CN107682355B - Data guard method and device, data reconstruction method and device - Google Patents
Data guard method and device, data reconstruction method and device Download PDFInfo
- Publication number
- CN107682355B CN107682355B CN201711027261.2A CN201711027261A CN107682355B CN 107682355 B CN107682355 B CN 107682355B CN 201711027261 A CN201711027261 A CN 201711027261A CN 107682355 B CN107682355 B CN 107682355B
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- subdata
- encrypted
- stored
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of data guard methods, comprising: determines the multiple subdatas for constituting the first data to be stored, at least one subdata in multiple subdatas is encrypted using the public key of contact person;It at least stores encrypted subdata as the first encryption data to server-side, and sends association messages to server-side, association messages, which are used to indicate, associatedly stores the contact details of contact person and encrypted subdata.The invention also discloses a kind of data protecting devices.Data Protection Scheme through the invention can effectively improve the security level of data.
Description
Technical field
The present invention relates to computer field, in particular to a kind of data guard method and device and a kind of data restore
Method and device.
Background technique
It is convenient and efficiently that internet is for people's lives, enterprise operation activity etc. is brought, but also considerably increases number simultaneously
According to the risk of safety.In recent years, various data safety events occur again and again.Data safety has become asking for people's close attention
Topic, is related to the confidential datas such as private sensitive data, technology, finance, military project.
The scheme that data encrypt is wanted there are many counterweight at present, such as by being encrypted, being obscured to data,
Using the information safety devices (such as encryption lock) with greater security, HD encryption, these schemes mention to a certain extent
High safety, increases the difficulty cracked, but also not perfectly safe.Such as it to data encryption and is deposited when using personal key
When storing up beyond the clouds, once personal key is cracked or personal key is lost, the problem of data can not be restored will be faced.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of to enhance restoring for data while improving Information Security
The data protection of property and recovery scheme.
Data guard method provided in an embodiment of the present invention comprises determining that the multiple subnumbers for constituting the first data to be stored
According at least one subdata in multiple subdatas is encrypted using the public key of contact person;It at least will be encrypted
Subdata is stored as the first encryption data to server-side, and sends association messages to server-side, and the association messages are for referring to
Show and associatedly stores the contact details of the contact person and encrypted subdata.
Preferably, first data to be stored is encryption key, and the method also includes: use the first number to be stored
According to being encrypted to obtain the second encryption data to the second data to be stored;Second encryption data and the first encryption data are closed
Store to the server-side to connection.
Preferably, the encryption includes the public key using multiple and different contact persons respectively to the different subnumbers
According to being encrypted, the association messages are used to indicate the contact details and encrypted subdata of the multiple different contact persons
It is stored with being respectively associated.
Preferably, the encryption includes the public key using multiple and different contact persons at least one described subdata
Multi-layer security is carried out, the association messages are used to indicate the contact details and corresponding each public affairs of the multiple different contact persons
The encryption level of key is associatedly stored with encrypted subdata.
Data reconstruction method provided in an embodiment of the present invention includes: to receive the recovery request from client, the recovery
Request is related to the first pre-stored data, and first pre-stored data includes the warp that at least one public key encryption through contact person obtains
The subdata of encryption;It, will be described encrypted according to the contact details with the encrypted associated contact person of subdata
Subdata be sent to corresponding contact person side;Based on the returned data part received from corresponding contact person side, by described
One pre-stored data reverts to the first initial data.
Preferably, the first initial data is encryption key, and the method also includes: use first initial data pair
The second pre-stored data relevant to the recovery request is decrypted, and obtains the second initial data and is sent to the client.
Preferably, the first pre-stored data includes multiple encrypted sons of each public key encryption through different contact persons
Data, and it includes: by each encrypted subnumber that the encrypted subdata, which is sent to corresponding contact person side,
According to being respectively sent to corresponding contact person side.
Preferably, at least one described encrypted subdata is used the public key of multiple and different contact persons successively to carry out
Multi-layer security obtain, and by the encrypted subdata be sent to corresponding contact person side include: will be described encrypted
The encryption data with the respective encrypted number of plies of subdata is sent to corresponding contact person side.
Data protecting device provided in an embodiment of the present invention includes: encryption unit, is configured to according to fixed composition
Multiple subdatas of first data to be stored carry out at least one subdata in multiple subdatas using the public key of contact person
Encryption;First communication unit is configured at least store encrypted subdata as the first encryption data to service
End, and to server-side send association messages, the association messages be used to indicate by the contact details of the contact person with it is encrypted
Subdata associatedly stored.
Preferably, first data to be stored be encryption key, the encryption unit be additionally configured to using first to
Storing data encrypts the second data to be stored to obtain the second encryption data;First communication unit is additionally configured to institute
It states the second encryption data and the first encryption data is associatedly stored to the server-side.
Preferably, the encryption unit is configured so that the public key of multiple and different contact persons respectively to the different sons
Data are encrypted, and the association messages that the communication unit is sent to server-side are used to indicate the multiple difference
The contact details of contact person store with being respectively associated with encrypted subdata.
Preferably, the encryption unit is configured so that the public key of multiple and different contact persons at least one described subnumber
According to carrying out multi-layer security, and the association messages that are sent to server-side of the communication unit be used to indicate by it is the multiple not
It is associatedly stored with the contact details of contact person and the encryption level of corresponding each public key with encrypted subdata.
Data Recapture Unit provided in an embodiment of the present invention includes: storage unit, is stored with the first pre-stored data, described
First pre-stored data includes the encrypted subdata that at least one public key encryption through contact person obtains;Second communication unit,
It is configured to receive the recovery request relevant to first pre-stored data from client, and according to it is described encrypted
The encrypted subdata is sent to corresponding contact person side by the contact details of the associated contact person of subdata, with
And it is flanked from corresponding contact person and receives returned data part;Processing unit is configured to the returned data part, by institute
It states the first pre-stored data and reverts to the first initial data.
Preferably, the first initial data is encryption key, the storage unit is also stored with the second pre-stored data, described
Processing unit be additionally configured to using first initial data pair, second pre-stored data relevant to the recovery request into
Row decryption, obtains the second initial data, and be sent to the client by second communication unit.
Preferably, the first pre-stored data includes multiple encrypted sons of each public key encryption through different contact persons
Data, the second communication unit are configured to each encrypted subdata being respectively sent to corresponding contact person side.
Preferably, at least one described encrypted subdata is used the public key of multiple and different contact persons successively to carry out
Multi-layer security obtains, and the second communication unit is configured to the encryption number with the respective encrypted number of plies of the encrypted subdata
According to being sent to corresponding contact person side.
The data protection of the embodiment of the present invention and recovery scheme using contact person's data key of user by being added
Privacy protection obtains data by seeking help contact person when restoring data, can solve safety, the key quilt of data storage simultaneously
The problem of bring data can not be restored is cracked or lost, enhances data while the safety for improving data protection
Restorability.
Detailed description of the invention
Fig. 1 is the schematic flow chart of one embodiment of data guard method of the invention;
Fig. 2 is the schematic flow chart of another embodiment of data guard method of the invention;
Fig. 3 is the schematic flow chart of one embodiment of data reconstruction method of the invention;
Fig. 4 is the schematic flow chart of another embodiment of data reconstruction method of the invention;
Fig. 5 is the schematic block diagram of one embodiment of data protecting device of the invention;
Fig. 6 is the schematic block diagram of one embodiment of Data Recapture Unit of the invention.
Specific embodiment
Each embodiment of the invention is described in detail referring to specification.
Fig. 1 is the schematic flow chart of one embodiment of data guard method of the invention.
As shown in Figure 1, the data guard method of the present embodiment includes:
S101, the multiple subdatas for constituting the first data to be stored are determined;
In the embodiment of the present invention, the first data to be stored can be made of multiple subdatas, such as generate multiple subdatas
Afterwards, it combines multiple subdatas to obtain the first data to be stored.As an example, the first data to be stored, which can be, has predetermined knot
The character string of structure is made of multiple fields, and the substring in each field is a subdata;First data to be stored can
To be a group of file, each file therein is a subdata;First data to be stored can also be is spliced by multiple image
At panoramic picture, the multiple image is as multiple subdatas.
It, can also be by being split to the first data to be stored generated or dividing to obtain in the embodiment of the present invention
Multiple subdatas.As an example, the first data to be stored can be integrally formed character string, it is divided by pre-defined rule
It cuts and multiple substrings can be obtained as subdata, such as can be split according to every four characters;First data to be stored can
To be document files, form document or audio-video document, multiple data packets can be split into as multiple according to predefined size to it
Subdata.
In the embodiment of the present invention, when the first data to be stored is made of multiple subdatas, it can generate for forming the
After multiple subdatas of one data to be stored, the first data to be stored wouldn't be generated, and multiple subdatas generated are determined
For the multiple subdatas for constituting the first data to be stored.When being split to the first data to be stored or divide to obtain multiple subnumbers
According to when, will split or the obtained multiple subdatas of segmentation are determined as constituting multiple subdatas of the first data to be stored.
S102, at least one subdata in multiple subdatas is encrypted using the public key of contact person;
It, can be to one of son after determining the multiple subdatas for constituting the first data to be stored in the embodiment of the present invention
Data are encrypted, and perhaps a portion subdata are encrypted respectively or can also be to wherein each
Subdata is encrypted.
In the embodiment of the present invention, the encryption of subdata is carried out by the public key using contact person.Contact person can
To be connection that the users such as good friend, relatives or the teacher of user of the first data to be stored contact that more or user more trusts
People.User can obtain the public key of the contact person from one or more contact persons in advance, determine which is used in practical application
Contact person's public key is used for the encryption of subdata.
S103, it at least stores encrypted subdata as the first encryption data to server-side;
In the embodiment of the present invention, after part or all of subdata is encrypted, the subdata of encryption can be made
Server-side is transmitted to for the first encryption data to be stored, and the subdata of unencryption is retained in local client.
Alternately, in the embodiment of the present invention, the subdata of encryption and the subdata of unencryption can also be used as together to
One encryption data is stored to server-side, and local client does not store the subdata being encrypted or unencrypted.In this case, may be used also
By to server-side send instruction by multiple subdatas generate the first data to be stored in a manner of message, when to restore data by
Server-side generates the first data to be stored and returns to client.
In embodiments of the present invention, user can log on to the user account of server-side by user name password etc., by first
Encryption data is stored in the user account of server-side.Specifically, user passes through to the web browser in client or specially
First encryption data is transmitted to clothes by upload function by the user account that server-side is logged on to the operation of Application Program Interface
Business end, and can confirm in client end interface and upload result.
S104, association messages are sent to server-side, the association messages are used to indicate the contact details of the contact person
It is associatedly stored with encrypted subdata.
In the embodiment of the present invention, while the first encryption data is sent to server-side or front and back, also sent out to server-side
Send related information relevant to the encryption of the first encryption data.Specify in related information the public key encryption using contact person
Subdata and provide the public key contact person contact details between corresponding relationship.
For example, user is after logging on to the user account of server-side by the vertical application in client, by three
Encrypted subdata is transmitted to server-side as the first encryption data, and shows in the user interface of the vertical application
Contingency table in fill in each encryption subdata and corresponding contact details, such as shown in the following table 1:
Table 1
The subdata of encryption | The contact details of public key people |
D1 | 123@***.com |
D2 | 456@***.com |
D3 | 789@***.com |
Wherein, the subdata of the entitled D1 of file is with the subdata of the public key encryption of contact person A, and 123 * * * .com are connection
It is the schematic e-mail address of people A.The subdata of the entitled D2 of file be with the subdata of the public key encryption of contact person B,
456@* * * .com are the schematic e-mail address of contact person B.The subdata of the entitled D3 of file is with the public key encryption of contact person C
Subdata, 789@* * * .com be contact person C schematic e-mail address.
After the completion of upper table is filled in, service is sent to for the related information in contingency table as association messages by confirmation operation
End stores, thereby completing the present invention the Data Protection Scheme of embodiment.
The Data Protection Scheme of the embodiment of the present invention by being encrypted using contact person's data key of user,
Data can be obtained by seeking help contact person when needing to restore data, so as to solve the safety of data storage simultaneously, use
The problem of data caused by personal key in encryption data is cracked or loses can not be restored, in the peace for improving data protection
The restorability of data is enhanced while full property.
Fig. 2 is the schematic flow chart of another embodiment of data guard method of the invention.
As shown in Fig. 2, the data guard method of the embodiment of the present invention includes:
S201, the multiple subdatas for constituting the first data to be stored are determined;
In the embodiment of the present invention, the first data to be stored can be made of multiple subdatas, can also be by raw
At the first data to be stored split or divide to obtain multiple subdatas.
S202, at least one subdata in multiple subdatas is encrypted using the public key of contact person;
It is preparatory using user after determining the multiple subdatas for constituting the first data to be stored in the embodiment of the present invention
Contact person's public key of acquisition carries out at encryption one of subdata, a portion subdata or in which each subdata
Reason.
S203, it at least stores encrypted subdata as the first encryption data to server-side;
In the embodiment of the present invention, the subdata of encryption can be transmitted to server-side as the first encryption data and stored,
The first encryption data can also be used as to store to server-side together the subdata of encryption and the subdata of unencryption.
S204, association messages are sent to server-side, the association messages are used to indicate the contact details of the contact person
It is associatedly stored with encrypted subdata;
In the embodiment of the present invention, while the first encryption data is sent to server-side or front and back, also sent out to server-side
Send related information relevant to the encryption of the first encryption data.Specify in related information the public key encryption using contact person
Subdata and provide the public key contact person contact details between corresponding relationship.
S205, the second data to be stored is encrypted using the first data to be stored to obtain the second encryption data;
In the embodiment of the present invention, the second data to be stored is, for example, document files, form document, program file etc., and first
Data to be stored is encryption key for being encrypted to the second data to be stored, using the first data to be stored to second to
Storing data carries out encrypting available second encryption data.
S206, second encryption data and the first encryption data are associatedly stored to the server-side.
First encryption data and the second encryption data simultaneously or can be stored successively to server-side, as long as can ensure that the two is taking
Business end associated storage.
By embodiment illustrated in fig. 2, data are encrypted using key, and the multiple subdatas for constituting key are used into connection
The public key of people encrypts, and by encrypted data and encrypted key storage in server-side, can lead to when needing to restore data
It crosses and seeks help contact person to obtain the key of decryption, to encryption data be decrypted to obtain data clear text, to realize
It improves and enhances the restorability of data while the safety of data protection.
In embodiments of the present invention, when the multiple subdatas encrypted in S102 or S202 to needs are encrypted,
The public key that multiple and different contact persons can be used respectively encrypts multiple subdatas of same first data to be stored, such as
Situation shown in table 1, association messages can indicate server-side by the contact details of encrypted subdata and each contact person one by one
Accordingly associated storage.
In embodiments of the present invention, when any subdata encrypted in S102 or S202 to needs is encrypted,
The public key that multiple and different contact persons can be used carries out multi-layer security to the subdata, and the association messages can indicate server-side
The encryption level of the contact details of each contact person and corresponding each public key is associatedly stored with encrypted subdata,
Such as shown in the following table 2, wherein illustrating the subdata for needing to encrypt is two, it is each respectively with two mutually different contact persons
When public key has carried out two layers of encryption, corresponding relationship indicated by association messages:
Table 2
Wherein, the subdata of the entitled D1 of file is that the subdata of two layers of encryption has been carried out with the public key of contact person A and B,
12@* * * .com are the schematic electricity that subdata D1 carries out the corresponding contact person A of contact person's public key used when first layer encryption
Postal address, 34@* * * .com are that after subdata D1 carries out first layer encryption, it is public to carry out the contact person used when second layer encryption
The schematic e-mail address of the corresponding contact person B of key.The subdata of the entitled D2 of file is to be carried out with the public key of contact person C and D
The subdata of two layers of encryption, 56@* * * .com are corresponding for the contact person's public key used when subdata D2 progress first layer encryption
The schematic e-mail address of contact person C, 78@* * * .com are after subdata D2 carries out first layer encryption, to carry out second layer encryption
When the schematic e-mail address of the corresponding contact person D of contact person's public key that uses.
In the embodiment of the present invention, the above-mentioned cipher mode to each subdata to be encrypted can be combined, for example, working as
When the subdata for needing to encrypt is two, one of subdata can be encrypted using the public key of a contact person, to another
One subdata carries out two layers of encryption using the public key of other two contact person, and writes subdata and contact person exactly in contingency table
Corresponding relationship between the encryption level and contact person's public key of corresponding relationship and subdata between public key.It needs to illustrate
Be enumerate herein need the subdata that encrypts be two be for ease of description, the subdata for needing to encrypt can be three with
On, for each subdata for needing to encrypt, it can use contact person's public key and take same or different encryption method.
Fig. 3 is the schematic flow chart of one embodiment of data reconstruction method of the invention.
As shown in figure 3, the data reconstruction method of the embodiment of the present invention includes the following steps:
S301, the recovery request from client is received, recovery request is related to the first pre-stored data, the first pre-stored data
The encrypted subdata that public key encryption including at least one through contact person obtains;
Client is stored by data encryption to server-side, can be to server-side when needing to restore stored data
Send recovery request.Server-side stores the encrypted subnumber obtained using contact person's public key encryption that client had previously uploaded
According to.Server-side is also stored between the contact details of each encrypted subdata contact person corresponding with public key used is encrypted
Corresponding relationship, in order to carry out recovery processing to encrypted subdata.
The contact details of S302, basis and the associated contact person of encrypted subdata, encrypted subdata is sent
To corresponding contact person side;
Corresponding relationship between server-side above-mentioned encrypted subdata according to the pre-stored data and contact details, by each warp
Encryption subdata is sent to contact person side pointed by contact details corresponding with the encrypted subdata.
For example, see example shown in upper table 1, server-side can send mailbox for the encryption subdata of the entitled D1 of file
The encryption subdata of the entitled D2 of file is sent 456 * * * .com of mailbox, and adding the entitled D3 of file by 123 * * * .com
Close subdata is sent to 789@* * * .com of mailbox.
Each contact person is decrypted to obtain after receiving encryption subdata using the subdata of the private key pair encryption of oneself
Ciphertext data, and ciphertext data is sent to server-side yet by the mailbox for receiving encryption subdata.
S303, based on the returned data part received from corresponding contact person side, the first pre-stored data is reverted to first
Initial data.
With continued reference to upper table 1, server-side can receive the ciphertext data for the D1 that 123@* * * .com of mailbox is sent, mailbox
The ciphertext data for the D3 that the ciphertext data and 789@* * * .com of mailbox for the D2 that 456@* * * .com are sent are sent solves three parts
Ciphertext data reverts to the first initial data.It certainly, further include unencryption subdata in the subdata for constituting the first initial data
In the case where, the ciphertext data received from each contact person's mailbox and unencryption subdata are reverted to the first original by server-side jointly
Beginning data.
In the data recovery scheme of the embodiment of the present invention, by the way that encryption data is sent to each contact person, by contacting
People returns to server-side after being decrypted using the private key pair encryption data of oneself encryption data is reverted to initial data, thus
Can solve simultaneously data storage safety, for encryption data personal key be cracked or lose caused by data can not
The problem of recovery, enhances the restorability of data while the safety for improving data protection.
It should be noted that using email address as the example of contact details in the above Tables 1 and 2, the present invention is simultaneously unlimited
In this, such as the contact methods such as cell-phone number, WeChat ID can be used as the contact details of contact person.
Fig. 4 is the schematic flow chart of another embodiment of data reconstruction method of the invention.
As shown in figure 4, the data reconstruction method of the embodiment of the present invention includes:
S401, the recovery request from client is received, recovery request is related to the first pre-stored data, the first pre-stored data
The encrypted subdata that public key encryption including at least one through contact person obtains;
Client is stored by data encryption to server-side, can be to server-side when needing to restore stored data
Send recovery request.Server-side store each encrypted subdata and its with encrypt contacting for the corresponding contact person of public key used
Corresponding relationship between information.
The contact details of S402, basis and the associated contact person of encrypted subdata, encrypted subdata is sent
To corresponding contact person side;
Corresponding relationship between server-side above-mentioned encrypted subdata according to the pre-stored data and contact details, by each warp
Encryption subdata is sent to contact person side pointed by contact details corresponding with the encrypted subdata.Each contact person is receiving
To after encryption subdata, it is decrypted to obtain ciphertext data using the subdata of the private key pair encryption of oneself, and yet by reception
Ciphertext data is sent to server-side by the mailbox to encryption subdata.
S403, based on the returned data part received from corresponding contact person side, the first pre-stored data is reverted to first
Initial data;
After server-side flanks the ciphertext data for receiving return from each contact person, it is based on ciphertext data, it is original to restore generation first
Data.
S404, it is decrypted using the first initial data pair the second pre-stored data relevant to recovery request, obtains second
Initial data is simultaneously sent to client.
In the embodiment of the present invention, the second initial data is, for example, document files, form document, program file etc., and first is former
Beginning data are the encryption key for being encrypted to the second initial data, and the requested recovery request of client is plaintext
Second initial data.Server-side can determine the second pre-stored data according to recovery request, make after restoring to generate the first initial data
The second pre-stored data is decrypted with the first initial data, obtains the second initial data needed for client.
Through the embodiment of the present invention, according to the data recovery request of client, can first pass through will be relevant to data key
Each encryption data is sent to each contact person, and clothes are returned after being decrypted by contact person using the private key pair encryption data of oneself
The key recovery that business end will encrypt is clear text key, then encryption data is decrypted the number after being decrypted with clear text key
According to, so as to simultaneously solve data storage safety, for encryption data personal key be cracked or lose caused by
The problem of data can not be restored enhances the restorability of data while the safety for improving data protection.
In embodiments of the present invention, the first pre-stored data may include multiple warps of each public key encryption through different contact persons
Each encrypted subdata can be respectively sent to corresponding contact person side by the subdata of encryption, server-side, such as by table 1
Shown in each data D1, D2 and D3 be sent to the email address of each corresponding relationship people, and receive and returned from the email address
Ciphertext data.
In embodiments of the present invention, one or more encrypted subdatas are first using the public key of multiple and different contact persons
Multi-layer security acquisition is carried out afterwards, then server-side is needed the encryption data with the respective encrypted number of plies of encrypted subdata
It is sent to corresponding contact person side.For example, see exemplified by upper table 2, in this case, server-side needs first to add two layers
Close subdata D1 is sent to the 34@* * * .com of contact addresses of corresponding second layer encryption level, receives return from the mailbox
One layer of encryption subdata D1 after, then by the subdata D1 that this layer encrypts send the connection of corresponding first layer encryption level
The processing mode of 12@* * * .com of people address, the subdata D2 encrypted to two layers are identical as D1.
In embodiments of the present invention, when encrypted subdata each in the first pre-stored data has used different encryptions respectively
When mode, server-side is also that encrypted subdata is sent to corresponding contact person side according to the corresponding relationship in contingency table.It is right
In each encryption data of return, server-side can be stored temporarily, be restored until completing last data, so as to correctly complete
At the synthesis of subdata.
Fig. 5 is the schematic block diagram of one embodiment of data protecting device of the invention.
As shown in figure 5, the data protecting device of the embodiment of the present invention includes encryption unit 11 and the first communication unit 12.
Encryption unit 11 is configured to use contact person according to the fixed multiple subdatas for constituting the first data to be stored
Public key at least one subdata in multiple subdatas is encrypted.
First communication unit 12 is configured at least store encrypted subdata as the first encryption data to server-side,
And association messages are sent to server-side, association messages, which are used to indicate, is associated with the contact details of contact person with encrypted subdata
Ground is stored.
In an embodiment of the invention, the first data to be stored is encryption key, then encryption unit 11 is additionally configured to make
The second data to be stored is encrypted with the first data to be stored to obtain the second encryption data, the first communication unit 12 also configures
Associatedly to store the second encryption data and the first encryption data to server-side.
In an embodiment of the invention, encryption unit 11 is configurable to distinguish using the public key of multiple and different contact persons
The different subdatas for constituting same first data to be stored are encrypted, and the pass that communication unit 12 is sent to server-side
Connection message is used to indicate stores the contact details of multiple and different contact persons with encrypted subdata with being respectively associated.
In an embodiment of the invention, encryption unit 11 is configurable to the public key using multiple and different contact persons to structure
Multi-layer security is carried out at least one subdata of same first data to be stored, and communication unit 12 is sent to server-side
Association messages are used to indicate encryption level and warp by the contact details of the multiple different contact persons and corresponding each public key
The subdata of encryption is associatedly stored.
Fig. 6 is the schematic block diagram of one embodiment of Data Recapture Unit of the invention.
As shown in fig. 6, the Data Recapture Unit of the embodiment of the present invention includes storage unit 21, the second communication unit 22 and place
Manage unit 23.
Storage unit 21 is stored with the first pre-stored data, and the first pre-stored data includes that at least one public key through contact person adds
The encrypted subdata of close acquisition.
Second communication unit 22 is configured to receive the recovery request relevant to the first pre-stored data from client, and root
According to the contact details with the associated contact person of encrypted subdata, encrypted subdata is sent to corresponding contact person
Side, and flanked from corresponding contact person and receive returned data part.
Processing unit 23 is configured to the second communication unit 22 from the received returned data part in contact person side, by first
Pre-stored data reverts to the first initial data.
In an embodiment of the invention, the first initial data is encryption key, and it is pre- that storage unit 21 is also stored with second
Deposit data, processing unit 23 are additionally configured to solve using the first initial data pair the second pre-stored data relevant to recovery request
It is close to obtain the second initial data, and client is sent to by the second communication unit 22.
In an embodiment of the invention, the first pre-stored data includes multiple warps of each public key encryption through different contact persons
The subdata of encryption, the second communication unit 22 are configured to each encrypted subdata being respectively sent to corresponding contact person
Side.
In an embodiment of the invention, at least one encrypted subdata is through using the public key of multiple and different contact persons
Multi-layer security acquisition is successively carried out, second communication unit 22 is configured to encrypted subdata with the respective encrypted number of plies
Encryption data is sent to corresponding contact person side.
The above are presently preferred embodiments of the present invention, are not intended to limit the scope of the present invention.It is all in the present invention
Spirit and principle within, made any modification, equivalent replacement and improvement etc. should be included in protection scope of the present invention
Within.
Claims (16)
1. a kind of data guard method is applied to client, comprising:
The multiple subdatas for constituting the first data to be stored are determined, using the public key of contact person at least one in multiple subdatas
A subdata is encrypted;
It at least stores encrypted subdata as the first encryption data to server-side, and sends association messages to server-side,
The association messages, which are used to indicate, associatedly stores the contact details of the contact person and encrypted subdata,
Wherein, the contact person is the contact person of the user of client.
2. the method for claim 1, wherein first data to be stored is encryption key, the method also includes:
The second data to be stored is encrypted using the first data to be stored to obtain the second encryption data;
Second encryption data and the first encryption data are associatedly stored to the server-side.
3. the method for claim 1, wherein the encryption includes being distinguished using the public key of multiple and different contact persons
The different subdatas is encrypted, the association messages are used to indicate the contact details of the multiple different contact persons
It is stored with being respectively associated with encrypted subdata.
4. the method for claim 1, wherein the encryption includes the public key using multiple and different contact persons to institute
It states at least one subdata and carries out multi-layer security, the association messages are used to indicate the connection letter of the multiple different contact persons
The encryption level of breath and corresponding each public key is associatedly stored with encrypted subdata.
5. a kind of data reconstruction method, comprising:
The recovery request from client is received, the recovery request is related to the first pre-stored data, first pre-stored data
The encrypted subdata that public key encryption including at least one through contact person obtains;
According to the contact details with the encrypted associated contact person of subdata, the encrypted subdata is sent out
It send to corresponding contact person side;
Based on the returned data part received from corresponding contact person side, first pre-stored data is reverted into the first original number
According to,
Wherein, the contact person is the contact person of the user of the client.
6. method as claimed in claim 5, wherein the first initial data is encryption key, the method also includes:
It is decrypted using first initial data pair the second pre-stored data relevant to the recovery request, obtains the second original
Beginning Data Concurrent gives the client.
7. method as claimed in claim 5, wherein the first pre-stored data includes the more of each public key encryption through different contact persons
A encrypted subdata, and by the encrypted subdata be sent to corresponding contact person side include: will be each
The encrypted subdata is respectively sent to corresponding contact person side.
8. method as claimed in claim 5, wherein at least one described encrypted subdata is used multiple and different connections
The public key of people successively carries out multi-layer security acquisition, and the encrypted subdata is sent to corresponding contact person side and is wrapped
It includes: the encryption data with the respective encrypted number of plies of the encrypted subdata is sent to corresponding contact person side.
9. a kind of data protecting device, comprising:
Encryption unit is configured to use contact person's according to the fixed multiple subdatas for constituting the first data to be stored
At least one subdata in multiple subdatas is encrypted in public key;
First communication unit is configured at least store encrypted subdata as the first encryption data to server-side, and
Association messages are sent to server-side, the association messages are used to indicate the contact details of the contact person and encrypted subnumber
According to associatedly being stored,
Wherein, the contact person is the contact person of the user of the data protecting device.
10. device as claimed in claim 9, wherein first data to be stored is encryption key, and the encryption unit is also
It is configured so that the first data to be stored encrypts the second data to be stored to obtain the second encryption data;First communication
Unit is additionally configured to associatedly store second encryption data and the first encryption data to the server-side.
11. device as claimed in claim 9, wherein the encryption unit is configured so that the public key of multiple and different contact persons
The different subdatas is encrypted respectively, and the association messages that first communication unit is sent to server-side
It is used to indicate stores the contact details of the multiple different contact persons with encrypted subdata with being respectively associated.
12. device as claimed in claim 9, wherein the encryption unit is configured so that the public key of multiple and different contact persons
Multi-layer security is carried out at least one described subdata, and the association that first communication unit is sent to server-side disappears
Breath be used to indicate by the contact details of the multiple different contact persons and the encryption level of corresponding each public key with it is encrypted
Subdata is associatedly stored.
13. a kind of Data Recapture Unit, comprising:
Storage unit, is stored with the first pre-stored data, and first pre-stored data includes at least one public key through contact person
Encrypt the encrypted subdata obtained;
Second communication unit is configured to receive the recovery request relevant to first pre-stored data from client, and
According to the contact details with the encrypted associated contact person of subdata, the encrypted subdata is sent to
Corresponding contact person side, and flanked from corresponding contact person and receive returned data part;
Processing unit is configured to the returned data part, and first pre-stored data is reverted to the first original number
According to,
Wherein, the contact person is the contact person of the user of the client.
14. device as claimed in claim 13, wherein the first initial data is encryption key, and the storage unit also stores
There is the second pre-stored data, the processing unit is additionally configured to relevant to the recovery request using first initial data pair
Second pre-stored data is decrypted, and obtains the second initial data, and be sent to the visitor by second communication unit
Family end.
15. device as claimed in claim 13, wherein the first pre-stored data includes each public key encryption through different contact persons
Multiple encrypted subdatas, the second communication unit are configured to each encrypted subdata being respectively sent to phase
The contact person side answered.
16. device as claimed in claim 13, wherein at least one described encrypted subdata is multiple and different through using
It is that the public key of people successively carries out multi-layer security acquisition, the second communication unit is configured to the encrypted subdata having phase
The encryption data that the number of plies should be encrypted is sent to corresponding contact person side.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711027261.2A CN107682355B (en) | 2017-10-27 | 2017-10-27 | Data guard method and device, data reconstruction method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711027261.2A CN107682355B (en) | 2017-10-27 | 2017-10-27 | Data guard method and device, data reconstruction method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107682355A CN107682355A (en) | 2018-02-09 |
CN107682355B true CN107682355B (en) | 2018-12-18 |
Family
ID=61142707
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711027261.2A Active CN107682355B (en) | 2017-10-27 | 2017-10-27 | Data guard method and device, data reconstruction method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107682355B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109934013B (en) * | 2019-03-21 | 2021-01-08 | 北京纬百科技有限公司 | Data protection method and device |
CN109981678B (en) * | 2019-04-08 | 2021-04-09 | 北京深思数盾科技股份有限公司 | Information synchronization method and device |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101986596B (en) * | 2010-10-21 | 2014-06-25 | 无锡江南信息安全工程技术中心 | Key management mechanism |
ES2509816T3 (en) * | 2011-08-05 | 2014-10-20 | Selex Es S.P.A. | System for the distribution of cryptographic keys |
CN103942470B (en) * | 2014-05-07 | 2017-06-20 | 华中师范大学 | A kind of electronic audiovisual product copyright managing method with function of tracing to the source |
CN105933113A (en) * | 2016-06-13 | 2016-09-07 | 北京三未信安科技发展有限公司 | Secret key backup recovering method and system, and related devices |
CN106254324B (en) * | 2016-07-26 | 2019-05-17 | 杭州文签网络技术有限公司 | A kind of encryption method and device of storage file |
-
2017
- 2017-10-27 CN CN201711027261.2A patent/CN107682355B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN107682355A (en) | 2018-02-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10097522B2 (en) | Encrypted query-based access to data | |
CN103609059B (en) | The system and method shared for secure data | |
CN103270516B (en) | System and method for securing virtual machine computing environments | |
CN103229450B (en) | The system and method stored for safe multi-tenant data | |
CN103178965B (en) | Multifactor or key formula is used to disperse the system and method that data are protected | |
CN102932136B (en) | Systems and methods for managing cryptographic keys | |
CN103563325B (en) | Systems and methods for securing data | |
US20150244684A1 (en) | Data security management system | |
US20140281520A1 (en) | Secure cloud data sharing | |
CN102523086B (en) | Key recovery method in privacy protection cloud storage system | |
CN108737374A (en) | The method for secret protection that data store in a kind of block chain | |
US20160239683A1 (en) | System and method for securely storing files | |
CN106104562A (en) | Safety of secret data stores and recovery system and method | |
CN104079573A (en) | Systems and methods for securing data in the cloud | |
CN106407766A (en) | Secure file sharing method and system | |
CN106230872A (en) | To moving medial according to the system and method protected | |
CN109543434B (en) | Block chain information encryption method, decryption method, storage method and device | |
CN109728906A (en) | Anti- quantum calculation asymmet-ric encryption method and system based on unsymmetrical key pond | |
CN103475474B (en) | Method for providing and acquiring shared enciphered data and identity authentication equipment | |
WO2009051951A1 (en) | Systems and methods for securely processing form data | |
Kumar et al. | A review on hybrid encryption in cloud computing | |
CN107113164A (en) | The deduplication of encryption data | |
CN107682355B (en) | Data guard method and device, data reconstruction method and device | |
CN104993929B (en) | A kind of attribute-based encryption system that system property is supported to extend and method | |
CN108737443B (en) | Method for hiding mail address based on cryptographic algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP01 | Change in the name or title of a patent holder |
Address after: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee after: Beijing Shendun Technology Co.,Ltd. Address before: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. |
|
CP01 | Change in the name or title of a patent holder |