CN114491641A - Method and system for realizing cross-network application of sensitive identity information - Google Patents

Method and system for realizing cross-network application of sensitive identity information Download PDF

Info

Publication number
CN114491641A
CN114491641A CN202210134074.9A CN202210134074A CN114491641A CN 114491641 A CN114491641 A CN 114491641A CN 202210134074 A CN202210134074 A CN 202210134074A CN 114491641 A CN114491641 A CN 114491641A
Authority
CN
China
Prior art keywords
identity information
server
machine
sensitive identity
key file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210134074.9A
Other languages
Chinese (zh)
Inventor
林龙
杨瑷华
林乐智
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Shuzhengtong Technology Co ltd
Original Assignee
Shenzhen Shuzhengtong Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Shuzhengtong Technology Co ltd filed Critical Shenzhen Shuzhengtong Technology Co ltd
Priority to CN202210134074.9A priority Critical patent/CN114491641A/en
Publication of CN114491641A publication Critical patent/CN114491641A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a method and a system for realizing cross-network application of sensitive identity information, wherein the method comprises the following steps: the server encryption machine requests sensitive identity information from the identity library system, encrypts the sensitive identity information and transmits the encrypted sensitive identity information to the first application system; the first application system generates a two-dimensional code according to the encrypted sensitive identity information; the user terminal acquires the two-dimension code from the Internet terminal and displays the two-dimension code to code scanning equipment; the code scanning device scans the two-dimensional code and transmits the read two-dimensional code data to the second application system; the second application system transmits the two-dimensional code data to the server decryption machine; and the server decryption machine decrypts the two-dimensional code data to acquire the sensitive identity information and the related service information. The method can support all the code scanning devices in the isolation network to realize the function of decrypting the sensitive identity information without modifying the original code scanning devices one by one and only by adding one server decryption machine in the isolation network.

Description

Method and system for realizing cross-network application of sensitive identity information
Technical Field
The invention relates to the technical field of data security, in particular to a method and a system for realizing cross-network application of sensitive identity information.
Background
Generally, the national government and public security administration that needs to check the real identity information of the client adopts the mode of checking the second-generation identity card. The second-generation identity card belongs to an off-line carrier, identity sensitive information is stored in the identity card, and an identity card reader can only read data in the identity card but cannot output the data to the identity card, so that the second-generation identity card is used without worrying about the disclosure of an intranet system. The sensitive identity information of the second-generation card is read without accessing the network, and the service process is pushed downwards by using the read information.
And another way of transferring identity information is to use a two-dimensional code as a storage medium. The information generator encrypts the sensitive information, then compiles the information into the two-dimensional code, and simultaneously uses a two-dimensional code reader additionally provided with a specific security chip to scan the two-dimensional code in the isolation network, and decrypts the sensitive identity information by using the security chip, thereby also realizing the function of obtaining the sensitive identity information off line.
Both of the above approaches either have to rely on a hardware carrier (secondary authentication). If an electronic information carrier (such as a two-dimensional code) is adopted, the reading end needs to be configured with a corresponding security chip to realize information decryption. There is a significant cost of retrofitting to already deployed equipment.
Disclosure of Invention
The application provides a method and a system for realizing cross-network application of sensitive identity information, which can be suitable for a scene that sensitive identity data generated by the Internet is applied off-line in a strictly isolated network.
In view of this, a first aspect of the present application provides a method for implementing a sensitive identity information cross-network application, where the method is applied to an implementation system of a sensitive identity information cross-network application, the implementation system of the sensitive identity information cross-network application includes an internet end, a user terminal, an isolation gatekeeper and a security isolation gatekeeper, the internet end includes a first application system and a server encryption machine, and the security isolation network includes a code scanning device, a second application system and a server decryption machine, and the method includes: the server encryption machine requests sensitive identity information from an identity library system, encrypts the sensitive identity information and transmits the encrypted sensitive identity information to the first application system; the first application system generates a two-dimensional code according to the encrypted sensitive identity information; the user terminal acquires the two-dimension code from the Internet terminal and displays the two-dimension code to the code scanning equipment; the code scanning device scans the two-dimensional code and transmits the read two-dimensional code data to the second application system; the second application system transmits the two-dimensional code data to the server decryption machine; and the server decryption machine decrypts the two-dimensional code data to acquire sensitive identity information and related service information.
Optionally, with reference to the first aspect, in a possible implementation manner, a network access relationship is established between the server decryption machine and the second application system, the isolation gateway is arranged between the internet end and the security isolation network end, and the internet end and the security isolation network end are respectively provided with a file switch.
Optionally, with reference to the first aspect, in a possible implementation manner, the method further includes: the server encryption machine generates a key file periodically and submits the key file to the server decryption machine through an isolation gateway so as to realize synchronous updating and replacement of the key, wherein the key file is protected by a digital envelope.
Optionally, with reference to the first aspect, in a possible implementation manner, the method further includes: the server encryption machine configures a set number for the key file and distributes the set number to the server decryption machine; the server decryption machine keeps a key file with the set number, and when the server decryption machine receives the two-dimensional code, the set number is used for indicating the server decryption machine to select to use the corresponding key file; and when the server encryption machine determines that the switching time of the key file is reached according to the set number, switching to the key file corresponding to the set number.
Optionally, with reference to the first aspect, in a possible implementation manner, the method further includes: the server encryption machine sets the plaintext or plaintext transformation value of the set number in the sensitive identity information ciphertext; the server decryption machine reads the plaintext or plaintext transformation value of the set number according to the sensitive identity information ciphertext; and the server decryption machine determines a corresponding key file according to the plaintext or plaintext conversion value of the set number, and decrypts the sensitive identity information ciphertext according to the corresponding key file.
The second aspect of the application provides a system for implementing cross-network application of sensitive identity information, which is characterized in that the system for implementing cross-network application of sensitive identity information comprises an internet end, a user terminal, an isolation gateway and a security isolation network end, wherein the internet end comprises a first application system and a server encryption machine, the security isolation network comprises a code scanning device, a second application system and a server decryption machine, and the server encryption machine is used for requesting sensitive identity information from an identity library system, encrypting the sensitive identity information and transmitting the encrypted sensitive identity information to the first application system; the first application system is used for generating a two-dimensional code according to the encrypted sensitive identity information; the user terminal is used for acquiring the two-dimension code from the Internet end and displaying the two-dimension code to the code scanning equipment; the code scanning device is used for scanning the two-dimensional code and transmitting the read two-dimensional code data to the second application system; the second application system is used for transmitting the two-dimensional code data to the server decryption machine; and the server decryption machine is used for decrypting the two-dimensional code data to acquire sensitive identity information and related service information.
Optionally, with reference to the second aspect, in a possible implementation manner, a network access relationship is established between the server decryption machine and the second application system, the isolation gatekeeper is arranged between the internet end and the security isolation gatekeeper, and the file switches are respectively arranged at the internet end and the security isolation gatekeeper.
Optionally, with reference to the second aspect, in a possible implementation manner, the server encryption machine is further configured to periodically generate a key file, and submit the key file to the server decryption machine through the isolated gatekeeper, so as to implement synchronous key update replacement, where the key file is protected by a digital envelope.
Optionally, with reference to the second aspect, in a possible implementation manner, the server encryption device is further configured to configure a setting number for the key file, and distribute the setting number to the server decryption device; the server decryption machine is also used for reserving the key file with the set number, and when the server decryption machine receives the two-dimensional code, the set number is used for indicating the server decryption machine to select to use the corresponding key file; and the server encryption machine is also used for switching to the key file corresponding to the set number when the switching time of the key file is determined to be reached according to the set number.
Optionally, with reference to the second aspect, in a possible implementation manner, the server encryption device is configured to set the plaintext or the plaintext transformation value of the set number in the sensitive identity information ciphertext; the server decryption machine is used for reading the plaintext or plaintext transformation value of the set number according to the sensitive identity information ciphertext; and the server decryption machine is used for determining a corresponding key file according to the plaintext or plaintext conversion value of the set number and decrypting the sensitive identity information ciphertext according to the corresponding key file.
The application provides a method and a system for realizing cross-network application of sensitive identity information, the method is applied to a system for realizing cross-network application of sensitive identity information, the system for realizing cross-network application of sensitive identity information comprises an internet end, a user terminal, an isolation network gate and a safety isolation network end, the internet end comprises a first application system and a server encryption machine, the safety isolation network comprises a code scanning device, a second application system and a server decryption machine, and the method comprises the following steps: the server encryption machine requests sensitive identity information from an identity library system, encrypts the sensitive identity information and transmits the encrypted sensitive identity information to the first application system; the first application system generates a two-dimensional code according to the encrypted sensitive identity information; the user terminal acquires the two-dimension code from the Internet terminal and displays the two-dimension code to the code scanning equipment; the code scanning device scans the two-dimensional code and transmits the read two-dimensional code data to the second application system; the second application system transmits the two-dimensional code data to the server decryption machine; and the server decryption machine decrypts the two-dimensional code data to acquire sensitive identity information and related service information. Compared with the mode of introducing the security chip at the code scanning device end, the method does not need to reform the original code scanning devices one by one, and can support all the code scanning devices in the isolation network to realize the function of decrypting the sensitive identity information by only adding one server decryption machine in the isolation network.
Drawings
Fig. 1 is a schematic diagram of an implementation system for cross-network application of sensitive identity information in an embodiment of the present application;
fig. 2 is a schematic flow chart of a method for implementing cross-network application of sensitive identity information in the embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The term "and/or" appearing in the present application may be an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in this application generally indicates that the former and latter related objects are in an "or" relationship.
The terms "first," "second," and the like in the description and in the claims of the present application and in the above-described drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Moreover, the terms "comprises," "comprising," and any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or modules is not necessarily limited to those steps or modules explicitly listed, but may include other steps or modules not expressly listed or inherent to such process, method, article, or apparatus.
Generally, the national government and public security administration that needs to check the real identity information of the client adopts the mode of checking the second-generation identity card. The second-generation identity card belongs to an off-line carrier, identity sensitive information is stored in the identity card, and an identity card reader can only read data in the identity card but cannot output the data to the identity card, so that the second-generation identity card is used without worrying about the disclosure of an intranet system. The sensitive identity information of the second-generation card is read without accessing the network, and the service process is pushed downwards by using the read information.
And another way of transferring identity information is to use a two-dimensional code as a storage medium. The information generator encrypts the sensitive information, then compiles the encrypted sensitive information into the two-dimensional code, and simultaneously uses a two-dimensional code reader which is additionally provided with a specific security chip to scan the two-dimensional code in the isolation network, and decrypts the sensitive identity information by using the security chip, thereby also realizing the function of acquiring the sensitive identity information off line.
Both of the above approaches either have to rely on a hardware carrier (secondary authentication). If an electronic information carrier (such as a two-dimensional code) is adopted, the reading end needs to be configured with a corresponding security chip to realize information decryption. There is a significant cost of retrofitting to already deployed equipment.
Therefore, the present application provides a system for implementing a cross-network application of sensitive identity information, please refer to fig. 1, where the system for implementing a cross-network application of sensitive identity information includes an internet end, a security isolation network end, a user terminal, and an isolation gatekeeper, where the internet end includes a first application system, a server encryptor, and a file switch. The security isolation network end comprises code scanning equipment, a second application system, a server decryption machine and a file switch.
Based on the implementation system of the cross-network application of the sensitive identity information, the application provides an implementation method of the cross-network application of the sensitive identity information, please refer to fig. 2, and the method includes:
s110, the server encryption machine requests sensitive identity information from the identity library system, encrypts the sensitive identity information and transmits the encrypted sensitive identity information to the first application system.
The data carrier carrying the sensitive identity information is a two-dimensional code, the internet end application system encrypts the sensitive identity information through the special server encryption machine and then puts the encrypted sensitive identity information into the two-dimensional code, and the special server decryption machine deployed in the network end is strictly isolated to decrypt the sensitive identity information. The two networks are isolated by an isolation gatekeeper, and direct access to the networks cannot be performed.
The two-dimensional code is generated by a first application system on the internet side, and sensitive identity information needs to be requested from an identity library system before the code is generated. The identity base system uses a special server encryption machine to encrypt sensitive identity information and then delivers the encrypted sensitive identity information to the first application system.
And S120, the first application system generates a two-dimensional code according to the encrypted sensitive identity information.
The first application system organizes the ciphertext into the two-dimensional code data and then generates the two-dimensional code integrally.
S130, the user terminal obtains the two-dimension code from the Internet terminal and displays the two-dimension code to the code scanning device.
The user terminal obtains the two-dimensional code from the first application system through an application program (APP), and displays the two-dimensional code to the code scanning device for the device in the security isolation network side to scan the code. The code scanning device can be an original common scanning gun, a scanner and the like without modification.
S140, scanning the two-dimensional code by the code scanning device, and transmitting the recognized two-dimensional code data to a second application system.
The code scanning device hands the two-dimensional code data read by the code scanning device to the second application system to which the two-dimensional code data belongs.
S150, the second application system transmits the two-dimensional code data to the server decryption machine.
The second application system uniformly delivers the two-dimensional code data to a special server decryption machine deployed in the isolated network of the second application system.
S160, the server decryption machine decrypts the two-dimensional code data to obtain sensitive identity information and relevant service information.
The server decryption machine decrypts the two-dimensional code data to acquire sensitive identity information and other related service information.
The decryption service provided by the server decryption machine in the isolation network is online, one server decryption machine can support decryption requests of thousands of code scanning devices, only a network access relation is needed to be established between the second application system and the server decryption machine, and the code scanning device end does not need to be modified in software and hardware. From the perspective of the whole network, the server decryption machine is in an off-line working state, and the server decryption machine is disconnected from the code generation system when the server decryption machine runs the decryption function. There is strict network isolation facility between the first application system for code generation and the second application system for code scanning.
Even if there is tight network isolation, synchronization of the encryption and decryption keys must be guaranteed between the first application system and the second application system. The server encryption machine can generate a new encryption key periodically, adopts digital envelope protection, and delivers the new encryption key to the server decryption machine in a file form through a network gate, thereby realizing synchronous updating and replacing of the key.
Still further, the method further comprises: the server encryption machine configures a set number for the key file and distributes the set number to the server decryption machine; the server decryption machine keeps a key file with the set number, and when the server decryption machine receives the two-dimensional code, the set number is used for indicating the server decryption machine to select to use the corresponding key file; and when the server encryption machine determines that the switching time of the key file is reached according to the set number, switching to the key file corresponding to the set number. The setting number may include a switching date or a specific switching time. When the switching date or the specific switching time is reached, the server encryption machine switches the key file, one or more key files can be stored in the server decryption machine, when the server decryption machine receives the ciphertext, the key number in the ciphertext can be read firstly, then the key file with the same set number is determined according to the key number, and the key file is used for decryption. In principle, the server encryptor and the server decryptor need only store two sets of keys to be available, one set being the keys currently in use and one set being the keys to be enabled. In the practical process, the server encryption machine and the server decryption machine have enough space, and dozens of hundreds of groups of keys can be stored. Thus, multiple groups of keys can be selected for encryption and decryption.
Still further, the method further comprises: the server encryption machine sets the plaintext or plaintext transformation value of the set number in the sensitive identity information ciphertext; the server decryption machine reads the plaintext or plaintext transformation value of the set number according to the sensitive identity information ciphertext; and the server decryption machine determines a corresponding key file according to the plaintext or plaintext conversion value of the set number, and decrypts the sensitive identity information ciphertext according to the corresponding key file. Therefore, the set number can be carried in the sensitive identity information cipher text, and the synchronous switching of the cipher keys of the server encryption machine and the server decryption machine is realized.
Referring to fig. 1, in the implementation system for providing the common sensitive identity information cross-network application, the server encryption engine is configured to request the sensitive identity information from the identity repository system, encrypt the sensitive identity information, and transmit the encrypted sensitive identity information to the first application system; the first application system is used for generating a two-dimensional code according to the encrypted sensitive identity information; the user terminal is used for acquiring the two-dimension code from the Internet end and displaying the two-dimension code to the code scanning equipment; the code scanning device is used for scanning the two-dimensional code and transmitting the read two-dimensional code data to the second application system; the second application system is used for transmitting the two-dimensional code data to the server decryption machine; and the server decryption machine is used for decrypting the two-dimensional code data to acquire sensitive identity information and related service information.
Further, a network access relationship is established between the server decryption machine and the second application system, the isolation gateway is arranged between the internet end and the security isolation network end, and the internet end and the security isolation network end are respectively provided with a file switch.
Further, the server encryption machine is also used for periodically generating a key file and submitting the key file to the server decryption machine through the isolation gateway so as to realize synchronous updating and replacement of the key, wherein the key file is protected by a digital envelope.
Further, the server encryption machine is also used for configuring a set number for the key file and distributing the set number to the server decryption machine; the server decryption machine is also used for reserving the key file with the set number, and when the server decryption machine receives the two-dimensional code, the set number is used for indicating the server decryption machine to select to use the corresponding key file; and the server encryption machine is also used for switching to the key file corresponding to the set number when the switching time of the key file is determined to be reached according to the set number.
Further, the server encryption machine is used for setting the plaintext or plaintext transformation value with the set number in the sensitive identity information ciphertext; the server decryption machine is used for reading the plaintext or plaintext transformation value of the set number according to the sensitive identity information ciphertext; and the server decryption machine is used for determining a corresponding key file according to the plaintext or plaintext conversion value of the set number and decrypting the sensitive identity information ciphertext according to the corresponding key file.
The method and the system for realizing the cross-network application of the sensitive identity information can change the decryption sensitive identity information of the distributed code scanning equipment end into the unified decryption of the centralized server decryption machine; the customized encryption machine and the customized decryption machine are special for the special machine, so that the operation efficiency, the reliability and the safety are guaranteed. Specifically, the following advantages are provided:
1. compared with a mode of introducing a security chip at a code scanning device end, the scheme does not need to modify the original code scanning devices one by one, and can support all the code scanning devices in the network to realize the function of decrypting sensitive identity information by only adding one server decryption machine in an isolated network;
2. the server encryption machine and the server decryption machine are both developed in a customized manner, have a national code bureau model certificate and a police department inspection and detection report, belong to information security hardware-level products, and have high security and reliability;
3. the management and maintenance of the distributed hundreds of code scanning equipment terminals is changed into the management and maintenance of only one server placed at a fixed position, and the key synchronization and other operation and maintenance work are simple.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
In the examples provided herein, it is to be understood that the disclosed methods may be practiced otherwise than as specifically described without departing from the spirit and scope of the present application. The present embodiment is an exemplary example only, and should not be taken as limiting, and the specific disclosure should not be taken as limiting the purpose of the application. For example, some features may be omitted, or not performed.
The technical means disclosed in the present application is not limited to the technical means disclosed in the above embodiments, and includes technical means formed by any combination of the above technical features. It should be noted that, for those skilled in the art, without departing from the principle of the present application, several improvements and modifications can be made, and these improvements and modifications are also considered to be within the scope of the present application.
The method and system for implementing the cross-network application of the sensitive identity information provided by the embodiment of the application are introduced in detail, a specific example is applied in the text to explain the principle and the implementation mode of the application, and the description of the embodiment is only used for helping to understand the method and the core idea of the application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application. Although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims (10)

1. A method for realizing cross-network application of sensitive identity information is characterized in that the method is applied to a system for realizing cross-network application of sensitive identity information, the system for realizing cross-network application of sensitive identity information comprises an Internet end, a user terminal, an isolation network gate and a safety isolation network end, the Internet end comprises a first application system and a server encryption machine, the safety isolation network comprises a code scanning device, a second application system and a server decryption machine, and the method comprises the following steps:
the server encryption machine requests sensitive identity information from an identity library system, encrypts the sensitive identity information and transmits the encrypted sensitive identity information to the first application system;
the first application system generates a two-dimensional code according to the encrypted sensitive identity information;
the user terminal acquires the two-dimension code from the Internet terminal and displays the two-dimension code to the code scanning equipment;
the code scanning device scans the two-dimensional code and transmits the read two-dimensional code data to the second application system;
the second application system transmits the two-dimensional code data to the server decryption machine;
and the server decryption machine decrypts the two-dimensional code data to acquire sensitive identity information and related service information.
2. The method for implementing the cross-network application of the sensitive identity information according to claim 1,
the server decryption machine and the second application system establish a network access relationship, the isolation network gate is arranged between the internet end and the safety isolation network end, and the internet end and the safety isolation network end are respectively provided with a file switch.
3. The method for implementing the cross-network application of the sensitive identity information according to claim 2, wherein the method further comprises:
the server encryption machine generates a key file periodically and submits the key file to the server decryption machine through an isolation gateway so as to realize synchronous updating and replacement of the key, wherein the key file is protected by a digital envelope.
4. The method for implementing the cross-network application of the sensitive identity information according to claim 3, wherein the method further comprises:
the server encryption machine configures a set number for the key file and distributes the set number to the server decryption machine;
the server decryption machine keeps a key file with the set number, and when the server decryption machine receives the two-dimensional code, the set number is used for indicating the server decryption machine to select to use the corresponding key file; and when the server encryption machine determines that the switching time of the key file is reached according to the set number, switching to the key file corresponding to the set number.
5. The method for implementing the cross-network application of the sensitive identity information according to claim 4, wherein the method further comprises:
the server encryption machine sets the plaintext or plaintext transformation value of the set number in the sensitive identity information ciphertext;
the server decryption machine reads the plaintext or plaintext transformation value of the set number according to the sensitive identity information ciphertext;
and the server decryption machine determines a corresponding key file according to the plaintext or plaintext conversion value of the set number, and decrypts the sensitive identity information ciphertext according to the corresponding key file.
6. A system for realizing sensitive identity information cross-network application is characterized by comprising an Internet end, a user terminal, an isolation gateway and a security isolation network end, wherein the Internet end comprises a first application system and a server encryption machine, the security isolation network comprises a code scanning device, a second application system and a server decryption machine,
the server encryption machine is used for requesting sensitive identity information from an identity library system, encrypting the sensitive identity information and transmitting the encrypted sensitive identity information to the first application system;
the first application system is used for generating a two-dimensional code according to the encrypted sensitive identity information;
the user terminal is used for acquiring the two-dimension code from the Internet end and displaying the two-dimension code to the code scanning equipment;
the code scanning device is used for scanning the two-dimensional code and transmitting the read two-dimensional code data to the second application system;
the second application system is used for transmitting the two-dimensional code data to the server decryption machine;
and the server decryption machine is used for decrypting the two-dimensional code data to acquire sensitive identity information and related service information.
7. The system of claim 6,
the server decryption machine and the second application system establish a network access relationship, the isolation network gate is arranged between the internet end and the safety isolation network end, and the internet end and the safety isolation network end are respectively provided with a file switch.
8. The system of claim 7,
the server encryption machine is also used for periodically generating a key file and submitting the key file to the server decryption machine through the isolation gateway so as to realize synchronous updating and replacement of the key, wherein the key file is protected by a digital envelope.
9. The system of claim 8,
the server encryption machine is also used for configuring a set number for the key file and distributing the set number to the server decryption machine;
the server decryption machine is also used for reserving the key file with the set number, and when the server decryption machine receives the two-dimensional code, the set number is used for indicating the server decryption machine to select to use the corresponding key file;
and the server encryption machine is also used for switching to the key file corresponding to the set number when the switching time of the key file is determined to be reached according to the set number.
10. The system of claim 9, wherein the sensitive identity information is applied across a network,
the server encryption machine is used for setting the plaintext or plaintext transformation value with the set number in the sensitive identity information ciphertext;
the server decryption machine is used for reading the plaintext or plaintext transformation value of the set number according to the sensitive identity information ciphertext;
and the server decryption machine is used for determining a corresponding key file according to the plaintext or plaintext conversion value of the set number and decrypting the sensitive identity information ciphertext according to the corresponding key file.
CN202210134074.9A 2022-02-14 2022-02-14 Method and system for realizing cross-network application of sensitive identity information Pending CN114491641A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210134074.9A CN114491641A (en) 2022-02-14 2022-02-14 Method and system for realizing cross-network application of sensitive identity information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210134074.9A CN114491641A (en) 2022-02-14 2022-02-14 Method and system for realizing cross-network application of sensitive identity information

Publications (1)

Publication Number Publication Date
CN114491641A true CN114491641A (en) 2022-05-13

Family

ID=81481189

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210134074.9A Pending CN114491641A (en) 2022-02-14 2022-02-14 Method and system for realizing cross-network application of sensitive identity information

Country Status (1)

Country Link
CN (1) CN114491641A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117596084A (en) * 2024-01-19 2024-02-23 天津航天机电设备研究所 Software continuous integration system and method for network information security

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117596084A (en) * 2024-01-19 2024-02-23 天津航天机电设备研究所 Software continuous integration system and method for network information security
CN117596084B (en) * 2024-01-19 2024-04-16 天津航天机电设备研究所 Software continuous integration system and method for network information security

Similar Documents

Publication Publication Date Title
EP3293934B1 (en) Cloud storage method and system
CN107659829B (en) Video encryption method and system
CN110868301B (en) Identity authentication system and method based on state cryptographic algorithm
EP2677682A1 (en) Key management system
CN113872762B (en) Quantum encryption communication system based on power distribution terminal equipment and use method thereof
CN103220295A (en) Document encryption and decryption method, device and system
CN106161444B (en) Secure storage method of data and user equipment
CN108809633B (en) Identity authentication method, device and system
CN106411504B (en) Data encryption system, method and device
CN110505053B (en) Quantum key filling method, device and system
CN105207773A (en) Method, system and device for management, synchronization and backup of data encryption key
CN112216038B (en) Intelligent cabinet opening method, data processing method and device and intelligent cabinet application system
GB2429545A (en) Securely storing and access data
CN105119891B (en) A kind of data interactive method, set-top box and server
CN112202556B (en) Security authentication method, device and system
CN115422570B (en) Data processing method and system for distributed storage
CN112436936B (en) Cloud storage method and system with quantum encryption function
CN103236934A (en) Method for cloud storage security control
CN110708291A (en) Data authorization access method, device, medium and electronic equipment in distributed network
WO2020082226A1 (en) Method and system for transferring data in a blockchain system
CN111355702A (en) Method and system for secure transmission of data sets, medical facility and program product
CN114491641A (en) Method and system for realizing cross-network application of sensitive identity information
JP4995667B2 (en) Information processing apparatus, server apparatus, information processing program, and method
JPH11143359A (en) Enciphering device, decoding device, information sharing device, enciphering method, decoding method, information processing method, and recording medium
CN112398818B (en) Software activation method and related device thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination