WO2024114095A1 - Data transmission control method and apparatus, electronic device, and readable storage medium - Google Patents

Data transmission control method and apparatus, electronic device, and readable storage medium Download PDF

Info

Publication number
WO2024114095A1
WO2024114095A1 PCT/CN2023/122569 CN2023122569W WO2024114095A1 WO 2024114095 A1 WO2024114095 A1 WO 2024114095A1 CN 2023122569 W CN2023122569 W CN 2023122569W WO 2024114095 A1 WO2024114095 A1 WO 2024114095A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
public key
target data
target
decrypted
Prior art date
Application number
PCT/CN2023/122569
Other languages
French (fr)
Chinese (zh)
Inventor
邱洋
刘建勋
林思成
胡延洋
Original Assignee
京东方科技集团股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 京东方科技集团股份有限公司 filed Critical 京东方科技集团股份有限公司
Publication of WO2024114095A1 publication Critical patent/WO2024114095A1/en

Links

Abstract

The present disclosure provides a data transmission control method and apparatus, an electronic device, and a readable storage medium. The data transmission control method is applied to a data management server, and the method comprises the following steps: sending a first public key to a first data system, a first private key matched with the first public key being stored in the data management server; receiving target data sent by the first data system, the target data being encrypted by the first data system by means of the first public key; decrypting the target data by means of the first private key matched with the first public key; encrypting the decrypted target data by means of a second public key, the second public key being received from a second data system; and sending the target data encrypted by means of the second public key to the second data system.

Description

数据传输控制方法、装置、电子设备和可读存储介质Data transmission control method, device, electronic device and readable storage medium
相关申请的交叉引用CROSS-REFERENCE TO RELATED APPLICATIONS
本公开主张在2022年11月30日在中国提交的中国专利申请202211527443.7的优先权,其全部内容通过引用包含于此。This disclosure claims priority to Chinese patent application 202211527443.7 filed in China on November 30, 2022, the entire contents of which are incorporated herein by reference.
技术领域Technical Field
本公开实施例涉及计算机技术领域,尤其涉及一种数据传输控制方法、装置、电子设备和可读存储介质。The embodiments of the present disclosure relate to the field of computer technology, and in particular, to a data transmission control method, device, electronic device, and readable storage medium.
背景技术Background technique
随着信息技术的发展,数据的信息化管理成为一种趋势,为了实现数据的交互和利用,各种数据通常需要在不同的数据系统中传输,数据中可能包括许多重要或隐私信息,因此,数据传输过程中安全性和隐私性有待提高。With the development of information technology, the information management of data has become a trend. In order to realize the interaction and utilization of data, various data usually need to be transmitted in different data systems. The data may include a lot of important or private information. Therefore, the security and privacy of data transmission need to be improved.
发明内容Summary of the invention
本公开实施例提供一种数据传输控制方法、装置、数据管理服务器、电子设备和可读存储介质。The embodiments of the present disclosure provide a data transmission control method, an apparatus, a data management server, an electronic device, and a readable storage medium.
为解决上述问题,本公开是这样实现的:To solve the above problems, the present disclosure is implemented as follows:
第一方面,本公开实施例提供了一种数据传输控制方法,应用于数据管理服务器,所述方法包括以下步骤:In a first aspect, an embodiment of the present disclosure provides a data transmission control method, which is applied to a data management server, and the method comprises the following steps:
向所述第一数据系统发送所述第一公钥,其中,所述数据管理服务器中保存有与所述第一公钥匹配的第一私钥;Sending the first public key to the first data system, wherein the data management server stores a first private key matching the first public key;
接收第一数据系统发送的目标数据,其中,所述目标数据是所述第一数据系统通过第一公钥加密的;Receiving target data sent by a first data system, wherein the target data is encrypted by the first data system using a first public key;
通过与所述第一公钥匹配的第一私钥解密所述目标数据;decrypting the target data using a first private key that matches the first public key;
将解密后的所述目标数据通过第二公钥加密,其中,所述第二公钥接收自第二数据系统;encrypting the decrypted target data using a second public key, wherein the second public key is received from a second data system;
向所述第二数据系统发送通过所述第二公钥加密的所述目标数据。 The target data encrypted by the second public key is sent to the second data system.
在其中一些实施例中,所述将解密后的所述目标数据通过第二公钥加密之前,所述方法还包括:In some embodiments, before encrypting the decrypted target data using the second public key, the method further includes:
利用所述第一私钥对处于解密状态的所述目标数据进行数字签名;Using the first private key to digitally sign the target data in a decrypted state;
所述将解密后的所述目标数据通过第二公钥加密,包括:The step of encrypting the decrypted target data by using a second public key comprises:
将进行了数字签名的所述目标数据通过第二公钥加密。The digitally signed target data is encrypted using a second public key.
在其中一些实施例中,所述利用所述第一私钥对处于解密状态的所述目标数据进行数字签名之前,所述方法还包括:In some embodiments, before using the first private key to digitally sign the target data in a decrypted state, the method further includes:
确认所述第二数据系统中是否保存有第一公钥;confirming whether the first public key is stored in the second data system;
在所述第二数据系统中保存有第一公钥的情况下,执行利用所述第一私钥对处于解密状态的所述目标数据进行数字签名的步骤;In the case where the first public key is stored in the second data system, executing the step of digitally signing the target data in a decrypted state using the first private key;
在所述第二数据系统中未保存第一公钥的情况下,将解密后且未进行数字签名的所述目标数据通过第二公钥加密。In the case where the first public key is not stored in the second data system, the decrypted target data that is not digitally signed is encrypted using the second public key.
在其中一些实施例中,所述利用所述第一私钥对处于解密状态的所述目标数据进行数字签名,包括:In some embodiments, the step of digitally signing the target data in a decrypted state using the first private key includes:
通过哈希算法生成所述目标数据的哈希值;Generate a hash value of the target data by using a hash algorithm;
在所述哈希值中添加时间戳和随机字符串,并利用所述第一私钥加密,得到数字签名;所述将解密后的所述目标数据通过第二公钥加密,包括:Adding a timestamp and a random string to the hash value, and encrypting it with the first private key to obtain a digital signature; encrypting the decrypted target data with the second public key, including:
利用所述第二公钥将所述数字签名加密。The digital signature is encrypted using the second public key.
在其中一些实施例中,所述将解密后的所述目标数据通过第二公钥加密之前,所述方法还包括:In some embodiments, before encrypting the decrypted target data using the second public key, the method further includes:
校验所述目标数据对应的第一数据系统的校验信息,所述校验信息包括IP地址和硬件信息中的至少一项;Verifying verification information of a first data system corresponding to the target data, wherein the verification information includes at least one of an IP address and hardware information;
在所述校验信息通过校验的情况下,执行将解密后的所述目标数据通过第二公钥加密的步骤。When the verification information passes the verification, a step of encrypting the decrypted target data using a second public key is performed.
在其中一些实施例中,所述校验所述目标数据对应的第一数据系统的校验信息,包括:In some embodiments, verifying verification information of the first data system corresponding to the target data includes:
获取IP地址和硬件信息之间的对应关系;Get the correspondence between IP address and hardware information;
提取通过第一私钥解密的所述目标数据中包含的目标硬件信息;extracting target hardware information contained in the target data decrypted by the first private key;
校验发送所述目标数据的第一数据系统的目标IP地址和所述目标硬件信 息之间是否满足所述对应关系;Verify the target IP address of the first data system that sends the target data and the target hardware information whether the corresponding relationship is satisfied between the information;
在满足所述对应关系的情况下,确认所述校验信息通过校验。When the corresponding relationship is satisfied, it is confirmed that the verification information passes the verification.
第二方面,本公开实施例提供了一种数据传输控制装置,应用于数据管理服务器,所述数据传输控制装置包括:In a second aspect, an embodiment of the present disclosure provides a data transmission control device, which is applied to a data management server, and the data transmission control device includes:
第一公钥发送模块,用于向所述第一数据系统发送所述第一公钥,其中,所述数据管理服务器中保存有与所述第一公钥匹配的第一私钥;A first public key sending module, configured to send the first public key to the first data system, wherein the data management server stores a first private key matching the first public key;
目标数据接收模块,用于接收第一数据系统发送的目标数据,其中,所述目标数据是所述第一数据系统通过第一公钥加密的;A target data receiving module, used to receive target data sent by a first data system, wherein the target data is encrypted by the first data system using a first public key;
解密模块,用于通过与所述第一公钥匹配的第一私钥解密所述目标数据;a decryption module, configured to decrypt the target data using a first private key matching the first public key;
加密模块,用于将解密后的所述目标数据通过第二公钥加密,其中,所述第二公钥接收自第二数据系统;an encryption module, configured to encrypt the decrypted target data using a second public key, wherein the second public key is received from a second data system;
数据发送模块,用于向所述第二数据系统发送通过所述第二公钥加密的所述目标数据。A data sending module is used to send the target data encrypted by the second public key to the second data system.
在其中一些实施例中,还包括:In some embodiments, it also includes:
数字签名模块,用于利用所述第一私钥对处于解密状态的所述目标数据进行数字签名;A digital signature module, used to digitally sign the target data in a decrypted state using the first private key;
所述加密模块,具体用于将进行了数字签名的所述目标数据通过第二公钥加密。The encryption module is specifically used to encrypt the digitally signed target data using a second public key.
第三方面,本公开实施例提供了一种电子设备,包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的程序;所述处理器,用于读取存储器中的程序实现如以上任一项所述的数据传输控制方法中的步骤。In a third aspect, an embodiment of the present disclosure provides an electronic device, comprising: a memory, a processor, and a program stored in the memory and executable on the processor; the processor is used to read the program in the memory to implement the steps in the data transmission control method as described in any one of the above items.
第四方面,本公开实施例提供了一种可读存储介质,用于存储程序,所述程序被处理器执行时实现如以上任一项所述的数据传输控制方法中的步骤。In a fourth aspect, an embodiment of the present disclosure provides a readable storage medium for storing a program, which, when executed by a processor, implements the steps in the data transmission control method as described in any one of the above.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
为了更清楚地说明本公开实施例的技术方案,下面将对本公开实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本公开的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳 动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the following briefly introduces the drawings required for use in describing the embodiments of the present disclosure. Obviously, the drawings described below are only some embodiments of the present disclosure, and it is obvious that a person skilled in the art will be able to understand the technical solutions of the embodiments of the present disclosure without creative effort. On the premise of flexibility, other drawings can be obtained based on these drawings.
图1是本公开实施例提供的数据传输控制方法的流程示意图;FIG1 is a flow chart of a data transmission control method provided by an embodiment of the present disclosure;
图2是本公开实施例提供的数据传输控制系统的架构图;FIG2 is an architecture diagram of a data transmission control system provided by an embodiment of the present disclosure;
图3是本公开实施例提供的秘钥对管理模块的结构图;FIG3 is a structural diagram of a key pair management module provided in an embodiment of the present disclosure;
图4是本公开实施例提供的数据加密模块的结构图;FIG4 is a structural diagram of a data encryption module provided by an embodiment of the present disclosure;
图5是本公开实施例提供的数据传输控制方法的又一流程示意图FIG. 5 is another flow chart of a data transmission control method provided by an embodiment of the present disclosure.
图6是本公开实施例提供的数据传输控制装置的结构示意图;FIG6 is a schematic diagram of the structure of a data transmission control device provided in an embodiment of the present disclosure;
图7是本公开实施提供的电子设备的结构示意图。FIG. 7 is a schematic diagram of the structure of an electronic device provided by an embodiment of the present disclosure.
具体实施方式Detailed ways
下面将结合本公开实施例中的附图,对本公开实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本公开一部分实施例,而不是全部的实施例。基于本公开中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本公开保护的范围。The following will be combined with the drawings in the embodiments of the present disclosure to clearly and completely describe the technical solutions in the embodiments of the present disclosure. Obviously, the described embodiments are part of the embodiments of the present disclosure, not all of the embodiments. Based on the embodiments in the present disclosure, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of the present disclosure.
本公开实施例中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。此外,本申请中使用“和/或”表示所连接对象的至少其中之一,例如A和/或B和/或C,表示包含单独A,单独B,单独C,以及A和B都存在,B和C都存在,A和C都存在,以及A、B和C都存在的7种情况。The terms "first", "second" etc. in the disclosed embodiments are used to distinguish similar objects, and need not be used to describe a specific order or sequential order. In addition, the terms "include" and "have" and any variation thereof are intended to cover non-exclusive inclusions, for example, the process, method, system, product or equipment comprising a series of steps or units need not be limited to those steps or units clearly listed, but may include other steps or units that are not clearly listed or inherent to these processes, methods, products or equipment. In addition, "and/or" is used in the present application to represent at least one of the connected objects, such as A and/or B and/or C, indicating that A alone, B alone, C alone, and A and B all exist, B and C all exist, A and C all exist, and 7 situations in which A, B and C all exist.
本公开实施例提供了一种数据传输控制方法。An embodiment of the present disclosure provides a data transmission control method.
如图1所示,该方法应用于数据传输控制系统中的数据管理服务器。As shown in FIG1 , the method is applied to a data management server in a data transmission control system.
如图2所示,在一个示例性的实施例中,数据传输控制系统包括第一数据系统、数据管理服务器和第二数据系统,第一数据系统和第二数据系统均与数据管理服务器通信连接。As shown in FIG. 2 , in an exemplary embodiment, the data transmission control system includes a first data system, a data management server, and a second data system, and both the first data system and the second data system are communicatively connected to the data management server.
如图2所示其中,数据管理服务器包括适配器模块、处理器模块、控制 器模块和转发器模块,其中,适配器模块用于管理数据管理服务器和第一数据系统之间的数据交互,转发器模块用于管理数据管理服务器和第二数据系统之间的数据交互。控制器模块用于控制适配器模块、处理器模块和转发器模块的工作进程。As shown in Figure 2, the data management server includes an adapter module, a processor module, a control module, The controller module is used to control the working process of the adapter module, the processor module and the forwarder module.
请同时参阅图2至图4,处理器模块包括数据加密模块和秘钥对管理模块,其中,适配器模块、处理器模块、控制器模块和转发器模块数据加密模块用于执行数据的加密和解密控制,秘钥对管理模块用于实现第一秘钥管理、第二秘钥管理、地址信息管理和数据接口功能,其中,秘钥对管理模块基于数据接口进行数据传输。数据加密模块用于生成第一秘钥和数据加密,数据加密模块同样包括进行数据传输的数据接口。Please refer to Figures 2 to 4 at the same time. The processor module includes a data encryption module and a key pair management module, wherein the adapter module, the processor module, the controller module and the repeater module. The data encryption module is used to perform data encryption and decryption control, and the key pair management module is used to implement the first key management, the second key management, the address information management and the data interface functions, wherein the key pair management module performs data transmission based on the data interface. The data encryption module is used to generate the first key and data encryption, and the data encryption module also includes a data interface for data transmission.
如图1和图5所示,所示,在其中一个实施例中,该方法包括以下步骤:As shown in FIG. 1 and FIG. 5 , in one embodiment, the method includes the following steps:
步骤101:向所述第一数据系统发送所述第一公钥,其中,所述数据管理服务器中保存有与所述第一公钥匹配的第一私钥。Step 101: Send the first public key to the first data system, wherein the data management server stores a first private key matching the first public key.
在其中一些实施例中,本实施例中通过数据管理服务器生成相互匹配的第一公钥和第一私钥,然后向第一数据系统发送第一公钥。In some of the embodiments, in this embodiment, a first public key and a first private key that match each other are generated by a data management server, and then the first public key is sent to the first data system.
具体的,本实施例中,数据管理服务器首先生成第一秘钥,第一秘钥包括相互匹配的第一公钥和第一私钥,可以理解的是,当使用第一公钥对数据进行加密时,需要使用第一私钥才能够对数据进行解密。Specifically, in this embodiment, the data management server first generates a first secret key, which includes a first public key and a first private key that match each other. It can be understood that when the first public key is used to encrypt data, the first private key is required to decrypt the data.
当各数据系统接入数据管理服务器时,数据管理服务器向各数据系统,例如可以是上述第一数据系统和第二数据系统发送第一公钥。When each data system is connected to the data management server, the data management server sends the first public key to each data system, for example, the first data system and the second data system.
可以理解的是,实施时,可以仅针对有数据发送需求的数据系统发送数据系统,这里,有数据发送需求的数据系统指的是需要通过数据管理平台向其他数据系统发送数据的数据系统。对于仅需要接受数据,不需要发送数据的数据系统来说,可以不获取第一公钥。It is understandable that, during implementation, data systems may be sent only to data systems that have data transmission requirements, where data systems that have data transmission requirements refer to data systems that need to send data to other data systems through the data management platform. For data systems that only need to receive data and do not need to send data, the first public key may not be obtained.
在另外一些实施例中,则需要向全部接入数据管理服务器的数据系统发送第一公钥,并进一步对传输的数据进行二次加密解密,以进一步提高数据传输安全性。In some other embodiments, it is necessary to send the first public key to all data systems connected to the data management server, and further perform secondary encryption and decryption on the transmitted data to further improve the security of data transmission.
以第一数据系统做示例性说明,当第一数据系统需要向数据管理服务器发送目标数据时,第一数据系统向数据管理服务器发送通过第一公钥加密的 目标数据,也就是说,第一数据系统首先通过第一公钥对目标数据进行加密,然后再向数据管理服务器发送通过第一公钥加密后的目标数据。Taking the first data system as an example, when the first data system needs to send target data to the data management server, the first data system sends the data management server encrypted by the first public key. The target data, that is, the first data system first encrypts the target data by using the first public key, and then sends the target data encrypted by using the first public key to the data management server.
步骤102:接收第一数据系统发送的目标数据,其中,所述目标数据是所述第一数据系统通过第一公钥加密的。本实施例中的数据管理服务器可以理解为提供了一种数据管理接口或数据传输平台以进行数据传输,需要理解的是,为了实现不同的业务,通常需要提供不同的数据系统,而为了实现业务交流,不同的数据系统需要进行数据交互。Step 102: Receive target data sent by the first data system, wherein the target data is encrypted by the first data system using the first public key. The data management server in this embodiment can be understood as providing a data management interface or data transmission platform for data transmission. It should be understood that different data systems are usually required to implement different services, and different data systems need to interact with each other in order to implement business communication.
示例性的,每一公司可以通过自己的公司数据系统管理员工的数据信息,当需要为员工安排体检时,可以将员工的数据信息由公司数据系统导出,然后发送至体检机构的体检数据系统,以便建立体检计划及进行员工健康管理,这一过程中,数据需要从公司数据系统通过数据管理接口传递至体检数据系统。For example, each company can manage employee data information through its own company data system. When it is necessary to arrange a physical examination for an employee, the employee data information can be exported from the company data system and then sent to the physical examination data system of the physical examination institution to establish a physical examination plan and conduct employee health management. During this process, the data needs to be transferred from the company data system to the physical examination data system through the data management interface.
为了降低管理成本,数据管理接口可以为多个不同数据系统之间的数据交互提供服务。In order to reduce management costs, the data management interface can provide services for data interaction between multiple different data systems.
在其中一个实施例中,目标数据可以包括以下信息中的一项或多项:访问授权码、应用id(编号)、业务系统id、用户信息对象、用户主键、身份证、手机号、居民姓名、指标数据集合、机构id、指标id、批次id、检测时间、检测结果、扩展字段、设备信息对象、设备SN(Serial Number,序列)码、设备名称、商品类型id、设备型号、指标定义Map集合、指标id、指标单位、指标编码、指标名称。In one embodiment, the target data may include one or more of the following information: access authorization code, application id (number), business system id, user information object, user primary key, ID card, mobile phone number, resident name, indicator data set, organization id, indicator id, batch id, test time, test results, extended field, device information object, device SN (Serial Number) code, device name, product type id, device model, indicator definition Map set, indicator id, indicator unit, indicator code, indicator name.
上述信息中,访问授权码用于实现访问授权验证,应用id和业务系统id用于表示用户使用的具体业务。用户信息对象、用户主键、身份证、手机号、和居民姓名等用于表征用户的身份信息和联系方式等,相关数据需要在获得用户的授权且满足各种规定和隐私限制的情况下采集和传输。机构id、指标id、批次id、检测时间、检测结果、设备信息对象、设备SN码、设备名称、商品类型id和设备型号则用户表示进行检测的项目、检测结果以及检测使用的设备等相关信息。扩展字段用户存储扩展信息,示例性的,可以是针对一台设备可用于多人使用的识别码等扩展信息。指标定义Map集合、指标id、指标单位、指标编码和指标名称用于表示与检测指标相关的信息。 In the above information, the access authorization code is used to implement access authorization verification, and the application id and business system id are used to indicate the specific business used by the user. User information objects, user primary keys, ID cards, mobile phone numbers, and resident names are used to represent the user's identity information and contact information. The relevant data needs to be collected and transmitted with the user's authorization and meet various regulations and privacy restrictions. The organization id, indicator id, batch id, test time, test results, equipment information object, equipment SN code, equipment name, product type id and equipment model are used by the user to indicate the items to be tested, the test results, and the equipment used for the test and other related information. The extended field user stores extended information, which can be, for example, an identification code for a device that can be used by multiple people. The indicator definition Map set, indicator id, indicator unit, indicator code and indicator name are used to represent information related to the test indicator.
步骤103:通过与所述第一公钥匹配的第一私钥解密所述目标数据。Step 103: Decrypt the target data using a first private key that matches the first public key.
由于数据管理服务器中保存有与第一公钥对应的第一私钥,这样,数据管理服务器接收到通过第一公钥加密后的目标数据后,数据管理服务器可以通过第一私钥对第一数据系统发送的目标数据进行解密。Since the data management server stores the first private key corresponding to the first public key, after the data management server receives the target data encrypted by the first public key, the data management server can decrypt the target data sent by the first data system by using the first private key.
在其中一些实施例中,该方法还包括:In some embodiments, the method further comprises:
校验所述目标数对应的第一数据系统的校验信息,所述校验信息包括IP地址和硬件信息中的至少一项;Verifying verification information of a first data system corresponding to the target number, wherein the verification information includes at least one of an IP address and hardware information;
在所述校验信息通过校验的情况下,执行将解密后的所述目标数据通过第二公钥加密的步骤。When the verification information passes the verification, a step of encrypting the decrypted target data using a second public key is performed.
在一些实施例中,为了进一步提高数据传输的安全性,在对目标数据解密前或解密后,还可以对目标数据进行安全校验。In some embodiments, in order to further improve the security of data transmission, a security check may be performed on the target data before or after the target data is decrypted.
在一个示例性的实施例中,可以建立IP(Internet Protocol,网际互连协议)地址白名单,在解密目标数据时,对第一数据系统的IP地址进行校验,如果第一数据系统的IP地址为IP地址白名单中的IP地址,则认为通过验证,允许该目标数据的传输,如果IP地址未通过验证,则禁止该目标数据的传输,能够直接避免未授权的数据系统发送数据,提高安全性。In an exemplary embodiment, an IP (Internet Protocol) address whitelist may be established. When decrypting target data, the IP address of the first data system is verified. If the IP address of the first data system is in the IP address whitelist, it is considered to have passed the verification and the transmission of the target data is allowed. If the IP address fails the verification, the transmission of the target data is prohibited. This can directly prevent unauthorized data systems from sending data, thereby improving security.
在其中一些实施例中,还可以根据目标数据中包括的上述信息和IP地址进行交叉校验。In some of the embodiments, a cross-check may also be performed based on the above information and the IP address included in the target data.
在一些实施例中,校验所述目标数据对应的第一数据系统的校验信息,包括:In some embodiments, verifying verification information of the first data system corresponding to the target data includes:
获取IP地址和硬件信息之间的对应关系;Get the correspondence between IP address and hardware information;
提取通过第一私钥解密的所述目标数据中包含的目标硬件信息;extracting target hardware information contained in the target data decrypted by the first private key;
校验发送所述目标数据的第一数据系统的目标IP地址和所述目标硬件信息之间是否满足所述对应关系;Verifying whether the target IP address of the first data system sending the target data and the target hardware information satisfy the corresponding relationship;
在满足所述对应关系的情况下,确认所述校验信息通过校验。When the corresponding relationship is satisfied, it is confirmed that the verification information passes the verification.
在一个示例性的实施例中,首先可以收集各可能作为第一数据系统的数据系统的IP地址以及硬件信息,示例性的,硬件信息可以是设备SN码、物理地址等硬件信息,在收集了IP地址和硬件信息之后,建立其对应关系。In an exemplary embodiment, the IP addresses and hardware information of each data system that may serve as the first data system may be collected first. Exemplarily, the hardware information may be hardware information such as the device SN code and physical address. After the IP addresses and hardware information are collected, a corresponding relationship is established.
实施时,在对目标信息对应的IP地址进行校验的同时,校验设备SN码 和IP地址之间是否满足预先收集保存的对应关系,如果满足,则认为通过校验,如果不满足,则认为数据可能存在篡改。During implementation, while verifying the IP address corresponding to the target information, verify the device SN code Whether the correspondence between the IP address and the pre-collected and saved relationship is satisfied. If so, it is considered to have passed the verification. If not, it is considered that the data may have been tampered with.
在另外一些实施例中,还可以通过物理地址、硬件地址、数据哈希值(hash)等不同的方式对目标数据进行校验,以提高数据传输的安全性。In some other embodiments, the target data may be verified by different methods such as physical address, hardware address, data hash value, etc. to improve the security of data transmission.
通过增加验证过程,能够确保数据系统接入的合法性,降低秘钥泄露危害信息安全的可能性。By adding a verification process, the legitimacy of data system access can be ensured and the possibility of key leakage endangering information security can be reduced.
在一些实施例中,该方法还包括:In some embodiments, the method further comprises:
利用所述第一私钥对处于解密状态的所述目标数据进行数字签名。The target data in a decrypted state is digitally signed using the first private key.
相应的,将解密后的所述目标数据通过第二公钥加密,包括:Accordingly, encrypting the decrypted target data using the second public key includes:
将进行了数字签名的所述目标数据通过第二公钥加密。The digitally signed target data is encrypted using a second public key.
在其中一些实施例中,是通过数字签名对目标数据进行二次加密的。In some of the embodiments, the target data is encrypted twice via a digital signature.
在其中一些实施例中,当需要进行二次加密解密时,通过第一私钥对目标数据进行数字签名,在处于解密状态的目标数据中附加二次加密数据。In some of the embodiments, when secondary encryption and decryption are required, the target data is digitally signed using the first private key, and the secondary encrypted data is appended to the target data in a decrypted state.
在一些实施例中,进行数字签名的步骤包括:In some embodiments, the step of digitally signing includes:
通过哈希算法生成所述目标数据的哈希值;Generate a hash value of the target data by using a hash algorithm;
在所述哈希值中添加时间戳和随机字符串,并利用所述第一私钥加密,得到数字签名;所述将解密后的所述目标数据通过第二公钥加密,包括:Adding a timestamp and a random string to the hash value, and encrypting it with the first private key to obtain a digital signature; encrypting the decrypted target data with the second public key, including:
利用所述第二公钥将所述数字签名加密。The digital signature is encrypted using the second public key.
这里,数字签名包括时间戳,也可以包括加密字段,示例性的,加密字段可以包括随机字符串等。实施时,先通过哈希算法生成所述目标数据的哈希值,然后在哈希值中添加时间戳和随机字符串,完成对于目标数据的数字签名。Here, the digital signature includes a timestamp and may also include an encrypted field. Exemplarily, the encrypted field may include a random string, etc. During implementation, a hash value of the target data is first generated by a hash algorithm, and then a timestamp and a random string are added to the hash value to complete the digital signature of the target data.
可以理解为,二次加密包括第一私钥的数字签名以及第二公钥的加密两次加密过程,相应的,目标数据的解密过程也包括第二私钥的解密和第一公钥的解签两个步骤。It can be understood that the secondary encryption includes two encryption processes: digital signature of the first private key and encryption of the second public key. Correspondingly, the decryption process of the target data also includes two steps: decryption of the second private key and decryption of the first public key.
步骤104:将解密后的所述目标数据通过第二公钥加密,其中,所述第二公钥接收自第二数据系统。Step 104: Encrypt the decrypted target data using a second public key, wherein the second public key is received from a second data system.
接下来,利用第二公钥对进行了数字签名的目标数据进行加密。Next, the digitally signed target data is encrypted using the second public key.
在一些实施例中,在步骤104之前,该方法还包括: In some embodiments, before step 104, the method further includes:
接收所述第二数据系统发送的第二公钥。Receive a second public key sent by the second data system.
本实施例中,第二公钥与第二数据系统相对应,具体而言,每一第二公钥唯一对应一个第二数据系统,而每一第二数据系统可以对应一组或多组秘钥,每一组秘钥包括相互匹配的公钥和秘钥。In this embodiment, the second public key corresponds to the second data system. Specifically, each second public key uniquely corresponds to one second data system, and each second data system may correspond to one or more groups of secret keys, each group of secret keys including public keys and secret keys that match each other.
在一个示例性的实施例中,第二数据系统首先生成一组第二秘钥,该第二秘钥包括第二公钥和第二私钥。In an exemplary embodiment, the second data system first generates a set of second keys, the second keys including a second public key and a second private key.
当第二数据系统接入数据管理服务器时,向数据管理服务器发送第二公钥。当数据管理服务器需要向第二数据系统发送数据时,利用第二公钥对目标数据进行加密。When the second data system is connected to the data management server, the second public key is sent to the data management server. When the data management server needs to send data to the second data system, the target data is encrypted using the second public key.
需要理解的是,在上述过程中,如果第二数据系统中未保存第一公钥,数据管理服务器向第二数据系统发送目标数据前不需要对处于解密状态的目标数据进行数字签名。It should be understood that, in the above process, if the first public key is not stored in the second data system, the data management server does not need to digitally sign the target data in a decrypted state before sending the target data to the second data system.
在其中一些实施例中,在步骤104之前,该方法还包括:In some embodiments, before step 104, the method further includes:
利用所述第一私钥对处于解密状态的所述目标数据进行数字签名;Using the first private key to digitally sign the target data in a decrypted state;
所述将解密后的所述目标数据通过第二公钥加密,包括:The step of encrypting the decrypted target data by using a second public key comprises:
将进行了数字签名的所述目标数据通过第二公钥加密。The digitally signed target data is encrypted using a second public key.
如果第二数据系统中保存有第一公钥,则数据管理服务器向第二数据系统发送目标数据前可以参考上述步骤对处于解密状态的目标数据进行数字签名,以进一步提高安全性。If the first public key is stored in the second data system, the data management server may refer to the above steps to digitally sign the target data in a decrypted state before sending the target data to the second data system to further improve security.
当目标数据通过第一公钥进行数字签名的情况下,该步骤104包括:When the target data is digitally signed by the first public key, step 104 includes:
利用所述第二公钥将所述目标数据和所述数据信息加密。The target data and the data information are encrypted using the second public key.
在其中一些实施例中,所述利用所述第一私钥对处于解密状态的所述目标数据进行数字签名之前,所述方法还包括:In some embodiments, before using the first private key to digitally sign the target data in a decrypted state, the method further includes:
确认所述第二数据系统中是否保存有第一公钥;confirming whether the first public key is stored in the second data system;
在所述第二数据系统中保存有第一公钥的情况下,执行利用所述第一私钥对处于解密状态的所述目标数据进行数字签名的步骤;In the case where the first public key is stored in the second data system, executing the step of digitally signing the target data in a decrypted state using the first private key;
在所述第二数据系统中未保存第一公钥的情况下,将解密后且未进行数字签名的所述目标数据通过第二公钥加密。In the case where the first public key is not stored in the second data system, the target data that has been decrypted and not digitally signed is encrypted using the second public key.
本实施例中,可以先检测第二数据系统中是否保存有第一公钥,实施时, 可以通过检测是否有向第二数据系统发送第一公钥的发送记录,也可以向第二数据系统发送查询信息,然后根据第二数据系统的回复结果确认第二数据系统中是否存在第一公钥。In this embodiment, it is possible to first detect whether the first public key is stored in the second data system. It can be done by detecting whether there is a record of sending the first public key to the second data system, or by sending a query message to the second data system, and then confirming whether the first public key exists in the second data system according to a reply result of the second data system.
如果第二数据系统中存在第一公钥,则参考上述过程执行数字签名的步骤。If the first public key exists in the second data system, the step of digital signature is performed with reference to the above process.
如果第二数据系统中不存在第一公钥,则可以仅对目标数据进行一次加密,具体而言,对于处于解密状态的目标数据,仅通过第二公钥对目标数据进行加密,然后向第二数据系统给发送。If the first public key does not exist in the second data system, the target data may be encrypted only once. Specifically, for the target data in a decrypted state, the target data is encrypted only by the second public key and then sent to the second data system.
在另外一些实施例中,还可以先向第二数据系统发送第一公钥,然后再参照上述过程对目标数据进行二次加密,以确保数据传输安全。In some other embodiments, the first public key may be sent to the second data system first, and then the target data may be re-encrypted according to the above process to ensure data transmission security.
步骤105:向所述第二数据系统发送通过所述第二公钥加密的所述目标数据。Step 105: Send the target data encrypted by the second public key to the second data system.
在完成通过第二公钥加密目标数据后,向第二数据系统发送加密后的目标数据。After the target data is encrypted using the second public key, the encrypted target data is sent to the second data system.
第二数据系统接收到目标数据后,利用第二私钥对目标数据进行解密,在目标数据通过第一私钥进行了数字签名的情况下,进一步需要通过第一公钥对目标数据进行解签,这样,就获得了所需传递的目标数据。After the second data system receives the target data, it uses the second private key to decrypt the target data. When the target data is digitally signed by the first private key, it is further necessary to decrypt the target data by using the first public key. In this way, the target data to be transmitted is obtained.
需要理解的是,数据系统的数量可能由多个,每一数据系统也可能接入多个数据管理平台。本实施例中,由于目标数据是通过第二数据系统提供的第二公钥进行加密的,即使目标数据被错误的传输至其他数据系统中,其他数据系统也无法对目标数据进行解密和解签,从而确保了目标数据路径确认的唯一性,也就是说,第二数据系统能够通过所使用的第一公钥唯一确认相应的数据管理服务器,同时,也保证了数据解密解签和读取路径的唯一性,确保目标数据无法被其他数据系统所读取。It should be understood that there may be multiple data systems, and each data system may also be connected to multiple data management platforms. In this embodiment, since the target data is encrypted by the second public key provided by the second data system, even if the target data is mistakenly transmitted to other data systems, other data systems cannot decrypt and unsign the target data, thereby ensuring the uniqueness of the target data path confirmation, that is, the second data system can uniquely confirm the corresponding data management server through the first public key used, and at the same time, it also ensures the uniqueness of the data decryption and reading path, ensuring that the target data cannot be read by other data systems.
本公开实施例还提供了一种数据管理服务器,该数据管理服务器被配置为执行上述数据传输控制方法实施例的各个步骤,并能实现相似或相同的技术效果。The embodiment of the present disclosure also provides a data management server, which is configured to execute each step of the above-mentioned data transmission control method embodiment and can achieve similar or identical technical effects.
本公开实施例还提供了一种数据传输控制方法,应用于数据传输控制系统,所述数据传输控制系统包括第一数据系统、数据管理服务器和第二数据 系统,所述第一数据系统和所述第二数据系统均与所述数据管理服务器通信连接,所述方法包括以下步骤:The embodiment of the present disclosure also provides a data transmission control method, which is applied to a data transmission control system, wherein the data transmission control system includes a first data system, a data management server, and a second data system, the first data system and the second data system are both connected to the data management server in communication, and the method comprises the following steps:
所述数据管理服务器生成相互匹配的第一公钥和第一私钥;The data management server generates a first public key and a first private key that match each other;
所述数据管理服务器向所述第一数据系统和所述第二数据系统发送所述第一公钥;The data management server sends the first public key to the first data system and the second data system;
所述第一数据系统向所述数据管理服务器发送通过所述第一公钥加密的目标数据;The first data system sends the target data encrypted by the first public key to the data management server;
所述数据管理服务器通过所述第一私钥解密所述目标数据;The data management server decrypts the target data using the first private key;
所述数据管理服务器通过所述第一私钥为解密后的所述目标数据数字签名;The data management server digitally signs the decrypted target data using the first private key;
所述第二数据系统生成第二公钥和第二私钥;The second data system generates a second public key and a second private key;
所述第二数据系统向所述数据管理服务器发送所述第二公钥;The second data system sends the second public key to the data management server;
所述数据管理服务器通过第二公钥加密经数字签名的所述目标数据;The data management server encrypts the digitally signed target data using a second public key;
所述数据管理服务器向所述第二数据系统发送经所述第二公钥签名的所述目标数据;The data management server sends the target data signed by the second public key to the second data system;
所述第二数据系统通过第二私钥解密所述目标数据;The second data system decrypts the target data using a second private key;
所述第二书系统通过所述第二私钥解签解密后的所述目标数据。The second book system decrypts the decrypted target data using the second private key.
本实施例的数据传输控制方法的各个步骤可以参考上述数据传输方法实施例,此处不再赘述。The various steps of the data transmission control method of this embodiment can refer to the above-mentioned data transmission method embodiment, and will not be repeated here.
本公开实施例还提供了一种数据传输控制系统,所述数据传输控制系统包括第一数据系统、数据管理服务器和第二数据系统,所述第一数据系统和所述第二数据系统均与所述数据管理服务器通信连接;本实施例的数据传输控制系统配置为执行上述数据传输控制方法的各个步骤。The disclosed embodiment also provides a data transmission control system, which includes a first data system, a data management server and a second data system, wherein the first data system and the second data system are both communicatively connected to the data management server; the data transmission control system of this embodiment is configured to execute each step of the above-mentioned data transmission control method.
本公开实施例还提供了一种数据传输控制装置,应用于数据管理服务器。The disclosed embodiment also provides a data transmission control device, which is applied to a data management server.
如图6所示,在一个实施例中,该数据传输控制装置600包括:As shown in FIG6 , in one embodiment, the data transmission control device 600 includes:
第一公钥发送模块601,用于向所述第一数据系统发送所述第一公钥,其中,所述数据管理服务器中保存有与所述第一公钥匹配的第一私钥;A first public key sending module 601 is used to send the first public key to the first data system, wherein the data management server stores a first private key matching the first public key;
目标数据接收模块602,用于接收第一数据系统发送的目标数据,其中,所述目标数据是所述第一数据系统通过第一公钥加密的; The target data receiving module 602 is used to receive target data sent by the first data system, wherein the target data is encrypted by the first data system using a first public key;
解密模块603,用于通过与所述第一公钥匹配的第一私钥解密所述目标数据;A decryption module 603, configured to decrypt the target data using a first private key matching the first public key;
加密模块604,用于将解密后的所述目标数据通过第二公钥加密,其中,所述第二公钥接收自第二数据系统;An encryption module 604, configured to encrypt the decrypted target data using a second public key, wherein the second public key is received from a second data system;
数据发送模块605,用于向所述第二数据系统发送通过所述第二公钥加密的所述目标数据。The data sending module 605 is used to send the target data encrypted by the second public key to the second data system.
在其中一些实施例中,还包括:In some embodiments, it also includes:
数字签名模块,用于利用所述第一私钥对处于解密状态的所述目标数据进行数字签名;A digital signature module, used to digitally sign the target data in a decrypted state using the first private key;
所述加密模块604,具体用于将进行了数字签名的所述目标数据通过第二公钥加密。The encryption module 604 is specifically configured to encrypt the digitally signed target data using a second public key.
在其中一些实施例中,还包括:In some embodiments, it also includes:
第一公钥检测模块,用于确认所述第二数据系统中是否保存有第一公钥;A first public key detection module, used to confirm whether the first public key is stored in the second data system;
所述数字签名模块,用于在所述第二数据系统中保存有第一公钥的情况下,执行利用所述第一私钥对处于解密状态的所述目标数据进行数字签名的步骤;The digital signature module is used to execute the step of digitally signing the target data in a decrypted state using the first private key when the first public key is stored in the second data system;
在所述第二数据系统中未保存第一公钥的情况下,将解密后且未进行数字签名的所述目标数据通过第二公钥加密。In the case where the first public key is not stored in the second data system, the decrypted target data that is not digitally signed is encrypted using the second public key.
在其中一些实施例中,所述数字签名模块。包括:In some embodiments, the digital signature module includes:
哈希值计算子模块,用于通过哈希算法生成所述目标数据的哈希值;A hash value calculation submodule, used to generate a hash value of the target data through a hash algorithm;
添加子模块,用于在所述哈希值中添加时间戳和随机字符串;Add submodules for adding timestamp and random string to the hash value;
所述加密模块604,具体用于利用第一私钥对添加有时间戳和随机字符串的所述哈希值进行加密得到数字签名;以及利用所述第二公钥将所述数字签名加密。The encryption module 604 is specifically configured to use the first private key to encrypt the hash value to which the timestamp and the random character string are added to obtain a digital signature; and use the second public key to encrypt the digital signature.
在其中一些实施例中,还包括:In some embodiments, it also includes:
检验模块,用于校验所述目标数据对应的第一数据系统的校验信息,所述校验信息包括IP地址和硬件信息中的至少一项;A verification module, used to verify verification information of the first data system corresponding to the target data, wherein the verification information includes at least one of an IP address and hardware information;
所述加密模块604,用于在所述校验信息通过校验的情况下,执行将解密后的所述目标数据通过第二公钥加密的步骤。 The encryption module 604 is used to execute the step of encrypting the decrypted target data using the second public key when the verification information passes the verification.
在其中一些实施例中,所述检验模块包括:In some embodiments, the inspection module includes:
对应关系获取子模块,用于获取IP地址和硬件信息之间的对应关系;The corresponding relationship acquisition submodule is used to obtain the corresponding relationship between the IP address and the hardware information;
提取子模块,用于提取通过第一私钥解密的所述目标数据中包含的目标硬件信息;An extraction submodule, used to extract target hardware information contained in the target data decrypted by the first private key;
检验子模块,用于校验发送所述目标数据的第一数据系统的目标IP地址和所述目标硬件信息之间是否满足所述对应关系;A verification submodule, used to verify whether the target IP address of the first data system sending the target data and the target hardware information satisfy the corresponding relationship;
确认子模块,用于在满足所述对应关系的情况下,确认所述校验信息通过校验。The confirmation submodule is used to confirm that the verification information passes the verification when the corresponding relationship is met.
本实施例的数据传输控制装置600能够实现上述数据传输控制方法实施例的各个步骤,并能实现基本相同的技术效果,此处不再赘述。The data transmission control device 600 of this embodiment can implement each step of the above-mentioned data transmission control method embodiment and can achieve basically the same technical effects, which will not be described in detail here.
本公开实施例还提供一种电子设备。请参见图7,电子设备可以包括处理器701、存储器702及存储在存储器702上并可在处理器701上运行的程序7021。The embodiment of the present disclosure further provides an electronic device. Referring to FIG. 7 , the electronic device may include a processor 701 , a memory 702 , and a program 7021 stored in the memory 702 and executable on the processor 701 .
程序7021被处理器701执行时可实现上述方法实施例中的任意步骤及达到相同的有益效果,此处不再赘述。When program 7021 is executed by processor 701, any steps in the above method embodiment can be implemented and the same beneficial effects can be achieved, which will not be described in detail here.
本领域普通技术人员可以理解实现上述实施例方法的全部或者部分步骤是可以通过程序指令相关的硬件来完成,所述的程序可以存储于一可读取介质中。Those skilled in the art will appreciate that all or part of the steps of implementing the above-mentioned embodiment method can be completed by hardware associated with program instructions, and the program can be stored in a readable medium.
本公开实施例还提供一种可读存储介质,所述可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时可实现上述方法实施例中的任意步骤,且能达到相同的技术效果,为避免重复,这里不再赘述。The embodiments of the present disclosure also provide a readable storage medium having a computer program stored thereon. When the computer program is executed by a processor, any step in the above method embodiment can be implemented and the same technical effect can be achieved. To avoid repetition, it will not be described here.
所述的存储介质,如只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等。The storage medium described herein may include a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, etc.
需要说明的是,应理解以上各个模块的划分仅仅是一种逻辑功能的划分,实际实现时可以全部或部分集成到一个物理实体上,也可以物理上分开。且这些模块可以全部以软件通过处理元件调用的形式实现;也可以全部以硬件的形式实现;还可以部分模块通过处理元件调用软件的形式实现,部分模块通过硬件的形式实现。例如,确定模块可以为单独设立的处理元件,也可以集成在上述装置的某一个芯片中实现,此外,也可以以程序代码的形式存储 于上述装置的存储器中,由上述装置的某一个处理元件调用并执行以上确定模块的功能。其它模块的实现与之类似。此外这些模块全部或部分可以集成在一起,也可以独立实现。这里所述的处理元件可以是一种集成电路,具有信号的处理能力。在实现过程中,上述方法的各步骤或以上各个模块可以通过处理器元件中的硬件的集成逻辑电路或者软件形式的指令完成。It should be noted that it should be understood that the division of the above modules is only a division of logical functions. In actual implementation, they can be fully or partially integrated into one physical entity, or they can be physically separated. And these modules can all be implemented in the form of software calling through processing elements; they can also be all implemented in the form of hardware; some modules can be implemented in the form of processing elements calling software, and some modules can be implemented in the form of hardware. For example, the determination module can be a separately established processing element, or it can be integrated in a chip of the above device, and it can also be stored in the form of program code. In the memory of the above-mentioned device, a processing element of the above-mentioned device calls and executes the function of the above-mentioned determined module. The implementation of other modules is similar. In addition, all or part of these modules can be integrated together, or they can be implemented independently. The processing element described here can be an integrated circuit with signal processing capabilities. In the implementation process, each step of the above-mentioned method or each of the above modules can be completed by an integrated logic circuit of hardware in the processor element or an instruction in the form of software.
例如,各个模块、单元、子单元或子模块可以是被配置成实施以上方法的一个或多个集成电路,例如:一个或多个特定集成电路(Application Specific Integrated Circuit,ASIC),或,一个或多个微处理器(digital signal processor,DSP),或,一个或者多个现场可编程门阵列(Field Programmable Gate Array,FPGA)等。再如,当以上某个模块通过处理元件调度程序代码的形式实现时,该处理元件可以是通用处理器,例如中央处理器(Central Processing Unit,CPU)或其它可以调用程序代码的处理器。再如,这些模块可以集成在一起,以片上系统(system-on-a-chip,SOC)的形式实现。For example, each module, unit, sub-unit or sub-module may be one or more integrated circuits configured to implement the above method, such as one or more application specific integrated circuits (ASIC), or one or more microprocessors (digital signal processors, DSP), or one or more field programmable gate arrays (FPGA), etc. For another example, when a module above is implemented in the form of a processing element scheduling program code, the processing element may be a general-purpose processor, such as a central processing unit (CPU) or other processor that can call program code. For another example, these modules can be integrated together and implemented in the form of a system-on-a-chip (SOC).
以上所述是本公开实施例的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本公开所述原理的前提下,还可以作出若干改进和润饰,这些改进和润饰也应视为本公开的保护范围。 The above is a preferred implementation of the embodiment of the present disclosure. It should be pointed out that for ordinary technicians in this technical field, several improvements and modifications can be made without departing from the principles described in the present disclosure. These improvements and modifications should also be regarded as the scope of protection of the present disclosure.

Claims (10)

  1. 一种数据传输控制方法,应用于数据管理服务器,所述方法包括以下步骤:A data transmission control method is applied to a data management server, the method comprising the following steps:
    向所述第一数据系统发送所述第一公钥,其中,所述数据管理服务器中保存有与所述第一公钥匹配的第一私钥;Sending the first public key to the first data system, wherein the data management server stores a first private key matching the first public key;
    接收第一数据系统发送的目标数据,其中,所述目标数据是所述第一数据系统通过第一公钥加密的;Receiving target data sent by a first data system, wherein the target data is encrypted by the first data system using a first public key;
    通过与所述第一公钥匹配的第一私钥解密所述目标数据;decrypting the target data using a first private key that matches the first public key;
    将解密后的所述目标数据通过第二公钥加密,其中,所述第二公钥接收自第二数据系统;encrypting the decrypted target data using a second public key, wherein the second public key is received from a second data system;
    向所述第二数据系统发送通过所述第二公钥加密的所述目标数据。The target data encrypted by the second public key is sent to the second data system.
  2. 如权利要求1所述的方法,其中,所述将解密后的所述目标数据通过第二公钥加密之前,所述方法还包括:The method according to claim 1, wherein, before encrypting the decrypted target data using the second public key, the method further comprises:
    利用所述第一私钥对处于解密状态的所述目标数据进行数字签名;Using the first private key to digitally sign the target data in a decrypted state;
    所述将解密后的所述目标数据通过第二公钥加密,包括:The step of encrypting the decrypted target data by using a second public key comprises:
    将进行了数字签名的所述目标数据通过第二公钥加密。The digitally signed target data is encrypted using a second public key.
  3. 如权利要求2所述的方法,其中,所述利用所述第一私钥对处于解密状态的所述目标数据进行数字签名之前,所述方法还包括:The method according to claim 2, wherein before using the first private key to digitally sign the target data in a decrypted state, the method further comprises:
    确认所述第二数据系统中是否保存有第一公钥;confirming whether the first public key is stored in the second data system;
    在所述第二数据系统中保存有第一公钥的情况下,执行利用所述第一私钥对处于解密状态的所述目标数据进行数字签名的步骤;In the case where the first public key is stored in the second data system, executing the step of digitally signing the target data in a decrypted state using the first private key;
    在所述第二数据系统中未保存第一公钥的情况下,将解密后且未进行数字签名的所述目标数据通过第二公钥加密。In the case where the first public key is not stored in the second data system, the decrypted target data that is not digitally signed is encrypted using the second public key.
  4. 如权利要求1所述的方法,其中,所述利用所述第一私钥对处于解密状态的所述目标数据进行数字签名,包括:The method of claim 1, wherein the step of digitally signing the target data in a decrypted state using the first private key comprises:
    通过哈希算法生成所述目标数据的哈希值;Generate a hash value of the target data by using a hash algorithm;
    在所述哈希值中添加时间戳和随机字符串,并利用所述第一私钥加密,得到数字签名;所述将解密后的所述目标数据通过第二公钥加密,包括: Adding a timestamp and a random string to the hash value, and encrypting it with the first private key to obtain a digital signature; encrypting the decrypted target data with the second public key, including:
    利用所述第二公钥将所述数字签名加密。The digital signature is encrypted using the second public key.
  5. 如权利要求1至4中任一项所述的方法,其中,所述将解密后的所述目标数据通过第二公钥加密之前,所述方法还包括:The method according to any one of claims 1 to 4, wherein before encrypting the decrypted target data by using a second public key, the method further comprises:
    校验所述目标数据对应的第一数据系统的校验信息,所述校验信息包括IP地址和硬件信息中的至少一项;Verifying verification information of a first data system corresponding to the target data, wherein the verification information includes at least one of an IP address and hardware information;
    在所述校验信息通过校验的情况下,执行将解密后的所述目标数据通过第二公钥加密的步骤。When the verification information passes the verification, a step of encrypting the decrypted target data using a second public key is performed.
  6. 如权利要求5所述的方法,其中,所述校验所述目标数据对应的第一数据系统的校验信息,包括:The method of claim 5, wherein the verifying the verification information of the first data system corresponding to the target data comprises:
    获取IP地址和硬件信息之间的对应关系;Get the correspondence between IP address and hardware information;
    提取通过第一私钥解密的所述目标数据中包含的目标硬件信息;extracting target hardware information contained in the target data decrypted by the first private key;
    校验发送所述目标数据的第一数据系统的目标IP地址和所述目标硬件信息之间是否满足所述对应关系;Verifying whether the target IP address of the first data system sending the target data and the target hardware information satisfy the corresponding relationship;
    在满足所述对应关系的情况下,确认所述校验信息通过校验。When the corresponding relationship is satisfied, it is confirmed that the verification information passes the verification.
  7. 一种数据传输控制装置,应用于数据管理服务器,所述数据传输控制装置包括:A data transmission control device, applied to a data management server, the data transmission control device comprising:
    第一公钥发送模块,用于向所述第一数据系统发送所述第一公钥,其中,所述数据管理服务器中保存有与所述第一公钥匹配的第一私钥;A first public key sending module, configured to send the first public key to the first data system, wherein the data management server stores a first private key matching the first public key;
    目标数据接收模块,用于接收第一数据系统发送的目标数据,其中,所述目标数据是所述第一数据系统通过第一公钥加密的;A target data receiving module, used to receive target data sent by a first data system, wherein the target data is encrypted by the first data system using a first public key;
    解密模块,用于通过与所述第一公钥匹配的第一私钥解密所述目标数据;a decryption module, configured to decrypt the target data using a first private key matching the first public key;
    加密模块,用于将解密后的所述目标数据通过第二公钥加密,其中,所述第二公钥接收自第二数据系统;an encryption module, configured to encrypt the decrypted target data using a second public key, wherein the second public key is received from a second data system;
    数据发送模块,用于向所述第二数据系统发送通过所述第二公钥加密的所述目标数据。A data sending module is used to send the target data encrypted by the second public key to the second data system.
  8. 如权利要求7所述的装置,其中,还包括:The device according to claim 7, further comprising:
    数字签名模块,用于利用所述第一私钥对处于解密状态的所述目标数据进行数字签名;A digital signature module, used to digitally sign the target data in a decrypted state using the first private key;
    所述加密模块,具体用于将进行了数字签名的所述目标数据通过第二公 钥加密。The encryption module is specifically used to transmit the target data with digital signature to the second public Key encryption.
  9. 一种电子设备,包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的程序;其特征在于,所述处理器,用于读取存储器中的程序实现如权利要求1至6中任一项所述的数据传输控制方法中的步骤。An electronic device comprises: a memory, a processor and a program stored in the memory and executable on the processor; the processor is used to read the program in the memory to implement the steps in the data transmission control method as described in any one of claims 1 to 6.
  10. 一种可读存储介质,用于存储程序,所述程序被处理器执行时实现如权利要求1至6中任一项所述的数据传输控制方法中的步骤。 A readable storage medium is used to store a program, and when the program is executed by a processor, the steps in the data transmission control method according to any one of claims 1 to 6 are implemented.
PCT/CN2023/122569 2022-11-30 2023-09-28 Data transmission control method and apparatus, electronic device, and readable storage medium WO2024114095A1 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211527443.7 2022-11-30

Publications (1)

Publication Number Publication Date
WO2024114095A1 true WO2024114095A1 (en) 2024-06-06

Family

ID=

Similar Documents

Publication Publication Date Title
US20200068394A1 (en) Authentication of phone caller identity
AU2014258980B2 (en) Providing digital certificates
CN102546171B (en) Secure element authentication method
JP4866863B2 (en) Security code generation method and user device
CN101300808B (en) Method and arrangement for secure autentication
CN113572715B (en) Data transmission method and system based on block chain
CN109905360B (en) Data verification method and terminal equipment
CN107844946A (en) A kind of method, apparatus and server of electronic contract signature
CN106576043A (en) Virally distributable trusted messaging
US20140172741A1 (en) Method and system for security information interaction based on internet
EP1763719A1 (en) Systems and methods for binding a hardware component and a platform
EP2690840B1 (en) Internet based security information interaction apparatus and method
CN111161056A (en) Method, system and equipment for improving transaction security of digital assets
CN103457729A (en) Safety equipment, service terminal and encryption method
CN111460457A (en) Real estate property registration supervision method, device, electronic equipment and storage medium
CN114884697A (en) Data encryption and decryption method based on state cryptographic algorithm and related equipment
CN108667801A (en) A kind of Internet of Things access identity safety certifying method and system
CN105072136B (en) A kind of equipment room safety certifying method and system based on virtual drive
CN109547404B (en) Data acquisition method and server
CN113722749A (en) Data processing method and device for block chain BAAS service based on encryption algorithm
WO2024114095A1 (en) Data transmission control method and apparatus, electronic device, and readable storage medium
CN110602218A (en) Method and related device for assembling cloud service in user-defined manner
CN103514540A (en) USBKEY business realization method and system
JP2023507651A (en) METHOD AND SYSTEM FOR MANAGING DATA EXCHANGES FOR MEDICAL EXAMINATIONS
CN106161027A (en) A kind of mobile phone quasi-digital certificate subsystem and system and method thereof