CN116032643A - Application layer implicit unidirectional isolation device penetration method for national network chain service call - Google Patents
Application layer implicit unidirectional isolation device penetration method for national network chain service call Download PDFInfo
- Publication number
- CN116032643A CN116032643A CN202310031333.XA CN202310031333A CN116032643A CN 116032643 A CN116032643 A CN 116032643A CN 202310031333 A CN202310031333 A CN 202310031333A CN 116032643 A CN116032643 A CN 116032643A
- Authority
- CN
- China
- Prior art keywords
- information
- application
- intranet
- database
- external network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an application layer implicit unidirectional isolation device penetration method for national network chain service call, which comprises the following steps: the intranet application encrypts and stores the related request content and identity information into an intranet database through a public key of RSA; the external network application starts a timing task, accesses an internal network database through a unidirectional isolation device of an external network TO internal network, and acquires encrypted information; the external network application uses the private key to decrypt the encrypted information, verifies the identity information, and calls the API of the external network system after verification; the external network application stores the returned result information and the state result in the internal network database through the unidirectional isolating device by using public key encryption; the intranet application obtains the requested return information by reading the database. The invention can help the intranet application to indirectly access the extranet service in the form of temporary storage of the intranet database and timing pulling of the extranet polling service.
Description
Technical Field
The invention relates to the technical field of network management and blockchain service, in particular to an application layer implicit unidirectional isolation device penetration method for national network chain service call.
Background
The RSA encryption algorithm is an asymmetric encryption algorithm and is widely used in public key encryption and electronic commerce. RSA encryption is encrypted by public key and decrypted by private key, except that its field of application involves message signing.
The running environment of the power grid information system is based on the level protection requirement of the power grid, the internal network and the external network cannot be directly connected and communicated, the external network service can only access the internal network database through the unidirectional isolation device (external network TO internal network), the external network service cannot directly access the internal network service, and the internal network service cannot access the external network. In this environment, the extranet service generally invokes the intranet service in a general manner that is escaping from the storage process; the method is characterized in that the method for calling the external network service temporarily has no general purpose, the existing method is a service penetration method and a system through an SQL proxy security isolation device, and a method for extracting the internal network application single-thread write request intermediate library and the external network polling access intermediate library is used.
The national network chain is a large blockchain deployed by the national power grid company, and the main node of the national network chain relates to Beijing, shanghai and western security and comprises transaction side chains, data side chains and a main chain. Both transaction and contract information are encrypted using a cryptographic algorithm. The national network chain is deployed in the external network, and most of the uplink systems accessed by the national network chain are external network systems.
The security measures of the existing method only relate to an IP white list, a password and the like, the security is not in accordance with the requirements of a national network chain due to the fact that data are transmitted in an unencrypted mode, meanwhile, the intranet service can only be written into an intermediate library in a single-thread mode, the performance requirements of a large data volume writing scene are not met, and therefore the more visual and safer transmission is achieved through the mode of encrypting and authenticating process data and writing into a ferrying database in a concurrent mode.
Disclosure of Invention
The invention aims to provide an application layer implicit unidirectional isolation device penetration method for calling national network chain service, which can help the intranet application to indirectly access the external network service through the temporary storage of an intranet database and the timing pulling form of the external network polling service when the intranet application needs to call the API service of the external network.
In order to achieve the above purpose, the technical scheme of the invention is as follows:
s1: the intranet application (requesting party) packages and processes related request content through an interface of a blockchain, after finishing the packaging and processing, the related request content and identity information are preprocessed into JSON character strings, encryption is carried out through a public key of RSA, and called interface codes, calling parameters and the like are stored in corresponding fields of an intranet ferry database;
s2: the external network application (service side) starts a timing task, starts inquiry once every five minutes, accesses an 'intranet ferry database' through a unidirectional isolation device (external network TO intranet), and does not process if the processing state of the data is 1; if the information is 0, acquiring the encrypted information, and executing the step S3;
s3: the external network application (service side) decrypts the encrypted information by using a private key, compares whether the decrypted identity information is the same as the current user, unpacks json character strings of the block chain, compares whether the transaction hash and the timestamp are matched with the current transaction, and calls a corresponding external network system API according to the decrypted call request after verification;
s4: the external network application (service side) encrypts the returned result information and the state result by using a public key, and stores the result information and the state result in an 'intranet ferry database' through a unidirectional isolation device (an external network TO intranet), and sets a processing state field TO be 1;
s5: the intranet application (requester) acquires the returned information of the request by reading the intranet ferry database, judges whether the request is successful or not, and if not, continues to repeat the step S1.
The working principle of the invention is as follows: the data is accessed by using the field control of the database in a polling mode, the access field comprises a parameter address and identity verification information, the security of the transmission process is ensured by using RSA encryption, and the intranet application request is safely sent to the extranet and the content is acquired.
The beneficial effects of the invention are as follows:
the invention improves the safety, solves the problem of low storage performance of the prior art method, improves the transmission safety, ensures that applications with high safety transmission requirements, such as block chains, and the like and strong certificate storage confidentiality can implicitly access from an intranet to an extranet.
The invention is used for the implicit unidirectional isolation device penetration of the application layer for the national network chain service call, and realizes the penetration of the unidirectional isolation device (the external network TO intranet).
Drawings
Fig. 1 is a flow chart of the present invention.
Detailed Description
The following describes the embodiments of the present invention further with reference to the drawings and examples. The following examples are only for more clearly illustrating the technical aspects of the present invention, and are not intended to limit the scope of the present invention.
The invention realizes the national network chain of the material business, and the specific implementation technical scheme is as follows:
s1: the preparation work comprises setting up a ferry database in an intranet, wherein the ferry database is divided into an authentication table and a parameter table, the authentication table stores authority information, the parameter table stores parameter information and result information, an RSA type key is generated, the key length is 2048 bits, and authentication information such as a public key, an app secret, a token and the like is stored in the authentication table. Then, the material service (intranet requester) encrypts the information by using the public key, and simultaneously stores the material and the uplink information, the URL of the API and the hash code of the information into a parameter table;
s2: the external network (service side) starts a timing task, a query is started every five minutes, an 'intranet ferry database' is accessed through a unidirectional isolation device (external network TO intranet), and if the processing state of the data is 1, the data is not processed; if the information is 0, acquiring the encrypted information, and executing the step S3;
s3: the external network (service side) obtains the encrypted authentication information from the authentication table, unpacks the json character string of the block chain, compares the json character string with the hash code, identifies transmission errors, and decrypts the information of the service table by using the private key after confirming that the result is correct.
S4: after the identity information passes verification, the corresponding blockchain uplink memory card and the corresponding on-chain data query API are called TO obtain a result, the result and the state code are stored into an intranet ferry database through a unidirectional isolating device (an external network TO intranet), and a data processing state field is set TO be 1;
s5: and (3) the material service system (a requester) acquires the returned information and the result data of the request by reading the result field in the parameter table of the intranet ferry database, judges whether the request is successful or not, and if not, continuously repeats the step (S1).
According to the method, under the conditions that the specific internal and external networks are isolated and the external networks can only access the internal network database, the internal network application accesses the national network chain service deployed by the external networks, the unidirectional isolation device is penetrated at the expense of real-time performance, the safety of data is ensured in an implicit mode on the premise of not violating the safety requirement of the isolation device, and the internal network data is safely transmitted to the external network service and is uplink.
The foregoing is merely a preferred embodiment of the present invention, and it should be noted that it will be apparent to those skilled in the art that several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the scope of the invention.
Claims (5)
1. An application layer implicit unidirectional isolation device penetration method for national network chain service call is characterized by comprising the following steps:
s1: the intranet application is used as a requesting party, relevant request content and identity information are encrypted through a public key of RSA, and the encrypted request content and the encrypted identity information are stored in an intranet ferry database;
s2: the external network application is used as a service side, a timing task is started, and an intranet ferry database is polled and accessed through a unidirectional isolation device to obtain encrypted request information;
s3: the external network application decrypts the encrypted request information by using the private key, verifies the identity information, and calls a corresponding external network system API according to the decrypted request information after verification;
s4: the external network application encrypts the returned result information and the state result structured data by using a public key, and stores the result information and the state result structured data into an internal network ferry database through a unidirectional isolating device;
s5: the intranet application starts a timing task, polls and reads an intranet ferry database, acquires the return information of the request, judges whether the request is successful or not, and if not, continues to repeat the step S1.
2. The method for penetration of an application layer implicit unidirectional spacer for use in a state network link service call as claimed in claim 1, wherein in S1, the application data involved in the transmitted request content is a securely encrypted state network link uplink information.
3. The method for penetrating an application layer implicit unidirectional isolator for use in a national network chain service call according TO claim 1, wherein in S1, the isolator is a unidirectional security isolator external network TO internal network, and the database is a relational database.
4. The method for penetrating an application layer implicit unidirectional isolating device for national network chain service call according to claim 1, wherein in S3, data decryption processing is performed by using an own RSA private key, identity information is obtained at the same time, and the integrity of data is verified; the information system accessed after verification is the national network chain API service of the external network.
5. The method for penetrating an application layer implicit unidirectional spacer for use in a national network chain service call as claimed in claim 1, wherein in S4, the result status information involved is the result information returned by the external network application, and the encryption mode is RSA encryption.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310031333.XA CN116032643A (en) | 2023-01-10 | 2023-01-10 | Application layer implicit unidirectional isolation device penetration method for national network chain service call |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310031333.XA CN116032643A (en) | 2023-01-10 | 2023-01-10 | Application layer implicit unidirectional isolation device penetration method for national network chain service call |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116032643A true CN116032643A (en) | 2023-04-28 |
Family
ID=86080920
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310031333.XA Pending CN116032643A (en) | 2023-01-10 | 2023-01-10 | Application layer implicit unidirectional isolation device penetration method for national network chain service call |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116032643A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117714218A (en) * | 2024-02-06 | 2024-03-15 | 成方金融科技有限公司 | Cross-network service calling method and device |
-
2023
- 2023-01-10 CN CN202310031333.XA patent/CN116032643A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117714218A (en) * | 2024-02-06 | 2024-03-15 | 成方金融科技有限公司 | Cross-network service calling method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7231526B2 (en) | System and method for validating a network session | |
| CN112836229A (en) | Attribute-based encryption and block-chaining combined trusted data access control scheme | |
| CN101051904B (en) | Method for landing by account number cipher for protecting network application sequence | |
| US20030081774A1 (en) | Method and apparatus for dynamic generation of symmetric encryption keys and exchange of dynamic symmetric key infrastructure | |
| CN112751821B (en) | Data transmission method, electronic equipment and storage medium | |
| RU2008144205A (en) | DEVICE AND METHOD FOR PROTECTED DATA TRANSFER | |
| US8291227B2 (en) | Method and apparatus for secure communication | |
| CN114024710A (en) | Data transmission method, device, system and equipment | |
| CN108809936B (en) | Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof | |
| US11811739B2 (en) | Web encryption for web messages and application programming interfaces | |
| CN111600948B (en) | Cloud platform application and data security processing method, system, storage medium and program based on identification password | |
| CN113918967A (en) | Data transmission method, system, computer equipment and medium based on security check | |
| CN114143108A (en) | Session encryption method, device, equipment and storage medium | |
| CN116032643A (en) | Application layer implicit unidirectional isolation device penetration method for national network chain service call | |
| CN115632880A (en) | Reliable data transmission and storage method and system based on state cryptographic algorithm | |
| CN110035035B (en) | Secondary authentication method and system for single sign-on | |
| CN116132043B (en) | Session key negotiation method, device and equipment | |
| CN110807210B (en) | Information processing method, platform, system and computer storage medium | |
| CN110008727B (en) | Encryption sensitive parameter processing method and device, computer equipment and storage medium | |
| CN112039857A (en) | Calling method and device of public basic module | |
| CN108989302B (en) | OPC proxy connection system and connection method based on secret key | |
| CN108737087B (en) | Protection method for mailbox account password and computer readable storage medium | |
| CN114553557B (en) | Key calling method, device, computer equipment and storage medium | |
| CN111542050B (en) | TEE-based method for guaranteeing remote initialization safety of virtual SIM card | |
| CN114679299A (en) | Communication protocol encryption method, device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |