CN116232773B - Information release method, device, equipment and medium - Google Patents
Information release method, device, equipment and medium Download PDFInfo
- Publication number
- CN116232773B CN116232773B CN202310511749.1A CN202310511749A CN116232773B CN 116232773 B CN116232773 B CN 116232773B CN 202310511749 A CN202310511749 A CN 202310511749A CN 116232773 B CN116232773 B CN 116232773B
- Authority
- CN
- China
- Prior art keywords
- encryption
- release
- information
- service server
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
- H04L67/306—User profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The application provides a method, a device, equipment and a medium for information release, wherein the method comprises the following steps: after receiving a service starting request, the service server detects a configuration file through an SDK client; if the configuration file passes the detection, the service server encrypts the personalized information of the service server recorded in the configuration file to generate an encryption request; after receiving the encryption request, the cryptographic engine server decrypts the encryption request and generates an encryption scheme by utilizing the decrypted personalized information; the encryption server returns the encryption scheme to the SDK client and stores the encryption scheme in the SDK client; after receiving an information release request initiated by a user side, a service server encrypts release contents carried in the information release request through an encryption scheme stored in an SDK client side; the service server stores the encrypted release content in a release database and sends the encrypted release content to a release audit server.
Description
Technical Field
The present application relates to the field of information processing, and in particular, to a method, an apparatus, a device, and a medium for information distribution.
Background
With the increase of informatization, people receive various electronic information, such as news, preferential information, prompt messages, etc., every day.
In order to improve the accuracy and the public confidence of information release, an enterprise performing information release generally selects one or two larger information release platforms to complete editing and release of information. Since one information distribution platform usually interfaces with a plurality of information distribution units, how to manage information to be distributed becomes important how to manage keys of enterprise login.
Disclosure of Invention
In view of the above, the present application aims to provide a method, an apparatus, a device and a medium for information distribution, which are used for solving the problem that the information distribution may be compromised in the prior art.
In a first aspect, an embodiment of the present application provides a method for publishing information, which is applied to an information publishing system, where the information publishing system includes a cryptographic engine server, a plurality of service servers, and a plurality of clients; each service server is provided with a cryptographic engine server aiming at an SDK client provided by the service server; the SDK client records an SDK configuration file;
After receiving a service starting request, the service server detects a configuration file through an SDK client;
if the configuration file passes the detection, the service server encrypts the personalized information of the service server recorded in the configuration file to generate an encryption request;
after receiving the encryption request, the cryptographic engine server decrypts the encryption request and generates an encryption scheme by using the decrypted personalized information;
the encryption scheme is returned to the SDK client by the crypto server, and the encryption scheme is stored in the SDK client;
after receiving an information release request initiated by a user side, a service server encrypts release contents carried in the information release request through an encryption scheme stored in an SDK client side;
and the service server stores the encrypted release content in a release database and sends the encrypted release content to a release audit server.
Optionally, the personalized information includes: IP address, MAC address, KEY information, encryption policy advice information.
Optionally, the step of detecting, by the SDK client, the configuration file includes:
the service server detects whether KEY information exists in the configuration file through the SDK client;
If KEY information exists in the configuration file, the service server determines that the configuration file passes detection;
if the KEY information does not exist in the configuration file, the service server carries out SHA256 signature on the IP address and the MAC address through the SDK client, the signature result is stored in the configuration file, and after the storage execution is finished, the configuration file is determined to pass detection.
Optionally, the step of generating an encryption scheme using the decrypted personalized information includes:
inquiring verification information corresponding to the KEY information in a cipher machine database by the cipher machine server according to the KEY information;
if the verification information is inquired, the cryptographic machine server uses the verification information to verify the IP address and the MAC address, and if the verification is passed, a preset encryption KEY and an encryption mode corresponding to KEY information stored in a cryptographic machine database are called out to generate an encryption scheme;
if the verification information is not queried, the cryptographic engine server generates an encryption scheme according to KEY information, a preset encryption mode and a default encryption mode.
Optionally, the generating the encryption scheme according to the KEY information, the preset encryption mode and the default encryption mode includes:
the cipher machine server searches a corresponding encryption scheme superposition rule from preset encryption scheme generation rules according to the numerical value of KEY information;
The cipher machine server screens out a first sub-encryption mode from the preset encryption modes corresponding to the service types carried in the service starting request according to the encryption scheme superposition rule, and screens out a second sub-encryption mode from the default encryption modes shared by all the service types;
and the cipher machine server superimposes the first sub-encryption mode and the second sub-encryption mode to obtain the encryption scheme.
Optionally, the step of encrypting the release content carried in the information release request by an encryption scheme stored in the SDK client includes:
the service server searches an encryption rule for encrypting the release content from the encryption scheme according to release strategy information carried in the information release request; the encryption rule comprises an encryption key and an encryption type; the release strategy information comprises release regions, release objects, release time and a release platform for releasing content;
and the service server encrypts the release content according to the encryption rule.
Optionally, the step of searching, by the service server, an encryption rule for encrypting the release content from the encryption scheme according to release policy information carried in the information release request includes:
The service server inquires the credibility of the release platform and the communication mode of the service server and the release platform;
if the credibility of the release platform is larger than a preset value, the service server calculates the information leakage probability according to the communication stability of the communication mode in a preset historical period;
the service server determines encryption complexity according to the information leakage probability;
the service server selects a preset number of candidate encryption rules corresponding to the type of the release platform according to the encryption complexity; the candidate encryption rules comprise corresponding relations between different encryption times and encryption keys and corresponding relations between different encryption times and encryption modes;
the service server deletes candidate encryption rules with encryption time which does not meet preset requirements according to the release region and the release object;
and the service server generates an encryption rule for encrypting the release content by using the candidate encryption rule remained after the deletion.
In a second aspect, an embodiment of the present application provides an information publishing device, which is applied to an information publishing system, where the information publishing system includes a cryptographic engine server, a plurality of service servers, and a plurality of clients; each service server is provided with a cryptographic engine server aiming at an SDK client provided by the service server; the SDK client records an SDK configuration file;
The detection module is used for detecting a configuration file through the SDK client after the service server receives the service starting request;
the first encryption module is used for encrypting the personalized information of the service server recorded in the configuration file if the configuration file passes the detection, so as to generate an encryption request;
the decryption module is used for decrypting the encryption request after the encryption request is received by the crypto server, and generating an encryption scheme by utilizing the decrypted personalized information;
the storage module is used for returning the encryption scheme to the SDK client by the crypto server and storing the encryption scheme in the SDK client;
the second encryption module is used for encrypting release contents carried in the information release request through an encryption scheme stored in the SDK client after the service server receives the information release request initiated by the user terminal;
and the release module is used for storing the encrypted release content in a release database by the service server and transmitting the encrypted release content to the release audit server.
In a third aspect, an embodiment of the present application provides a computer device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the steps of the method described above when executing the computer program.
In a fourth aspect, embodiments of the present application provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the above method.
The information release method provided by the application is applied to an information release system, wherein the information release system comprises a cipher machine server, a plurality of service servers and a plurality of user terminals; each service server is provided with a cryptographic engine server aiming at an SDK client provided by the service server; the SDK client records an SDK configuration file; after receiving a service starting request, the service server detects a configuration file through an SDK client; if the configuration file passes the detection, the service server encrypts the personalized information of the service server recorded in the configuration file to generate an encryption request; after receiving the encryption request, the cryptographic engine server decrypts the encryption request and generates an encryption scheme by using the decrypted personalized information; the encryption scheme is returned to the SDK client by the crypto server, and the encryption scheme is stored in the SDK client; after receiving an information release request initiated by a user side, a service server encrypts release contents carried in the information release request through an encryption scheme stored in an SDK client side; and the service server stores the encrypted release content in a release database and sends the encrypted release content to a release audit server.
According to the scheme provided by the application, the information release system is arranged, so that the release content is firstly encrypted through each server and the SDK client in the information release system before release, and then the encrypted release content is sent to the auditing server for auditing, and the information is released after auditing, so that the condition that the release information cannot be leaked in advance is ensured.
In order to make the above objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of a method for information publishing according to an embodiment of the present application;
fig. 2 is a flow chart of a configuration file detection method according to an embodiment of the present application;
Fig. 3 is a schematic structural diagram of an information publishing device according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. The components of the embodiments of the present application generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the application, as presented in the figures, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by a person skilled in the art without making any inventive effort, are intended to be within the scope of the present application.
With the increasing importance of network security, related regulatory authorities in recent years are standing at a long-term strategic level to promote the implementation of encryption algorithm application and strengthen the requirements of industry security and controllability. The method gets rid of excessive dependence on foreign technology and products, builds industry network security environment, and enhances the security controllability of the industry information system in China.
In addition to the confidential field, other technical fields have clear requirements on information encryption in recent years, for example, in the information release field, if the information is ensured not to be leaked before release, the problem that attention is required is changed if the released information is ensured not to be tampered maliciously by others.
In order to solve this problem, the prior art generally uses a method of encrypting information before sending it out, but this method is relatively dead and easy to crack.
In view of this situation, the present application provides a method for information distribution, which is applied to an information distribution system shown in fig. 1, where the information distribution system includes a cryptographic engine server, a plurality of service servers, and a plurality of clients; each service server is provided with a cryptographic engine server aiming at an SDK client provided by the service server; the SDK client records an SDK configuration file;
the information release method comprises the following steps:
s101, after receiving a service starting request, a service server detects a configuration file through an SDK client;
s102, if the configuration file is detected to pass, encrypting the personalized information of the service server recorded in the configuration file by the service server to generate an encryption request;
S103, after receiving the encryption request, the cryptographic engine server decrypts the encryption request and generates an encryption scheme by utilizing the decrypted personalized information;
s104, the cryptographic engine server returns the encryption scheme to the SDK client and stores the encryption scheme in the SDK client;
s105, after receiving an information release request initiated by a user terminal, a service server encrypts release contents carried in the information release request through an encryption scheme stored in an SDK client;
and S106, the service server stores the encrypted release content in a release database and sends the encrypted release content to a release audit server.
In step S101, the service server is mainly used for providing various services, and in the present application, the service server is a server mainly used for providing various types of information distribution functions, and generally, the service types of each service server are different, but in some cases, different service servers may also be matched with each other to complete a certain service.
The service initiation request is generally initiated by the user terminal, and may be automatically initiated when a service is online. Specifically, the service initiation request is generally a service initiation request sent by a service server and received by a user, and when the user needs to initiate a service, the user can operate the user to initiate the service initiation request to the service server.
The SDK client is transmitted by the cipher machine server and installed in the service server, and the SDK client has the main functions of interfacing with the cipher machine server and processing and encrypting and decrypting related transactions.
The action of detecting the configuration file is completed by the SDK client, so that the tightness of the operation can be ensured.
Specifically, as shown in fig. 2, the step of detecting the configuration file may include the following steps:
s1011, the service server detects whether KEY information exists in the configuration file through the SDK client;
s1012, if KEY information exists in the configuration file, the service server determines that the configuration file passes detection;
and S1013, if the KEY information does not exist in the configuration file, the service server carries out SHA256 signature on the IP address and the MAC address through the SDK client, saves the signature result in the configuration file, and determines that the configuration file passes detection after the saving execution is finished.
In step S1011, the SDK client detects KEY information, and in step S1012, if KEY information exists and KEY is true, it is determined that the configuration file detection passes; if the configuration query does not have KEY information, the service server performs SHA256 signature on the IP address and the MAC address through the SDK client and determines that the configuration file detection passes based on the result of the signature in step S1013. The signature result can be checked once, and if the check is passed, the detection is passed.
After the configuration file is detected, the service server can generate an encryption request, so that the SDK actually plays a role in security verification before the encryption operation is initiated, and the security is ensured more than that of the service server because the SDK client is directly controlled by the cryptographic server. The encryption mode is also needed to be adopted when the encryption request is specifically generated, and the service server encrypts the personalized information of the service server recorded in the configuration file to generate the encryption request. The personalized information is to distinguish different service servers, so that the personalized information can have an IP address, a MAC address, KEY information and suggested information of an encryption policy, wherein the encryption policy is an encryption policy pre-stored in the service server, and the encryption policy is a content pre-set in the service server, so that encryption performed in S102 can be basically ensured to be set according to different service servers. And the encryption strategies of different service servers are different, so that the security of data transmission is ensured. There are two encryption policies in step S102, one being an encryption policy executed in the process of generating an encryption request, and one being an encryption policy used by the encryption scheme generated in step S103. That is, the encryption policy in the personalized information may be used either when the encryption request is generated in step S102, when the encryption scheme is generated in step S103, or in either step S102 or S103.
Generally, the encryption request generated in step S102 is in the form of ciphertext, which is mainly used to ensure the security of the whole data transmission process, and at the same time, in order to ensure the encryption efficacy, the encryption policies in the personalized information stored in each service server should be different. Generally, step S102 is also performed by the service server controlling the SDK client.
In step S103, after the cryptographic server receives the encryption request, the cryptographic request needs to be decrypted, and the key used for decryption is agreed in advance by the cryptographic server and the service server. The cryptographic engine server may then use the decrypted personalization information to generate an encryption scheme. And feeding back the generated encryption scheme to the service server in step S104, and storing by the SDK client. Further, in step S105, when information needs to be published, the service server may encrypt the published content carried in the publishing request by using the stored encryption scheme through the SDK client, and finally in step S106, the service server stores the encrypted published content in the publishing database, and provides the published content to the auditing server. After the audit server passes the audit of the release content, the business server can be informed to release the release content (the main purpose of storing in the release database is to carry out backup). Therefore, the safety of the information is ensured by using a mode of using a cipher machine and an SDK client to carry out whole-course encryption operation before the information is released, and the mode information is leaked.
Specifically, the step of generating an encryption scheme by using the decrypted personalized information includes:
step 1031, the cryptographic engine server queries verification information corresponding to the KEY information in the cryptographic engine database according to the KEY information;
step 1032, if the verification information is queried, the cryptographic engine server uses the verification information to verify the IP address and the MAC address, and if the verification is passed, a preset encryption KEY and an encryption mode corresponding to KEY information stored in a cryptographic engine database are called out to generate an encryption scheme;
step 1033, if the verification information is not queried, the cryptographic engine server generates an encryption scheme according to KEY information, a preset encryption mode and a default encryption mode.
In step 1031, the cryptographic engine server needs to use KEY information to gather and search the authentication information corresponding to the KEY in the cryptographic engine database, where the authentication information can prove the authenticity of the request initiated by the service server.
In step 1032, after the verification information is queried, the IP address and the MAC address may be checked, and of course, other information may be further checked, such as the time of sending the request, the encryption and decryption modes, etc. (these may follow the preset conventions between the service server and the cryptographic server). After the verification is passed, the pre-stored key and encryption mode can be extracted to generate an encryption scheme. The encryption mode refers to different types of encryption algorithms or different encryption strategies under the same type of encryption algorithm. Since the encryption policy carried in the personalized information can be used in this step as well, the encryption policy, the key extracted and the encryption mode can be used in cooperation at the same time at the hand of generating the encryption scheme. The encryption strategy can also carry a secret key and an encryption mode, and at this time, the secret key and the encryption mode in the encryption strategy can be respectively overlapped with the called secret key and the called encryption mode to generate a final version of secret key and a final encryption mode, and the final secret key and the final encryption mode are utilized to generate an encryption scheme.
In step 1033, if KEY information is not queried, the cryptographic engine server may generate an encryption scheme using the preset information, the preset encryption scheme, and the default encryption scheme.
The specific step 1033 may be performed as follows:
step 10331, the cryptographic engine server searches the corresponding encryption scheme superposition rule from the preset encryption scheme generation rule according to the value of the KEY information;
step 10332, the cryptographic engine server screens out a first sub-encryption mode from the preset encryption modes corresponding to the service types carried in the service start request according to the encryption scheme superposition rule, and screens out a second sub-encryption mode from the default encryption modes shared by all the service types;
in step 10333, the cryptographic engine server superimposes the first sub-encryption scheme and the second sub-encryption scheme to obtain the encryption scheme.
In step 10331, since there is no KEY information, it is indicated that the service server has not previously retained the corresponding encryption algorithm in the cryptographic server, and this is performed according to the generic scheme. To ensure encryption complexity, different encryption policies may be set according to the KEY values. Specifically, in step S10331, a corresponding encryption scheme stacking rule is searched from preset encryption scheme generating rules according to the value of KEY information, where the encryption scheme stacking rule reflects a policy of stacking different encryption modes. Due to the difference of KEY values, the selected superposition mode can also be adaptively adjusted, so that the encryption complexity is ensured.
In step 10332, the cryptographic engine server may select, according to the found overlay rule, a first sub-encryption mode from encryption modes corresponding to service types specific to the service server (the encryption modes corresponding to the service types are common encryption modes for services of the same service type) and a second sub-encryption mode from default encryption modes for all service types (only one default encryption mode is used, different service types are not distinguished, and all servers use the one encryption mode).
Then in step 10333, the two sub-encryption schemes can be superimposed by the cryptographic server to generate the final encryption scheme.
Specifically, the step of encrypting the distribution content by the SDK client in step S105 may be performed as follows:
step 1051, the service server searches the encryption rule for encrypting the release content from the encryption scheme according to the release strategy information carried in the information release request; the encryption rule comprises an encryption key and an encryption type; the release strategy information comprises release regions, release objects, release time and a release platform for releasing content;
At step 1052, the service server encrypts the published content according to the encryption rules.
In step 1051, the service server needs to find the corresponding encryption rule from the encryption scheme according to the release policy information. Wherein, the encryption rule comprises an encryption key and an encryption type; the release strategy information comprises release regions, release objects, release time and a release platform for releasing content. The distribution policy information is used to adjust the encryption rules, and then in step 1052, the distribution content may be encrypted according to the predetermined encryption rules.
Further, the process of determining the encryption rule in step 1051 may be performed as follows:
step 10511, the service server queries the credibility of the release platform and the communication mode between the service server and the release platform;
step 10512, if the reliability of the publishing platform is greater than a preset value, calculating the information leakage probability by the service server according to the communication stability of the communication mode in a preset history period;
step 10513, the business server determines the encryption complexity according to the information leakage probability;
step 10514, the service server selects a predetermined number of candidate encryption rules corresponding to the type of the distribution platform according to the encryption complexity; the candidate encryption rules comprise corresponding relations between different encryption times and encryption keys and corresponding relations between different encryption times and encryption modes;
Step 10515, the service server deletes the candidate encryption rule with encryption time not meeting the preset requirement according to the release region and the release object;
in step 10516, the service server generates an encryption rule for encrypting the distribution content using the candidate encryption rule remaining after the deletion.
In step 10511, the service server first queries the reliability of the distribution platform (the reliability refers mainly to the business reliability, that is, the frequency of the occurrence of the divulgence event, the access amount of the platform, etc.) and the communication mode between the service server and the distribution platform (this determines the possibility of divulging information when the distribution content is delivered).
In step 10512, if the reliability is large enough, the probability of information leakage can be calculated based on the communication stability of the communication scheme in the past. The communication stability is mainly the situation that information leakage occurs when information is transmitted through the communication mode historically, and the stability of network connection. The stability of the network connection can be determined according to the fluctuation condition of the bandwidth, the access times of the access through the communication mode, the number of users and other information. If the credibility of the corresponding publishing platform does not reach the preset value, the following steps 10513-10516 cannot be executed, and other encryption means may need to be adopted for encrypting the information.
In step 10513, the secret complexity needs to be calculated according to the leakage probability, and in general, the leakage probability and the encryption complexity are in positive correlation. In step 10514, a predetermined number of encryption rules are selected as candidate encryption rules from the candidate encryption rules corresponding to the type of the distribution platform according to the encryption complexity; the candidate encryption rules actually exist in a list form, and keys used at different times and encryption modes corresponding to different times are recorded in the list. Therefore, the key and the encryption mode are adjusted according to the time, in other words, the encryption rule is determined by the encryption time (the time for sending the verification server to verify) so as to ensure the security of the encryption result to a certain extent.
In step 10515, the encryption time is not required to be deleted according to the issuing region and the issuing object, which mainly considers that the encrypted content is sent to the auditing server, and the auditing server issues the encrypted content in time after the auditing is passed, or the auditing server determines whether the encrypted content can be issued immediately after step S106 is completed, if the encrypted content can be issued, the service server/auditing server immediately informs the issuing server to issue the content, so that the issuing time is similar to the time of step S106, and therefore, in step 10515, the encryption rule which does not correspond to the instant issuing time of the issuing region is deleted by adopting a time checking mode (for example, the encryption rule of night can only be used when the area a is currently at night), and the encryption rule can be deleted according to the type of the encryption object, for example, the encryption rule of night time period should be used when the encrypting object is a night shift, and the encryption rule of other time period should be deleted.
Finally, in step 10516, the service server may generate a final encryption rule using the encryption rules remaining after the deletion.
The embodiment of the application provides an information release device which is applied to an information release system as shown in fig. 3, wherein the information release system comprises a cryptographic machine server, a plurality of service servers and a plurality of user terminals; each service server is provided with a cryptographic engine server aiming at an SDK client provided by the service server; the SDK client records an SDK configuration file;
the detection module 301 is configured to detect a configuration file through the SDK client after the service server receives the service start request;
the first encryption module 302 is configured to encrypt, if the configuration file passes the detection, the personalized information of the service server recorded in the configuration file by the service server to generate an encryption request;
the decryption module 303 is configured to decrypt the encryption request after receiving the encryption request, and generate an encryption scheme using the decrypted personalized information;
a saving module 304, configured to return the encryption scheme to the SDK client by using the cryptographic engine server, and save the encryption scheme to the SDK client;
The second encryption module 305 is configured to encrypt, by using an encryption scheme stored in the SDK client, release content carried in the information release request after the service server receives the information release request initiated by the user terminal;
and the release module 306 is used for storing the encrypted release content in a release database by the service server and transmitting the encrypted release content to the release audit server.
Optionally, the personalized information includes: IP address, MAC address, KEY information, encryption policy advice information.
Optionally, the detection module includes:
the first judging unit is used for detecting whether KEY information exists in the configuration file or not through the SDK client side by the service server; if KEY information exists in the configuration file, the service server determines that the configuration file passes detection; if the KEY information does not exist in the configuration file, the service server carries out SHA256 signature on the IP address and the MAC address through the SDK client, the signature result is stored in the configuration file, and after the storage execution is finished, the configuration file is determined to pass detection.
Optionally, the decryption module includes:
the inquiry unit is used for inquiring verification information corresponding to the KEY information in the KEY database according to the KEY information by the KEY server; if the verification information is inquired, the cryptographic machine server uses the verification information to verify the IP address and the MAC address, and if the verification is passed, a preset encryption KEY and an encryption mode corresponding to KEY information stored in a cryptographic machine database are called out to generate an encryption scheme; if the verification information is not queried, the cryptographic engine server generates an encryption scheme according to KEY information, a preset encryption mode and a default encryption mode.
Optionally, the query unit includes:
the first query subunit, the user cryptographic engine server searches the corresponding encryption scheme superposition rule from the preset encryption scheme generation rule according to the value of the KEY information;
a screening subunit, configured to screen, according to the encryption scheme stacking rule, a first sub-encryption mode from the preset encryption modes corresponding to the service types carried in the service start request, and screen a second sub-encryption mode from a default encryption mode shared by all service types;
and the superposition subunit is used for superposing the first sub-encryption mode and the second sub-encryption mode by the crypto server to obtain the encryption scheme.
Optionally, the second encryption module includes:
the searching unit is used for searching an encryption rule for encrypting the release content from the encryption scheme according to release strategy information carried in the information release request by the service server; the encryption rule comprises an encryption key and an encryption type; the release strategy information comprises release regions, release objects, release time and a release platform for releasing content;
and the encryption unit is used for encrypting the release content according to the encryption rule by the service server.
Optionally, the searching unit includes:
the second inquiry subunit, the user service server inquires the credibility of the release platform and the communication mode of the service server and the release platform;
the calculating subunit is used for calculating the information leakage probability according to the communication stability condition of the communication mode in a preset history period if the credibility of the release platform is larger than a preset value;
a determining subunit, configured to determine encryption complexity according to the information leakage probability by using a service server;
a selecting subunit, configured to select, by using a service server, a predetermined number of candidate encryption rules corresponding to the type of the publishing platform according to the encryption complexity; the candidate encryption rules comprise corresponding relations between different encryption times and encryption keys and corresponding relations between different encryption times and encryption modes;
the deleting subunit is used for deleting the candidate encryption rules with encryption time which does not meet the preset requirement according to the release region and the release object by the service server;
and the generation subunit is used for generating an encryption rule for encrypting the release content by the service server by utilizing the candidate encryption rule remained after the deletion.
Corresponding to the method of information distribution in fig. 1, the embodiment of the present application further provides a computer device 400, as shown in fig. 4, where the device includes a memory 401, a processor 402, and a computer program stored in the memory 401 and capable of running on the processor 402, where the method of information distribution is implemented when the processor 402 executes the computer program.
Specifically, the memory 401 and the processor 402 can be general-purpose memories and processors, which are not limited herein, and when the processor 402 runs a computer program stored in the memory 401, the method for publishing information can be executed, so that the problem that the published information may be divulged in the prior art is solved.
Corresponding to the method of information distribution in fig. 1, the embodiment of the present application further provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method of information distribution described above.
Specifically, the storage medium can be a general storage medium, such as a mobile disk, a hard disk and the like, and when a computer program on the storage medium is run, the method for releasing the information can be executed, so that the problem that the released information is possibly divulged in the prior art is solved.
In the embodiments provided in the present application, it should be understood that the disclosed method and apparatus may be implemented in other manners. The above-described apparatus embodiments are merely illustrative, for example, the division of the units is merely a logical function division, and there may be other manners of division in actual implementation, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some communication interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments provided in the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
It should be noted that: like reference numerals and letters in the following figures denote like items, and thus once an item is defined in one figure, no further definition or explanation of it is required in the following figures, and furthermore, the terms "first," "second," "third," etc. are used merely to distinguish one description from another and are not to be construed as indicating or implying relative importance.
Finally, it should be noted that: the above examples are only specific embodiments of the present application, and are not intended to limit the scope of the present application, but it should be understood by those skilled in the art that the present application is not limited thereto, and that the present application is described in detail with reference to the foregoing examples: any person skilled in the art may modify or easily conceive of the technical solution described in the foregoing embodiments, or perform equivalent substitution of some of the technical features, while remaining within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the corresponding technical solutions. Are intended to be encompassed within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. The information release method is applied to an information release system, and the information release system comprises a cipher machine server, a plurality of service servers and a plurality of user terminals; each service server is provided with a cryptographic engine server aiming at an SDK client provided by the service server; the SDK client records a configuration file;
After receiving a service starting request, the service server detects a configuration file through an SDK client;
if the configuration file passes the detection, the service server encrypts the personalized information of the service server recorded in the configuration file to generate an encryption request;
after receiving the encryption request, the cryptographic engine server decrypts the encryption request and generates an encryption scheme by using the decrypted personalized information;
the encryption scheme is returned to the SDK client by the crypto server, and the encryption scheme is stored in the SDK client;
after receiving an information release request initiated by a user side, a service server encrypts release contents carried in the information release request through an encryption scheme stored in an SDK client side;
and the service server stores the encrypted release content in a release database and sends the encrypted release content to a release audit server.
2. The method of claim 1, wherein the personalized information comprises: IP address, MAC address, KEY information, recommendation information of encryption strategy; the KEY information corresponds to the verification information and is used for calling a preset encryption KEY and an encryption mode corresponding to the encryption KEY in the cipher machine database.
3. The method of claim 2, wherein the step of detecting the configuration file by the SDK client comprises:
the service server detects whether KEY information exists in the configuration file through the SDK client;
if KEY information exists in the configuration file, the service server determines that the configuration file passes detection;
if the KEY information does not exist in the configuration file, the service server carries out SHA256 signature on the IP address and the MAC address through the SDK client, the signature result is stored in the configuration file, and after the storage execution is finished, the configuration file is determined to pass detection.
4. A method according to claim 3, wherein the step of generating an encryption scheme using the decrypted personalized information comprises:
inquiring verification information corresponding to the KEY information in a cipher machine database by the cipher machine server according to the KEY information;
if the verification information is inquired, the cryptographic machine server uses the verification information to verify the IP address and the MAC address, and if the verification is passed, a preset encryption KEY and an encryption mode corresponding to KEY information stored in a cryptographic machine database are called out to generate an encryption scheme;
if the verification information is not queried, the cryptographic engine server generates an encryption scheme according to KEY information, a preset encryption mode and a default encryption mode.
5. The method of claim 4, wherein generating an encryption scheme based on KEY information, a preset encryption scheme, and a default encryption scheme comprises:
the cipher machine server searches a corresponding encryption scheme superposition rule from preset encryption scheme generation rules according to the numerical value of KEY information;
the cipher machine server screens out a first sub-encryption mode from the preset encryption modes corresponding to the service types carried in the service starting request according to the encryption scheme superposition rule, and screens out a second sub-encryption mode from the default encryption modes shared by all the service types;
and the cipher machine server superimposes the first sub-encryption mode and the second sub-encryption mode to obtain the encryption scheme.
6. The method according to claim 1, wherein the step of encrypting the distribution content carried in the information distribution request by an encryption scheme stored in the SDK client includes:
the service server searches an encryption rule for encrypting the release content from the encryption scheme according to release strategy information carried in the information release request; the encryption rule comprises an encryption key and an encryption type; the release strategy information comprises release regions, release objects, release time and a release platform for releasing content;
And the service server encrypts the release content according to the encryption rule.
7. The method according to claim 6, wherein the step of the service server searching for an encryption rule for encrypting the distribution content from the encryption scheme according to the distribution policy information carried in the information distribution request comprises:
the service server inquires the credibility of the release platform and the communication mode of the service server and the release platform;
if the credibility of the release platform is larger than a preset value, the service server calculates the information leakage probability according to the communication stability of the communication mode in a preset historical period;
the service server determines encryption complexity according to the information leakage probability;
the service server selects a preset number of candidate encryption rules corresponding to the type of the release platform according to the encryption complexity; the candidate encryption rules comprise corresponding relations between different encryption times and encryption keys and corresponding relations between different encryption times and encryption modes;
the service server deletes candidate encryption rules with encryption time which does not meet preset requirements according to the release region and the release object;
And the service server generates an encryption rule for encrypting the release content by using the candidate encryption rule remained after the deletion.
8. The information release device is applied to an information release system, and the information release system comprises a cipher machine server, a plurality of service servers and a plurality of user terminals; each service server is provided with a cryptographic engine server aiming at an SDK client provided by the service server; the SDK client records a configuration file;
the detection module is used for detecting a configuration file through the SDK client after the service server receives the service starting request;
the first encryption module is used for encrypting the personalized information of the service server recorded in the configuration file if the configuration file passes the detection, so as to generate an encryption request;
the decryption module is used for decrypting the encryption request after the encryption request is received by the crypto server, and generating an encryption scheme by utilizing the decrypted personalized information;
the storage module is used for returning the encryption scheme to the SDK client by the crypto server and storing the encryption scheme in the SDK client;
the second encryption module is used for encrypting release contents carried in the information release request through an encryption scheme stored in the SDK client after the service server receives the information release request initiated by the user terminal;
And the release module is used for storing the encrypted release content in a release database by the service server and transmitting the encrypted release content to the release audit server.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method of any of the preceding claims 1-7 when the computer program is executed.
10. A computer readable storage medium having stored thereon a computer program, characterized in that the computer program when executed by a processor performs the steps of the method of any of the preceding claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310511749.1A CN116232773B (en) | 2023-05-09 | 2023-05-09 | Information release method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310511749.1A CN116232773B (en) | 2023-05-09 | 2023-05-09 | Information release method, device, equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116232773A CN116232773A (en) | 2023-06-06 |
| CN116232773B true CN116232773B (en) | 2023-08-15 |
Family
ID=86584687
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310511749.1A Active CN116232773B (en) | 2023-05-09 | 2023-05-09 | Information release method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116232773B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117040746B (en) * | 2023-10-10 | 2024-02-27 | 联通在线信息科技有限公司 | CDN client encryption anti-theft chain implementation method and electronic equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101132272A (en) * | 2006-08-23 | 2008-02-27 | 中国科学院计算技术研究所 | System supporting downloading and using of distributed encrypted document |
| CN101207794A (en) * | 2006-12-19 | 2008-06-25 | 中兴通讯股份有限公司 | Method for enciphering and deciphering number copyright management of IPTV system |
| JP2009253563A (en) * | 2008-04-03 | 2009-10-29 | Nec Corp | Content encryption distribution system, content encryption distribution method, and program for content encryption distribution |
| CN101938468A (en) * | 2010-08-06 | 2011-01-05 | 四川长虹电器股份有限公司 | Digital content protecting system |
| CN109120998A (en) * | 2018-08-28 | 2019-01-01 | 苏州科达科技股份有限公司 | media data transmission method, device and storage medium |
| CN110300122A (en) * | 2019-07-25 | 2019-10-01 | 陈蔚 | A kind of Internet of Things electronic information processing system and method |
-
2023
- 2023-05-09 CN CN202310511749.1A patent/CN116232773B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101132272A (en) * | 2006-08-23 | 2008-02-27 | 中国科学院计算技术研究所 | System supporting downloading and using of distributed encrypted document |
| CN101207794A (en) * | 2006-12-19 | 2008-06-25 | 中兴通讯股份有限公司 | Method for enciphering and deciphering number copyright management of IPTV system |
| JP2009253563A (en) * | 2008-04-03 | 2009-10-29 | Nec Corp | Content encryption distribution system, content encryption distribution method, and program for content encryption distribution |
| CN101938468A (en) * | 2010-08-06 | 2011-01-05 | 四川长虹电器股份有限公司 | Digital content protecting system |
| CN109120998A (en) * | 2018-08-28 | 2019-01-01 | 苏州科达科技股份有限公司 | media data transmission method, device and storage medium |
| CN110300122A (en) * | 2019-07-25 | 2019-10-01 | 陈蔚 | A kind of Internet of Things electronic information processing system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116232773A (en) | 2023-06-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7295068B2 (en) | Federated key management | |
| KR101769282B1 (en) | Data security service | |
| EP3813324B1 (en) | Data processing method and device | |
| US9998441B2 (en) | Client authentication using social relationship data | |
| CN110489996B (en) | Database data security management method and system | |
| KR101371608B1 (en) | Database Management System and Encrypting Method thereof | |
| US11025415B2 (en) | Cryptographic operation method, method for creating working key, cryptographic service platform, and cryptographic service device | |
| CN108810017B (en) | Service processing security verification method and device | |
| WO2009158086A2 (en) | Techniques for ensuring authentication and integrity of communications | |
| CN112685786B (en) | Financial data encryption and decryption method, system, equipment and storage medium | |
| TW202042526A (en) | Reliable user service system and method | |
| CN116232773B (en) | Information release method, device, equipment and medium | |
| CN113609221A (en) | Data storage method, data access device and storage medium | |
| CN109726578B (en) | Dynamic two-dimensional code anti-counterfeiting solution | |
| Kim et al. | Client‐Side Deduplication to Enhance Security and Reduce Communication Costs | |
| CN106685995B (en) | Leakage account data query system based on hardware encryption | |
| KR100985750B1 (en) | System for issuing a substitution number substituted for the resident's registration number | |
| CN112685755A (en) | Database encryption and decryption method and device, storage medium and electronic equipment | |
| CN106972928B (en) | Bastion machine private key management method, device and system | |
| CN115514470A (en) | Storage method and system for community correction data security | |
| CN110830252B (en) | Data encryption method, device, equipment and storage medium | |
| CN114866317A (en) | Multi-party data security calculation method and device, electronic equipment and storage medium | |
| CN114329559A (en) | External important data protection system and protection method thereof | |
| CN113938878A (en) | Equipment identifier anti-counterfeiting method and device and electronic equipment | |
| KR20180136267A (en) | Method for Protecting Personal Data Using Homomorphic Encryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |