CN111756777A - Data transmission method, data processing device, data processing apparatus, and computer storage medium - Google Patents

Data transmission method, data processing device, data processing apparatus, and computer storage medium Download PDF

Info

Publication number
CN111756777A
CN111756777A CN202010881854.0A CN202010881854A CN111756777A CN 111756777 A CN111756777 A CN 111756777A CN 202010881854 A CN202010881854 A CN 202010881854A CN 111756777 A CN111756777 A CN 111756777A
Authority
CN
China
Prior art keywords
data
data processing
processing equipment
target object
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010881854.0A
Other languages
Chinese (zh)
Other versions
CN111756777B (en
Inventor
马海刚
马维宁
聂志鹏
陈奕雷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN202010881854.0A priority Critical patent/CN111756777B/en
Publication of CN111756777A publication Critical patent/CN111756777A/en
Application granted granted Critical
Publication of CN111756777B publication Critical patent/CN111756777B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/55Push-based network services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application provides a data transmission method, data processing equipment, a data processing device and a computer storage medium, and belongs to the technical field of cloud security. In the embodiment of the application, after receiving a request message for acquiring unidirectional network data sent by a target object, data processing equipment in a public network stores the request message into a shared storage area; the data processing equipment in the public network receives encrypted data corresponding to a request message pushed by the data processing equipment in the unidirectional network; and after receiving the random key sent by the target object, the data processing equipment in the public network decrypts the encrypted data according to the random key to obtain original data, and returns the obtained original data to the target object. Due to the data transmission mode provided by the embodiment of the application, the encrypted data in the unidirectional network is pushed to the public network, the random key is pushed to the user, and the security of the data transmission from the unidirectional network to the public network can be improved by the mode of separately pushing the encrypted data and the random key.

Description

Data transmission method, data processing device, data processing apparatus, and computer storage medium
Technical Field
The present application relates to the field of cloud security technologies, and in particular, to a data transmission method, a data processing device, an apparatus, and a computer storage medium.
Background
With the rapid development of the internet and cloud technologies, the relationship between the network and people's life is becoming more and more intimate, and many activities are also transferred to the internet, the internet of things, the metropolitan area network or other wide area networks for carrying out, such as online shopping, online banking, online office, e-commerce, e-government affairs, and the like. Meanwhile, due to the openness of the network itself, data stored on the network also faces many security problems.
For example, after an enterprise performs online office work, a large amount of relatively confidential data needs to be stored on the network; aiming at the problems, enterprises establish a public network and an internal network, the public network provides open services for users, the internal network is provided with logic isolation or physical isolation, and relatively confidential data can be stored in the internal network. When the user terminal accesses the internal network, the user can access the data in the internal network through the user terminal, but when the user terminal cannot access the internal network, the user cannot acquire the data in the internal network.
Disclosure of Invention
The application provides a data transmission method, data processing equipment, a data processing device and a computer storage medium, which are used for improving the security of data transmission from a unidirectional network to a public network.
In a first aspect, an embodiment of the present application provides a first data transmission method, including:
after receiving a request message for acquiring unidirectional network data sent by a target object, data processing equipment in a public network stores the request message into a shared storage area;
the data processing equipment in the public network receives encrypted data corresponding to the request message pushed by the data processing equipment in the unidirectional network; the encrypted data is obtained by encrypting original data corresponding to the request message after the data processing equipment in the unidirectional network monitors the request message in the shared storage area;
after receiving the random key sent by the target object, the data processing equipment in the public network decrypts the encrypted data according to the random key to obtain original data, and returns the obtained original data to the target object; and the random key sent by the target object is pushed to the target object by the data processing equipment in the unidirectional network.
In a second aspect, an embodiment of the present application provides a second data transmission method, including:
after monitoring a request message in a shared storage area, data processing equipment in the unidirectional network determines original data corresponding to the request message and encrypts the determined original data to obtain encrypted data; the request message is stored in the shared storage area after the data processing equipment in the public network receives the request message for acquiring the unidirectional network data sent by the target object;
and the data processing equipment in the unidirectional network pushes the encrypted data to the data processing equipment in the public network, and pushes the generated random key to the target object, so that the target object sends the random key to the data processing equipment in the public network, the data processing equipment in the public network decrypts the encrypted data according to the random key to obtain original data, and the original data is returned to the target object.
In a third aspect, an embodiment of the present application provides a data transmission apparatus, including:
the storage unit is used for storing a request message for acquiring unidirectional network data into a shared storage area after receiving the request message sent by a target object;
a receiving unit, configured to receive encrypted data corresponding to the request message pushed by the data processing device in the unidirectional network; the encrypted data is obtained by encrypting original data corresponding to the request message after the data processing equipment in the unidirectional network monitors the request message in the shared storage area;
the processing unit is used for decrypting the encrypted data according to the random key after receiving the random key sent by the target object to obtain original data and returning the obtained original data to the target object; and the random key sent by the target object is pushed to the target object by the data processing equipment in the unidirectional network.
In a fourth aspect, an embodiment of the present application provides a second data transmission apparatus, including:
the device comprises a determining unit, a processing unit and a processing unit, wherein the determining unit is used for determining original data corresponding to a request message after monitoring the request message in a shared storage area, and encrypting the determined original data to obtain encrypted data; the request message is stored in the shared storage area after the data processing equipment in the public network receives the request message for acquiring the unidirectional network data sent by the target object;
and the pushing unit is used for pushing the encrypted data to data processing equipment in the public network and pushing the generated random key to the target object so that the target object sends the random key to the data processing equipment in the public network, the data processing equipment in the public network decrypts the encrypted data according to the random key to obtain original data, and the original data is returned to the target object.
In a fifth aspect, an embodiment of the present application provides a data transmission system, including a data processing device and a data storage device in a public network, and a data processing device in a unidirectional network;
wherein the data storage device comprises a shared storage area;
the data processing equipment in the public network is used for storing the request message to the shared storage area after receiving the request message for acquiring the unidirectional network data sent by the target object; receiving encrypted data corresponding to the request message pushed by data processing equipment in the unidirectional network; after receiving a random key sent by the target object, decrypting the encrypted data according to the random key to obtain original data, and returning the obtained original data to the target object;
the data processing equipment in the unidirectional network is used for determining original data corresponding to the request message after monitoring the request message in the shared storage area, and encrypting the determined original data to obtain encrypted data; and pushing the encrypted data to data processing equipment in the public network, and pushing the generated random key to the target object so that the target object sends the random key to the data processing equipment in the public network.
In a sixth aspect, an embodiment of the present application provides a data transmission method, where the method includes:
after receiving a request message for acquiring unidirectional network data sent by a target object, data processing equipment in a public network stores the request message into a shared storage area;
after monitoring a request message in the shared storage area, data processing equipment in the unidirectional network determines original data corresponding to the request message and encrypts the determined original data to obtain encrypted data;
the data processing equipment in the unidirectional network pushes the encrypted data to the data processing equipment in the public network, and pushes the generated random key to the target object, so that the target object sends the random key to the data processing equipment in the public network;
the data processing equipment in the public network receives encrypted data corresponding to the request message pushed by the data processing equipment in the unidirectional network;
and after receiving the random key sent by the target object, the data processing equipment in the public network decrypts the encrypted data according to the random key to obtain original data, and returns the obtained original data to the target object.
In a seventh aspect, an embodiment of the present application provides an electronic device, including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the data transmission methods provided herein.
In an eighth aspect, an embodiment of the present application provides a computer-readable medium storing computer-executable instructions for executing the data transmission method provided in the present application.
The application has the beneficial effects that:
according to the data transmission mode provided by the embodiment of the application, the encrypted data in the unidirectional network is pushed to the data processing equipment in the public network by the data processing equipment in the unidirectional network, the random key is pushed to the user by the data processing equipment in the unidirectional network, and the mode of separately pushing the encrypted data and the random key can improve the security of the data. In addition, according to the data transmission scheme of the embodiment of the application, the encrypted data in the unidirectional network is not directly pushed to the target object, but is pushed to the public network after being encrypted, so that the encrypted data in the unidirectional network is prevented from being directly exposed to the target object, and after the data processing equipment in the public network receives the random key sent by the target object, the target object is determined to be the target object with the authority, the encrypted data is decrypted and then returned to the target object for viewing, so that the security of the unidirectional network data is further improved.
Drawings
Fig. 1 is a schematic diagram of an optional application scenario in an embodiment of the present application;
fig. 2 is a schematic flow chart of a data transmission method in an embodiment of the present application;
fig. 3 is a schematic display interface diagram of a mailbox client in the embodiment of the present application;
FIG. 4 is a schematic view of a display interface of a browser in an embodiment of the present application;
FIG. 5 is a schematic diagram illustrating a web page displayed on a browser in an embodiment of the present application;
fig. 6 is a schematic diagram illustrating a transmission flow of a request message in an embodiment of the present application;
FIG. 7 is a schematic diagram of a web page displayed on a browser in another public network according to an embodiment of the present application;
FIG. 8 is a schematic diagram of a data transmission process in an embodiment of the present application;
fig. 9 is a schematic overall flow chart of a data transmission method in the embodiment of the present application;
fig. 10 is a schematic flowchart of a data transmission method on the data processing device side in the public network in the embodiment of the present application;
fig. 11 is a schematic flowchart of a data transmission method on the data processing device side in the unidirectional network in the embodiment of the present application;
fig. 12 is a schematic structural diagram of a data transmission device in an embodiment of the present application;
fig. 13 is a schematic structural diagram of another data transmission device in the embodiment of the present application;
fig. 14 is a schematic structural diagram of an electronic device in an embodiment of the present application;
fig. 15 is a schematic structural diagram of a computing device in an embodiment of the present application.
Detailed Description
In order to make the technical solutions disclosed in the present application better understood, the technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
Some terms appearing herein are explained below:
1. internal network: the Intranet (Intranet) refers to an enterprise internal private network established by adopting the Internet technology; it takes TCP/IP protocol as the foundation, takes Web as the core application, forms the unified and convenient information exchange platform; the internal network may provide a variety of services including Web publishing, interaction, directory, email, wide area interconnection, file management, printing, and network management.
2. Public network: the public network refers to a cloud network which provides services for users through self infrastructure of enterprises, and the users can access the cloud services provided by the public network through the Internet (Internet).
3. Unidirectional network: the network may be an internal network in the embodiment of the application, a transmission mode of data in the unidirectional network is unidirectional, and the unidirectional network may send signaling or data to an external network but cannot receive signaling or data pushed by the external network.
4. Message queue: the message queue is a container for storing messages in the transmission process of the messages, and can be a unit for transmitting data between two computers or other equipment; the messages in the message queue may be very simple, e.g. containing only text strings, or more complex, e.g. containing embedded objects. The message sending end stores the generated message into the queue, and the message receiving end can monitor the message queue to obtain the data in the message queue. The main purpose of the queues is to provide routing and guarantee delivery of messages; if the recipient is not available when the message is sent, the message queue will hold the message until the message is successfully delivered.
5. Client (Client): or called as the user side, refers to a program corresponding to the server for providing local services to the client. Except for some application programs which only run locally, the application programs are generally installed on common clients and need to be operated together with a server. After the internet has developed, the more common clients include web browsers used on the world wide web, email clients for receiving and sending emails, and client software for instant messaging. For this kind of application, a corresponding server and a corresponding service program are required in the network to provide corresponding services, such as database services, e-mail services, etc., so that specific TCP connections need to be established at the client and server sides to ensure the normal operation of the application program.
6. A user terminal: the system can be a computer for office work or a mobile electronic device, can log in a data storage center through a virtual machine, obtains data required to be used from the data storage center and uploads the changed data to the data storage center in real time.
7. A server: the cloud server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, middleware service, a domain name service, a security service, a CDN (Content Delivery Network), a big data and artificial intelligence platform, and the like.
The following briefly introduces the design concept of the embodiments of the present application:
cloud technology refers to a hosting technology for unifying serial resources such as hardware, software, network and the like in a wide area network or a local area network to realize calculation, storage, processing and sharing of data.
Cloud technology (Cloud technology) is based on a general term of network technology, information technology, integration technology, management platform technology, application technology and the like applied in a Cloud computing business model, can form a resource pool, is used as required, and is flexible and convenient. Cloud computing technology will become an important support. Background services of the technical network system require a large amount of computing and storage resources, such as video websites, picture-like websites and more web portals. With the high development and application of the internet industry, each article may have its own identification mark and needs to be transmitted to a background system for logic processing, data in different levels are processed separately, and various industrial data need strong system background support and can only be realized through cloud computing.
Private Cloud (Private Cloud) is a method for creating Cloud infrastructure and software and hardware resources in a firewall so that each department in an organization or enterprise can share the resources in a data center. A private cloud is created, typically with cloud equipment as a Service (IaaS) software in addition to hardware resources.
The private cloud computing also comprises three layers of cloud hardware, a cloud platform and cloud service. In contrast, the cloud hardware is the user's own personal computer or server, not the cloud computing vendor's data center. Cloud computing vendors build data centers to provide public cloud services for millions of users, and therefore need to have tens of millions of servers. Private cloud computing serves only friends and relatives for an individual and the employees and customers and suppliers of the enterprise for the enterprise, so that the personal computer or server of the individual or enterprise is sufficient to provide cloud services.
Since confidential data related to individuals or enterprises are often stored in internal networks such as private clouds, a user can access data in the internal network only by a terminal accessing the internal network, but when the user terminal cannot access the internal network, for example, a network in a local area network established by the internal network for an enterprise, and when the user terminal is not within the coverage of the local area network, the user terminal cannot access the internal network, and data in the internal network cannot be acquired.
In view of this, embodiments of the present application provide a data transmission method, a data processing device, an apparatus, and a computer storage medium. The target object sends a request message for acquiring unidirectional network data to data processing equipment in the public network, and the data processing equipment in the public network stores the received request message in a shared storage area; after monitoring a request message in a shared storage area, data processing equipment in the unidirectional network pushes encrypted data corresponding to the request message to data processing equipment in a public network, generates a random key and pushes the generated random key to a target object; after the random key is input into the target object, the data processing equipment in the public network decrypts the encrypted data according to the random key to obtain original data, and returns the original data to the target object. Because the target object of the embodiment of the application is an external user which cannot directly access the unidirectional network, the embodiment of the application provides a way for acquiring unidirectional network data through a public network for the target object. In addition, according to the data transmission scheme of the embodiment of the application, the encrypted data in the unidirectional network is not directly pushed to the target object, but is pushed to the public network after being encrypted, so that the encrypted data in the unidirectional network is prevented from being directly exposed to the target object, and after the data processing equipment in the public network receives the random key sent by the target object, the target object is determined to be a user with authority, the encrypted data is decrypted and then returned to the target object for viewing, so that the security of the unidirectional network data is further improved.
After introducing the design concept of the embodiment of the present application, some simple descriptions are provided below for application scenarios to which the technical solution of the embodiment of the present application can be applied, and it should be noted that the application scenarios described below are only used for describing the embodiment of the present application and are not limited. In a specific implementation process, the technical scheme provided by the embodiment of the application can be flexibly applied according to actual needs.
Fig. 1 is a schematic diagram of an exemplary application scenario according to an embodiment of the present application, and includes a target object 10, a user terminal 11, a data processing device 12 in a public network, a data processing device 13 in a unidirectional network, and a data storage device 14.
The public network can be a network constructed by an independent server, or a network constructed by a server cluster or a distributed system consisting of a plurality of physical servers; the data processing device 12 in the public network may be a server constructing the public network or a functional module integrated in the server.
The unidirectional network may be a network constructed by an independent server, or a network constructed by a server cluster or a distributed system composed of a plurality of physical servers; the data processing device 13 in the unidirectional network may also be a server or a functional module integrated in a server that constitutes the unidirectional network.
Wherein, the data storage device 14 is located in the public network, and the data storage device 14 includes a shared storage area; the data processing device 12 in the public network and the data processing device 13 in the unidirectional network can both store and read data in the shared memory area;
it should be noted that a firewall may be further included between the data processing device 12 and the user terminal 11 in the public network, and the data storage device 14 may be located in the data processing device 12 in the public network or located in another location of the public network.
The target object 10 triggers a request message for acquiring unidirectional network data through a client installed on the user terminal 11; the client sends the request message to the data processing device 12 in the public network, the data processing device 12 in the public network stores the request message into the shared storage area, the data processing device 13 in the unidirectional network can monitor the shared storage area, and after monitoring the request message in the shared storage area, the original data corresponding to the request message is determined; and the data processing equipment 13 in the unidirectional network encrypts and pushes the original data to the data processing equipment 12 in the public network.
And the data processing device 13 in the unidirectional network pushes the generated random key to the target object 10;
the manner in which the data processing device 13 in the unidirectional network pushes the random key to the target object 10 includes, but is not limited to:
the data processing equipment 13 in the unidirectional network pushes the random key to the client, and the target object 10 checks the random key through the client;
the data processing device 13 in the unidirectional network pushes the random key to the user terminal 11 in a short message manner, and the target object 10 views the random key through the user terminal 11.
After acquiring the random key, the target object 10 inputs the acquired random key in a display interface of the client, and after acquiring the random key input by the target object 10, the client sends the random key to the data processing device 12 in the public network; the data processing device 12 in the public network decrypts the encrypted data according to the received random key to obtain original data, and returns the original data to the client; and the client displays the acquired original data to the target object in a display interface.
In the following, in conjunction with the application scenarios described above, a data transmission method provided in an exemplary embodiment of the present application is described with reference to fig. 2 to fig. 9. It should be noted that the above application scenarios are only presented to facilitate understanding of the spirit and principles of the present application, and the embodiments of the present application are not limited in this respect. Rather, embodiments of the present application may be applied to any scenario where applicable.
As shown in fig. 2, a schematic flow chart of a data transmission method provided in the embodiment of the present application is shown, where the method may include the following steps:
step S21, the data processing equipment in the public network receives the request message for acquiring the unidirectional network data sent by the target object;
in the embodiment of the application, the target object can send a request message to the data processing equipment in the public network through the client installed on the user terminal; in implementation, the target object may trigger the request message in a display interface of the client.
For example, a target object may access a public network by clicking on a link address in a mailbox; the link address may be an http address or a URL address.
As shown in fig. 3, in the display interface of the mailbox client, the target object clicks the http address in the display interface, and after the target object clicks the http address in the display interface, the user jumps to the display interface of the browser, and the user can access the public network through the browser; as shown in the browser display interface of fig. 4, the target object is prompted to register/log in, for example, the target object successfully accesses the public network through the browser after inputting the user name and the verification code in the input box of the browser display interface.
As shown in fig. 5, a schematic diagram of a web page displayed on a browser in a public network is shown, where the web page includes an "internal information area", and a target object may trigger a request message for acquiring unidirectional network data by clicking an option in the "internal information area"; for example, the "internal information section" includes: salary system, employee assessment system and work approval; the target object is triggered to acquire internal data related to a salary system on the assumption that the target object clicks an option of a salary system, the target object is triggered to acquire internal data related to an employee assessment system on the assumption that the target object clicks an option of an employee assessment system, and the target object is triggered to acquire internal data related to work approval on the assumption that the target object clicks an option of work approval.
Step S22, the data processing device in the public network stores the received request message in the shared storage area;
the shared storage area of the embodiment of the application can be a message queue, and after receiving the request message, the data processing equipment in the public network stores the received request message in the message queue; a data processing device in the unidirectional network listens to the message queue.
Step S23, after the data processing device in the unidirectional network monitors the request message in the shared storage area, determining the original data corresponding to the request message, and encrypting the original data to obtain encrypted data;
in an implementation, a data processing device in a unidirectional network listens to a shared memory area.
When the shared storage area is a message queue, the data processing equipment in the unidirectional network acquires a data type identifier contained in the request message after monitoring a newly added request message in the message queue, and determines original data corresponding to the request message according to the data type information;
when the target object triggers the request message, the request message carries the data type of the unidirectional network data required by the target object. For example, when the target object needs to acquire data related to the salary system in the unidirectional network, the request message carries a data type identifier "a", and after acquiring the data type identifier "a" carried in the request message, the data processing device in the unidirectional network determines that the target object needs to acquire original data related to the salary system. For another example, when the target object needs to acquire data related to the employee assessment system in the unidirectional network, the request message carries the data type identifier "b", and after acquiring the data type identifier "b" carried in the request message, the data processing device in the unidirectional network determines that the target object needs to acquire original data related to the employee assessment system.
As shown in the schematic diagram of request message transmission flow shown in fig. 6, it is assumed that the data processing device in the public network includes a unified request forwarding unit and a unified message queue; the data processing equipment in the unidirectional network comprises a monitoring queue transfer unit and an OA service unit. A target object triggers and acquires a request message of unidirectional network data through a client, and a unified request transfer unit of data processing equipment in a public network stores the request message to a unified message queue after receiving the request message; and a monitoring queue transfer unit of the data processing equipment in the unidirectional network monitors the unified message queue, and acquires encrypted data corresponding to the request message from the OA service unit after monitoring the request message.
It should be noted that, after receiving the request message, the data processing device in the unidirectional network needs to perform reasonability authentication on the request message;
in implementation, the data processing device in the unidirectional network acquires the identity information of the target object (for example, the account information when the target object accesses the public network) from the request message, performs the authority authentication on the target object according to the identity information of the target object, and determines that the plausibility authentication of the request message passes after the authentication passes.
After the data processing device in the unidirectional network determines the original data corresponding to the request message, the original data is encrypted by using the original key to obtain encrypted data.
Step S24, the data processing equipment in the unidirectional network pushes the encrypted data to the data processing equipment in the public network;
it should be noted that, when pushing the encrypted data to the data processing device in the public network, the data processing device in the unidirectional network in the embodiment of the present application also needs to push the encrypted key obtained by encrypting the original key to the data processing device in the public network;
in an alternative embodiment, the data processing apparatus in the unidirectional network generates a random key, and encrypts the original key using the generated random key to obtain an encryption key.
Step S25, pushing the random key of the data processing equipment in the unidirectional network to the target object;
in implementation, when the data processing equipment in the unidirectional network generates a random key, a temporary identity used for authenticating a target object is generated; the data processing equipment in the unidirectional network pushes the random key and the temporary identity to the target object;
wherein, the temporary identity may be code.
When the data processing device in the unidirectional network pushes the random key and the temporary identity to the target object, an optional implementation manner is as follows:
the data processing equipment in the unidirectional network pushes the random key and the temporary identity to the message pushing equipment in the public network, and the message pushing equipment in the public network pushes the random key and the temporary identity to the target object;
the method for pushing the random key and the temporary identity to the target object by the message pushing equipment in the public network comprises the following steps:
in the mode 1, message pushing equipment in a public network sends a random key and a temporary identity to a mailbox client of a target object in an Email mode, and the target object checks the random key and the temporary identity from the mailbox client;
it should be noted that when the target object accesses the public network and triggers the request message for acquiring the unidirectional network data, the public network may acquire the mailbox address information of the target object.
In the mode 2, the message pushing equipment in the public network passes through the user terminal in a short message mode, and the target object looks up the random key and the temporary identity from the user terminal;
it should be noted that, when the target object accesses the public network and triggers the request message for acquiring the unidirectional network data, the public network may acquire the number information of the user terminal of the target object.
Step S26, the data processing equipment in the public network receives the random key sent by the target object;
it should be noted that, when the data processing device in the unidirectional network simultaneously pushes the random key and the temporary identity to the target object, the data processing device in the public network receives the random key and the temporary identity sent by the target object;
in the implementation, a target object accesses data processing equipment in a public network through a client, and the target object inputs a random key and a temporary identity in a display interface of the client; and the data processing equipment in the public network acquires the random key and the temporary identity input by the target object in the display interface of the client.
For example, assuming that the target object clicks the option of "salary system" in the web page as shown in fig. 5, the data processing device in the public network receives the encrypted data and the encryption key pushed by the data processing device in the unidirectional network; and the data processing equipment in the unidirectional network pushes the random key and the temporary identity to the target object. A pop-up input box is placed on the browser client used by the target object, prompting the target object to enter the received random key and temporary identity, as shown in fig. 7.
Step S27, the data processing equipment in the public network decrypts the encrypted data according to the random key to obtain the original data;
after the data processing equipment in the public network receives the random secret key and the temporary identity sent by the target object, the data processing equipment in the public network authenticates the target object according to the temporary identity sent by the target object, and after the authentication is passed, the data processing equipment in the public network decrypts the encrypted data according to the random secret key to obtain original data;
in implementation, the data processing device in the public network decrypts the encryption key pushed by the data processing device in the unidirectional network by using the random key to obtain an original key;
after the original key is obtained, the data processing equipment in the public network decrypts the encrypted data by using the original key to obtain the original data.
Step S28, the data processing equipment in the public network returns the original data obtained by decryption to the target object;
after data processing equipment in the public network decrypts the original data, returning the original data to a client used by the target object; displaying original data to a target object in a display interface of a client; the client, which is used for accessing the public network for the target object, may be a browser client, for example.
According to the data processing device in the public network, after receiving the request message of the target object, the data processing device in the unidirectional network monitors the request message in a message queue mode, and the data processing device in the unidirectional network encrypts the original data corresponding to the request message by using the original key to obtain the encrypted data. Meanwhile, the data processing equipment in the unidirectional network generates a random key and a temporary identity, the original key is encrypted through the random key to obtain an encryption key, and when the encrypted data are pushed to the data processing equipment in the public network, the encryption key is pushed to the data processing equipment in the public network, so that the problem that the original key is leaked due to the fact that the original key is directly pushed to the data processing equipment in the public network is solved. And then, the data processing equipment in the unidirectional network pushes the generated random key and the temporary identity to the target object, and the target object sends the random key and the temporary identity to the data processing equipment in the public network, so that the data processing equipment in the public network authenticates the target object according to the temporary identity, decrypts the encryption key by using the random key after the authentication is determined to pass to obtain an original key, and decrypts the encrypted data by using the original key to obtain the original data. In the data transmission mode of the embodiment of the application, the encrypted data and the random key are sent separately, so that data leakage caused by interception of the encrypted data and the random key by a malicious third party can be avoided, the random key is sent to a target object by the data processing equipment in the unidirectional network, the original data is encrypted by using the original key, and the safety of data transmission is further improved.
As shown in the data transmission flow diagram of fig. 8, it is assumed that the data processing device in the public network includes a unified request forwarding unit and a unified message queue; the data processing equipment in the unidirectional network comprises a monitoring queue transfer unit and an OA service unit. A target object triggers and acquires a request message of unidirectional network data through a client, and a unified request transfer unit in a public network stores the request message to a unified message queue after receiving the request message; a monitoring queue transfer unit in the unidirectional network monitors the unified message queue, and forwards the request message to the OA service unit after monitoring the request message;
the OA business unit encrypts original data corresponding to the request message by using an original key to obtain encrypted data, generates a random key and a temporary identity, and encrypts the original key by using the random key to obtain an encrypted key; the OA business unit pushes the encrypted data and the encrypted key to the unified message queue through the monitoring queue transfer unit, and the unified request transfer unit in the public network acquires the encrypted data and the encrypted key from the unified message queue. In addition, the OA business unit pushes the random key and the temporary identity to the message pushing equipment in the public network through the monitoring queue transfer unit, and the message pushing equipment in the public network pushes the random key and the temporary identity to the target object;
the client side obtains a random secret key and a temporary identity which are input by a target object, and sends the random secret key and the temporary identity to a uniform request transfer unit in a public network, after the uniform request transfer unit in the public network authenticates the target object according to the temporary identity, the random secret key is used for decrypting an encrypted secret key to obtain an original secret key, and the original secret key is used for decrypting encrypted data to obtain original data; and the uniform request transfer unit in the public network returns the original data to the client, and the client displays the original data in a display interface.
It should be noted that after the target object exits from the access public network, the encrypted data, the encryption key, and the original data obtained by decryption stored in the public network all need to be destroyed, thereby ensuring the security of the data in the unidirectional network.
As shown in fig. 9, the overall flowchart of the data transmission method in the embodiment of the present application includes the following steps:
step S91, responding to the request message for acquiring unidirectional network data triggered by the target object, and sending the request message to the data processing equipment in the public network;
step S92, the data processing device in the public network stores the request message into the message queue;
step S93, the data processing device in the unidirectional network monitors the request message in the message queue;
step S94, the data processing equipment in the unidirectional network determines the original data corresponding to the request message, and uses the original key to encrypt the original data to obtain encrypted data;
step S95, the data processing equipment in the unidirectional network generates a random key and a temporary identity, and encrypts the original key by using the random key to obtain an encryption key;
step S96, the data processing device in the unidirectional network pushes the encrypted data and the encryption key to the data processing device in the public network;
step S97, the data processing device in the unidirectional network pushes the random key and the temporary identity to the message pushing device in the public network;
step S98, the message pushing device in the public network pushes the random key and the temporary identity to the target object;
step S99, the client acquires the random key and the temporary identity input by the target object;
step S910, the client sends the random key and the temporary identity to data processing equipment in the public network;
step S911, the data processing equipment in the public network passes the authentication of the target object according to the temporary identity;
step S912, the data processing equipment in the public network decrypts the encryption key by using the random key to obtain an original key, and decrypts the encrypted data by using the original key to obtain original data;
step S913, the data processing equipment in the public network returns the original data to the client;
step S914, the client displays the original data to the target object in the display interface.
As shown in fig. 10, a schematic diagram of a data transmission flow provided in the embodiment of the present application, applied to a data processing device in a public network, includes the following steps:
step S1001, after receiving a request message for acquiring unidirectional network data sent by a target object, a data processing device in a public network stores the request message into a shared storage area;
step S1002, a data processing device in a public network receives encrypted data corresponding to a request message pushed by a data processing device in a unidirectional network; the encrypted data is obtained by encrypting original data corresponding to a request message after a data processing device in the unidirectional network monitors the request message in the shared storage area;
step S1003, after the data processing equipment in the public network receives the random key sent by the target object, the data processing equipment decrypts the encrypted data according to the random key to obtain original data, and the obtained original data are returned to the target object; and the random key sent by the target object is pushed to the target object by the data processing equipment in the unidirectional network.
Optionally, when the data processing device in the public network receives the encrypted data corresponding to the request message pushed by the data processing device in the unidirectional network, the method further includes:
the data processing equipment in the public network receives an encryption key corresponding to the encryption data pushed by the data processing equipment in the unidirectional network; the encryption key is obtained by encrypting an original key by using a random key, and the original key is used for encrypting original data;
the data processing equipment in the public network decrypts the encrypted data according to the random key to obtain the original data, and the method comprises the following steps:
the data processing equipment in the public network decrypts the encrypted key by using the random key to obtain an original key; and decrypting the encrypted data by using the obtained original key to obtain the original data.
Optionally, before the data processing device in the public network decrypts the encrypted data according to the random key to obtain the original data, the method further includes:
receiving a temporary identity mark sent by a target object by data processing equipment in a public network; the temporary identity is pushed to a target object by the data processing equipment in the unidirectional network;
and the data processing equipment in the public network authenticates the target object according to the temporary identity and determines that the target object passes the authentication.
As shown in fig. 11, a schematic diagram of a data transmission flow provided in an embodiment of the present application, applied to a data processing device in a unidirectional network, includes the following steps:
step S1101, after monitoring a request message in a shared storage area, a data processing device in the unidirectional network determines original data corresponding to the request message, and encrypts the determined original data to obtain encrypted data; the request message is stored in the shared storage area after the data processing equipment in the public network receives the request message for acquiring the unidirectional network data sent by the target object;
step S1102, the data processing device in the unidirectional network pushes the encrypted data to the data processing device in the public network, and pushes the generated random key to the target object, so that the target object sends the random key to the data processing device in the public network, and the data processing device in the public network decrypts the encrypted data according to the random key to obtain the original data, and returns the original data to the target object.
Optionally, the encrypting the determined original data by the data processing device in the unidirectional network to obtain encrypted data includes:
and the data processing equipment in the unidirectional network encrypts the determined original data by using the original key to obtain encrypted data.
Optionally, before the data processing device in the unidirectional network pushes the encrypted data to the data processing device in the public network, the method further includes:
generating a random key by data processing equipment in the unidirectional network, and encrypting the original key by using the random key to obtain an encryption key;
when the data processing device in the unidirectional network pushes the encrypted data to the data processing device in the public network, the method further comprises the following steps:
and the data processing equipment in the unidirectional network pushes the encryption key to the data processing equipment in the public network so that the data processing equipment in the public network decrypts the encryption key by using the random key to obtain an original key and decrypts the encrypted data by using the original key to obtain the original data.
Optionally, when the data processing device in the unidirectional network pushes the generated random key to the target object, the method further includes:
and the data processing equipment in the unidirectional network pushes the generated temporary identity to the target object so that the target object sends the random key and the temporary identity to the data processing equipment in the public network, and the data processing equipment in the public network decrypts the encryption key by using the random key after the target object passes the authentication according to the temporary identity to obtain the original key.
Optionally, the data processing device in the unidirectional network pushes the random key and the generated temporary identity to the target object according to the following manner:
and the data processing equipment in the unidirectional network pushes the random key and the temporary identity to the message pushing equipment in the public network, and the message pushing equipment in the public network forwards the random key and the temporary identity to the target object.
Based on the same inventive concept, the embodiment of the present application further provides a data transmission device, and as the principle of the device for solving the problem is similar to the data transmission method, the implementation of the device can refer to the implementation of the method, and repeated details are not repeated.
As shown in fig. 12, a schematic structural diagram of a data transmission apparatus 1200 provided in the embodiment of the present application includes:
the storage unit 1201 is configured to store a request message to the shared storage area after receiving the request message for acquiring the unidirectional network data sent by the target object;
a receiving unit 1202, configured to receive encrypted data corresponding to a request message pushed by a data processing apparatus in a unidirectional network; the encrypted data is obtained by encrypting original data corresponding to a request message after the data processing equipment in the unidirectional network monitors the request message in the shared storage area;
the processing unit 1203 is configured to, after receiving the random key sent by the target object, decrypt the encrypted data according to the random key to obtain original data, and return the obtained original data to the target object; the random key sent by the target object is pushed to the target object by the data processing equipment in the unidirectional network.
Optionally, the receiving unit 1202 is further configured to:
when receiving encrypted data corresponding to a request message pushed by data processing equipment in a unidirectional network, receiving an encryption key corresponding to the encrypted data pushed by the data processing equipment in the unidirectional network; the encryption key is obtained by encrypting an original key by using a random key, and the original key is used for encrypting original data;
the processing unit 1203 is specifically configured to:
decrypting the encrypted key by using the random key to obtain an original key; and decrypting the encrypted data by using the obtained original key to obtain the original data.
Optionally, the processing unit 1203 is further configured to:
receiving a temporary identity sent by a target object; the temporary identity is pushed to a target object by the data processing equipment in the unidirectional network;
and authenticating the target object according to the temporary identity and determining that the target object is authenticated.
As shown in fig. 13, a schematic structural diagram of a data transmission apparatus 1300 according to an embodiment of the present application includes:
a determining unit 1301, configured to determine, after monitoring a request message in a shared storage area, original data corresponding to the request message, and encrypt the determined original data to obtain encrypted data; the request message is stored in the shared storage area after the data processing equipment in the public network receives the request message for acquiring the unidirectional network data sent by the target object;
the pushing unit 1302 is configured to push the encrypted data to a data processing device in the public network, and push the generated random key to the target object, so that the target object sends the random key to the data processing device in the public network, and the data processing device in the public network decrypts the encrypted data according to the random key to obtain original data, and returns the original data to the target object.
Optionally, the determining unit 1301 is specifically configured to:
and encrypting the determined original data by using the original key to obtain encrypted data.
Optionally, the pushing unit 1302 is further configured to:
before the encrypted data are pushed to data processing equipment in a public network, a random key is generated, and the original key is encrypted by using the random key to obtain an encryption key;
when the encrypted data is pushed to the data processing equipment in the public network, the encryption key is pushed to the data processing equipment in the public network, so that the data processing equipment in the public network decrypts the encryption key by using the random key to obtain an original key, and decrypts the encrypted data by using the original key to obtain the original data.
Optionally, the pushing unit 1302 is further configured to:
and when the generated random key is pushed to the target object, the generated temporary identity is pushed to the target object so that the target object sends the random key and the temporary identity to the data processing equipment in the public network, and the data processing equipment in the public network decrypts the encryption key by using the random key after the target object passes the authentication according to the temporary identity to obtain the original key.
Optionally, the pushing unit 1302 is specifically configured to push the random key and the generated temporary identity to the target object according to the following manner:
and pushing the random key and the temporary identity to a message pushing device in the public network, and forwarding the random key and the temporary identity to the target object by the message pushing device in the public network.
For convenience of description, the above parts are separately described as modules (or units) according to functional division. Of course, the functionality of the various modules (or units) may be implemented in the same one or more pieces of software or hardware when implementing the present application.
As will be appreciated by one skilled in the art, each aspect of the present application may be embodied as a system, method or program product. Accordingly, each aspect of the present application may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
In some possible implementations, embodiments of the present application also provide an electronic device, and referring to fig. 14, an electronic device 1400 may include at least one processor 1401 and at least one memory 1402. Wherein the memory 1402 stores program code, which when executed by the processor 1401 causes the processor 1401 to perform the steps in the data transmission method according to various exemplary embodiments of the present application described above in the present specification, for example, the processor 1401 may perform the steps as shown in fig. 10 or 11.
In some possible implementations, the present application further provides a computing device, which may include at least one processing unit and at least one storage unit. Wherein the storage unit stores program code, which, when executed by the processing unit, causes the processing unit to perform the steps in the data transmission method according to various exemplary embodiments of the present application described above in this specification, for example, the processor 1401 may perform the steps as shown in fig. 10 or 11.
A computing device 1500 according to this embodiment of the present application is described below with reference to fig. 15. The computing arrangement 1500 of fig. 15 is only one example and should not impose any limitations on the functionality or scope of use of embodiments of the present application.
As with fig. 15, computing device 1500 is embodied in the form of a general purpose computing device. Components of computing device 1500 may include, but are not limited to: the at least one processing unit 1501, the at least one memory unit 1502, and a bus 1503 connecting different system components (including the memory unit 1502 and the processing unit 1501).
Bus 1503 represents one or more of several types of bus structures, including a memory bus or memory controller, a peripheral bus, a processor, or a local bus using any of a variety of bus architectures.
The storage unit 1502 may include a readable medium in the form of a volatile memory, such as a Random Access Memory (RAM) 1521 or a cache storage unit 1522, and may further include a Read Only Memory (ROM) 1523.
The storage unit 1502 may also include a program/utility 1525 having a set (at least one) of program modules 1524, such program modules 1524 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The computing arrangement 1500 can also communicate with one or more external devices 1504 (e.g., keyboard, pointing device, etc.), one or more devices that enable a user to interact with the computing arrangement 1500, or any device (e.g., router, modem, etc.) that enables the computing arrangement 1500 to communicate with one or more other computing arrangements. Such communication may occur via input/output (I/O) interface 1505. Also, the computing device 1500 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), or a public network, such as the internet) through the network adapter 1506. As shown, the network adapter 1506 communicates with other modules for the computing device 1500 via bus 1503. It should be understood that although not shown, other hardware or software modules may be used in conjunction with computing device 1500, including but not limited to: microcode, device drivers, redundant processors, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
In some possible embodiments, each aspect of the data transmission method provided in the present application may also be implemented in the form of a program product including program code for causing a computer device to perform the steps in the data transmission method according to various exemplary embodiments of the present application described above in this specification when the program product is run on the computer device, for example, the computer device may perform the steps as shown in fig. 10 or 11.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (15)

1. A method of data transmission, the method comprising:
after receiving a request message for acquiring unidirectional network data sent by a target object, data processing equipment in a public network stores the request message into a shared storage area;
the data processing equipment in the public network receives encrypted data corresponding to the request message pushed by the data processing equipment in the unidirectional network; the encrypted data is obtained by encrypting original data corresponding to the request message after the data processing equipment in the unidirectional network monitors the request message in the shared storage area;
after receiving the random key sent by the target object, the data processing equipment in the public network decrypts the encrypted data according to the random key to obtain original data, and returns the obtained original data to the target object; and the random key sent by the target object is pushed to the target object by the data processing equipment in the unidirectional network.
2. The method of claim 1, wherein when the data processing device in the public network receives the encrypted data corresponding to the request message pushed by the data processing device in the unidirectional network, the method further comprises:
the data processing equipment in the public network receives an encryption key corresponding to the encrypted data pushed by the data processing equipment in the unidirectional network; the encryption key is obtained by encrypting an original key by using the random key, and the original key is a key used for encrypting the original data;
the data processing device in the public network decrypts the encrypted data according to the random key to obtain original data, and the method comprises the following steps:
the data processing equipment in the public network decrypts the encryption key by using the random key to obtain an original key; and decrypting the encrypted data by using the obtained original key to obtain the original data.
3. The method of claim 1, wherein the data processing device in the public network, prior to decrypting the encrypted data according to the random key to obtain original data, further comprises:
the data processing equipment in the public network receives the temporary identity sent by the target object; the temporary identity is pushed to the target object by the data processing equipment in the unidirectional network;
and the data processing equipment in the public network authenticates the target object according to the temporary identity and determines that the target object is authenticated.
4. A method of data transmission, the method comprising:
after monitoring a request message in a shared storage area, data processing equipment in the unidirectional network determines original data corresponding to the request message and encrypts the determined original data to obtain encrypted data; the request message is stored in the shared storage area after the data processing equipment in the public network receives the request message for acquiring the unidirectional network data sent by the target object;
and the data processing equipment in the unidirectional network pushes the encrypted data to the data processing equipment in the public network, and pushes the generated random key to the target object, so that the target object sends the random key to the data processing equipment in the public network, the data processing equipment in the public network decrypts the encrypted data according to the random key to obtain original data, and the original data is returned to the target object.
5. The method of claim 4, wherein the data processing device in the unidirectional network encrypts the determined original data to obtain encrypted data, comprising:
and the data processing equipment in the unidirectional network encrypts the determined original data by using an original key to obtain encrypted data.
6. The method of claim 5, wherein before the data processing device in the unidirectional network pushes the encrypted data to the data processing device in the public network, further comprising:
the data processing equipment in the unidirectional network generates a random key, and encrypts the original key by using the random key to obtain an encryption key;
when the data processing device in the unidirectional network pushes the encrypted data to the data processing device in the public network, the method further includes:
and the data processing equipment in the unidirectional network pushes the encryption key to the data processing equipment in the public network, so that the data processing equipment in the public network decrypts the encryption key by using the random key to obtain the original key, and decrypts the encrypted data by using the original key to obtain the original data.
7. The method of claim 6, wherein when a data processing device in the unidirectional network pushes the generated random key to the target object, further comprising:
and pushing the generated temporary identity to the target object by the data processing equipment in the unidirectional network so that the target object sends the random key and the temporary identity to the data processing equipment in the public network, and decrypting the encryption key by using the random key after the data processing equipment in the public network passes the authentication of the target object according to the temporary identity to obtain the original key.
8. The method of claim 7, wherein a data processing device in the unidirectional network pushes the random key and the generated temporary identity to the target object according to the following:
and the data processing equipment in the unidirectional network pushes the random key and the temporary identity to the message pushing equipment in the public network, and the message pushing equipment in the public network forwards the random key and the temporary identity to the target object.
9. A data transmission apparatus, comprising:
the storage unit is used for storing a request message for acquiring unidirectional network data into a shared storage area after receiving the request message sent by a target object;
a receiving unit, configured to receive encrypted data corresponding to the request message pushed by the data processing device in the unidirectional network; the encrypted data is obtained by encrypting original data corresponding to the request message after the data processing equipment in the unidirectional network monitors the request message in the shared storage area;
the processing unit is used for decrypting the encrypted data according to the random key after receiving the random key sent by the target object to obtain original data and returning the obtained original data to the target object; and the random key sent by the target object is pushed to the target object by the data processing equipment in the unidirectional network.
10. The apparatus of claim 9, wherein the receiving unit is further configured to:
when receiving encrypted data corresponding to the request message pushed by data processing equipment in a unidirectional network, receiving an encryption key corresponding to the encrypted data pushed by the data processing equipment in the unidirectional network; the encryption key is obtained by encrypting an original key by using the random key, and the original key is a key used for encrypting the original data;
the processing unit is specifically configured to:
decrypting the encryption key by using the random key to obtain an original key; and decrypting the encrypted data by using the obtained original key to obtain the original data.
11. A data transmission apparatus, comprising:
the device comprises a determining unit, a processing unit and a processing unit, wherein the determining unit is used for determining original data corresponding to a request message after monitoring the request message in a shared storage area, and encrypting the determined original data to obtain encrypted data; the request message is stored in the shared storage area after the data processing equipment in the public network receives the request message for acquiring the unidirectional network data sent by the target object;
and the pushing unit is used for pushing the encrypted data to data processing equipment in the public network and pushing the generated random key to the target object so that the target object sends the random key to the data processing equipment in the public network, the data processing equipment in the public network decrypts the encrypted data according to the random key to obtain original data, and the original data is returned to the target object.
12. A data transmission system is characterized by comprising a data processing device and a data storage device in a public network and a data processing device in a unidirectional network;
wherein the data storage device comprises a shared storage area;
the data processing equipment in the public network is used for storing the request message to the shared storage area after receiving the request message for acquiring the unidirectional network data sent by the target object; receiving encrypted data corresponding to the request message pushed by data processing equipment in the unidirectional network; after receiving a random key sent by the target object, decrypting the encrypted data according to the random key to obtain original data, and returning the obtained original data to the target object;
the data processing equipment in the unidirectional network is used for determining original data corresponding to the request message after monitoring the request message in the shared storage area, and encrypting the determined original data to obtain encrypted data; and pushing the encrypted data to data processing equipment in the public network, and pushing the generated random key to the target object so that the target object sends the random key to the data processing equipment in the public network.
13. A method of data transmission, the method comprising:
after receiving a request message for acquiring unidirectional network data sent by a target object, data processing equipment in a public network stores the request message into a shared storage area;
after monitoring a request message in the shared storage area, data processing equipment in the unidirectional network determines original data corresponding to the request message and encrypts the determined original data to obtain encrypted data;
the data processing equipment in the unidirectional network pushes the encrypted data to the data processing equipment in the public network, and pushes the generated random key to the target object, so that the target object sends the random key to the data processing equipment in the public network;
the data processing equipment in the public network receives encrypted data corresponding to the request message pushed by the data processing equipment in the unidirectional network;
and after receiving the random key sent by the target object, the data processing equipment in the public network decrypts the encrypted data according to the random key to obtain original data, and returns the obtained original data to the target object.
14. An electronic device, comprising a processor and a memory, wherein the memory stores program code which, when executed by the processor, causes the processor to perform the steps of the method of any of claims 1 to 3 or causes the processor to perform the steps of the method of any of claims 4 to 8.
15. A computer-readable storage medium, characterized in that it comprises program code for causing an electronic device to carry out the steps of the method of any one of claims 1 to 3, or to carry out the steps of the method of any one of claims 4 to 8, when said program product is run on the electronic device.
CN202010881854.0A 2020-08-28 2020-08-28 Data transmission method, data processing device, data processing apparatus, and computer storage medium Active CN111756777B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010881854.0A CN111756777B (en) 2020-08-28 2020-08-28 Data transmission method, data processing device, data processing apparatus, and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010881854.0A CN111756777B (en) 2020-08-28 2020-08-28 Data transmission method, data processing device, data processing apparatus, and computer storage medium

Publications (2)

Publication Number Publication Date
CN111756777A true CN111756777A (en) 2020-10-09
CN111756777B CN111756777B (en) 2020-11-17

Family

ID=72713275

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010881854.0A Active CN111756777B (en) 2020-08-28 2020-08-28 Data transmission method, data processing device, data processing apparatus, and computer storage medium

Country Status (1)

Country Link
CN (1) CN111756777B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112468571A (en) * 2020-11-24 2021-03-09 中国联合网络通信集团有限公司 Intranet and extranet data synchronization method and device, electronic equipment and storage medium
CN114500068A (en) * 2022-02-10 2022-05-13 广州云羲网络科技有限公司 Information data exchange system based on safety isolation network gate
CN115118458A (en) * 2022-05-31 2022-09-27 腾讯科技(深圳)有限公司 Data processing method and device, computer equipment and storage medium

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101588575A (en) * 2009-04-29 2009-11-25 候万春 System and method for providing Internet information encryption transmission service to group customer
CN105162787A (en) * 2015-09-17 2015-12-16 深圳市深信服电子科技有限公司 Method and apparatus of external network terminal for accessing manufacture device or internal network terminal
CN106209823A (en) * 2016-07-08 2016-12-07 西安电子科技大学 A kind of lightweight file remote encryption method under mobile cloud computing environment
CN107330337A (en) * 2017-07-19 2017-11-07 腾讯科技(深圳)有限公司 Date storage method, device, relevant device and the cloud system of mixed cloud
CN107635018A (en) * 2017-10-30 2018-01-26 福州大学 Support the cross-domain medical cloud storage system of urgent access control and safe duplicate removal
CN109063509A (en) * 2018-08-07 2018-12-21 上海海事大学 It is a kind of that encryption method can search for based on keywords semantics sequence
US20190294821A1 (en) * 2018-03-20 2019-09-26 Entit Software Llc Determining pseudonym values using tweak-based encryption
CN110971626A (en) * 2018-09-28 2020-04-07 贵州白山云科技股份有限公司 Enterprise branch office access request processing method, device and system
CN111026788A (en) * 2019-11-04 2020-04-17 武汉科技大学 Homomorphic encryption-based multi-keyword ciphertext sorting and retrieving method in hybrid cloud
US10733061B2 (en) * 2017-06-27 2020-08-04 Western Digital Technologies, Inc. Hybrid data storage system with private storage cloud and public storage cloud

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101588575A (en) * 2009-04-29 2009-11-25 候万春 System and method for providing Internet information encryption transmission service to group customer
CN105162787A (en) * 2015-09-17 2015-12-16 深圳市深信服电子科技有限公司 Method and apparatus of external network terminal for accessing manufacture device or internal network terminal
CN106209823A (en) * 2016-07-08 2016-12-07 西安电子科技大学 A kind of lightweight file remote encryption method under mobile cloud computing environment
US10733061B2 (en) * 2017-06-27 2020-08-04 Western Digital Technologies, Inc. Hybrid data storage system with private storage cloud and public storage cloud
CN107330337A (en) * 2017-07-19 2017-11-07 腾讯科技(深圳)有限公司 Date storage method, device, relevant device and the cloud system of mixed cloud
CN107635018A (en) * 2017-10-30 2018-01-26 福州大学 Support the cross-domain medical cloud storage system of urgent access control and safe duplicate removal
US20190294821A1 (en) * 2018-03-20 2019-09-26 Entit Software Llc Determining pseudonym values using tweak-based encryption
CN109063509A (en) * 2018-08-07 2018-12-21 上海海事大学 It is a kind of that encryption method can search for based on keywords semantics sequence
CN110971626A (en) * 2018-09-28 2020-04-07 贵州白山云科技股份有限公司 Enterprise branch office access request processing method, device and system
CN111026788A (en) * 2019-11-04 2020-04-17 武汉科技大学 Homomorphic encryption-based multi-keyword ciphertext sorting and retrieving method in hybrid cloud

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
POOJA POL等: "SECURED CLOUD DATA SHARING USING", 《2016 IEEE INTERNATIONAL CONFERENCE ON ADVANCES IN ELECTRONICS, COMMUNICATION AND COMPUTER TECHNOLOGY (ICAECCT)》 *
刘雪娇: "混合云模式下数据安全存储方案", 《北京理工大学学报》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112468571A (en) * 2020-11-24 2021-03-09 中国联合网络通信集团有限公司 Intranet and extranet data synchronization method and device, electronic equipment and storage medium
CN112468571B (en) * 2020-11-24 2022-02-01 中国联合网络通信集团有限公司 Intranet and extranet data synchronization method and device, electronic equipment and storage medium
CN114500068A (en) * 2022-02-10 2022-05-13 广州云羲网络科技有限公司 Information data exchange system based on safety isolation network gate
CN114500068B (en) * 2022-02-10 2024-01-09 广州云羲网络科技有限公司 Information data exchange system based on safety isolation gatekeeper
CN115118458A (en) * 2022-05-31 2022-09-27 腾讯科技(深圳)有限公司 Data processing method and device, computer equipment and storage medium
CN115118458B (en) * 2022-05-31 2024-04-19 腾讯科技(深圳)有限公司 Data processing method, device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN111756777B (en) 2020-11-17

Similar Documents

Publication Publication Date Title
US11973860B1 (en) Systems and methods for encryption and provision of information security using platform services
JP6835999B2 (en) Virtual service provider zone
CN111756777B (en) Data transmission method, data processing device, data processing apparatus, and computer storage medium
US20170187538A1 (en) System and method to use a cloud-based platform supported by an api to authenticate remote users and to provide pki- and pmi- based distributed locking of content and distributed unlocking of protected content
US9619659B1 (en) Systems and methods for providing information security using context-based keys
CN105556891B (en) Method, system and the storage medium of session token are sent by passive client
Feng et al. Analysis of integrity vulnerabilities and a non-repudiation protocol for cloud data storage platforms
US9160535B2 (en) Truly anonymous cloud key broker
CN102055730A (en) Cloud processing system, cloud processing method and cloud computing agent device
US20110162074A1 (en) Apparatus and method for remote processing while securing classified data
Mukundrao et al. Enhancing security in cloud computing
Prasadreddy et al. A threat free architecture for privacy assurance in cloud computing
KR20180014746A (en) Interactive record lookup processing method and apparatus
Feng et al. A fair non-repudiation framework for data integrity in cloud storage services
Mohamed et al. Using trusted computing in trusted mail transfer protocol
Wang et al. Blockchain-Based Trusted Instant Messaging Model Research
US20240195630A1 (en) System and method of privacy-aware inter-channel communication between a business entity and a person
US11750570B1 (en) Decentralized messaging inbox
Amamou et al. Towards a Better Security in Public Cloud Computing
Qaddour Multifactor Biometric Authentication for Cloud Computing
Damsika et al. A novel mechanism for secure e-tendering in an open electronic network
Shamsolmoali et al. Ensuring data security and performance evaluation in cloud computing
ABOKHZAM et al. A Proposed Framework to Enhance Data Security in Cloud Using Cryptography: Base 64 Technique
Stöwer et al. Overcoming Obstacles: Encryption for Everyone!
Rubinstein Overcoming Obstacles: Encryption for Everyone!

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40030048

Country of ref document: HK