Method for ensuring data exchange safety

Abstract

The invention discloses a method for assuring data exchange and safe transmission, establishing connection between nodes through triple- handshaking mechanism between data exchange nodes, implementingID confirm of two exchange parties and negotiation of transmission secret key and establishing reliable connection for their data exchange; using global united transmission ID and random number to prevent malicious playback attack and confirming their IDs by exchanging random number and transmission secret key; using RBAC policy to make access control and implementing legality of application system access of a user; by comparing data abstract values carried in data exchange course, assuring data integrity; adopting global unique transmission secret key to make data exchange, avoiding overmanysecret key negotiation courses, implementing data exchange confidentiality and besides assuring data transmission efficiency.

Description

technical field [0001] The invention relates to a method for ensuring data exchange security, which is formulated aiming at a data exchange system in a data exchange platform. Background technique [0002] The e-government data exchange platform provides support for data exchange between different systems and different data sources. The data exchange system in the data exchange platform mainly completes the control of the specific data exchange process, which allows each legal user to share their The data packets to be transmitted are safely and reliably transmitted to the designated place to solve the problems of data uploading, downloading and comprehensive utilization. However, the following security issues exist in the process of completing data exchange by the data exchange system: [0003] 1. Identity impersonation: Illegal users steal the identities of legal users in the data exchange platform to send official documents, data or commands to other users or application...

AI Technical Summary

Problems solved by technology

[0003] 1. Identity impersonation: Illegal users steal the identity of legal users in the data exchange platform to send official documents, data or commands to other users or application systems, access resources that they have no right to access or steal information

[0004] 2. Data tampering problem: When the data exchange platform uses data messages for data exchange, attackers may tamper with the exchanged data by intercepting and modifying the messages

[0005] 3. Repudiation of responsibility: The information transmission of the data exchange platform needs to be confirmed by both parties, and the interaction is non-repudiable. However, in the actual transmission process, it often happens that a certain party denies sending a certain information

[0007] 1. Legitimacy authentication of the identities of both parties in communication: verify the legality of both parties in communication so that they can be sure that the data will be sent to the correct destination

[0008] 2. User access control to the target application system: that is, to determine which users have the right to access the target application system

In this system, the access control function between nodes is not realized, and it cannot effectively meet the security requirements of e-government affairs

[0012] Shenzhen Liming Network Co., Ltd. developed the iSwitch information switch with XML information exchange technology as the core in response to the specific needs of the Chinese government's electronic document exchange, and launched the iSwitch electronic document exchange center processing system. The iSwitch electronic document exchange center processing system is the entire electronic document exchange The central hub of the system, it realizes the reliable transmission and exchange of official document data through XML information exchange technology. In this system, the information exchange adopts GapLink physical isolator to ensure that the specified business data ( Including database data and files) for targeted replication and exchange. The system mainly relies on hardware to achieve security, and the cost and flexibility are poor.

Images