CN113343281A - OTP encryption as a service cloud computing method and system oriented to data transaction - Google Patents
OTP encryption as a service cloud computing method and system oriented to data transaction Download PDFInfo
- Publication number
- CN113343281A CN113343281A CN202110777788.7A CN202110777788A CN113343281A CN 113343281 A CN113343281 A CN 113343281A CN 202110777788 A CN202110777788 A CN 202110777788A CN 113343281 A CN113343281 A CN 113343281A
- Authority
- CN
- China
- Prior art keywords
- otp
- data transaction
- data
- codebook
- plaintext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004364 calculation method Methods 0.000 title claims abstract description 20
- 238000000034 method Methods 0.000 claims abstract description 15
- 230000008901 benefit Effects 0.000 abstract description 5
- 239000003795 chemical substances by application Substances 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000002360 explosive Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention discloses an OTP encryption as a service cloud computing method and system for data transaction, and belongs to the technical field of data security. The method comprises the following steps: establishing an encryption-as-a-service cloud platform, and storing an OTP (one time password) codebook uniquely corresponding to each data transaction party in the cloud platform; the cloud platform decrypts the received encrypted data of the source end data transaction party and then restores the decrypted data into a plaintext, and the plaintext is encrypted by an OTP codebook which is arranged in the cloud platform and uniquely corresponds to the target end data transaction party and then is sent to the target end data transaction party. The system comprises an establishing module, a receiving module and an encrypting module. According to the invention, many-to-many problems of OTP codebook exchange and updating are converted into many-to-one problems through a cloud agent mode, so that the OTP can be applied to the field of data transaction to protect the data security of each transaction party, and the advantages and the disadvantages can be raised.
Description
Technical Field
The invention relates to the technical field of data security, in particular to a data transaction-oriented one-time pad (OTP) encryption and service cloud computing method and system.
Background
Data security is facing an unprecedented challenge. This is because the existing methods for protecting data security are all encryption processing of data, but the encryption algorithms used cannot be proved to be unbreakable, and specific contents can be found on pages 6 and 12 of "applied cryptography" published by mechanical industry publisher 3/1/2003. In other words, such encryption algorithms are only indecipherable within a certain range of available resources and time, even given the infinite number of times and resources, as described in Shannon, Claude (1949), Communication Theory of confidential Systems, Bell System Technical Journal 28(4), 656-.
However, as decryption technology advances and hardware performance increases, the price drops, especially as quantum computers mature, and the security of encryption algorithms becomes more insecure over time.
In the cryptosystem, only OTP is proved to be un-breakable mathematically, and the specific contents are described in U.S. patent 1,310,719, SECRET SIGNALING SYSTEM. Specifically, the method is to encrypt each bit of the plaintext information with a true random key, wherein the length of the key is not less than the length of the plaintext information. Under this methodology, because each bit of plaintext information and the key used are equivalent, a cryptanalyst cannot determine a unique solution regardless of the number of ciphertexts he has. This method is known in cryptography as unconditionally secure. On the other hand, data transaction is the paid or unpaid circulation of "private" data assets, and data security is the core requirement for protecting the asset value of each transaction party. Although the OTP encryption method has a good technical advantage over other encryption algorithms in use, OTP is difficult to apply in the field of real data transaction because:
1. difficulty of exchange and update
In the data transaction scenario, since data transactions are typically dynamic and multi-party (higher value is likely only if data collisions from multiple sources occur), if OTP is applied as a respectiveThe technical means of security guarantee for data transmission of each transaction party needs to have a set of 1-to-1 cipherbooks for each party and other transaction parties, and if N transaction parties exist, N transaction parties need to exist2The true random codebook of the scale can be imagined that as N is increased (namely, the number of parties participating in data transaction is increased), the number and storage of the codebooks will show nonlinear explosive growth, and the storage and the use are not operable in reality.
2. Can not meet the requirements of multi-party transaction under dynamic conditions
Considering that data transaction parties are mostly dynamically matched under the drive of data circulation requirements, and in addition, there is a requirement for multi-party transaction, while the robustness of the OTP algorithm needs to rely on the secure exchange and update of a true random "codebook", it is currently common practice to store the codebook in hardware (e.g. a storage device of a USB interface), and then give the codebook to both data exchange parties in an offline manner, and the update is also performed. In comprehensive consideration, the requirements of offline exchange and password book updating of a plurality of transaction parties under the dynamic conditions are high in cost, poor in timeliness and difficult to meet the technical requirements of data transaction.
Disclosure of Invention
In order to solve the problem that the application of an OTP encryption algorithm in the field of data transaction is difficult, the invention provides a data transaction-oriented OTP encryption-as-a-service cloud computing method, which comprises the following steps:
establishing an encryption as a service cloud platform, and storing an OTP (one time password) codebook uniquely corresponding to each data transaction party in the cloud platform;
and the cloud platform decrypts the received encrypted data of the source end data transaction party and then restores the decrypted data into a plaintext, encrypts the plaintext by using an OTP (one time password) codebook which is arranged in the cloud platform and uniquely corresponds to the target end data transaction party, and then sends the encrypted plaintext to the target end data transaction party.
The steps of the cloud platform decrypting the received encrypted data of the source end data transaction party and then restoring the decrypted data into a plaintext are specifically as follows: and the cloud platform calls an OTP codebook which is arranged in the cloud platform and uniquely corresponds to the source end data transaction party to decrypt the received encrypted data to form a plaintext.
Before the step of encrypting the plaintext by using the built-in OTP codebook which uniquely corresponds to the target data transaction party, the method further comprises the following steps: and encoding the plaintext by using a preset data encoding algorithm.
The cloud platform further comprises an OTP codebook creating and distributing downloading function.
The OTP codebook is stored in the cloud platform by adopting a distributed file system or distributed object storage equipment.
The key used by the source data transaction party to encrypt using its internal OTP codebook is determined using an OTP codebook cursor set.
Before the step of encrypting the plaintext by using the built-in OTP codebook which uniquely corresponds to the target data transaction party, the method further comprises the following steps: and encoding the plaintext by adopting a data encoding service.
And after encrypting the plaintext, the cloud service platform sends the plaintext to a target end data transaction party through an encryption network channel.
The encrypted network is a VPN.
The invention also provides an OTP encryption as a service cloud computing system facing data transaction, which comprises:
the system comprises an establishing module, a data transaction module and a data transaction module, wherein the establishing module is used for establishing an encryption as a service cloud platform and storing an OTP codebook which is uniquely corresponding to each data transaction party in the cloud platform;
the receiving module is used for decrypting the received encrypted data of the source end data transaction party and then restoring the decrypted data into a plaintext;
and the encryption module is used for encrypting the plaintext by using an OTP codebook which is arranged in the cloud platform and uniquely corresponds to the target end data transaction party, and then sending the encrypted plaintext to the target end data transaction party.
According to the data transaction-oriented OTP encryption-as-a-service cloud computing method and system, the many-to-many problem of OTP codebook exchange and updating is converted into the many-to-one problem through the cloud agent mode, so that each transaction party only needs to store one OTP codebook, the storage and updating cost is reduced, the technical difficulty of the OTP codebook exchange and updating of multi-party transaction under the dynamic condition can be greatly reduced, the OTP is applied to the field of data transaction to protect the data security of each transaction party, and the advantages and the disadvantages can be raised.
Drawings
Fig. 1 is a flowchart of an OTP encryption as a service cloud computing method for data transaction according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a data transaction oriented OTP encryption as a service cloud computing method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an OTP encryption as a service cloud computing system for data transaction according to an embodiment of the present invention.
Detailed Description
The technical solution of the present invention is further described below with reference to the accompanying drawings and examples.
Referring to fig. 1, an embodiment of the present invention provides a data transaction-oriented OTP encryption-as-a-service cloud computing method, including the following steps:
step S101: and establishing an encryption-as-a-service cloud platform, and storing an OTP (one time password) codebook uniquely corresponding to each data transaction party in the cloud platform.
The encryption as a Service cloud platform (EaaS) of the embodiment can provide data OTP encryption and decryption services in a data transaction scenario, and the platform has the following functions:
1) OTP encryption and decryption service: the method comprises the steps that a one-to-one OTP codebook preset between a data transaction party and EaaS is used, a received ciphertext (from a source end data transaction party) is decrypted and restored into a plaintext by using the corresponding OTP codebook, and then an appointed OTP key of the data transaction party (appointed when the source end data transaction party requests EaaS service) is used for encrypting and then is sent to a target end data transaction party;
2) OTP codebook storage: the EaaS stores the one-to-one OTP codebook which is unique to each data transaction party, and in consideration of larger storage space occupied by the OTP codebook, in order to ensure the expansion capability of the OTP codebook, distributed storage solutions can be used, such as a distributed file system, distributed object storage equipment and the like;
3) data encoding service: before the EaaS is encrypted again and sent to a designated data transaction party, in order to further protect the data security, a data encoding algorithm preset before (when the OTP codebook is distributed) can be used, the data is encoded and then encrypted and sent out, and a receiving party can decode and restore the data into a final plaintext.
In addition, the EaaS may further include an OTP codebook creating and distributing downloading function, that is, after a new data transaction party joins, a unique OTP codebook needs to be created for the new data transaction party, and then the unique OTP codebook is downloaded to an offline storage device such as a USB for distribution, and the updating process is similar to this. If the OTP codebook created or updated by the third party is used by the EaaS and the data transaction party, the OTP codebook needs to be delivered to the EaaS and the data transaction party respectively, and the updating is performed in the same way.
It should be noted that: the OTP codebook created and stored by EaaS is a unique one-to-one codebook between EaaS and each data transaction party, and there is no mixed sharing. The data transaction part can be accurately called when the data transaction part requests the EaaS service. When the EaaS is established, the management problem of the OTP codebook needs to be considered, that is, it should be avoided that a super administrator checks and downloads the OTP codebook without authorization, which brings a risk of data leakage.
Generally, a plurality of EaaS services may exist in one data transaction domain, and each data transaction party should hold an OTP codebook corresponding to a different EaaS service provider.
Step S102: the source end data transaction party encrypts data by using an OTP (one time password) built in the source end data transaction party and sends the data to the EaaS cloud platform; and the EaaS cloud platform decrypts the received encrypted data and then restores the decrypted data into a plaintext.
Referring to fig. 2, a source data transaction party a encrypts a plaintext by using an OTP codebook (corresponding to EaaS in a one-to-one manner) built therein to form a ciphertext EA(A) Sending the data to an EaaS cloud platform; and after the EaaS cloud platform receives the data, calling the OTP codebook corresponding to the EaaS cloud platform by the data transaction party A, and decrypting the OTP codebook to form a plaintext A.
It should be noted that the data transaction part a uses the key used by its internal OTP pad encryption, and may use the OTP pad cursor set or the like to determine: since the security of the OTP encryption algorithm mainly depends on the true randomness of the OTP codebook as a security guarantee, the encryption function is usually selected to be simple (e.g. and or xor calculation); meanwhile, the OTP key needs to be as long as the encrypted plaintext, so that under the condition that the OTP codebook is kept secret, a vernier or a vernier set based on the OTP key without practical significance (namely, no leakage risk) can be used as the OTP key identifier, and the OTP key as long as the plaintext can be extracted from the OTP codebook through the vernier or the vernier set.
In addition, the ciphertext sent by the data transaction party a can be further transmitted through an encrypted network channel between the ciphertext and the EaaS, for example, a VPN, so that the data security is further guaranteed.
Step S103: the EaaS encrypts the plaintext of the source end data transaction party by using the built-in OTP codebook which is only corresponding to the target end data transaction party, and then sends the encrypted plaintext to the target end data transaction party; and after receiving the ciphertext, the target end data transaction party decrypts the ciphertext by using the built-in OTP key to obtain a plaintext.
Referring to fig. 2, after the EaaS decrypts the ciphertext of the source data transaction party, a plaintext a is obtained; then, according to the OTP codebook preset by the target end data transaction parties B and C in EaaS agreed in the data transaction contract of the source end data transaction party A, encryption is carried out to obtain a ciphertext EC(DC(A))、EB(DB(A) And sends the data to target end data transaction parties B and C, and the specific process is as follows:
1) the method for the EaaS to encrypt by using the OTP codebooks preset by the target data transaction parties B and C (i.e., key selection) is similar to step S102, and details are not repeated here;
2) before the EaaS is encrypted, the plaintext D may be encoded by using data encoding service of the EaaS (similar to the step S101)B(A) And DC(A) Encoded and then re-encrypted to form a ciphertext EC(DC(A))、EB(DB(A) After that, the data is sent to target data transaction parties B and C. Since data encoding techniques are well known in the art, details are not described herein;
3) EaaS sends the ciphertext to the target end data transaction parties B and C, and the ciphertext can be further sent through an encrypted network channel, such as VPN, so that data security is further guaranteed.
4) After receiving the ciphertext sent by the EaaS, the target-end data transaction parties B and C use the built-in data decoding function and the OTP codebook and a decryption key (a vernier set based on the OTP codebook) sent by the EaaS to restore the ciphertext into a plaintext A.
Referring to fig. 3, an embodiment of the present invention further provides a data transaction-oriented OTP encryption as a service cloud computing system, including:
the system comprises an establishing module, a data transaction module and a data transaction module, wherein the establishing module is used for establishing an encryption as a service cloud platform and storing an OTP codebook which is uniquely corresponding to each data transaction party in the cloud platform;
the receiving module is used for decrypting the received encrypted data of the source end data transaction party and then restoring the decrypted data into a plaintext;
and the encryption module is used for encrypting the plaintext by using an OTP codebook which is arranged in the cloud platform and uniquely corresponds to the target end data transaction party, and then sending the encrypted plaintext to the target end data transaction party.
According to the data transaction-oriented OTP encryption-as-a-service cloud computing method and system provided by the embodiment of the invention, the many-to-many problem of OTP codebook exchange and updating is converted into the many-to-one problem through the cloud agent mode, so that each transaction party only needs to store one OTP codebook, the storage and updating cost is reduced, the technical difficulty of the exchange and updating of the OTP codebook for multi-party transaction under a dynamic condition can be greatly reduced, the OTP application in the field of data transaction can be possible to protect the data security of each transaction party, and the advantages and the disadvantages can be raised.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the present invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. An OTP encryption as a service cloud computing method oriented to data transaction is characterized by comprising the following steps:
establishing an encryption as a service cloud platform, and storing an OTP (one time password) codebook uniquely corresponding to each data transaction party in the cloud platform;
and the cloud platform decrypts the received encrypted data of the source end data transaction party and then restores the decrypted data into a plaintext, encrypts the plaintext by using an OTP (one time password) codebook which is arranged in the cloud platform and uniquely corresponds to the target end data transaction party, and then sends the encrypted plaintext to the target end data transaction party.
2. The data transaction-oriented OTP encryption-as-a-service cloud computing method according to claim 1, wherein the step of decrypting the received encrypted data of the source data transaction party and then restoring the decrypted data into a plaintext by the cloud platform specifically comprises: and the cloud platform calls an OTP codebook which is arranged in the cloud platform and uniquely corresponds to the source end data transaction party to decrypt the received encrypted data to form a plaintext.
3. The data transaction oriented OTP encryption as a service cloud computing method according to claim 2, wherein before the step of encrypting the plaintext by using the OTP codebook which is embedded therein and uniquely corresponds to the target data transaction party, the method further comprises: and encoding the plaintext by using a preset data encoding algorithm.
4. The data transaction oriented OTP encryption as a service cloud computing method according to claim 3, wherein the cloud platform further comprises OTP codebook creation and distribution download function.
5. The data transaction oriented OTP encryption as a service cloud computing method according to claim 4, wherein the OTP codebook is stored inside the cloud platform by using a distributed file system or a distributed object storage device.
6. The data transaction oriented OTP encryption as a service cloud computing method according to claim 5, wherein the key used by the source data transaction part to encrypt using its internal OTP codebook is determined by using an OTP codebook vernier set.
7. The data transaction oriented OTP encryption as a service cloud computing method according to claim 6, wherein before the step of encrypting the plaintext by using the OTP codebook which is embedded therein and uniquely corresponds to the target data transaction party, the method further comprises: and encoding the plaintext by adopting a data encoding service.
8. The data transaction oriented OTP encryption as a service cloud computing method as claimed in claim 7, wherein the cloud service platform encrypts the plaintext and sends the encrypted plaintext to the target data transaction party through an encrypted network channel.
9. The data transaction oriented OTP encryption as a service cloud computing method according to claim 7, wherein the encryption network is a VPN.
10. An OTP encryption as a service cloud computing system oriented to data transaction, comprising:
the system comprises an establishing module, a data transaction module and a data transaction module, wherein the establishing module is used for establishing an encryption as a service cloud platform and storing an OTP codebook which is uniquely corresponding to each data transaction party in the cloud platform;
the receiving module is used for decrypting the received encrypted data of the source end data transaction party and then restoring the decrypted data into a plaintext;
and the encryption module is used for encrypting the plaintext by using an OTP codebook which is arranged in the cloud platform and uniquely corresponds to the target end data transaction party, and then sending the encrypted plaintext to the target end data transaction party.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110777788.7A CN113343281A (en) | 2021-07-09 | 2021-07-09 | OTP encryption as a service cloud computing method and system oriented to data transaction |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110777788.7A CN113343281A (en) | 2021-07-09 | 2021-07-09 | OTP encryption as a service cloud computing method and system oriented to data transaction |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113343281A true CN113343281A (en) | 2021-09-03 |
Family
ID=77479296
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110777788.7A Pending CN113343281A (en) | 2021-07-09 | 2021-07-09 | OTP encryption as a service cloud computing method and system oriented to data transaction |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113343281A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101986663A (en) * | 2010-11-29 | 2011-03-16 | 北京卓微天成科技咨询有限公司 | OTP-based cloud storage data storing method, device and system |
| CN102064936A (en) * | 2010-11-29 | 2011-05-18 | 北京卓微天成科技咨询有限公司 | Data encryption and decryption methods and devices |
| CN112202768A (en) * | 2020-09-29 | 2021-01-08 | 四川长虹网络科技有限责任公司 | Data encryption method, device and system and readable storage medium |
| CN112532567A (en) * | 2019-09-19 | 2021-03-19 | 中国移动通信集团湖南有限公司 | Transaction encryption method and POSP system |
-
2021
- 2021-07-09 CN CN202110777788.7A patent/CN113343281A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101986663A (en) * | 2010-11-29 | 2011-03-16 | 北京卓微天成科技咨询有限公司 | OTP-based cloud storage data storing method, device and system |
| CN102064936A (en) * | 2010-11-29 | 2011-05-18 | 北京卓微天成科技咨询有限公司 | Data encryption and decryption methods and devices |
| CN112532567A (en) * | 2019-09-19 | 2021-03-19 | 中国移动通信集团湖南有限公司 | Transaction encryption method and POSP system |
| CN112202768A (en) * | 2020-09-29 | 2021-01-08 | 四川长虹网络科技有限责任公司 | Data encryption method, device and system and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10903994B2 (en) | Many-to-many symmetric cryptographic system and method | |
| Kumar et al. | Secure storage and access of data in cloud computing | |
| US7454021B2 (en) | Off-loading data re-encryption in encrypted data management systems | |
| JP6363032B2 (en) | Key change direction control system and key change direction control method | |
| CN113162752B (en) | Data processing method and device based on hybrid homomorphic encryption | |
| CN109800588B (en) | Dynamic bar code encryption method and device and dynamic bar code decryption method and device | |
| KR101615137B1 (en) | Data access method based on attributed | |
| WO2012161417A1 (en) | Method and device for managing the distribution of access rights in a cloud computing environment | |
| JP2020532177A (en) | Computer-implemented systems and methods for advanced data security, high-speed encryption, and transmission | |
| WO2017126571A1 (en) | Ciphertext management method, ciphertext management device, and program | |
| US20240063999A1 (en) | Multi-party cryptographic systems and methods | |
| Gunasekaran et al. | A review on enhancing data security in cloud computing using rsa and aes algorithms | |
| JP2006279269A (en) | Information management device, information management system, network system, user terminal, and their programs | |
| CN103916237A (en) | Method and system for managing user encrypted-key retrieval | |
| CN111010386B (en) | Privacy protection and data supervision control method based on shared account book | |
| CN111488618B (en) | Block chain-based one-time pad encryption method, device and storage medium | |
| CN113343281A (en) | OTP encryption as a service cloud computing method and system oriented to data transaction | |
| Bacis et al. | Mix&slice for Efficient Access Revocation on Outsourced Data | |
| Devaki | Re-encryption model for multi-block data updates in network security | |
| CN109302287A (en) | Message forwarding method and system | |
| TWI835684B (en) | Backup system and backup method for instant messaging service data | |
| CN116866029B (en) | Random number encryption data transmission method, device, computer equipment and storage medium | |
| EP1830299A2 (en) | Digital rights management system with diversified content protection process | |
| US20240163080A1 (en) | System and method for distribution of key generation data in a secure network | |
| Kwofie et al. | Cloud Security: Using Advance Encryption Standard Algorithm to Secure Cloud data at Client Side and Taking Measures to protect its Secrecy |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |