business realization method and system | |
| CN114584347A (en) | Verification short message receiving and sending method, server, terminal and storage medium | |
| Chen et al. | A trusted biometric system | |
| CN112182628B (en) | Privacy information security access method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |