CN109598137B - Method and system for safely processing data - Google Patents
Method and system for safely processing data Download PDFInfo
- Publication number
- CN109598137B CN109598137B CN201710922980.4A CN201710922980A CN109598137B CN 109598137 B CN109598137 B CN 109598137B CN 201710922980 A CN201710922980 A CN 201710922980A CN 109598137 B CN109598137 B CN 109598137B
- Authority
- CN
- China
- Prior art keywords
- value
- data
- area
- file
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
Abstract
The invention relates to a method and system for safely processing data, the method includes judging whether the data is written; if so, establishing an internal format of the ES file to obtain the ES file; modifying each field value in the ES file data format, and writing the data into the ES file; if not, the ES file is used for reading data. By self-defining a file format, data storage and reading are carried out by utilizing a file, in the stored data, key value encryption protection and value encryption protection are carried out, in the data reading process, file format verification, file security verification and file integrity verification are taken as the premise, three fields of a key value, a value encryption and decryption key and a value encryption and decryption mode are required for obtaining the value at the same time, the data can be extracted, the problem of safety of the data in the storage, operation and transmission processes is solved, various losses caused by data leakage are avoided, and the range of use of the file is very wide.
Description
Technical Field
The present invention relates to a data processing method, and more particularly, to a method and system for securely processing data.
Background
In the world of mobile internet, many new mobile products are popularized to the market every day, such as QQ, wechat, pay treasure, and mei group, which are respectively engaged in different industries such as communication, finance, service, and the like, so as to bring convenience to our lives, and along with operations of user data storage and communication such as user registration, user login, user payment, user chat, and the like, sensitive information such as account number, password, login token, payment password, e-mail, company business license, and the like can also be used in the operations.
For mobile applications, the protection of data security for convenient data processing including storage, operation and transmission needs to be developed around the three aspects, and for the problem of data security, the following three solutions are currently adopted: the first is data encryption and decryption, in the data storage process, plaintext data is encrypted and then stored in a container such as a file or a database which can be stored persistently, when the data needs to be used, the encrypted data is read from the storage container, and the plaintext data is obtained through decryption, wherein a common encryption mode is reversible, for example: AES,3DES, RSA, etc., and also irreversible encryption schemes such as: the MD5 verifies that the data security can be guaranteed through practice of the data encrypted by the algorithms, but the data encryption and decryption can only guarantee that the data is safe in a storage container, and the data is stolen when leaving the storage container; the second mode is binary file operation, for the operation of data, the operation process written by using c/c + + files is much safer than that written by java and other languages, because the former compiled target file is obj (.o) binary file, while the latter, for example java, compiled class file, which is easy to be reverse-compiled to source code, therefore, the operation process of data is stored by using binary file, which can also play a good protection role for data, but for mobile terminal application, the operation of data is put into binary file, and the required technical threshold is higher; the third mode is starting from a communication channel, data only can be operated back and forth at a client and a server, other channel operations do not play any role, but the data can be illegally intercepted and stolen in the transmission process, the https communication protocol can ensure the safety of the data in the communication channel, and in the current mobile internet application, the http protocol is used for data communication, so that the data in transmission has great potential safety hazards.
Therefore, there is a need to design a method for processing data safely, which solves the problem of security of data during storage, operation and transmission, avoids various losses caused by data leakage, and has a very wide file usage range.
Disclosure of Invention
The present invention is directed to overcoming the disadvantages of the prior art and providing a method and system for securely processing data.
In order to achieve the purpose, the invention adopts the following technical scheme: a method for securely processing data, the method comprising:
judging whether the data is written;
if so, establishing an internal format of the ES file to obtain the ES file;
modifying each field value in the ES file data format, and writing the data into the ES file;
if not, the ES file is used for reading data.
The further technical scheme is as follows: the method comprises the steps of establishing an internal format of the ES file and acquiring the ES file, and comprises the following specific steps:
according to the field definition and the length definition of the header area, distributing data spaces with the same size in the memory and creating a header data area of the ES file;
creating an index data area of the ES file;
creating a keypad of the ES file;
creating a value area of the ES file;
and in the mapping of the internal storage space, assigning values to all fields in the header area in sequence according to the field definitions of the header area to form the ES file.
The further technical scheme is as follows: the method comprises the following steps of modifying each field value in the ES file data format and writing data into the ES file:
reading the data of the head area, the index area, the key area and the value area into a memory in sequence according to an ES file format;
acquiring a key area data set according to the records in the header area field and the index area, encrypting the key value, inserting the key value into the tail of the key area data set, and recording the offset and the byte length of the key value;
acquiring a value area data set according to the record in the header area field and the index area, encrypting the value, inserting the value into the tail of the value area data set, and recording the value offset and the byte length;
calculating key region offset, total number of key values, value region offset and total number of value values according to the key value offset and the byte length as well as the value offset and the byte length;
modifying the data of the head area according to the key area offset, the key value total number, the value area offset and the value total number;
data of a header area, an index area, a key area, and a value area within the format of the ES file are updated.
The further technical scheme is as follows: the method comprises the following steps of obtaining a key area data set according to records in a head area field and an index area, encrypting a key value, inserting the key value into the tail of the key area data set, and recording the offset and the byte length of the key value, wherein the method comprises the following specific steps:
acquiring the offset of the key region according to the key region offset and the key value quantity of the head region field;
collecting the offset of the key region, the offset of the key value recorded in the index region and the storage length to obtain a key region data set;
the fixed value and the total number of the key values are combined to generate a character string which is used as a key, the key values are encrypted through a symmetric encryption algorithm, and the encrypted key values are obtained;
and inserting the encrypted key value into the end of the keypad data set, and recording the offset and the byte length of the inserted key value.
The further technical scheme is as follows: the step of modifying the data of the header area according to the key area offset, the total number of key values, the value area offset and the total number of value values comprises the following specific steps:
assigning the key area offset, the key Value total number, the Value area offset and the Value total number to four fields of an offset Value of a key data area, a key number, an offset Value of a Value data area and a Value data number in the head area respectively;
calculating a check code of the ES file, and assigning the check code to a file check code field in the ES file;
assigning the unique code of the ES file to a file unique identification code field of the ES file;
assigning the size of the head of the ES file to a file head size field of the ES file;
the total size of the ES file is assigned to the total file size field of the ES file.
The further technical scheme is as follows: the step of updating the data of the header area, the index area, the key area and the value area in the ES file format comprises the following specific steps:
updating the initial position of the keypad data and the number of key values of the keypad data;
updating the initial position of the value area data and the value number of the value area data;
updating the total length of the file;
acquiring data of a head area except for a file identifier, a file check code and a file identification code, and performing hash operation to acquire the file identification code;
and acquiring data of the head area except the file identification and the file check code, and performing hash operation to acquire the file check code.
The further technical scheme is as follows: the step of reading data by using the ES file comprises the following specific steps:
reading the data of the ES file header area;
the format, integrity and safety of the ES file are verified, and whether the data of the head area of the ES file meet the requirements or not is judged;
if so, acquiring key value position information and value information in the ES file to form a data ciphertext;
if not, the end step is entered.
The further technical scheme is as follows: the method comprises the following steps of checking the format, integrity and safety of the ES file and judging whether the data in the header area of the ES file meets the requirements or not:
judging whether the data stored in the file identification field of the header area is an ethore;
if not, entering the ending step;
if so, calculating the value of the file check code field, acquiring a calculation result, and judging whether the calculation result is consistent with the value stored in the file check code field in the file;
if not, entering the ending step;
if so, judging the value of the unique file identification code field, acquiring a calculation result, and judging whether the calculation result is consistent with the value stored in the unique file identification code field in the file;
if not, entering the ending step;
if yes, the ES file header area data meets the requirements.
The further technical scheme is as follows: the method comprises the following steps of obtaining key value position information and value information in an ES file to form a data ciphertext, and comprises the following specific steps:
reading all key value data stored in the ES file through the key region offset, the key value total number, the key value offset of the index region and the byte length stored by the key value stored in the head region;
the character string generated by combining the fixed value and the total number of the key values is used as a key, and the obtained key value data is decrypted through a symmetric encryption algorithm;
forming a key area data set by the decrypted key value;
acquiring an input key value;
judging whether the input key value is consistent with the key value in the key area data set;
if not, entering the ending step;
if yes, acquiring a key value position in the key area data set consistent with the input key value;
acquiring the offset of the value area and the byte length stored by the value according to the key position and the data reflection of the index area;
acquiring all value data stored in an ES file according to the value area offset, the total number of the value values, the value offset of the index area and the byte length of the value storage in the header area to form value data to be read;
and decrypting the value data to be read according to the value encryption and decryption key and the value encryption and decryption algorithm, and acquiring decrypted value information to form a data ciphertext.
The invention also provides a system for safely processing data, which comprises a writing judgment unit, an ES file construction unit, a data writing unit and a data reading unit;
the writing judging unit is used for judging whether the data is written;
the ES file construction unit is used for building an internal format of the ES file and acquiring the ES file if the ES file construction unit is used for building the internal format of the ES file;
the data writing unit is used for modifying each field value in the ES file data format and writing the data into the ES file;
and the data reading unit is used for reading data by using the ES file if the data is not read by the ES file.
Compared with the prior art, the invention has the beneficial effects that: the invention relates to a method for safely processing data, which stores and reads data by using an ES file through self-defining an ES file format, wherein in the stored data, the encryption protection of a key value and the encryption protection of a value are carried out, and in the process of reading the data, the verification of the file format, the verification of the file safety and the verification of the file integrity are taken as the premise, three fields of the key value, the encryption and decryption key of the value and the encryption and decryption mode of the value are required to be correct simultaneously for obtaining the value, so that the data can be extracted, the problem of the safety of the data in the processes of storage, operation and transmission is solved, various losses caused by data leakage are avoided, and the range of the use of the file is very wide.
The invention is further described below with reference to the accompanying drawings and specific embodiments.
Drawings
FIG. 1 is a flow chart of a method for securely processing data according to an embodiment of the present invention;
FIG. 2 is a flowchart of obtaining an ES file according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating modifying field values in an ES file data format and writing the data into an ES file according to an embodiment of the present invention;
FIG. 4 is a flowchart of a key value insertion at the end of a keypad data set and recording key value offset and byte length provided by an embodiment of the present invention;
FIG. 5 is a flow chart of modifying data in a header region according to an embodiment of the present invention;
FIG. 6 is a flowchart of data in the header area, index area, key area, and value area of a new ES file format according to an embodiment of the present invention;
FIG. 7 is a block diagram illustrating a usage state of a method for securely processing data according to an embodiment of the present invention;
FIG. 8 is a diagram illustrating an ES file structure according to an embodiment of the present invention;
FIG. 9 is a table of field definitions for header areas in an ES file according to an embodiment of the present invention;
FIG. 10 is a table of field definitions of index areas in an ES file according to an embodiment of the present invention;
FIG. 11 is a diagram illustrating the effects of an ES generation tool according to an embodiment of the present invention;
fig. 12 is a block diagram of a system for securely processing data according to an embodiment of the present invention.
Detailed Description
In order to more fully understand the technical content of the present invention, the technical solution of the present invention will be further described and illustrated with reference to the following specific embodiments, but not limited thereto.
As shown in specific embodiments of fig. 1 to 12, the method for safely processing data provided in this embodiment can be applied to the process of storing, operating and transmitting data in the mobile internet, so as to solve the problem of safety of data in the process of storing, operating and transmitting data, avoid various losses caused by data leakage, and have a very wide file use range.
As shown in fig. 1, the present embodiment provides a method for securely processing data, the method including:
s1, judging whether the data is written or not;
s2, if yes, establishing an internal format of the ES file to obtain the ES file;
s3, modifying each field value in the ES file data format, and writing the data into the ES file;
and S4, if not, reading the data by using the ES file.
In step S1, the current data processing method is specifically determined, and the current data processing method is the data writing and storing processing method and the data reading processing method.
For the step S2, the step of building an internal format of the ES file and obtaining the ES file includes the following specific steps:
s21, according to the definition of the header area field and the length definition, allocating data spaces with the same size in the memory and creating the header data area of the ES file;
s22, creating an index data area of the ES file;
s23, creating a keypad of the ES file;
s24, creating a value area of the ES file;
and S25, in the mapping of the internal storage space, assigning values to each field in the header area in sequence according to the field definition of the header area to form the ES file.
The format of the ES file is shown in fig. 8, and the ES file format is divided into four areas according to different purposes: a header area, an index area, a key area and a value area, wherein the header area stores some basic information of the ES file for the verification and attribute value storage of the file, and the detailed field definitions are as shown in FIG. 9; the index area stores data position information used for data retrieval, including information such as key value offset, key value offset length, value offset and value offset length, and plays a role of a bridge when searching key area data and value area data, and the detailed field definition is as shown in fig. 10; all the Key value information is stored in the keypad, when data is retrieved, polling search is required to be performed on the data in the data area to find the position of the Key value, and an offset value (i.e., value _ offset) corresponding to the value in the value area and a length (i.e., value _ length) of the corresponding storage area are found through reflection of an offset value (i.e., Key _ offset) of the Key value stored in the index area in the keypad and the length (i.e., Key _ length) of the storage area corresponding to the Key value, so that the position information of the value data is determined, when a new piece of data is inserted, the Key value information of the new piece of data needs to be stored in the area, wherein the stored data needs to be encrypted; the value area stores sensitive data which needs to be saved by a user, wherein the stored data needs to be encrypted.
For the above step S21, the same size of data space is allocated in the memory according to the header area field definition and the length definition, for example: the field magic is 8 bytes, and storage spaces of a checksum field, a signature field, a version field, a file _ size field, a header _ size field, a key _ offset field, a key _ count field, a value _ offset field and a value _ count field are sequentially allocated. The details are as follows:
public byte[]magic=new byte[8];
public byte[]checksum=new byte[8];
public byte[]signature=new byte[48];
public int version=1;
public byte[]file_size=new byte[4];
public byte[]header_size=new byte[4];
public byte[]key_offset=new byte[4];
public byte[]key_count=new byte[4];
public byte[]value_offset=new byte[4];
public byte[]value_count=new byte[4]。
for the above step S22, the index data area correspondingly stores the key value offset, the size of the storage space occupied by the key value, the value offset, and the size of the storage space occupied by the value in the n pieces of data, so the length of the area is variable, the stored variable is the set ArrayList < byte [ ] >, the set is empty when the file is created, and the field definition and the length in the corresponding storage space are as shown in fig. 10.
For the above step S23, the key values in n pieces of data are stored in the keypad, the length is variable, the stored variable is a set ArrayList < byte [ ] >, and the set is empty when the file is just created.
For the above step S24, the value in the n pieces of data is stored in the value area, the length is variable, the stored variable is a set ArrayList < byte [ ] >, and the set is empty when the file is just created.
For the above step S25, for example, magic is eshore; checksum is to calculate all data except for the magic and the two fields of the Checksum by using an Alder32 algorithm to obtain a string of character strings; the signature is to calculate all data except for the fields of magic, checksum and signature by using an SHA-3 algorithm to obtain a string of character strings; version is default version number 1, and the version number can be changed with large change at the later stage; file _ size is the size of all bytes of the calculation header area, index area, key area, value area; header _ size is the size of all bytes of the calculated header area; key _ offset is used for calculating the first address offset of the key area storage area; key _ count is default value 0; value _ offset is the offset of the first address of the storage area of the calculated value area; value _ count is a default value of 0.
Further, regarding the step S3, the step of modifying each field value in the data format of the ES file and writing the data into the ES file includes the following specific steps:
s31, reading the data of the header area, the index area, the key area and the value area into a memory in sequence according to the ES file format;
s32, acquiring a key area data set according to the records in the header area field and the index area, encrypting the key value, inserting the key value into the tail of the key area data set, and recording the offset and the byte length of the key value;
s33, acquiring a value area data set according to the header area field and the record in the index area, encrypting the value, inserting the value into the tail of the value area data set, and recording the value offset and the byte length;
s34, calculating key region offset, total key value, value region offset and total value according to the key value offset and the byte length, and the value offset and the byte length;
s35, modifying the data of the header area according to the key area offset, the total number of key values, the value area offset and the total number of value values;
s36, updating data of the header area, the index area, the key area, and the value area in the ES file format.
For the above steps S31 to S36, the data writing is specifically performed by using the ES file, that is, the ES file is used to store a piece of data, specifically, the data writing process is performed on the ES file, and the process is the process of modifying each field value in the data format of the ES file, where the encryption algorithm includes a key value, a value, a key value for encrypting and decrypting the value, and an encryption algorithm for encrypting and decrypting the value.
For the step S32, the key region data set is obtained according to the record in the header region field and the index region, the key value is encrypted, the key value is inserted into the end of the key region data set, and the step of recording the key value offset and the byte length includes the following specific steps:
s321, obtaining the offset of the key region according to the key region offset and the key value number of the head region field;
s322, collecting the offset of the key region, the offset of the key value recorded in the index region and the storage length to obtain a key region data set;
s323, a character string generated by combining the fixed value and the total number of the key values is used as a key, and the key values are encrypted through a symmetric encryption algorithm to obtain the encrypted key values;
s324, inserting the encrypted key value into the end of the key area data set, and recording the offset and the byte length of the inserted key value.
For the above step S33, specifically, the offset of the value area is obtained according to the header area fields value _ offset and value _ count (the number of value values), the value area data set is obtained by combining the value offset and the storage length recorded in the index area, the value is encrypted by using the transmitted value encryption and decryption key and value encryption and decryption algorithm, the encrypted value is inserted at the end of the value area data set, and the inserted value offset and byte length are recorded.
In the data storage process, the data storage mode of the ES file is binary file storage, and high-security data storage technologies such as data encryption and decryption, multiple dynamic data acquisition conditions and the like are performed in combination with encryption and decryption of the key value and the value, so that the safety of the data in the ES file, the ES file generation process and the ES file operation process is ensured. The value after encryption is stored in the value area, so that the data of a user can be used in a relatively safe environment through a protection measure on sensitive data, and various losses caused by information leakage are avoided; the data is protected in the form of files, more thinking space is provided for a program designer, and the data can be stored locally or stored in a server.
For the above step S34, according to the obtained key value offset, value offset, key value byte length, and value byte length, a piece of data including four fields, such as key _ offset, key _ length, value _ offset, and value _ length, is added to the index area data set, and then assigned, and the key area offset, the total number of key values, the value area offset, and the total number of value values are calculated to modify the index area data.
Further, the step of S35, modifying the data in the header area according to the key region offset, the total number of key values, the value area offset and the total number of value values, includes the following specific steps:
s351, respectively assigning the key region offset, the key Value total number, the Value region offset and the Value total number to four fields of an offset Value, a key number, an offset Value of a Value data region and a Value data number of a key data region in the head region;
s352, calculating a check code of the ES file, and assigning the check code to a file check code field in the ES file;
s353, assigning the unique code of the ES file to the unique file identification code field of the ES file;
s354, assigning the size of the head of the ES file to a file head size field of the ES file;
s355, assigning the total size of the ES file to a total file size field of the ES file.
For the above step S36, the step of updating the data of the header area, index area, key area and value area in the ES file format includes the following specific steps:
s361, updating the initial position of the keypad data and the key value quantity of the keypad data;
s362, updating the initial position of the value area data and the value area data value number;
s363, updating the total length of the file;
s364, acquiring data of the head area except for the file identification, the file check code and the file identification code, and performing hash operation to acquire the file identification code;
s365, acquiring data of the header area except the file identification and the file check code, and performing hash operation to acquire the file check code.
The ES file is used for storing data, and the key value and the value are used for encrypting and decrypting the data, so that the safety of the data storage and writing process is guaranteed.
Further, the step S4, namely the step of reading data by using the ES file, includes the following steps:
s41, reading the header area data of the ES file;
s42, checking the format, integrity and safety of the ES file, and judging whether the data in the header area of the ES file meet the requirements;
s43, if yes, key value position information and value information in the ES file are obtained, and a data ciphertext is formed;
if not, the end step is entered.
For the above-mentioned steps S41 through S43, the information required for the ES file to read one piece of data is: the key value, the key value for encrypting and decrypting the value and the encryption algorithm for encrypting and decrypting the value have high security, data stored in the ES file are read through data recovery processes such as file verification, key value decryption, value decryption and the like, the data can be correctly obtained only through a plurality of condition combinations, the key value, the key for encrypting and decrypting the value and the encryption and decryption modes for encrypting and decrypting the value are all correct, and the data can be correctly obtained through re-verification and decryption processes in the data reading process of the file, so that the security of the data stored in the file is ensured.
For the step S41, the data in the header area, the index area, the key area, and the value area are read into the memory in sequence according to the format of the ES file, and in the process of reading the data according to the key value, the ES file is converted into a byte array, and the data in the header area of the ES file is read from the byte array.
Furthermore, the step S42, which is to check the format, integrity and security of the ES file and determine whether the data in the header area of the ES file meets the requirements, includes the following steps:
s421, judging whether the data stored in the file identification field of the header area is an eshore;
if not, entering the ending step;
s422, if yes, calculating the value of the file check code field, acquiring a calculation result, and judging whether the calculation result is consistent with the value stored in the file check code field in the file;
if not, entering the ending step;
s423, if yes, judging the value of the file unique identification code field, acquiring a calculation result, and judging whether the calculation result is consistent with the value stored in the file unique identification code field;
if not, entering the ending step;
s424, if yes, the ES file header area data meets the requirement.
The step S421 is to obtain whether the currently operated file is a data security file, the step S422 is to verify the integrity of the file, and the step S423 is to verify the security of the file. In the step S422, the hash operation is performed by acquiring the data of the header area except the file identifier and the file check code to acquire the file check code; in the step S423, the file identification code is obtained by obtaining the data of the header area except the file identifier, the file check code, and the file identification code, and performing hash operation.
In the process of reading data from the file, the data needs to be re-checked and decrypted, so that the safety of the data stored in the file is ensured.
Further, the step S43, namely, the step of obtaining key value position information and value information in the ES file to form a data ciphertext, includes the following specific steps:
s431, reading all key value data stored in the ES file through the key region offset, the key value total number, the key value offset of the index region and the byte length stored by the key value stored in the head region;
s432, a character string generated by combining the fixed value and the total number of the key values is used as a key, and the obtained key value data is decrypted through a symmetric encryption algorithm;
s433, forming a key area data set by the decrypted key values;
s434, acquiring an input key value;
s435, judging whether the input key value is consistent with the key value in the key area data set;
if not, entering the ending step;
s436, if yes, acquiring a key value position in the key area data set consistent with the input key value;
s437, acquiring the offset of the value area and the byte length of the value storage according to the key position and the data reflection of the index area;
s438, acquiring all value data stored in the ES file according to the value area offset stored in the header area, the total number of the value values, the value offset stored in the index area and the byte length stored in the value, and forming value data to be read;
and S439, decrypting the value data to be read according to the value encryption and decryption key and the value encryption and decryption algorithm, and acquiring decrypted value information to form a data ciphertext.
In the above steps S431 to S439, a plurality of condition combinations for acquiring data are required, and all the key values, the keys for encrypting and decrypting the value values, and the encryption and decryption modes for the value values are required to be correct, so that data can be correctly acquired; the file use range is very wide, and the file can be used on systems with file operation capability, such as mobile phones, flat panels, pc computers and the like; a new solution idea is provided in the aspects of data storage, operation and transmission safety, the verification of a file format, the verification of file safety, the verification of file integrity, the encryption protection of a key value, the encryption protection of a value, the read-write separation of a file are realized by self-defining the file format, the key value, the encryption and decryption key of the value and the encryption and decryption mode of the value are required to be correct simultaneously for obtaining the value, and the ES file can be operated, wherein the fixed value is an eshore.
The method for safely processing data is integrated in a generation tool of an ES file, can be used in any system supporting file operation, different SDK tools can be packaged according to different operating systems, the SDK mainly has the function of reading data of the ES file, and parameters necessary for reading the data comprise: key value, value encryption and decryption key and value encryption and decryption mode. The ES file can be stored locally or transmitted via a network. The ES file generation tool is separated from the SDK, so that the reading and writing separation of the ES file is realized, and the safety of the file in the use process is ensured.
Taking an example: for example, in the Android application, when the application needs to store a private key in an asymmetric encryption manner in the payment process, if the private key is directly written into the application, the application is broken, which may cause economic loss. So the private key is selected to be saved in the data security file.
The data set for storing the private key is a key value, the private key, a signature string of an application program, and a method (AES,3DES, etc.) for encrypting and decrypting the private key. The signature character string of the application program is used as a key for encrypting and decrypting the private key, and the method has the advantages of uniqueness, privacy and dynamic acquisition of the signature character string by the application program through the code without key data appearing in the code.
And acquiring a data set of the private key to form a key value and encrypting and decrypting the private key (AES,3DES and the like). The key for encrypting and decrypting the private key is dynamically obtained through codes, and correct private key data can be safely obtained through triple measures of variable + dynamic obtaining + encryption and decryption.
According to the method for safely processing data, the ES file is used for storing and reading data by self-defining the ES file format, the key value is subjected to encryption protection and the value is subjected to encryption protection in the stored data, the verification of the file format, the file safety and the file integrity are verified on the premise in the data reading process, the key value, the value encryption and decryption key and the value encryption and decryption mode are required to be correct simultaneously for obtaining the value, the data can be extracted, the problem of safety of the data in the storing, operating and transmitting processes is solved, various losses caused by data leakage are avoided, and the using range of the file is very wide.
As shown in fig. 12, the present embodiment also provides a system for securely processing data, which includes a writing judgment unit 1, an ES file construction unit 2, a data writing unit 3, and a data reading unit 4.
A write judging unit 1 for judging whether the data is written.
And the ES file constructing unit 2 is used for constructing the internal format of the ES file and acquiring the ES file if the ES file is in the original format.
And the data writing unit 3 is used for modifying each field value in the data format of the ES file and writing the data into the ES file.
And the data reading unit 4 is used for reading data by using the ES file if the data is not read.
The ES file constructing unit 2 described above includes a header area creating module, an index area creating module, a keypad creating module, a value area creating module, and a value assigning module.
And the header area creating module is used for allocating data spaces with the same size in the memory according to the header area field definition and the length definition and creating a header data area of the ES file.
And the index area creating module is used for creating an index data area of the ES file.
And the keypad creating module is used for creating a keypad of the ES file.
And the value area creating module is used for creating the value area of the ES file.
And the assignment module is used for sequentially assigning values to all fields in the header area according to the field definitions of the header area in the mapping of the internal storage space to form the ES file.
Further, the data writing unit 3 includes a preprocessing module, a key value processing module, a value processing module, a key region modification module, a header region modification module, and a data update module.
And the preprocessing module is used for reading the data of the head area, the index area, the key area and the value area into the memory in sequence according to the ES file format.
And the key value processing module is used for acquiring the key region data set according to the records in the header region field and the index region, encrypting the key value, inserting the key value into the tail of the key region data set, and recording the offset and the byte length of the key value.
And the value processing module is used for acquiring a value area data set according to the header area field and the record in the index area, encrypting the value, inserting the value into the tail of the value area data set, and recording the value offset and the byte length.
And the keypad modification module is used for calculating the keypad offset, the total number of the key values, the value area offset and the total number of the value values according to the key value offset and the byte length as well as the value offset and the byte length.
And the head area modification module is used for modifying the data of the head area according to the key area offset, the total number of key values, the value area offset and the total number of value values.
And the data updating module is used for updating the data of the header area, the index area, the key area and the value area in the ES file format.
The key value processing module comprises an offset acquisition submodule, a keypad data set acquisition submodule, a key encryption submodule and a recording submodule.
And the offset acquisition submodule is used for acquiring the offset of the key region according to the key region offset and the key value number of the head region field.
And the keypad data set acquisition submodule is used for collecting the offset of the keypad, the key value offset recorded in the index area and the storage length to acquire the keypad data set.
And the key encryption submodule is used for taking a character string generated by combining the fixed value and the total number of the key values as a key, encrypting the key values through a symmetric encryption algorithm and acquiring the encrypted key values.
And the recording submodule is used for inserting the encrypted key value into the tail of the keypad data set and recording the offset and the byte length of the inserted key value.
In addition, the head area modification module comprises a field assignment submodule, a check code calculation submodule, an identification code assignment submodule, a head size assignment submodule and a total size assignment submodule.
And the field assignment submodule is used for assigning the key region offset, the key Value total number, the Value region offset and the Value total number to four fields of an offset Value, a key number, an offset Value of a Value data region and a Value data number of the key data region in the head region respectively.
And the check code calculation submodule is used for calculating the check code of the ES file and assigning the check code to a file check code field in the ES file.
And the identification code assignment submodule is used for assigning the unique code of the ES file to the unique identification code field of the ES file.
And the head size assignment submodule is used for assigning the head size of the ES file to a file head size field of the ES file.
And the total size assignment submodule is used for assigning the total size of the ES file to a file total size field of the ES file.
Furthermore, the data updating module comprises a keypad updating submodule, a value area updating submodule, a file total length updating submodule, a file identification code obtaining submodule and a file check code obtaining submodule.
And the keypad updating submodule is used for updating the starting position of the keypad data and the number of key values of the keypad data.
And the value area updating submodule is used for updating the starting position of the value area data and the value quantity of the value area data.
And the file total length updating submodule is used for updating the file total length.
And the file identification code acquisition submodule is used for acquiring the data of the head area except the file identification, the file check code and the file identification code, and performing Hash operation to acquire the file identification code.
And the file check code acquisition submodule is used for acquiring the data of the head area except the file identification and the file check code, and performing hash operation to acquire the file check code.
Furthermore, the data reading unit 4 includes a header area reading module, a verification module, and a data ciphertext obtaining module.
And the header area reading module is used for reading the data of the header area of the ES file. And the checking module is used for checking the format, integrity and safety of the ES file and judging whether the data in the head area of the ES file meets the requirements or not. And the data ciphertext acquisition module is used for acquiring key value position information and value information in the ES file to form a data ciphertext if the data ciphertext is acquired. The check module comprises a format judgment submodule, a check code judgment submodule and an identification code judgment submodule. The format judgment submodule is used for judging whether the data stored in the file identification field of the header area is an echo or not; the check code judging submodule is used for calculating the value of the file check code field, acquiring a calculation result and judging whether the calculation result is consistent with the value stored in the file check code field in the file; the identification code judging submodule is used for calculating the value of the file unique identification code field, acquiring a calculation result and judging whether the calculation result is consistent with the value stored in the file unique identification code field in the file; if yes, the ES file header area data meets the requirements.
The data ciphertext acquisition module comprises a key value data reading sub-module, a key decryption sub-module, a set forming sub-module, a key value input sub-module, a consistency judgment sub-module, a key value position acquisition sub-module, a transmitting sub-module, a value data acquisition sub-module and a data ciphertext forming sub-module.
And the key value data reading submodule is used for reading all the key value data stored in the ES file through the key area offset stored in the head area, the key value total number, the key value offset stored in the index area and the byte length stored in the key value. And the key decryption submodule is used for decrypting the acquired key value data through a symmetric encryption algorithm by using a character string generated by combining the fixed value and the total number of the key values as a key. And the set forming submodule is used for forming the decrypted key values into a keypad data set. And the key value input submodule is used for acquiring the input key value. And the consistency judgment submodule is used for judging whether the input key value is consistent with the key value in the key area data set or not. And the key value position acquisition submodule is used for acquiring the key value position in the key area data set consistent with the input key value if the key value position acquisition submodule is used for acquiring the key value position in the key area data set consistent with the input key value. And the transmitting submodule is used for acquiring the offset of the value area and the byte length stored by the value according to the key position and the data reflection of the index area. And the value data acquisition sub-module is used for acquiring all value data stored in the ES file according to the value area offset stored in the header area, the total number of the value values, the index area value offset and the byte length stored in the value values to form the value data needing to be read. And the data ciphertext forming sub-module is used for decrypting the value data to be read according to the value encryption and decryption key and the value encryption and decryption algorithm, acquiring decrypted value information and forming a data ciphertext.
According to the system for safely processing data, the ES file is used for storing and reading data by self-defining the ES file format, the key value is encrypted and protected, the value is encrypted and protected in the stored data, in the data reading process, the verification of the file format, the verification of the file safety and the verification of the file integrity are taken as the premise, three fields of the key value, the encryption and decryption key of the value and the encryption and decryption mode of the value are required to be correct simultaneously for obtaining the value, the data can be extracted, the problem of safety of the data in the storing, operating and transmitting processes is solved, various losses caused by data leakage are avoided, and the using range of the file is very wide.
The technical contents of the present invention are further illustrated by the examples only for the convenience of the reader, but the embodiments of the present invention are not limited thereto, and any technical extension or re-creation based on the present invention is protected by the present invention. The protection scope of the invention is subject to the claims.
Claims (8)
1. A method for securely processing data, the method comprising:
judging whether the current operation is a data writing operation or not;
if so, building an internal format of the custom file to obtain the custom file;
modifying each field value in the data format of the user-defined file, and writing the data into the user-defined file;
if not, reading data by using the custom file;
the method comprises the steps of building an internal format of a custom file and obtaining the custom file, and comprises the following specific steps:
according to the field definition and the length definition of the header area, distributing data spaces with the same size in the memory and creating a header data area of the custom file;
creating an index data area of a user-defined file;
creating a keypad of a custom file;
creating a value area of a custom file;
in the mapping of the internal storage space, according to the field definition of the head area, assigning values to all fields in the head area in sequence to form a custom file;
the step of modifying each field value in the data format of the custom file and writing the data into the custom file comprises the following specific steps:
reading the data of the head area, the index area, the key area and the value area into a memory in sequence according to a custom file format;
acquiring a key area data set according to the records in the header area field and the index area, encrypting the key value, inserting the key value into the tail of the key area data set, and recording the offset and the byte length of the key value;
acquiring a value area data set according to the record in the header area field and the index area, encrypting the value, inserting the value into the tail of the value area data set, and recording the value offset and the byte length;
calculating key region offset, total number of key values, value region offset and total number of value values according to the key value offset and the byte length as well as the value offset and the byte length;
modifying the data of the head area according to the key area offset, the key value total number, the value area offset and the value total number;
and updating the data of the header area, the index area, the key area and the value area in the custom file format.
2. The method of claim 1, wherein the steps of obtaining a keypad data set according to the record in the header area field and the index area, encrypting the key value, inserting the key value into the end of the keypad data set, and recording the offset and the byte length of the key value comprise the following specific steps:
acquiring the offset of the key region according to the key region offset and the key value quantity of the head region field;
collecting the offset of the key region, the offset of the key value recorded in the index region and the storage length to obtain a key region data set;
the fixed value and the total number of the key values are combined to generate a character string which is used as a key, the key values are encrypted through a symmetric encryption algorithm, and the encrypted key values are obtained;
and inserting the encrypted key value into the end of the keypad data set, and recording the offset and the byte length of the inserted key value.
3. The method of claim 1, wherein the step of modifying the data in the header region based on the key field offset, the total number of key values, the value field offset, and the total number of value values comprises the steps of:
assigning the key area offset, the key Value total number, the Value area offset and the Value total number to four fields of an offset Value of a key data area, a key number, an offset Value of a Value data area and a Value data number in the head area respectively;
calculating a check code of the user-defined file, and assigning the check code to a file check code field in the user-defined file;
assigning the unique code of the user-defined file to the unique file identification code field of the user-defined file;
assigning the size of the head of the user-defined file to a file head size field of the user-defined file;
and assigning the total size of the custom file to a total file size field of the custom file.
4. The method for securely processing data according to claim 1, wherein the step of updating the data of the header region, the index region, the key region and the value region in the custom file format comprises the following specific steps:
updating the initial position of the keypad data and the number of key values of the keypad data;
updating the initial position of the value area data and the value number of the value area data;
updating the total length of the file;
acquiring data of a head area except for a file identifier, a file check code and a file identification code, and performing hash operation to acquire the file identification code;
and acquiring data of the head area except the file identification and the file check code, and performing hash operation to acquire the file check code.
5. The method for safely processing data according to any one of claims 1 to 4, wherein the step of reading data by using a custom file comprises the following specific steps:
reading the data of the header area of the user-defined file;
the format, integrity and safety of the user-defined file are checked, and whether the data of the head area of the user-defined file meet the requirements or not is judged;
if so, acquiring key value position information and value information in the user-defined file to form a data ciphertext;
if not, the end step is entered.
6. The method for safely processing data according to claim 5, wherein the step of checking the format, integrity and safety of the custom file and judging whether the data in the header area of the custom file meets the requirements comprises the following specific steps:
judging whether the data stored in the file identification field of the header area is an ethore;
if not, entering the ending step;
if so, calculating the value of the file check code field, acquiring a calculation result, and judging whether the calculation result is consistent with the value stored in the file check code field in the file;
if not, entering the ending step;
if so, judging the value of the unique file identification code field, acquiring a calculation result, and judging whether the calculation result is consistent with the value stored in the unique file identification code field in the file;
if not, entering the ending step;
if yes, the data of the custom file header area meets the requirements.
7. The method for safely processing data according to claim 6, wherein the step of obtaining key value position information and value information in the custom file to form a data ciphertext comprises the following specific steps:
reading all key value data stored in the custom file through the key area offset, the key value total number, the key value offset of the index area and the byte length stored by the key value stored in the head area;
the character string generated by combining the fixed value and the total number of the key values is used as a key, and the obtained key value data is decrypted through a symmetric encryption algorithm;
forming a key area data set by the decrypted key value;
acquiring an input key value;
judging whether the input key value is consistent with the key value in the key area data set;
if not, entering the ending step;
if yes, acquiring a key value position in the key area data set consistent with the input key value;
acquiring the offset of the value area and the byte length stored by the value according to the key position and the data reflection of the index area;
acquiring all value data stored in a custom file according to the value area offset, the total number of the value values, the value offset of the index area and the byte length stored by the value stored in the header area to form value data to be read;
and decrypting the value data to be read according to the value encryption and decryption key and the value encryption and decryption algorithm, and acquiring decrypted value information to form a data ciphertext.
8. A system for safely processing data is characterized by comprising a writing judgment unit, a self-defined file construction unit, a data writing unit and a data reading unit;
the write judging unit is used for judging whether the current operation is a data write operation;
the user-defined file construction unit is used for building an internal format of the user-defined file and acquiring the user-defined file if the user-defined file construction unit is used for building the internal format of the user-defined file;
the data writing unit is used for modifying each field value in the data format of the custom file and writing the data into the custom file;
the data reading unit is used for reading data by using the user-defined file if the data is not read;
the ES file construction unit comprises a head area creation module, an index area creation module, a key area creation module, a value area creation module and a value assignment module;
the header area creating module is used for distributing data spaces with the same size in the memory according to the header area field definition and the length definition and creating a header data area of the custom file;
the index area creating module is used for creating an index data area of the user-defined file;
the key area creating module is used for creating a key area of a custom file;
the value area creating module is used for creating a value area of the user-defined file;
the assignment module is used for sequentially assigning values to all fields in the head area according to the field definition of the head area in the mapping of the internal storage space to form a custom file;
the data writing unit comprises a preprocessing module, a key value processing module, a value processing module, a key area modification module, a head area modification module and a data updating module;
the preprocessing module is used for reading the data of the head area, the index area, the key area and the value area into the memory in sequence according to a custom file format;
the key value processing module is used for acquiring a key region data set according to the records in the head region field and the index region, encrypting the key value, inserting the key value into the tail of the key region data set, and recording the offset and the byte length of the key value;
the value processing module is used for acquiring a value area data set according to the header area field and the record in the index area, encrypting the value, inserting the value into the tail of the value area data set, and recording the value offset and the byte length;
the key area modification module is used for calculating key area offset, total number of key values, value area offset and total number of value values according to the key value offset, the byte length, the value offset and the byte length;
the head area modification module is used for modifying the data of the head area according to the key area offset, the total number of key values, the value area offset and the total number of value values;
and the data updating module is used for updating the data of the head area, the index area, the key area and the value area in the custom file format.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710922980.4A CN109598137B (en) | 2017-09-30 | 2017-09-30 | Method and system for safely processing data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710922980.4A CN109598137B (en) | 2017-09-30 | 2017-09-30 | Method and system for safely processing data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109598137A CN109598137A (en) | 2019-04-09 |
| CN109598137B true CN109598137B (en) | 2021-08-13 |
Family
ID=65956908
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710922980.4A Active CN109598137B (en) | 2017-09-30 | 2017-09-30 | Method and system for safely processing data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109598137B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110502602B (en) * | 2019-08-14 | 2023-10-17 | 平安科技(深圳)有限公司 | Data storage method, device, equipment and computer storage medium |
| CN113608889A (en) * | 2021-07-13 | 2021-11-05 | 广州市百果园网络科技有限公司 | Message data processing method, device, equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103093137A (en) * | 2013-01-21 | 2013-05-08 | 西北工业大学 | File safe distribution method based on universal series bus (USB) flash disk |
| CN105740725A (en) * | 2016-01-29 | 2016-07-06 | 北京大学 | File protection method and system |
| CN106874715A (en) * | 2016-12-30 | 2017-06-20 | 上海掌门科技有限公司 | Encryption method and system that a kind of anti-reversing is cracked |
-
2017
- 2017-09-30 CN CN201710922980.4A patent/CN109598137B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103093137A (en) * | 2013-01-21 | 2013-05-08 | 西北工业大学 | File safe distribution method based on universal series bus (USB) flash disk |
| CN105740725A (en) * | 2016-01-29 | 2016-07-06 | 北京大学 | File protection method and system |
| CN106874715A (en) * | 2016-12-30 | 2017-06-20 | 上海掌门科技有限公司 | Encryption method and system that a kind of anti-reversing is cracked |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109598137A (en) | 2019-04-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110245506B (en) | Intelligent contract management method and device based on block chain and electronic equipment | |
| US10891384B2 (en) | Blockchain transaction device and method | |
| US20220027515A1 (en) | Decentralized Token Table Generation | |
| US9798677B2 (en) | Hybrid cryptographic key derivation | |
| US10659226B2 (en) | Data encryption method, decryption method, apparatus, and system | |
| US8955143B1 (en) | Use of decoy data in a data store | |
| CN105468990A (en) | Sensitive information management control method and apparatus | |
| CN105337941A (en) | Method and device for providing device identifier | |
| CN109271798A (en) | Sensitive data processing method and system | |
| US20070226513A1 (en) | Ic Card for Encryption or Decryption Process and Encrypted Communication System and Encrypted Communication Method Using the Same | |
| CN107438061B (en) | Method and device for authenticating kafka client | |
| CN106682521B (en) | File transparent encryption and decryption system and method based on driver layer | |
| CN111178840A (en) | Service processing method, device, system, electronic equipment and storage medium | |
| CN109598137B (en) | Method and system for safely processing data | |
| CN109005196A (en) | Data transmission method, data decryption method, device and electronic equipment | |
| CN107872315B (en) | Data processing method and intelligent terminal | |
| CN104484628A (en) | Multi-application intelligent card with encryption and decryption functions | |
| CN102799815A (en) | Method and device for safely loading program library | |
| CN108763401A (en) | A kind of reading/writing method and equipment of file | |
| CN112199697A (en) | Information processing method, device, equipment and medium based on shared root key | |
| CN107733936B (en) | Encryption method for mobile data | |
| CN111143879A (en) | Android platform SD card file protection method, terminal device and storage medium | |
| CN103679045A (en) | File security control system and method | |
| CN112311536B (en) | Key hierarchical management method and system | |
| CN103544011B (en) | A kind of dynamic creation is also used the method for functional object |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |