CN111510304A - Information transmission method, information management method, system, device and electronic equipment - Google Patents

Information transmission method, information management method, system, device and electronic equipment Download PDF

Info

Publication number
CN111510304A
CN111510304A CN202010314420.2A CN202010314420A CN111510304A CN 111510304 A CN111510304 A CN 111510304A CN 202010314420 A CN202010314420 A CN 202010314420A CN 111510304 A CN111510304 A CN 111510304A
Authority
CN
China
Prior art keywords
data
reported
unit
equipment
premise
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010314420.2A
Other languages
Chinese (zh)
Other versions
CN111510304B (en
Inventor
荆彬
徐瑞
黄雨农
李媛媛
吴迪
唐后栋
雷磊
晏立勋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Army Service Academy of PLA
Original Assignee
Army Service Academy of PLA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Army Service Academy of PLA filed Critical Army Service Academy of PLA
Priority to CN202010314420.2A priority Critical patent/CN111510304B/en
Publication of CN111510304A publication Critical patent/CN111510304A/en
Application granted granted Critical
Publication of CN111510304B publication Critical patent/CN111510304B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides an information transmission and information management method, system, device and electronic equipment, wherein safety equipment obtains data to be reported transmitted from premise equipment of a residential unit through the Internet; the data to be reported is data encrypted by pre-distributed encryption software under the condition that the premise equipment of the outside unit is not networked; the safety equipment decrypts the data to be reported under the condition of not accessing the Internet, accesses an intranet and uploads the decrypted data to be reported to a data center; or, the security device accesses the intranet without accessing the internet, and uploads the data to be reported to the data center so that the data center can decrypt the data to be reported. In this way, data transmission from the premise equipment of the outside unit to the data center is realized through the internet. Meanwhile, in the encryption process, networks among the premise equipment of the outside unit, the safety equipment and the data center are isolated, so that the safety of information transmission is ensured.

Description

Information transmission method, information management method, system, device and electronic equipment
Technical Field
The present application relates to the field of communications, and in particular, to a method, a system, an apparatus, and an electronic device for information transmission and information management.
Background
The unit outside the residence refers to a unit (such as a unit for building engineering team) which is located and mainly activated in foreign countries. Therefore, the method has higher requirements on the information management of the residential and foreign units, and is not suitable for the conventional information management scheme adopted in China. For the units located in China, due to the existence of the intranet, the units in various regions can report the information on the basis of information communication safety through the intranet, so that the management center can update and maintain the reliability of the information of each unit in various regions. However, for the residential unit, the residential network cannot be accessed to the domestic intranet due to the information security, so that how to implement reliable and secure information transmission and management for the information of the residential unit becomes a problem to be solved urgently at present.
Disclosure of Invention
An object of the embodiments of the present application is to provide an information transmission method, an information management method, an information transmission system, an information management device, and an electronic device, so as to solve the problem of how to reliably and safely transmit and manage information of a foreign unit.
The embodiment of the application provides an information transmission method, which comprises the following steps:
the safety equipment acquires data to be reported transmitted from the premise equipment of the outside unit through the Internet; the data to be reported is encrypted by pre-distributed encryption software under the condition that the premise equipment of the outside unit is not networked; the safety equipment decrypts the data to be reported under the condition of not accessing the Internet, accesses an intranet and uploads the data to be reported obtained by decryption to a data center; or the safety equipment accesses an intranet under the condition of not accessing the internet, and uploads the data to be reported to a data center so that the data center can decrypt the data to be reported.
In the implementation process, the premise equipment of the outside unit encrypts the data to be reported by pre-distributed encryption software under the condition of no networking and then transmits the encrypted data to the safety equipment through the internet. And then the security device uploads the decrypted data to the data center under the condition of not accessing the Internet, or uploads the decrypted data to the data center under the condition of not accessing the Internet and is decrypted by the data center. Therefore, data transmission from the premise equipment of the outside units to the data center is realized through the Internet, so that the data center can manage the data of the premise equipment of each outside unit. Meanwhile, in the encryption process, networks among the premise equipment of the premise unit, the safety equipment and the data center are isolated (namely encryption and decryption are all carried out in a safety environment without accessing the internet, and the internet transmission process with high risk of disclosure only relates to encrypted data to be reported, so that the risk of breaking the data after being hijacked in the internet transmission process is greatly reduced, and reliable and safe information transmission and management of the information of the premise unit in foreign countries are realized.
Further, the decrypting, by the security device, the data to be reported without networking includes: under the condition of not networking, the safety equipment searches the corresponding relation between the preset residential unit premises equipment and the decryption mode according to the residential unit premises equipment corresponding to the data to be reported to obtain the decryption mode corresponding to the residential unit premises equipment; and decrypting the data to be reported according to the decryption mode.
In the embodiment of the application, different encryption software can be allocated to different premise equipment of the premise unit outside the residence for safety, and correspondingly, the decryption modes corresponding to different premise equipment of the premise unit outside the residence are different. In the embodiment of the application, the corresponding relationship between each premise equipment of the outside unit and the decryption mode can be configured in advance, so that the decryption mode corresponding to the data to be reported is obtained, and the reliable decryption of the data to be reported is realized. Meanwhile, decryption is carried out under the condition of no networking, so that external risks can be effectively shielded, and the risk of data leakage is reduced.
An embodiment of the present application further provides an information management method, including:
the data center acquires data to be reported transmitted from the premise equipment of the outside unit through the safety equipment; the data to be reported is encrypted by pre-distributed encryption software under the condition that the premise equipment of the outside unit is not networked; searching a preset corresponding relation between the residential unit premises equipment and a decryption mode according to the residential unit premises equipment corresponding to the data to be reported to obtain the decryption mode corresponding to the residential unit premises equipment; decrypting the data to be reported according to the decryption mode to obtain data to be synchronized; and synchronizing the data of the premise equipment of the outside units stored in the data center according to the data to be synchronized.
In the implementation process, the data to be reported is encrypted by pre-distributed encryption software under the condition that the premise equipment of the premise unit is not networked, and then the data is reported to the data center through the safety equipment, so that the data center can find out a corresponding decryption mode according to the premise equipment of the premise unit corresponding to the data to be reported, further decrypt the decryption mode to obtain the data to be synchronized, and synchronize the data of the premise equipment of the premise unit stored in the data center according to the data to be synchronized. Therefore, the data to be reported is safely decrypted, and reliable and safe information transmission and management of information of foreign and residential units are realized.
Furthermore, the data to be reported carries a timestamp when the premise equipment of the outside unit is encrypted through pre-distributed encryption software; the synchronizing the data of the premise equipment of the outside unit stored in the data center according to the data to be synchronized comprises: and according to the timestamp in the data to be reported, synchronizing the data of the premise equipment of the outside unit stored in the data center by using the data to be synchronized.
In the implementation process, when the premise equipment of the outdoor unit encrypts the data through pre-distributed encryption software, a timestamp is added into the data to be reported to indicate the reporting time. Accordingly, the data center can synchronize the data of the premise equipment of the premise unit stored in the data center according to the reporting time, so that the accuracy of the data of the premise equipment of the premise unit stored in the data center is ensured.
Further, the synchronizing, by using the data to be synchronized according to the timestamp in the data to be reported, the data of the premise equipment of the outside unit stored in the data center includes: and in the data center, storing the data to be synchronized at the time position corresponding to the time stamp according to the time stamp.
In the implementation process, the data to be synchronized is stored in the data center according to the timestamp, so that the time information of the data of the premise equipment of the outdoor unit stored in the data center is clear, and meanwhile, the data center has the capability of tracing the source of the data according to the timestamp, and the data management is facilitated.
Further, the method further comprises: when the outdoor units of the outdoor unit premise equipment alternate, distributing new encryption software for the outdoor unit premise equipment, and transmitting the new encryption software to the outdoor unit premise equipment through a preset transmission medium; and/or when a residential unit is dispatched newly, distributing new encryption software for the residential unit, and downloading the new encryption software to a preset transmission medium so that the residential unit can install the new encryption software in the residential unit premise equipment of the newly-built premise through the transmission medium.
In the implementation process, when the outdoor units of the outdoor unit premise equipment alternate or the outdoor units are dispatched newly, the encryption software is newly distributed, so that the dynamic update of the encryption software corresponding to each outdoor unit is realized, and the safety of the data transmission process is improved to a certain extent.
Furthermore, in the preset corresponding relationship between the premise equipment of the outside unit and the decryption mode, the decryption modes corresponding to different premise equipment of the outside unit are different.
In the implementation process, decryption modes corresponding to data reported by premise equipment of different outside units are different, so that after the encryption software of a certain outside unit is leaked, the leakage of all encryption software cannot be caused, and the safety of data transmission in a system formed by the premise equipment of the whole outside unit and the data center can be improved to a certain extent.
The embodiment of the present application further provides an information management system for a remote unit, including: the system comprises residential equipment, safety equipment and a data center of a residential unit; the residential unit premises equipment is used for recording and managing the residential unit data of the residential unit premises equipment and encrypting the latest residential unit data regularly or irregularly through pre-distributed encryption software to obtain data to be reported; the safety equipment is used for acquiring data to be reported transmitted from the premise equipment of the outside unit through the Internet and uploading the data to be reported to the data center through the intranet under the condition of not accessing the Internet; and the data center is used for decrypting the data to be reported to obtain data to be synchronized and synchronizing the data of the premise equipment of the outside unit stored in the data center according to the data to be synchronized.
In the implementation process, the premise equipment of the outside unit encrypts the data to be reported by pre-distributed encryption software under the condition of no networking and then transmits the encrypted data to the safety equipment through the internet. And then the security equipment uploads to the data center under the condition of not accessing the Internet, and the data center carries out synchronization after decryption. Therefore, data transmission from the premise equipment of the outside units to the data center is realized through the Internet, so that the data center can manage the data of the premise equipment of each outside unit. Meanwhile, in the encryption process, networks among the premise equipment of the foreign unit, the safety equipment and the data center are isolated (namely encryption and decryption are all carried out in a safety environment without accessing the internet, and the internet transmission process with high risk of disclosure only relates to encrypted data to be reported, so that the risk of breaking the data after being hijacked in the internet transmission process is greatly reduced, and reliable and safe information transmission and management of information of the foreign premise unit are realized.
The embodiment of the present application further provides an information transmission apparatus, which is applied to a security device, and includes: the device comprises a first acquisition module and a first processing module; the first acquisition module is used for acquiring data to be reported transmitted from the premise equipment of the outside unit through the Internet; the data to be reported is data encrypted by the premise equipment of the outside unit through pre-distributed encryption software; the first processing module is used for decrypting the data to be reported under the condition of no networking, accessing an intranet and uploading the decrypted data to be reported to a data center; or, the data processing device is used for accessing an intranet and uploading the data to be reported to a data center so that the data center can decrypt the data to be reported.
The embodiment of the present application further provides an information management apparatus, which is applied in a data center, and includes: the device comprises a second acquisition module, a second processing module, a decryption module and a synchronization module; the second acquisition module is used for acquiring data to be reported transmitted from the premise equipment of the outside unit through the safety equipment; the data to be reported is data encrypted by the premise equipment of the outside unit through pre-distributed encryption software; the second processing module is used for searching the corresponding relation between the preset residential unit premises equipment and the decryption mode according to the residential unit premises equipment corresponding to the data to be reported to obtain the decryption mode corresponding to the residential unit premises equipment; the decryption module is used for decrypting the data to be reported according to the decryption mode to obtain the data to be synchronized; and the synchronization module is used for synchronizing the data of the premise equipment of the outside units stored in the data center according to the data to be synchronized.
The embodiment of the application also provides electronic equipment, which comprises a data interface, a processor, a memory and a communication bus; the data interface is used for acquiring data to be reported; the communication bus is used for realizing connection communication among the data interface, the processor and the memory; the processor is configured to execute one or more programs stored in the memory to implement any of the above-described information transmission methods or to implement any of the above-described information management methods.
The embodiment of the present application further provides a readable storage medium, where one or more programs are stored, and the one or more programs are executable by one or more processors to implement any one of the above-mentioned information transmission methods, or to implement any one of the above-mentioned information management methods.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a schematic diagram of a basic structure of an information management system of a remote unit according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a more specific information management system for a remote unit according to an embodiment of the present disclosure;
fig. 3 is an interaction diagram of a data transmission process from a premise equipment of an outside unit to a data center according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an information transmission apparatus according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an information management apparatus according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
The first embodiment is as follows:
in order to solve the problem of how to reliably and safely transmit and manage information of a remote unit, the embodiment of the application provides an information management system of the remote unit. As shown in fig. 1, the information management system of a premise unit includes premise equipment of the premise unit, security equipment and a data center, wherein:
the outdoor unit premise equipment is arranged at the premise of each outdoor unit, and can be used for recording and managing outdoor unit data (such as equipment data of the outdoor unit) of the outdoor unit premise equipment. It should be understood that, during the task execution, since the execution of the task may cause the change of the unit data outside the residence, for example, the loss of equipment or equipment may occur, in the embodiment of the present application, the unit premise equipment needs to encrypt the latest unit data outside the residence periodically or aperiodically by using pre-allocated encryption software, and then report the encrypted unit data to the data center for unified management. For convenience of description, in the embodiment of the present application, data that is obtained by encrypting through pre-allocated encryption software and needs to be sent to the data center is data to be reported.
The safety equipment can be electronic equipment which is arranged in China and can be connected with the Internet or an intranet. In the embodiment of the application, the safety equipment can acquire the data to be reported transmitted from the premise equipment of the outdoor unit through the internet and then upload the data to be reported to the data center through the intranet under the condition of not accessing the internet.
And the data center is used for decrypting the data to be reported to obtain data to be synchronized and synchronizing the data of the corresponding outdoor unit premise equipment stored in the data center according to the data to be synchronized.
In the embodiment of the application, the data center can be arranged in China, and only other devices are allowed to access through an intranet, so that the safety of the data center is ensured.
In the embodiment of the application, the corresponding relationship between each outdoor unit premise equipment and the decryption mode can be preset in the data center, so that the preset corresponding relationship between the outdoor unit premise equipment and the decryption mode is searched according to the outdoor unit premise equipment corresponding to the data to be reported, the decryption mode corresponding to the outdoor unit premise equipment is obtained, and the data to be reported is decrypted according to the decryption mode.
It should be noted that in a feasible implementation manner of the embodiment of the present application, the security device may also decrypt the data to be reported first, and then upload the decrypted data to be reported to the data center through the intranet without accessing the internet.
It should be noted that, when decrypting the data to be reported, the security device should be in a state of not accessing the internet, so as to improve the security of the decryption process. In addition, in consideration of security, full disk scanning can be performed before decryption, so that the current environment is ensured to be safe.
In the above feasible embodiment, the security device may preset a corresponding relationship between each premise equipment of the premise equipment outside and the decryption mode, so that, under the condition of no networking, the preset corresponding relationship between the premise equipment of the premise equipment outside and the decryption mode is searched according to the premise equipment outside corresponding to the data to be reported, and then the decryption mode corresponding to the premise equipment outside is obtained, and the data to be reported is decrypted according to the decryption mode.
In the embodiment of the application, the encryption software of each outdoor unit premise equipment can be configured differently, and the corresponding relations between the corresponding different outdoor unit premise equipment and the decryption modes can be different, so that when the encryption software of any outdoor unit premise equipment is leaked, the encryption software of other outdoor unit premise equipment cannot be invalid, and the safety of the system can be improved to a certain extent.
In addition, in the embodiment of the application, the encryption software of each outdoor unit premise equipment can be uniformly distributed by the data center, so that the situation that the encryption software of part of outdoor unit premise equipment is the same is avoided. In order to enhance the security, the encryption software of the premise equipment of each outside unit can be replaced regularly or irregularly. For example, when the outdoor units of the outdoor unit premise equipment alternate, new encryption software can be distributed to the outdoor unit premise equipment and transmitted to the outdoor unit premise equipment through a preset transmission medium; for another example, new encryption software may be allocated to the premise equipment of the premise unit every preset time period (for example, one month), and the new encryption software may be transmitted to the premise equipment of the premise unit through a preset transmission medium. It should be noted that the transmission medium may be a medium such as an optical disc, and the transmission medium is sent to the premises of the remote unit by a person or an agency (e.g., an embassy, etc.) with the associated transmission authority and installed in the equipment of the remote unit.
In addition, in the embodiment of the application, when a residential unit is newly dispatched, new encryption software may be allocated to the residential unit and downloaded to a preset transmission medium, so that the residential unit can install the new encryption software in the residential unit premise equipment of the newly-built premise through the transmission medium.
It should be noted that, in the embodiment of the present application, different encryption software sets may be configured for different premise equipment units outside the residence in advance, and each time a new encryption software is allocated to a premise equipment unit outside the residence, one encryption software is selected from the corresponding encryption software set and allocated to the premise equipment unit outside the residence. In addition, in the embodiment of the application, different encryption software sets configured for each premise equipment of the premise unit are different from each other, so that the situation that the encryption software corresponding to one premise equipment of the premise unit is divulged is prevented from causing the divulgence of all the encryption software.
It should also be noted that in the embodiment of the present application, the premise equipment of the outdoor unit may include a premise database, and the recording and management of the outdoor unit data are realized through the premise database. Correspondingly, the data to be reported can also be encrypted by the premise database. It should be noted that, for security reasons, the premise database needs to be encrypted without accessing the internet.
Furthermore, in a possible implementation of the embodiment of the present application, the premise equipment of the premise unit may include premise security equipment in addition to the premise database, as shown in fig. 2. The premise database is not connected with the Internet, but records the encrypted data to be reported into transmission media such as an optical disc and the like, and then inputs the data into premise safety equipment, and the premise safety equipment transmits the data into domestic safety equipment through the Internet. Therefore, the premise database is not directly associated with the external equipment, and the safety of the premise database is greatly improved.
It should be noted that the intranet described in the embodiment of the present application may be an intranet of an organization to which a residential unit belongs.
It should be noted that, in practical applications, the premise database is usually located abroad, and maintenance resources are limited, so in this embodiment of the present application, the premise database may be implemented by using some databases with relatively simple structures (e.g., Access database, etc.), and the data center may be implemented by using databases with relatively powerful functions (e.g., Oracle database, SQ L server database, etc.).
It should be noted that, in the embodiment of the present application, in addition to the transmission of the data to be reported to the data center via the internet, security transmission may also be implemented in other manners, for example, the residential device of the residential unit may record encrypted data to be reported to the transmission medium such as an optical disc, and then the encrypted data to be reported may be brought back to the home by a special person and uploaded to the data center in the intranet device, and for example, the residential device of the residential unit may record encrypted data to be reported to the transmission medium such as an optical disc and handed over to an essential department (such as an embassy), and then the encrypted data to be reported may be sent back to the home by the essential department and uploaded to the data center in the intranet device.
It should be understood that, in the actual application process, because the areas of different residential units are different in condition, the transmission mode to be adopted needs to be determined according to the actual condition of the area of each residential unit. For example, in the area of the unit outside the residence, the unit is a war zone, a mode that special personnel return to the country and upload to the data center in the intranet equipment is adopted, or a mode that a machine department returns to the country and uploads to the data center in the intranet equipment is adopted; and in the area where the residential unit is located, which is a relatively stable area, the internet transmission mode of the information management system of the residential unit can be adopted.
In addition, in the practical application process, a plurality of transmission modes can be adopted at the same time. However, due to the different transmission modes, the transmission takes different time, so that the situation of sending before arriving (namely the situation that the data sent before arrives at the data center later than the data sent after) may exist. In order to ensure the data synchronization reliability of the data center and avoid the time difference caused by different transmission modes, in the embodiment of the application, the premise equipment of the outside unit can write a timestamp when encrypting the data to be reported through pre-distributed encryption software. And then the data center can synchronize the data to be synchronized obtained by decryption according to the time stamp obtained by decryption.
For example, it may be determined whether the time represented by the timestamp is earlier than the time of the data of the premise equipment of the residential unit that is currently synchronized in the data center, and if the time represented by the timestamp is earlier than the time, it indicates that a situation that the data is sent first and then arrives exists, and at this time, the data to be synchronized is not the latest data, and at this time, the data may not be synchronized; if not earlier, the data to be synchronized may be used to synchronize data of the premise equipment outside the premises in the data center.
However, it should be noted that in practical applications, in order to ensure that the data of the data center has traceability so as to facilitate data backtracking and management, in another example of the embodiment of the present application, the data to be synchronized may be stored in the data center at a time position corresponding to a time stamp according to the time stamp. Therefore, data in the data center can have higher association degree of data integrity according to information such as time, corresponding premise equipment of a premise unit and the like, and data verification is facilitated.
It should be further noted that, in order to facilitate data verification, in a possible implementation manner of the embodiment of the present application, in the data center, the historical data after data synchronization is not discarded, but may be marked with an unalterable time stamp for storage.
In the embodiment of the application, the data center can send the data which needs the synchronization of the outdoor unit premise equipment to the outdoor unit premise equipment besides reporting the data to the data center by the outdoor unit premise equipment. For example, when a unit outside the residence is to be changed, or when a unit outside the residence is to be newly dispatched, it is necessary to assign the latest equipment data to the unit outside the residence, and in this case, these equipment data need to be synchronized with each unit outside the residence. In this case, a feasible manner is to implement data distribution to each premise equipment outside the residence through the reverse order of reporting data to the data center by the premise equipment outside the residence.
Specifically, the data center may encrypt the data to be transmitted according to encryption software corresponding to the target premise equipment of the unit outside the residence, and then send the encrypted data to the security device through the intranet. The safety equipment disconnects the intranet, accesses the internet and sends the intranet to the target outside-dwelling unit premise equipment. And the target outside unit premise equipment decrypts the data to be transmitted and synchronizes the data to be transmitted under the condition of not connecting the Internet.
According to the information management system for the residential unit outside, the residential unit outside equipment encrypts the data to be reported by pre-distributed encryption software under the condition of no networking and then transmits the encrypted data to the safety equipment through the internet. And then the security equipment uploads to the data center under the condition of not accessing the Internet, and the data center carries out synchronization after decryption. Therefore, data transmission from the premise equipment of the outside units to the data center is realized through the Internet, so that the data center can manage the data of the premise equipment of each outside unit. Meanwhile, in the encryption process, networks among the premise equipment of the foreign unit, the safety equipment and the data center are isolated (namely encryption and decryption are all carried out in a safety environment without accessing the internet, and the internet transmission process with high risk of disclosure only relates to encrypted data to be reported, so that the risk of breaking the data after being hijacked in the internet transmission process is greatly reduced, and reliable and safe information transmission and management of information of the foreign premise unit are realized.
Example two:
the present embodiment further illustrates a data transmission process from the premise equipment of the outdoor unit to the data center in the form of a flowchart on the basis of the first embodiment.
As can be seen in fig. 3, includes:
s301: and the premise equipment of the outside unit encrypts the data to be reported through pre-distributed encryption software under the condition of not networking and writes a timestamp.
S302: and accessing the Internet, and sending the encrypted data to be reported to the safety equipment through the Internet.
S303: the safety equipment uploads the data to be reported to a data center through an intranet under the condition that the safety equipment does not access the Internet.
In the embodiment of the application, when the security device uploads the data to be reported, the security device uploads the source of the data to be reported at the same time, so that the data center knows where the data to be reported is obtained, and then determines the premise equipment of the outside unit corresponding to the data to be reported.
S304: and the data center searches the corresponding relation between the preset residential unit premises equipment and the decryption mode according to the residential unit premises equipment corresponding to the data to be reported to obtain the decryption mode corresponding to the residential unit premises equipment.
S305: and decrypting the data to be reported by using the decryption mode to obtain the timestamp and the data to be synchronized.
S306: and storing the data to be synchronized at the time position corresponding to the time stamp.
According to the scheme, the data from the premise equipment of the outside units to the data center are efficiently transmitted by utilizing the Internet, so that the data center can manage the data of the premise equipment of each outside unit. Meanwhile, in the encryption process, networks among the premise equipment of the foreign unit, the safety equipment and the data center are isolated (namely encryption and decryption are all carried out in a safety environment without accessing the internet, and the internet transmission process with high risk of disclosure only relates to encrypted data to be reported, so that the risk of breaking the data after being hijacked in the internet transmission process is greatly reduced, and reliable and safe information transmission and management of information of the foreign premise unit are realized.
Example three:
based on the same inventive concept, an information transmission apparatus 100 and an information management apparatus 200 are also provided in the embodiments of the present application, please refer to fig. 4 and 5. It should be understood that the specific functions of the apparatus 100 can be referred to the above description of the security device, and the functions of the apparatus 200 can be referred to the above description of the data center, and the detailed description is omitted here as appropriate to avoid redundancy. The devices 100 and 200 generally include at least one software functional module that can be stored in memory in the form of software or firmware or solidified in the operating system of the devices 100 and 200. Specifically, the method comprises the following steps:
referring to fig. 4, the apparatus 100 is applied to a security device, and includes: a first acquisition module 101 and a first processing module 102. Wherein:
the first acquisition module 101 is used for acquiring data to be reported transmitted from the premise equipment of the outside unit through the internet; the data to be reported is data encrypted by premise equipment of a residential unit through pre-distributed encryption software;
the first processing module 102 is configured to decrypt the data to be reported under the condition of no networking, access an intranet, and upload the decrypted data to be reported to a data center; or, the data processing device is used for accessing the intranet and uploading the data to be reported to the data center so that the data center can decrypt the data to be reported.
In this embodiment of the application, the first processing module 102 is specifically configured to, in a case of no networking, search for a preset correspondence between the premise equipment of; and decrypting the data to be reported according to the decryption mode.
Referring to fig. 5, the apparatus 200 is applied in a data center, and includes: a second obtaining module 201, a second processing module 202, a decryption module 203 and a synchronization module 204. Wherein:
a second obtaining module 201, configured to obtain, through the security device, data to be reported transmitted from the premise equipment of the outside unit; the data to be reported is data encrypted by premise equipment of a residential unit through pre-distributed encryption software;
the second processing module 202 is configured to search a preset correspondence between the premise equipment of the premise unit and the decryption mode according to the premise equipment of the premise unit corresponding to the data to be reported, so as to obtain the decryption mode corresponding to the premise equipment of the premise unit;
the decryption module 203 is configured to decrypt the data to be reported according to a decryption manner to obtain data to be synchronized;
and the synchronization module 204 is configured to synchronize data of the premise equipment of the outside unit stored in the data center according to the data to be synchronized.
In the embodiment of the application, the data to be reported carries a timestamp when the premise equipment of the premise unit is encrypted through pre-distributed encryption software. The synchronization module 204 is specifically configured to synchronize data of the premise equipment of the outside unit stored in the data center with the data to be synchronized according to the timestamp in the data to be reported.
In a possible implementation manner of the embodiment of the present application, the synchronization module 204 is specifically configured to, in a data center, store data to be synchronized at a time position corresponding to a timestamp according to the timestamp.
In this embodiment of the application, the second processing module 202 is further configured to, when the residential units of the residential unit premises equipment alternate, allocate new encryption software to the residential unit premises equipment and transmit the new encryption software to the residential unit premises equipment through a preset transmission medium; and/or when the outdoor unit is dispatched newly, distributing new encryption software for the outdoor unit, and downloading the new encryption software to a preset transmission medium so that the outdoor unit can install the new encryption software in the outdoor unit premise equipment of the newly-built premise through the transmission medium.
In the embodiment of the application, in the preset corresponding relationship between the premise equipment of the outside unit and the decryption mode, the decryption modes corresponding to different premise equipment of the outside unit are different.
It should be understood that, for the sake of brevity, the contents described in some embodiments are not repeated in this embodiment, and the implementation process may refer to the description in embodiment one.
Example four:
the present embodiment provides an electronic device, which is shown in fig. 6 and includes a data interface 601, a processor 602, a memory 603, and a communication bus 604. Wherein:
the data interface 601 is used for acquiring data and sending out data, and is a data transmission interface;
the communication bus 604 is used for realizing connection communication among the data interface 601, the processor 602, and the memory 603.
The processor 602 is configured to execute one or more programs stored in the memory 603 to implement the operations performed by the security device in the first embodiment and/or the second embodiment, or to implement the operations performed by the data center in the first embodiment and/or the second embodiment.
It will be appreciated that the configuration shown in fig. 6 is merely illustrative and that the electronic device may include more or fewer components than shown in fig. 6 or have a different configuration than shown in fig. 6.
The present embodiment further provides a readable storage medium, such as a floppy disk, an optical disk, a hard disk, a flash Memory, a usb (secure digital Card) Card, an MMC (Multimedia Card) Card, etc., in which one or more programs for implementing the above steps are stored, and the one or more programs can be executed by one or more processors to implement the operations performed by the security device in the first embodiment and/or the second embodiment, or the operations performed by the data center in the first embodiment and/or the second embodiment. And will not be described in detail herein.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
In addition, units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
Furthermore, the functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
In this context, a plurality means two or more.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (10)

1. An information transmission method, comprising:
the safety equipment acquires data to be reported transmitted from the premise equipment of the outside unit through the Internet; the data to be reported is encrypted by pre-distributed encryption software under the condition that the premise equipment of the outside unit is not networked;
the safety equipment decrypts the data to be reported under the condition of not accessing the Internet, accesses an intranet and uploads the data to be reported obtained by decryption to a data center;
or the safety equipment accesses an intranet under the condition of not accessing the internet, and uploads the data to be reported to a data center so that the data center can decrypt the data to be reported.
2. The information transmission method according to claim 1, wherein the decrypting, by the security device, the data to be reported without networking includes:
under the condition of not networking, the safety equipment searches the corresponding relation between the preset residential unit premises equipment and the decryption mode according to the residential unit premises equipment corresponding to the data to be reported to obtain the decryption mode corresponding to the residential unit premises equipment;
and decrypting the data to be reported according to the decryption mode.
3. An information management method, comprising:
the data center acquires data to be reported transmitted from the premise equipment of the outside unit through the safety equipment; the data to be reported is encrypted by pre-distributed encryption software under the condition that the premise equipment of the outside unit is not networked;
searching a preset corresponding relation between the residential unit premises equipment and a decryption mode according to the residential unit premises equipment corresponding to the data to be reported to obtain the decryption mode corresponding to the residential unit premises equipment;
decrypting the data to be reported according to the decryption mode to obtain data to be synchronized;
and synchronizing the data of the premise equipment of the outside units stored in the data center according to the data to be synchronized.
4. The information management method according to claim 3, wherein the data to be reported carries a timestamp of the premise equipment of the premise unit when encrypted by pre-distributed encryption software;
the synchronizing the data of the premise equipment of the outside unit stored in the data center according to the data to be synchronized comprises:
and according to the timestamp in the data to be reported, synchronizing the data of the premise equipment of the outside unit stored in the data center by using the data to be synchronized.
5. The information management method of claim 4, wherein the synchronizing data of the premise equipment outside the residence unit stored in the data center using the data to be synchronized according to the timestamp in the data to be reported comprises:
and in the data center, storing the data to be synchronized at the time position corresponding to the time stamp according to the time stamp.
6. The information management method according to any one of claims 3 to 5, wherein the method further comprises:
when the outdoor units of the outdoor unit premise equipment alternate, distributing new encryption software for the outdoor unit premise equipment, and transmitting the new encryption software to the outdoor unit premise equipment through a preset transmission medium;
and/or when a residential unit is dispatched newly, distributing new encryption software for the residential unit, and downloading the new encryption software to a preset transmission medium so that the residential unit can install the new encryption software in the residential unit premise equipment of the newly-built premise through the transmission medium.
7. The information management method according to any one of claims 3 to 5, wherein, in the correspondence between the preset premise equipment of the premise units and the decryption modes, the decryption modes corresponding to different premise equipment of the premise units are different.
8. An information management system for a remote unit, comprising: the system comprises residential equipment, safety equipment and a data center of a residential unit;
the residential unit premises equipment is used for recording and managing the residential unit data of the residential unit premises equipment and encrypting the latest residential unit data regularly or irregularly through pre-distributed encryption software to obtain data to be reported;
the safety equipment is used for acquiring data to be reported transmitted from the premise equipment of the outside unit through the Internet and uploading the data to be reported to the data center through the intranet under the condition of not accessing the Internet;
and the data center is used for decrypting the data to be reported to obtain data to be synchronized and synchronizing the data of the premise equipment of the outside unit stored in the data center according to the data to be synchronized.
9. An information transmission apparatus, applied to a security device, comprising: the device comprises a first acquisition module and a first processing module;
the first acquisition module is used for acquiring data to be reported transmitted from the premise equipment of the outside unit through the Internet; the data to be reported is data encrypted by the premise equipment of the outside unit through pre-distributed encryption software;
the first processing module is used for decrypting the data to be reported under the condition of no networking, accessing an intranet and uploading the decrypted data to be reported to a data center; or, the data processing device is used for accessing an intranet and uploading the data to be reported to a data center so that the data center can decrypt the data to be reported.
10. An electronic device comprising a data interface, a processor, a memory, and a communication bus;
the data interface is used for acquiring data to be reported;
the communication bus is used for realizing connection communication among the data interface, the processor and the memory;
the processor is configured to execute one or more programs stored in the memory to implement the information transmission method according to claim 1 or 2, or to implement the information management method according to any one of claims 3 to 7.
CN202010314420.2A 2020-04-20 2020-04-20 Information transmission and information management method, system and device and electronic equipment Active CN111510304B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010314420.2A CN111510304B (en) 2020-04-20 2020-04-20 Information transmission and information management method, system and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010314420.2A CN111510304B (en) 2020-04-20 2020-04-20 Information transmission and information management method, system and device and electronic equipment

Publications (2)

Publication Number Publication Date
CN111510304A true CN111510304A (en) 2020-08-07
CN111510304B CN111510304B (en) 2023-06-20

Family

ID=71874411

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010314420.2A Active CN111510304B (en) 2020-04-20 2020-04-20 Information transmission and information management method, system and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN111510304B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113472801A (en) * 2021-07-12 2021-10-01 中国人民解放军陆军勤务学院 Physically isolated network communication method and module

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030079121A1 (en) * 2001-10-19 2003-04-24 Applied Materials, Inc. Secure end-to-end communication over a public network from a computer inside a first private network to a server at a second private network
CN103532980A (en) * 2013-10-30 2014-01-22 国家信息中心 Secure access terminal for intranet and extranet
CN103532978A (en) * 2013-10-30 2014-01-22 北京艾斯蒙科技有限公司 Secure access mode for intranet and extranet
CN103546478A (en) * 2013-10-30 2014-01-29 国家信息中心 Internal and external network secure access method and system
CN105871902A (en) * 2016-05-25 2016-08-17 安徽问天量子科技股份有限公司 Data encryption and isolation system
US20170024586A1 (en) * 2014-04-11 2017-01-26 Avl List Gmbh Device and Method for Transmitting Data
CN107360154A (en) * 2017-07-10 2017-11-17 中国科学院沈阳计算技术研究所有限公司 A kind of intranet security cut-in method and system
CN109600372A (en) * 2018-12-08 2019-04-09 公安部第三研究所 A kind of end-to-end hardware encryption system
CN109617875A (en) * 2018-12-10 2019-04-12 国网思极网安科技(北京)有限公司 A kind of the secure accessing platform and its implementation of terminal communication network
CN110351305A (en) * 2019-08-09 2019-10-18 北京安迅伟业科技有限公司 Data double-way transmission method and device between net

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030079121A1 (en) * 2001-10-19 2003-04-24 Applied Materials, Inc. Secure end-to-end communication over a public network from a computer inside a first private network to a server at a second private network
CN103532980A (en) * 2013-10-30 2014-01-22 国家信息中心 Secure access terminal for intranet and extranet
CN103532978A (en) * 2013-10-30 2014-01-22 北京艾斯蒙科技有限公司 Secure access mode for intranet and extranet
CN103546478A (en) * 2013-10-30 2014-01-29 国家信息中心 Internal and external network secure access method and system
US20170024586A1 (en) * 2014-04-11 2017-01-26 Avl List Gmbh Device and Method for Transmitting Data
CN105871902A (en) * 2016-05-25 2016-08-17 安徽问天量子科技股份有限公司 Data encryption and isolation system
CN107360154A (en) * 2017-07-10 2017-11-17 中国科学院沈阳计算技术研究所有限公司 A kind of intranet security cut-in method and system
CN109600372A (en) * 2018-12-08 2019-04-09 公安部第三研究所 A kind of end-to-end hardware encryption system
CN109617875A (en) * 2018-12-10 2019-04-12 国网思极网安科技(北京)有限公司 A kind of the secure accessing platform and its implementation of terminal communication network
CN110351305A (en) * 2019-08-09 2019-10-18 北京安迅伟业科技有限公司 Data double-way transmission method and device between net

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
JIAN-HUA ZHU: ""The Study and Design on Data Security System of E-government Intranet"", 《2010 THIRD INTERNATIONAL SYMPOSIUM ON ELECTRONIC COMMERCE AND SECURITY》, 26 August 2010 (2010-08-26) *
吴辉宇等: "基于内外网通信安全的设计与实现", 《无线通信技术》, no. 02, 15 June 2017 (2017-06-15) *
郭秀华: "政府部门及企业网络安全解决方案研究", 《科技信息》, no. 22, 5 August 2013 (2013-08-05) *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113472801A (en) * 2021-07-12 2021-10-01 中国人民解放军陆军勤务学院 Physically isolated network communication method and module
CN113472801B (en) * 2021-07-12 2022-10-14 中国人民解放军陆军勤务学院 Physically isolated network communication method and module

Also Published As

Publication number Publication date
CN111510304B (en) 2023-06-20

Similar Documents

Publication Publication Date Title
CN104023085A (en) Security cloud storage system based on increment synchronization
CN110502916B (en) Sensitive data processing method and system based on block chain
CN112291376B (en) Data processing method and related equipment in block chain system
CN111930851A (en) Control data processing method, device, medium and electronic equipment of block chain network
CN110309197B (en) Project data verification method and device
CN105812391A (en) Safe cloud storage system
CN111726343A (en) Electronic official document safe transmission method based on IPFS and block chain
CN103262494A (en) Cross-domain identity management for a whitelist-ased online secure device privisioning framework
WO2020173231A1 (en) Resource request method, device and storage medium
CN102845043A (en) Online secure device provisioning framework
CN109523040B (en) User equipment repair method, server, system and medium capable of protecting privacy
CN105635320A (en) Method and equipment for calling configuration information
CN110866261A (en) Data processing method and device based on block chain and storage medium
CN106255103A (en) A kind of method of data synchronization and equipment
CN111245861A (en) Power data storage and sharing method
WO2018088985A1 (en) Information and telecommunication monitoring system, method of data monitoring and processing, and computer-readable data carrier
CN111081331B (en) Patient file privacy protection method and system
CN111510304B (en) Information transmission and information management method, system and device and electronic equipment
CN112395620B (en) Trusted time stamp implementation method based on trusted time
CN117874143A (en) Cloud edge database middleware synchronization method in distributed environment
CN111552746B (en) Data synchronization method, device, electronic equipment and storage medium
CN116155491B (en) Symmetric key synchronization method of security chip and security chip device
CN111708554A (en) Monitoring platform software module trusted change method and system
JP4995667B2 (en) Information processing apparatus, server apparatus, information processing program, and method
CN107925664B (en) Method for secure and efficient access to connection data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant