CN115001784A - Data storage method and device, electronic equipment and computer readable storage medium - Google Patents
Data storage method and device, electronic equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN115001784A CN115001784A CN202210588728.5A CN202210588728A CN115001784A CN 115001784 A CN115001784 A CN 115001784A CN 202210588728 A CN202210588728 A CN 202210588728A CN 115001784 A CN115001784 A CN 115001784A
- Authority
- CN
- China
- Prior art keywords
- data
- desensitization
- key
- local data
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000013500 data storage Methods 0.000 title claims abstract description 42
- 238000000586 desensitisation Methods 0.000 claims abstract description 169
- 238000004422 calculation algorithm Methods 0.000 claims description 73
- 238000004590 computer program Methods 0.000 claims description 9
- 238000006243 chemical reaction Methods 0.000 claims description 8
- 238000013507 mapping Methods 0.000 claims description 6
- 230000011218 segmentation Effects 0.000 claims description 3
- 238000012163 sequencing technique Methods 0.000 claims description 3
- 238000005215 recombination Methods 0.000 claims description 2
- 230000006798 recombination Effects 0.000 claims description 2
- 239000000126 substance Substances 0.000 claims 1
- 238000012545 processing Methods 0.000 abstract description 7
- 238000005516 engineering process Methods 0.000 abstract description 4
- 230000006870 function Effects 0.000 description 9
- 238000013515 script Methods 0.000 description 6
- 238000007726 management method Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000013473 artificial intelligence Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a data processing technology, and discloses a data storage method, which comprises the following steps: desensitizing the local user data according to the type of the local user data to obtain desensitization data, randomly recombining the desensitization data to obtain recombined desensitization data, performing a first encryption operation on the recombined desensitization data to obtain a first encrypted ciphertext, sending the first encrypted ciphertext to a preset server, receiving a second encrypted ciphertext and a corresponding key, which are returned by the server, generated after a second encryption operation is performed on the first encrypted ciphertext, splitting the key into a main key segment and an auxiliary key segment, storing the auxiliary key segment and the second encrypted ciphertext in a locally preset block chain, and sending the main key segment to the server for storage. The invention also provides a data storage device, equipment and a medium. The invention can improve the safety of data storage.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a data storage method and apparatus, an electronic device, and a computer-readable storage medium.
Background
With the increasing popularity of mobile terminals such as mobile phones, a large number of terminals APPs with different functions are emerging at present, and when a user uses various terminal APPs, the user often needs to output personal user data, which contains some sensitive data, such as information of user name, identity card number, home address, bank card number, and the like. The user data can be usually stored in the local end of the user mobile phone terminal, and the user local data can be directly obtained by other terminals APP, so that certain potential safety hazards exist.
Aiming at the problem that potential safety hazards exist in the storage of personal data of a user at a local end, the APP on a local terminal of the user is authorized in a mode which is frequently adopted at present, and the operation of obtaining the local data of the user by the APP is limited or allowed through authorization. However, there is a certain vulnerability in this way, for example, the user forgets to authorize the APP in time, or the user does not find the newly installed APP, or the malicious APP bypasses the user authorization to directly obtain the user local data, and therefore the problem of secure storage of the user local data is urgently to be solved.
Disclosure of Invention
The invention provides a data storage method, a data storage device, electronic equipment and a computer readable storage medium, and mainly aims to improve the safety of data storage.
In order to achieve the above object, the present invention provides a data storage method, including:
acquiring user local data and identifying the type of the user local data;
according to the type of the user local data, a desensitization algorithm matched with the type of the user local data is selected from a preset desensitization algorithm library to desensitize the user local data to obtain desensitization data;
randomly recombining the desensitization data to obtain recombined desensitization data, executing a first encryption operation on the recombined desensitization data to obtain a first encryption ciphertext, and sending the first encryption ciphertext to a preset server;
and receiving a second encrypted ciphertext and a corresponding key, which are generated after the second encryption operation is performed on the first encrypted ciphertext and returned by the server, splitting the key into a main key section and an auxiliary key section, storing the auxiliary key section and the second encrypted ciphertext into a locally preset block chain, and sending the main key section to the server side for storage.
Optionally, the identifying the type of the user local data includes:
executing binary conversion operation on the file corresponding to the user local data to obtain a byte stream corresponding to each user local data;
identifying a file type corresponding to each user local data according to a byte stream corresponding to each user local data;
and according to the preset mapping relation between the user local data type label and the file type, taking the type label matched with the file type of the user local data as the type of the user local data.
Optionally, the desensitization algorithm that is selected from a preset desensitization algorithm library according to the type of the user local data and is matched with the type of the user local data is used for desensitizing the user local data to obtain desensitization data, and the desensitization data includes:
obtaining the score of each desensitization algorithm in the preset desensitization algorithm library;
selecting desensitization algorithms matched with the types of the local data of the users from the preset desensitization algorithm library to form an optional desensitization algorithm set by using a mapping table of preset desensitization algorithms and data types;
selecting the desensitization algorithm with the highest score from the set of selectable desensitization algorithms as a target desensitization algorithm according to the score of each desensitization algorithm;
desensitizing the local data of the user by using the target desensitization algorithm to obtain desensitization data.
Optionally, the randomly recombining the desensitization data to obtain recombined desensitization data includes:
carrying out random segmentation operation on the desensitization data to obtain a desensitization data segment;
generating a position index for each of the desensitization data segments in the desensitization data;
superposing the position labels to the corresponding desensitization data segments to obtain desensitization data segments containing position information;
and randomly sequencing all desensitization data sections containing the position information to obtain recombined desensitization data.
Optionally, the generating a position index of each desensitization data segment in the desensitization data includes:
acquiring the original position sequence of each desensitization data segment in the desensitization data;
and sequentially carrying out coding conversion on the original position sequence by using a preset coding machine to obtain the position label of each desensitization data segment in the desensitization data.
Optionally, the splitting, by the root, the key into a master key segment and a slave key segment includes:
randomly cutting off the secret key to generate a preset number of secret key sections;
and randomly selecting the key segments from the preset number of key segments as main key segments, and using other key segments as auxiliary key segments.
Optionally, after the storing the secondary key segment into a locally preset blockchain and the sending the primary key segment to the server for storage, the method further includes:
when an instruction of a user for inquiring local data of the user is received, a second encrypted ciphertext corresponding to the local data of the user and a corresponding auxiliary key section are obtained;
acquiring an authentication certificate corresponding to a terminal where the user is located, and sending the authentication certificate to the server side;
receiving a main key segment corresponding to the second encrypted ciphertext returned by the server terminal after the authentication credential passes;
decrypting the second encrypted ciphertext according to the auxiliary key segment and the main key segment to obtain a plaintext corresponding to the second encrypted ciphertext;
and reordering the plaintext corresponding to the second encrypted ciphertext according to a preset encoding rule, and displaying the reordered plaintext to the user.
In order to solve the above problems, the present invention also provides a data storage device, comprising:
the local data desensitization module is used for acquiring user local data, identifying the type of the user local data, and selecting a desensitization algorithm matched with the type of the user local data from a preset desensitization algorithm library to desensitize the user local data according to the type of the user local data to obtain desensitization data;
the recombination encryption module is used for randomly recombining the desensitization data to obtain recombined desensitization data, executing a first encryption operation on the recombined desensitization data to obtain a first encryption ciphertext, and sending the first encryption ciphertext to a preset server;
and the key splitting and storing module is used for receiving a second encrypted ciphertext and a corresponding key which are generated after the second encryption operation is performed on the first encrypted ciphertext and returned by the server, splitting the key into a main key section and an auxiliary key section, storing the auxiliary key section and the second encrypted ciphertext into a locally preset block chain, and sending the main key section to the server side for storage.
In order to solve the above problem, the present invention also provides an electronic device, including:
a memory storing at least one computer program; and
and the processor executes the program stored in the memory to realize the data storage method.
In order to solve the above problem, the present invention also provides a computer-readable storage medium, in which at least one computer program is stored, the at least one computer program being executed by a processor in an electronic device to implement the data storage method described above.
The embodiment of the invention desensitizes the local data of the user and randomly recombines the desensitized data to form a first safety protection on the local data of the user, further performs a first encryption operation on the recombined desensitized data, sends the obtained first encryption ciphertext to a preset server to perform a second encryption operation to obtain a second encryption ciphertext and a related key, stores the second encryption ciphertext in a locally preset block chain, splits the key, stores an auxiliary key section in the local end, and stores a main key section in the server end, so that an attacker cannot obtain all keys when the local network is attacked, further cannot crack the local data of the user, reduces the risk of storing the local data of the user, and improves the safety of storing the local data of the user.
Drawings
Fig. 1 is a schematic flow chart of a data storage method according to an embodiment of the present invention;
fig. 2 is a schematic detailed implementation flowchart of one step in the data storage method according to an embodiment of the present invention;
fig. 3 is a schematic detailed implementation flowchart of one step in the data storage method according to an embodiment of the present invention;
fig. 4 is a schematic detailed implementation flowchart of one step in the data storage method according to an embodiment of the present invention;
FIG. 5 is a functional block diagram of a data storage device according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device implementing the data storage method according to an embodiment of the present invention.
The implementation, functional features and advantages of the present invention will be further described with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The embodiment of the application provides a data storage method. The execution subject of the data storage method includes, but is not limited to, at least one of electronic devices such as a server and a terminal that can be configured to execute the method provided by the embodiments of the present application. In other words, the data storage method may be performed by software installed in a terminal device or a server device, or hardware, and the software may be a block chain platform. The server side can be an independent server, and can also be a cloud server providing basic cloud computing services such as cloud service, a cloud database, cloud computing, cloud functions, cloud storage, Network service, cloud communication, middleware service, domain name service, security service, Content Delivery Network (CDN), big data and an artificial intelligence platform.
Fig. 1 is a schematic flow chart of a data storage method according to an embodiment of the present invention.
In this embodiment, the data storage method includes:
s1, obtaining user local data, and identifying the type of the user local data;
in the embodiment of the invention, the user local data refers to data which is generated by a user in the process of using the mobile terminal and relates to personal privacy. For example, a user opens an APP on a mobile phone, and inputs information data such as his/her name, id card number, mobile phone number, bank card number, and home address, or data such as a photo and video uploaded through the APP.
It will be appreciated that the user local data may be a video, a picture or a series of numerical or textual information;
in the embodiment of the invention, the user local data can be captured from the APP operation interface used by the user by using the Python script with the data capturing function.
In detail, referring to fig. 2, the identifying the type of the user local data includes:
s11, binary conversion operation is carried out on the file corresponding to the user local data, and a byte stream corresponding to each user local data is obtained;
s12, identifying the file type corresponding to each user local data according to the byte stream corresponding to each user local data;
s13, according to the mapping relation between the preset user local data type label and the file type, taking the type label matched with the file type of the user local data as the type of the user local data.
It is understood that the user local data exists in the form of a file, the video data corresponds to an flv video file or a swf video file, the picture data corresponds to a gif file or a jpg file, and the text data corresponds to a txt file or an xls file. All data files are stored in the form of binary digits when being stored. And then, the file type corresponding to each user local data can be identified by using the characteristics of the binary byte stream corresponding to the data file.
For example, judging the file type according to the first two bytes of the byte stream corresponding to each piece of user local data can prevent the situation that the file type cannot be identified after the extension of the data file is changed when the file type is judged according to the extension of the data file. For example, the file type with the value 7076 corresponding to the first two bytes of the byte stream is flv video file, and the file type with the value 7173 is gif file.
In the embodiment of the present invention, the preset local data type tag of the user may be a video tag, an image tag, a text tag, or the like, or may also be a multimedia tag, a file data tag, a database data tag, or the like, and may be set according to an actual situation.
S2, according to the type of the user local data, a desensitization algorithm matched with the type of the user local data is selected from a preset desensitization algorithm library to desensitize the user local data to obtain desensitization data;
in the embodiment of the present invention, the preset desensitization algorithm library refers to a set of desensitization scripts corresponding to a plurality of preset desensitization algorithms, and for example, the desensitization algorithm library may include a replacement script that replaces an original value with a random value or an average value, a desensitization script that shields the original value with a special symbol, a disorder script that randomly arranges original data symbols with a random method, or an encryption script that symmetrically encrypts original data.
It is understood that different desensitization algorithms are advantageous for specific data types, and not all types of data are applicable, and therefore, the embodiment of the present invention requires to filter the algorithms in the preset desensitization database according to the type of the user local data to obtain a better desensitization algorithm.
In detail, referring to fig. 3, the S2 includes:
s21, obtaining the score of each desensitization algorithm in the preset desensitization algorithm library;
s21, selecting desensitization algorithms matched with the types of the local data of the users from the preset desensitization algorithm library to form an optional desensitization algorithm set by using a preset desensitization algorithm and data type mapping table;
s23, selecting the desensitization algorithm with the highest score from the selectable desensitization algorithm set as a target desensitization algorithm according to the score of each desensitization algorithm;
and S24, desensitizing the local user data by using the target desensitization algorithm to obtain desensitization data.
In the embodiment of the invention, each desensitization algorithm can be scored according to angles such as processing efficiency, memory consumption and the width of an application range of the desensitization algorithm.
In another optional embodiment of the present invention, a desensitization algorithm may be randomly selected as a target desensitization algorithm by using a random method according to the set of optional desensitization algorithms.
S3, randomly recombining the desensitization data to obtain recombined desensitization data, performing a first encryption operation on the recombined desensitization data to obtain a first encryption ciphertext, and sending the first encryption ciphertext to a preset server;
in the embodiment of the invention, safety protection can be further provided for the desensitization data by randomly recombining the desensitization data, and the obtained disordered plain text is obtained when the desensitization data is decrypted.
In this embodiment of the present invention, the first encryption operation may be performed by using any one of symmetric encryption and asymmetric encryption algorithms, for example, a digital signature, an MD5 algorithm, an HMAC algorithm, a DES algorithm, an AES algorithm, an RSA algorithm, and the like.
In the embodiment of the present invention, the preset server may be a server corresponding to the APP that is practical for the user.
In detail, referring to fig. 4, the randomly recombining the desensitization data to obtain recombined desensitization data includes:
s31, carrying out random segmentation operation on the desensitization data to obtain a desensitization data segment;
s32, generating a position label of each desensitization data segment in the desensitization data;
s33, superimposing the position labels on the corresponding desensitization data segments to obtain desensitization data segments containing position information;
and S34, randomly sequencing all desensitization data segments containing the position information to obtain recombined desensitization data.
In the embodiment of the present invention, the position number may be a symbol obtained by encoding a natural sequence, and does not directly indicate the sequence of the position sequence, for example, the position number may be a symbol such as X, M, L, or the like. The position numbers may be converted into corresponding actual position sequence information according to a preset code conversion rule.
In detail, the generating of the position index of each desensitization data segment in the desensitization data includes: acquiring the original position sequence of each desensitization data segment in the desensitization data; and sequentially carrying out coding conversion on the original position sequence by using a preset coding machine to obtain the position label of each desensitization data segment in the desensitization data.
In the embodiment of the invention, when the desensitization data is decrypted, the obtained disordered plaintext is further rearranged by using a preset code conversion rule, so that the real content of the desensitization data can be recovered.
In the embodiment of the invention, the first encryption operation is performed on the desensitization data, so that the desensitization data can be prevented from being stolen in the process of transmitting the desensitization data to the preset server, and the security of the transmission of the desensitization data is improved.
And S4, receiving a second encrypted ciphertext and a corresponding key, which are generated after the second encryption operation is performed on the first encrypted ciphertext and returned by the server, splitting the key into a main key segment and an auxiliary key segment, storing the auxiliary key segment and the second encrypted ciphertext into a locally preset block chain, and sending the main key segment to the server for storage.
In this embodiment of the present invention, the second encryption operation may be performed by using any one of a symmetric encryption algorithm and an asymmetric encryption algorithm.
In detail, the splitting the key into a master key segment and a slave key segment includes: randomly cutting off the secret key to generate a preset number of secret key sections; and randomly selecting the key segments from the preset number of key segments as main key segments, and using other key segments as auxiliary key segments.
In the embodiment of the present invention, the second encrypted ciphertext may be stored in a preset block chain by using the characteristic of block chain addressing, and the sub key segment corresponding to the second encrypted ciphertext is stored in the first block linked to the preset block chain.
Further, after the storing the secondary key segment into a locally preset blockchain and the sending the primary key segment to the server for storage, the method further includes: acquiring an authentication certificate corresponding to a terminal where the user is located, and sending the authentication certificate to the server side; receiving a main key segment corresponding to the second encrypted ciphertext returned by the server terminal after the authentication credential passes; decrypting the second encrypted ciphertext according to the auxiliary key segment and the main key segment to obtain a plaintext corresponding to the second encrypted ciphertext; and reordering the plaintext corresponding to the second encrypted ciphertext according to a preset encoding rule, and displaying the reordered plaintext to the user.
The embodiment of the invention desensitizes the local data of the user and randomly recombines the desensitized data to form a first safety protection for the local data of the user, further, performs a first encryption operation on the recombined desensitized data, sends the obtained first encrypted ciphertext to a preset server to perform a second encryption operation to obtain a second encrypted ciphertext and a related key, stores the second encrypted ciphertext in a local preset block chain, and simultaneously splits the key, stores an auxiliary key segment at a local end, and stores a main key segment at the server end, so that an attacker can not obtain all keys when the local network attacks occur, and can not crack the local data of the user, thereby reducing the risk of storing the local data of the user and improving the safety of storing the local data of the user.
Fig. 5 is a functional block diagram of a data storage device according to an embodiment of the present invention.
The data storage device 100 of the present invention may be installed in an electronic device. According to the implemented functions, the data storage device 100 may include a local data desensitization module 101, a reassembly encryption module 102, and a key splitting storage module 103. The module of the present invention, which may also be referred to as a unit, refers to a series of computer program segments that can be executed by a processor of an electronic device and that can perform a fixed function, and that are stored in a memory of the electronic device.
In the present embodiment, the functions regarding the respective modules/units are as follows:
the local data desensitization module 101 is configured to acquire user local data, identify a type of the user local data, and select a desensitization algorithm matching the type of the user local data from a preset desensitization algorithm library according to the type of the user local data to desensitize the user local data to obtain desensitization data;
the restructuring encryption module 102 is configured to randomly restructure the desensitization data to obtain restructured desensitization data, perform a first encryption operation on the restructured desensitization data to obtain a first encryption ciphertext, and send the first encryption ciphertext to a preset server;
the key splitting and storing module 103 is configured to receive a second encrypted ciphertext and a corresponding key, which are generated after the server performs a second encryption operation on the first encrypted ciphertext, split the key into a main key segment and an auxiliary key segment, store the auxiliary key segment and the second encrypted ciphertext in a locally preset block chain, and send the main key segment to the server for storage.
In detail, when the modules in the data storage device 100 according to the embodiment of the present invention are used, the same technical means as the data storage method described in fig. 1 to fig. 4 are adopted, and the same technical effects can be produced, which is not described herein again.
Fig. 6 is a schematic structural diagram of an electronic device for implementing a data storage method according to an embodiment of the present invention.
The electronic device 1 may comprise a processor 10, a memory 11 and a bus, and may further comprise a computer program, such as a data storage program, stored in the memory 11 and executable on the processor 10.
The memory 11 includes at least one type of readable storage medium, which includes flash memory, removable hard disk, multimedia card, card-type memory (e.g., SD or DX memory, etc.), magnetic memory, magnetic disk, optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device 1, such as a removable hard disk of the electronic device 1. The memory 11 may also be an external storage device of the electronic device 1 in other embodiments, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the electronic device 1. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device 1. The memory 11 may be used not only to store application software installed in the electronic device 1 and various types of data, such as codes of a data storage program, but also to temporarily store data that has been output or is to be output.
The processor 10 may be composed of an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be composed of a plurality of integrated circuits packaged with the same or different functions, including one or more Central Processing Units (CPUs), microprocessors, digital Processing chips, graphics processors, and combinations of various control chips. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects various components of the electronic device by using various interfaces and lines, and executes various functions and processes data of the electronic device 1 by running or executing programs or modules (e.g., data storage programs and the like) stored in the memory 11 and calling data stored in the memory 11.
The bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. The bus is arranged to enable connection communication between the memory 11 and at least one processor 10 or the like.
Fig. 6 only shows an electronic device with components, and it will be understood by a person skilled in the art that the structure shown in fig. 6 does not constitute a limitation of the electronic device 1, and may comprise fewer or more components than shown, or a combination of certain components, or a different arrangement of components.
For example, although not shown, the electronic device 1 may further include a power supply (such as a battery) for supplying power to each component, and preferably, the power supply may be logically connected to the at least one processor 10 through a power management device, so as to implement functions of charge management, discharge management, power consumption management, and the like through the power management device. The power supply may also include any component of one or more dc or ac power sources, recharging devices, power failure detection circuitry, power converters or inverters, power status indicators, and the like. The electronic device 1 may further include various sensors, a bluetooth module, a Wi-Fi module, and the like, which are not described herein again.
Further, the electronic device 1 may further include a network interface, and optionally, the network interface may include a wired interface and/or a wireless interface (such as a WI-FI interface, a bluetooth interface, etc.), which are generally used to establish a communication connection between the electronic device 1 and another electronic device.
Optionally, the electronic device 1 may further comprise a user interface, which may be a Display (Display), an input unit (such as a Keyboard), and optionally a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable for displaying information processed in the electronic device 1 and for displaying a visualized user interface, among other things.
It is to be understood that the described embodiments are for purposes of illustration only and that the scope of the appended claims is not limited to such structures.
The data storage program stored in the memory 11 of the electronic device 1 is a combination of instructions, which when executed in the processor 10, can implement:
acquiring user local data and identifying the type of the user local data;
according to the type of the user local data, a desensitization algorithm matched with the type of the user local data is selected from a preset desensitization algorithm library to desensitize the user local data to obtain desensitization data;
randomly recombining the desensitization data to obtain recombined desensitization data, executing a first encryption operation on the recombined desensitization data to obtain a first encryption ciphertext, and sending the first encryption ciphertext to a preset server;
and receiving a second encrypted ciphertext and a corresponding key, which are generated after the second encryption operation is performed on the first encrypted ciphertext and returned by the server, splitting the key into a main key section and an auxiliary key section, storing the auxiliary key section and the second encrypted ciphertext into a locally preset block chain, and sending the main key section to the server side for storage.
Further, the integrated modules/units of the electronic device 1, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. The computer readable storage medium may be volatile or non-volatile. For example, the computer-readable medium may include: any entity or device capable of carrying said computer program code, recording medium, U-disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM).
The present invention also provides a computer-readable storage medium, storing a computer program which, when executed by a processor of an electronic device, may implement:
acquiring user local data and identifying the type of the user local data;
according to the type of the user local data, a desensitization algorithm matched with the type of the user local data is selected from a preset desensitization algorithm library to desensitize the user local data to obtain desensitization data;
randomly recombining the desensitization data to obtain recombined desensitization data, executing a first encryption operation on the recombined desensitization data to obtain a first encryption ciphertext, and sending the first encryption ciphertext to a preset server;
and receiving a second encrypted ciphertext and a corresponding key, which are generated after the second encryption operation is performed on the first encrypted ciphertext and returned by the server, splitting the key into a main key section and an auxiliary key section, storing the auxiliary key section and the second encrypted ciphertext into a locally preset block chain, and sending the main key section to the server side for storage.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method can be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof.
The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a string of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, which is used for verifying the validity (anti-counterfeiting) of the information and generating a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
The embodiment of the application can acquire and process related data based on a data processing technology. Among them, Artificial Intelligence (AI) is a theory, method, technique and application system that simulates, extends and expands human Intelligence using a digital computer or a machine controlled by a digital computer, senses the environment, acquires knowledge and uses the knowledge to obtain the best result.
Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the system claims may also be implemented by one unit or means in software or hardware. The terms second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.
Claims (10)
1. A method of data storage, the method comprising:
acquiring user local data and identifying the type of the user local data;
according to the type of the user local data, a desensitization algorithm matched with the type of the user local data is selected from a preset desensitization algorithm library to desensitize the user local data to obtain desensitization data;
randomly recombining the desensitization data to obtain recombined desensitization data, performing a first encryption operation on the recombined desensitization data to obtain a first encryption ciphertext, and sending the first encryption ciphertext to a preset server;
and receiving a second encrypted ciphertext and a corresponding key, which are generated after the second encryption operation is performed on the first encrypted ciphertext and returned by the server, splitting the key into a main key section and an auxiliary key section, storing the auxiliary key section and the second encrypted ciphertext into a locally preset block chain, and sending the main key section to the server side for storage.
2. The data storage method of claim 1, wherein said identifying the type of the user local data comprises:
executing binary conversion operation on the file corresponding to the user local data to obtain a byte stream corresponding to each user local data;
identifying a file type corresponding to each user local data according to a byte stream corresponding to each user local data;
and according to the preset mapping relation between the user local data type label and the file type, taking the type label matched with the file type of the user local data as the type of the user local data.
3. The data storage method of claim 1, wherein the selecting, according to the type of the user local data, a desensitization algorithm matching the type of the user local data from a preset desensitization algorithm library to desensitize the user local data to obtain desensitization data comprises:
obtaining the score of each desensitization algorithm in the preset desensitization algorithm library;
selecting desensitization algorithms matched with the types of the local data of the users from the preset desensitization algorithm library to form an optional desensitization algorithm set by using a mapping table of preset desensitization algorithms and data types;
selecting the desensitization algorithm with the highest score from the set of selectable desensitization algorithms as a target desensitization algorithm according to the score of each desensitization algorithm;
desensitizing the local data of the user by using the target desensitization algorithm to obtain desensitization data.
4. The data storage method of claim 1, wherein said randomly recombining said desensitization data to obtain recombined desensitization data comprises:
carrying out random segmentation operation on the desensitization data to obtain a desensitization data segment;
generating a position index for each of the desensitization data segments in the desensitization data;
superposing the position labels to the corresponding desensitization data segments to obtain desensitization data segments containing position information;
and randomly sequencing all desensitization data sections containing the position information to obtain recombined desensitization data.
5. The data storage method of claim 4, wherein said generating a position index for each said desensitization data segment in said desensitization data comprises:
acquiring the original position sequence of each desensitization data segment in the desensitization data;
and sequentially carrying out coding conversion on the original position sequence by using a preset coding machine to obtain the position label of each desensitization data segment in the desensitization data.
6. The data storage method of claim 1, wherein the root splits the key into a primary key segment and a secondary key segment, comprising:
randomly cutting off the secret key to generate a preset number of secret key sections;
and randomly selecting the key segments from the preset number of key segments as main key segments, and using other key segments as auxiliary key segments.
7. The data storage method according to any one of claims 1 to 6, wherein after storing the secondary key segment into a locally preset blockchain and sending the primary key segment to the server for storage, the method further comprises:
when an instruction of a user for inquiring local data of the user is received, a second encrypted ciphertext corresponding to the local data of the user and a corresponding auxiliary key section are obtained;
acquiring an authentication certificate corresponding to a terminal where the user is located, and sending the authentication certificate to the server side;
receiving a main key segment corresponding to the second encrypted ciphertext returned by the server terminal after the authentication credential passes;
decrypting the second encrypted ciphertext according to the auxiliary key segment and the main key segment to obtain a plaintext corresponding to the second encrypted ciphertext;
and reordering the plaintext corresponding to the second encrypted ciphertext according to a preset encoding rule, and displaying the reordered plaintext to the user.
8. A data storage device, the device comprising:
the local data desensitization module is used for acquiring user local data, identifying the type of the user local data, and selecting a desensitization algorithm matched with the type of the user local data from a preset desensitization algorithm library to desensitize the user local data according to the type of the user local data to obtain desensitization data;
the recombination encryption module is used for randomly recombining the desensitization data to obtain recombined desensitization data, executing a first encryption operation on the recombined desensitization data to obtain a first encryption ciphertext, and sending the first encryption ciphertext to a preset server;
and the key splitting and storing module is used for receiving a second encrypted ciphertext and a corresponding key which are generated after the second encryption operation is performed on the first encrypted ciphertext and returned by the server, splitting the key into a main key section and an auxiliary key section, storing the auxiliary key section and the second encrypted ciphertext into a locally preset block chain, and sending the main key section to the server side for storage.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and (c) a second step of,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores a computer program executable by the at least one processor, the instructions being executable by the at least one processor to enable the at least one processor to perform a data storage method as claimed in any one of claims 1 to 7.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out a data storage method according to any one of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210588728.5A CN115001784B (en) | 2022-05-26 | Data storage method, device, electronic equipment and computer readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210588728.5A CN115001784B (en) | 2022-05-26 | Data storage method, device, electronic equipment and computer readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115001784A true CN115001784A (en) | 2022-09-02 |
CN115001784B CN115001784B (en) | 2024-05-28 |
Family
ID=
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115529192A (en) * | 2022-10-25 | 2022-12-27 | 武汉天翌数据科技发展有限公司 | Method, device, equipment and storage medium for secure transmission of network data |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106649587A (en) * | 2016-11-17 | 2017-05-10 | 国家电网公司 | High-security desensitization method based on big data information system |
JP2018032908A (en) * | 2016-08-22 | 2018-03-01 | 日本電気株式会社 | Information transmission method, information processing method, program, decoding method, and program |
CN109492432A (en) * | 2018-11-08 | 2019-03-19 | 安徽太阳石科技有限公司 | Real time data safety protecting method and system based on block chain |
CN111934872A (en) * | 2020-10-12 | 2020-11-13 | 百度在线网络技术(北京)有限公司 | Key processing method, device, electronic equipment and storage medium |
CN112487455A (en) * | 2020-12-03 | 2021-03-12 | 珠海格力电器股份有限公司 | Data processing method and device and data interaction system |
CN113127915A (en) * | 2021-05-12 | 2021-07-16 | 平安信托有限责任公司 | Data encryption desensitization method and device, electronic equipment and storage medium |
CN114036546A (en) * | 2021-11-17 | 2022-02-11 | 平安普惠企业管理有限公司 | Identity verification method and device based on mobile phone number, computer equipment and medium |
CN114401132A (en) * | 2022-01-13 | 2022-04-26 | 平安普惠企业管理有限公司 | Data encryption method, device, equipment and storage medium |
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2018032908A (en) * | 2016-08-22 | 2018-03-01 | 日本電気株式会社 | Information transmission method, information processing method, program, decoding method, and program |
CN106649587A (en) * | 2016-11-17 | 2017-05-10 | 国家电网公司 | High-security desensitization method based on big data information system |
CN109492432A (en) * | 2018-11-08 | 2019-03-19 | 安徽太阳石科技有限公司 | Real time data safety protecting method and system based on block chain |
CN111934872A (en) * | 2020-10-12 | 2020-11-13 | 百度在线网络技术(北京)有限公司 | Key processing method, device, electronic equipment and storage medium |
CN112487455A (en) * | 2020-12-03 | 2021-03-12 | 珠海格力电器股份有限公司 | Data processing method and device and data interaction system |
CN113127915A (en) * | 2021-05-12 | 2021-07-16 | 平安信托有限责任公司 | Data encryption desensitization method and device, electronic equipment and storage medium |
CN114036546A (en) * | 2021-11-17 | 2022-02-11 | 平安普惠企业管理有限公司 | Identity verification method and device based on mobile phone number, computer equipment and medium |
CN114401132A (en) * | 2022-01-13 | 2022-04-26 | 平安普惠企业管理有限公司 | Data encryption method, device, equipment and storage medium |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115529192A (en) * | 2022-10-25 | 2022-12-27 | 武汉天翌数据科技发展有限公司 | Method, device, equipment and storage medium for secure transmission of network data |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN113055380B (en) | Message processing method and device, electronic equipment and medium | |
CN114726630B (en) | License-based information security authorization method and device, electronic equipment and medium | |
CN113822675A (en) | Block chain based message processing method, device, equipment and storage medium | |
CN113127915A (en) | Data encryption desensitization method and device, electronic equipment and storage medium | |
CN114760114B (en) | Identity authentication method, device, equipment and medium | |
CN114499859A (en) | Password verification method, device, equipment and storage medium | |
CN110266653B (en) | Authentication method, system and terminal equipment | |
CN114626079A (en) | File viewing method, device, equipment and storage medium based on user permission | |
CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
CN114553532A (en) | Data secure transmission method and device, electronic equipment and storage medium | |
CN117240625B (en) | Tamper-resistant data processing method and device and electronic equipment | |
CN112069479B (en) | Face data calling method and device based on block chain | |
CN110890979B (en) | Automatic deployment method, device, equipment and medium for fort machine | |
CN112862484A (en) | Secure payment method and device based on multi-terminal interaction | |
CN114826725B (en) | Data interaction method, device, equipment and storage medium | |
CN114125158B (en) | Anti-harassment method, device, equipment and storage medium based on trusted telephone | |
CN115001784B (en) | Data storage method, device, electronic equipment and computer readable storage medium | |
CN115001784A (en) | Data storage method and device, electronic equipment and computer readable storage medium | |
CN114095220A (en) | Telephone communication verification method, device, equipment and storage medium | |
CN112150151B (en) | Secure payment method, apparatus, electronic device and storage medium | |
CN115001768A (en) | Data interaction method, device and equipment based on block chain and storage medium | |
CN114091041A (en) | Data transmission method, device, equipment and medium based on embedded equipment | |
CN113918517A (en) | Multi-type file centralized management method, device, equipment and storage medium | |
CN113158218A (en) | Data encryption method and device and data decryption method and device | |
CN113642020B (en) | Dynamic encryption method and device for configuration file, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20240430 Address after: Room 1008, No. 2 Wangyuan Road, Tianhe District, Guangzhou City, Guangdong Province, 510000 (for office only) Applicant after: Guangzhou Zheng High tech Co.,Ltd. Country or region after: China Address before: 518000 Room 201, building A, 1 front Bay Road, Shenzhen Qianhai cooperation zone, Shenzhen, Guangdong Applicant before: PING AN PUHUI ENTERPRISE MANAGEMENT Co.,Ltd. Country or region before: China |
|
GR01 | Patent grant |