CN115604012A - Method and system for realizing complete storage of important data in government affair cloud scene - Google Patents
Method and system for realizing complete storage of important data in government affair cloud scene Download PDFInfo
- Publication number
- CN115604012A CN115604012A CN202211284041.9A CN202211284041A CN115604012A CN 115604012 A CN115604012 A CN 115604012A CN 202211284041 A CN202211284041 A CN 202211284041A CN 115604012 A CN115604012 A CN 115604012A
- Authority
- CN
- China
- Prior art keywords
- important data
- support system
- hash value
- hash values
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 19
- 238000012797 qualification Methods 0.000 claims abstract description 7
- 210000001503 joint Anatomy 0.000 claims description 7
- 238000003032 molecular docking Methods 0.000 claims description 7
- 238000006243 chemical reaction Methods 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000013024 troubleshooting Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a method and a system for realizing complete storage of important data in a government affair cloud scene, which relate to the technical field of data encryption and specifically comprise the following steps: butt-joint a server cipher machine manufacturer with certification qualification, and define part of information in the service support system as important data; calculating hash values of all important data by using an HMAC-SM3 encryption algorithm, and storing the important data and the corresponding hash values in a database; setting a timing task, calculating hash values of all important data in the system through the timing task, comparing the hash values with corresponding hash values stored in a database, and marking and recording the important data when the comparison results are inconsistent; and the user logs in the system, modifies the important data by using the function of the user, calculates the hash value of the modified important data by using an HMAC-SM3 encryption algorithm, and updates the corresponding hash value stored in the database by using the hash value. The invention can realize the complete storage of important data in the service support system and protect the data security.
Description
Technical Field
The invention relates to the technical field of data encryption, in particular to a method and a system for realizing complete storage of important data in a government affair cloud scene.
Background
With the rapid development of social electronic informatization and cloud computing technologies, government departments in many places also implement a cloud-going plan to construct a local government cloud platform, so that own services are deployed on the cloud, and therefore, stable operation and safety protection of the government cloud platform are very important. In addition, important data including account information, role authority, key logs and the like are stored in the service supporting system in the government affair cloud platform, and are encrypted, so that the safety of the service supporting system can be effectively protected, and the important data can be prevented from being tampered by people by using an illegal means.
Based on the method, a method for realizing complete storage of important data in a government affair cloud scene is designed and researched to prevent people from tampering important data in the business support system by using illegal means and ensure safe operation of the business support system.
Disclosure of Invention
Aiming at the requirements and the defects of the prior art development, the invention provides a method and a system for realizing the complete storage of important data in a government affair cloud scene.
Firstly, the method for realizing the complete storage of important data in the government affair cloud scene adopts the following technical scheme for solving the technical problems:
a method for realizing complete storage of important data in a government affair cloud scene comprises the following steps:
s1, butting a server cipher machine manufacturer with authentication qualification, defining part of information in a service support system as important data, calling a built-in interface of the service support system, and realizing an HMAC-SM3 encryption algorithm;
s2, calculating hash values of all important data by using an HMAC-SM3 encryption algorithm, and storing the important data and the corresponding hash values in a database;
s3, setting a timing task, calculating hash values of all important data in the business support system through the timing task, comparing the hash values with corresponding hash values stored in a database, if the comparison results are consistent, not performing any operation, and if the comparison results are inconsistent, marking the important data and recording the important data as log data;
and S4, the user logs in the service support system, modifies the important data by using the functions of the user, calculates the hash value of the modified important data by using an HMAC-SM3 encryption algorithm, and updates the corresponding hash value stored in the database by using the hash value.
Optionally, account personal information, role authority assignment, and partial log records of the service support system are defined as important data.
Optionally, after step S1 is executed, format conversion needs to be performed on the defined important data, and then step S2 is executed.
Further optionally, the important data in the service support system is in a character string format, the important data in the character string format is converted into a byte array, then step S2 is executed, the byte array is encrypted by using an HMAC-SM3 encryption algorithm to obtain a hash value byte array, base64 encryption is performed on the hash value byte array, then the byte array after Base64 encryption is converted into a character string, and the character string is the hash value of the important data.
Secondly, the system for realizing the complete storage of important data in the government affair cloud scene adopts the following technical scheme for solving the technical problems:
a system for realizing complete storage of important data in a government affair cloud scene structurally comprises:
the butt joint definition module is used for butt joint of a server cipher machine manufacturer with certification qualification and defining part of information in the service support system as important data;
the calling storage module is used for calling a built-in interface of the business support system, calculating hash values of all important data by using an HMAC-SM3 encryption algorithm, and storing the important data and the corresponding hash values in a database;
the timing comparison module is used for calculating hash values of all important data in the service support system at regular time and comparing the hash values with corresponding hash values stored in the database;
the comparison processing module is used for judging a comparison result, if the comparison result is consistent, no operation is carried out, and if the comparison result is inconsistent, the important data is marked and is recorded as a piece of log data;
and the updating module is used for calling the built-in interface of the service support system by calling the storage module after the user logs in the service support system and modifies the important data by utilizing the function of the user, calculating the hash value of the modified important data by using an HMAC-SM3 encryption algorithm, and updating the corresponding hash value stored in the database by utilizing the hash value.
Optionally, the related docking definition module defines account personal information, role authority assignment, and partial log records of the service support system as important data.
Optionally, after the relevant docking definition module defines the important data, format conversion needs to be performed on the defined important data.
Further optionally, the important data in the related service support system is in a character string format, the docking definition module converts the important data in the character string format into a byte array, then the calling storage module encrypts the byte array by using an HMAC-SM3 encryption algorithm to obtain a hash value byte array, base64 encryption is performed on the hash value byte array, then the byte array after Base64 encryption is converted into a character string, and the character string is the hash value of the important data.
Compared with the prior art, the method and the system for realizing the complete storage of the important data in the government affair cloud scene have the beneficial effects that:
(1) In a government affair cloud scene, the method and the system realize complete storage of important data in the service support system, protect the safety of data such as account information, role authority distribution, key logs and the like in the service support system, and can discover the data in time if someone tampers with the data by using an illegal means, so that subsequent troubleshooting can be immediately carried out;
(2) The HMAC-SM3 cryptographic algorithm is realized by connecting a server cipher machine of a manufacturer, the secret key is stored in the cipher machine, the secret key obtained by calling the method is a false secret key after encryption, the secret key can be effectively protected, and the algorithm is prevented from being cracked; moreover, the national cryptographic algorithm HMAC-SM3 is used for carrying out encryption calculation on the hash value, dependence on foreign cryptographic technology is eliminated, and the requirement of government on system commercial cipher application security evaluation proposed by government cloud is met.
Drawings
FIG. 1 is a flow chart of a method according to a first embodiment of the present invention;
fig. 2 is a connection block diagram of the second embodiment of the present invention.
The reference information in the drawings indicates:
1. a butt joint definition module 2, a calling storage module 3, a timing comparison module,
4. and 5, a comparison processing module and an updating module.
Detailed Description
In order to make the technical solutions, technical problems to be solved, and technical effects of the present invention more clearly apparent, the following description clearly describes the technical solutions of the present invention in combination with specific embodiments.
The first embodiment is as follows:
referring to fig. 1, the present embodiment provides a method for implementing complete storage of important data in a government affair cloud scenario, including the following steps:
s1, a server cipher machine manufacturer with authentication qualification is docked, account personal information, role authority distribution and partial log records in a service support system are defined as important data, a built-in interface of the service support system is called, and an HMAC-SM3 encryption algorithm is achieved.
The important data in the service support system is in a character string format, format conversion is carried out on the defined important data, and the important data in the character string format is converted into a byte array.
S2, encrypting the byte array by using an HMAC-SM3 encryption algorithm to obtain a hash value byte array, carrying out Base64 encryption on the hash value byte array, and converting the byte array subjected to Base64 encryption into a character string, wherein the character string is the hash value of the important data.
And storing the important data and the corresponding hash value in a database.
And S3, setting a timing task, calculating hash values of all important data in the business support system through the timing task, comparing the hash values with corresponding hash values stored in a database, if the comparison results are consistent, not performing any operation, and if the comparison results are inconsistent, marking the important data and recording the important data as log data.
S4, a user logs in the service support system through the client, modifies the important data by using the functions of the user, then the server calculates the hash value of the modified important data by using an HMAC-SM3 encryption algorithm, updates the corresponding hash value stored in the database by using the hash value, or after the important data is added by using the functions of the user, the server calculates the hash value of the added important data by using the HMAC-SM3 encryption algorithm, and stores the hash value into the database along with the corresponding important data.
Example two:
referring to fig. 2, the present embodiment provides a system for implementing complete storage of important data in a government affair cloud scenario, and the structure includes:
the butt joint definition module 1 is used for butt joint of a server cipher machine manufacturer with certification qualification, and is also used for defining account personal information, role authority distribution and partial log records in a service support system as important data and performing format conversion on the defined important data;
the calling storage module 2 is used for calling a built-in interface of the business support system, calculating hash values of all important data by using an HMAC-SM3 encryption algorithm, and storing the important data and the hash values corresponding to the important data in a database;
the timing comparison module 3 is used for calculating hash values of all important data in the service support system at regular time and comparing the hash values with corresponding hash values stored in a database;
the comparison processing module 4 is used for judging the comparison result, if the comparison result is consistent, no operation is carried out, and if the comparison result is inconsistent, the important data is marked and is recorded as a piece of log data;
and the updating module 5 is used for calling a built-in interface of the service support system by calling the storage module 2 after the user logs in the service support system and modifies the important data by using the function of the user, calculating the hash value of the modified important data by using an HMAC-SM3 encryption algorithm, and updating the corresponding hash value stored in the database by using the hash value.
It is to be supplemented that the important data in the service support system is in a string format, the docking definition module converts the important data in the string format into a byte array, then the storage module is called to encrypt the byte array by using an HMAC-SM3 encryption algorithm to obtain a hash value byte array, base64 encryption is performed on the hash value byte array, then the byte array after Base64 encryption is converted into a string, and the string is the hash value of the important data.
In conclusion, by adopting the method and the system for realizing the complete storage of the important data in the government affair cloud scene, the complete storage of the important data in the business support system can be realized, the safety of data such as account information, role authority distribution, key logs and the like in the business support system can be protected, and people can find the important data in time after tampering the important data by illegal means.
The principles and embodiments of the present invention have been described in detail using specific examples, which are provided only to aid in understanding the core technical content of the present invention. Based on the above embodiments of the present invention, those skilled in the art should make any improvements and modifications to the present invention without departing from the principle of the present invention, and all such modifications and modifications should fall within the scope of the present invention.
Claims (8)
1. A method for realizing complete storage of important data in a government affair cloud scene is characterized by comprising the following steps:
s1, butting a server cipher machine manufacturer with authentication qualification, defining part of information in a service support system as important data, calling a built-in interface of the service support system, and realizing an HMAC-SM3 encryption algorithm;
s2, calculating hash values of all important data by using an HMAC-SM3 encryption algorithm, and storing the important data and the corresponding hash values in a database;
s3, setting a timing task, calculating hash values of all important data in the business support system through the timing task, comparing the hash values with corresponding hash values stored in a database, if the comparison results are consistent, not performing any operation, and if the comparison results are inconsistent, marking the important data and recording the important data as log data;
and S4, the user logs in the service support system, modifies the important data by utilizing the functions of the user, calculates the hash value of the modified important data by utilizing an HMAC-SM3 encryption algorithm, and updates the corresponding hash value stored in the database by utilizing the hash value.
2. The method for realizing the complete storage of the important data in the government affair cloud scene according to claim 1, wherein account personal information, role authority allocation and partial log records of the business support system are defined as the important data.
3. The method for realizing the complete storage of the important data in the government affair cloud scene according to claim 1, wherein after the step S1 is executed, the format conversion of the defined important data is required, and then the step S2 is executed.
4. The method for realizing the complete storage of the important data in the government affair cloud scene according to claim 3, wherein the important data in the business support system is in a character string format, the important data in the character string format is converted into a byte array, then step S2 is executed, the byte array is encrypted by using an HMAC-SM3 encryption algorithm to obtain a hash value byte array, base64 encryption is performed on the hash value byte array, and then the byte array after Base64 encryption is converted into a character string, wherein the character string is the hash value of the important data.
5. A system for realizing complete storage of important data under a government affair cloud scene is characterized by comprising the following structures:
the butt joint definition module is used for butt joint of a server cipher machine manufacturer with authentication qualification and defining part of information in the service support system as important data;
the calling storage module is used for calling a built-in interface of the business support system, calculating hash values of all important data by using an HMAC-SM3 encryption algorithm, and storing the important data and the hash values corresponding to the important data in a database;
the timing comparison module is used for calculating the hash values of all important data in the service support system at regular time and comparing the hash values with the corresponding hash values stored in the database;
the comparison processing module is used for judging a comparison result, if the comparison result is consistent, no operation is carried out, and if the comparison result is inconsistent, the important data is marked and is recorded as a piece of log data;
and the updating module is used for calling the built-in interface of the service support system by calling the storage module after the user logs in the service support system and modifies the important data by utilizing the function of the user, calculating the hash value of the modified important data by using an HMAC-SM3 encryption algorithm, and updating the corresponding hash value stored in the database by utilizing the hash value.
6. The system for realizing the complete storage of the important data in the government affair cloud scene according to claim 5, wherein the docking definition module defines account personal information, role authority assignment and partial log records of the business support system as the important data.
7. The system for realizing complete storage of important data in the government affair cloud scene according to claim 5, wherein after the docking definition module defines the important data, format conversion needs to be performed on the defined important data.
8. The system for realizing complete storage of important data in the government affair cloud scene according to claim 7, wherein the important data in the business support system is in a character string format, the docking definition module converts the important data in the character string format into a byte array, then the calling storage module encrypts the byte array by using an HMAC-SM3 encryption algorithm to obtain a hash value byte array, performs Base64 encryption on the hash value byte array, and converts the byte array encrypted by Base64 into a character string, which is the hash value of the important data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211284041.9A CN115604012A (en) | 2022-10-20 | 2022-10-20 | Method and system for realizing complete storage of important data in government affair cloud scene |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211284041.9A CN115604012A (en) | 2022-10-20 | 2022-10-20 | Method and system for realizing complete storage of important data in government affair cloud scene |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115604012A true CN115604012A (en) | 2023-01-13 |
Family
ID=84849135
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211284041.9A Pending CN115604012A (en) | 2022-10-20 | 2022-10-20 | Method and system for realizing complete storage of important data in government affair cloud scene |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115604012A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102420834A (en) * | 2011-12-29 | 2012-04-18 | 公安部第三研究所 | Method for generating and checking network identity identification code in network electronic identity card |
| CN110008745A (en) * | 2019-03-29 | 2019-07-12 | 深圳供电局有限公司 | Encryption method, computer equipment and computer storage medium |
| WO2021012552A1 (en) * | 2019-07-25 | 2021-01-28 | 深圳壹账通智能科技有限公司 | Login processing method and related device |
| CN113312657A (en) * | 2021-07-30 | 2021-08-27 | 杭州乒乓智能技术有限公司 | Application server non-stop issuing method and application server |
| CN114329559A (en) * | 2021-12-30 | 2022-04-12 | 观源(上海)科技有限公司 | External important data protection system and protection method thereof |
| CN114528292A (en) * | 2021-12-30 | 2022-05-24 | 天翼电子商务有限公司 | Sensitive data storage method for unified authentication platform |
-
2022
- 2022-10-20 CN CN202211284041.9A patent/CN115604012A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102420834A (en) * | 2011-12-29 | 2012-04-18 | 公安部第三研究所 | Method for generating and checking network identity identification code in network electronic identity card |
| CN110008745A (en) * | 2019-03-29 | 2019-07-12 | 深圳供电局有限公司 | Encryption method, computer equipment and computer storage medium |
| WO2021012552A1 (en) * | 2019-07-25 | 2021-01-28 | 深圳壹账通智能科技有限公司 | Login processing method and related device |
| CN113312657A (en) * | 2021-07-30 | 2021-08-27 | 杭州乒乓智能技术有限公司 | Application server non-stop issuing method and application server |
| CN114329559A (en) * | 2021-12-30 | 2022-04-12 | 观源(上海)科技有限公司 | External important data protection system and protection method thereof |
| CN114528292A (en) * | 2021-12-30 | 2022-05-24 | 天翼电子商务有限公司 | Sensitive data storage method for unified authentication platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9906513B2 (en) | Network authorization system | |
| CN107295069B (en) | Data backup method and device, storage medium and server | |
| CN109412812B (en) | Data security processing system, method, device and storage medium | |
| CN102334124B (en) | File protection method and device | |
| CN111934879A (en) | Data transmission encryption method, device, equipment and medium for internal and external network system | |
| CN105681039A (en) | Method and device for secret key generation and corresponding decryption | |
| GB2520056A (en) | Digital data retention management | |
| CN104618096A (en) | Method and device for protecting secret key authorized data, and TPM (trusted platform module) secrete key management center | |
| KR101625785B1 (en) | Method and device for information security management of mobile terminal, and mobile terminal | |
| CN105740725A (en) | File protection method and system | |
| CN109076054A (en) | System and method for managing the encryption key of single-sign-on application program | |
| CN102299920A (en) | Electronic document safety management system | |
| WO2022206453A1 (en) | Method and apparatus for providing cross-chain private data | |
| CN108650261A (en) | Mobile terminal system software method for burn-recording based on remote encryption interaction | |
| US9350736B2 (en) | System and method for isolating mobile data | |
| CN104601820A (en) | Mobile terminal information protection method based on TF password card | |
| CN111901338A (en) | Data security protection method for application block chain | |
| CN109005196A (en) | Data transmission method, data decryption method, device and electronic equipment | |
| CN114942729A (en) | Data safety storage and reading method for computer system | |
| CN107342862B (en) | Method and system for realizing key generation and protection by cloud plus-end triple-authority separation | |
| CN106453398B (en) | A kind of data encryption system and method | |
| CN110516469B (en) | Anti-hacking method in shared big data application scene based on block chain | |
| CN110708155B (en) | Copyright information protection method, copyright information protection system, copyright confirming method, copyright confirming device, copyright confirming equipment and copyright confirming medium | |
| CN113901507B (en) | Multi-party resource processing method and privacy computing system | |
| CN110378133B (en) | File protection method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |