CN114491641A - Method and system for realizing cross-network application of sensitive identity information - Google Patents
Method and system for realizing cross-network application of sensitive identity information Download PDFInfo
- Publication number
- CN114491641A CN114491641A CN202210134074.9A CN202210134074A CN114491641A CN 114491641 A CN114491641 A CN 114491641A CN 202210134074 A CN202210134074 A CN 202210134074A CN 114491641 A CN114491641 A CN 114491641A
- Authority
- CN
- China
- Prior art keywords
- identity information
- server
- machine
- sensitive identity
- key file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Telephonic Communication Services (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a method and a system for realizing cross-network application of sensitive identity information, wherein the method comprises the following steps: the server encryption machine requests sensitive identity information from the identity library system, encrypts the sensitive identity information and transmits the encrypted sensitive identity information to the first application system; the first application system generates a two-dimensional code according to the encrypted sensitive identity information; the user terminal acquires the two-dimension code from the Internet terminal and displays the two-dimension code to code scanning equipment; the code scanning device scans the two-dimensional code and transmits the read two-dimensional code data to the second application system; the second application system transmits the two-dimensional code data to the server decryption machine; and the server decryption machine decrypts the two-dimensional code data to acquire the sensitive identity information and the related service information. The method can support all the code scanning devices in the isolation network to realize the function of decrypting the sensitive identity information without modifying the original code scanning devices one by one and only by adding one server decryption machine in the isolation network.
Description
Technical Field
The invention relates to the technical field of data security, in particular to a method and a system for realizing cross-network application of sensitive identity information.
Background
Generally, the national government and public security administration that needs to check the real identity information of the client adopts the mode of checking the second-generation identity card. The second-generation identity card belongs to an off-line carrier, identity sensitive information is stored in the identity card, and an identity card reader can only read data in the identity card but cannot output the data to the identity card, so that the second-generation identity card is used without worrying about the disclosure of an intranet system. The sensitive identity information of the second-generation card is read without accessing the network, and the service process is pushed downwards by using the read information.
And another way of transferring identity information is to use a two-dimensional code as a storage medium. The information generator encrypts the sensitive information, then compiles the information into the two-dimensional code, and simultaneously uses a two-dimensional code reader additionally provided with a specific security chip to scan the two-dimensional code in the isolation network, and decrypts the sensitive identity information by using the security chip, thereby also realizing the function of obtaining the sensitive identity information off line.
Both of the above approaches either have to rely on a hardware carrier (secondary authentication). If an electronic information carrier (such as a two-dimensional code) is adopted, the reading end needs to be configured with a corresponding security chip to realize information decryption. There is a significant cost of retrofitting to already deployed equipment.
Disclosure of Invention
The application provides a method and a system for realizing cross-network application of sensitive identity information, which can be suitable for a scene that sensitive identity data generated by the Internet is applied off-line in a strictly isolated network.
In view of this, a first aspect of the present application provides a method for implementing a sensitive identity information cross-network application, where the method is applied to an implementation system of a sensitive identity information cross-network application, the implementation system of the sensitive identity information cross-network application includes an internet end, a user terminal, an isolation gatekeeper and a security isolation gatekeeper, the internet end includes a first application system and a server encryption machine, and the security isolation network includes a code scanning device, a second application system and a server decryption machine, and the method includes: the server encryption machine requests sensitive identity information from an identity library system, encrypts the sensitive identity information and transmits the encrypted sensitive identity information to the first application system; the first application system generates a two-dimensional code according to the encrypted sensitive identity information; the user terminal acquires the two-dimension code from the Internet terminal and displays the two-dimension code to the code scanning equipment; the code scanning device scans the two-dimensional code and transmits the read two-dimensional code data to the second application system; the second application system transmits the two-dimensional code data to the server decryption machine; and the server decryption machine decrypts the two-dimensional code data to acquire sensitive identity information and related service information.
Optionally, with reference to the first aspect, in a possible implementation manner, a network access relationship is established between the server decryption machine and the second application system, the isolation gateway is arranged between the internet end and the security isolation network end, and the internet end and the security isolation network end are respectively provided with a file switch.
Optionally, with reference to the first aspect, in a possible implementation manner, the method further includes: the server encryption machine generates a key file periodically and submits the key file to the server decryption machine through an isolation gateway so as to realize synchronous updating and replacement of the key, wherein the key file is protected by a digital envelope.
Optionally, with reference to the first aspect, in a possible implementation manner, the method further includes: the server encryption machine configures a set number for the key file and distributes the set number to the server decryption machine; the server decryption machine keeps a key file with the set number, and when the server decryption machine receives the two-dimensional code, the set number is used for indicating the server decryption machine to select to use the corresponding key file; and when the server encryption machine determines that the switching time of the key file is reached according to the set number, switching to the key file corresponding to the set number.
Optionally, with reference to the first aspect, in a possible implementation manner, the method further includes: the server encryption machine sets the plaintext or plaintext transformation value of the set number in the sensitive identity information ciphertext; the server decryption machine reads the plaintext or plaintext transformation value of the set number according to the sensitive identity information ciphertext; and the server decryption machine determines a corresponding key file according to the plaintext or plaintext conversion value of the set number, and decrypts the sensitive identity information ciphertext according to the corresponding key file.
The second aspect of the application provides a system for implementing cross-network application of sensitive identity information, which is characterized in that the system for implementing cross-network application of sensitive identity information comprises an internet end, a user terminal, an isolation gateway and a security isolation network end, wherein the internet end comprises a first application system and a server encryption machine, the security isolation network comprises a code scanning device, a second application system and a server decryption machine, and the server encryption machine is used for requesting sensitive identity information from an identity library system, encrypting the sensitive identity information and transmitting the encrypted sensitive identity information to the first application system; the first application system is used for generating a two-dimensional code according to the encrypted sensitive identity information; the user terminal is used for acquiring the two-dimension code from the Internet end and displaying the two-dimension code to the code scanning equipment; the code scanning device is used for scanning the two-dimensional code and transmitting the read two-dimensional code data to the second application system; the second application system is used for transmitting the two-dimensional code data to the server decryption machine; and the server decryption machine is used for decrypting the two-dimensional code data to acquire sensitive identity information and related service information.
Optionally, with reference to the second aspect, in a possible implementation manner, a network access relationship is established between the server decryption machine and the second application system, the isolation gatekeeper is arranged between the internet end and the security isolation gatekeeper, and the file switches are respectively arranged at the internet end and the security isolation gatekeeper.
Optionally, with reference to the second aspect, in a possible implementation manner, the server encryption machine is further configured to periodically generate a key file, and submit the key file to the server decryption machine through the isolated gatekeeper, so as to implement synchronous key update replacement, where the key file is protected by a digital envelope.
Optionally, with reference to the second aspect, in a possible implementation manner, the server encryption device is further configured to configure a setting number for the key file, and distribute the setting number to the server decryption device; the server decryption machine is also used for reserving the key file with the set number, and when the server decryption machine receives the two-dimensional code, the set number is used for indicating the server decryption machine to select to use the corresponding key file; and the server encryption machine is also used for switching to the key file corresponding to the set number when the switching time of the key file is determined to be reached according to the set number.
Optionally, with reference to the second aspect, in a possible implementation manner, the server encryption device is configured to set the plaintext or the plaintext transformation value of the set number in the sensitive identity information ciphertext; the server decryption machine is used for reading the plaintext or plaintext transformation value of the set number according to the sensitive identity information ciphertext; and the server decryption machine is used for determining a corresponding key file according to the plaintext or plaintext conversion value of the set number and decrypting the sensitive identity information ciphertext according to the corresponding key file.
The application provides a method and a system for realizing cross-network application of sensitive identity information, the method is applied to a system for realizing cross-network application of sensitive identity information, the system for realizing cross-network application of sensitive identity information comprises an internet end, a user terminal, an isolation network gate and a safety isolation network end, the internet end comprises a first application system and a server encryption machine, the safety isolation network comprises a code scanning device, a second application system and a server decryption machine, and the method comprises the following steps: the server encryption machine requests sensitive identity information from an identity library system, encrypts the sensitive identity information and transmits the encrypted sensitive identity information to the first application system; the first application system generates a two-dimensional code according to the encrypted sensitive identity information; the user terminal acquires the two-dimension code from the Internet terminal and displays the two-dimension code to the code scanning equipment; the code scanning device scans the two-dimensional code and transmits the read two-dimensional code data to the second application system; the second application system transmits the two-dimensional code data to the server decryption machine; and the server decryption machine decrypts the two-dimensional code data to acquire sensitive identity information and related service information. Compared with the mode of introducing the security chip at the code scanning device end, the method does not need to reform the original code scanning devices one by one, and can support all the code scanning devices in the isolation network to realize the function of decrypting the sensitive identity information by only adding one server decryption machine in the isolation network.
Drawings
Fig. 1 is a schematic diagram of an implementation system for cross-network application of sensitive identity information in an embodiment of the present application;
fig. 2 is a schematic flow chart of a method for implementing cross-network application of sensitive identity information in the embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The term "and/or" appearing in the present application may be an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in this application generally indicates that the former and latter related objects are in an "or" relationship.
The terms "first," "second," and the like in the description and in the claims of the present application and in the above-described drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Moreover, the terms "comprises," "comprising," and any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or modules is not necessarily limited to those steps or modules explicitly listed, but may include other steps or modules not expressly listed or inherent to such process, method, article, or apparatus.
Generally, the national government and public security administration that needs to check the real identity information of the client adopts the mode of checking the second-generation identity card. The second-generation identity card belongs to an off-line carrier, identity sensitive information is stored in the identity card, and an identity card reader can only read data in the identity card but cannot output the data to the identity card, so that the second-generation identity card is used without worrying about the disclosure of an intranet system. The sensitive identity information of the second-generation card is read without accessing the network, and the service process is pushed downwards by using the read information.
And another way of transferring identity information is to use a two-dimensional code as a storage medium. The information generator encrypts the sensitive information, then compiles the encrypted sensitive information into the two-dimensional code, and simultaneously uses a two-dimensional code reader which is additionally provided with a specific security chip to scan the two-dimensional code in the isolation network, and decrypts the sensitive identity information by using the security chip, thereby also realizing the function of acquiring the sensitive identity information off line.
Both of the above approaches either have to rely on a hardware carrier (secondary authentication). If an electronic information carrier (such as a two-dimensional code) is adopted, the reading end needs to be configured with a corresponding security chip to realize information decryption. There is a significant cost of retrofitting to already deployed equipment.
Therefore, the present application provides a system for implementing a cross-network application of sensitive identity information, please refer to fig. 1, where the system for implementing a cross-network application of sensitive identity information includes an internet end, a security isolation network end, a user terminal, and an isolation gatekeeper, where the internet end includes a first application system, a server encryptor, and a file switch. The security isolation network end comprises code scanning equipment, a second application system, a server decryption machine and a file switch.
Based on the implementation system of the cross-network application of the sensitive identity information, the application provides an implementation method of the cross-network application of the sensitive identity information, please refer to fig. 2, and the method includes:
s110, the server encryption machine requests sensitive identity information from the identity library system, encrypts the sensitive identity information and transmits the encrypted sensitive identity information to the first application system.
The data carrier carrying the sensitive identity information is a two-dimensional code, the internet end application system encrypts the sensitive identity information through the special server encryption machine and then puts the encrypted sensitive identity information into the two-dimensional code, and the special server decryption machine deployed in the network end is strictly isolated to decrypt the sensitive identity information. The two networks are isolated by an isolation gatekeeper, and direct access to the networks cannot be performed.
The two-dimensional code is generated by a first application system on the internet side, and sensitive identity information needs to be requested from an identity library system before the code is generated. The identity base system uses a special server encryption machine to encrypt sensitive identity information and then delivers the encrypted sensitive identity information to the first application system.
And S120, the first application system generates a two-dimensional code according to the encrypted sensitive identity information.
The first application system organizes the ciphertext into the two-dimensional code data and then generates the two-dimensional code integrally.
S130, the user terminal obtains the two-dimension code from the Internet terminal and displays the two-dimension code to the code scanning device.
The user terminal obtains the two-dimensional code from the first application system through an application program (APP), and displays the two-dimensional code to the code scanning device for the device in the security isolation network side to scan the code. The code scanning device can be an original common scanning gun, a scanner and the like without modification.
S140, scanning the two-dimensional code by the code scanning device, and transmitting the recognized two-dimensional code data to a second application system.
The code scanning device hands the two-dimensional code data read by the code scanning device to the second application system to which the two-dimensional code data belongs.
S150, the second application system transmits the two-dimensional code data to the server decryption machine.
The second application system uniformly delivers the two-dimensional code data to a special server decryption machine deployed in the isolated network of the second application system.
S160, the server decryption machine decrypts the two-dimensional code data to obtain sensitive identity information and relevant service information.
The server decryption machine decrypts the two-dimensional code data to acquire sensitive identity information and other related service information.
The decryption service provided by the server decryption machine in the isolation network is online, one server decryption machine can support decryption requests of thousands of code scanning devices, only a network access relation is needed to be established between the second application system and the server decryption machine, and the code scanning device end does not need to be modified in software and hardware. From the perspective of the whole network, the server decryption machine is in an off-line working state, and the server decryption machine is disconnected from the code generation system when the server decryption machine runs the decryption function. There is strict network isolation facility between the first application system for code generation and the second application system for code scanning.
Even if there is tight network isolation, synchronization of the encryption and decryption keys must be guaranteed between the first application system and the second application system. The server encryption machine can generate a new encryption key periodically, adopts digital envelope protection, and delivers the new encryption key to the server decryption machine in a file form through a network gate, thereby realizing synchronous updating and replacing of the key.
Still further, the method further comprises: the server encryption machine configures a set number for the key file and distributes the set number to the server decryption machine; the server decryption machine keeps a key file with the set number, and when the server decryption machine receives the two-dimensional code, the set number is used for indicating the server decryption machine to select to use the corresponding key file; and when the server encryption machine determines that the switching time of the key file is reached according to the set number, switching to the key file corresponding to the set number. The setting number may include a switching date or a specific switching time. When the switching date or the specific switching time is reached, the server encryption machine switches the key file, one or more key files can be stored in the server decryption machine, when the server decryption machine receives the ciphertext, the key number in the ciphertext can be read firstly, then the key file with the same set number is determined according to the key number, and the key file is used for decryption. In principle, the server encryptor and the server decryptor need only store two sets of keys to be available, one set being the keys currently in use and one set being the keys to be enabled. In the practical process, the server encryption machine and the server decryption machine have enough space, and dozens of hundreds of groups of keys can be stored. Thus, multiple groups of keys can be selected for encryption and decryption.
Still further, the method further comprises: the server encryption machine sets the plaintext or plaintext transformation value of the set number in the sensitive identity information ciphertext; the server decryption machine reads the plaintext or plaintext transformation value of the set number according to the sensitive identity information ciphertext; and the server decryption machine determines a corresponding key file according to the plaintext or plaintext conversion value of the set number, and decrypts the sensitive identity information ciphertext according to the corresponding key file. Therefore, the set number can be carried in the sensitive identity information cipher text, and the synchronous switching of the cipher keys of the server encryption machine and the server decryption machine is realized.
Referring to fig. 1, in the implementation system for providing the common sensitive identity information cross-network application, the server encryption engine is configured to request the sensitive identity information from the identity repository system, encrypt the sensitive identity information, and transmit the encrypted sensitive identity information to the first application system; the first application system is used for generating a two-dimensional code according to the encrypted sensitive identity information; the user terminal is used for acquiring the two-dimension code from the Internet end and displaying the two-dimension code to the code scanning equipment; the code scanning device is used for scanning the two-dimensional code and transmitting the read two-dimensional code data to the second application system; the second application system is used for transmitting the two-dimensional code data to the server decryption machine; and the server decryption machine is used for decrypting the two-dimensional code data to acquire sensitive identity information and related service information.
Further, a network access relationship is established between the server decryption machine and the second application system, the isolation gateway is arranged between the internet end and the security isolation network end, and the internet end and the security isolation network end are respectively provided with a file switch.
Further, the server encryption machine is also used for periodically generating a key file and submitting the key file to the server decryption machine through the isolation gateway so as to realize synchronous updating and replacement of the key, wherein the key file is protected by a digital envelope.
Further, the server encryption machine is also used for configuring a set number for the key file and distributing the set number to the server decryption machine; the server decryption machine is also used for reserving the key file with the set number, and when the server decryption machine receives the two-dimensional code, the set number is used for indicating the server decryption machine to select to use the corresponding key file; and the server encryption machine is also used for switching to the key file corresponding to the set number when the switching time of the key file is determined to be reached according to the set number.
Further, the server encryption machine is used for setting the plaintext or plaintext transformation value with the set number in the sensitive identity information ciphertext; the server decryption machine is used for reading the plaintext or plaintext transformation value of the set number according to the sensitive identity information ciphertext; and the server decryption machine is used for determining a corresponding key file according to the plaintext or plaintext conversion value of the set number and decrypting the sensitive identity information ciphertext according to the corresponding key file.
The method and the system for realizing the cross-network application of the sensitive identity information can change the decryption sensitive identity information of the distributed code scanning equipment end into the unified decryption of the centralized server decryption machine; the customized encryption machine and the customized decryption machine are special for the special machine, so that the operation efficiency, the reliability and the safety are guaranteed. Specifically, the following advantages are provided:
1. compared with a mode of introducing a security chip at a code scanning device end, the scheme does not need to modify the original code scanning devices one by one, and can support all the code scanning devices in the network to realize the function of decrypting sensitive identity information by only adding one server decryption machine in an isolated network;
2. the server encryption machine and the server decryption machine are both developed in a customized manner, have a national code bureau model certificate and a police department inspection and detection report, belong to information security hardware-level products, and have high security and reliability;
3. the management and maintenance of the distributed hundreds of code scanning equipment terminals is changed into the management and maintenance of only one server placed at a fixed position, and the key synchronization and other operation and maintenance work are simple.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
In the examples provided herein, it is to be understood that the disclosed methods may be practiced otherwise than as specifically described without departing from the spirit and scope of the present application. The present embodiment is an exemplary example only, and should not be taken as limiting, and the specific disclosure should not be taken as limiting the purpose of the application. For example, some features may be omitted, or not performed.
The technical means disclosed in the present application is not limited to the technical means disclosed in the above embodiments, and includes technical means formed by any combination of the above technical features. It should be noted that, for those skilled in the art, without departing from the principle of the present application, several improvements and modifications can be made, and these improvements and modifications are also considered to be within the scope of the present application.
The method and system for implementing the cross-network application of the sensitive identity information provided by the embodiment of the application are introduced in detail, a specific example is applied in the text to explain the principle and the implementation mode of the application, and the description of the embodiment is only used for helping to understand the method and the core idea of the application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application. Although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.
Claims (10)
1. A method for realizing cross-network application of sensitive identity information is characterized in that the method is applied to a system for realizing cross-network application of sensitive identity information, the system for realizing cross-network application of sensitive identity information comprises an Internet end, a user terminal, an isolation network gate and a safety isolation network end, the Internet end comprises a first application system and a server encryption machine, the safety isolation network comprises a code scanning device, a second application system and a server decryption machine, and the method comprises the following steps:
the server encryption machine requests sensitive identity information from an identity library system, encrypts the sensitive identity information and transmits the encrypted sensitive identity information to the first application system;
the first application system generates a two-dimensional code according to the encrypted sensitive identity information;
the user terminal acquires the two-dimension code from the Internet terminal and displays the two-dimension code to the code scanning equipment;
the code scanning device scans the two-dimensional code and transmits the read two-dimensional code data to the second application system;
the second application system transmits the two-dimensional code data to the server decryption machine;
and the server decryption machine decrypts the two-dimensional code data to acquire sensitive identity information and related service information.
2. The method for implementing the cross-network application of the sensitive identity information according to claim 1,
the server decryption machine and the second application system establish a network access relationship, the isolation network gate is arranged between the internet end and the safety isolation network end, and the internet end and the safety isolation network end are respectively provided with a file switch.
3. The method for implementing the cross-network application of the sensitive identity information according to claim 2, wherein the method further comprises:
the server encryption machine generates a key file periodically and submits the key file to the server decryption machine through an isolation gateway so as to realize synchronous updating and replacement of the key, wherein the key file is protected by a digital envelope.
4. The method for implementing the cross-network application of the sensitive identity information according to claim 3, wherein the method further comprises:
the server encryption machine configures a set number for the key file and distributes the set number to the server decryption machine;
the server decryption machine keeps a key file with the set number, and when the server decryption machine receives the two-dimensional code, the set number is used for indicating the server decryption machine to select to use the corresponding key file; and when the server encryption machine determines that the switching time of the key file is reached according to the set number, switching to the key file corresponding to the set number.
5. The method for implementing the cross-network application of the sensitive identity information according to claim 4, wherein the method further comprises:
the server encryption machine sets the plaintext or plaintext transformation value of the set number in the sensitive identity information ciphertext;
the server decryption machine reads the plaintext or plaintext transformation value of the set number according to the sensitive identity information ciphertext;
and the server decryption machine determines a corresponding key file according to the plaintext or plaintext conversion value of the set number, and decrypts the sensitive identity information ciphertext according to the corresponding key file.
6. A system for realizing sensitive identity information cross-network application is characterized by comprising an Internet end, a user terminal, an isolation gateway and a security isolation network end, wherein the Internet end comprises a first application system and a server encryption machine, the security isolation network comprises a code scanning device, a second application system and a server decryption machine,
the server encryption machine is used for requesting sensitive identity information from an identity library system, encrypting the sensitive identity information and transmitting the encrypted sensitive identity information to the first application system;
the first application system is used for generating a two-dimensional code according to the encrypted sensitive identity information;
the user terminal is used for acquiring the two-dimension code from the Internet end and displaying the two-dimension code to the code scanning equipment;
the code scanning device is used for scanning the two-dimensional code and transmitting the read two-dimensional code data to the second application system;
the second application system is used for transmitting the two-dimensional code data to the server decryption machine;
and the server decryption machine is used for decrypting the two-dimensional code data to acquire sensitive identity information and related service information.
7. The system of claim 6,
the server decryption machine and the second application system establish a network access relationship, the isolation network gate is arranged between the internet end and the safety isolation network end, and the internet end and the safety isolation network end are respectively provided with a file switch.
8. The system of claim 7,
the server encryption machine is also used for periodically generating a key file and submitting the key file to the server decryption machine through the isolation gateway so as to realize synchronous updating and replacement of the key, wherein the key file is protected by a digital envelope.
9. The system of claim 8,
the server encryption machine is also used for configuring a set number for the key file and distributing the set number to the server decryption machine;
the server decryption machine is also used for reserving the key file with the set number, and when the server decryption machine receives the two-dimensional code, the set number is used for indicating the server decryption machine to select to use the corresponding key file;
and the server encryption machine is also used for switching to the key file corresponding to the set number when the switching time of the key file is determined to be reached according to the set number.
10. The system of claim 9, wherein the sensitive identity information is applied across a network,
the server encryption machine is used for setting the plaintext or plaintext transformation value with the set number in the sensitive identity information ciphertext;
the server decryption machine is used for reading the plaintext or plaintext transformation value of the set number according to the sensitive identity information ciphertext;
and the server decryption machine is used for determining a corresponding key file according to the plaintext or plaintext conversion value of the set number and decrypting the sensitive identity information ciphertext according to the corresponding key file.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210134074.9A CN114491641A (en) | 2022-02-14 | 2022-02-14 | Method and system for realizing cross-network application of sensitive identity information |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210134074.9A CN114491641A (en) | 2022-02-14 | 2022-02-14 | Method and system for realizing cross-network application of sensitive identity information |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114491641A true CN114491641A (en) | 2022-05-13 |
Family
ID=81481189
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210134074.9A Pending CN114491641A (en) | 2022-02-14 | 2022-02-14 | Method and system for realizing cross-network application of sensitive identity information |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114491641A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117596084A (en) * | 2024-01-19 | 2024-02-23 | 天津航天机电设备研究所 | Software continuous integration system and method for network information security |
-
2022
- 2022-02-14 CN CN202210134074.9A patent/CN114491641A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117596084A (en) * | 2024-01-19 | 2024-02-23 | 天津航天机电设备研究所 | Software continuous integration system and method for network information security |
CN117596084B (en) * | 2024-01-19 | 2024-04-16 | 天津航天机电设备研究所 | Software continuous integration system and method for network information security |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3293934B1 (en) | Cloud storage method and system | |
CN107659829B (en) | Video encryption method and system | |
CN110868301B (en) | Identity authentication system and method based on state cryptographic algorithm | |
EP2677682A1 (en) | Key management system | |
CN113872762B (en) | Quantum encryption communication system based on power distribution terminal equipment and use method thereof | |
CN103220295A (en) | Document encryption and decryption method, device and system | |
CN106161444B (en) | Secure storage method of data and user equipment | |
CN108809633B (en) | Identity authentication method, device and system | |
CN106411504B (en) | Data encryption system, method and device | |
CN110505053B (en) | Quantum key filling method, device and system | |
CN105207773A (en) | Method, system and device for management, synchronization and backup of data encryption key | |
CN112216038B (en) | Intelligent cabinet opening method, data processing method and device and intelligent cabinet application system | |
GB2429545A (en) | Securely storing and access data | |
CN105119891B (en) | A kind of data interactive method, set-top box and server | |
CN112202556B (en) | Security authentication method, device and system | |
CN115422570B (en) | Data processing method and system for distributed storage | |
CN112436936B (en) | Cloud storage method and system with quantum encryption function | |
CN103236934A (en) | Method for cloud storage security control | |
CN110708291A (en) | Data authorization access method, device, medium and electronic equipment in distributed network | |
WO2020082226A1 (en) | Method and system for transferring data in a blockchain system | |
CN111355702A (en) | Method and system for secure transmission of data sets, medical facility and program product | |
CN114491641A (en) | Method and system for realizing cross-network application of sensitive identity information | |
JP4995667B2 (en) | Information processing apparatus, server apparatus, information processing program, and method | |
JPH11143359A (en) | Enciphering device, decoding device, information sharing device, enciphering method, decoding method, information processing method, and recording medium | |
CN112398818B (en) | Software activation method and related device thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |