Search

CN-116886373-B - Secret assessment system and secret assessment method based on business system

CN116886373BCN 116886373 BCN116886373 BCN 116886373BCN-116886373-B

Abstract

The invention discloses a secret evaluation system and a secret evaluation method based on a service system, wherein the secret evaluation system comprises a configuration list module, an automatic configurator, an identity authentication interface interceptor, a response interceptor and an ORM adapter, wherein the configuration list module is connected with the automatic configurator, the automatic configurator is respectively connected with the identity authentication interface interceptor, the ORM adapter and the response interceptor, the identity authentication interface interceptor is connected with a database through the ORM adapter, and the response interceptor is connected with the database through the ORM adapter. According to the secret evaluation system, by using SPRING SPI mechanisms and the encapsulation of the ORM adapter on the secret evaluation tool, the development flow of secret correct is optimized, complex data protection work in secret correct construction work is avoided, the system service codes are not invaded, specific realization logic of an algorithm is not needed to be concerned for a user, and the secret evaluation system is convenient and quick to use.

Inventors

  • Tan Niping
  • HUANG PENG
  • QIU JIE
  • LU MIN
  • LIU DEAN

Assignees

  • 中电信数智科技有限公司

Dates

Publication Date
20260508
Application Date
20230720

Claims (8)

  1. 1. The secret evaluation system based on the business system is characterized by comprising a configuration list module, an automatic configurator, an identity authentication interface interceptor, a response interceptor and an ORM adapter, wherein the configuration list module is connected with the automatic configurator, the automatic configurator is respectively connected with the identity authentication interface interceptor, the ORM adapter and the response interceptor, the identity authentication interface interceptor is connected with a database through the ORM adapter, and the response interceptor is connected with the database through the ORM adapter; the configuration list module is used for providing a list of the user needing to carry out password transformation, and comprises an identity authentication list, a key data confidentiality list and a key data integrity list; The automatic configurator is GmAutoConfiguration, and is used for automatically importing the list in the configuration list module and identifying each configuration in the configuration list module; The identity authentication interface interceptor is used for automatically intercepting login interfaces and registration interfaces which are needed to be used in the identity authentication list, and encrypting, decrypting and comparing password fields after interception; the ORM adapter is used for intercepting database operation SQL, automatically completing encryption aiming at warehouse-in operation, and replacing plaintext data to be entered into the database with ciphertext to enter the database; the response interceptor is to verify the critical data integrity manifest.
  2. 2. The secret evaluation method of the secret evaluation system based on the service system as claimed in claim 1, wherein the secret evaluation system is integrated into a service application system of a user, and the secret evaluation system is configured into a list, and compared with response data in a database, so that the password transformation is completed.
  3. 3. The method of claim 2, wherein if the configuration list is an identification list, the configuration list comprises a user registration list and a user login list.
  4. 4. The secret evaluation method of the secret evaluation system based on the business system according to claim 3, wherein the secret evaluation method of the secret evaluation system comprises the following specific processes in a user registration scene: step 1, a user configures a user registration list through a configuration list module according to user registration requirements; Step 2, the automatic configurator reads a registration interface and a user password field in a user registration list based on SPRING SPI mechanisms; And 3, intercepting the read registration interface by the identity authentication interface interceptor, performing SM3 encryption on a user password field in the registration interface, replacing the user password field with the encrypted ciphertext, and delivering the encrypted ciphertext to the ORM adapter for storage in a database to continuously finish the user registration process.
  5. 5. The secret evaluation method of the secret evaluation system based on the business system according to claim 3, wherein the secret evaluation method of the secret evaluation system comprises the following specific processes of: step 1, a user configures a user login list through a configuration list module according to user login requirements; step 2, the automatic configurator reads a login interface and a user password field in a user registration list based on SPRING SPI mechanisms; and 3, intercepting the read login interface by the identity authentication interface interceptor, decrypting the SM2 password field of the user in the login interface, encrypting by using the SM3, comparing the encrypted ciphertext with the ciphertext intercepted by the SQL of the database through the ORM adapter, and if the comparison is consistent, passing the identity authentication, and continuing to finish the login process.
  6. 6. The secret evaluation method of the secret evaluation system based on the business system according to claim 2, wherein if the configuration list is a key data confidentiality list, the secret evaluation method of the secret evaluation system comprises the following specific steps: step 1, a user configures a key data confidentiality list through a configuration list module according to key data confidentiality requirements; Step 2, the automatic configurator reads key data field information based on SPRING SPI mechanisms; And 3, intercepting the SQL of the user by the ORM adapter, identifying a data table and field information operated by the user, encrypting the read key data field information by SM2, completing ciphertext substitution, and storing the ciphertext substitution in a database.
  7. 7. The secret evaluation method of the secret evaluation system based on the business system according to claim 2, wherein if the configuration list is a key data integrity list, the secret evaluation method of the secret evaluation system comprises the following specific steps: Step 1, a user configures a key data integrity list through a configuration list module according to key data integrity list requirements; step 2, the automatic configurator reads the information of the data integrity protection field based on SPRING SPI mechanism; Step 3, the response interceptor completes interception of the response data by creating ResponseBodyAdvice implementation classes, matches the response data information according to the data integrity protection field information, encrypts the matched data by SM3 to obtain a data Hash value, compares the data Hash value with the Hash value stored in the database through the ORM adapter, considers that the data is complete and not tampered if the data is consistent, and tampers the data if the data is inconsistent and the data integrity verification is not passed; And step 4, adding the verification result into the original data.
  8. 8. The secret evaluation method of the secret evaluation system based on the service system according to claim 7, wherein the obtaining process of the Hash value stored into the database through the ORM adapter is that when data is inserted or modified, SQL sentences are automatically intercepted through the ORM adapter, hash operation is carried out, and the data is added into SQL after Hash is generated and stored into the database.

Description

Secret assessment system and secret assessment method based on business system Technical Field The invention belongs to the technical field of password evaluation, and particularly relates to a secret evaluation system and a secret evaluation method based on a service system. Background The country implements a network security level protection system, and a network operator should fulfill the following security protection obligations according to the requirement of the network security level protection system, so as to ensure that the network is prevented from being interfered, destroyed or unauthorized to access, and prevent the network data from being revealed or stolen and tampered. Important industries and fields of public communication and information service, energy, traffic, water conservancy, finance, public service, electronic government affairs and the like of China and other key information infrastructures which can seriously harm national security, national folklore and public interests once being destroyed, losing functions or data leakage are realized, and key protection is implemented on the basis of a network security level protection system. However, the secret evaluation method of the service system meets the requirements of a security level protection system and a password compliance, a developer needs to master professional secret evaluation knowledge, and master related middleware, use flow and operation details of a national secret product and the like to finish secret correct manufacturing work on the system, the secret evaluation work is a special and complex work, the secret evaluation work is related to the service system, the integrity and confidentiality of related data of the service system need to be protected, professional algorithm knowledge is also needed, the password test can score identity authentication, data encryption strategy, integrity strategy and the like of the system at the system software level, the national secret algorithms used by different functional modules are different, and the key protection and other problems of the national secret algorithm are related. The traditional secret evaluation SDK provides encryption and decryption interfaces of various national secret algorithms, such as SM 2/SM 3/SM 4/SM 9, and the like, but how to use the interfaces depends on users, so that if the users are unfamiliar with related business processes, the users can hardly complete the integration and the use of the SDK, in addition, the current technology only provides basic services or tools such as signature verification, encryption and decryption algorithms, and the like, the users complete secret evaluation reconstruction of items based on the services or tools, a large amount of reconstruction work is needed, time and labor are consumed, and meanwhile, business codes are coupled with secret evaluation encryption and decryption codes, so that the later-stage code maintenance is not facilitated. Disclosure of Invention Aiming at the problems in the prior art, the invention provides a secret evaluation system and a secret evaluation method based on a service system, which reduce the reconstruction workload of the service system and have no invasion to the service codes of the service system by optimizing the secret evaluation development flow. The technical scheme is that the secret evaluation system based on the service system comprises a configuration list module, an automatic configurator, an identity authentication interface interceptor, a response interceptor and an ORM adapter, wherein the configuration list module is connected with the automatic configurator, the automatic configurator is respectively connected with the identity authentication interface interceptor, the ORM adapter and the response interceptor, the identity authentication interface interceptor is connected with a database through the ORM adapter, and the response interceptor is connected with the database through the ORM adapter. Further, the configuration list module is used for providing a list of the user needing to carry out password transformation, and comprises an identity authentication list, a key data confidentiality list and a key data integrity list; The automatic configurator is GmAutoConfiguration, and is used for automatically importing the list in the configuration list module and identifying each configuration in the configuration list module; The identity authentication interface interceptor is used for automatically intercepting login interfaces and registration interfaces which are needed to be used in the identity authentication list, and encrypting, decrypting and comparing password fields after interception; the ORM adapter is used for intercepting database operation SQL, automatically completing encryption aiming at warehouse-in operation, and replacing plaintext data to be entered into the database with ciphertext to enter the database; the response interceptor is to verif