CN107592295A - A kind of encryption method of big data - Google Patents
A kind of encryption method of big data Download PDFInfo
- Publication number
- CN107592295A CN107592295A CN201710646447.XA CN201710646447A CN107592295A CN 107592295 A CN107592295 A CN 107592295A CN 201710646447 A CN201710646447 A CN 201710646447A CN 107592295 A CN107592295 A CN 107592295A
- Authority
- CN
- China
- Prior art keywords
- key
- big data
- encryption
- request
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiments of the invention provide a kind of encryption method of big data, methods described includes:After receiving target big data, the target big data is handled according to preset rules, and determine whether the target big data needs to be encrypted;If it is, forming a key request to the target big data, and the key request is put into object queue;Key request is taken out from the object queue successively, and the request of creation data encryption key is proposed to big data key production module;The encryption key message that the key production module is sent is received, and the big data is encrypted according to the encryption key message.The ability of big data platform attack protection, can effectively improve big data security.
Description
Technical field
The present invention relates to data processing field, more particularly to a kind of encryption method of big data.
Background technology
Big data plays more and more important effect in today's society and economic development, but big data is at concentration
While reason and storage mass data, its safety problem will also face increasing challenge.
In terms of big data safeguard protection, conventional method is all by fire wall, VPN, intrusion detection and anti-virus etc.
It is complete that these traditional systems and component carry out safeguards system, is from procotol and pattern feature the problem of these method maximums
Go safeguards system safe, the sensitive information and sensitive data that can not be directed to big data platform interior implement protection, that is to say, that mesh
The preceding specific security system gone back neither one so far and be directed to big data system.
The content of the invention
The purpose of the embodiment of the present invention is to provide a kind of encryption method of big data, with the energy of big data platform attack protection
Power, big data security can be effectively improved.
In order to achieve the above object, the embodiment of the invention discloses a kind of encryption method of big data, methods described to include:
After receiving target big data, the target big data is handled according to preset rules, and determine the target
Whether big data, which needs, is encrypted;
If it is, forming a key request to the target big data, and the key request is put into target team
In row;
Key request is taken out from the object queue successively, and proposes that creation data adds to big data key production module
The request of key;
The encryption key message that the key production module is sent is received, and according to the encryption key message to described big
Data are encrypted.
Optionally, after the reception target big data, the target big data is handled according to preset rules, and really
Whether the fixed target big data needs to be encrypted, including:
After receiving target big data, rule is handled according to the piecemeal of data piecemeal processing is carried out to the target big data,
And whether each piece need to be encrypted is determined respectively to the target big data after piecemeal processing;
It is described if it is, form a key request to the target big data, and the key request is put into mesh
Mark in queue, including:
If it is, a key request is formed to each piece in the target big data data block for needing to be encrypted,
And the key request is put into object queue.
Optionally, it is described to take out key request from the object queue successively, and carried to big data key production module
Go out to produce the request of data encryption key, including:
According to the principle of FIFO, key request is taken out from the object queue successively, and give birth to big data key
The request of creation data encryption key is proposed into module.
Optionally, the encryption information includes the information of initial key, when single piece of key leaks, using new initial
Key produces key and removes the block of encryption leakage key, and updates initial key in encryption information table, the information of block encryption key;
When one-way function calculates, increase the information of an information change key number, it is M (F that block symmetric key, which produces function,
(K, A, f (N))), the information N of key change is included in encryption information table on the basis of above.
The encryption method of big data provided in an embodiment of the present invention, the present invention is in use, the code of big data platform is complete
Whole property can be verified by the present invention, even if big data platform is attacked by hacker and wooden horse, the present invention also can automatic detection
And alert.Even if big data platform of the invention is encroached on by attack or virus or wooden horse, system provided by the present invention is utilized
Integrity checking techniques (hash algorithm technology) can be recovered accurately and original identical system.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with
Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of the encryption method of big data provided in an embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained every other under the premise of creative work is not made
Embodiment, belong to the scope of protection of the invention.
Fig. 1 is the schematic flow sheet of the encryption method of big data provided in an embodiment of the present invention, and the method comprising the steps of:
S101, after receiving target big data, the target big data is handled according to preset rules, and described in determination
Whether target big data, which needs, is encrypted, if it is, performing S102.
It is understood that big data acquisition system needs to be acquired and pre-process with data by preparatory condition, obtain
To target big data, obtain checking whether it is encrypted data after big data, if not encrypted, perform encryption
Step S102, is otherwise disregarded.
S102, a key request is formed to the target big data, and the key request is put into object queue
It is interior.
A key request is formed for the data for needing to be encrypted respectively, the key request is included to number to be encrypted
According to encryption type request, such as MD5.All key requests can be added in object queue.
S103, key request is taken out from the object queue successively, and propose to produce to big data key production module
The request of data encryption key.
Specifically, key request can be taken out from the object queue successively according to the principle of FIFO, and to big
Data key generation module proposes the request of creation data encryption key, so that data to be encrypted to be encrypted.
S104, the encryption key message that the key production module is sent is received, and according to the encryption key message pair
The big data is encrypted.
Key generation module is specifically used for generation key, so as to which be-encrypted data be encrypted by the key of generation.
Specific ciphering process is prior art, and the embodiment of the present invention is not repeated it herein.
A kind of method that system for realizing big data safety realizes big data safety, will be adopted to big data safeguard protection originally
With the pattern of software and network topology architecture, upgrade to and directly use hardware protection, and by protection level by former software protection level
Hardware protection rank is indescribably upgraded to, is greatly improved the ability of big data platform attack protection, big data safety can be effectively improved
Property.
After receiving target big data, rule is handled according to the piecemeal of data piecemeal processing is carried out to the target big data,
And whether each piece need to be encrypted is determined respectively to the target big data after piecemeal processing;
It is described if it is, form a key request to the target big data, and the key request is put into mesh
Mark in queue, including:
If it is, a key request is formed to each piece in the target big data data block for needing to be encrypted,
And the key request is put into object queue.
It is understood that carrying out piecemeal (segmentation) to data as needed, regard one piece with a file.
The sensitivity of file is drawn according to the keyword computation rule of setting, the judgement needs for reaching certain threshold value add
It is close, if user's selection does not reach the file of threshold value, it can also encrypt, can be added using two kinds of algorithms of AES128 or AES256
It is close.If file is not belonging to both situations above, do not encrypt.
Block key is produced, the various parameters of cryptographic block is selected, file is encrypted, and whether file is encrypted, such as
Fruit is encrypted, and to key public key encryption, is stored in encryption information table, and the information for uniquely determining this segmentation is included in table
(fullpath of file, include filename), the key of public key encryption, the algorithm and block length of encryption, initial vector, encryption
Pattern, correlative coding information etc..
Decryption is an opposite process, for each block number evidence, first determines whether it encrypts, if it is,
Then need to decrypt, obtain the information such as its key.Data block is decrypted.Without block length in encryption information table, initially to
Amount, the information of encryption mode.
Exemplary, a hash function SHA256 can be chosen, is produced with file path A, master key (initial key) K
It is raw.Calculate HASH (K, A) value, before the binary system intercept the key length that encrypted data chunk uses symmetric encipherment algorithm
Corresponding digit 128 or 256bit.Algorithm can also replace with stream cipher.
In theory, we, which only need to store well initial decryption, can encrypt the encryption key of each file.Public affairs can be used
Sectional encryption key after key encryption, and by segment information, segmentation whether encrypt, data block corresponding to the encryption key that is segmented
Information, cryptography information, the type of coding etc. of clear data, be stored in encryption information table.
It is possible to further be initial key that each user has oneself, so he can encrypt and decrypt himself and be responsible for
File, encryption information is also stored in encryption information table, and the initial key of public key encryption should be included in encryption information table, with
And the information of foregoing encryption information table.
Further, if single piece of key leakage, key is produced using new initial key and removes encryption leakage key
Block, and update encryption information table.Further, if single piece of key leakage, in one-way function calculation block key
When, increase the information of an information change key number, do not add for the first time, use HASH (K, A, 1) for the second time, third time
Using HASH (K, A, 2), by that analogy, the information of key change is included in encryption information table on the basis of above.Encryption is calculated
Method not only includes symmetry algorithm, in addition to homomorphic cryptography, asymmetrical encryption method.Because some data carry out commission meter
The needs of calculation, and need for confidentiality, so the numerical value that some needs are used for this carries out homomorphic cryptography using public key.
It should be noted that herein, such as first and second or the like relational terms are used merely to a reality
Body or operation make a distinction with another entity or operation, and not necessarily require or imply and deposited between these entities or operation
In any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant are intended to
Nonexcludability includes, so that process, method, article or equipment including a series of elements not only will including those
Element, but also the other element including being not expressly set out, or it is this process, method, article or equipment also to include
Intrinsic key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that
Other identical element also be present in process, method, article or equipment including the key element.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the scope of the present invention.It is all
Any modification, equivalent substitution and improvements made within the spirit and principles in the present invention etc., are all contained in protection scope of the present invention
It is interior.
Claims (4)
1. a kind of encryption method of big data, it is characterised in that methods described includes:
After receiving target big data, the target big data is handled according to preset rules, and determine the big number of the target
According to whether needing to be encrypted;
If it is, forming a key request to the target big data, and the key request is put into object queue;
Key request is taken out from the object queue successively, and proposes that creation data encryption is close to big data key production module
The request of key;
The encryption key message that the key production module is sent is received, and according to the encryption key message to the big data
It is encrypted.
2. the encryption method of big data according to claim 1, it is characterised in that after the reception target big data, root
The target big data is handled according to preset rules, and determines whether the target big data needs to be encrypted, including:
After receiving target big data, rule is handled according to the piecemeal of data piecemeal processing is carried out to the target big data, and it is right
The target big data after piecemeal processing determines whether each piece need to be encrypted respectively;
It is described if it is, form a key request to the target big data, and the key request is put into target team
In row, including:
If it is, a key request is formed to each piece in the target big data data block for needing to be encrypted, and will
The key request is put into object queue.
3. the encryption method of big data according to claim 1, it is characterised in that described successively from the object queue
Key request is taken out, and the request of creation data encryption key is proposed to big data key production module, including:
According to the principle of FIFO, key request is taken out from the object queue successively, and mould is generated to big data key
Block proposes the request of creation data encryption key.
4. the encryption method of big data according to claim 1, it is characterised in that the encryption information includes initial key
Information, when single piece of key leaks, key is produced using new initial key and removes the block of encryption leakage key, and is updated
Initial key in encryption information table, the information of block encryption key;When one-way function calculates, increase an information change
The information of key number, it is M (F (K, A, f (N))) that block symmetric key, which produces function, in encryption information table on the basis of above
Include the information N of key change.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710646447.XA CN107592295A (en) | 2017-08-01 | 2017-08-01 | A kind of encryption method of big data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710646447.XA CN107592295A (en) | 2017-08-01 | 2017-08-01 | A kind of encryption method of big data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107592295A true CN107592295A (en) | 2018-01-16 |
Family
ID=61041911
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710646447.XA Withdrawn CN107592295A (en) | 2017-08-01 | 2017-08-01 | A kind of encryption method of big data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107592295A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109522742A (en) * | 2018-10-26 | 2019-03-26 | 贵州斯曼特信息技术开发有限责任公司 | A kind of batch processing method of computer big data |
| CN111625843A (en) * | 2019-07-23 | 2020-09-04 | 方盈金泰科技(北京)有限公司 | Data transparent encryption and decryption system suitable for big data platform |
| CN112181292A (en) * | 2020-09-10 | 2021-01-05 | 绍兴无相智能科技有限公司 | Safe storage method and device based on big data and computer readable storage medium |
| CN112214771A (en) * | 2020-09-10 | 2021-01-12 | 绍兴无相智能科技有限公司 | Information analysis method and device based on big data and computer readable storage medium |
-
2017
- 2017-08-01 CN CN201710646447.XA patent/CN107592295A/en not_active Withdrawn
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109522742A (en) * | 2018-10-26 | 2019-03-26 | 贵州斯曼特信息技术开发有限责任公司 | A kind of batch processing method of computer big data |
| CN111625843A (en) * | 2019-07-23 | 2020-09-04 | 方盈金泰科技(北京)有限公司 | Data transparent encryption and decryption system suitable for big data platform |
| CN112181292A (en) * | 2020-09-10 | 2021-01-05 | 绍兴无相智能科技有限公司 | Safe storage method and device based on big data and computer readable storage medium |
| CN112214771A (en) * | 2020-09-10 | 2021-01-12 | 绍兴无相智能科技有限公司 | Information analysis method and device based on big data and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3356988B1 (en) | Method and system for verifiable searchable symmetric encryption | |
| CN112543187B (en) | Industrial Internet of things safety data sharing method based on edge block chain | |
| CN107592295A (en) | A kind of encryption method of big data | |
| CN103401678A (en) | Method for ensuring data transmission safety of Internet of things | |
| Miriam et al. | Secured Cyber Security Algorithm for Healthcare System Using Blockchain Technology. | |
| CN103716157A (en) | Grouped multiple-key encryption method and grouped multiple-key encryption device | |
| CN103414690A (en) | Publicly-verifiable cloud data possession checking method | |
| CN110149209A (en) | Internet of things equipment and its method and apparatus of improve data transfer safety | |
| CN110413652B (en) | Big data privacy retrieval method based on edge calculation | |
| CN105791207A (en) | network security method and network security service system | |
| US10129025B2 (en) | Binding data to a network in the presence of an entity with revocation capabilities | |
| US12058112B2 (en) | Binding data to a network in the presence of an entity | |
| CN106657002A (en) | Novel crash-proof base correlation time multi-password identity authentication method | |
| Kim et al. | A secret sharing-based distributed cloud system for privacy protection | |
| CN112398861B (en) | Encryption system and method for sensitive data in web configuration system | |
| Chen et al. | Privacy-preserving anomaly detection of encrypted smart contract for blockchain-based data trading | |
| CN116822661B (en) | Privacy protection verifiable federal learning method based on double-server architecture | |
| CN113326518A (en) | Data processing method and device | |
| CN102223229A (en) | Method for safe transmission of data in public network | |
| CN115809459B (en) | Data protection and decryption method, system, equipment and medium of software cryptographic module | |
| CN116405320A (en) | Data transmission method and device | |
| CN115085898A (en) | Homomorphic encryption-based unmanned aerial vehicle data anomaly detection method | |
| CN115865461A (en) | Method and system for distributing data in high-performance computing cluster | |
| CN110519278B (en) | Data security authentication method and system based on BIM | |
| Jain et al. | Enhanced data privacy in cyber-physical system using improved Chacha20 algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20180116 |