CN107682355B - Data guard method and device, data reconstruction method and device - Google Patents

Data guard method and device, data reconstruction method and device Download PDF

Info

Publication number
CN107682355B
CN107682355B CN201711027261.2A CN201711027261A CN107682355B CN 107682355 B CN107682355 B CN 107682355B CN 201711027261 A CN201711027261 A CN 201711027261A CN 107682355 B CN107682355 B CN 107682355B
Authority
CN
China
Prior art keywords
data
encryption
subdata
encrypted
stored
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711027261.2A
Other languages
Chinese (zh)
Other versions
CN107682355A (en
Inventor
孙吉平
念龙龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Senseshield Technology Co Ltd
Original Assignee
Beijing Senseshield Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Senseshield Technology Co Ltd filed Critical Beijing Senseshield Technology Co Ltd
Priority to CN201711027261.2A priority Critical patent/CN107682355B/en
Publication of CN107682355A publication Critical patent/CN107682355A/en
Application granted granted Critical
Publication of CN107682355B publication Critical patent/CN107682355B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of data guard methods, comprising: determines the multiple subdatas for constituting the first data to be stored, at least one subdata in multiple subdatas is encrypted using the public key of contact person;It at least stores encrypted subdata as the first encryption data to server-side, and sends association messages to server-side, association messages, which are used to indicate, associatedly stores the contact details of contact person and encrypted subdata.The invention also discloses a kind of data protecting devices.Data Protection Scheme through the invention can effectively improve the security level of data.

Description

Data guard method and device, data reconstruction method and device
Technical field
The present invention relates to computer field, in particular to a kind of data guard method and device and a kind of data restore Method and device.
Background technique
It is convenient and efficiently that internet is for people's lives, enterprise operation activity etc. is brought, but also considerably increases number simultaneously According to the risk of safety.In recent years, various data safety events occur again and again.Data safety has become asking for people's close attention Topic, is related to the confidential datas such as private sensitive data, technology, finance, military project.
The scheme that data encrypt is wanted there are many counterweight at present, such as by being encrypted, being obscured to data, Using the information safety devices (such as encryption lock) with greater security, HD encryption, these schemes mention to a certain extent High safety, increases the difficulty cracked, but also not perfectly safe.Such as it to data encryption and is deposited when using personal key When storing up beyond the clouds, once personal key is cracked or personal key is lost, the problem of data can not be restored will be faced.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of to enhance restoring for data while improving Information Security The data protection of property and recovery scheme.
Data guard method provided in an embodiment of the present invention comprises determining that the multiple subnumbers for constituting the first data to be stored According at least one subdata in multiple subdatas is encrypted using the public key of contact person;It at least will be encrypted Subdata is stored as the first encryption data to server-side, and sends association messages to server-side, and the association messages are for referring to Show and associatedly stores the contact details of the contact person and encrypted subdata.
Preferably, first data to be stored is encryption key, and the method also includes: use the first number to be stored According to being encrypted to obtain the second encryption data to the second data to be stored;Second encryption data and the first encryption data are closed Store to the server-side to connection.
Preferably, the encryption includes the public key using multiple and different contact persons respectively to the different subnumbers According to being encrypted, the association messages are used to indicate the contact details and encrypted subdata of the multiple different contact persons It is stored with being respectively associated.
Preferably, the encryption includes the public key using multiple and different contact persons at least one described subdata Multi-layer security is carried out, the association messages are used to indicate the contact details and corresponding each public affairs of the multiple different contact persons The encryption level of key is associatedly stored with encrypted subdata.
Data reconstruction method provided in an embodiment of the present invention includes: to receive the recovery request from client, the recovery Request is related to the first pre-stored data, and first pre-stored data includes the warp that at least one public key encryption through contact person obtains The subdata of encryption;It, will be described encrypted according to the contact details with the encrypted associated contact person of subdata Subdata be sent to corresponding contact person side;Based on the returned data part received from corresponding contact person side, by described One pre-stored data reverts to the first initial data.
Preferably, the first initial data is encryption key, and the method also includes: use first initial data pair The second pre-stored data relevant to the recovery request is decrypted, and obtains the second initial data and is sent to the client.
Preferably, the first pre-stored data includes multiple encrypted sons of each public key encryption through different contact persons Data, and it includes: by each encrypted subnumber that the encrypted subdata, which is sent to corresponding contact person side, According to being respectively sent to corresponding contact person side.
Preferably, at least one described encrypted subdata is used the public key of multiple and different contact persons successively to carry out Multi-layer security obtain, and by the encrypted subdata be sent to corresponding contact person side include: will be described encrypted The encryption data with the respective encrypted number of plies of subdata is sent to corresponding contact person side.
Data protecting device provided in an embodiment of the present invention includes: encryption unit, is configured to according to fixed composition Multiple subdatas of first data to be stored carry out at least one subdata in multiple subdatas using the public key of contact person Encryption;First communication unit is configured at least store encrypted subdata as the first encryption data to service End, and to server-side send association messages, the association messages be used to indicate by the contact details of the contact person with it is encrypted Subdata associatedly stored.
Preferably, first data to be stored be encryption key, the encryption unit be additionally configured to using first to Storing data encrypts the second data to be stored to obtain the second encryption data;First communication unit is additionally configured to institute It states the second encryption data and the first encryption data is associatedly stored to the server-side.
Preferably, the encryption unit is configured so that the public key of multiple and different contact persons respectively to the different sons Data are encrypted, and the association messages that the communication unit is sent to server-side are used to indicate the multiple difference The contact details of contact person store with being respectively associated with encrypted subdata.
Preferably, the encryption unit is configured so that the public key of multiple and different contact persons at least one described subnumber According to carrying out multi-layer security, and the association messages that are sent to server-side of the communication unit be used to indicate by it is the multiple not It is associatedly stored with the contact details of contact person and the encryption level of corresponding each public key with encrypted subdata.
Data Recapture Unit provided in an embodiment of the present invention includes: storage unit, is stored with the first pre-stored data, described First pre-stored data includes the encrypted subdata that at least one public key encryption through contact person obtains;Second communication unit, It is configured to receive the recovery request relevant to first pre-stored data from client, and according to it is described encrypted The encrypted subdata is sent to corresponding contact person side by the contact details of the associated contact person of subdata, with And it is flanked from corresponding contact person and receives returned data part;Processing unit is configured to the returned data part, by institute It states the first pre-stored data and reverts to the first initial data.
Preferably, the first initial data is encryption key, the storage unit is also stored with the second pre-stored data, described Processing unit be additionally configured to using first initial data pair, second pre-stored data relevant to the recovery request into Row decryption, obtains the second initial data, and be sent to the client by second communication unit.
Preferably, the first pre-stored data includes multiple encrypted sons of each public key encryption through different contact persons Data, the second communication unit are configured to each encrypted subdata being respectively sent to corresponding contact person side.
Preferably, at least one described encrypted subdata is used the public key of multiple and different contact persons successively to carry out Multi-layer security obtains, and the second communication unit is configured to the encryption number with the respective encrypted number of plies of the encrypted subdata According to being sent to corresponding contact person side.
The data protection of the embodiment of the present invention and recovery scheme using contact person's data key of user by being added Privacy protection obtains data by seeking help contact person when restoring data, can solve safety, the key quilt of data storage simultaneously The problem of bring data can not be restored is cracked or lost, enhances data while the safety for improving data protection Restorability.
Detailed description of the invention
Fig. 1 is the schematic flow chart of one embodiment of data guard method of the invention;
Fig. 2 is the schematic flow chart of another embodiment of data guard method of the invention;
Fig. 3 is the schematic flow chart of one embodiment of data reconstruction method of the invention;
Fig. 4 is the schematic flow chart of another embodiment of data reconstruction method of the invention;
Fig. 5 is the schematic block diagram of one embodiment of data protecting device of the invention;
Fig. 6 is the schematic block diagram of one embodiment of Data Recapture Unit of the invention.
Specific embodiment
Each embodiment of the invention is described in detail referring to specification.
Fig. 1 is the schematic flow chart of one embodiment of data guard method of the invention.
As shown in Figure 1, the data guard method of the present embodiment includes:
S101, the multiple subdatas for constituting the first data to be stored are determined;
In the embodiment of the present invention, the first data to be stored can be made of multiple subdatas, such as generate multiple subdatas Afterwards, it combines multiple subdatas to obtain the first data to be stored.As an example, the first data to be stored, which can be, has predetermined knot The character string of structure is made of multiple fields, and the substring in each field is a subdata;First data to be stored can To be a group of file, each file therein is a subdata;First data to be stored can also be is spliced by multiple image At panoramic picture, the multiple image is as multiple subdatas.
It, can also be by being split to the first data to be stored generated or dividing to obtain in the embodiment of the present invention Multiple subdatas.As an example, the first data to be stored can be integrally formed character string, it is divided by pre-defined rule It cuts and multiple substrings can be obtained as subdata, such as can be split according to every four characters;First data to be stored can To be document files, form document or audio-video document, multiple data packets can be split into as multiple according to predefined size to it Subdata.
In the embodiment of the present invention, when the first data to be stored is made of multiple subdatas, it can generate for forming the After multiple subdatas of one data to be stored, the first data to be stored wouldn't be generated, and multiple subdatas generated are determined For the multiple subdatas for constituting the first data to be stored.When being split to the first data to be stored or divide to obtain multiple subnumbers According to when, will split or the obtained multiple subdatas of segmentation are determined as constituting multiple subdatas of the first data to be stored.
S102, at least one subdata in multiple subdatas is encrypted using the public key of contact person;
It, can be to one of son after determining the multiple subdatas for constituting the first data to be stored in the embodiment of the present invention Data are encrypted, and perhaps a portion subdata are encrypted respectively or can also be to wherein each Subdata is encrypted.
In the embodiment of the present invention, the encryption of subdata is carried out by the public key using contact person.Contact person can To be connection that the users such as good friend, relatives or the teacher of user of the first data to be stored contact that more or user more trusts People.User can obtain the public key of the contact person from one or more contact persons in advance, determine which is used in practical application Contact person's public key is used for the encryption of subdata.
S103, it at least stores encrypted subdata as the first encryption data to server-side;
In the embodiment of the present invention, after part or all of subdata is encrypted, the subdata of encryption can be made Server-side is transmitted to for the first encryption data to be stored, and the subdata of unencryption is retained in local client.
Alternately, in the embodiment of the present invention, the subdata of encryption and the subdata of unencryption can also be used as together to One encryption data is stored to server-side, and local client does not store the subdata being encrypted or unencrypted.In this case, may be used also By to server-side send instruction by multiple subdatas generate the first data to be stored in a manner of message, when to restore data by Server-side generates the first data to be stored and returns to client.
In embodiments of the present invention, user can log on to the user account of server-side by user name password etc., by first Encryption data is stored in the user account of server-side.Specifically, user passes through to the web browser in client or specially First encryption data is transmitted to clothes by upload function by the user account that server-side is logged on to the operation of Application Program Interface Business end, and can confirm in client end interface and upload result.
S104, association messages are sent to server-side, the association messages are used to indicate the contact details of the contact person It is associatedly stored with encrypted subdata.
In the embodiment of the present invention, while the first encryption data is sent to server-side or front and back, also sent out to server-side Send related information relevant to the encryption of the first encryption data.Specify in related information the public key encryption using contact person Subdata and provide the public key contact person contact details between corresponding relationship.
For example, user is after logging on to the user account of server-side by the vertical application in client, by three Encrypted subdata is transmitted to server-side as the first encryption data, and shows in the user interface of the vertical application Contingency table in fill in each encryption subdata and corresponding contact details, such as shown in the following table 1:
Table 1
The subdata of encryption The contact details of public key people
D1 123@***.com
D2 456@***.com
D3 789@***.com
Wherein, the subdata of the entitled D1 of file is with the subdata of the public key encryption of contact person A, and 123 * * * .com are connection It is the schematic e-mail address of people A.The subdata of the entitled D2 of file be with the subdata of the public key encryption of contact person B, 456@* * * .com are the schematic e-mail address of contact person B.The subdata of the entitled D3 of file is with the public key encryption of contact person C Subdata, 789@* * * .com be contact person C schematic e-mail address.
After the completion of upper table is filled in, service is sent to for the related information in contingency table as association messages by confirmation operation End stores, thereby completing the present invention the Data Protection Scheme of embodiment.
The Data Protection Scheme of the embodiment of the present invention by being encrypted using contact person's data key of user, Data can be obtained by seeking help contact person when needing to restore data, so as to solve the safety of data storage simultaneously, use The problem of data caused by personal key in encryption data is cracked or loses can not be restored, in the peace for improving data protection The restorability of data is enhanced while full property.
Fig. 2 is the schematic flow chart of another embodiment of data guard method of the invention.
As shown in Fig. 2, the data guard method of the embodiment of the present invention includes:
S201, the multiple subdatas for constituting the first data to be stored are determined;
In the embodiment of the present invention, the first data to be stored can be made of multiple subdatas, can also be by raw At the first data to be stored split or divide to obtain multiple subdatas.
S202, at least one subdata in multiple subdatas is encrypted using the public key of contact person;
It is preparatory using user after determining the multiple subdatas for constituting the first data to be stored in the embodiment of the present invention Contact person's public key of acquisition carries out at encryption one of subdata, a portion subdata or in which each subdata Reason.
S203, it at least stores encrypted subdata as the first encryption data to server-side;
In the embodiment of the present invention, the subdata of encryption can be transmitted to server-side as the first encryption data and stored, The first encryption data can also be used as to store to server-side together the subdata of encryption and the subdata of unencryption.
S204, association messages are sent to server-side, the association messages are used to indicate the contact details of the contact person It is associatedly stored with encrypted subdata;
In the embodiment of the present invention, while the first encryption data is sent to server-side or front and back, also sent out to server-side Send related information relevant to the encryption of the first encryption data.Specify in related information the public key encryption using contact person Subdata and provide the public key contact person contact details between corresponding relationship.
S205, the second data to be stored is encrypted using the first data to be stored to obtain the second encryption data;
In the embodiment of the present invention, the second data to be stored is, for example, document files, form document, program file etc., and first Data to be stored is encryption key for being encrypted to the second data to be stored, using the first data to be stored to second to Storing data carries out encrypting available second encryption data.
S206, second encryption data and the first encryption data are associatedly stored to the server-side.
First encryption data and the second encryption data simultaneously or can be stored successively to server-side, as long as can ensure that the two is taking Business end associated storage.
By embodiment illustrated in fig. 2, data are encrypted using key, and the multiple subdatas for constituting key are used into connection The public key of people encrypts, and by encrypted data and encrypted key storage in server-side, can lead to when needing to restore data It crosses and seeks help contact person to obtain the key of decryption, to encryption data be decrypted to obtain data clear text, to realize It improves and enhances the restorability of data while the safety of data protection.
In embodiments of the present invention, when the multiple subdatas encrypted in S102 or S202 to needs are encrypted, The public key that multiple and different contact persons can be used respectively encrypts multiple subdatas of same first data to be stored, such as Situation shown in table 1, association messages can indicate server-side by the contact details of encrypted subdata and each contact person one by one Accordingly associated storage.
In embodiments of the present invention, when any subdata encrypted in S102 or S202 to needs is encrypted, The public key that multiple and different contact persons can be used carries out multi-layer security to the subdata, and the association messages can indicate server-side The encryption level of the contact details of each contact person and corresponding each public key is associatedly stored with encrypted subdata, Such as shown in the following table 2, wherein illustrating the subdata for needing to encrypt is two, it is each respectively with two mutually different contact persons When public key has carried out two layers of encryption, corresponding relationship indicated by association messages:
Table 2
Wherein, the subdata of the entitled D1 of file is that the subdata of two layers of encryption has been carried out with the public key of contact person A and B, 12@* * * .com are the schematic electricity that subdata D1 carries out the corresponding contact person A of contact person's public key used when first layer encryption Postal address, 34@* * * .com are that after subdata D1 carries out first layer encryption, it is public to carry out the contact person used when second layer encryption The schematic e-mail address of the corresponding contact person B of key.The subdata of the entitled D2 of file is to be carried out with the public key of contact person C and D The subdata of two layers of encryption, 56@* * * .com are corresponding for the contact person's public key used when subdata D2 progress first layer encryption The schematic e-mail address of contact person C, 78@* * * .com are after subdata D2 carries out first layer encryption, to carry out second layer encryption When the schematic e-mail address of the corresponding contact person D of contact person's public key that uses.
