CN115913626A - Data cross-border transmission method based on state cryptographic algorithm and storage medium - Google Patents

Data cross-border transmission method based on state cryptographic algorithm and storage medium Download PDF

Info

Publication number
CN115913626A
CN115913626A CN202211208485.4A CN202211208485A CN115913626A CN 115913626 A CN115913626 A CN 115913626A CN 202211208485 A CN202211208485 A CN 202211208485A CN 115913626 A CN115913626 A CN 115913626A
Authority
CN
China
Prior art keywords
data
packet
acquisition
node
overseas
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211208485.4A
Other languages
Chinese (zh)
Inventor
池毓成
罗建新
林学城
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Zefu Software Co ltd
Original Assignee
Fujian Zefu Software Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Zefu Software Co ltd filed Critical Fujian Zefu Software Co ltd
Priority to CN202211208485.4A priority Critical patent/CN115913626A/en
Publication of CN115913626A publication Critical patent/CN115913626A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a data cross-border transmission method and a storage medium based on a cryptographic algorithm, wherein the method comprises the following steps: the internal data center sends the encrypted acquisition instruction to a corresponding overseas node; the overseas node decrypts the acquisition instruction and manages a local data acquisition task according to the decrypted acquisition instruction; and the overseas node encrypts the data packet acquired by the data acquisition task by using a digital envelope algorithm based on the SM2 and SM4 passwords to obtain a ciphertext packet, and sends the ciphertext packet to an domestic data center. The invention can dynamically control the type, the acquisition strategy and the acquisition frequency of the acquired data of the overseas nodes through the domestic data center, and adopts the national encryption algorithm to convert, encapsulate and encrypt the acquired data so as to ensure the safety of data transmission.

Description

Data cross-border transmission method based on state cryptographic algorithm and storage medium
Technical Field
The application relates to the field of data transmission, in particular to a data cross-border transmission method and a storage medium based on a cryptographic algorithm.
Background
A data transmission method in the prior art, for example, a patent application with application number CN202210177644.2, entitled data transmission method and data transmission system, discloses a method capable of effectively detecting data transmission efficiency in different time periods, which includes: s1, acquiring data to be transmitted, and calculating the amount of the transmitted data; s2, encrypting the data and then transmitting the data; s3, monitoring the data transmission time, and extracting the transmission time period; s4, calculating the data transmission efficiency according to the data volume and the data transmission time; and S5, marking the corresponding time period on the calculated data transmission efficiency, and storing. For another example, the patent application No. CN202210218247.5, entitled a network data intelligent distribution service system, specifically includes: the device comprises a data acquisition module, a data analysis module, a data storage module, a connection input module, an instruction analysis module, a data distribution module and a data display module; the connection input module is connected with the user terminal and is connected with the instruction analysis module, the other end of the instruction analysis module is connected with the data storage module, the output end of the data storage module is connected with the data distribution module, the data distribution module and the data storage module are both connected with the data display module, the data storage module is also connected with the data analysis module, and the data analysis module is also connected with the data acquisition module. Data with problems are prevented from entering the data storage module through the data analysis module, the safety of internal data of the network data intelligent distribution service system is ensured, and the data storage module is enabled to store data in a distributed storage mode, so that the data retrieval efficiency is improved, and the data distribution speed is further improved.
However, the above-described prior art has the following problems: the patent application lacks a mechanism for dynamically managing the acquired data, cannot realize the remote control of the type and the frequency of the data to be acquired by a central end to an acquisition node, and also lacks the quality control of the network quality and the data delay returned overseas, so the method cannot be suitable for the data return returned overseas, particularly the data return of energy production. The second patent application lacks the special handling of the network during cross-border exchange, and does not specify the application of data encryption and data inclusion during data distribution, which is not beneficial to data protection of cross-border data transmission.
Therefore, a technical solution for performing dynamic management on the transmission process of cross-border data and performing effective protection during the transmission process is lacking in the prior art.
Disclosure of Invention
In view of the above problems, the present application provides a data cross-border transmission method and a storage medium based on a cryptographic algorithm, which can dynamically manage the data acquisition policy of the overseas nodes and ensure high security of data cross-border transmission.
In order to achieve the above object, the inventor provides a data cross-border transmission method based on a cryptographic algorithm, comprising:
the internal data center sends the encrypted acquisition instruction to a corresponding overseas node;
the overseas node decrypts the acquisition instruction and manages a local data acquisition task according to the decrypted acquisition instruction;
and the overseas node encrypts the data packet acquired by the data acquisition task by using a digital envelope algorithm based on the SM2 and SM4 to obtain a ciphertext packet, and sends the ciphertext packet to the domestic data center.
Different from the prior art, the technical scheme aims at the field of data cross-border transmission, and can flexibly and dynamically perform remote control on the data acquisition strategy of the overseas node by issuing the encrypted acquisition instruction through the domestic data center; meanwhile, the data needing cross-border transmission is encrypted by adopting a digital envelope algorithm based on the SM2 and SM4 secret keys, and the data can be effectively protected in the cross-border transmission process, so that a high-security data encryption and transmission mechanism is obtained.
In some embodiments, the encrypting, by the overseas node, the data packet collected by the data collection task using a digital envelope algorithm based on the national secrets SM2 and SM4 to obtain a ciphertext packet, and sending the ciphertext packet to the domestic data center includes:
the overseas node generates a random SM4 secret key;
encrypting the data packet acquired by the data acquisition task by using the SM4 secret key to obtain an encrypted data packet;
encrypting the SM4 secret key by using a preset node SM2 public key to obtain a secret key encryption package;
acquiring a ciphertext packet according to the encrypted data packet and the key encryption packet;
attaching a data packet head part comprising a data packet type, an overseas node ID, a data packet ID and a data packet length to the front of the ciphertext packet, attaching a data check value to the tail of the ciphertext packet, and packaging the ciphertext packet into reported data;
and sending the reported data to an domestic data center.
In some embodiments, the method further comprises:
the domestic data center unpacks the reported data, acquires a ciphertext packet according to the head of the data packet, and verifies the ciphertext packet according to the data check value at the tail end of the ciphertext packet;
if the verification is passed, the ciphertext packet is split to obtain an encrypted data packet and a key encryption packet;
acquiring a corresponding node SM2 private key according to the overseas node ID in the data packet header, and decrypting a key encryption packet by using the node SM2 private key to acquire a secret SM4 key;
and decrypting the encrypted data packet by using the SM4 secret key to obtain the data packet.
In some embodiments, the obtaining the data packet further comprises:
performing service analysis on the data packet according to the ID of the overseas node in the data packet header and the type of the data packet to acquire service data;
and storing the service data to a corresponding database or data center.
In some embodiments, the sending, by the domestic data center, the encrypted acquisition instruction to the corresponding overseas node includes:
defining a data acquisition strategy by the domestic data center;
the domestic data center packages and uses the SM2 encryption data acquisition strategy to form an acquisition instruction;
and the domestic data center sends the acquisition instruction to the corresponding overseas node.
In some embodiments, the overseas node decrypts the acquisition instruction and manages a local data acquisition task according to the decrypted acquisition instruction, including:
the overseas node decrypts and decapsulates the received acquisition instruction to acquire a data acquisition strategy therein;
and the overseas node manages a local data acquisition task according to the data acquisition strategy.
In some embodiments, the data collection policy includes an overseas node ID, a collection data type, metadata of the collection data, and a collection data posting frequency.
In some embodiments, the method further comprises:
the data acquisition task carries out database butt joint, interface adjustment and data acquisition according to the acquired data type defined in the data acquisition strategy;
and the data acquisition task performs data type conversion and packaging on the acquired data into a specific format according to metadata of the acquired data defined in the acquisition strategy.
In some embodiments, the acquisition instructions include adding a data acquisition policy, modifying a data acquisition policy, and deleting a data acquisition policy.
According to the above embodiment of the application, a high-security data encryption and transmission mechanism is provided by taking a national cryptographic algorithm as a core according to the characteristics of overseas data acquisition and transmission; meanwhile, the type, frequency and packaging mode of data acquired by the overseas nodes are remotely and dynamically regulated through flexible configuration of a data acquisition strategy, so that the method is better suitable for data loopback of various overseas energy enterprises; furthermore, the decoupling of data acquisition and actual service scenes is realized by adopting a general configuration data acquisition strategy, so that the method is better suitable for multi-scene data cross-environment acquisition and transmission and better supports the acquisition and transmission of complex data types.
The present application also provides a computer-readable storage medium having stored thereon a computer program which is distributed to a domestic data center and a plurality of foreign nodes for execution by a processor to implement a data cross-border transmission method based on a cryptographic algorithm according to any one of the embodiments of the present invention.
The above description of the present invention is only an overview of the technical solutions of the present application, and in order to make the technical solutions of the present application more clearly understood by those skilled in the art, the present invention may be further implemented according to the content described in the text and drawings of the present application, and in order to make the above objects, other objects, features, and advantages of the present application more easily understood, the following description is made in conjunction with the detailed description of the present application and the drawings.
Drawings
The drawings are only for purposes of illustrating the principles, implementations, applications, features, and effects of particular embodiments of the present application, as well as others related thereto, and are not to be construed as limiting the application.
In the drawings of the specification:
fig. 1 is a schematic flowchart illustrating a data cross-border transmission method based on a cryptographic algorithm according to an embodiment;
FIG. 2 is a schematic diagram of information interaction of a cross-border data transmission method based on a cryptographic algorithm according to an embodiment;
fig. 3 is a schematic flowchart illustrating a process of encrypting data by an overseas node in the data cross-border transmission method based on the cryptographic algorithm according to the third embodiment;
fig. 4 is a schematic flow chart illustrating data decryption performed by an internal data center in the data cross-border transmission method based on the cryptographic algorithm according to the third embodiment.
Detailed Description
In order to explain in detail possible application scenarios, technical principles, practical embodiments, and the like of the present application, the following detailed description is given with reference to the accompanying drawings in conjunction with the listed embodiments. The embodiments described herein are merely for more clearly illustrating the technical solutions of the present application, and therefore, the embodiments are only used as examples, and the scope of the present application is not limited thereby.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase "an embodiment" in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or related to other embodiments specifically defined. In principle, in the present application, the technical features mentioned in the embodiments can be combined in any manner to form a corresponding implementable technical solution as long as there is no technical contradiction or conflict.
Unless otherwise defined, technical terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the use of relational terms herein is intended only to describe particular embodiments and is not intended to limit the present application.
In the description of the present application, the term "and/or" is a expression for describing a logical relationship between objects, indicating that three relationships may exist, for example, a and/or B, indicating that: there are three cases of A, B, and both A and B. In addition, the character "/" herein generally indicates that the former and latter associated objects are in a logical relationship of "or".
In this application, terms such as "first" and "second" are used merely to distinguish one entity or operation from another entity or operation without necessarily requiring or implying any actual such relationship or order between such entities or operations.
Without further limitation, in this application, the use of the phrases "comprising," "including," "having," or other similar expressions, is intended to cover a non-exclusive inclusion, and these expressions do not exclude the presence of additional elements in a process, method, or article that includes the elements, such that a process, method, or article that includes a list of elements may include not only those elements defined, but other elements not expressly listed, or may include other elements inherent to such process, method, or article.
As is understood in the examination of the guidelines, the terms "greater than", "less than", "more than" and the like in this application are to be understood as excluding the number; the expressions "above", "below", "within" and the like are understood to include the present numbers. In addition, in the description of the embodiments of the present application, "a plurality" means two or more (including two), and expressions related to "a plurality" similar thereto are also understood, for example, "a plurality of groups", "a plurality of times", and the like, unless specifically defined otherwise.
In the description of the embodiments of the present application, spatially relative expressions such as "central," "longitudinal," "lateral," "length," "width," "thickness," "up," "down," "front," "back," "left," "right," "vertical," "horizontal," "vertical," "top," "bottom," "inner," "outer," "clockwise," "counterclockwise," "axial," "radial," "circumferential," and the like are used, and the indicated orientations or positional relationships are based on the orientations or positional relationships shown in the specific embodiments or drawings and are only for convenience of describing the specific embodiments of the present application or for the convenience of the reader, and do not indicate or imply that the device or component in question must have a specific position, a specific orientation, or be constructed or operated in a specific orientation and therefore should not be construed as limiting the embodiments of the present application.
Unless specifically stated or limited otherwise, the terms "mounted," "connected," "secured," and "disposed" used in the description of the embodiments of the present application are to be construed broadly. For example, the connection can be a fixed connection, a detachable connection, or an integrated arrangement; it can be a mechanical connection, an electrical connection, or a communication connection; they may be directly connected or indirectly connected through an intermediate; which may be communication within two elements or an interaction of two elements. Specific meanings of the above terms in the embodiments of the present application can be understood by those skilled in the art to which the present application belongs according to specific situations.
Referring to fig. 1, an embodiment of the present application provides a data cross-border transmission method based on a cryptographic algorithm, which includes the following steps:
s1: the internal data center sends the encrypted acquisition instruction to a corresponding overseas node;
s2: the overseas node decrypts the acquisition instruction and manages a local data acquisition task according to the decrypted acquisition instruction;
in some embodiments, the domestic data center encrypts the collection instructions using the cryptographic SM2 algorithm to ensure the security of the cross-border transmission of the collection instructions.
In this embodiment, when the domestic data center node needs to regulate and control the data acquisition task of any overseas node, it is only necessary to generate a corresponding acquisition instruction, encrypt the acquisition instruction, and send the encrypted acquisition instruction to the specified overseas node. Therefore, the present embodiment can dynamically control the data acquisition policy of the overseas node.
S3: and the overseas node encrypts the data packet acquired by the data acquisition task by using a digital envelope algorithm based on the SM2 and SM4 to obtain a ciphertext packet, and sends the ciphertext packet to the domestic data center.
In the embodiment, the data packets collected by the foreign nodes are encrypted by using the digital envelope algorithm based on the cryptographic keys SM2 and SM4 and then are transmitted across the border, so as to ensure high security of the transmitted data.
In the scene of overseas energy data acquisition and transmission, the data transmitted across the border generally has the characteristics of relatively controllable length, no need of unpacking a data packet, high requirement on transmission safety and the like, and the embodiment supports the customization of data acquisition strategies of overseas nodes in an domestic data center and can ensure the safety of data transmitted across the border; therefore, the method can be well applied to the data loopback scenes of various out-of-border energy enterprises.
The present application further defines the above first embodiment, and provides a second embodiment.
In this embodiment, step S1 includes:
s101: defining a data acquisition strategy by the domestic data center;
specifically, the data collection strategy comprises an overseas node ID, a located time zone, a collected data type, metadata of the collected data and a collected data submission frequency. Wherein metadata is used to define value checking rules for the type, structure and generality of the collected data. By defining metadata, each overseas node may support the collection of multiple data types. Particularly, when the preset SM2 public key of the overseas node needs to be replaced, the method further includes defining the updated preset SM2 public key.
Therefore, the data collection strategies of each overseas node are managed by the domestic data center node.
S102: the domestic data center packages and uses the SM2 encryption data acquisition strategy to form an acquisition instruction;
s103: the domestic data center sends the encrypted acquisition instruction to a corresponding overseas node;
that is, the internal data center node is responsible for packaging the data acquisition strategy of the corresponding external node, forms an issuing instruction and sends the issuing instruction to the corresponding external node. In some embodiments, the issued acquisition instruction is encapsulated by a binary-based custom protocol, encrypted by SM2 based on a cryptographic algorithm, and issued to the corresponding overseas node by a TCP protocol.
Correspondingly, step S2 of the first embodiment includes:
s201: the overseas node decrypts and decapsulates the received acquisition instruction to acquire a data acquisition strategy therein; in other words, the overseas node decrypts the acquisition command by using the SM2 algorithm to acquire the data acquisition strategy therein.
S202: and the overseas node manages a local data acquisition task according to the data acquisition strategy.
In some specific embodiments, in a scenario where a data acquisition policy corresponding to an overseas node requires to be newly added, modified or deleted, the acquisition instruction may be divided into three types, namely a newly added data acquisition policy, a modified data acquisition policy and a deleted data acquisition policy. After the overseas node acquires the data acquisition strategy from the acquisition command, the acquisition task library is automatically maintained in the local data acquisition task management according to the three types. For example, a data acquisition task is newly created according to the data acquisition strategy in the acquisition instruction corresponding to the acquisition instruction of the newly added data acquisition strategy.
The data collection task of the node is maintained by the extraterrestrial node, and the collection task comes from the issued data collection strategy. By utilizing task scheduling of the acquisition nodes, the target data can be acquired according to the data type and the acquisition frequency specified in the formulated data acquisition strategy.
In some specific embodiments, a distributed task scheduling system deployment mode or a single-node task scheduling deployment mode is flexibly selected according to the number of types of the collected data, the frequency of the collected data and the size of the collected data.
In this embodiment, the method further includes:
s203: after the overseas nodes acquire target data through a data acquisition task and a data acquisition strategy, various modes such as database docking, interface development, file acquisition and the like are performed according to the type of the target data; and meanwhile, converting and packaging data into a specific format according to the metadata definition of the target data in the data acquisition strategy.
As can be seen from the above, in this embodiment, a general configured data acquisition strategy is adopted to implement decoupling of a data acquisition scenario and an actual service scenario, and the method can be better applied to cross-environment acquisition and transmission of data in multiple scenarios, especially acquisition and transmission of complex data types, such as multiple types of data including real-time production data, production index data, water and rainfall data).
Referring to fig. 2 and fig. 3, the present application is further limited based on the technical solutions described in the first embodiment or the second embodiment, and provides a third embodiment:
in this embodiment, the S3: and the overseas node encrypts the data packet acquired by the data acquisition task by using a digital envelope algorithm based on the SM2 and SM4 passwords to obtain a ciphertext packet, and sends the ciphertext packet to an domestic data center. As shown in fig. 2, the specific process of data encryption includes the following steps:
s301: foreign nodes generate random SM4 secret keys by adopting a secret key generation algorithm of the national secret; the secret SM4 key is a fixed length. In some embodiments, the strength of the corresponding cryptographic SM4 key may be defined according to different requirements of the actual application scenario on the strength of encryption.
S302: encrypting the data packet acquired by the data acquisition task by using the SM4 secret key to obtain an encrypted data packet;
s303: encrypting (SM 2 asymmetric encryption) the SM4 secret key by using a preset SM2 public key to obtain a secret key encryption package; wherein, the node SM2 public key is distributed to an overseas node in advance for safe storage.
S304: acquiring a ciphertext packet according to the encrypted data packet and the key encryption packet;
s305: attaching a data packet head part comprising a data packet type, an overseas node ID, a data packet ID and a data packet length to the front of the ciphertext packet, attaching a data check value to the tail of the ciphertext packet, and finally encapsulating the data into reported data;
in some embodiments, in consideration of the regular round of presetting the cipher in the cryptographic SM4 encryption algorithm, a key version value of the cryptographic SM4 key may be added to the ciphertext block to identify the version of the cryptographic SM4 key used in the current ciphertext block.
S306: and sending the reported data to an domestic data center.
Specifically, the overseas node calls a related network sending interface to send the reported data back to the domestic data center.
In the embodiment, a process of decrypting data by the domestic data center corresponding to the process of encrypting and transmitting data by the overseas node is also provided.
That is to say, the data cross-border transmission method based on the cryptographic algorithm of the present embodiment further includes:
s4: and the domestic data center receives the reported data, unpacks and decrypts the reported data to obtain the data packet.
Specifically, as shown in fig. 3, the step S4 may specifically include:
s401: the internal data center unpacks the reported data returned by the external nodes, acquires a ciphertext packet according to the head of the data packet, and verifies the ciphertext packet according to the data check value at the tail end of the ciphertext packet;
specifically, the domestic data center firstly identifies data such as a data packet length, a data packet type, a sender node ID (i.e. an overseas node ID), a data packet ID, a secret SM4 key version and the like through a data packet header of the reported data; then reading out the ciphertext packet according to the length of the data packet; and then, carrying out verification and identification on the ciphertext packet according to a data verification value attached to the end of the reported data, and judging whether the ciphertext packet is wrong or tampered in the cross-border transmission process.
S402: if the data passes the verification, the ciphertext packet is split to obtain an encrypted data packet and a key encryption packet;
s403: acquiring a corresponding node SM2 private key according to the overseas node ID in the data packet header, and decrypting a key encryption packet by using the node SM2 private key to acquire a secret SM4 key;
s404: and decrypting the encrypted data packet by using the SM4 secret key to obtain the data packet.
In some embodiments, after acquiring the data packet, the domestic data center further performs the following steps to implement data parsing and warehousing:
s405: the internal data center carries out service analysis on the data packet according to the external node ID in the data packet header and the data packet type to acquire service data;
s406: and storing the service data to a corresponding database or data center according to the actual application scene so as to facilitate further utilization of the service data.
Please refer to fig. 4, which is a schematic diagram illustrating information interaction of a data cross-border transmission method based on a cryptographic algorithm according to some embodiments. It can be known that, the present embodiment also handles communication anomalies or data delay situations that may occur during an outbound backhaul:
in practical cross-border applications, problems such as packet loss and packet errors due to communication problems are often encountered. In the embodiment, the unified communication exception code is used for capturing errors in the domestic data center and returning data exception information, and the overseas node performs retransmission processing according to the returned exception information. Specifically, the error type in the communication process, i.e. the communication exception code, is defined by using a code mode. Then, in practical application, if the data is received at a receiving end (such as an internal data center), the data check value of the data packet header is found to be inconsistent with the actually calculated check value, and the data can be identified as the data sending process error; the receiving end returns 5006 error codes to the data sending end, and after the data sending end receives the 5006 error codes, the data sending end determines whether to automatically retransmit the data or to be included in a data error log to wait for the processing of a sending end administrator according to an actual strategy.
As can be seen from the above, in the present embodiment, a set of cross-border data transmission mechanisms with high security is designed by encrypting and decrypting the cross-border transmitted data packets using the digital envelope algorithm based on the state keys SM2 and SM 4. In addition, it can be understood that the embodiment integrates metadata management and distribution of data acquisition types, and encapsulation, encryption, transmission, decryption and library analysis of data acquisition, and can be better suitable for data loopback of various overseas energy enterprises. This is because: the acquisition and transmission of overseas energy enterprise data have the following characteristics: the length is relatively controllable, the data packet does not need to be unpacked, and the safety is high. Therefore, the data sequence and combination problem does not need to be considered, and compared with the cross-border data acquisition and transmission mode in the prior art, the data acquisition and transmission efficiency can be improved through the definition of the data acquisition strategy and the encryption mode taking the national cryptographic algorithm as the core, and meanwhile, the safety of the data cross-border transmission is guaranteed.
The present invention is further directed to a computer-readable storage medium, wherein a computer program is stored thereon, a part of the computer program is distributed to a processor of a domestic data center for execution, and after the part of the computer program is distributed to a processor of an overseas node for execution, the steps included in a data cross-border transmission method based on a cryptographic algorithm according to any one of the first to third embodiments of the present invention will be implemented.
In summary, the present invention provides a data cross-border transmission method based on a national cryptographic algorithm and a computer readable storage medium, which can dynamically control the type, collection strategy and collection frequency of collected data of an overseas node through an domestic data control center (i.e. a domestic data center), and convert, encapsulate and encrypt the collected data by using the national cryptographic algorithm to ensure the security of data transmission; in addition, the system also has the monitoring function of the quality of the overseas transmission network and the data delay quality. Therefore, the method is particularly suitable for the cross-environment data loopback, and particularly can be well applied to the industrial data acquisition of energy production enterprises (power generation projects) which realize the overseas investment for domestic enterprises.
Finally, it should be noted that, although the above embodiments have been described in the text and drawings of the present application, the scope of the patent protection of the present application is not limited thereby. All technical solutions generated by replacing or modifying the equivalent structure or the equivalent flow described in the text and the drawings of the present application and directly or indirectly implementing the technical solutions of the above embodiments in other related technical fields and the like based on the substantial idea of the present application are included in the scope of the patent protection of the present application.

Claims (10)

1. A data cross-border transmission method based on a cryptographic algorithm is characterized by comprising the following steps:
the internal data center sends the encrypted acquisition instruction to a corresponding overseas node;
the overseas node decrypts the acquisition instruction and manages a local data acquisition task according to the decrypted acquisition instruction;
and the overseas node encrypts the data packet acquired by the data acquisition task by using a digital envelope algorithm based on the SM2 and SM4 to obtain a ciphertext packet, and sends the ciphertext packet to the domestic data center.
2. The data cross-border transmission method based on the national secret algorithm as claimed in claim 1, wherein the foreign node encrypts the data packet collected by the data collection task by using a digital envelope algorithm based on the national secrets SM2 and SM4 to obtain a ciphertext packet, and sends the ciphertext packet to the domestic data center, comprising:
the overseas node generates a random SM4 cryptographic key;
encrypting the data packet acquired by the data acquisition task by using the SM4 secret key to obtain an encrypted data packet;
encrypting the SM4 secret key by using a preset node SM2 public key to obtain a secret key encryption package;
acquiring a ciphertext packet according to the encrypted data packet and the key encryption packet;
attaching a data packet head part comprising a data packet type, an overseas node ID, a data packet ID and a data packet length to the front of the ciphertext packet, attaching a data check value to the tail of the ciphertext packet, and packaging the data check value into reported data;
and sending the reported data to an domestic data center.
3. The data cross-border transmission method based on the cryptographic algorithm as claimed in claim 2, wherein the method further comprises:
the domestic data center unpacks the reported data, acquires a ciphertext packet according to the head of the data packet, and verifies the ciphertext packet according to the data check value at the tail end of the ciphertext packet;
if the verification is passed, the ciphertext packet is split to obtain an encrypted data packet and a key encryption packet;
acquiring a corresponding node SM2 private key according to the overseas node ID in the data packet header, decrypting a key encryption packet by using the node SM2 private key, and acquiring a state secret SM4 key;
and decrypting the encrypted data packet by using the SM4 secret key to obtain the data packet.
4. The data cross-border transmission method based on the cryptographic algorithm as claimed in claim 3, wherein the obtaining of the data packet further comprises:
performing service analysis on the data packet according to the ID of the overseas node in the data packet header and the type of the data packet to acquire service data;
and storing the service data to a corresponding database or data center.
5. The data cross-border transmission method based on the cryptographic algorithm of claim 1, wherein the domestic data center sends the encrypted acquisition command to the corresponding foreign node, and the method comprises the following steps:
defining a data acquisition strategy by the domestic data center;
the domestic data center packages and uses the SM2 encryption data acquisition strategy to form an acquisition instruction;
and the domestic data center sends the acquisition instruction to the corresponding overseas node.
6. The data cross-border transmission method based on the cryptographic algorithm of claim 5, wherein the foreign node decrypts the acquisition instruction and manages a local data acquisition task according to the decrypted acquisition instruction, and the method comprises the following steps:
the overseas node decrypts and decapsulates the received acquisition instruction to acquire a data acquisition strategy therein;
and the overseas node manages a local data acquisition task according to the data acquisition strategy.
7. The data cross-border transmission method based on the cryptographic algorithm of claim 5, wherein the data collection policy comprises an overseas node ID, a collection data type, metadata of the collection data, and a collection data reporting frequency.
8. The data cross-border transmission method based on the cryptographic algorithm as claimed in claim 7, wherein the method further comprises:
the data acquisition task carries out database butt joint, interface adjustment and data acquisition according to the acquired data type defined in the data acquisition strategy;
and the data acquisition task performs data type conversion and packaging on the acquired data into a specific format according to metadata of the acquired data defined in the acquisition strategy.
9. The data cross-border transmission method based on the cryptographic algorithm of claim 1, wherein the collection instruction comprises an additional data collection strategy, a modified data collection strategy and a deleted data collection strategy.
10. A computer readable storage medium having stored thereon a computer program, wherein the computer program is executed by a processor distributed to domestic data centers and a plurality of foreign nodes to implement a cryptographic algorithm based data cross-border transmission method according to any one of claims 1 to 9.
CN202211208485.4A 2022-09-30 2022-09-30 Data cross-border transmission method based on state cryptographic algorithm and storage medium Pending CN115913626A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211208485.4A CN115913626A (en) 2022-09-30 2022-09-30 Data cross-border transmission method based on state cryptographic algorithm and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211208485.4A CN115913626A (en) 2022-09-30 2022-09-30 Data cross-border transmission method based on state cryptographic algorithm and storage medium

Publications (1)

Publication Number Publication Date
CN115913626A true CN115913626A (en) 2023-04-04

Family

ID=86477283

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211208485.4A Pending CN115913626A (en) 2022-09-30 2022-09-30 Data cross-border transmission method based on state cryptographic algorithm and storage medium

Country Status (1)

Country Link
CN (1) CN115913626A (en)

Similar Documents

Publication Publication Date Title
CN107409139B (en) Single-path coupling device, interrogation device and method for the feedback-free transmission of data
CN1717697B (en) System and method for compressing secure e-mail for exchange with a mobile data communication device
CN102082771B (en) Service management middleware based on ESB (enterprise service bus) technology
CN111131278B (en) Data processing method and device, computer storage medium and electronic equipment
US20080005558A1 (en) Methods and apparatuses for authentication and validation of computer-processable communications
US9390118B2 (en) Computer implemented method for transforming an event notification within a database notification infrastructure
CN110597839A (en) Transaction data processing method, device, equipment and storage medium
CN113765713A (en) Data interaction method based on Internet of things equipment acquisition
US10754961B2 (en) Data processing apparatus and data processing method for internet of things system
CN110061996A (en) A kind of data transmission method, device, equipment and readable storage medium storing program for executing
CN104012134A (en) Method and system for secured communication of control information in wireless network environment
CN112800472A (en) Industrial internet identification data protection system based on micro-service architecture
CN112822276A (en) Substation control layer communication method and system for transformer substation, electronic equipment and storage medium
CN112333009B (en) Gateway system based on configuration
CN110457929A (en) The sharing method and system of isomery HIS big data real-time encryption and decryption compression cochain
CN109067700A (en) A kind of cross-platform information input output protection system
US8838955B2 (en) Two-way, secure, data communication within critical infrastructures
CN107222473B (en) Method and system for encrypting and decrypting API service data at transport layer
CN105228114A (en) A kind of Encrypted short message receive-transmit system based on power failure navigation system and method
CN102970134B (en) Method and system for encapsulating PKCS#7 (public-key cryptography standard #7) data by algorithm of hardware password equipment
CN115913626A (en) Data cross-border transmission method based on state cryptographic algorithm and storage medium
CN108833612B (en) Local area network equipment communication method based on ARP protocol
CN111314375A (en) Medical insurance data adaptation engine, medical insurance data adaptation method, electronic equipment and storage medium
CN112988740A (en) Power distribution network data storage method based on multiple data sources
CN103118023B (en) A kind of method and system of the data of transmission specification in a network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination