CN115001784A - Data storage method and device, electronic equipment and computer readable storage medium - Google Patents

Data storage method and device, electronic equipment and computer readable storage medium Download PDF

Info

Publication number
CN115001784A
CN115001784A CN202210588728.5A CN202210588728A CN115001784A CN 115001784 A CN115001784 A CN 115001784A CN 202210588728 A CN202210588728 A CN 202210588728A CN 115001784 A CN115001784 A CN 115001784A
Authority
CN
China
Prior art keywords
data
desensitization
key
local data
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210588728.5A
Other languages
Chinese (zh)
Other versions
CN115001784B (en
Inventor
陈优优
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Zheng High Tech Co ltd
Original Assignee
Ping An Puhui Enterprise Management Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Puhui Enterprise Management Co Ltd filed Critical Ping An Puhui Enterprise Management Co Ltd
Priority to CN202210588728.5A priority Critical patent/CN115001784B/en
Priority claimed from CN202210588728.5A external-priority patent/CN115001784B/en
Publication of CN115001784A publication Critical patent/CN115001784A/en
Application granted granted Critical
Publication of CN115001784B publication Critical patent/CN115001784B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a data processing technology, and discloses a data storage method, which comprises the following steps: desensitizing the local user data according to the type of the local user data to obtain desensitization data, randomly recombining the desensitization data to obtain recombined desensitization data, performing a first encryption operation on the recombined desensitization data to obtain a first encrypted ciphertext, sending the first encrypted ciphertext to a preset server, receiving a second encrypted ciphertext and a corresponding key, which are returned by the server, generated after a second encryption operation is performed on the first encrypted ciphertext, splitting the key into a main key segment and an auxiliary key segment, storing the auxiliary key segment and the second encrypted ciphertext in a locally preset block chain, and sending the main key segment to the server for storage. The invention also provides a data storage device, equipment and a medium. The invention can improve the safety of data storage.

Description

Data storage method and device, electronic equipment and computer readable storage medium
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a data storage method and apparatus, an electronic device, and a computer-readable storage medium.
Background
With the increasing popularity of mobile terminals such as mobile phones, a large number of terminals APPs with different functions are emerging at present, and when a user uses various terminal APPs, the user often needs to output personal user data, which contains some sensitive data, such as information of user name, identity card number, home address, bank card number, and the like. The user data can be usually stored in the local end of the user mobile phone terminal, and the user local data can be directly obtained by other terminals APP, so that certain potential safety hazards exist.
Aiming at the problem that potential safety hazards exist in the storage of personal data of a user at a local end, the APP on a local terminal of the user is authorized in a mode which is frequently adopted at present, and the operation of obtaining the local data of the user by the APP is limited or allowed through authorization. However, there is a certain vulnerability in this way, for example, the user forgets to authorize the APP in time, or the user does not find the newly installed APP, or the malicious APP bypasses the user authorization to directly obtain the user local data, and therefore the problem of secure storage of the user local data is urgently to be solved.
Disclosure of Invention
The invention provides a data storage method, a data storage device, electronic equipment and a computer readable storage medium, and mainly aims to improve the safety of data storage.
In order to achieve the above object, the present invention provides a data storage method, including:
acquiring user local data and identifying the type of the user local data;
according to the type of the user local data, a desensitization algorithm matched with the type of the user local data is selected from a preset desensitization algorithm library to desensitize the user local data to obtain desensitization data;
randomly recombining the desensitization data to obtain recombined desensitization data, executing a first encryption operation on the recombined desensitization data to obtain a first encryption ciphertext, and sending the first encryption ciphertext to a preset server;
and receiving a second encrypted ciphertext and a corresponding key, which are generated after the second encryption operation is performed on the first encrypted ciphertext and returned by the server, splitting the key into a main key section and an auxiliary key section, storing the auxiliary key section and the second encrypted ciphertext into a locally preset block chain, and sending the main key section to the server side for storage.
Optionally, the identifying the type of the user local data includes:
executing binary conversion operation on the file corresponding to the user local data to obtain a byte stream corresponding to each user local data;
identifying a file type corresponding to each user local data according to a byte stream corresponding to each user local data;
and according to the preset mapping relation between the user local data type label and the file type, taking the type label matched with the file type of the user local data as the type of the user local data.
Optionally, the desensitization algorithm that is selected from a preset desensitization algorithm library according to the type of the user local data and is matched with the type of the user local data is used for desensitizing the user local data to obtain desensitization data, and the desensitization data includes:
obtaining the score of each desensitization algorithm in the preset desensitization algorithm library;
selecting desensitization algorithms matched with the types of the local data of the users from the preset desensitization algorithm library to form an optional desensitization algorithm set by using a mapping table of preset desensitization algorithms and data types;
selecting the desensitization algorithm with the highest score from the set of selectable desensitization algorithms as a target desensitization algorithm according to the score of each desensitization algorithm;
desensitizing the local data of the user by using the target desensitization algorithm to obtain desensitization data.
Optionally, the randomly recombining the desensitization data to obtain recombined desensitization data includes:
carrying out random segmentation operation on the desensitization data to obtain a desensitization data segment;
generating a position index for each of the desensitization data segments in the desensitization data;
superposing the position labels to the corresponding desensitization data segments to obtain desensitization data segments containing position information;
and randomly sequencing all desensitization data sections containing the position information to obtain recombined desensitization data.
Optionally, the generating a position index of each desensitization data segment in the desensitization data includes:
acquiring the original position sequence of each desensitization data segment in the desensitization data;
and sequentially carrying out coding conversion on the original position sequence by using a preset coding machine to obtain the position label of each desensitization data segment in the desensitization data.
Optionally, the splitting, by the root, the key into a master key segment and a slave key segment includes:
randomly cutting off the secret key to generate a preset number of secret key sections;
and randomly selecting the key segments from the preset number of key segments as main key segments, and using other key segments as auxiliary key segments.
Optionally, after the storing the secondary key segment into a locally preset blockchain and the sending the primary key segment to the server for storage, the method further includes:
when an instruction of a user for inquiring local data of the user is received, a second encrypted ciphertext corresponding to the local data of the user and a corresponding auxiliary key section are obtained;
acquiring an authentication certificate corresponding to a terminal where the user is located, and sending the authentication certificate to the server side;
receiving a main key segment corresponding to the second encrypted ciphertext returned by the server terminal after the authentication credential passes;
decrypting the second encrypted ciphertext according to the auxiliary key segment and the main key segment to obtain a plaintext corresponding to the second encrypted ciphertext;
and reordering the plaintext corresponding to the second encrypted ciphertext according to a preset encoding rule, and displaying the reordered plaintext to the user.
In order to solve the above problems, the present invention also provides a data storage device, comprising:
the local data desensitization module is used for acquiring user local data, identifying the type of the user local data, and selecting a desensitization algorithm matched with the type of the user local data from a preset desensitization algorithm library to desensitize the user local data according to the type of the user local data to obtain desensitization data;
the recombination encryption module is used for randomly recombining the desensitization data to obtain recombined desensitization data, executing a first encryption operation on the recombined desensitization data to obtain a first encryption ciphertext, and sending the first encryption ciphertext to a preset server;
and the key splitting and storing module is used for receiving a second encrypted ciphertext and a corresponding key which are generated after the second encryption operation is performed on the first encrypted ciphertext and returned by the server, splitting the key into a main key section and an auxiliary key section, storing the auxiliary key section and the second encrypted ciphertext into a locally preset block chain, and sending the main key section to the server side for storage.
In order to solve the above problem, the present invention also provides an electronic device, including:
a memory storing at least one computer program; and
and the processor executes the program stored in the memory to realize the data storage method.
In order to solve the above problem, the present invention also provides a computer-readable storage medium, in which at least one computer program is stored, the at least one computer program being executed by a processor in an electronic device to implement the data storage method described above.
The embodiment of the invention desensitizes the local data of the user and randomly recombines the desensitized data to form a first safety protection on the local data of the user, further performs a first encryption operation on the recombined desensitized data, sends the obtained first encryption ciphertext to a preset server to perform a second encryption operation to obtain a second encryption ciphertext and a related key, stores the second encryption ciphertext in a locally preset block chain, splits the key, stores an auxiliary key section in the local end, and stores a main key section in the server end, so that an attacker cannot obtain all keys when the local network is attacked, further cannot crack the local data of the user, reduces the risk of storing the local data of the user, and improves the safety of storing the local data of the user.
Drawings
Fig. 1 is a schematic flow chart of a data storage method according to an embodiment of the present invention;
fig. 2 is a schematic detailed implementation flowchart of one step in the data storage method according to an embodiment of the present invention;
fig. 3 is a schematic detailed implementation flowchart of one step in the data storage method according to an embodiment of the present invention;
fig. 4 is a schematic detailed implementation flowchart of one step in the data storage method according to an embodiment of the present invention;
FIG. 5 is a functional block diagram of a data storage device according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device implementing the data storage method according to an embodiment of the present invention.
The implementation, functional features and advantages of the present invention will be further described with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The embodiment of the application provides a data storage method. The execution subject of the data storage method includes, but is not limited to, at least one of electronic devices such as a server and a terminal that can be configured to execute the method provided by the embodiments of the present application. In other words, the data storage method may be performed by software installed in a terminal device or a server device, or hardware, and the software may be a block chain platform. The server side can be an independent server, and can also be a cloud server providing basic cloud computing services such as cloud service, a cloud database, cloud computing, cloud functions, cloud storage, Network service, cloud communication, middleware service, domain name service, security service, Content Delivery Network (CDN), big data and an artificial intelligence platform.
Fig. 1 is a schematic flow chart of a data storage method according to an embodiment of the present invention.
In this embodiment, the data storage method includes:
s1, obtaining user local data, and identifying the type of the user local data;
in the embodiment of the invention, the user local data refers to data which is generated by a user in the process of using the mobile terminal and relates to personal privacy. For example, a user opens an APP on a mobile phone, and inputs information data such as his/her name, id card number, mobile phone number, bank card number, and home address, or data such as a photo and video uploaded through the APP.
It will be appreciated that the user local data may be a video, a picture or a series of numerical or textual information;
in the embodiment of the invention, the user local data can be captured from the APP operation interface used by the user by using the Python script with the data capturing function.
In detail, referring to fig. 2, the identifying the type of the user local data includes:
s11, binary conversion operation is carried out on the file corresponding to the user local data, and a byte stream corresponding to each user local data is obtained;
s12, identifying the file type corresponding to each user local data according to the byte stream corresponding to each user local data;
s13, according to the mapping relation between the preset user local data type label and the file type, taking the type label matched with the file type of the user local data as the type of the user local data.
It is understood that the user local data exists in the form of a file, the video data corresponds to an flv video file or a swf video file, the picture data corresponds to a gif file or a jpg file, and the text data corresponds to a txt file or an xls file. All data files are stored in the form of binary digits when being stored. And then, the file type corresponding to each user local data can be identified by using the characteristics of the binary byte stream corresponding to the data file.
For example, judging the file type according to the first two bytes of the byte stream corresponding to each piece of user local data can prevent the situation that the file type cannot be identified after the extension of the data file is changed when the file type is judged according to the extension of the data file. For example, the file type with the value 7076 corresponding to the first two bytes of the byte stream is flv video file, and the file type with the value 7173 is gif file.
In the embodiment of the present invention, the preset local data type tag of the user may be a video tag, an image tag, a text tag, or the like, or may also be a multimedia tag, a file data tag, a database data tag, or the like, and may be set according to an actual situation.
S2, according to the type of the user local data, a desensitization algorithm matched with the type of the user local data is selected from a preset desensitization algorithm library to desensitize the user local data to obtain desensitization data;
in the embodiment of the present invention, the preset desensitization algorithm library refers to a set of desensitization scripts corresponding to a plurality of preset desensitization algorithms, and for example, the desensitization algorithm library may include a replacement script that replaces an original value with a random value or an average value, a desensitization script that shields the original value with a special symbol, a disorder script that randomly arranges original data symbols with a random method, or an encryption script that symmetrically encrypts original data.
It is understood that different desensitization algorithms are advantageous for specific data types, and not all types of data are applicable, and therefore, the embodiment of the present invention requires to filter the algorithms in the preset desensitization database according to the type of the user local data to obtain a better desensitization algorithm.
In detail, referring to fig. 3, the S2 includes:
s21, obtaining the score of each desensitization algorithm in the preset desensitization algorithm library;
s21, selecting desensitization algorithms matched with the types of the local data of the users from the preset desensitization algorithm library to form an optional desensitization algorithm set by using a preset desensitization algorithm and data type mapping table;
s23, selecting the desensitization algorithm with the highest score from the selectable desensitization algorithm set as a target desensitization algorithm according to the score of each desensitization algorithm;
and S24, desensitizing the local user data by using the target desensitization algorithm to obtain desensitization data.
In the embodiment of the invention, each desensitization algorithm can be scored according to angles such as processing efficiency, memory consumption and the width of an application range of the desensitization algorithm.
In another optional embodiment of the present invention, a desensitization algorithm may be randomly selected as a target desensitization algorithm by using a random method according to the set of optional desensitization algorithms.
S3, randomly recombining the desensitization data to obtain recombined desensitization data, performing a first encryption operation on the recombined desensitization data to obtain a first encryption ciphertext, and sending the first encryption ciphertext to a preset server;
in the embodiment of the invention, safety protection can be further provided for the desensitization data by randomly recombining the desensitization data, and the obtained disordered plain text is obtained when the desensitization data is decrypted.
In this embodiment of the present invention, the first encryption operation may be performed by using any one of symmetric encryption and asymmetric encryption algorithms, for example, a digital signature, an MD5 algorithm, an HMAC algorithm, a DES algorithm, an AES algorithm, an RSA algorithm, and the like.
In the embodiment of the present invention, the preset server may be a server corresponding to the APP that is practical for the user.
In detail, referring to fig. 4, the randomly recombining the desensitization data to obtain recombined desensitization data includes:
s31, carrying out random segmentation operation on the desensitization data to obtain a desensitization data segment;
s32, generating a position label of each desensitization data segment in the desensitization data;
s33, superimposing the position labels on the corresponding desensitization data segments to obtain desensitization data segments containing position information;
and S34, randomly sequencing all desensitization data segments containing the position information to obtain recombined desensitization data.
In the embodiment of the present invention, the position number may be a symbol obtained by encoding a natural sequence, and does not directly indicate the sequence of the position sequence, for example, the position number may be a symbol such as X, M, L, or the like. The position numbers may be converted into corresponding actual position sequence information according to a preset code conversion rule.
In detail, the generating of the position index of each desensitization data segment in the desensitization data includes: acquiring the original position sequence of each desensitization data segment in the desensitization data; and sequentially carrying out coding conversion on the original position sequence by using a preset coding machine to obtain the position label of each desensitization data segment in the desensitization data.
In the embodiment of the invention, when the desensitization data is decrypted, the obtained disordered plaintext is further rearranged by using a preset code conversion rule, so that the real content of the desensitization data can be recovered.
In the embodiment of the invention, the first encryption operation is performed on the desensitization data, so that the desensitization data can be prevented from being stolen in the process of transmitting the desensitization data to the preset server, and the security of the transmission of the desensitization data is improved.
And S4, receiving a second encrypted ciphertext and a corresponding key, which are generated after the second encryption operation is performed on the first encrypted ciphertext and returned by the server, splitting the key into a main key segment and an auxiliary key segment, storing the auxiliary key segment and the second encrypted ciphertext into a locally preset block chain, and sending the main key segment to the server for storage.
In this embodiment of the present invention, the second encryption operation may be performed by using any one of a symmetric encryption algorithm and an asymmetric encryption algorithm.
In detail, the splitting the key into a master key segment and a slave key segment includes: randomly cutting off the secret key to generate a preset number of secret key sections; and randomly selecting the key segments from the preset number of key segments as main key segments, and using other key segments as auxiliary key segments.
In the embodiment of the present invention, the second encrypted ciphertext may be stored in a preset block chain by using the characteristic of block chain addressing, and the sub key segment corresponding to the second encrypted ciphertext is stored in the first block linked to the preset block chain.
Further, after the storing the secondary key segment into a locally preset blockchain and the sending the primary key segment to the server for storage, the method further includes: acquiring an authentication certificate corresponding to a terminal where the user is located, and sending the authentication certificate to the server side; receiving a main key segment corresponding to the second encrypted ciphertext returned by the server terminal after the authentication credential passes; decrypting the second encrypted ciphertext according to the auxiliary key segment and the main key segment to obtain a plaintext corresponding to the second encrypted ciphertext; and reordering the plaintext corresponding to the second encrypted ciphertext according to a preset encoding rule, and displaying the reordered plaintext to the user.
The embodiment of the invention desensitizes the local data of the user and randomly recombines the desensitized data to form a first safety protection for the local data of the user, further, performs a first encryption operation on the recombined desensitized data, sends the obtained first encrypted ciphertext to a preset server to perform a second encryption operation to obtain a second encrypted ciphertext and a related key, stores the second encrypted ciphertext in a local preset block chain, and simultaneously splits the key, stores an auxiliary key segment at a local end, and stores a main key segment at the server end, so that an attacker can not obtain all keys when the local network attacks occur, and can not crack the local data of the user, thereby reducing the risk of storing the local data of the user and improving the safety of storing the local data of the user.
Fig. 5 is a functional block diagram of a data storage device according to an embodiment of the present invention.
The data storage device 100 of the present invention may be installed in an electronic device. According to the implemented functions, the data storage device 100 may include a local data desensitization module 101, a reassembly encryption module 102, and a key splitting storage module 103. The module of the present invention, which may also be referred to as a unit, refers to a series of computer program segments that can be executed by a processor of an electronic device and that can perform a fixed function, and that are stored in a memory of the electronic device.
In the present embodiment, the functions regarding the respective modules/units are as follows:
the local data desensitization module 101 is configured to acquire user local data, identify a type of the user local data, and select a desensitization algorithm matching the type of the user local data from a preset desensitization algorithm library according to the type of the user local data to desensitize the user local data to obtain desensitization data;
the restructuring encryption module 102 is configured to randomly restructure the desensitization data to obtain restructured desensitization data, perform a first encryption operation on the restructured desensitization data to obtain a first encryption ciphertext, and send the first encryption ciphertext to a preset server;
the key splitting and storing module 103 is configured to receive a second encrypted ciphertext and a corresponding key, which are generated after the server performs a second encryption operation on the first encrypted ciphertext, split the key into a main key segment and an auxiliary key segment, store the auxiliary key segment and the second encrypted ciphertext in a locally preset block chain, and send the main key segment to the server for storage.
In detail, when the modules in the data storage device 100 according to the embodiment of the present invention are used, the same technical means as the data storage method described in fig. 1 to fig. 4 are adopted, and the same technical effects can be produced, which is not described herein again.
Fig. 6 is a schematic structural diagram of an electronic device for implementing a data storage method according to an embodiment of the present invention.
The electronic device 1 may comprise a processor 10, a memory 11 and a bus, and may further comprise a computer program, such as a data storage program, stored in the memory 11 and executable on the processor 10.
The memory 11 includes at least one type of readable storage medium, which includes flash memory, removable hard disk, multimedia card, card-type memory (e.g., SD or DX memory, etc.), magnetic memory, magnetic disk, optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device 1, such as a removable hard disk of the electronic device 1. The memory 11 may also be an external storage device of the electronic device 1 in other embodiments, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the electronic device 1. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device 1. The memory 11 may be used not only to store application software installed in the electronic device 1 and various types of data, such as codes of a data storage program, but also to temporarily store data that has been output or is to be output.
The processor 10 may be composed of an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be composed of a plurality of integrated circuits packaged with the same or different functions, including one or more Central Processing Units (CPUs), microprocessors, digital Processing chips, graphics processors, and combinations of various control chips. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects various components of the electronic device by using various interfaces and lines, and executes various functions and processes data of the electronic device 1 by running or executing programs or modules (e.g., data storage programs and the like) stored in the memory 11 and calling data stored in the memory 11.
The bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. The bus is arranged to enable connection communication between the memory 11 and at least one processor 10 or the like.
Fig. 6 only shows an electronic device with components, and it will be understood by a person skilled in the art that the structure shown in fig. 6 does not constitute a limitation of the electronic device 1, and may comprise fewer or more components than shown, or a combination of certain components, or a different arrangement of components.
For example, although not shown, the electronic device 1 may further include a power supply (such as a battery) for supplying power to each component, and preferably, the power supply may be logically connected to the at least one processor 10 through a power management device, so as to implement functions of charge management, discharge management, power consumption management, and the like through the power management device. The power supply may also include any component of one or more dc or ac power sources, recharging devices, power failure detection circuitry, power converters or inverters, power status indicators, and the like. The electronic device 1 may further include various sensors, a bluetooth module, a Wi-Fi module, and the like, which are not described herein again.
Further, the electronic device 1 may further include a network interface, and optionally, the network interface may include a wired interface and/or a wireless interface (such as a WI-FI interface, a bluetooth interface, etc.), which are generally used to establish a communication connection between the electronic device 1 and another electronic device.
Optionally, the electronic device 1 may further comprise a user interface, which may be a Display (Display), an input unit (such as a Keyboard), and optionally a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable for displaying information processed in the electronic device 1 and for displaying a visualized user interface, among other things.
It is to be understood that the described embodiments are for purposes of illustration only and that the scope of the appended claims is not limited to such structures.
The data storage program stored in the memory 11 of the electronic device 1 is a combination of instructions, which when executed in the processor 10, can implement:
acquiring user local data and identifying the type of the user local data;
according to the type of the user local data, a desensitization algorithm matched with the type of the user local data is selected from a preset desensitization algorithm library to desensitize the user local data to obtain desensitization data;
randomly recombining the desensitization data to obtain recombined desensitization data, executing a first encryption operation on the recombined desensitization data to obtain a first encryption ciphertext, and sending the first encryption ciphertext to a preset server;
and receiving a second encrypted ciphertext and a corresponding key, which are generated after the second encryption operation is performed on the first encrypted ciphertext and returned by the server, splitting the key into a main key section and an auxiliary key section, storing the auxiliary key section and the second encrypted ciphertext into a locally preset block chain, and sending the main key section to the server side for storage.
Further, the integrated modules/units of the electronic device 1, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. The computer readable storage medium may be volatile or non-volatile. For example, the computer-readable medium may include: any entity or device capable of carrying said computer program code, recording medium, U-disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM).
The present invention also provides a computer-readable storage medium, storing a computer program which, when executed by a processor of an electronic device, may implement:
acquiring user local data and identifying the type of the user local data;
according to the type of the user local data, a desensitization algorithm matched with the type of the user local data is selected from a preset desensitization algorithm library to desensitize the user local data to obtain desensitization data;
randomly recombining the desensitization data to obtain recombined desensitization data, executing a first encryption operation on the recombined desensitization data to obtain a first encryption ciphertext, and sending the first encryption ciphertext to a preset server;
and receiving a second encrypted ciphertext and a corresponding key, which are generated after the second encryption operation is performed on the first encrypted ciphertext and returned by the server, splitting the key into a main key section and an auxiliary key section, storing the auxiliary key section and the second encrypted ciphertext into a locally preset block chain, and sending the main key section to the server side for storage.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method can be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof.
The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a string of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, which is used for verifying the validity (anti-counterfeiting) of the information and generating a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
The embodiment of the application can acquire and process related data based on a data processing technology. Among them, Artificial Intelligence (AI) is a theory, method, technique and application system that simulates, extends and expands human Intelligence using a digital computer or a machine controlled by a digital computer, senses the environment, acquires knowledge and uses the knowledge to obtain the best result.
Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the system claims may also be implemented by one unit or means in software or hardware. The terms second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.

Claims (10)

1. A method of data storage, the method comprising:
acquiring user local data and identifying the type of the user local data;
according to the type of the user local data, a desensitization algorithm matched with the type of the user local data is selected from a preset desensitization algorithm library to desensitize the user local data to obtain desensitization data;
randomly recombining the desensitization data to obtain recombined desensitization data, performing a first encryption operation on the recombined desensitization data to obtain a first encryption ciphertext, and sending the first encryption ciphertext to a preset server;
and receiving a second encrypted ciphertext and a corresponding key, which are generated after the second encryption operation is performed on the first encrypted ciphertext and returned by the server, splitting the key into a main key section and an auxiliary key section, storing the auxiliary key section and the second encrypted ciphertext into a locally preset block chain, and sending the main key section to the server side for storage.
2. The data storage method of claim 1, wherein said identifying the type of the user local data comprises:
executing binary conversion operation on the file corresponding to the user local data to obtain a byte stream corresponding to each user local data;
identifying a file type corresponding to each user local data according to a byte stream corresponding to each user local data;
and according to the preset mapping relation between the user local data type label and the file type, taking the type label matched with the file type of the user local data as the type of the user local data.
3. The data storage method of claim 1, wherein the selecting, according to the type of the user local data, a desensitization algorithm matching the type of the user local data from a preset desensitization algorithm library to desensitize the user local data to obtain desensitization data comprises:
obtaining the score of each desensitization algorithm in the preset desensitization algorithm library;
selecting desensitization algorithms matched with the types of the local data of the users from the preset desensitization algorithm library to form an optional desensitization algorithm set by using a mapping table of preset desensitization algorithms and data types;
selecting the desensitization algorithm with the highest score from the set of selectable desensitization algorithms as a target desensitization algorithm according to the score of each desensitization algorithm;
desensitizing the local data of the user by using the target desensitization algorithm to obtain desensitization data.
4. The data storage method of claim 1, wherein said randomly recombining said desensitization data to obtain recombined desensitization data comprises:
carrying out random segmentation operation on the desensitization data to obtain a desensitization data segment;
generating a position index for each of the desensitization data segments in the desensitization data;
superposing the position labels to the corresponding desensitization data segments to obtain desensitization data segments containing position information;
and randomly sequencing all desensitization data sections containing the position information to obtain recombined desensitization data.
5. The data storage method of claim 4, wherein said generating a position index for each said desensitization data segment in said desensitization data comprises:
acquiring the original position sequence of each desensitization data segment in the desensitization data;
and sequentially carrying out coding conversion on the original position sequence by using a preset coding machine to obtain the position label of each desensitization data segment in the desensitization data.
6. The data storage method of claim 1, wherein the root splits the key into a primary key segment and a secondary key segment, comprising:
randomly cutting off the secret key to generate a preset number of secret key sections;
and randomly selecting the key segments from the preset number of key segments as main key segments, and using other key segments as auxiliary key segments.
7. The data storage method according to any one of claims 1 to 6, wherein after storing the secondary key segment into a locally preset blockchain and sending the primary key segment to the server for storage, the method further comprises:
when an instruction of a user for inquiring local data of the user is received, a second encrypted ciphertext corresponding to the local data of the user and a corresponding auxiliary key section are obtained;
acquiring an authentication certificate corresponding to a terminal where the user is located, and sending the authentication certificate to the server side;
receiving a main key segment corresponding to the second encrypted ciphertext returned by the server terminal after the authentication credential passes;
decrypting the second encrypted ciphertext according to the auxiliary key segment and the main key segment to obtain a plaintext corresponding to the second encrypted ciphertext;
and reordering the plaintext corresponding to the second encrypted ciphertext according to a preset encoding rule, and displaying the reordered plaintext to the user.
8. A data storage device, the device comprising:
the local data desensitization module is used for acquiring user local data, identifying the type of the user local data, and selecting a desensitization algorithm matched with the type of the user local data from a preset desensitization algorithm library to desensitize the user local data according to the type of the user local data to obtain desensitization data;
the recombination encryption module is used for randomly recombining the desensitization data to obtain recombined desensitization data, executing a first encryption operation on the recombined desensitization data to obtain a first encryption ciphertext, and sending the first encryption ciphertext to a preset server;
and the key splitting and storing module is used for receiving a second encrypted ciphertext and a corresponding key which are generated after the second encryption operation is performed on the first encrypted ciphertext and returned by the server, splitting the key into a main key section and an auxiliary key section, storing the auxiliary key section and the second encrypted ciphertext into a locally preset block chain, and sending the main key section to the server side for storage.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and (c) a second step of,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores a computer program executable by the at least one processor, the instructions being executable by the at least one processor to enable the at least one processor to perform a data storage method as claimed in any one of claims 1 to 7.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out a data storage method according to any one of claims 1 to 7.
CN202210588728.5A 2022-05-26 Data storage method, device, electronic equipment and computer readable storage medium Active CN115001784B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210588728.5A CN115001784B (en) 2022-05-26 Data storage method, device, electronic equipment and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210588728.5A CN115001784B (en) 2022-05-26 Data storage method, device, electronic equipment and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN115001784A true CN115001784A (en) 2022-09-02
CN115001784B CN115001784B (en) 2024-05-28

Family

ID=

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115529192A (en) * 2022-10-25 2022-12-27 武汉天翌数据科技发展有限公司 Method, device, equipment and storage medium for secure transmission of network data

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106649587A (en) * 2016-11-17 2017-05-10 国家电网公司 High-security desensitization method based on big data information system
JP2018032908A (en) * 2016-08-22 2018-03-01 日本電気株式会社 Information transmission method, information processing method, program, decoding method, and program
CN109492432A (en) * 2018-11-08 2019-03-19 安徽太阳石科技有限公司 Real time data safety protecting method and system based on block chain
CN111934872A (en) * 2020-10-12 2020-11-13 百度在线网络技术(北京)有限公司 Key processing method, device, electronic equipment and storage medium
CN112487455A (en) * 2020-12-03 2021-03-12 珠海格力电器股份有限公司 Data processing method and device and data interaction system
CN113127915A (en) * 2021-05-12 2021-07-16 平安信托有限责任公司 Data encryption desensitization method and device, electronic equipment and storage medium
CN114036546A (en) * 2021-11-17 2022-02-11 平安普惠企业管理有限公司 Identity verification method and device based on mobile phone number, computer equipment and medium
CN114401132A (en) * 2022-01-13 2022-04-26 平安普惠企业管理有限公司 Data encryption method, device, equipment and storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2018032908A (en) * 2016-08-22 2018-03-01 日本電気株式会社 Information transmission method, information processing method, program, decoding method, and program
CN106649587A (en) * 2016-11-17 2017-05-10 国家电网公司 High-security desensitization method based on big data information system
CN109492432A (en) * 2018-11-08 2019-03-19 安徽太阳石科技有限公司 Real time data safety protecting method and system based on block chain
CN111934872A (en) * 2020-10-12 2020-11-13 百度在线网络技术(北京)有限公司 Key processing method, device, electronic equipment and storage medium
CN112487455A (en) * 2020-12-03 2021-03-12 珠海格力电器股份有限公司 Data processing method and device and data interaction system
CN113127915A (en) * 2021-05-12 2021-07-16 平安信托有限责任公司 Data encryption desensitization method and device, electronic equipment and storage medium
CN114036546A (en) * 2021-11-17 2022-02-11 平安普惠企业管理有限公司 Identity verification method and device based on mobile phone number, computer equipment and medium
CN114401132A (en) * 2022-01-13 2022-04-26 平安普惠企业管理有限公司 Data encryption method, device, equipment and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115529192A (en) * 2022-10-25 2022-12-27 武汉天翌数据科技发展有限公司 Method, device, equipment and storage medium for secure transmission of network data

Similar Documents

Publication Publication Date Title
CN113055380B (en) Message processing method and device, electronic equipment and medium
CN114726630B (en) License-based information security authorization method and device, electronic equipment and medium
CN113822675A (en) Block chain based message processing method, device, equipment and storage medium
CN113127915A (en) Data encryption desensitization method and device, electronic equipment and storage medium
CN114760114B (en) Identity authentication method, device, equipment and medium
CN114499859A (en) Password verification method, device, equipment and storage medium
CN110266653B (en) Authentication method, system and terminal equipment
CN114626079A (en) File viewing method, device, equipment and storage medium based on user permission
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment
CN114553532A (en) Data secure transmission method and device, electronic equipment and storage medium
CN117240625B (en) Tamper-resistant data processing method and device and electronic equipment
CN112069479B (en) Face data calling method and device based on block chain
CN110890979B (en) Automatic deployment method, device, equipment and medium for fort machine
CN112862484A (en) Secure payment method and device based on multi-terminal interaction
CN114826725B (en) Data interaction method, device, equipment and storage medium
CN114125158B (en) Anti-harassment method, device, equipment and storage medium based on trusted telephone
CN115001784B (en) Data storage method, device, electronic equipment and computer readable storage medium
CN115001784A (en) Data storage method and device, electronic equipment and computer readable storage medium
CN114095220A (en) Telephone communication verification method, device, equipment and storage medium
CN112150151B (en) Secure payment method, apparatus, electronic device and storage medium
CN115001768A (en) Data interaction method, device and equipment based on block chain and storage medium
CN114091041A (en) Data transmission method, device, equipment and medium based on embedded equipment
CN113918517A (en) Multi-type file centralized management method, device, equipment and storage medium
CN113158218A (en) Data encryption method and device and data decryption method and device
CN113642020B (en) Dynamic encryption method and device for configuration file, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20240430

Address after: Room 1008, No. 2 Wangyuan Road, Tianhe District, Guangzhou City, Guangdong Province, 510000 (for office only)

Applicant after: Guangzhou Zheng High tech Co.,Ltd.

Country or region after: China

Address before: 518000 Room 201, building A, 1 front Bay Road, Shenzhen Qianhai cooperation zone, Shenzhen, Guangdong

Applicant before: PING AN PUHUI ENTERPRISE MANAGEMENT Co.,Ltd.

Country or region before: China

GR01 Patent grant