CN117220985A - Data encryption interaction method and device based on isolated network - Google Patents
Data encryption interaction method and device based on isolated network Download PDFInfo
- Publication number
- CN117220985A CN117220985A CN202311302064.2A CN202311302064A CN117220985A CN 117220985 A CN117220985 A CN 117220985A CN 202311302064 A CN202311302064 A CN 202311302064A CN 117220985 A CN117220985 A CN 117220985A
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- file
- check code
- intranet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 64
- 230000003993 interaction Effects 0.000 title claims abstract description 60
- 150000003839 salts Chemical class 0.000 claims abstract description 42
- 238000007689 inspection Methods 0.000 claims description 5
- 238000002955 isolation Methods 0.000 abstract description 7
- 230000002452 interceptive effect Effects 0.000 abstract 1
- 230000005540 biological transmission Effects 0.000 description 6
- 238000012545 processing Methods 0.000 description 6
- 238000004590 computer program Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 238000007906 compression Methods 0.000 description 2
- 230000006835 compression Effects 0.000 description 2
- 238000005336 cracking Methods 0.000 description 2
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000002411 adverse Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013144 data compression Methods 0.000 description 1
- 230000006837 decompression Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
Abstract
The invention provides a data encryption interaction method and device based on an isolated network, wherein the data encryption interaction method based on the isolated network comprises the following steps: salt encryption is carried out on the data after the data are arranged in sequence in the external network environment, and a first check code is generated; writing the first check code and the data into a file, and encrypting the file according to a preset encryption rule; after the encrypted file is exported and migrated into an intranet environment, the intranet decrypts the encrypted file according to the preset encryption rule; generating a second check code according to the decrypted data in the file; and when the first check code is the same as the second check code, determining that the data interaction is successful. The invention can improve the interactive quality of data in the environment of the internal and external network isolation.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a data encryption interaction method and device based on an isolated network.
Background
With the rapid development of modern society basic networks, massive data are generated by means of social daily activities, so that rapid transmission, communication and convenient management of massive data are realized, a database platform system is rapidly developed, the database platform system is subjected to external or internal network security threat in the running process, the risk of hacking is easy to occur, and with the gradual increase of the stored data volume, economic loss and social adverse effects caused by the data hacking become larger and larger. Therefore, each large enterprise usually adopts an intranet-extranet isolation mode to improve the data security of the enterprise. However, the data interaction quality and the security are poor in the environment of the internal and external network isolation at present.
Disclosure of Invention
The present invention has been made to solve the above-mentioned technical problems. The embodiment of the invention provides a data encryption interaction method and device based on an isolation network, which can improve the interaction quality of data in an environment with the isolation of an internal network and an external network.
According to one aspect of the present invention, there is provided a data encryption interaction method based on an isolated network, including: salt encryption is carried out on the data after the data are arranged in sequence in the external network environment, and a first check code is generated; writing the first check code and the data into a file, and encrypting the file according to a preset encryption rule; after the encrypted file is exported and migrated into an intranet environment, the intranet decrypts the encrypted file according to the preset encryption rule; generating a second check code according to the decrypted data in the file; and when the first check code is the same as the second check code, determining that the data interaction is successful.
In an embodiment, after the writing the first check code and the data into the file and encrypting the file according to a preset encryption rule, the data encryption interaction method based on the isolated network further includes: compressing the encrypted file, and deriving the file as an encrypted compressed packet format; after the encrypted file is exported and migrated into an intranet environment, decrypting the encrypted file by the intranet according to the preset encryption rule comprises the following steps: after the encrypted compressed packet is exported and migrated into an intranet environment, decompressing the encrypted compressed packet and reading corresponding ciphertext data; and decrypting the ciphertext data in the intranet according to the preset encryption rule.
In an embodiment, before the salt encryption is performed after the data is arranged in the external network environment and the first check code is generated, the data encryption interaction method based on the isolated network further includes: acquiring corresponding data information in an external network environment according to a preset data range; analyzing the data information and acquiring a corresponding keyword retrieval data table; wherein the keyword retrieval data table includes at least one sensitive word.
In an embodiment, after analyzing the data information and acquiring the corresponding keyword retrieval data table, the data encryption interaction method based on the isolated network further includes: searching a data table according to the keywords, and searching the sensitive words from the data information; deleting or replacing the sensitive words in the data information when the sensitive words exist in the data information; the method for generating the first check code comprises the steps of: and carrying out salt encryption on the data subjected to the keyword inspection after the data are arranged in sequence in the external network environment, and generating a first check code.
In an embodiment, the step of performing salt encryption on the data after the data is arranged in the external network environment, and the step of generating the first check code includes: after the data are arranged in sequence in the external network environment, generating character string data; and carrying out MD5 salifying encryption on the character string data to generate the first check code.
In one embodiment, the preset encryption rule includes an AES encryption scheme; the writing the first check code and the data into the file, and encrypting the file according to a preset encryption rule comprises the following steps: writing the first check code and the data into a file, and encrypting the file in an AES encryption mode; after the encrypted file is exported and migrated into an intranet environment, decrypting the encrypted file by the intranet according to the preset encryption rule comprises the following steps: and after the encrypted file is exported and migrated into an intranet environment, decrypting the encrypted file by the intranet according to an AES encryption mode.
In an embodiment, after the second check code is generated according to the decrypted data in the file, the data encryption interaction method based on the isolated network includes: when the first check code is different from the second check code, determining that the file is tampered; recording the tampered information of the file, and marking the file as a failure file.
In an embodiment, the step of performing salt encryption on the data after the data is arranged in the external network environment, and the step of generating the first check code includes: according to the data and the unit information of the data, arranging the data in an extranet environment; and carrying out salt encryption on the data after the arrangement sequence to generate the first check code.
In an embodiment, the generating the second check code according to the decrypted data in the file includes: according to a preset arrangement sequence, carrying out salt encryption on the decrypted data in the file to generate the second check code; wherein the preset arrangement sequence is related to the arrangement sequence of the data in the external network environment.
According to another aspect of the present invention, there is provided a data encryption interaction device based on an isolated network, including: the first encryption module is used for carrying out salt encryption on the data after the data are arranged in sequence in the external network environment to generate a first check code; the second encryption module is used for writing the first check code and the data into a file and encrypting the file according to a preset encryption rule; the first decryption module is used for decrypting the encrypted file according to the preset encryption rule after the encrypted file is exported and migrated into the intranet environment; the second decryption module is used for generating a second check code according to the decrypted data in the file; and the determining module is used for determining that the data interaction is successful when the first check code is the same as the second check code.
The data encryption interaction method and device based on the isolated network provided by the invention have the advantages that the data are encrypted and secondarily encrypted in the external network, the integrity and the safety of the data are ensured, the integrity verification is carried out on the data in the internal network through the same encryption method and secondary encryption method, the data are prevented from being tampered, the data encryption transmission under different network environments is supported, and the confidentiality requirement of a user on the data is met.
Drawings
The above and other objects, features and advantages of the present invention will become more apparent by describing embodiments of the present invention in more detail with reference to the attached drawings. The accompanying drawings are included to provide a further understanding of embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate the invention and together with the embodiments of the invention, and not constitute a limitation to the invention. In the drawings, like reference numerals generally refer to like parts or steps.
Fig. 1 is a flowchart of a data encryption interaction method based on an isolated network according to an exemplary embodiment of the present invention.
Fig. 2 is a schematic diagram of a data encryption interaction method based on an isolated network according to an exemplary embodiment of the present invention.
Fig. 3 is a schematic structural diagram of a data encryption interaction device based on an isolated network according to an exemplary embodiment of the present invention.
Detailed Description
Hereinafter, exemplary embodiments according to the present invention will be described in detail with reference to the accompanying drawings. It should be apparent that the described embodiments are only some embodiments of the present invention and not all embodiments of the present invention, and it should be understood that the present invention is not limited by the example embodiments described herein.
Fig. 1 is a flow chart of an isolated network-based data encryption interaction method according to an exemplary embodiment of the present invention, where, as shown in fig. 1, the isolated network-based data encryption interaction method includes:
step 100: and (3) carrying out salt encryption on the data after the data are arranged in sequence in the external network environment, and generating a first check code.
The method comprises the steps of arranging and combining data to be interacted to generate character string data, and then conducting salt encryption on the character string data, wherein the salt encryption is a password encryption method, and a random value called salt is added in the process of encrypting the character string data so as to increase the complexity and the safety of the character string data. The process of generating the first check code by salt encryption is as follows: 1. a random salt value is selected. The salt value is usually a randomly generated byte sequence, and the length can be determined according to specific requirements; 2. the salt value is combined with the string data. The salt value may be directly appended to the end of the string data or inserted in the middle of the string data and the first check code generated. Salt encryption increases the complexity and security of the password. Because the salt value of each data is randomly generated and is encrypted after being combined with the character string data, even if two data use the same password, the password after final encryption is different due to the difference of the salt values. Thus, even if the encrypted password is obtained, it is difficult to obtain the original password by cracking the password.
Step 200: writing the first check code and the data into the file, and encrypting the file according to a preset encryption rule.
And writing the first check code and the data to be interacted into a file or combining the first check code and the data to be interacted into a file packet, encrypting the file or the file packet according to a preset encryption rule, namely encrypting the combined password by using an encryption algorithm, wherein the encryption algorithm takes the character string data and the salt value as input, so that the safety of the data is improved. For example, the preset encryption rule is an AES encryption mode, and a symmetric encryption algorithm is adopted, so that the longer the key length is, the higher the encryption strength is, and the greater the cracking difficulty is.
Step 300: after the encrypted file is exported and migrated into the intranet environment, the intranet decrypts the encrypted file according to a preset encryption rule.
After the encrypted file is exported and migrated to the intranet environment, the intranet decrypts the encrypted file according to the encryption rule for encrypting the file. For example, the AES encryption method is used for encryption, and the AES encryption method is also used for decryption on the intranet. The encrypted file can be migrated from the external network to the internal network device by means of a disc carving and the like.
Step 400: and generating a second check code according to the data in the decrypted file.
And after the file is successfully decrypted, generating a second check code by the same algorithm. For example, in step 100, the MD5 salt encryption is used to generate the first check code, and the MD5 salt encryption is also used to generate the second check code for the file after the intranet decryption, and if the data is not tampered, the obtained first check code and the second check code should be the same.
Step 500: and when the first check code is the same as the second check code, determining that the data interaction is successful.
When the first check code is the same as the second check code, the data in the file can be determined not to be tampered, and the fact that the data is imported into the intranet database is indicated to be complete data. Therefore, when the first check code is the same as the second check code, the data can be indicated not to be tampered under the condition of the internal and external network isolation, and the missing is not generated, so that the interaction is successful.
In an embodiment, after the step 200, the data encryption interaction method based on the isolated network may further include: compressing the encrypted file, and exporting the file as an encrypted compressed packet format; the step 300 may include: after the encrypted compressed packet is exported and migrated into the intranet environment, decompressing the encrypted compressed packet and reading corresponding ciphertext data; and decrypting the ciphertext data in the intranet according to a preset encryption rule.
When the encrypted data file is exported, a calling method (for example, a ZipFile method) generates a corresponding encrypted compressed packet from the encrypted file, so that the change of the data caused by negligence of a user in the physical transmission process is reduced, the compressed packet is decrypted by the calling method after the data file is imported into an intranet, and after the decryption, the decompressed file is decrypted by the intranet according to an encryption rule for encrypting the file. For example, the AES encryption method is used for encryption, and the AES encryption method is also used for decryption on the intranet. The encrypted file can be migrated from the external network to the internal network device by means of a disc carving and the like.
In an embodiment, before the step 100, the data encryption interaction method based on the isolated network may further include: acquiring corresponding data information in an external network environment according to a preset data range; analyzing the data information and obtaining a corresponding keyword retrieval data table; wherein the keyword retrieval data table includes at least one sensitive word.
Based on the web application program, a method function can be set according to the actual requirement of a user, a data range of selected data is defined, for example, an enterprise needs to export related data content, the read data range is preset according to the related data content, and corresponding data information is acquired in an external network environment. The data information is analyzed, a corresponding keyword retrieval data table is configured, the keyword retrieval data table can be deleted or modified, after the data is acquired by an external network, the keyword retrieval is carried out on the data, whether sensitive words exist or not is judged, for example, confidential data in enterprises are set to be key words, and corresponding processing modes, for example, replacement or deletion, are set for the key words, so that the confidential data can be protected to a certain extent during data interaction, and leakage of the confidential data is prevented.
In an embodiment, after analyzing the data information and acquiring the corresponding keyword retrieval data table, the data encryption interaction method based on the isolated network may further include: searching a data table according to the keywords, and searching sensitive words from the data information; deleting or replacing sensitive words in the data information when the sensitive words exist in the data information; the method for generating the first check code comprises the steps of: and (3) carrying out salt encryption on the data subjected to the keyword inspection after the data are arranged in sequence in the external network environment, and generating a first check code.
The corresponding keyword retrieval data table is configured, the keyword retrieval data table comprises sensitive words and processing modes corresponding to the sensitive words, the sensitive words and the processing modes in the keyword retrieval data table can be added, deleted or modified, and the keyword retrieval data table can be configured according to specific requirements of users. For example, the confidential data in the enterprise is set as the key words, and corresponding processing modes are set for the key words, wherein the processing modes can adopt replacement, deletion and the like, so that the confidential data can be protected to a certain extent during data interaction, and the leakage of the confidential data is prevented.
In one embodiment, the step 100 may include: after the data are arranged in sequence in the external network environment, generating character string data; and carrying out MD5 salifying encryption on the character string data to generate a first check code.
Before data are encrypted, the data and the respective unit information are arranged, the character string data are subjected to MD5 saliency encryption to generate a first check code, the MD5 saliency encryption is that a randomly generated character string is added as salt on the basis of MD5 encryption, then the salt and the character string to be encrypted are spliced together to carry out MD5 encryption, the irreversibility of the MD5 ensures that the data are not tampered in the transmission process, and the encryption safety is improved.
In one embodiment, the preset encryption rule includes an AES encryption scheme; the step 200 may include: writing the first check code and the data into the file, and encrypting the file in an AES encryption mode; the step 300 may include: after the encrypted file is exported and migrated into the intranet environment, the intranet decrypts the encrypted file according to the AES encryption mode.
The AES encryption mode is a symmetrical encryption algorithm, the encryption and decryption speeds of the AES algorithm are very high, the AES algorithm is suitable for the encryption and decryption operation of a large amount of data, the AES algorithm can improve the encryption strength by increasing the key length, and meanwhile, the complexity of the algorithm can be increased by increasing the number of rounds, so that the security is improved. Therefore, the AES encryption mode is high in safety, encryption and decryption speed is high, and data interaction quality under the condition of internal and external network isolation is improved.
In an embodiment, after the step 400, the data encryption interaction method based on the isolated network may include: when the first check code is different from the second check code, determining that the file is tampered; recording the information of the tampered file, and marking the file as a failure file.
After the file is successfully decrypted, a second check code is generated by the same algorithm, the original first check code in the file is compared, if the comparison does not prompt that the file is tampered, the file information is recorded, the mark is invalid and cannot be imported again, the check code checking mode is adopted to ensure that the data transmitted to the intranet is not tampered, and the quality of data interaction is improved.
In one embodiment, the step 100 may include: according to the data and the unit information of the data, arranging the data in an external network environment; and carrying out salt encryption on the data after the arrangement sequence to generate a first check code.
Before data are encrypted, the data and the respective unit information are arranged, the character string data are subjected to MD5 saliency encryption to generate a first check code, the MD5 saliency encryption is that a randomly generated character string is added as salt on the basis of MD5 encryption, then the salt and the character string to be encrypted are spliced together to carry out MD5 encryption, the irreversibility of the MD5 ensures that the data are not tampered in the transmission process, and the encryption safety is improved.
In an embodiment, the step 400 may include: according to a preset arrangement sequence, carrying out salt encryption on data in the decrypted file to generate a second check code; the preset arrangement sequence is related to the arrangement sequence of the data in the external network environment.
The data are arranged in the external network environment, character string data are obtained and combined with the salt value to generate a first check code, so that when the second check code is generated, the decrypted data are required to be arranged according to the arrangement sequence in the external network environment, the second check code is generated by encryption according to an encryption algorithm, and the generated first check code and the generated second check code have referential property only when the arrangement sequence is the same.
Fig. 2 is a schematic diagram of a data encryption interaction method based on an isolated network according to an exemplary embodiment of the present invention, as shown in fig. 2, in an extranet environment: acquiring data to be exported (S11), and acquiring corresponding data information in an external network environment according to the selected data range; whether the keywords are retrieved or not is judged (S12), the obtained data information is analyzed, a configured keyword retrieval database table is obtained, if the keywords exist, the corresponding keywords are deleted or replaced, keyword retrieval is carried out again, and if the keywords do not exist, the next step is executed; generating a data tamper-proof verification code (S13), after the data passing through the keyword retrieval are sequenced and combined, carrying out MD5 salifying encryption on the character string data to generate the verification code, wherein the irreversibility of MD5 ensures that the verification code is not tampered; data encryption (S14), namely writing the plaintext data with the check code generated in the step (3) into a file, and finally encrypting the file according to encryption rules (AES encryption mode) agreed in the method; and data compression export (S15), exporting the encrypted data into a format of an encrypted compression packet. After the encryption compression of the data is completed in the external network environment, the data is transmitted to the internal network environment in a physical mode such as a disc carving mode. In an intranet environment: data decompression importing (S16), namely transferring a file package to an intranet device in a disc carving mode and the like, clicking a file uploading function, importing the encrypted compressed package into the intranet, decompressing the encrypted compressed package, and reading corresponding ciphertext data; data decryption (S17), decrypting the file according to a contracted decryption rule (AES decryption mode); checking whether the data is tampered (S18), generating check codes by the same algorithm after the file is decrypted successfully, comparing the original check codes in the file, if the comparison does not prompt that the file is tampered, recording the file information, marking that the file is invalid and can not be imported again, and if the file is checked to pass and is not tampered, executing the next step; and (3) importing data (S19), and importing the data into an intranet database if the data passes the inspection, so as to complete the whole process.
Fig. 3 is a schematic structural diagram of an isolated network-based data encryption interaction device according to an exemplary embodiment of the present invention, and as shown in fig. 3, the isolated network-based data encryption interaction device 2 includes: the first encryption module 21 is used for carrying out salt encryption on the data after the data are arranged in sequence in the external network environment to generate a first check code; the second encryption module 22 is configured to write the first check code and the data into the file, and encrypt the file according to a preset encryption rule; the first decryption module 23 is configured to decrypt the encrypted file according to a preset encryption rule on the intranet after the encrypted file is exported and migrated into the intranet environment; a second decryption module 24 for generating a second check code from the data in the decrypted file; the determining module 25 is configured to determine that the data interaction is successful when the first check code is the same as the second check code.
In an embodiment, the data encryption interaction device 1 based on the isolated network may be configured to: compressing the encrypted file, and exporting the file as an encrypted compressed packet format; wherein, the first decryption module 23 may be correspondingly configured to: after the encrypted compressed packet is exported and migrated into the intranet environment, decompressing the encrypted compressed packet and reading corresponding ciphertext data; and decrypting the ciphertext data in the intranet according to a preset encryption rule.
In an embodiment, the data encryption interaction device 1 based on the isolated network may be configured to: acquiring corresponding data information in an external network environment according to a preset data range; analyzing the data information and obtaining a corresponding keyword retrieval data table; wherein the keyword retrieval data table includes at least one sensitive word.
In an embodiment, the data encryption interaction device 1 based on the isolated network may be further configured to: searching a data table according to the keywords, and searching sensitive words from the data information; deleting or replacing sensitive words in the data information when the sensitive words exist in the data information; the method for generating the first check code comprises the steps of: and (3) carrying out salt encryption on the data subjected to the keyword inspection after the data are arranged in sequence in the external network environment, and generating a first check code.
In an embodiment, the first encryption module 21 may be configured to: after the data are arranged in sequence in the external network environment, generating character string data; and carrying out MD5 salifying encryption on the character string data to generate a first check code.
In one embodiment, the preset encryption rule includes an AES encryption scheme; wherein, the second encryption module 22 may be configured to: writing the first check code and the data into the file, and encrypting the file in an AES encryption mode; correspondingly, the first decryption module 23 may be configured to: after the encrypted file is exported and migrated into the intranet environment, the intranet decrypts the encrypted file according to the AES encryption mode.
In an embodiment, the data encryption interaction device 1 based on the isolated network may be further configured to: when the first check code is different from the second check code, determining that the file is tampered; recording the information of the tampered file, and marking the file as a failure file.
In an embodiment, the first encryption module 21 may be configured to: according to the data and the unit information of the data, arranging the data in an external network environment; and carrying out salt encryption on the data after the arrangement sequence to generate a first check code.
In an embodiment, the second decryption module 24 may be configured to: according to a preset arrangement sequence, carrying out salt encryption on data in the decrypted file to generate a second check code; the preset arrangement sequence is related to the arrangement sequence of the data in the external network environment.
The embodiment of the invention provides a data encryption interaction device based on an isolated network. The apparatus embodiments may be implemented by software, or may be implemented by hardware or a combination of hardware and software. In addition to the CPU, memory, network interfaces, and non-volatile storage, the device in which the apparatus of the embodiments is located may generally include other hardware, such as a forwarding chip responsible for processing the packet, and so on. Taking software implementation as an example, the device in a logic sense is formed by reading corresponding computer program instructions in a nonvolatile memory into a memory by a CPU of a device where the device is located.
The data encryption interaction device based on the isolated network provided by the invention encrypts and secondarily encrypts the data in the external network, ensures the integrity and the safety of the data, verifies the integrity of the data in the internal network by the same encryption method and secondary encryption method, prevents the data from being tampered, supports the data encryption transmission under different network environments, and meets the confidentiality requirement of users on the data.
According to another aspect of the present invention, there is provided a computer readable storage medium storing a computer program for executing the data encryption interaction method based on the isolated network of any of the above embodiments.
In addition to the methods and apparatus described above, embodiments of the invention may also be a computer program product comprising computer program instructions which, when executed by a processor, cause the processor to perform the steps in an isolated network-based data encryption interaction method according to various embodiments of the invention described in the "exemplary methods" section of this specification.
According to another aspect of the present invention, there is provided an electronic device including: a processor; a memory for storing processor-executable instructions; and the processor is used for executing the data encryption interaction method based on the isolated network in any embodiment.
Furthermore, embodiments of the present invention may also be a computer-readable storage medium, having stored thereon computer program instructions, which when executed by a processor, cause the processor to perform the steps in the isolated network-based data encryption interaction method according to various embodiments of the present invention described in the "exemplary methods" section above in this specification.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather to enable any modification, equivalent replacement, improvement or the like to be made within the spirit and principles of the invention.
Claims (10)
1. The data encryption interaction method based on the isolated network is characterized by comprising the following steps of:
salt encryption is carried out on the data after the data are arranged in sequence in the external network environment, and a first check code is generated;
writing the first check code and the data into a file, and encrypting the file according to a preset encryption rule;
after the encrypted file is exported and migrated into an intranet environment, the intranet decrypts the encrypted file according to the preset encryption rule;
generating a second check code according to the decrypted data in the file;
and when the first check code is the same as the second check code, determining that the data interaction is successful.
2. The data encryption interaction method based on the isolated network according to claim 1, wherein after the first check code and the data are written into a file and the file is encrypted according to a preset encryption rule, the data encryption interaction method based on the isolated network further comprises:
compressing the encrypted file, and deriving the file as an encrypted compressed packet format;
after the encrypted file is exported and migrated into an intranet environment, decrypting the encrypted file by the intranet according to the preset encryption rule comprises the following steps:
after the encrypted compressed packet is exported and migrated into an intranet environment, decompressing the encrypted compressed packet and reading corresponding ciphertext data;
and decrypting the ciphertext data in the intranet according to the preset encryption rule.
3. The data encryption interaction method based on the isolated network according to claim 1, wherein before the salt encryption is performed after the data is arranged in the external network environment, the data encryption interaction method based on the isolated network further comprises:
acquiring corresponding data information in an external network environment according to a preset data range;
analyzing the data information and acquiring a corresponding keyword retrieval data table; wherein the keyword retrieval data table includes at least one sensitive word.
4. The isolated network-based data encryption interaction method of claim 3, wherein after analyzing the data information and acquiring the corresponding keyword retrieval data table, the isolated network-based data encryption interaction method further comprises:
searching a data table according to the keywords, and searching the sensitive words from the data information;
deleting or replacing the sensitive words in the data information when the sensitive words exist in the data information;
the method for generating the first check code comprises the steps of:
and carrying out salt encryption on the data subjected to the keyword inspection after the data are arranged in sequence in the external network environment, and generating a first check code.
5. The method for encrypting and interacting data based on the isolated network according to claim 1, wherein the step of performing salt encryption on the data after the data is arranged in the external network environment, and the step of generating the first check code comprises the steps of:
after the data are arranged in sequence in the external network environment, generating character string data;
and carrying out MD5 salifying encryption on the character string data to generate the first check code.
6. The data encryption interaction method based on the isolated network according to claim 1, wherein the preset encryption rule comprises an AES encryption mode; the writing the first check code and the data into the file, and encrypting the file according to a preset encryption rule comprises the following steps:
writing the first check code and the data into a file, and encrypting the file in an AES encryption mode;
after the encrypted file is exported and migrated into an intranet environment, decrypting the encrypted file by the intranet according to the preset encryption rule comprises the following steps:
and after the encrypted file is exported and migrated into an intranet environment, decrypting the encrypted file by the intranet according to an AES encryption mode.
7. The isolated network-based data encryption interaction method according to claim 1, wherein after the second check code is generated according to the decrypted data in the file, the isolated network-based data encryption interaction method comprises:
when the first check code is different from the second check code, determining that the file is tampered;
recording the tampered information of the file, and marking the file as a failure file.
8. The method for encrypting and interacting data based on the isolated network according to claim 1, wherein the step of performing salt encryption on the data after the data is arranged in the external network environment, and the step of generating the first check code comprises the steps of:
according to the data and the unit information of the data, arranging the data in an extranet environment;
and carrying out salt encryption on the data after the arrangement sequence to generate the first check code.
9. The method of claim 1, wherein generating the second check code according to the decrypted data in the file comprises:
according to a preset arrangement sequence, carrying out salt encryption on the decrypted data in the file to generate the second check code; wherein the preset arrangement sequence is related to the arrangement sequence of the data in the external network environment.
10. A data encryption interaction device based on an isolated network, comprising:
the first encryption module is used for carrying out salt encryption on the data after the data are arranged in sequence in the external network environment to generate a first check code;
the second encryption module is used for writing the first check code and the data into a file and encrypting the file according to a preset encryption rule;
the first decryption module is used for decrypting the encrypted file according to the preset encryption rule after the encrypted file is exported and migrated into the intranet environment;
the second decryption module is used for generating a second check code according to the decrypted data in the file;
and the determining module is used for determining that the data interaction is successful when the first check code is the same as the second check code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311302064.2A CN117220985A (en) | 2023-10-09 | 2023-10-09 | Data encryption interaction method and device based on isolated network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311302064.2A CN117220985A (en) | 2023-10-09 | 2023-10-09 | Data encryption interaction method and device based on isolated network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117220985A true CN117220985A (en) | 2023-12-12 |
Family
ID=89044396
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311302064.2A Pending CN117220985A (en) | 2023-10-09 | 2023-10-09 | Data encryption interaction method and device based on isolated network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117220985A (en) |
-
2023
- 2023-10-09 CN CN202311302064.2A patent/CN117220985A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8166313B2 (en) | Method and apparatus for dump and log anonymization (DALA) | |
| US8117661B2 (en) | Encryption based silicon IP protection | |
| CN109495459B (en) | Media data encryption method, system, device and storage medium | |
| WO2012037247A1 (en) | Secure transfer and tracking of data using removable non-volatile memory devices | |
| CN111709038A (en) | File encryption and decryption method, distributed storage system, equipment and storage medium | |
| US11755499B2 (en) | Locally-stored remote block data integrity | |
| CN109981266B (en) | Method and device for storing and reading key and sensitive information | |
| US20040172543A1 (en) | Apparatus and method for generating data for detecting false alteration of encrypted data during processing | |
| KR20220092811A (en) | Method and device for storing encrypted data | |
| WO2012164427A1 (en) | Protecting a control vector in a cryptographic system | |
| US20210029091A1 (en) | Anonymization method and apparatus, device, and storage medium | |
| JP4115175B2 (en) | Information storage device, information processing device, specific number creation method, specific number creation program | |
| CN111539042B (en) | Safe operation method based on trusted storage of core data files | |
| JP2002539545A (en) | Anonymization method | |
| CN113821820B (en) | Method, device, medium and equipment for encrypting and decrypting resources in splitting mode | |
| CN117220985A (en) | Data encryption interaction method and device based on isolated network | |
| US20130058487A1 (en) | Method of building optional blocks | |
| JP4338185B2 (en) | How to encrypt / decrypt files | |
| US20120311324A1 (en) | Method of mapping key information | |
| CN113360859B (en) | Python interpreter-based encrypted file security control method and device | |
| US20110022849A1 (en) | System and method for securely storing information | |
| CN115688150B (en) | File encryption transmission method, decryption display method, storage medium and electronic equipment | |
| US20130036474A1 (en) | Method and Apparatus for Secure Data Representation Allowing Efficient Collection, Search and Retrieval | |
| JPH10340232A (en) | File copy preventing device, and file reader | |
| KR102615556B1 (en) | Security system and method for real-time encryption or decryption of data using a key management server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |