CN114430351B - Distributed database node secure communication method and system - Google Patents

Distributed database node secure communication method and system Download PDF

Info

Publication number
CN114430351B
CN114430351B CN202210352713.9A CN202210352713A CN114430351B CN 114430351 B CN114430351 B CN 114430351B CN 202210352713 A CN202210352713 A CN 202210352713A CN 114430351 B CN114430351 B CN 114430351B
Authority
CN
China
Prior art keywords
data
information
source
important
distributed database
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210352713.9A
Other languages
Chinese (zh)
Other versions
CN114430351A (en
Inventor
骆彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Fast Cube Technology Co ltd
Original Assignee
Beijing Fast Cube Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Fast Cube Technology Co ltd filed Critical Beijing Fast Cube Technology Co ltd
Priority to CN202210352713.9A priority Critical patent/CN114430351B/en
Publication of CN114430351A publication Critical patent/CN114430351A/en
Application granted granted Critical
Publication of CN114430351B publication Critical patent/CN114430351B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/146Tracing the source of attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a distributed database node secure communication method and a system, wherein the method comprises the following steps: acquiring first data information, wherein the first data information needs to be communicated and transmitted in distributed nodes in a first distributed database; performing source tracing analysis on each part of data in the first data information to obtain a plurality of source information; performing source importance analysis on the source information to obtain source important information; according to the source important information, performing data blocking on the first data information to obtain a plurality of data blocks; respectively encrypting a plurality of data blocks according to a plurality of source important information to obtain a plurality of encrypted information; and respectively carrying out communication transmission on the plurality of data blocks in the first distributed database by adopting a plurality of pieces of encryption information.

Description

Distributed database node secure communication method and system
Technical Field
The invention relates to the technical field of distributed data storage, in particular to a distributed database node secure communication method and system.
Background
The distributed database is developed and obtained based on a centralized database and comprises a plurality of distributed database nodes, and data communication transmission can be performed among the nodes to ensure the stability of the database.
Data transmission between nodes of the distributed database needs to be carried out on the nodes with the corresponding authorities by determining whether each node has the corresponding authority, so that the safety of data stored in each node is ensured.
In the prior art, data communication transmission in a node is generally performed by judging whether a related node has an authority, and in the higher security requirement, the technical problem of lower communication security of a distributed database node exists.
Disclosure of Invention
The application provides a method and a system for safe communication of distributed database nodes, which are used for solving the technical problem that the communication safety between the nodes is low in the distributed database nodes in the prior art.
In view of the foregoing problems, the present application provides a method and a system for secure communication of distributed database nodes.
In a first aspect of the present application, a method for secure communication of distributed database nodes is provided, where the method includes: acquiring first data information, wherein the first data information needs to be communicated and transmitted in distributed nodes in a first distributed database; performing source tracing analysis on each part of data in the first data information to obtain a plurality of source information; performing source importance analysis on the source information to obtain source important information; according to the source important information, performing data blocking on the first data information to obtain a plurality of data blocks; respectively encrypting the data blocks according to the source important information to obtain a plurality of encrypted information; and respectively carrying out communication transmission on the plurality of data blocks in the first distributed database by adopting the plurality of encrypted information.
In a second aspect of the present application, there is provided a distributed database node secure communication system, the system including: the first obtaining unit is configured to obtain first data information, where the first data information needs to be transmitted in a communication manner in distributed nodes in a first distributed database; the first processing unit is used for performing source tracing analysis on each part of data in the first data information to obtain a plurality of source information; the second processing unit is used for carrying out source importance analysis on the source information to obtain source important information; a third processing unit, configured to perform data blocking on the first data information according to the source important information to obtain a plurality of data blocks; a fourth processing unit, configured to encrypt, according to the source important information, the data blocks to obtain encrypted information; and the first execution unit is used for performing communication transmission on the plurality of data blocks in the first distributed database respectively by adopting the plurality of encrypted information.
In a third aspect of the present application, a distributed database node secure communication system is provided, including: a processor coupled to a memory, the memory storing a program that, when executed by the processor, causes a system to perform the steps of the method according to the first aspect.
In a fourth aspect of the present application, a computer-readable storage medium is provided, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the method according to the first aspect.
One or more technical solutions provided in the present application have at least the following technical effects or advantages:
according to the technical scheme, when data transmission is carried out among distributed database nodes, source tracing analysis is carried out on all data in data information needing to be communicated and transmitted, a plurality of source information is obtained, then the importance of the source information is analyzed, a plurality of important information is obtained, the data information needing to be transmitted is blocked and encrypted according to the important information, an optimal encryption mode is obtained through optimization, the safety of data transmission is guaranteed, and then data transmission among different database nodes is carried out. According to the embodiment of the application, the source security of data needing data transmission among the nodes of the distributed database is analyzed, the importance degree of the data transmitted by each node can be analyzed, the occurrence of data security problems caused when the data are transmitted is avoided, block encryption is carried out according to the source importance of each part of data in the data when the data are transmitted, different encryption schemes are set according to different source importance, the encryption modes of data blocks and data blocks are dynamically formulated, in the data processing environment with high security requirements, the security coefficient of data communication transmission is improved, and the technical effect of improving the data transmission security in the nodes of the distributed database is achieved.
The foregoing description is only an overview of the technical solutions of the present application, and the present application can be implemented according to the content of the description in order to make the technical means of the present application more clearly understood, and the following detailed description of the present application is given in order to make the above and other objects, features, and advantages of the present application more clearly understandable.
Drawings
Fig. 1 is a schematic flowchart of a secure communication method for nodes of a distributed database according to the present application;
fig. 2 is a schematic view illustrating a process of constructing and obtaining important information from multiple sources in a distributed database node secure communication method provided by the present application;
fig. 3 is a schematic flowchart of optimizing and obtaining an optimal encryption scheme in the distributed database node secure communication method provided by the present application;
FIG. 4 is a schematic structural diagram of a distributed database node secure communication system provided in the present application;
fig. 5 is a schematic structural diagram of an exemplary electronic device of the present application.
Description of reference numerals: a first obtaining unit 11, a first processing unit 12, a second processing unit 13, a third processing unit 14, a fourth processing unit 15, a first execution unit 16, an electronic device 300, a memory 301, a processor 302, a communication interface 303, and a bus architecture 304.
Detailed Description
The application provides a method and a system for safe communication of distributed database nodes, which are used for solving the technical problem that the communication safety between the nodes is low in the distributed database nodes in the prior art.
Summary of the application
The distributed database is developed and obtained based on a centralized database, and comprises a plurality of distributed database nodes, the distributed nodes are generally applied to each department of a unit, and data query and DML operation can be performed in the distributed database according to different services among the departments. In the distributed database, data communication transmission can be carried out among all nodes, and the stability of the database and the consistency of partial data are ensured.
Data transmission between nodes of the distributed database needs to be carried out on the nodes with the corresponding authorities by determining whether each node has the corresponding authority, so that the safety of data stored in each node is ensured.
In the prior art, data communication transmission in a node is generally performed by judging whether a related node has an authority, and in the higher security requirement, the technical problem of lower communication security of a distributed database node exists.
In view of the above technical problems, the technical solution provided by the present application has the following general idea:
according to the technical scheme, when data transmission is carried out among distributed database nodes, source tracing analysis is carried out on all data in data information needing to be communicated and transmitted, a plurality of source information is obtained, then the importance of the source information is analyzed, a plurality of important information is obtained, the data information needing to be transmitted is blocked and encrypted according to the important information, an optimal encryption mode is obtained through optimization, the safety of data transmission is guaranteed, and then data transmission among different database nodes is carried out.
Having described the basic principles of the present application, the technical solutions in the present application will be described clearly and completely with reference to the accompanying drawings, and it should be understood that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments of the present application, and the present application is not limited to the exemplary embodiments described herein. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present application without making any creative effort, shall fall within the protection scope of the present application. It should be further noted that, for the convenience of description, only some but not all of the relevant portions of the present application are shown in the drawings.
Example one
As shown in fig. 1, the present application provides a method for secure communication of nodes in a distributed database, where the method includes:
s100: acquiring first data information, wherein the first data information needs to be communicated and transmitted in distributed nodes in a first distributed database;
in the embodiment of the present application, the first distributed database may be a database set in any enterprise, unit, or school in the prior art. In the prior art, according to the requirement of actual service, a plurality of nodes are respectively arranged in each department, and the like, and each database node stores different partial data, such as query rules, stored data, and the like, and also stores the same partial data.
Optionally, after data in a certain distributed node is updated, at least part of the data may need to be transmitted to other distributed nodes, so as to maintain data consistency in part or all of the nodes, and to support functions of querying, adding and deleting the database, and the like.
The first data information is data obtained by updating a certain node in the first distributed database, and may also be data stored by a certain node in the first distributed database, and it needs to be transmitted by communication among multiple distributed nodes in the first distributed database. For example, the first data message may be transmitted from node a to all other nodes, and also from node a to node B and node C, to support database traffic.
When data is transmitted, the data security needs to be ensured, and data leakage caused by the fact that the data is transmitted to other nodes is avoided.
S200: performing source tracing analysis on each part of data in the first data information to obtain a plurality of source information;
in this embodiment, the first data information may be a data set including multiple sets or portions of data, where the portions of data in the first data information are from different sources.
For example, the portions of data in the first data information may originate from network downloading, local uploading, or also from other database node transmissions, including various source channels.
In the process of storing the first data information in the first distributed database, the source information of each part of data can be stored at the same time, and the source information of each part of data is obtained by tracing and analyzing the source information of each part of data in the first data information.
S300: performing source importance analysis on the source information to obtain source important information;
in the embodiment of the present application, the sources of the data in each portion of the first data information are different, and the importance of each portion of the data is different and is related to the source of each portion of the data. The more important a part of data is, the higher the security requirements of the part of data, such as prevention of leakage, are.
For example, among the parts of data in the first data information, the part of data from the network may be repeatedly downloaded, and the importance of the part of data from the local upload is greater than that of the part of data from the network. And in the partial data which is uploaded locally from the source, the importance of the data uploaded by different database nodes or different machines and different accounts is also different. There is also a difference in the importance of the data downloaded by the local network and the internet in the part of the data that is sourced as the network download.
Optionally, the importance identification may be performed on multiple sources of the uploaded and stored data at each node in the first database under supervision, and after the stored data are uploaded and the first data information is obtained, the source importance analysis may be performed on the sources of the data of each part in the first data information to obtain the importance of each part of the data, that is, multiple pieces of source important information.
S400: according to the source important information, performing data blocking on the first data information to obtain a plurality of data blocks;
in the embodiment of the present application, the source important information respectively reflects the importance degree of each part of data in the first data information. Based on the source important information, each part of data in the first data information is partitioned to obtain a plurality of data blocks with different importance degrees.
S500: respectively encrypting the plurality of data blocks according to the plurality of important source information to obtain a plurality of encrypted information;
specifically, the source importance information may reflect importance of each part of data in the first data information, and data with different importance may have different security requirements for data transmission.
In the prior art, because the distributed databases are mostly used in a cooperative set, data can be transmitted only by ensuring that nodes receiving the data have corresponding authorities, and the security protection on data transmission is low. With the development of the distributed database, the distributed database can be applied to a plurality of groups with certain competition relationship, and at the moment, the security of data transmission needs to be ensured, and illegal nodes are prevented from intercepting data.
According to the method and the device, the data blocks with different importance are encrypted in different modes and different complexity degrees respectively according to the important information of a plurality of sources, wherein the higher the complexity degree of the encryption mode of the data block with the higher importance degree is, the higher the security is. And the efficiency of encryption processing and decryption reading is considered simultaneously in the encryption process, so that the data transmission efficiency is prevented from being greatly reduced, and finally, an encryption scheme is set to encrypt the data blocks with different importance degrees in the first data information to obtain a plurality of encrypted information of the data blocks.
S600: and respectively carrying out communication transmission on the plurality of data blocks in the first distributed database by adopting the plurality of encrypted information.
Optionally, the multiple pieces of encryption information are used for performing communication transmission on multiple data blocks in the first data information, the multiple data blocks are transmitted to the receiving database node by the transmitting database node, the receiving database node completes decryption and assembly of the multiple data blocks, complete first data information is obtained and stored, and subsequent functions of query, calculation, modification and the like are supported.
In the plurality of pieces of encrypted information, the plurality of pieces of encrypted information include keys which can be decrypted only by receiving the database nodes, and even if the first data information is stolen in the transmission process or is transmitted to the wrong database node, the first data information cannot be decrypted to obtain data, so that the safety of data transmission in the plurality of nodes of the distributed database is improved.
According to the embodiment of the application, the importance degree of data transmission of each node can be analyzed and obtained by analyzing the source importance of the data needing data transmission among the nodes of the distributed database, block encryption is carried out according to the source importance of each part of data in the data when the data are transmitted, different encryption schemes are set according to different source importance, the encryption modes of the data blocks and the data blocks are dynamically formulated, the important coefficient of data communication transmission is improved in a data processing environment with high safety requirements, and the technical effect of improving the data transmission safety in the nodes of the distributed database is achieved.
The method provided by the embodiment of the application includes the following steps in step S100:
s110: obtaining the portions of data from a plurality of sources, wherein the plurality of sources includes a first type of source and a second type of source;
s120: performing hash processing on the source information of each part of data respectively to obtain a plurality of source hash values of the plurality of sources;
s130: and using the source hash values and the partial data as the first data information.
Before the first data information needs to be transmitted, first, each part of data in the first data information is obtained. Specifically, the user obtains each part of data in the first data information through a plurality of sources, and stores the data in the database node which needs to perform data transmission.
In the embodiment of the present application, the plurality of sources specifically include a first type of source and a second type of source. Illustratively, the first type of sources includes local sources, such as different accounts, different machines, etc., for uploading data locally into the database node, and the second type of sources includes network sources, such as different local networks or internet downloads for obtaining data uploads into the database node.
In general, the degree of importance of data within a first type of source is greater than the degree of importance of data within a second type of source.
Further, in the first distributed database, the types of the sources of the data stored in the database nodes are basically fixed, and hash mapping processing is performed on each data source to obtain a hash value of each data source. If the two data sources are similar, the hash processing of the two data sources can be scattered to be the same hash value.
In this way, after the respective pieces of data of the first data information are obtained through the multiple sources, the hash processing is performed on the source information of the respective pieces of data, so as to obtain multiple source hash values of the multiple sources of the respective pieces of data, where the source hash values, the data, and the data sources are in one-to-one correspondence.
The source hash values are respectively corresponding to each part of data and are unified as the first data information.
According to the data transmission method and device, the hash mapping processing is carried out on the sources of the data of all parts in the first data information, the hash values of the sources of the data of all parts are obtained and added into the first data information, and then the source tracing of the data of all parts can be carried out according to the first data information and used as a data basis for analyzing the importance degree of the data of all parts, and the data transmission safety of all nodes in the distributed database is improved.
Thus, in step S200 of the method provided in the embodiment of the present application, source tracing analysis may be performed according to the hash value of the source of each part of data in the first data information, so as to obtain the source information of each part of data.
As shown in fig. 2, step S300 in the method provided in the embodiment of the present application includes:
s310: constructing important information spaces of various data sources according to various data sources of the distributed nodes in the first distributed database;
s320: obtaining the part data and a plurality of source hash values according to the first data information;
s330: tracing and analyzing the sources of the data of each part according to the source Hash values to obtain first type source information and second type source information;
s340: inputting the first type of source information and the second type of source information into the important information space to obtain first type of important information and second type of important information;
s350: and mapping and associating according to the first type of important information, the second type of important information and the data of each part to obtain a plurality of source important information of the data of each part.
Wherein, step S310 includes:
s311: setting a first historical time period;
S312: collecting problems occurring when a plurality of distributed nodes perform data transmission on data of a plurality of data sources within the first historical time period, and obtaining a plurality of historical problem sets, wherein the historical problem sets comprise problem frequency information and problem scale information;
s313: establishing an important space coordinate system by using the problem frequency information and the problem scale information as coordinate axes;
s314: inputting a plurality of historical problem sets into the important space coordinate system to obtain a plurality of mapping points;
s315: clustering the mapping points to obtain a plurality of clustering results, wherein the clustering results comprise a first type of clustering result and a second type of clustering result;
s316: setting a plurality of corresponding important information according to the problem frequency level and the problem scale level in the clustering results;
s317: and constructing the important information space according to the plurality of clustering results and the plurality of important information.
In the embodiment of the present application, a first historical time period with an arbitrary time length is set, for example, it may be a year, a quarter, etc. And collecting the problems of the plurality of distributed nodes in the first distributed database in the first historical time period in the data transmission process of the data from the plurality of data sources. If the more problems occur in the data transmission process of data from one data source, the more problems may include data leakage, tampering and the like, the more security problems occur in the data from the data source, and further, the higher the importance of the data from the data source is, the more complicated encryption needs to be performed, so as to avoid the problems occurring in the data transmission.
In this way, a plurality of historical problem sets of problems occurring in the process of transmitting data of a plurality of data sources in a first historical time period by a plurality of distributed nodes are acquired, and the historical problem sets comprise problem frequency information and problem scale information.
The problem number information includes the number information of the occurrence of problems of a certain data source data in a first historical time period, such as the number of data leakage, and the problem scale information includes the scale information of the occurrence of problems of a certain data source data in a first historical time period, such as the amount of leaked data. If the number of problems is increased and the scale of the problems is increased, the importance of the data from which the data is obtained is increased.
Based on the problem order information and the problem scale information as coordinate axes, for example, the problem order information as an abscissa axis and the problem scale information as an ordinate axis, a two-dimensional important space coordinate system is constructed.
Inputting a plurality of historical problem sets of the data sources into the important space coordinate system, and according to the problem frequency information and the problem scale information numerical value in each historical problem set, the chassis of the air ticket and the mapping points, wherein each mapping point corresponds to one historical problem set of the data sources.
And clustering the plurality of mapping points, wherein in the specific clustering process, the Euclidean distance between every two mapping points can be calculated, the two mapping points with the Euclidean distance smaller than a threshold value are classified into one class, and the threshold value can be set according to the distribution of the plurality of mapping points and the actual service requirement. In this way, a plurality of mapping points are clustered to obtain a plurality of clustering results.
The multiple clustering results include a first clustering result and a second clustering result, optionally, the first clustering result is a clustering result of a local data source, and the second clustering result is a clustering result of a network data source. Each clustering result can correspond to a type of data sources with similar importance degree, and the frequency of problems occurring in the data transmission process of the data sources in each clustering result is similar to the scale of the problems.
And setting a plurality of corresponding important information according to the problem frequency level and the problem scale level in the plurality of clustering results, for example, setting the important information of the clustering result to be more important for the clustering result with higher problem frequency level and problem scale level, and setting the important information of the clustering result to be generally important for the clustering result with lower problem frequency level and problem scale level. In this way, important information of multiple data sources in each clustering result can be obtained.
And constructing and obtaining an important information space according to the clustering results, the important information and the important space coordinate system. In the important information space, a plurality of data sources correspond to a clustering result and to an important information.
According to the method and the device, problem information occurring in the data transmission process of the data sources in the historical time period is collected, the data sources are clustered and analyzed by adopting a visualization method, the clustering results and the importance of the data sources are obtained, the data bases for analyzing the importance of the data sources can be used as data bases for analyzing the importance of the data sources, and the data importance of the data sources can be accurately and efficiently analyzed.
Based on the important information space, each part of data and a plurality of source hash values of each part of data are obtained according to the first data information. And performing Hash mapping operation according to the multiple source Hash values, and performing source tracing analysis to obtain the sources of each part of data to obtain first type source information and second type source information. The first type of source information is source information of a local source, and the second type of source information is source information of a network source.
Inputting the first type source information and the second type source information into the important information space, and according to the plurality of clustering results, obtaining clustering results corresponding to the source information in the first type source information and the second type source information respectively, further obtaining a plurality of important information corresponding respectively, and obtaining the first type important information and the second type important information.
Thus, the multiple important information in the first type of important information and the second type of important information are respectively mapped and associated with each part of data in the first data information, and the source important information of each part of data is obtained by specifically mapping and associating the clustering result, the first type of source information and the second type of source information, so that the source importance analysis of each part of data is completed.
In the embodiment of the application, by constructing the important information space, source tracing analysis is performed according to the source hash value of each part of data in the first data information, the importance of each source information is further analyzed according to the important information space, and then the source important information of each part of data is obtained through analysis and is used as a data basis for performing block division and data encryption on each part of data, so that an encryption scheme of each part of data can be formulated, and the security of each part of data in the transmission process of the distributed database node is improved.
Step S400 in the method provided in the embodiment of the present application includes:
s410: obtaining source importance level information of each part of data in the first data information according to a plurality of source importance information;
s420: judging whether the source importance level information of each part of data in the first data information is the same or not according to a plurality of pieces of source importance level information;
s430: and if the data blocks exist, partitioning partial data with the same source importance level information into the same data block, and if the data blocks do not exist, partitioning the partial data into a plurality of data blocks respectively.
Specifically, based on the plurality of source importance information, each part of the data in the first data information is analyzed in a hierarchical manner according to different importance levels of the source importance information, and for example, a corresponding source importance level is set to be higher for a part of the data having a higher importance level in the source importance information. In this way, the source importance level information of each part of data is obtained.
Further, according to the source importance level information of each part of data, whether two parts of data with the same source importance level information exist is judged, if the source importance level information of the two parts of data is the same, the importance degrees of the two parts of data are similar or the same, the two parts of data can be divided into the same data block, and the parts of data with different source importance level information are divided into a plurality of data blocks respectively.
Therefore, according to the important information of the multiple sources of the data of each part, the data of each part in the first data information is blocked to obtain multiple data blocks, so that the multiple data blocks with different importance degrees can be encrypted differently, the data security is improved, unnecessary encryption calculation time is avoided, the data encryption and transmission efficiency is improved, and meanwhile, the data transmission method is compatible with the data transmission of the TCP protocol.
As shown in fig. 3, step S500 in the method provided in the embodiment of the present application includes:
s510: obtaining source importance level information of each part of data in the first data information according to a plurality of source importance information;
s520: setting optimization constraint conditions, and constructing an optimization space according to the optimization constraint conditions, wherein the optimization constraint conditions comprise: decrypting a read speed constraint, an encrypting speed constraint and a read time constraint;
s530: respectively grading the encryption importance levels of the source importance level information to different degrees, and taking the grades as optimization parameters;
s540: in the optimization space, carrying out iterative optimization on the encryption schemes of the data blocks by using the optimization parameters to obtain an optimal encryption scheme;
S550: and encrypting the plurality of data blocks by adopting the optimal encryption scheme to obtain a plurality of encrypted information.
Specifically, based on the plurality of source important information, each part of data in the first data information is analyzed in a hierarchical manner according to different importance levels of the source important information, for example, a part of data with a higher importance level in the source important information is set to have a higher corresponding source importance level. In this way, the source importance level information of each part of data is obtained.
In the embodiment of the present application, based on the plurality of data blocks obtained in step S400, for the data blocks of the information with different source importance levels, different encryption methods may be adopted to perform encryption with different complexity levels. For example, for a data block with a higher level corresponding to the source important level information, an encryption mode with a higher complexity and a higher safety factor needs to be adopted for encryption, so that the data security is ensured.
Because different encryption needs to be carried out on a plurality of data blocks with information of different source importance levels, the safety of the data blocks with higher importance degrees in the data transmission process is improved, meanwhile, unnecessary encryption work is reduced, and the data encryption, transmission and decryption reading efficiency is improved. In the embodiment of the application, based on multiple encryption modes and data blocks of information of different source importance levels, multiple encryption schemes of first data information can be obtained in a combined mode, and in order to obtain an encryption scheme with the best encryption effect and high transmission efficiency, the method provided by the embodiment of the application is optimized in the multiple encryption schemes, and a better encryption scheme is obtained.
The multiple encryption manners may include multiple different encryption manners in the prior art, such as asymmetric encryption, symmetric encryption, encryption algorithms such as DES, RSA, SHA, AES, and the like, and multiple manners of re-encrypting the key.
In the process of optimizing in various encryption schemes, optimization conditions need to be set so as to reduce the optimization range and ensure that the optimization result meets the service requirements.
In the embodiment of the application, a decryption reading speed constraint condition is set according to the decryption speed after the first data information is transmitted, an encryption speed constraint condition is set according to the encryption speed of a plurality of data blocks according to an encryption scheme, and a reading time constraint condition is set according to the whole time of the whole process of encryption transmission and encryption reading of the first data information. And taking the decryption reading speed constraint condition, the encryption speed constraint condition and the reading time constraint condition as optimization constraint conditions. In the optimizing process, the obtained encryption scheme is required to be ensured to meet the optimization constraint condition, and the encryption effect and the data transmission efficiency are improved on the basis.
Optionally, the decryption reading speed constraint condition, the encryption speed constraint condition, and the reading time constraint condition may include a decryption reading speed threshold, an encryption speed threshold, and a reading time threshold, respectively, where the decryption reading speed threshold, the encryption speed threshold, and the reading time threshold may be set according to actual encryption and data transmission services, and under the decryption reading speed threshold, the encryption speed threshold, and the reading time threshold, service requirements for data transmission and encryption may be substantially satisfied, so that data security and transmission efficiency are ensured to a certain extent. Thus, optimization of the encryption scheme is performed on this basis.
And constructing an optimization space according to the optimization constraint conditions, wherein the optimization space comprises a plurality of encryption schemes meeting the optimization constraint conditions, the number of the encryption schemes is less than that of all the encryption schemes obtained by combination, and the encryption schemes not meeting the optimization constraint conditions are filtered out.
In the specific optimizing process, an encryption scheme is randomly selected in the optimization space to serve as a first encryption scheme as a current optimizing result. And calculating optimized parameters for the first encryption scheme. The optimization parameters can be obtained by grading the encryption complexity of the data block of the important grade information of a plurality of sources and the encryption efficiency and the decryption reading efficiency of the data block to different degrees, and the grading is used as the optimization parameters.
Illustratively, in the process of calculating the optimization parameter, for a data block with a higher level corresponding to the source importance level information, the higher the encryption complexity of the data block, the higher the score, and the higher the encryption complexity, the lower the encryption efficiency and the decryption reading efficiency, and the lower the corresponding scores such as the encryption efficiency, the decryption reading efficiency, and the reading time. The scoring weights corresponding to the scores of the encryption complexity, the encryption efficiency and the decryption reading efficiency are different, for example, the scoring weight proportion of the encryption complexity is greater than the scoring weight proportion of the decryption reading efficiency which is greater than the encryption efficiency, so that when the encryption scheme is obtained through optimization, the encryption scheme is scored to obtain the optimization parameters of the encryption scheme, and the optimization parameters are used as the basis for evaluating the quality of the encryption scheme.
Optionally, when calculating the optimization parameter of the encryption scheme, the encryption complexity scores of different source importance level information are respectively subjected to weight distribution, for a data block with lower source importance level information, the score of the encryption complexity occupies a smaller weight, and the score obtained by calculation is lower, and for a data block with higher source importance level information, the score of the encryption complexity occupies a larger weight, and the score obtained by calculation is higher. For example, the weight assignment process may use a weight assignment algorithm in the prior art, such as AHP hierarchy analysis, G1 weight method, and the like, but is not limited thereto.
And weight distribution can be carried out on the encryption efficiency, the decryption reading efficiency and the reading time according to the importance degree, so that when the encryption scheme is obtained, scores of the encryption scheme except the encryption complexity degree are calculated in a weighting mode in an adaptive mode, the scores are more accurate, the actual service requirements are met better, and the optimized parameters of the encryption scheme are obtained.
And performing iterative optimization on the encryption schemes of the plurality of data blocks by using the optimization parameters in the optimization space. Specifically, optimizing in the optimization space again to randomly obtain an encryption scheme, as a second encryption scheme, calculating the optimization parameters of the second encryption scheme based on the content, if the optimization parameters of the second encryption scheme are greater than the optimization parameters of the first encryption scheme, it is indicated that the second encryption scheme is better than the first encryption scheme, and the second encryption scheme replaces the first encryption scheme as the current optimization result.
If the optimized parameter of the second encryption scheme is less than the optimized parameter of the first encryption scheme, it indicates that the second encryption scheme is inferior to the first encryption scheme. At this time, the second encryption scheme is not directly abandoned, the optimization process is prevented from being stopped at the first encryption scheme, in order to improve the iterative optimization speed of a plurality of optimization schemes in the optimization space, the second encryption scheme is accepted as the current optimization result with a probability, and the first encryption scheme is abandoned, and the probability is calculated by the following formula:
Figure 467826DEST_PATH_IMAGE001
wherein e is the natural logarithm R1Is an optimized parameter, R, of the first encryption scheme2N is the optimal rate factor for the second encryption scheme.
The optimizing rate factor n can be reduced along with the number of optimizing iterations, and n is larger at the initial optimizing stage, so that the second encryption scheme with smaller acceptable optimizing parameters at a high probability is the current optimizing result, and the optimizing iteration speed is increased. With the optimization iteration process, the reduction of n also enables P to be reduced with the number of optimization iterations, and in the later period of optimization, for the encryption scheme with smaller optimization parameters, the probability of receiving the encryption scheme as the current optimization result is reduced, the accuracy of optimization is improved, and a new encryption scheme is received only under the condition of larger optimization parameters as far as possible.
For example, the decreasing manner of n may be an exponential decreasing manner or other decreasing manners in the prior art.
Therefore, the optimization operation is repeated to carry out iterative optimization, when the current optimization result is not changed in the threshold number of times of optimization iteration, the optimization parameters of the encryption scheme in the current optimization result are larger, a more optimal encryption scheme is difficult to find, P is gradually reduced, the encryption scheme with the smaller optimization parameters is difficult to accept as the current optimization result, the optimization process can confirm the later stage, and therefore the optimization can be completed, and the encryption scheme in the current optimization result is used as the optimal encryption scheme.
And respectively encrypting the plurality of data blocks by adopting the optimal encryption scheme, wherein the optimal encryption scheme comprises a specific encryption scheme for different data blocks, encryption is completed, and encryption information of the plurality of data blocks is obtained.
According to the method and the device, the source importance level information of each part of data is obtained through the source importance level information of each part of data, optimization constraint conditions are set, the optimization space comprising various encryption schemes is constructed, optimization is carried out in the optimization space, different grading is carried out on the encryption complexity of the encryption schemes according to the source importance level information with different importance degrees, grading with different weights is carried out according to decryption reading efficiency, encryption efficiency and the like, a special optimization algorithm is set, optimization can be carried out in the optimization space quickly, the encryption complexity is most appropriate, the data security can be guaranteed, the encryption scheme of data encryption transmission can be guaranteed to a certain degree, and the technical effect of improving the node data communication transmission security in the distributed database is achieved.
Step S600 in the method provided in the embodiment of the present application includes:
s610: adding the plurality of encrypted information into the data streams of the plurality of data blocks respectively;
s620: transmitting the processed data stream in the first distributed database;
s630: and after the data transmission is finished, destroying the encrypted information.
In the embodiment of the application, as the encryption of each data block in the first data information takes the time for data transmission, in order to improve the efficiency of data encryption transmission, a data transmission mode that the data packet is encapsulated by combining an encryption key and a header in the current data encryption transmission is replaced, the encryption information of each data block is directly added into the data stream text of each data block for transmission, and is directly transmitted into the database node of the data to be received.
After the database node of the data to be received receives the acquired transmission data, the data blocks are directly received without decryption identification, the encrypted information in the data blocks is read and decrypted after the data blocks are received, and the text information in the data blocks can be read only after the data blocks are successfully decrypted, so that the safety of the data is guaranteed, and the efficiency in the data transmission process is improved.
The encrypted information includes only the key commonly identified by the data transmission node and the data receiving node, and if data transmission to the error node occurs, even if the error node receives the first data information, each data block cannot be decrypted and read.
Optionally, after the first data information is transmitted in the first distributed database and decrypted and read, the encrypted information in the data block is erased and destroyed, and then the transmitted data is used.
According to the embodiment of the application, the encrypted information is directly added into the data body for transmission in the data transmission completed through encryption, and the encrypted information is decrypted and read after the data is received, so that the data safety is ensured, and meanwhile, the efficiency in the data transmission process is improved.
In summary, the embodiment of the present application can analyze the importance degree of the data transmitted by each node by analyzing the source importance of the data that needs to be transmitted between the nodes of the distributed database, and use the importance degree as the data basis for encrypting and securely transmitting the data, and block encryption is performed according to the source importance of each part of data in the data when transmission is performed, setting encryption schemes with different encryption complexity degrees according to different importance degrees, so as to obtain a plurality of encryption schemes, and sets constraint conditions, optimization space, optimization parameters and the like to optimize the encryption scheme, further dynamically formulates data blocks and encryption modes of the data blocks, in a data processing environment with higher safety requirements, the safety factor of data communication transmission is improved, and the technical effect of improving the safety of data transmission in the distributed database nodes is achieved.
Example two
Based on the same inventive concept as the secure communication method of a distributed database node in the foregoing embodiment, as shown in fig. 4, the present application provides a secure communication system of a distributed database node, where the system includes:
a first obtaining unit 11, configured to obtain first data information, where the first data information needs to be transmitted by communication in distributed nodes in a first distributed database;
the first processing unit 12 is configured to perform source tracing analysis on each part of data in the first data information to obtain multiple pieces of source information;
a second processing unit 13, configured to perform source importance analysis on the source information to obtain source importance information;
a third processing unit 14, configured to perform data blocking on the first data information according to a plurality of pieces of source important information to obtain a plurality of data blocks;
a fourth processing unit 15, configured to encrypt, according to the source important information, the data blocks to obtain a plurality of encrypted information;
a first executing unit 16, configured to perform communication transmission on the plurality of data blocks in the first distributed database respectively by using the plurality of encryption information.
Further, the system further comprises:
a second obtaining unit, configured to obtain the partial data through a plurality of sources, where the plurality of sources include a first type of source and a second type of source;
a fifth processing unit, configured to perform hash processing on source information of the data of each portion, respectively, to obtain multiple source hash values of the multiple sources;
a third obtaining unit, configured to use the source hash values and the partial data as the first data information.
Further, the system further comprises:
the first construction unit is used for constructing important information spaces of various data sources according to the various data sources of the distributed nodes in the first distributed database;
a fourth obtaining unit, configured to obtain the portions of data and a plurality of source hash values according to the first data information;
a fifth obtaining unit, configured to obtain first type source information and second type source information by performing source tracing analysis on the sources of the data of each portion according to the multiple source hash values;
a sixth processing unit, configured to input the first type of source information and the second type of source information into the important information space, and obtain first type of important information and second type of important information;
A seventh processing unit, configured to perform mapping association according to the first type of important information, the second type of important information, and the part data, so as to obtain a plurality of source important information of the part data.
Further, the system further comprises:
an eighth processing unit for setting a first history time period;
a sixth obtaining unit, configured to collect problems that occur when the multiple distributed nodes perform data transmission on data from multiple data sources within the first historical time period, and obtain multiple historical problem sets, where the historical problem sets include problem frequency information and problem scale information;
the second construction unit is used for constructing an important space coordinate system by taking the problem frequency information and the problem scale information as coordinate axes;
a seventh obtaining unit, configured to input the plurality of historical problem sets into the important spatial coordinate system, and obtain a plurality of mapping points;
a ninth processing unit, configured to cluster the mapping points to obtain a plurality of clustering results, where the plurality of clustering results include a first-class clustering result and a second-class clustering result;
a tenth processing unit, configured to set a plurality of corresponding important information according to the problem frequency level and the problem scale level in the plurality of clustering results;
And the third construction unit is used for constructing the important information space according to the clustering results and the important information.
Further, the system further comprises:
an eighth obtaining unit, configured to obtain, according to a plurality of pieces of source importance information, source importance level information of each piece of data in the first data information;
a first judging unit, configured to judge whether source importance level information of each part of data in the first data information is the same according to a plurality of pieces of source importance level information;
and an eleventh processing unit, configured to block, if the partial data exists, partial data with the same source importance level information into the same data block, and, if the partial data does not exist, block the partial data into a plurality of data blocks.
Further, the system further comprises:
a ninth obtaining unit, configured to obtain source importance level information of each part of data in the first data information according to a plurality of pieces of source importance information;
a twelfth processing unit, configured to set optimization constraints, and construct an optimization space according to the optimization constraints, where the optimization constraints include: decrypting a read speed constraint, an encrypting speed constraint and a read time constraint;
A thirteenth processing unit, configured to score the encryption importance levels of the source importance level information by different degrees, and use the scores as optimization parameters;
a fourteenth processing unit, configured to perform iterative optimization on the encryption schemes of the multiple data blocks by using the optimization parameters in the optimization space, so as to obtain an optimal encryption scheme;
and a fifteenth processing unit, configured to encrypt the multiple data blocks by using the optimal encryption scheme, so as to obtain multiple pieces of encryption information.
Further, the system further comprises:
a sixteenth processing unit, configured to add the plurality of pieces of encryption information to data streams of the plurality of data blocks, respectively;
a seventeenth processing unit, configured to transmit the processed data stream in the first distributed database;
and the eighteenth processing unit is used for destroying the encrypted information after the data transmission is finished.
EXAMPLE III
Based on the same inventive concept as the secure communication method of one of the foregoing embodiments, the present application further provides a computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the method as in the first embodiment.
Exemplary electronic device
The electronic device of the present application is described below with reference to figure 5,
based on the same inventive concept as the secure communication method of the distributed database node in the foregoing embodiment, the present application further provides a secure communication system of the distributed database node, including: a processor coupled to a memory, the memory storing a program that, when executed by the processor, causes the system to perform the steps of the method of embodiment one.
The electronic device 300 includes: processor 302, communication interface 303, memory 301. Optionally, the electronic device 300 may also include a bus architecture 304. Wherein, the communication interface 303, the processor 302 and the memory 301 may be connected to each other through a bus architecture 304; the bus architecture 304 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus architecture 304 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 5, but this is not intended to represent only one bus or type of bus.
Processor 302 may be a CPU, microprocessor, ASIC, or one or more integrated circuits configured to control the execution of the programs of the present application.
Communication interface 303, using any transceiver or like device, is used to communicate with other devices or communication networks, such as an ethernet, a Radio Access Network (RAN), a Wireless Local Area Network (WLAN), a wired access network, etc.
The memory 301 may be, but is not limited to, ROM or other type of static storage device that can store static information and instructions, RAM or other type of dynamic storage device that can store information and instructions, EEPROM, CD-ROM or other optical disk storage, optical disk storage (including compact disk, laser disk, optical disk, digital versatile disk, blu-ray disk, etc.), magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory may be self-contained and coupled to the processor through a bus architecture 304. The memory may also be integrated with the processor.
The memory 301 is used for storing computer-executable instructions for executing the present application, and is controlled by the processor 302 to execute. The processor 302 is configured to execute the computer-executable instructions stored in the memory 301, so as to implement a distributed database node secure communication method provided by the above-mentioned embodiment of the present application.
Those of ordinary skill in the art will understand that: the various numbers of the first, second, etc. mentioned in this application are for convenience of description and are not intended to limit the scope of this application nor to indicate the order of precedence. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one" means one or more. At least two means two or more. "at least one," "any," or similar expressions refer to any combination of these items, including any combination of singular or plural items. For example, at least one (one ) of a, b, or c, may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or multiple.
In the above embodiments, all or part of the implementation may be realized by software, hardware, firmware, or any combination thereof. When implemented in software, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions described in the present application are generated in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer finger
The instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, where the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center by wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wirelessly (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, including one or more integrated servers, data centers, and the like. The usable medium may be a magnetic medium (e.g., a floppy Disk, a hard Disk, a magnetic tape), an optical medium (e.g., a DVD), or a semiconductor medium (e.g., a Solid State Disk (SSD)), among others.
The various illustrative logical units and circuits described in this application may be implemented or operated through the design of a general purpose processor, a digital signal processor, an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof. A general-purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a digital signal processor and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a digital signal processor core, or any other similar configuration.
The steps of a method or algorithm described in this application may be embodied directly in hardware, in a software element executed by a processor, or in a combination of the two. The software cells may be stored in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. For example, a storage medium may be coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC, which may be disposed in a terminal. In the alternative, the processor and the storage medium may reside in different components within the terminal. These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Although the present application has been described in conjunction with specific features and embodiments thereof, it will be evident that various modifications and combinations may be made thereto without departing from the spirit and scope of the application. Accordingly, the specification and figures are merely exemplary of the application and are intended to cover any and all modifications, variations, combinations, or equivalents within the scope of the application. It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the present application and its equivalent technology, the present application is intended to include such modifications and variations.

Claims (8)

1. A method for secure communication between nodes of a distributed database, the method comprising:
acquiring first data information, wherein the first data information needs to be communicated and transmitted in distributed nodes in a first distributed database;
performing source tracing analysis on each part of data in the first data information to obtain a plurality of source information;
performing source importance analysis on the source information to obtain source important information;
According to the source important information, carrying out data blocking on the first data information to obtain a plurality of data blocks;
respectively encrypting the plurality of data blocks according to the plurality of important source information to obtain a plurality of encrypted information;
adopting the plurality of encrypted information to respectively carry out communication transmission on the plurality of data blocks in the first distributed database;
wherein, the performing source importance analysis on the plurality of source information comprises:
constructing important information spaces of various data sources according to various data sources of the distributed nodes in the first distributed database;
obtaining the data of each part and a plurality of source hash values according to the first data information;
tracing and analyzing the sources of the data of each part according to the source Hash values to obtain first type source information and second type source information;
inputting the first type of source information and the second type of source information into the important information space to obtain first type of important information and second type of important information;
mapping and associating the first type of important information, the second type of important information and the data of each part to obtain a plurality of source important information of the data of each part;
The constructing of an important information space of a plurality of data sources according to the plurality of data sources of the plurality of distributed nodes in the first distributed database includes:
setting a first historical time period;
collecting problems occurring when a plurality of distributed nodes transmit data of a plurality of data sources in a first historical time period to obtain a plurality of historical problem sets, wherein the historical problem sets comprise problem frequency information and problem scale information;
establishing an important space coordinate system by using the problem frequency information and the problem scale information as coordinate axes;
inputting a plurality of historical problem sets into the important space coordinate system to obtain a plurality of mapping points;
clustering the mapping points to obtain a plurality of clustering results, wherein the clustering results comprise a first type of clustering result and a second type of clustering result;
setting a plurality of corresponding important information according to the problem frequency level and the problem scale level in the clustering results;
and constructing the important information space according to the plurality of clustering results and the plurality of important information.
2. The method of claim 1, wherein the obtaining the first data information comprises:
Obtaining the portion of data from a plurality of sources, wherein the plurality of sources includes a first type of source and a second type of source;
performing hash processing on the source information of each part of data respectively to obtain a plurality of source hash values of the plurality of sources;
and using the source hash values and the partial data as the first data information.
3. The method of claim 1, wherein the data partitioning the first data information according to the plurality of source significant information comprises:
obtaining source importance level information of each part of data in the first data information according to a plurality of source importance information;
judging whether the source importance level information of each part of data in the first data information is the same or not according to a plurality of pieces of source importance level information;
and if the partial data exists, the partial data with the same source importance level information is blocked into the same data block, and if the partial data does not exist, the partial data is respectively blocked into a plurality of data blocks.
4. The method of claim 1, wherein the encrypting the plurality of data blocks according to the plurality of source important information respectively comprises:
Obtaining source importance level information of each part of data in the first data information according to a plurality of source importance information;
setting optimization constraint conditions, and constructing an optimization space according to the optimization constraint conditions, wherein the optimization constraint conditions comprise: decrypting a read speed constraint, an encrypting speed constraint and a read time constraint;
respectively scoring the encryption importance complexity of the source importance level information to different degrees, and taking the scores as optimization parameters;
in the optimization space, performing iterative optimization on the encryption schemes of the data blocks by using the optimization parameters to obtain an optimal encryption scheme;
and encrypting the plurality of data blocks by adopting the optimal encryption scheme to obtain a plurality of encrypted information.
5. The method according to claim 1, wherein said using the plurality of encryption information to communicate the plurality of data blocks respectively within the first distributed database comprises:
adding the plurality of encrypted information into the data streams of the plurality of data blocks respectively;
transmitting the processed data stream in the first distributed database;
And after the data transmission is finished, destroying the encrypted information.
6. A distributed database node secure communication system, the system comprising:
the first obtaining unit is configured to obtain first data information, where the first data information needs to be transmitted in a communication manner in distributed nodes in a first distributed database;
the first processing unit is used for performing source tracing analysis on each part of data in the first data information to obtain a plurality of source information;
the second processing unit is used for carrying out source importance analysis on the source information to obtain source important information;
a third processing unit, configured to perform data blocking on the first data information according to the source important information to obtain a plurality of data blocks;
a fourth processing unit, configured to encrypt, according to the source important information, the data blocks to obtain encrypted information;
a first execution unit, configured to perform communication transmission on the multiple data blocks in the first distributed database respectively by using the multiple pieces of encryption information;
wherein, the second processing unit performs source importance analysis on a plurality of source information, including:
A first constructing unit, configured to construct, according to multiple data sources of multiple distributed nodes in the first distributed database, important information spaces of the multiple data sources;
a fourth obtaining unit, configured to obtain the portions of data and a plurality of source hash values according to the first data information;
a fifth obtaining unit, configured to perform source tracing analysis on the sources of the data of each part according to the multiple source hash values, so as to obtain first type source information and second type source information;
a sixth processing unit, configured to input the first type of source information and the second type of source information into the important information space, and obtain first type of important information and second type of important information;
a seventh processing unit, configured to perform mapping association according to the first type of important information, the second type of important information, and the part data to obtain a plurality of source important information of the part data;
the first constructing unit constructs an important information space of a plurality of data sources according to the plurality of data sources of the plurality of distributed nodes in the first distributed database, and the constructing unit comprises the following steps:
an eighth processing unit for setting a first history time period;
A sixth obtaining unit, configured to collect problems that occur when the plurality of distributed nodes perform data transmission on data from multiple data sources within the first historical time period, and obtain a plurality of historical problem sets, where the historical problem sets include problem frequency information and problem scale information;
the second construction unit is used for constructing an important space coordinate system by using the problem frequency information and the problem scale information as coordinate axes;
a seventh obtaining unit, configured to input the plurality of historical problem sets into the important spatial coordinate system, and obtain a plurality of mapping points;
a ninth processing unit, configured to cluster the mapping points to obtain a plurality of clustering results, where the plurality of clustering results include a first-class clustering result and a second-class clustering result;
a tenth processing unit, configured to set a plurality of corresponding important information according to the problem frequency level and the problem scale level in the plurality of clustering results;
and the third construction unit is used for constructing the important information space according to the clustering results and the important information.
7. A distributed database node secure communication system, comprising: a processor coupled to a memory for storing a program that, when executed by the processor, causes a system to perform the steps of the method of any of claims 1 to 5.
8. A computer-readable storage medium, characterized in that the storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 5.
CN202210352713.9A 2022-04-06 2022-04-06 Distributed database node secure communication method and system Active CN114430351B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210352713.9A CN114430351B (en) 2022-04-06 2022-04-06 Distributed database node secure communication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210352713.9A CN114430351B (en) 2022-04-06 2022-04-06 Distributed database node secure communication method and system

Publications (2)

Publication Number Publication Date
CN114430351A CN114430351A (en) 2022-05-03
CN114430351B true CN114430351B (en) 2022-06-14

Family

ID=81314313

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210352713.9A Active CN114430351B (en) 2022-04-06 2022-04-06 Distributed database node secure communication method and system

Country Status (1)

Country Link
CN (1) CN114430351B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111934990A (en) * 2020-09-25 2020-11-13 支付宝(杭州)信息技术有限公司 Message transmission method and device
CN112084224A (en) * 2020-09-03 2020-12-15 北京锐安科技有限公司 Data management method, system, device and medium
CN112765137A (en) * 2021-04-07 2021-05-07 暗链科技(深圳)有限公司 Block synchronization method based on block distributed block chain and electronic equipment

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103246653B (en) * 2012-02-03 2017-07-28 腾讯科技(深圳)有限公司 Data processing method and device
CN103699660B (en) * 2013-12-26 2016-10-12 清华大学 A kind of method of large scale network stream data caching write
CN105069365A (en) * 2015-06-30 2015-11-18 广东欧珀移动通信有限公司 Data processing method and mobile terminal
CN107979584B (en) * 2016-11-22 2019-08-13 南京银链信息科技有限公司 Block chain information hierarchical sharing method and system
US10924548B1 (en) * 2018-03-15 2021-02-16 Pure Storage, Inc. Symmetric storage using a cloud-based storage system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112084224A (en) * 2020-09-03 2020-12-15 北京锐安科技有限公司 Data management method, system, device and medium
CN111934990A (en) * 2020-09-25 2020-11-13 支付宝(杭州)信息技术有限公司 Message transmission method and device
CN112765137A (en) * 2021-04-07 2021-05-07 暗链科技(深圳)有限公司 Block synchronization method based on block distributed block chain and electronic equipment

Also Published As

Publication number Publication date
CN114430351A (en) 2022-05-03

Similar Documents

Publication Publication Date Title
US10452998B2 (en) Cognitive blockchain automation and management
US11176277B2 (en) Automatic generating analytics from blockchain data
JP7304118B2 (en) Secure, consensual endorsements for self-monitoring blockchains
CN109947740B (en) Performance optimization method and device of block chain system
CN110348238B (en) Privacy protection grading method and device for application
CN112039702B (en) Model parameter training method and device based on federal learning and mutual learning
CN110110160A (en) Determine the method and device of data exception
CN114884697B (en) Data encryption and decryption method and related equipment based on cryptographic algorithm
CN114723014A (en) Tensor segmentation mode determination method and device, computer equipment and medium
CN110599278B (en) Method, apparatus, and computer storage medium for aggregating device identifiers
Nagaraja et al. Distribution‐free Approximate Methods for Constructing Confidence Intervals for Quantiles
CN114430351B (en) Distributed database node secure communication method and system
CN111832059B (en) Space big data management method and system based on cloud service
EP4170534A1 (en) System and method for enabling differential privacy techniques
CN114584374B (en) Big data privacy sharing safety protection system and method based on blockchain
CN115718927A (en) Difference privacy mixed recommendation method based on untrusted server
CN115834054A (en) Multilevel key level management method and device
CN113283677B (en) Index data processing method, device, equipment and storage medium
CN114996503A (en) Node positioning method and device
CN115099875A (en) Data classification method based on decision tree model and related equipment
CN109726589B (en) Crowd-sourcing cloud environment-oriented private data access method
CN113988670A (en) Comprehensive enterprise credit risk early warning method and system
CN112488141B (en) Method and device for determining application range of Internet of things card and computer readable storage medium
CN116414875A (en) Data processing apparatus and data processing method
CN113779335A (en) Information generation method and device, electronic equipment and computer readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant