Encryption method, system, device and medium for multi-subsystem data interaction

By using asymmetric encryption algorithms for session key distribution and authentication, combined with symmetric encryption algorithms for data transmission, and employing an adaptive key rotation mechanism, the system addresses the security, performance, and availability issues in multi-subsystem data interaction, achieving low-latency, high-efficiency data transmission and seamless key updates.

CN121509037BActive Publication Date: 2026-07-07ORIENTAL WISDOM (BEIJING) EDUCATION & TECH CO LT

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
ORIENTAL WISDOM (BEIJING) EDUCATION & TECH CO LT
Filing Date
2025-12-01
Publication Date
2026-07-07

AI Technical Summary

Technical Problem

Existing encryption technologies struggle to simultaneously ensure security, performance, and availability in multi-subsystem data interaction, especially in key management and data transmission where there are risks of delays and interruptions.

Method used

Asymmetric encryption algorithms are used for session key encryption and authentication, combined with symmetric encryption algorithms for data transmission, and digital signatures and integrity verification are performed through hash digests. An adaptive key rotation mechanism is also employed to dynamically trigger key updates to meet security level requirements.

Benefits of technology

It achieves low-latency, high-throughput data transmission in high-concurrency scenarios, ensuring the confidentiality and integrity of data transmission, avoiding the shortcomings of a single encryption method, and ensuring system stability and business continuity.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN121509037B_ABST
    Figure CN121509037B_ABST
Patent Text Reader

Abstract

The present specification discloses an encryption method, system, device and medium for multi-subsystem data interaction, which encrypts the session key through an asymmetric encryption algorithm, and encrypts the interaction data to be transmitted between two subsystems according to different security levels through a symmetric encryption algorithm; in the process of subsystem data interaction, the life cycle of each current session key is monitored, when the key switching condition is triggered, the existing connection is maintained with the current session key, a candidate session key is generated, and after the current session connection is ended, the candidate session key is switched to, when the update times of the candidate session key reach a preset threshold, the next round of session key is distributed to the subsystem. The method can not only ensure the security of key distribution and the confidentiality of data transmission, but also maintain low delay and high throughput in a high concurrency scenario, and does not need to interrupt the service in the key update process, so that the system runs stably and reliably, and the resource allocation is reasonable and efficient.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of network security technology, and more specifically, to an encryption method, system, device, and medium for data interaction among multiple subsystems. Background Technology

[0002] With the rapid development of internet technology and distributed system architecture, modern information systems are no longer monolithic entities, but rather comprised of multiple functional subsystems working collaboratively. For example, in healthcare information systems, there are subsystems for medical record management, medication management, image transmission, and remote consultation. These subsystems frequently interact with each other through standardized interfaces or custom protocols to complete complex business logic. The data exchanged between subsystems often contains sensitive information, such as user identity information, transaction records, and medical privacy data. If effective encryption and authentication mechanisms are lacking during these interactions, data leaks, illegal tampering, or identity forgery can easily occur, leading to serious economic losses and social impact.

[0003] Currently available common encryption technologies include symmetric and asymmetric encryption schemes. Symmetric encryption algorithms have the advantages of fast encryption and decryption speeds and low computational overhead, but their weakness lies in key distribution and management. Once the key is leaked or stolen, all communication content will be completely exposed. Asymmetric encryption algorithms are typically used for authentication and key exchange. Their advantage is high security, but due to the computational complexity of the encryption and decryption process, they can cause severe delays, especially in large-scale data transmission, making them unsuitable for high-performance system interactions. To improve security, systems periodically update encryption keys. Changing keys often requires stopping some services, restarting connections, or manual intervention, leading to system interruptions or a degraded user experience.

[0004] In summary, there is an urgent need for a new encryption processing method and device that can simultaneously ensure security, performance, and usability. Summary of the Invention

[0005] This specification provides an encryption method, system, device, and medium for data interaction in a multi-subsystem architecture, to overcome at least one technical problem existing in related technologies.

[0006] According to a first aspect of the embodiments of this specification, an encryption method for data interaction in a multi-subsystem system is provided, comprising:

[0007] Receives a communication request instruction between the first subsystem and the second subsystem, generates a current session key for the current communication request, encrypts the current session key using an asymmetric encryption algorithm and sends it to the first subsystem and the second subsystem respectively, and performs identity authentication on the first subsystem and the second subsystem;

[0008] After the first and second subsystems receive the current session key and complete the authentication of both parties by decrypting it according to the asymmetric encryption algorithm, they use the symmetric encryption algorithm to encrypt, transmit, and decrypt the interactive data to be transmitted between the two subsystems.

[0009] During the transmission of encrypted interactive business data by the subsystems involved in the communication, a symmetric encryption algorithm is used to digitally sign the hash digest of the interactive data and calculate the hash value for integrity verification, thereby realizing encrypted data interaction between the subsystems.

[0010] During the data interaction process of the subsystems, the lifecycle of each current session key is monitored. If the monitoring data of the current session key meets the switching trigger condition, the existing connection is maintained with the current session key. A candidate session key is calculated and generated based on the current session key. After the current session connection ends, the data interaction is switched to the candidate session key. When the number of updates of the candidate session key reaches a preset threshold, the next round of session keys is distributed to the corresponding subsystems participating in the communication.

[0011] Optionally, the steps of receiving the communication request instruction between the first subsystem and the second subsystem, generating the current session key for the current communication request, encrypting the current session key using an asymmetric encryption algorithm and sending it to the first subsystem and the second subsystem respectively, and authenticating the first subsystem and the second subsystem, include:

[0012] Receive the communication request instruction between the first subsystem and the second subsystem, generate the current session key K for the current communication request, encrypt the current session key using the public key of the asymmetric encryption algorithm RSA, and send it to the first subsystem and the second subsystem respectively;

[0013] K is obtained by decrypting using the private keys of the first and second subsystems respectively.

[0014]

[0015]

[0016] Where E represents the encryption function, D represents the decryption function, PK is the public key, SK is the private key, A is the first subsystem, and B is the second subsystem;

[0017] The first and second subsystems are authenticated using public and private keys.

[0018] Optionally, the step of encrypting, transmitting, and decrypting the interactive data to be transmitted between the two subsystems using a symmetric encryption algorithm after the first and second subsystems receive the current session key and complete the authentication of both parties using an asymmetric encryption algorithm includes:

[0019] After the first and second subsystems receive the current session key and complete the authentication of both parties by decrypting it using an asymmetric encryption algorithm, they match the corresponding security level encryption algorithm according to the type of interactive data to be transmitted between the two subsystems. The types of interactive data include log data, financial data, and privacy data. Specifically, log data corresponds to the first security level encryption algorithm, which uses AES-128; financial data corresponds to the second security level encryption algorithm, which uses AES-256; and privacy data corresponds to the third security level encryption algorithm, which uses AES-256.

[0020] The interactive data is encrypted, transmitted, and decrypted using an encryption algorithm corresponding to the security level of the interactive data to be transmitted.

[0021] If the type of the interactive data to be transmitted matches the third security level, after encrypting the data with AES-256, an asymmetric encryption algorithm is used to digitally sign the hash digest of the interactive data.

[0022] Optionally, the step of monitoring the lifecycle of each current session key during subsystem data interaction, maintaining the existing connection with the current session key if the monitoring data of the current session key meets the switching trigger condition, calculating and generating a candidate session key based on the current session key, switching to the candidate session key for data interaction after the current session connection ends, and distributing the next round of session keys to the corresponding subsystems participating in the communication when the number of updates to the candidate session key reaches a preset threshold includes:

[0023] During data interaction within the subsystem, each session key Maximum lifespan is set. Maximum allowed amount of encrypted data Safety threshold The lifecycle of each current session key is monitored, and the monitoring data includes the duration of use of that session key. Total amount of encrypted interactive data and the security level required for current interactive business data. ;

[0024] Based on the session key Duration of use Total amount of encrypted interactive data Maximum lifespan Maximum allowed amount of encrypted data The key life value is calculated according to a preset formula. If the session key... safety threshold The security level is lower than that required for the current interactive business data. Or, the session key If the key life value exceeds a preset threshold, a session key switch will be triggered.

[0025] After the session key switch is triggered but before the actual switch, the current session key will be used. Maintain the existing connection based on the current session key. Calculate and generate candidate session keys Among them, candidate session keys The security threshold is not less than the security level required for the current interactive business data. ;

[0026] When performing a session key switch, new connections or data packets after the preset switch point will use the candidate session key. For connections established before the handover point, the current session key will continue to be used. Until the connection terminates normally and the session key switch is completed;

[0027] Once the number of updates to the candidate session key reaches a preset threshold, the next round of session keys is distributed to the corresponding subsystems participating in the communication through asymmetric encryption.

[0028] Optionally, the method based on the session key Duration of use Total amount of encrypted interactive data Maximum lifespan Maximum allowed amount of encrypted data The steps for calculating the key lifetime according to the preset formula include:

[0029] Calculate the key life value using the following formula. ,

[0030]

[0031] in, For risk coefficient, To reduce the decryption failure rate, , These are preset weighting coefficients, with values ​​between 0 and 1. For the duration already used, The total amount of encrypted interactive data, For the maximum life cycle, This is the maximum amount of encrypted data allowed.

[0032] Optionally, the step of using the current session key after the session key switch is triggered but before the actual switch is completed is described. Maintain the existing connection based on the current session key. Calculate and generate candidate session keys The steps include:

[0033] Using a pre-defined one-way hash function,

[0034]

[0035] Based on the current key Calculate candidate session keys .

[0036] Optionally, when performing session key switching, the candidate session key is used for newly established connections or data packets after a preset switching point. For connections established before the handover point, the current session key will continue to be used. Until the connection terminates normally, the session key switching step is completed. The switching process in the time series is as follows:

[0037] When switching session keys, a candidate session key is generated at time t0. New connections or data packets established after the preset handover point at time t1 will be switched to the new candidate session key. At time t2, all connections are switched to the new key. .

[0038] According to a second aspect of the embodiments of this specification, an encryption system for multi-subsystem data interaction is provided, including a key generation module, a data transmission module, a data verification module, and a key update module, wherein...

[0039] The key generation module is configured to receive a communication request instruction between the first subsystem and the second subsystem, generate a current session key for the current communication request, encrypt the current session key using an asymmetric encryption algorithm and send it to the first subsystem and the second subsystem respectively, and authenticate the identity of the first subsystem and the second subsystem.

[0040] The data transmission module is configured to, after the first subsystem and the second subsystem receive the current session key and complete the authentication of both parties by decrypting it according to the asymmetric encryption algorithm, encrypt, transmit, and decrypt the interactive data to be transmitted between the two subsystems using a symmetric encryption algorithm.

[0041] The data verification module is configured to digitally sign the hash digest of the interactive data using a symmetric encryption algorithm and calculate the hash value for integrity verification during the transmission of encrypted interactive business data by the subsystems participating in the communication, thereby realizing encrypted data interaction between the subsystems.

[0042] The key update module is configured to monitor the lifecycle of each current session key during subsystem data interaction. If the monitoring data of the current session key meets the switching trigger condition, the existing connection is maintained with the current session key. A candidate session key is calculated and generated based on the current session key. After the current session connection ends, the data interaction is switched to the candidate session key. When the number of updates of the candidate session key reaches a preset threshold, the next round of session keys is distributed to the corresponding subsystems participating in the communication.

[0043] According to a third aspect of the embodiments of this specification, a computing device is provided, including a storage device and a processor, the storage device being used to store a computer program, and the processor running the computer program to cause the computing device to perform the steps of the encryption method for multi-subsystem data interaction.

[0044] According to a fourth aspect of the embodiments of this specification, a storage medium is provided that stores a computer program used in the computing device, which, when executed by a processor, implements the steps of the encryption method for multi-subsystem data interaction.

[0045] The beneficial effects of the embodiments in this specification are as follows:

[0046] This specification provides an encryption method, system, device, and medium for data interaction across multiple subsystems. The method encrypts the session key using an asymmetric encryption algorithm, ensuring secure key distribution. It also improves data confidentiality by encrypting the interactive data between two subsystems at different security levels using a symmetric encryption algorithm. Integrity verification enhances data transmission reliability. The combination of symmetric and asymmetric encryption algorithms optimizes the allocation of encryption resources, maintaining low latency and high throughput in high-concurrency scenarios, thus optimizing performance. Key updates are dynamically triggered, with trigger conditions linked to data security levels, further improving resource utilization efficiency. This allows for focused protection of critical data, and the key update process does not interrupt service, enhancing stability.

[0047] The innovative aspects of the embodiments in this specification include:

[0048] 1. In this specification, a hybrid encryption method is adopted in the data interaction between subsystems. Asymmetric encryption algorithm is used for session key distribution and identity authentication to ensure the security of key transmission and the trustworthiness of both parties. Symmetric encryption algorithm is used to encrypt large-scale data streams to ensure transmission efficiency and low latency. This avoids the defects of a single encryption method and achieves dual protection of security and efficiency, which is one of the innovations of the embodiments in this specification.

[0049] 2. This specification proposes an adaptive key rotation mechanism during system operation, simultaneously maintaining the "current key" and "candidate keys." Based on preset conditions such as usage duration and security strength, key updates are dynamically triggered, with a risk factor... The settings enable key updates to be "attack-aware." When the environment is insecure, the key lifecycle is automatically shortened, significantly improving dynamic defense capabilities. Key switching is completed during natural session transitions, achieving seamless updates, ensuring long-term operational security, avoiding manual intervention, and not affecting the continuity of subsystem services. This is one of the innovative features of the embodiments in this specification.

[0050] 3. In this specification, different levels of data encryption are performed according to the security level of the transmitted data, which can give priority protection to sensitive information and reasonably allocate encryption resources. This is one of the innovative points of the embodiments of this specification.

[0051] 4. In this specification, the generation and updating of keys take into account both performance improvement and security. When the subsystems establish a connection for the first time, they use RSA to exchange root keys. Subsequent key updates are performed using local calculations to achieve millisecond-level switching, eliminating network latency and RSA computation overhead. Due to the characteristics of the hash one-way function, even if the current key is stolen, it is impossible to deduce the previous historical key, thus protecting the security of historical data. Then, after the number of candidate session key updates reaches a preset threshold, a full RSA handshake is performed again to prevent the risk of hash collisions. This is one of the innovative points of the embodiments in this specification. Attached Figure Description

[0052] To more clearly illustrate the technical solutions in the embodiments or related technologies of this specification, the drawings used in the description of the embodiments or related technologies will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0053] Figure 1 This is a flowchart illustrating an encryption method for multi-subsystem data interaction provided in one embodiment of this specification.

[0054] Figure 2 A schematic diagram of the structure of an encryption system for multi-subsystem data interaction provided in one embodiment of this specification;

[0055] Figure 3 This is a schematic diagram of the structure of a computing device provided in one embodiment of this specification;

[0056] Figure 4 This is a schematic diagram of the structure of a storage medium provided in one embodiment of this specification. Detailed Implementation

[0057] The technical solutions in the embodiments of this specification will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0058] It should be noted that the terms "comprising" and "having," and any variations thereof, in the embodiments and drawings of this specification are intended to cover non-exclusive inclusion. For example, a process, method, system, product, or device that includes a series of steps or units is not limited to the steps or units listed, but may optionally include steps or units not listed, or may optionally include other steps or units inherent to these processes, methods, products, or devices.

[0059] This specification discloses an encryption method, system, device, and medium for data interaction in a multi-subsystem environment, which will be described in detail below.

[0060] Figure 1 This is a flowchart illustrating an encryption method for multi-subsystem data interaction, provided as an embodiment of this specification. Figure 1 As shown, an encryption method for data interaction in a multi-subsystem system includes:

[0061] S110. Receive the communication request instruction between the first subsystem and the second subsystem, generate the current session key for the current communication request, encrypt the current session key using an asymmetric encryption algorithm and send it to the first subsystem and the second subsystem respectively, and authenticate the identities of the first subsystem and the second subsystem.

[0062] In specific implementation, the steps of S110—receiving a communication request instruction between the first subsystem and the second subsystem, generating a current session key for the current communication request, encrypting the current session key using an asymmetric encryption algorithm and sending it to the first subsystem and the second subsystem respectively, and authenticating the identities of the first subsystem and the second subsystem—include:

[0063] S112. Receive the communication request instruction between the first subsystem and the second subsystem, generate the current session key K for the current communication request, encrypt the current session key using the public key of the asymmetric encryption algorithm RSA, and send it to the first subsystem and the second subsystem respectively.

[0064] S114. Decrypt K using the private keys of the first subsystem and the second subsystem respectively.

[0065]

[0066]

[0067] Where E represents the encryption function, D represents the decryption function, PK is the public key, SK is the private key, A is the first subsystem, and B is the second subsystem;

[0068] The first and second subsystems are authenticated using public and private keys.

[0069] S120. After the first subsystem and the second subsystem receive the current session key and complete the authentication of both parties by decrypting it according to the asymmetric encryption algorithm, they encrypt, transmit, and decrypt the interactive data to be transmitted between the two subsystems using the symmetric encryption algorithm.

[0070] In specific implementation, S120, the steps of encrypting, transmitting, and decrypting the interactive data to be transmitted between the two subsystems using a symmetric encryption algorithm after the first and second subsystems receive the current session key and complete the authentication of both parties using an asymmetric encryption algorithm, include:

[0071] S122. After the first and second subsystems receive the current session key and complete the authentication of both parties by decrypting it according to the asymmetric encryption algorithm, they match the corresponding security level encryption algorithm according to the type of interactive data to be transmitted between the two subsystems. The types of interactive data include log data, financial data, and privacy data. Log data corresponds to the encryption algorithm of the first security level, which uses AES-128; financial data corresponds to the encryption algorithm of the second security level, which uses AES-256; and privacy data corresponds to the encryption algorithm of the third security level, which uses AES-256.

[0072] S124. Encrypt, transmit, and decrypt the interactive data using an encryption algorithm corresponding to the security level of the interactive data to be transmitted.

[0073] S126. If the type of the interactive data to be transmitted matches the third security level, after encrypting the data with AES-256, use an asymmetric encryption algorithm to digitally sign the hash digest of the interactive data.

[0074] A tiered encryption strategy is adopted, with different encryption methods used for different types of data according to their sensitivity levels, ensuring a balance between security and performance, while also allocating encryption resources reasonably based on the sensitivity of the data.

[0075] S130. During the transmission of encrypted interactive business data by the subsystems participating in the communication, the hash digest of the interactive data is digitally signed by a symmetric encryption algorithm, and the hash value is calculated for integrity verification, thereby realizing encrypted data interaction between the subsystems.

[0076] Generate a digest using SHA-256: Where M is plaintext, signed using the sender's private key:

[0077] The recipient uses the public key to verify the signature and recalculates the hash comparison.

[0078] S140. During the data interaction process of the subsystem, the life cycle of each current session key is monitored. If the monitoring data of the current session key meets the switching trigger condition, the existing connection is maintained with the current session key. A candidate session key is calculated and generated based on the current session key. After the current session connection ends, the data interaction is switched to the candidate session key. When the number of updates of the candidate session key reaches the preset threshold, the next round of session keys is distributed to the corresponding subsystems participating in the communication.

[0079] In specific implementation, S140, during the subsystem data interaction process, involves monitoring the lifecycle of each current session key. If the monitoring data of the current session key meets the switching trigger condition, the existing connection is maintained using the current session key. A candidate session key is calculated and generated based on the current session key. After the current session connection ends, data interaction is switched to the candidate session key. When the number of updates to the candidate session key reaches a preset threshold, the next round of session keys is distributed to the corresponding subsystems participating in the communication. This step includes:

[0080] S142. During the data interaction process of the subsystem, each session key Maximum lifespan is set. Maximum allowed amount of encrypted data Safety threshold The lifecycle of each current session key is monitored, and the monitoring data includes the duration of use of that session key. Total amount of encrypted interactive data and the security level required for current interactive business data. .

[0081] S144, Based on the session key Duration of use Total amount of encrypted interactive data Maximum lifespan Maximum allowed amount of encrypted data The key life value is calculated according to a preset formula. If the session key... safety threshold The security level is lower than that required for the current interactive business data. Or, the session key If the key life value exceeds the preset threshold, a session key switch will be triggered.

[0082] The above is based on the session key Duration of use Total amount of encrypted interactive data Maximum lifespan Maximum allowed amount of encrypted data The steps for calculating the key lifetime according to the preset formula include:

[0083] Calculate the key life value using the following formula. ,

[0084]

[0085] in, For risk coefficient, To reduce the decryption failure rate, , These are preset weighting coefficients, with values ​​between 0 and 1. For the duration already used, The total amount of encrypted interactive data, For the maximum life cycle, This is the maximum amount of encrypted data allowed.

[0086] Risk coefficient When the system detects a sudden increase in the number of decryption failures within a short period of time, which may indicate a replay attack or data forgery attack, it automatically increases the weight of "total amount of encrypted data" or "duration" in the life value calculation, accelerating key aging. This makes the system not only passively rotate keys according to a plan, but also has the ability to "detect attacks". When the environment is insecure, the key life cycle is automatically shortened, significantly improving dynamic defense capabilities.

[0087] S146. After the session key switch is triggered but before the actual switch, the current session key is used. Maintain the existing connection based on the current session key. Calculate and generate candidate session keys Among them, candidate session keys The security threshold is not less than the security level required for the current interactive business data. .

[0088] The aforementioned process, after the session key switch is triggered but before the actual switch, uses the current session key. Maintain the existing connection based on the current session key. Calculate and generate candidate session keys The steps include:

[0089] Using a pre-defined one-way hash function,

[0090]

[0091] Based on the current key Calculate candidate session keys .

[0092] S148. When performing a session key switch, the candidate session key is used for new connections or data packets after the preset switch point. For connections established before the handover point, the current session key will continue to be used. The session key switching continues until the connection terminates normally. Once the number of updates to the candidate session key reaches a preset threshold, the next round of session keys is distributed to the corresponding subsystems participating in the communication through asymmetric encryption.

[0093] When a connection is initially established between subsystems, a "root key seed" is exchanged using RSA. When a switching condition is triggered, no further network transmission or RSA encryption / decryption is required. A candidate session key is calculated based on the current session key using a preset one-way hash function. After generating the candidate session key, the current session key is completely erased from memory. After the number of candidate session key updates reaches a preset threshold, such as 100 times, a full RSA handshake is performed again to prevent hash collisions. Key switching becomes a local computation, eliminating network latency and RSA computation overhead, achieving millisecond-level switching. Furthermore, forward security is improved; even if a hacker steals the current key, the one-way function prevents the derivation of all previous historical keys, protecting the security of historical data.

[0094] The time-series switching process for session key switching is as follows:

[0095] When switching session keys, a candidate session key is generated at time t0. New connections or data packets established after the preset handover point at time t1 will be switched to the new candidate session key. At time t2, all connections are switched to the new key. .

[0096] The first and second subsystems maintain the current session key and candidate session keys simultaneously in local memory.

[0097] In the embodiments described in this specification, key updates can be performed without interrupting the normal operation of the system, achieving a seamless update process. The old key continues to maintain the existing connection, while the new key is used to establish new sessions. When the old connection naturally terminates, the old key becomes invalid. This approach is suitable for various application scenarios, balancing security and system performance. For example, in financial systems, it prevents transaction interruptions due to key changes between the payment and clearing subsystems; in medical systems, it ensures uninterrupted transmission of patient privacy between the medical record management and image transmission subsystems.

[0098] Figure 2 This is a schematic diagram illustrating the structure of an encryption system for multi-subsystem data interaction, provided as an embodiment of this specification. Figure 2 As shown, an encryption system 200 for multi-subsystem data interaction includes a key generation module 210, a data transmission module 220, a data verification module 230, and a key update module 240, wherein...

[0099] The key generation module 210 is configured to receive a communication request instruction between the first subsystem and the second subsystem, generate a current session key for the current communication request, encrypt the current session key using an asymmetric encryption algorithm and send it to the first subsystem and the second subsystem respectively, and perform identity authentication on the first subsystem and the second subsystem.

[0100] The data transmission module 220 is configured to, after the first subsystem and the second subsystem receive the current session key and complete the authentication of both parties by decrypting it according to the asymmetric encryption algorithm, encrypt, transmit and decrypt the interactive data to be transmitted between the two subsystems using the symmetric encryption algorithm.

[0101] The data verification module 230 is configured to digitally sign the hash digest of the interactive data using a symmetric encryption algorithm and calculate the hash value for integrity verification during the transmission of encrypted interactive business data between participating subsystems, thereby realizing encrypted data interaction between subsystems.

[0102] The key update module 240 is configured to monitor the lifecycle of each current session key during subsystem data interaction. If the monitoring data of the current session key meets the switching trigger condition, the existing connection is maintained with the current session key. A candidate session key is calculated and generated based on the current session key. After the current session connection ends, the data interaction is switched to the candidate session key. When the number of updates of the candidate session key reaches a preset threshold, the next round of session keys is distributed to the corresponding subsystems participating in the communication.

[0103] Figure 3 This is a schematic diagram of the structure of a computing device provided in one embodiment of this specification. Figure 3As shown, a computing device 300 includes a storage device 310 and a processor 320. The storage device 310 stores a computer program, and the processor 320 runs the computer program to cause the computing device 300 to perform the steps of the encryption method for multi-subsystem data interaction.

[0104] Figure 4 This is a schematic diagram of the structure of a storage medium provided in one embodiment of this specification. For example... Figure 4 As shown, a storage medium 400 stores a computer program 410 used in the computing device, which, when executed by a processor, implements the steps of the encryption method for multi-subsystem data interaction.

[0105] In summary, the embodiments of this specification provide an encryption method, system, device, and medium for data interaction among multiple subsystems. This method combines a hybrid encryption strategy with an adaptive key rotation mechanism, which ensures the security of subsystem interaction while maintaining high availability and low latency of services. It is applicable to various scenarios such as finance, healthcare, government affairs, and cloud computing.

[0106] Those skilled in the art will understand that the accompanying drawings are merely schematic diagrams of one embodiment, and the modules or processes shown in the drawings are not necessarily essential for implementing the present invention.

[0107] Those skilled in the art will understand that the modules in the apparatus of the embodiments can be distributed in the apparatus of the embodiments as described in the embodiments, or they can be located in one or more devices different from this embodiment with corresponding changes. The modules of the above embodiments can be combined into one module, or they can be further divided into multiple sub-modules.

[0108] Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, and not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features; and these modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims

1. An encryption method for data interaction in a multi-subsystem system, characterized in that, include: Receives a communication request instruction between the first subsystem and the second subsystem, generates a current session key for the current communication request, encrypts the current session key using an asymmetric encryption algorithm and sends it to the first subsystem and the second subsystem respectively, and performs identity authentication on the first subsystem and the second subsystem; After the first and second subsystems receive the current session key and complete the authentication of both parties by decrypting it according to the asymmetric encryption algorithm, they use the symmetric encryption algorithm to encrypt, transmit, and decrypt the interactive data to be transmitted between the two subsystems. During the transmission of encrypted interactive business data by the subsystems involved in the communication, a symmetric encryption algorithm is used to digitally sign the hash digest of the interactive data and calculate the hash value for integrity verification, thereby realizing encrypted data interaction between the subsystems. During data interaction within the subsystem, each session key Maximum lifespan is set. Maximum allowed amount of encrypted data Safety threshold The lifecycle of each current session key is monitored, and the monitoring data includes the session key itself. Duration of use Total amount of encrypted interactive data and the security level required for current interactive business data. ; Based on the session key Duration of use Total amount of encrypted interactive data Maximum lifespan Maximum allowed amount of encrypted data Calculate the key lifetime F using the following formula. in, , The preset weighting coefficient has a value between 0 and 1; if the security threshold of the session key... The security level is lower than that required for the current interactive business data. Alternatively, if the key lifetime value F of the session key is greater than a preset threshold, then a session key switch is triggered; After the session key switch is triggered but before the actual switch, the current session key will be used. Maintain the existing connection based on the current session key. Calculate and generate candidate session keys Among them, candidate session keys The security threshold is not less than the security level required for the current interactive business data. ; When switching session keys, new connections or data packets after the preset switching point use the candidate session key. For connections established before the handover point, the current session key will continue to be used. The session key handover is completed until the connection terminates normally. The handover process in the time series is as follows: during session key handover, a candidate session key is generated at time t0. New connections or data packets established after the preset handover point at time t1 will be switched to the new candidate session key. At time t2, all connections are switched to the new key. ; Once the number of updates to the candidate session key reaches a preset threshold, the next round of session keys is distributed to the corresponding subsystems participating in the communication through asymmetric encryption.

2. The method according to claim 1, characterized in that, The steps of receiving a communication request instruction between the first subsystem and the second subsystem, generating a current session key for the current communication request, encrypting the current session key using an asymmetric encryption algorithm and sending it to the first subsystem and the second subsystem respectively, and authenticating the identities of the first subsystem and the second subsystem include: Receive the communication request instruction between the first subsystem and the second subsystem, generate the current session key K for the current communication request, encrypt the current session key using the public key of the asymmetric encryption algorithm RSA, and send it to the first subsystem and the second subsystem respectively; The current session key K is obtained by decrypting using the private keys of the first subsystem and the second subsystem respectively: ; ; Where E represents the encryption function, D represents the decryption function, and PK A and PK B SK are the public keys of the first subsystem A and the second subsystem B, respectively. A and SK B These are the private keys for the first subsystem A and the second subsystem B, respectively. The first and second subsystems are authenticated using public and private keys.

3. The method according to claim 1, characterized in that, The steps described above, after the first and second subsystems receive the current session key and complete the authentication of both communicating parties by decrypting it according to the asymmetric encryption algorithm, and then encrypt, transmit, and decrypt the interactive data to be transmitted between the two subsystems using a symmetric encryption algorithm, include: After the first and second subsystems receive the current session key and complete the authentication of both parties by decrypting it using an asymmetric encryption algorithm, they match the corresponding security level encryption algorithm according to the type of interactive data to be transmitted between the two subsystems. The types of interactive data include log data, financial data, and privacy data. Specifically, log data corresponds to the first security level encryption algorithm, which uses AES-128; financial data corresponds to the second security level encryption algorithm, which uses AES-256; and privacy data corresponds to the third security level encryption algorithm, which uses AES-256. The interactive data is encrypted, transmitted, and decrypted using an encryption algorithm corresponding to the security level of the data to be transmitted; the key life value is calculated according to the above formula. ; If the type of the interactive data to be transmitted matches the third security level, after encrypting the data with AES-256, an asymmetric encryption algorithm is used to digitally sign the hash digest of the interactive data.

4. The method according to claim 1, characterized in that, The above is based on the current session key Calculate and generate candidate session keys The steps include: Using a pre-defined one-way hash function Calculate the candidate session key .

5. The method according to claim 1, characterized in that, The first and second subsystems simultaneously maintain the current session key in local memory. and candidate session keys In candidate session keys After generation, completely erase the current session key from memory. .

6. An encryption system for multi-subsystem data interaction employing the method of any one of claims 1-5, characterized in that, It includes a key generation module, a data transmission module, a data verification module, and a key update module. The key generation module is configured to receive a communication request instruction between the first subsystem and the second subsystem, generate a current session key for the current communication request, encrypt the current session key using an asymmetric encryption algorithm and send it to the first subsystem and the second subsystem respectively, and authenticate the identity of the first subsystem and the second subsystem. The data transmission module is configured to, after the first subsystem and the second subsystem receive the current session key and complete the authentication of both parties by decrypting it according to the asymmetric encryption algorithm, encrypt, transmit, and decrypt the interactive data to be transmitted between the two subsystems using a symmetric encryption algorithm. The data verification module is configured to digitally sign the hash digest of the interactive data using a symmetric encryption algorithm and calculate the hash value for integrity verification during the transmission of encrypted interactive business data by the subsystems participating in the communication, thereby realizing encrypted data interaction between the subsystems. The key update module is configured to monitor the lifecycle of each current session key during subsystem data interaction. If the monitoring data of the current session key meets the switching trigger condition, the existing connection is maintained with the current session key, and a candidate session key for the next round is generated and distributed to the corresponding subsystems participating in the communication. After the current session connection ends, the module switches to using the new candidate session key for data interaction.

7. A computing device, characterized in that, The device includes a storage device and a processor, the storage device being used to store a computer program, and the processor running the computer program to cause the computing device to perform the steps of the method according to any one of claims 1-5.

8. A storage medium, characterized in that, It stores a computer program used in the computing device of claim 7, which, when executed by a processor, implements the steps of the method of any one of claims 1-5.