In the embodiment of the present invention, the above-mentioned cipher mode to each subdata to be encrypted can be combined, for example, working as When the subdata for needing to encrypt is two, one of subdata can be encrypted using the public key of a contact person, to another One subdata carries out two layers of encryption using the public key of other two contact person, and writes subdata and contact person exactly in contingency table Corresponding relationship between the encryption level and contact person's public key of corresponding relationship and subdata between public key.It needs to illustrate Be enumerate herein need the subdata that encrypts be two be for ease of description, the subdata for needing to encrypt can be three with On, for each subdata for needing to encrypt, it can use contact person's public key and take same or different encryption method.
Fig. 3 is the schematic flow chart of one embodiment of data reconstruction method of the invention.
As shown in figure 3, the data reconstruction method of the embodiment of the present invention includes the following steps:
S301, the recovery request from client is received, recovery request is related to the first pre-stored data, the first pre-stored data The encrypted subdata that public key encryption including at least one through contact person obtains;
Client is stored by data encryption to server-side, can be to server-side when needing to restore stored data Send recovery request.Server-side stores the encrypted subnumber obtained using contact person's public key encryption that client had previously uploaded According to.Server-side is also stored between the contact details of each encrypted subdata contact person corresponding with public key used is encrypted Corresponding relationship, in order to carry out recovery processing to encrypted subdata.
The contact details of S302, basis and the associated contact person of encrypted subdata, encrypted subdata is sent To corresponding contact person side;
Corresponding relationship between server-side above-mentioned encrypted subdata according to the pre-stored data and contact details, by each warp Encryption subdata is sent to contact person side pointed by contact details corresponding with the encrypted subdata.
For example, see example shown in upper table 1, server-side can send mailbox for the encryption subdata of the entitled D1 of file The encryption subdata of the entitled D2 of file is sent 456 * * * .com of mailbox, and adding the entitled D3 of file by 123 * * * .com Close subdata is sent to 789@* * * .com of mailbox.
Each contact person is decrypted to obtain after receiving encryption subdata using the subdata of the private key pair encryption of oneself Ciphertext data, and ciphertext data is sent to server-side yet by the mailbox for receiving encryption subdata.
S303, based on the returned data part received from corresponding contact person side, the first pre-stored data is reverted to first Initial data.
With continued reference to upper table 1, server-side can receive the ciphertext data for the D1 that 123@* * * .com of mailbox is sent, mailbox The ciphertext data for the D3 that the ciphertext data and 789@* * * .com of mailbox for the D2 that 456@* * * .com are sent are sent solves three parts Ciphertext data reverts to the first initial data.It certainly, further include unencryption subdata in the subdata for constituting the first initial data In the case where, the ciphertext data received from each contact person's mailbox and unencryption subdata are reverted to the first original by server-side jointly Beginning data.
In the data recovery scheme of the embodiment of the present invention, by the way that encryption data is sent to each contact person, by contacting People returns to server-side after being decrypted using the private key pair encryption data of oneself encryption data is reverted to initial data, thus Can solve simultaneously data storage safety, for encryption data personal key be cracked or lose caused by data can not The problem of recovery, enhances the restorability of data while the safety for improving data protection.
It should be noted that using email address as the example of contact details in the above Tables 1 and 2, the present invention is simultaneously unlimited In this, such as the contact methods such as cell-phone number, WeChat ID can be used as the contact details of contact person.
Fig. 4 is the schematic flow chart of another embodiment of data reconstruction method of the invention.
As shown in figure 4, the data reconstruction method of the embodiment of the present invention includes:
S401, the recovery request from client is received, recovery request is related to the first pre-stored data, the first pre-stored data The encrypted subdata that public key encryption including at least one through contact person obtains;
Client is stored by data encryption to server-side, can be to server-side when needing to restore stored data Send recovery request.Server-side store each encrypted subdata and its with encrypt contacting for the corresponding contact person of public key used Corresponding relationship between information.
The contact details of S402, basis and the associated contact person of encrypted subdata, encrypted subdata is sent To corresponding contact person side;
Corresponding relationship between server-side above-mentioned encrypted subdata according to the pre-stored data and contact details, by each warp Encryption subdata is sent to contact person side pointed by contact details corresponding with the encrypted subdata.Each contact person is receiving To after encryption subdata, it is decrypted to obtain ciphertext data using the subdata of the private key pair encryption of oneself, and yet by reception Ciphertext data is sent to server-side by the mailbox to encryption subdata.
S403, based on the returned data part received from corresponding contact person side, the first pre-stored data is reverted to first Initial data;
After server-side flanks the ciphertext data for receiving return from each contact person, it is based on ciphertext data, it is original to restore generation first Data.
S404, it is decrypted using the first initial data pair the second pre-stored data relevant to recovery request, obtains second Initial data is simultaneously sent to client.
In the embodiment of the present invention, the second initial data is, for example, document files, form document, program file etc., and first is former Beginning data are the encryption key for being encrypted to the second initial data, and the requested recovery request of client is plaintext Second initial data.Server-side can determine the second pre-stored data according to recovery request, make after restoring to generate the first initial data The second pre-stored data is decrypted with the first initial data, obtains the second initial data needed for client.
Through the embodiment of the present invention, according to the data recovery request of client, can first pass through will be relevant to data key Each encryption data is sent to each contact person, and clothes are returned after being decrypted by contact person using the private key pair encryption data of oneself The key recovery that business end will encrypt is clear text key, then encryption data is decrypted the number after being decrypted with clear text key According to, so as to simultaneously solve data storage safety, for encryption data personal key be cracked or lose caused by The problem of data can not be restored enhances the restorability of data while the safety for improving data protection.
In embodiments of the present invention, the first pre-stored data may include multiple warps of each public key encryption through different contact persons Each encrypted subdata can be respectively sent to corresponding contact person side by the subdata of encryption, server-side, such as by table 1 Shown in each data D1, D2 and D3 be sent to the email address of each corresponding relationship people, and receive and returned from the email address Ciphertext data.
In embodiments of the present invention, one or more encrypted subdatas are first using the public key of multiple and different contact persons Multi-layer security acquisition is carried out afterwards, then server-side is needed the encryption data with the respective encrypted number of plies of encrypted subdata It is sent to corresponding contact person side.For example, see exemplified by upper table 2, in this case, server-side needs first to add two layers Close subdata D1 is sent to the 34@* * * .com of contact addresses of corresponding second layer encryption level, receives return from the mailbox One layer of encryption subdata D1 after, then by the subdata D1 that this layer encrypts send the connection of corresponding first layer encryption level The processing mode of 12@* * * .com of people address, the subdata D2 encrypted to two layers are identical as D1.
In embodiments of the present invention, when encrypted subdata each in the first pre-stored data has used different encryptions respectively When mode, server-side is also that encrypted subdata is sent to corresponding contact person side according to the corresponding relationship in contingency table.It is right In each encryption data of return, server-side can be stored temporarily, be restored until completing last data, so as to correctly complete At the synthesis of subdata.
Fig. 5 is the schematic block diagram of one embodiment of data protecting device of the invention.
As shown in figure 5, the data protecting device of the embodiment of the present invention includes encryption unit 11 and the first communication unit 12.
Encryption unit 11 is configured to use contact person according to the fixed multiple subdatas for constituting the first data to be stored Public key at least one subdata in multiple subdatas is encrypted.
First communication unit 12 is configured at least store encrypted subdata as the first encryption data to server-side, And association messages are sent to server-side, association messages, which are used to indicate, is associated with the contact details of contact person with encrypted subdata Ground is stored.
In an embodiment of the invention, the first data to be stored is encryption key, then encryption unit 11 is additionally configured to make The second data to be stored is encrypted with the first data to be stored to obtain the second encryption data, the first communication unit 12 also configures Associatedly to store the second encryption data and the first encryption data to server-side.
In an embodiment of the invention, encryption unit 11 is configurable to distinguish using the public key of multiple and different contact persons The different subdatas for constituting same first data to be stored are encrypted, and the pass that communication unit 12 is sent to server-side Connection message is used to indicate stores the contact details of multiple and different contact persons with encrypted subdata with being respectively associated.
In an embodiment of the invention, encryption unit 11 is configurable to the public key using multiple and different contact persons to structure Multi-layer security is carried out at least one subdata of same first data to be stored, and communication unit 12 is sent to server-side Association messages are used to indicate encryption level and warp by the contact details of the multiple different contact persons and corresponding each public key The subdata of encryption is associatedly stored.
Fig. 6 is the schematic block diagram of one embodiment of Data Recapture Unit of the invention.
As shown in fig. 6, the Data Recapture Unit of the embodiment of the present invention includes storage unit 21, the second communication unit 22 and place Manage unit 23.
Storage unit 21 is stored with the first pre-stored data, and the first pre-stored data includes that at least one public key through contact person adds The encrypted subdata of close acquisition.
Second communication unit 22 is configured to receive the recovery request relevant to the first pre-stored data from client, and root According to the contact details with the associated contact person of encrypted subdata, encrypted subdata is sent to corresponding contact person Side, and flanked from corresponding contact person and receive returned data part.
Processing unit 23 is configured to the second communication unit 22 from the received returned data part in contact person side, by first Pre-stored data reverts to the first initial data.
In an embodiment of the invention, the first initial data is encryption key, and it is pre- that storage unit 21 is also stored with second Deposit data, processing unit 23 are additionally configured to solve using the first initial data pair the second pre-stored data relevant to recovery request It is close to obtain the second initial data, and client is sent to by the second communication unit 22.
In an embodiment of the invention, the first pre-stored data includes multiple warps of each public key encryption through different contact persons The subdata of encryption, the second communication unit 22 are configured to each encrypted subdata being respectively sent to corresponding contact person Side.
In an embodiment of the invention, at least one encrypted subdata is through using the public key of multiple and different contact persons Multi-layer security acquisition is successively carried out, second communication unit 22 is configured to encrypted subdata with the respective encrypted number of plies Encryption data is sent to corresponding contact person side.
The above are presently preferred embodiments of the present invention, are not intended to limit the scope of the present invention.It is all in the present invention Spirit and principle within, made any modification, equivalent replacement and improvement etc. should be included in protection scope of the present invention Within.

Claims (16)

1. a kind of data guard method is applied to client, comprising:
The multiple subdatas for constituting the first data to be stored are determined, using the public key of contact person at least one in multiple subdatas A subdata is encrypted;
It at least stores encrypted subdata as the first encryption data to server-side, and sends association messages to server-side, The association messages, which are used to indicate, associatedly stores the contact details of the contact person and encrypted subdata,
Wherein, the contact person is the contact person of the user of client.
2. the method for claim 1, wherein first data to be stored is encryption key, the method also includes:
The second data to be stored is encrypted using the first data to be stored to obtain the second encryption data;
Second encryption data and the first encryption data are associatedly stored to the server-side.
3. the method for claim 1, wherein the encryption includes being distinguished using the public key of multiple and different contact persons The different subdatas is encrypted, the association messages are used to indicate the contact details of the multiple different contact persons It is stored with being respectively associated with encrypted subdata.
4. the method for claim 1, wherein the encryption includes the public key using multiple and different contact persons to institute It states at least one subdata and carries out multi-layer security, the association messages are used to indicate the connection letter of the multiple different contact persons The encryption level of breath and corresponding each public key is associatedly stored with encrypted subdata.
5. a kind of data reconstruction method, comprising:
The recovery request from client is received, the recovery request is related to the first pre-stored data, first pre-stored data The encrypted subdata that public key encryption including at least one through contact person obtains;
According to the contact details with the encrypted associated contact person of subdata, the encrypted subdata is sent out It send to corresponding contact person side;
Based on the returned data part received from corresponding contact person side, first pre-stored data is reverted into the first original number According to,
Wherein, the contact person is the contact person of the user of the client.
6. method as claimed in claim 5, wherein the first initial data is encryption key, the method also includes:
It is decrypted using first initial data pair the second pre-stored data relevant to the recovery request, obtains the second original Beginning Data Concurrent gives the client.
7. method as claimed in claim 5, wherein the first pre-stored data includes the more of each public key encryption through different contact persons A encrypted subdata, and by the encrypted subdata be sent to corresponding contact person side include: will be each The encrypted subdata is respectively sent to corresponding contact person side.
8. method as claimed in claim 5, wherein at least one described encrypted subdata is used multiple and different connections The public key of people successively carries out multi-layer security acquisition, and the encrypted subdata is sent to corresponding contact person side and is wrapped It includes: the encryption data with the respective encrypted number of plies of the encrypted subdata is sent to corresponding contact person side.
9. a kind of data protecting device, comprising:
Encryption unit is configured to use contact person's according to the fixed multiple subdatas for constituting the first data to be stored At least one subdata in multiple subdatas is encrypted in public key;
First communication unit is configured at least store encrypted subdata as the first encryption data to server-side, and Association messages are sent to server-side, the association messages are used to indicate the contact details of the contact person and encrypted subnumber According to associatedly being stored,
Wherein, the contact person is the contact person of the user of the data protecting device.
10. device as claimed in claim 9, wherein first data to be stored is encryption key, and the encryption unit is also It is configured so that the first data to be stored encrypts the second data to be stored to obtain the second encryption data;First communication Unit is additionally configured to associatedly store second encryption data and the first encryption data to the server-side.
11. device as claimed in claim 9, wherein the encryption unit is configured so that the public key of multiple and different contact persons The different subdatas is encrypted respectively, and the association messages that first communication unit is sent to server-side It is used to indicate stores the contact details of the multiple different contact persons with encrypted subdata with being respectively associated.
12. device as claimed in claim 9, wherein the encryption unit is configured so that the public key of multiple and different contact persons Multi-layer security is carried out at least one described subdata, and the association that first communication unit is sent to server-side disappears Breath be used to indicate by the contact details of the multiple different contact persons and the encryption level of corresponding each public key with it is encrypted Subdata is associatedly stored.
13. a kind of Data Recapture Unit, comprising:
Storage unit, is stored with the first pre-stored data, and first pre-stored data includes at least one public key through contact person Encrypt the encrypted subdata obtained;
Second communication unit is configured to receive the recovery request relevant to first pre-stored data from client, and According to the contact details with the encrypted associated contact person of subdata, the encrypted subdata is sent to Corresponding contact person side, and flanked from corresponding contact person and receive returned data part;
Processing unit is configured to the returned data part, and first pre-stored data is reverted to the first original number According to,
Wherein, the contact person is the contact person of the user of the client.
14. device as claimed in claim 13, wherein the first initial data is encryption key, and the storage unit also stores There is the second pre-stored data, the processing unit is additionally configured to relevant to the recovery request using first initial data pair Second pre-stored data is decrypted, and obtains the second initial data, and be sent to the visitor by second communication unit Family end.
15. device as claimed in claim 13, wherein the first pre-stored data includes each public key encryption through different contact persons Multiple encrypted subdatas, the second communication unit are configured to each encrypted subdata being respectively sent to phase The contact person side answered.
16. device as claimed in claim 13, wherein at least one described encrypted subdata is multiple and different through using It is that the public key of people successively carries out multi-layer security acquisition, the second communication unit is configured to the encrypted subdata having phase The encryption data that the number of plies should be encrypted is sent to corresponding contact person side.
CN201711027261.2A 2017-10-27 2017-10-27 Data guard method and device, data reconstruction method and device Active CN107682355B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711027261.2A CN107682355B (en) 2017-10-27 2017-10-27 Data guard method and device, data reconstruction method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711027261.2A CN107682355B (en) 2017-10-27 2017-10-27 Data guard method and device, data reconstruction method and device

Publications (2)

Publication Number Publication Date
CN107682355A CN107682355A (en) 2018-02-09
CN107682355B true CN107682355B (en) 2018-12-18

Family

ID=61142707

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711027261.2A Active CN107682355B (en) 2017-10-27 2017-10-27 Data guard method and device, data reconstruction method and device

Country Status (1)

Country Link
CN (1) CN107682355B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109934013B (en) * 2019-03-21 2021-01-08 北京纬百科技有限公司 Data protection method and device
CN109981678B (en) * 2019-04-08 2021-04-09 北京深思数盾科技股份有限公司 Information synchronization method and device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101986596B (en) * 2010-10-21 2014-06-25 无锡江南信息安全工程技术中心 Key management mechanism
ES2509816T3 (en) * 2011-08-05 2014-10-20 Selex Es S.P.A. System for the distribution of cryptographic keys
CN103942470B (en) * 2014-05-07 2017-06-20 华中师范大学 A kind of electronic audiovisual product copyright managing method with function of tracing to the source
CN105933113A (en) * 2016-06-13 2016-09-07 北京三未信安科技发展有限公司 Secret key backup recovering method and system, and related devices
CN106254324B (en) * 2016-07-26 2019-05-17 杭州文签网络技术有限公司 A kind of encryption method and device of storage file

Also Published As

Publication number Publication date
CN107682355A (en) 2018-02-09

Similar Documents

Publication Publication Date Title
US10097522B2 (en) Encrypted query-based access to data
CN103609059B (en) The system and method shared for secure data
CN103270516B (en) System and method for securing virtual machine computing environments
CN103229450B (en) The system and method stored for safe multi-tenant data
CN103178965B (en) Multifactor or key formula is used to disperse the system and method that data are protected
CN102932136B (en) Systems and methods for managing cryptographic keys
CN103563325B (en) Systems and methods for securing data
US20150244684A1 (en) Data security management system
US20140281520A1 (en) Secure cloud data sharing
CN102523086B (en) Key recovery method in privacy protection cloud storage system
CN108737374A (en) The method for secret protection that data store in a kind of block chain
US20160239683A1 (en) System and method for securely storing files
CN106104562A (en) Safety of secret data stores and recovery system and method
CN104079573A (en) Systems and methods for securing data in the cloud
CN106407766A (en) Secure file sharing method and system
CN106230872A (en) To moving medial according to the system and method protected
CN109543434B (en) Block chain information encryption method, decryption method, storage method and device
CN109728906A (en) Anti- quantum calculation asymmet-ric encryption method and system based on unsymmetrical key pond
CN103475474B (en) Method for providing and acquiring shared enciphered data and identity authentication equipment
WO2009051951A1 (en) Systems and methods for securely processing form data
Kumar et al. A review on hybrid encryption in cloud computing
CN107113164A (en) The deduplication of encryption data
CN107682355B (en) Data guard method and device, data reconstruction method and device
CN104993929B (en) A kind of attribute-based encryption system that system property is supported to extend and method
CN108737443B (en) Method for hiding mail address based on cryptographic algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing

Patentee after: Beijing Shendun Technology Co.,Ltd.

Address before: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing

Patentee before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd.

CP01 Change in the name or title of a patent holder