CN115277075A - Application data safe transmission method in self-service alarm system - Google Patents
Application data safe transmission method in self-service alarm system Download PDFInfo
- Publication number
- CN115277075A CN115277075A CN202210710195.3A CN202210710195A CN115277075A CN 115277075 A CN115277075 A CN 115277075A CN 202210710195 A CN202210710195 A CN 202210710195A CN 115277075 A CN115277075 A CN 115277075A
- Authority
- CN
- China
- Prior art keywords
- terminal
- data
- self
- alarm system
- service alarm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 20
- 230000005540 biological transmission Effects 0.000 title claims abstract description 17
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 18
- 238000001514 detection method Methods 0.000 claims abstract description 4
- 241000700605 Viruses Species 0.000 claims description 5
- 238000002955 isolation Methods 0.000 claims description 3
- 238000004804 winding Methods 0.000 claims description 2
- 238000012545 processing Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 210000000056 organ Anatomy 0.000 description 1
- 238000013515 script Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a safe transmission method of application data in a self-service alarm system, which comprises the steps of additionally arranging a dongle on a terminal of the self-service alarm system; when the terminal is started, executing a softdog detection logic, judging whether an authorized softdog exists, if so, executing a starting logic, and if not, failing to start; when a terminal user logs in, identity information is sent to a server side of the self-service alarm system, and a TOKEN with expiration time is distributed to the terminal after the identity information is verified by the server side; after the terminal obtains the TOKEN, the terminal obtains an asymmetric encrypted public key from the server by calling a specified interface and carrying the TOKEN; the terminal encrypts a secret key of a symmetric encryption algorithm by using a public key and uploads the encrypted secret key to the server; and when the data Y acquired by the terminal from the external equipment and the third-party equipment needs to be uploaded to the server, encrypting and uploading by adopting a symmetric encryption algorithm. The invention is used for ensuring that the self-service alarm system can be safely used and operated.
Description
Technical Field
The invention belongs to the technical field of data transmission, and particularly relates to a safe transmission method of application data in a self-service alarm system.
Background
Along with the rapid development of science and technology, in order to relieve the pressure of public security organs and police officers and simultaneously facilitate the alarm of people, a self-service alarm system for alarming is developed, wherein the self-service alarm system comprises a terminal and a server, the terminal is deployed in each place and a safety house, and the server is deployed in each place. And the alarm personnel initiates a case report at the terminal, transmits the data to the server for processing, and pushes down the data to the terminal after the processing at the server is finished so as to complete the receiving and handling of the case.
Since the terminals are deployed in each safety house and each dispatching place, and are submitted to self-service alarm operation by alarm personnel, the terminals can be easily utilized by lawbreakers, such as uploading virus files, acquiring uploaded sensitive data and the like, and therefore the application data of the self-service alarm system needs to be safely transmitted.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide a method for safely transmitting application data in a self-service alarm system, aiming at the defects in the prior art, so as to ensure that the self-service alarm system can be safely used and operated.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows: a safe transmission method of application data in a self-service alarm system comprises the steps that a softdog is additionally arranged on a terminal of the self-service alarm system;
when the terminal is started, executing a softdog detection logic, judging whether an authorized softdog exists, if so, executing a starting logic, and if not, failing to start;
when a terminal user logs in, identity information is sent to a server side of the self-service alarm system, and a TOKEN with expiration time is distributed to the terminal after the identity information is verified by the server side;
after the terminal obtains the TOKEN, the terminal obtains an asymmetric encrypted public key from the server by calling a specified interface and carrying the TOKEN;
the terminal encrypts a secret key of a symmetric encryption algorithm by using a public key and uploads the encrypted secret key to the server;
and when the data Y acquired by the terminal from the external equipment and the third-party equipment needs to be uploaded to the server, encrypting and uploading by adopting a symmetric encryption algorithm.
According to the application data safe transmission method in the self-service alarm system, the terminal is additionally provided with the hard disk, when the terminal obtains data Y from the external equipment and the third-party equipment, the data Y is firstly stored in the hard disk for isolation, then the data Y is scanned and sterilized, and after viruses are not found, the data Y is encrypted and uploaded by adopting a symmetric encryption algorithm.
According to the application data safe transmission method in the self-service alarm system, after the data Y is isolated into the hard disk, the format of each data in the data Y is scanned, and the data other than video, audio, pictures and texts are deleted.
According to the safe transmission method of the application data in the self-service alarm system, the application program of the terminal is compiled by code wrapping.
According to the application data safety transmission method in the self-service alarm system, the terminal and the service terminal are deployed in an intranet.
According to the application data safety transmission method in the self-service alarm system, when the USB interface of the terminal is inserted into the external equipment, whether the external equipment is registered external equipment or not is judged, if yes, the external equipment is connected, and if not, the external equipment is rejected.
Compared with the prior art, the invention has the following advantages: according to the invention, the terminal can be started only under the condition that the authorized dongle exists by setting the dongle, so that the encryption of subsequent data uploading is ensured; before data uploading, firstly, a token needs to be acquired; obtaining an asymmetric encryption algorithm key through a token; the key of the symmetric encryption algorithm is encrypted by using an asymmetric encryption algorithm and then sent to the server; the data needing to be uploaded is encrypted and uploaded to the server side through a symmetric encryption algorithm, so that tampering is effectively prevented.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
FIG. 1 is an architecture diagram of a self-service alarm system.
Fig. 2 is a flowchart of an application data secure transmission method.
Fig. 3 is an architecture diagram of a terminal.
Detailed Description
As shown in fig. 1 to 3, a method for securely transmitting application data in a self-service alarm system includes installing a dongle on a terminal of the self-service alarm system;
when the terminal is started, executing a softdog detection logic, judging whether an authorized softdog exists, if so, executing a starting logic, and if not, failing to start;
it should be noted that, the start logic needs to detect whether the dongle is an authorized dongle, and if not, the start fails, and the operation is exited; in practical application, the dongle registration needs to be authorized and activated by a city bureau and then delivered to each terminal arranged outside for use;
when a terminal user logs in, identity information is sent to a server side of the self-service alarm system, and a TOKEN with expiration time is distributed to the terminal after the identity information is verified by the server side;
it should be noted that setting the expiration time can prevent human tampering with TOKEN.
After the terminal obtains the TOKEN, the terminal obtains an asymmetric encrypted public key from the server by calling a specified interface and carrying the TOKEN;
the terminal encrypts a secret key of a symmetric encryption algorithm by using a public key and uploads the encrypted secret key to the server;
it should be noted that, the practical public key encrypts the secret key of the symmetric encryption algorithm, so that the secret key of the symmetric encryption algorithm can be prevented from being acquired by other people;
and when the data Y acquired by the terminal from the external equipment and the third-party equipment needs to be uploaded to the server, encrypting and uploading by adopting a symmetric encryption algorithm. The server can decrypt the content of the data Y through the secret key of the symmetric encryption algorithm.
In this embodiment, the terminal is further provided with a hard disk, when the terminal obtains data Y from the external device and the third-party device, the data Y is first stored in the hard disk for isolation, then the data Y is scanned for antivirus, and after viruses are not found, the data Y is encrypted and uploaded by using a symmetric encryption algorithm.
It should be noted that the application program of the terminal adopts code-wrapping compilation. And setting the application program of the terminal in the application disk. Through installing the hard disk additional, to each interface device and the data that communication equipment need temporarily keep in, store to installing the hard disk additional, ensure that application and data can be kept apart in physics. And code-winding compiling is adopted for compiling the application program, so that the leakage of source code information can be effectively prevented, an interface is exposed, and sensitive information is acquired.
In this embodiment, after the data Y is isolated in the hard disk, the format of each data in the data Y is scanned, and the data other than video, audio, picture, and text is deleted.
This is mainly to delete batch processing, scripts, applications, execution files, and the like, and to prevent virus entry.
In this embodiment, the terminal and the service end are deployed in an intranet. And communicating the deployed terminal with the server, and connecting the deployed terminal with the server through the VPN and a private line. Strict security management and control policies need to be set for configuring the VPN, and specified machines and devices (IP and MAC addresses) are limited to be able to access the intranet.
In this embodiment, when the USB interface of the terminal is plugged into the external device, it is determined whether the external device is a registered external device, if so, the external device is connected, and if not, the external device is rejected.
In practical application, only necessary USB interfaces are reserved, and unnecessary USB interfaces are removed through physical means; for the accessed USB equipment, registration is required to be performed in advance, and the USB equipment can be accessed into the terminal.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and all simple modifications, changes and equivalent structural changes made to the above embodiment according to the technical spirit of the present invention still fall within the protection scope of the technical solution of the present invention.
Claims (6)
1. A safe transmission method of application data in a self-service alarm system is characterized in that: the method comprises the steps that a softdog is additionally arranged on a terminal of a self-service alarm system;
when the terminal is started, executing a softdog detection logic, judging whether an authorized softdog exists, if so, executing a starting logic, and if not, failing to start;
when a terminal user logs in, identity information is sent to a server side of the self-service alarm system, and a TOKEN with expiration time is distributed to the terminal after the identity information is verified by the server side;
after the terminal obtains the TOKEN, the terminal obtains an asymmetric encrypted public key from the server by calling a specified interface and carrying the TOKEN;
the terminal encrypts a secret key of a symmetric encryption algorithm by using a public key and uploads the encrypted secret key to the server;
and when the data Y acquired by the terminal from the external equipment and the third-party equipment needs to be uploaded to the server, encrypting and uploading by adopting a symmetric encryption algorithm.
2. The safe transmission method of the application data in the self-service alarm system according to claim 1, characterized in that: the terminal is further additionally provided with a hard disk, when the terminal obtains data Y from the external equipment and the third-party equipment, the data Y is firstly stored in the hard disk for isolation, then the data Y is scanned and sterilized, and after viruses are not found, the data Y is encrypted and uploaded by adopting a symmetric encryption algorithm.
3. The safe transmission method of the application data in the self-service alarm system according to claim 2, characterized in that: and after the data Y is isolated into the hard disk, scanning the format of each data in the data Y, and deleting the data of non-video, audio, pictures and texts.
4. The safe transmission method of the application data in the self-service alarm system according to claim 1, characterized in that: and the application program of the terminal adopts code-winding compiling.
5. The method for safely transmitting the application data in the self-service alarm system according to claim 1, characterized in that: the terminal and the service end are deployed in an intranet.
6. The safe transmission method of the application data in the self-service alarm system according to claim 1, characterized in that: when the USB interface of the terminal is inserted into the external equipment, judging whether the external equipment is registered external equipment, if so, connecting the external equipment, and if not, rejecting the external equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210710195.3A CN115277075A (en) | 2022-06-22 | 2022-06-22 | Application data safe transmission method in self-service alarm system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210710195.3A CN115277075A (en) | 2022-06-22 | 2022-06-22 | Application data safe transmission method in self-service alarm system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115277075A true CN115277075A (en) | 2022-11-01 |
Family
ID=83761608
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210710195.3A Pending CN115277075A (en) | 2022-06-22 | 2022-06-22 | Application data safe transmission method in self-service alarm system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115277075A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101964793A (en) * | 2010-10-08 | 2011-02-02 | 上海银联电子支付服务有限公司 | Method and system for transmitting data between terminal and server and sign-in and payment method |
| CN101996293A (en) * | 2010-12-13 | 2011-03-30 | 深圳市江波龙电子有限公司 | Software authentication method based on softdog |
| CN104484629A (en) * | 2014-12-03 | 2015-04-01 | 合肥联宝信息技术有限公司 | Computer starting method and device |
| US20150186657A1 (en) * | 2013-08-05 | 2015-07-02 | Samsung Sds Co., Ltd. | System and method for encryption and key management in cloud storage |
| CN106375306A (en) * | 2016-08-31 | 2017-02-01 | 武汉钢铁工程技术集团通信有限责任公司 | Mobile phone application data transmission encrypting method and system |
| CN109150910A (en) * | 2018-10-11 | 2019-01-04 | 平安科技(深圳)有限公司 | Log in token generation and verification method, device and storage medium |
| CN113067828A (en) * | 2021-03-25 | 2021-07-02 | 中国建设银行股份有限公司 | Message processing method and device, server, computer equipment and storage medium |
| CN114172719A (en) * | 2021-12-03 | 2022-03-11 | 杭州安恒信息技术股份有限公司 | Encryption and decryption method, device, equipment and computer readable storage medium |
-
2022
- 2022-06-22 CN CN202210710195.3A patent/CN115277075A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101964793A (en) * | 2010-10-08 | 2011-02-02 | 上海银联电子支付服务有限公司 | Method and system for transmitting data between terminal and server and sign-in and payment method |
| CN101996293A (en) * | 2010-12-13 | 2011-03-30 | 深圳市江波龙电子有限公司 | Software authentication method based on softdog |
| US20150186657A1 (en) * | 2013-08-05 | 2015-07-02 | Samsung Sds Co., Ltd. | System and method for encryption and key management in cloud storage |
| CN104484629A (en) * | 2014-12-03 | 2015-04-01 | 合肥联宝信息技术有限公司 | Computer starting method and device |
| CN106375306A (en) * | 2016-08-31 | 2017-02-01 | 武汉钢铁工程技术集团通信有限责任公司 | Mobile phone application data transmission encrypting method and system |
| CN109150910A (en) * | 2018-10-11 | 2019-01-04 | 平安科技(深圳)有限公司 | Log in token generation and verification method, device and storage medium |
| CN113067828A (en) * | 2021-03-25 | 2021-07-02 | 中国建设银行股份有限公司 | Message processing method and device, server, computer equipment and storage medium |
| CN114172719A (en) * | 2021-12-03 | 2022-03-11 | 杭州安恒信息技术股份有限公司 | Encryption and decryption method, device, equipment and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102328725B1 (en) | Method of using one device to unlock another device | |
| KR102307665B1 (en) | identity authentication | |
| CN101958892B (en) | Electronic data protection method, device and system based on face recognition | |
| US20150180662A1 (en) | Software key updating method and device | |
| CN109618344B (en) | Safe connection method and device of wireless monitoring equipment | |
| CN104364793A (en) | Security mode for mobile communications devices | |
| CN112272089B (en) | Cloud host login method, device, equipment and computer readable storage medium | |
| US8990887B2 (en) | Secure mechanisms to enable mobile device communication with a security panel | |
| CN104270347B (en) | The methods, devices and systems of security control | |
| JP2007335962A (en) | Data protection method of sensor node, calculator system for distributing sensor node, and sensor node | |
| CN113794563B (en) | Communication network security control method and system | |
| CN105812338B (en) | Data access control method and network management equipment | |
| US10318715B2 (en) | Information processing device, information processing method, program, and server | |
| CN115277075A (en) | Application data safe transmission method in self-service alarm system | |
| CN111507712A (en) | User privacy data management method, system and terminal based on block chain | |
| CN110445804A (en) | A kind of safe handling protection system about outgoing document | |
| WO2018121394A1 (en) | Mobile terminal, alarm information acquisition and sending method and device | |
| CN112738643B (en) | System and method for realizing safe transmission of monitoring video by using dynamic key | |
| WO2020253662A1 (en) | Decryption method, apparatus, and system, medium, and device | |
| AU2018202766A1 (en) | A Process and Detachable Device for Using and Managing Encryption Keys | |
| CN113704061A (en) | Secret-related computer protection system | |
| JPH11289328A (en) | Recognition management device | |
| CN115146284A (en) | Data processing method and device, electronic equipment and storage medium | |
| KR101955449B1 (en) | Method and system for protecting personal information infingement using division of authentication process and biometrics authentication | |
| TWI554908B (en) | Data Encryption System |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20221101 |