CN114372284A - User data protection method for security computer - Google Patents
User data protection method for security computer Download PDFInfo
- Publication number
- CN114372284A CN114372284A CN202210031762.2A CN202210031762A CN114372284A CN 114372284 A CN114372284 A CN 114372284A CN 202210031762 A CN202210031762 A CN 202210031762A CN 114372284 A CN114372284 A CN 114372284A
- Authority
- CN
- China
- Prior art keywords
- data
- time information
- user data
- time
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
- G06F7/588—Random number generators, i.e. based on natural stochastic processes
Abstract
The invention is applicable to the technical field of computers, and particularly relates to a user data protection method of a security computer, which comprises the following steps: acquiring user data and intercepting data stream from a computer; generating a random number sequence and first time information, and uploading a data stream and the first time information to a cloud terminal; inquiring a preset encryption function database, and calling a corresponding encryption function; and encrypting the user data to obtain encrypted data, generating second time information, storing the encrypted data, and uploading the second time information to the cloud. The invention intercepts the data flow generated by the computer to form a random number sequence, and selects the encryption function by using the random number sequence to ensure that the encryption function is randomly selected, so that the user data can be periodically rewritten by using the randomly selected encryption function to change the actual content of the user data, and at the moment, even if the user data is leaked, the data cannot be directly used, thereby having higher safety.
Description
Technical Field
The invention belongs to the technical field of computers, and particularly relates to a user data protection method of a security computer.
Background
With the development and progress of society, computers have spread over various areas of life. However, with the popularity of computers, computer security has become a concern. The most important of computer security is the security of stored data, and the main threats facing the security include: computer viruses, illegal access, computer electromagnetic radiation, hardware damage, etc.
Illegal access means that a pirate embezzles or forges a legal identity, enters a computer system, privately extracts data in the computer or modifies, transfers, copies and the like. The prevention method is to add a software system security mechanism to prevent a thief from entering the system with a legal identity. For example, the identification of the mark of a legal user is added, a password is added, different authorities are stipulated for the user, and the user cannot freely access a data area which is not accessed. And secondly, data are encrypted, so that even if a thief enters the system and does not have a secret key, the thief cannot read the data. Setting operation log in computer to record the read, write and modify of important data automatically.
In the prior art, although certain security can be provided for a computer, data is still stolen, once the data is stolen, a thief can freely use the stolen data, so that user data is leaked, and the security is not strong enough.
Disclosure of Invention
An embodiment of the present invention is directed to provide a method for protecting user data of a secure computer, and aims to solve the problem in the third part of the background art.
The embodiment of the invention is realized in such a way that a user data protection method of a security computer comprises the following steps:
acquiring user data and intercepting data stream from a computer;
generating a random number sequence and first time information according to the data stream, and uploading the data stream and the first time information to a cloud end, wherein the first time information records the time of generating the random number sequence;
inquiring a preset encryption function database according to the random number sequence, and calling a corresponding encryption function from the encryption function database;
and encrypting the user data according to the encryption function to obtain encrypted data, generating second time information, storing the encrypted data, and uploading the second time information to the cloud, wherein the second time information records the time of encryption.
Preferably, the step of acquiring the user data and intercepting the data stream from the computer specifically includes:
acquiring user data, wherein the user data comprises private data which is generated by a user account and belongs to a user person;
generating a random number according to a preset random function, and selecting a data stream type according to the random number;
and intercepting the data stream of the corresponding type in the computer according to the selected data stream type.
Preferably, the step of generating the random number sequence and the first time information according to the data stream, and uploading the data stream and the first time information to the cloud includes:
splicing the data streams according to a time sequence to form a random number sequence;
recording the time for forming the random number sequence and generating first time information;
and uploading the data stream and the first time information to a cloud end, wherein the first time information is transmitted in an encrypted manner.
Preferably, the encrypting the user data according to the encryption function to obtain encrypted data and generate second time information, storing the encrypted data, and uploading the second time information to the cloud specifically includes:
calling user data, and encrypting the user data through an encryption function to generate encrypted data;
recording the time of encryption processing, and generating second time information, wherein the time recorded by the second time information is the time when the encryption processing is started;
and independently encrypting the second time information, and uploading the encrypted second time information to the cloud.
Preferably, the method further includes a step of reading user data, specifically including:
the cloud end constructs a cloud end number sequence with time characteristics according to the first time information and the data stream;
intercepting the encrypted sequence from the cloud sequence according to the second time information and the first time information;
and calling an encryption function preset in an encryption function database at the cloud end according to the encryption sequence, and completing decryption of the encrypted data.
Preferably, the encryption functions in the encryption function database are updated periodically.
Preferably, the first time information and the second time information have the same precision.
It is another object of an embodiment of the present invention to provide a user data protection system for a secure computer, the system including:
the data acquisition module is used for acquiring user data and intercepting a data stream from a computer;
the data stream generating module is used for generating a random number sequence and first time information according to the data stream, uploading the data stream and the first time information to the cloud, and recording the time of generating the random number sequence by the first time information;
the data calling module is used for inquiring a preset encryption function database according to the random number sequence and calling a corresponding encryption function from the encryption function database;
the data encryption module is used for encrypting the user data according to the encryption function to obtain encrypted data, generating second time information, storing the encrypted data, and uploading the second time information to the cloud, wherein the second time information records the time of encryption.
Preferably, the data acquisition module includes:
the information acquisition unit is used for acquiring user data, wherein the user data comprises private data which are generated by a user account and belong to a user individual;
the random unit is used for generating a random number according to a preset random function and selecting a data stream type according to the random number;
and the data interception unit is used for intercepting the data stream of the corresponding type in the computer according to the selected data stream type.
Preferably, the number sequence generating module includes:
the data splicing unit is used for splicing the data streams according to a time sequence so as to form a random number sequence;
a first time recording unit for recording a time for forming a random number sequence and generating first time information;
the first data uploading unit is used for uploading data streams and first time information to a cloud end, and the first time information is transmitted in an encrypted mode.
Preferably, the data encryption module includes:
the information calling unit is used for calling user data and encrypting the user data through an encryption function to generate encrypted data;
the second time recording unit is used for recording the time of encryption processing and generating second time information, wherein the time recorded by the second time information is the time for starting the encryption processing;
and the second data uploading unit is used for independently encrypting the second time information and uploading the encrypted second time information to the cloud.
Preferably, the system further comprises a data recovery module, comprising:
the cloud number sequence construction unit is used for constructing a cloud number sequence with time characteristics according to the first time information and the data stream by the cloud;
the encrypted sequence generating unit is used for intercepting the encrypted sequence from the cloud sequence according to the second time information and the first time information;
and the data decryption unit is used for calling an encryption function preset in an encryption function database at the cloud end according to the encryption sequence and completing decryption of the encrypted data.
According to the user data protection method for the security computer provided by the embodiment of the invention, a random number sequence is formed by intercepting a data stream generated by the computer, and the random number sequence is used for selecting the encryption function to ensure that the encryption function is randomly selected, so that the user data can be periodically rewritten by using the randomly selected encryption function, the actual content of the user data is changed, and at the moment, even if the user data is leaked, the data cannot be directly used, and the security is higher.
Drawings
Fig. 1 is a flowchart of a user data protection method for a secure computer according to an embodiment of the present invention;
FIG. 2 is a flowchart of the steps for obtaining user data and intercepting data streams from a computer according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating steps of generating a random number sequence and first time information according to a data stream, and uploading the data stream and the first time information to a cloud according to an embodiment of the present invention;
fig. 4 is a flowchart illustrating steps of encrypting user data according to an encryption function, obtaining encrypted data, generating second time information, storing the encrypted data, and uploading the second time information to a cloud according to the embodiment of the present invention;
FIG. 5 is a flowchart of steps for reading user data according to an embodiment of the present invention;
FIG. 6 is an architecture diagram of a user data protection system of a secure computer according to an embodiment of the present invention;
FIG. 7 is an architecture diagram of a data acquisition module provided by an embodiment of the present invention;
FIG. 8 is an architecture diagram of a sequence generation module provided in an embodiment of the present invention;
FIG. 9 is an architecture diagram of a data encryption module provided by an embodiment of the present invention;
fig. 10 is an architecture diagram of a data recovery module according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
It will be understood that the terms "first," "second," and the like, as used herein, may be used herein to describe various elements, but these elements are not limited by these terms unless otherwise specified. These terms are only used to distinguish one element from another. For example, a first xx script may be referred to as a second xx script, and similarly, a second xx script may be referred to as a first xx script, without departing from the scope of the present application.
Illegal access means that a pirate embezzles or forges a legal identity, enters a computer system, privately extracts data in the computer or modifies, transfers, copies and the like. The prevention method is to add a software system security mechanism to prevent a thief from entering the system with a legal identity. For example, the identification of the mark of a legal user is added, a password is added, different authorities are stipulated for the user, and the user cannot freely access a data area which is not accessed. And secondly, data are encrypted, so that even if a thief enters the system and does not have a secret key, the thief cannot read the data. Setting operation log in computer to record the read, write and modify of important data automatically. In the prior art, although certain security can be provided for a computer, data is still stolen, once the data is stolen, a thief can freely use the stolen data, so that user data is leaked, and the security is not strong enough.
The invention intercepts the data flow generated by the computer to form a random number sequence, and selects the encryption function by using the random number sequence to ensure that the encryption function is randomly selected, so that the user data can be periodically rewritten by using the randomly selected encryption function to change the actual content of the user data, and at the moment, even if the user data is leaked, the data cannot be directly used, thereby having higher safety.
As shown in fig. 1, a flowchart of a method for protecting user data of a secure computer according to an embodiment of the present invention is provided, where the method includes:
s100, acquiring user data and intercepting data flow from a computer.
In this step, user data is obtained, where the user data is private data that is generated by a user account and belongs to a user person, and the data stream is data generated by a computer in an operation process, and may be network data transmitted through a network or data stream output as information, for example, a video data stream output to a display device by using a computer device, and the data stream is intercepted in the process.
S200, generating a random number sequence and first time information according to the data stream, and uploading the data stream and the first time information to a cloud end, wherein the first time information records the time of generating the random number sequence.
In this step, a random number sequence and first time information are generated according to a data stream, and since the data stream is randomly generated in the running process of the computer, the data stream obtained by intercepting is also random, so as to achieve the purpose of generating the random number sequence.
S300, inquiring a preset encryption function database according to the random number sequence, and calling a corresponding encryption function from the encryption function database.
In this step, the preset encryption function database is queried according to the random number sequence, because a true random number sequence is formed, the encryption function selected according to the random number sequence is completely random, a large number of encryption functions are stored in the encryption database, and the encryption functions in the encryption function database are periodically updated to ensure the encryption security.
S400, encrypting the user data according to the encryption function to obtain encrypted data, generating second time information, storing the encrypted data, and uploading the second time information to a cloud, wherein the second time information records the time of encryption.
In this step, the user data is encrypted by the encryption function, and the time of the encryption is recorded during the encryption, specifically, the second time information records the time of the encryption, the same first time information records the time of the random number sequence generation, and then the encrypted data is stored in the computer, because the user data is encrypted by the encryption function, the content contained in the encrypted data is directly changed, the user data cannot be obtained by directly copying the encrypted data, the corresponding encryption function needs to be found for decryption, and the number of the encryption functions is very large, and is randomly selected, so that it is very unlikely that the investigation and cracking will be performed in a short time, and moreover, the encryption process can be carried out periodically, the data security is further improved, and the second time information is uploaded to the cloud.
As shown in fig. 2, as a preferred embodiment of the present invention, the step of acquiring user data and intercepting a data stream from a computer specifically includes:
s101, user data is obtained, and the user data comprises private data which are generated by a user account and belong to a user person.
In this step, user data is obtained, where the user data includes private data generated by a user account and belonging to a user individual, such as account information of the user, personal data generated during use, data transmission information, or authentication information.
S102, generating a random number according to a preset random function, and selecting a data stream type according to the random number.
In this step, a random number is generated according to a preset random function, and since there are many data streams in the computer, in order to further improve the randomness, the random number is generated in a random function manner, so as to assist in completing the selection of the data stream type, for example, in a total of 5 data stream types available in the computer, which are ABCDE, any one primary and secondary in the ABCDE are randomly generated by using the random function, so as to determine the corresponding random function.
S103, intercepting the data stream of the corresponding type in the computer according to the selected data stream type.
In this step, the data stream of the corresponding type in the computer is intercepted according to the selected data stream type, specifically, the interception may be performed according to a preset time step, for example, the time step is set to 1 second, and the size of the preset data is intercepted from the data stream of the corresponding type every second, which may be one byte.
As shown in fig. 3, as a preferred embodiment of the present invention, the step of generating a random number sequence and first time information according to a data stream, and uploading the data stream and the first time information to a cloud includes:
s201, splicing the data streams according to the time sequence to form a random number sequence.
In this step, data streams are spliced in time sequence to form a random number sequence, specifically, the random number sequence is set to N bytes, four bytes are taken as an example, the random number sequence is abcd, the latest intercepted data stream is e, the new random number sequence is eabc, the last byte of the random number sequence is deleted each time, and the latest data stream is taken as the first byte to form the random number sequence.
S202, recording the time of forming the random number sequence and generating first time information.
S203, uploading data stream and first time information to a cloud end, wherein the first time information is transmitted in an encrypted mode.
In this step, the time of forming the random number sequence is recorded, first time information is generated, the first time information is uploaded to the cloud, the data stream is also uploaded to the cloud, the data stream and the first time information are required to be used as the basis for decrypting and encrypting data in the cloud, and the first time information can be encrypted and transmitted for ensuring the safety.
As shown in fig. 4, as a preferred embodiment of the present invention, the encrypting the user data according to the encryption function to obtain encrypted data and generate second time information, storing the encrypted data, and uploading the second time information to the cloud specifically includes:
s401, user data is called, and the user data is encrypted through an encryption function to generate encrypted data.
In this step, user data is called, and a preset data group is input into the encryption function, so that a corresponding encrypted data segment is generated, a mapping relationship exists between the input data group and the output encrypted data segment, and data included in the user data and coincident with the data group is replaced by the corresponding encrypted data segment according to the mapping relationship, so that encrypted data is obtained.
And S402, recording the time of the encryption processing, and generating second time information, wherein the time recorded by the second time information is the time when the encryption processing is started.
And S403, independently encrypting the second time information, and uploading the encrypted second time information to a cloud.
In this step, the time for performing the encryption processing is recorded, and second time information is generated, where the time recorded by the second time information is the time when the encryption processing is started, and in order to ensure the security of the second time information, the second time information is also encrypted and then uploaded to the cloud.
As shown in fig. 5, as a preferred embodiment of the present invention, the method further includes a step of reading user data, specifically including:
s501, the cloud end constructs a cloud end number sequence with time characteristics according to the first time information and the data stream.
In this step, the cloud establishes a cloud number sequence with time characteristics according to the first time information and the data stream, specifically, the cloud establishes the cloud number sequence at the cloud, the length of the cloud number sequence is greater than the length of the random number sequence, and can be three times of the random number sequence, and each data stream in the cloud number sequence has time characteristics, so that the time of each data stream can be known.
And S502, intercepting the encrypted sequence from the cloud sequence according to the second time information and the first time information.
And S503, calling an encryption function preset in an encryption function database at the cloud end according to the encryption sequence, and completing decryption of the encrypted data.
In this step, the encrypted sequence is intercepted from the cloud sequence according to the second time information and the first time information, specifically, the encrypted data can be decrypted by an encryption function corresponding to the second time information, so that the encrypted sequence in which the first time information and the second time information are coincident in the cloud sequence is inquired according to the second time information, the encrypted sequence is intercepted, an encryption function preset in an encryption function database at the cloud end is called according to the encrypted sequence, and decryption of the encrypted data is completed; the first time information and the second time information have the same precision.
As shown in fig. 6, a user data protection system for a secure computer according to an embodiment of the present invention includes:
the data acquisition module 100 is used for acquiring user data and intercepting data streams from a computer.
In the system, the data obtaining module 100 obtains user data, where the user data is private data generated by a user account and belonging to a user, and the data stream is data generated during the operation of a computer, and may be network data transmitted through a network or data stream output as information.
The sequence generating module 200 is configured to generate a random sequence and first time information according to a data stream, and upload the data stream and the first time information to a cloud, where the first time information records a time when the random sequence is generated.
In the system, the sequence generation module 200 generates a random sequence and first time information according to a data stream, and since the data stream is randomly generated in the running process of the computer, the data stream obtained by intercepting the data stream is also random, so as to achieve the purpose of generating the random sequence.
The data retrieving module 300 is configured to query a preset encryption function database according to the random number sequence, and retrieve a corresponding encryption function from the encryption function database.
In the present system, the data retrieving module 300 queries the preset encryption function database according to the random number sequence, because a true random number sequence is formed, the encryption function selected according to the random number sequence is also completely random, and a large number of encryption functions are stored in the encryption database, and the encryption functions in the encryption function database are also updated periodically, so as to ensure the security of encryption.
The data encryption module 400 is configured to encrypt the user data according to the encryption function, obtain encrypted data, generate second time information, store the encrypted data, and upload the second time information to the cloud, where the second time information records a time of the encryption.
In the present system, the data encryption module 400 performs encryption processing on user data using an encryption function, and recording the time of encryption processing during encryption, specifically, recording the time of encryption processing by the second time information, recording the time of random number sequence generation by the same first time information, then storing the encrypted data in the computer, because the user data is encrypted by the encryption function, the content contained in the encrypted data is directly changed, the user data cannot be obtained by directly copying the encrypted data, the corresponding encryption function needs to be found for decryption, and the number of the encryption functions is very large, and is randomly selected, so that it is very unlikely that the investigation and cracking will be performed in a short time, and moreover, the encryption process can be carried out periodically, the data security is further improved, and the second time information is uploaded to the cloud.
As shown in fig. 7, as a preferred embodiment of the present invention, the data obtaining module 100 includes:
an information obtaining unit 101 is configured to obtain user data, where the user data includes private data generated by a user account and belonging to a user person.
In this module, the information acquiring unit 101 acquires user data including private data generated by a user account and belonging to a user individual, such as account information of the user, generated personal data during use, data transmission information, authentication information, or the like.
The random unit 102 is configured to generate a random number according to a preset random function, and select a data stream type according to the random number.
In this module, the random unit 102 generates a random number according to a preset random function, and since there are many data streams in the computer, in order to further improve the randomness, the random number is generated by using a random function, thereby assisting in completing the selection of the data stream type.
And the data interception unit 103 is used for intercepting the data stream of the corresponding type in the computer according to the selected data stream type.
In this module, the data intercepting unit 103 intercepts the data stream of the corresponding type in the computer according to the selected data stream type, specifically, the intercepting may be performed according to a preset time step, for example, the time step is set to 1 second, and the size of the preset data is intercepted from the data stream of the corresponding type every second, which may be one byte.
As shown in fig. 8, as a preferred embodiment of the present invention, the sequence generating module 200 includes:
a data splicing unit 201, configured to splice data streams in a time sequence, so as to form a random number sequence.
In this module, the data splicing unit 201 splices the data streams in time sequence to form a random number sequence, specifically, sets the random number sequence to N bytes, deletes the last byte of the random number sequence each time, and forms the random number sequence with the latest data stream as the first byte.
A first time recording unit 202 for recording the time of forming the random number sequence and generating first time information.
The first data uploading unit 203 is configured to upload a data stream and first time information to the cloud, where the first time information is encrypted for transmission.
In this module, the record forms the time of random number array, and generates first time information, and first time information uploads to the high in the clouds, and the dataflow also uploads to the high in the clouds, need encrypt the basis of data with dataflow and first time information as the deciphering encryption data in the high in the clouds, can encrypt the transmission with first time information in order to guarantee the security.
As shown in fig. 9, as a preferred embodiment of the present invention, the data encryption module 400 includes:
an information retrieving unit 401 is configured to retrieve user data, and perform encryption processing on the user data through an encryption function to generate encrypted data.
In this module, an information retrieving unit 401 retrieves user data and inputs a preset data group into an encryption function, so as to generate a corresponding encrypted data segment, where there is a mapping relationship between the input data group and the output encrypted data segment, and data included in the user data and coinciding with the data group is replaced with the corresponding encrypted data segment according to the mapping relationship, so as to obtain encrypted data.
A second time recording unit 402, configured to record the time for performing the encryption processing, and generate second time information, where the time recorded by the second time information is a time when the encryption processing starts.
The second data uploading unit 403 is configured to independently encrypt the second time information, and upload the encrypted second time information to the cloud.
In the module, the time for encryption processing is recorded, second time information is generated, the time recorded by the second time information is the moment for starting encryption processing, and in order to ensure the safety of the second time information, the second time information is also encrypted and then uploaded to the cloud.
As shown in fig. 10, as a preferred embodiment of the present invention, the system further includes a data recovery module 500, including:
the cloud number sequence constructing unit 501 is configured to construct a cloud number sequence with a time characteristic according to the first time information and the data stream.
In this module, the cloud number sequence constructing unit 501 constructs a cloud number sequence with time characteristics according to the first time information and the data stream, specifically, the cloud number sequence is established at the cloud, the length of the cloud number sequence is greater than that of the random number sequence, and can be three times that of the random number sequence, and each data stream in the cloud number sequence has time characteristics, so that the time generated by each data stream can be known.
The encrypted sequence generating unit 502 is configured to intercept the encrypted sequence from the cloud sequence according to the second time information and the first time information.
The data decryption unit 503 is configured to invoke an encryption function preset in an encryption function database at the cloud according to the encryption sequence, and complete decryption of the encrypted data.
In the module, an encrypted sequence is intercepted from a cloud sequence according to second time information and first time information, specifically, an encryption function corresponding to the second time information can decrypt encrypted data, so that the encrypted sequence with the first time information and the second time information superposed in the cloud sequence is inquired according to the second time information, intercepted, an encryption function preset in an encryption function database of the cloud is called according to the encrypted sequence, and decryption of the encrypted data is completed; the first time information and the second time information have the same precision.
It should be understood that, although the steps in the flowcharts of the embodiments of the present invention are shown in sequence as indicated by the arrows, the steps are not necessarily performed in sequence as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in various embodiments may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a non-volatile computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the program is executed. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (7)
1. A method of user data protection for a secure computer, the method comprising:
acquiring user data and intercepting data stream from a computer;
generating a random number sequence and first time information according to the data stream, and uploading the data stream and the first time information to a cloud end, wherein the first time information records the time of generating the random number sequence;
inquiring a preset encryption function database according to the random number sequence, and calling a corresponding encryption function from the encryption function database;
and encrypting the user data according to the encryption function to obtain encrypted data, generating second time information, storing the encrypted data, and uploading the second time information to the cloud, wherein the second time information records the time of encryption.
2. The method for protecting user data of a secure computer according to claim 1, wherein the step of obtaining user data and intercepting a data stream from the computer specifically comprises:
acquiring user data, wherein the user data comprises private data which is generated by a user account and belongs to a user person;
generating a random number according to a preset random function, and selecting a data stream type according to the random number;
and intercepting the data stream of the corresponding type in the computer according to the selected data stream type.
3. The method for protecting user data of a security computer according to claim 1, wherein the step of generating a random number sequence and first time information according to a data stream and uploading the data stream and the first time information to a cloud includes:
splicing the data streams according to a time sequence to form a random number sequence;
recording the time for forming the random number sequence and generating first time information;
and uploading the data stream and the first time information to a cloud end, wherein the first time information is transmitted in an encrypted manner.
4. The method for protecting user data of a security computer according to claim 1, wherein the encrypting the user data according to the encryption function to obtain encrypted data and generate second time information, storing the encrypted data, and uploading the second time information to the cloud specifically includes:
calling user data, and encrypting the user data through an encryption function to generate encrypted data;
recording the time of encryption processing, and generating second time information, wherein the time recorded by the second time information is the time when the encryption processing is started;
and independently encrypting the second time information, and uploading the encrypted second time information to the cloud.
5. The method for protecting user data of a secure computer according to claim 1, further comprising a step of reading user data, specifically comprising:
the cloud end constructs a cloud end number sequence with time characteristics according to the first time information and the data stream;
intercepting the encrypted sequence from the cloud sequence according to the second time information and the first time information;
and calling an encryption function preset in an encryption function database at the cloud end according to the encryption sequence, and completing decryption of the encrypted data.
6. The method of claim 1, wherein the cryptographic functions in the cryptographic function database are updated periodically.
7. The method of claim 1, wherein the first time information is the same precision as the second time information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210031762.2A CN114372284A (en) | 2022-01-12 | 2022-01-12 | User data protection method for security computer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210031762.2A CN114372284A (en) | 2022-01-12 | 2022-01-12 | User data protection method for security computer |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114372284A true CN114372284A (en) | 2022-04-19 |
Family
ID=81144457
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210031762.2A Withdrawn CN114372284A (en) | 2022-01-12 | 2022-01-12 | User data protection method for security computer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114372284A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115987698A (en) * | 2023-03-22 | 2023-04-18 | 深圳市移联通信技术有限责任公司 | GPS positioning information encryption transmission method and system |
| CN116776346A (en) * | 2023-06-08 | 2023-09-19 | 南京师范大学常州创新发展研究院 | Data security management system |
-
2022
- 2022-01-12 CN CN202210031762.2A patent/CN114372284A/en not_active Withdrawn
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115987698A (en) * | 2023-03-22 | 2023-04-18 | 深圳市移联通信技术有限责任公司 | GPS positioning information encryption transmission method and system |
| CN116776346A (en) * | 2023-06-08 | 2023-09-19 | 南京师范大学常州创新发展研究院 | Data security management system |
| CN116776346B (en) * | 2023-06-08 | 2024-03-05 | 南京师范大学常州创新发展研究院 | Data security management system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8571220B2 (en) | Method and apparatus for securing data in a memory device | |
| US7313694B2 (en) | Secure file access control via directory encryption | |
| CN114372284A (en) | User data protection method for security computer | |
| JP2015504222A (en) | Data protection method and system | |
| WO2022028289A1 (en) | Data encryption method and apparatus, data decryption method and apparatus, terminal, and storage medium | |
| CN105338119A (en) | Electronic evidence fixing security system based on cloud storage | |
| US20220014367A1 (en) | Decentralized computing systems and methods for performing actions using stored private data | |
| CN105338120A (en) | Electronic evidence fixing security method based on cloud storage | |
| US20120096280A1 (en) | Secured storage device with two-stage symmetric-key algorithm | |
| KR20180031584A (en) | Memory system and binding method between the same and host | |
| CN115314321B (en) | Searchable encryption method based on block chain without need of secure channel | |
| KR20220092811A (en) | Method and device for storing encrypted data | |
| CN103379133A (en) | Safe and reliable cloud storage system | |
| JP7235941B2 (en) | Information management system and method | |
| JP2022531538A (en) | Cryptographic system | |
| JP4338185B2 (en) | How to encrypt / decrypt files | |
| Venkatesh et al. | Secure authorised deduplication by using hybrid cloud approach | |
| JP7086163B1 (en) | Data processing system | |
| US11568070B2 (en) | Secure access control processes | |
| WO2023223606A1 (en) | Data management system and data management method | |
| CN117938546B (en) | Verification and data access method of electronic account | |
| CN111835783B (en) | Data retrieval method and device and computer equipment | |
| US20130036474A1 (en) | Method and Apparatus for Secure Data Representation Allowing Efficient Collection, Search and Retrieval | |
| CN117834114A (en) | Data encryption transmission method, device and storage medium based on block chain | |
| CN113312650A (en) | Transaction log privacy protection method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20220419 |
|
| WW01 | Invention patent application withdrawn after publication |