CN108923912A - Distributed electronic data information security method, apparatus and system - Google Patents
Distributed electronic data information security method, apparatus and system Download PDFInfo
- Publication number
- CN108923912A CN108923912A CN201810831916.XA CN201810831916A CN108923912A CN 108923912 A CN108923912 A CN 108923912A CN 201810831916 A CN201810831916 A CN 201810831916A CN 108923912 A CN108923912 A CN 108923912A
- Authority
- CN
- China
- Prior art keywords
- data information
- cryptographic hash
- preservation
- evidence
- corresponding data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of distributed electronic data information security method, apparatus and system, wherein this approach includes the following steps:The data information of generation is pushed to preservation of evidence side in real time by local data secure exchange interface, wherein the local data secure exchange interface is located at data information generation side;After preservation of evidence side carries out Hash operation the first cryptographic Hash of acquisition to the data information, or, after preservation of evidence side carries out Hash operation the first cryptographic Hash of acquisition to the data information and first cryptographic Hash and the corresponding attribute information of the data information is transferred to the server of preservation of evidence side, by the data information memory into WORM device, wherein, the WORM device is the multiple read-write equipment of write-once, and the WORM device is located at data information generation side.The program can efficiently complete preservation of evidence work in the case where ensureing electronic data information safety.
Description
Technical field
The present invention relates to electronic data informations to save technical field from damage, in particular to a kind of distributed electronic data information is saved from damage
Method, apparatus and system.
Background technique
The preservation of evidence of electronic data information is usually that data generation mechanism transfers data to preservation of evidence mechanism, and by
The latter solidifies, and completes preservation of evidence work.When being related to frequent, big data quantity, third party's progress is transferred data to
Cured network bandwidth expense is excessive, and there is the risk of leakage in data transmission procedure.
Summary of the invention
The embodiment of the invention provides a kind of distributed electronic data information security methods, apparatus and system, can ensure
Preservation of evidence work is efficiently completed in the case where electronic data information safety.
According to a first aspect of the present application, a kind of distributed electronic data information security method is proposed, including:
The data information of generation is pushed to preservation of evidence side in real time by local data secure exchange interface, wherein institute
It states local data secure exchange interface and is located at data information generation side;
After preservation of evidence side carries out Hash operation the first cryptographic Hash of acquisition to the data information, or, in the preservation of evidence
Side carries out Hash operation to the data information and obtains the first cryptographic Hash and by first cryptographic Hash and the data information pair
After the attribute information answered is transferred to the server of preservation of evidence side, by the data information memory into WORM device, wherein institute
Stating WORM device is the multiple read-write equipment of write-once, and the WORM device is located at data information generation side.
According to a second aspect of the present application, a kind of distributed electronic data information secure device is proposed, including:
Data generating module, for generating data information;
Local data secure exchange interface, for the data information of generation to be pushed to preservation of evidence side in real time;
WORM device, after being used to carry out the data information Hash operation the first cryptographic Hash of acquisition in preservation of evidence side,
Or, carrying out Hash operation to the data information in preservation of evidence side obtains the first cryptographic Hash and by first cryptographic Hash and institute
It states after the corresponding attribute information of data information is transferred to the server of preservation of evidence side, stores the data information, wherein described
WORM device is the multiple read-write equipment of write-once.
According to the third aspect of the application, a kind of distributed electronic data information security method is proposed, including:
It receives data information generation side and passes through the data information that local data secure exchange interface pushes in real time, wherein institute
It states local data secure exchange interface and is located at data information generation side;
Hash operation is carried out to the data information and obtains the first cryptographic Hash;
First cryptographic Hash and the corresponding attribute information of the data information are transferred to the clothes of preservation of evidence side itself
It is engaged in device;
Wherein, for the data information memory into the WORM device of data information generation side, the WORM device is primary
Multiple read-write equipment is written.
According to the fourth aspect of the application, a kind of distributed electronic data information secure device is proposed, including:
Data reception module, information generation side is pushed in real time by local data secure exchange interface for receiving data
Data information, wherein the local data secure exchange interface is located at data information generation side;
First Hash operation module obtains the first cryptographic Hash for carrying out Hash operation to the data information;
Data transmission module, for first cryptographic Hash and the corresponding attribute information of the data information to be transferred to card
According in the server of the side of saving from damage itself;
Wherein, for the data information memory into the WORM device of data information generation side, the WORM device is primary
Multiple read-write equipment is written.
According to the 5th of the application the aspect, a kind of distributed electronic data information security method is proposed, including:
Data information generation side generates data information;
The data information is pushed to evidence by local data secure exchange interface in real time and protected by data information generation side
Quan Fang, wherein the local data secure exchange interface is located at data information generation side;
Preservation of evidence side receives the data information;
Preservation of evidence side carries out Hash operation to the data information and obtains the first cryptographic Hash;
First cryptographic Hash and the corresponding attribute information of the data information are transferred to the preservation of evidence by preservation of evidence side
In the server of Fang Zishen;
Data information generation side is by the data information memory into WORM device, wherein the WORM device is primary
Multiple read-write equipment is written, the WORM device is located at data information generation side.
According to the 6th of the application the aspect, a kind of distributed electronic data information safety system is proposed, including:
The distributed electronic data information secure device that the second aspect of the application as described above proposes;
The distributed electronic data information secure device that the fourth aspect of the application as described above proposes;
The server of preservation of evidence side.
According to the 7th of the application aspect, a kind of computer equipment is additionally provided, including memory, processor and be stored in
On memory and the computer program that can run on a processor, the processor realize this Shen when executing the computer program
The method that first aspect please proposes.
According to the eighth aspect of the application, a kind of computer readable storage medium is additionally provided, it is described computer-readable to deposit
The first aspect that storage media is stored with execution the application proposes the computer program of the method.
According to the 9th of the application aspect, a kind of computer equipment is additionally provided, including memory, processor and be stored in
On memory and the computer program that can run on a processor, the processor realize this Shen when executing the computer program
The method that the third aspect please proposes.
According to the tenth of the application aspect, a kind of computer readable storage medium is additionally provided, it is described computer-readable to deposit
The third aspect that storage media is stored with execution the application proposes the computer program of the method.
In embodiments of the present invention, by being located at the local data secure exchange interface of data information generation side for generation
Data information is pushed to preservation of evidence side in real time, without being transmitted in the server of preservation of evidence side, is being related to high frequency in this way
When degree, big data quantity, it is not necessary that card can be efficiently completed in the case where ensureing electronic data information safety in this way by network transmission
According to saving work from damage.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is that a kind of distributed electronic data information security method flow chart provided in an embodiment of the present invention (is believed from data
From the aspect of breath generation side);
Fig. 2 is that a kind of data extraction method flow chart provided in an embodiment of the present invention (is examined in terms of data information generation side
Consider);
Fig. 3 is a kind of distributed electronic data information secure device structural block diagram provided in an embodiment of the present invention (from data
From the aspect of information generation side);
Fig. 4 is that a kind of distributed electronic data information security method flow chart provided in an embodiment of the present invention (is protected from evidence
From the aspect of full side);
Fig. 5 is a kind of data extraction method flow chart provided in an embodiment of the present invention (from the aspect of from preservation of evidence side);
Fig. 6 is a kind of distributed electronic data information secure device structural block diagram provided in an embodiment of the present invention (from evidence
From the aspect of the side of saving from damage);
Fig. 7 is a kind of distributed electronic data information security method provided in an embodiment of the present invention, data extraction method stream
Journey figure (data information generation side and preservation of evidence side's interaction figure);
Fig. 8 is a kind of distributed electronic data information safety system structural block diagram provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that the described embodiment is only a part of the embodiment of the present invention, instead of all the embodiments.Based on this
Embodiment in invention, every other reality obtained by those of ordinary skill in the art without making creative efforts
Example is applied, shall fall within the protection scope of the present invention.
In embodiments of the present invention, from the aspect of data information generation side, a kind of distributed electrical subdata letter is provided
Security method is ceased, as shown in Figure 1, this method includes:
S101:The data information of generation is pushed to preservation of evidence side in real time by local data secure exchange interface,
In, the local data secure exchange interface is located at data information generation side;
S102:After preservation of evidence side carries out Hash operation the first cryptographic Hash of acquisition to the data information, or, in evidence
The side of saving from damage carries out Hash operation the first cryptographic Hash of acquisition to the data information and believes first cryptographic Hash and the data
It, will be described after ceasing corresponding attribute information transmission (passing through network) to the server (i.e. preservation of evidence side's computer room) of preservation of evidence side
Data information memory is into WORM device, wherein the WORM device is the multiple read-write equipment of write-once, the WORM device
Positioned at data information generation side.
It has executed above-mentioned steps and has just completed evidence solidification work.
Specifically, preservation of evidence orientation passes through in data information generation side whereabouts when carrying out evidence solidification work
It is not in transmission process that local data secure exchange interface, which transmits (can be and transmit using optical fiber) to preservation of evidence number formulary evidence,
Middle leaking data risk.Local data secure exchange interface can be understood as a preposition application of the preservation of evidence, be deployed in
Data generation side, this interface locally work in data generation side, data write are being locally stored (generally by SAN network
FC agreement transmission, not by IP network), such data original text does not leave in computer room or the data of data generation side
The heart.Complete its background service that cryptographic Hash and corresponding informance attribute are transmitted to preservation of evidence side by IP network after locally solidifying
Device (cryptographic Hash leaves the computer room of data generation side with corresponding attribute information, reaches in preservation of evidence side's computer room or server).
In embodiments of the present invention, mentioned above is that data save process from damage, when to be verified to the data saved from damage,
The invention also provides data extraction procedures, as shown in Fig. 2, including:
S201:It receives the data information that the preservation of evidence side is sent and extracts request;
S202:Request is extracted according to the data information, and corresponding data information is read from the WORM device;
S203:Corresponding data information is sent to the preservation of evidence side.
Specifically, it may include the second cryptographic Hash and the corresponding attribute information of data information that data information, which extracts in request,.
Then data information generation side executes S202 as follows:According to the corresponding attribute information of the data information from the WORM
Corresponding data information is read in equipment.
Specifically, data information generation side is before being sent to preservation of evidence side for corresponding data information, it is also necessary to really
Recognize consistent with the cryptographic Hash that preservation of evidence side provides.Therefore, data information generation side can also execute following steps:
S204:Hash operation is carried out to corresponding data information and obtains third cryptographic Hash;
S205:The third cryptographic Hash is compared with second cryptographic Hash;
S203 is specifically executed according to following:
When the third cryptographic Hash is consistent with second cryptographic Hash, corresponding data information is sent to described
Preservation of evidence side.
Specifically, the safety in order to guarantee the corresponding data information for being transmitted to preservation of evidence side, data information generation side
Before by corresponding data information transfer to preservation of evidence side, following steps can be also executed:
S206:Corresponding data information is encrypted (cipher mode can choose symmetry algorithm and non-right
Claim algorithm);
S203 is specifically executed according to following:
Encrypted corresponding data information is sent to the preservation of evidence side.
Based on the same inventive concept, a kind of distributed electronic data information is additionally provided in the embodiment of the present invention saves dress from damage
It sets, as shown in figure 3, the distributed electronic data information secure device includes:
Data generating module 301, for generating data information;
Local data secure exchange interface 302, for the data information of generation to be pushed to preservation of evidence side in real time;
WORM device 303 obtains the first cryptographic Hash for carrying out Hash operation to the data information in preservation of evidence side
Afterwards, or, carrying out Hash operation to the data information in preservation of evidence side obtains the first cryptographic Hash and by first cryptographic Hash
After attribute information corresponding with the data information is transferred to the server of preservation of evidence side, the data information is stored, wherein
The WORM device is the multiple read-write equipment of write-once.
The structure is illustrated below.
In embodiments of the present invention, which further includes:
Data information extracts request receiving module 304, extracts for receiving the data information that the preservation of evidence side is sent
Request;
Read module 305 reads corresponding number for extracting request according to the data information from the WORM device
It is believed that breath;
Data information sending module 306, for corresponding data information to be sent to the preservation of evidence side.
Specifically, it includes the second cryptographic Hash and the corresponding attribute information of data information that the data information, which extracts request,;
The read module 305 is specifically used for:
Corresponding data information is read from the WORM device according to the corresponding attribute information of the data information;
Further include:
Third cryptographic Hash computing module 307 obtains third Kazakhstan for carrying out Hash operation to corresponding data information
Uncommon value;
First comparison module 308, for the third cryptographic Hash to be compared with second cryptographic Hash;
The data information sending module 306 is specifically used for:
When the third cryptographic Hash is consistent with second cryptographic Hash, corresponding data information is sent to described
Preservation of evidence side.
Specifically, further including:
Encryption processing module 309, for corresponding data information to be encrypted;
The data information sending module 306 is specifically used for:
Encrypted corresponding data information is sent to the preservation of evidence side.
In embodiments of the present invention, also from the aspect of preservation of evidence side, a kind of distributed electronic data information is provided
Security method, as shown in figure 4, this method includes:
S401:It receives data information generation side and passes through the data information that local data secure exchange interface pushes in real time,
In, the local data secure exchange interface is located at data information generation side;
S402:Hash operation is carried out to the data information and obtains the first cryptographic Hash;
S403:First cryptographic Hash and the corresponding attribute information of the data information are transferred to preservation of evidence side itself
Server in;
Wherein, for the data information memory into the WORM device of data information generation side, the WORM device is primary
Multiple read-write equipment is written.
In embodiments of the present invention, mentioned above is that data save process from damage, when to be verified to the data saved from damage,
The invention also provides data extraction procedures, as shown in figure 5, including:
S501:Data information is extracted into request and is sent to the data information generation side;
S502:The corresponding data information that the data information generation side is sent is received, wherein corresponding data are believed
The data information generation root is ceased to read from WORM device according to data information extraction request;
S503:Determine whether corresponding data information is valid data.
Specifically, it includes the second cryptographic Hash and the corresponding attribute information of data information that the data information, which extracts request,;
Corresponding data information is that the data information generates root according to the corresponding attribute information of the data information
It is read from WORM device, and sent when determining that third cryptographic Hash is consistent with second cryptographic Hash, the third is breathed out
Uncommon value is that the data information generation side carries out Hash operation acquisition to corresponding data information.
S503 is executed as follows:
S5031:Hash operation is carried out to corresponding data information, obtains the 4th cryptographic Hash;
S5032:4th cryptographic Hash is compared with second cryptographic Hash, when the 4th cryptographic Hash with it is described
When second cryptographic Hash is consistent, corresponding data information effectively (completes evidences collection work).
Specifically, data information generation side is to guarantee the safety of the corresponding data information for being transmitted to preservation of evidence side,
It is retransmited after corresponding data information may being encrypted, then preservation of evidence side can execute S502 as follows:It connects
Receive the encrypted corresponding data information that the data information generation side is sent.Based on this, preservation of evidence side can also be executed such as
Lower step:
S504:The encrypted corresponding data information is decrypted (decipherment algorithm is calculated according to encryption using corresponding
The code key of method is decrypted), the corresponding data information after being decrypted.Then S5031 is executed as follows:After decryption
Corresponding data information carry out Hash operation, obtain the 4th cryptographic Hash.
Based on the same inventive concept, a kind of distributed electronic data information is additionally provided in the embodiment of the present invention saves dress from damage
It sets, as shown in fig. 6, the distributed electronic data information secure device includes:
Data reception module 601, information generation side is pushed away in real time by local data secure exchange interface for receiving data
The data information sent, wherein the local data secure exchange interface is located at data information generation side;
First Hash operation module 602 obtains the first cryptographic Hash for carrying out Hash operation to the data information;
Data transmission module 603, for transmitting first cryptographic Hash and the corresponding attribute information of the data information
Into the server of preservation of evidence side itself;
Wherein, for the data information memory into the WORM device of data information generation side, the WORM device is primary
Multiple read-write equipment is written.
The structure is illustrated below.
In embodiments of the present invention, which further includes:
Data information extracts request sending module 604, is sent to the data information for data information to be extracted request
Generation side;
Data information receiving module 605, the corresponding data information sent for receiving the data information generation side,
Described in corresponding data information be that the data information generates root and extracts request from WORM device according to the data information
It reads;
Valid data determining module 606, for determining whether corresponding data information is valid data.
Specifically, it includes the second cryptographic Hash and the corresponding attribute information of data information that the data information, which extracts request,;
Corresponding data information is that the data information generates root according to the corresponding attribute information of the data information
It is read from WORM device, and sent when determining that third cryptographic Hash is consistent with second cryptographic Hash, the third is breathed out
Uncommon value is that the data information generation side carries out Hash operation acquisition to corresponding data information;
The valid data determining module 606 is specifically used for:
Hash operation is carried out to corresponding data information, obtains the 4th cryptographic Hash;
4th cryptographic Hash is compared with second cryptographic Hash, when the 4th cryptographic Hash and described second are breathed out
When uncommon value is consistent, corresponding data information is effective.
Specifically, the data information receiving module 605 is specifically used for:
Receive the encrypted corresponding data information that the data information generation side is sent;
Further include:
Deciphering module 607, it is corresponding after being decrypted for the encrypted corresponding data information to be decrypted
Data information;
The valid data determining module 606 is specifically used for:
Hash operation is carried out to the corresponding data information after decryption, obtains the 4th cryptographic Hash.
Two methods above-mentioned are all to illustrate distributed electronic data information security method, data from single angle
Extraction process illustrates distributed electronic data information from both data information generation side and the preservation of evidence side interaction angle below
The detailed process of security method, data extraction procedure.As shown in fig. 7, the distributed electronic data information security method and data
Extraction process includes:
S701:Data information generation side generates data information;
S702:The data information is pushed to card by local data secure exchange interface by data information generation side in real time
According to the side of saving from damage, wherein the local data secure exchange interface is located at data information generation side;
S703:Preservation of evidence side receives the data information, and carries out Hash operation to the data information and obtain first
Cryptographic Hash;
S704:First cryptographic Hash and the corresponding attribute information of the data information are transferred to evidence by preservation of evidence side
In the server of the side of saving from damage itself;
Data information generation side is by the data information memory into WORM device, wherein the WORM device is primary
Multiple read-write equipment is written, the WORM device is located at data information generation side.
S705:Preservation of evidence side generates data information and extracts request, and the data information is extracted request and is sent to institute
State data information generation side;
S706:Data information generates root and reads corresponding data from WORM device according to data information extraction request
Information;
S707:Corresponding data information is sent to the preservation of evidence side by data information generation side;
S708:Preservation of evidence side determines whether corresponding data information is valid data.
Specifically, it includes the second cryptographic Hash and the corresponding attribute information of data information that the data information, which extracts request,;
S706 is specifically included:
Data information generates root and reads corresponding number from WORM device according to the corresponding attribute information of the data information
It is believed that breath;
S707 is specifically included:
Data information generation side carries out Hash operation to corresponding data information, obtains third cryptographic Hash;
The third cryptographic Hash is compared with second cryptographic Hash;
Data information generation side is when the third cryptographic Hash is consistent with second cryptographic Hash, by corresponding data
Information is sent to the preservation of evidence side;
S708 is specifically included:
Preservation of evidence side receives corresponding data information, and carries out Hash operation to corresponding data information,
Obtain the 4th cryptographic Hash;
4th cryptographic Hash is compared by preservation of evidence side with second cryptographic Hash, when the 4th cryptographic Hash with
When second cryptographic Hash is consistent, corresponding data information is effective.
Further include before S707:Corresponding data information is encrypted in data information generation side;
S707 is specifically included:Encrypted corresponding data information is sent to the preservation of evidence by data information generation side
Side;
S708 is specifically included:Preservation of evidence side receives the encrypted corresponding data information;Preservation of evidence side to institute
It states encrypted corresponding data information to be decrypted, the corresponding data information after being decrypted;Preservation of evidence side is to decryption
Corresponding data information afterwards carries out Hash operation, obtains the 4th cryptographic Hash.
Based on the same inventive concept, a kind of distributed electronic data information is additionally provided in the embodiment of the present invention save from damage be
System, as shown in figure 8, the distributed electronic data information safety system includes:The distributed electrical subdata letter shown in Fig. 3
Cease secure device (data information generation side), the distributed electronic data information secure device (preservation of evidence shown in fig. 6
Just), the server of preservation of evidence side.
Based on the same inventive concept, a kind of computer equipment, including memory, processing are additionally provided in the embodiment of the present invention
Device and storage on a memory and the computer program that can run on a processor, the processor execution computer program
Distributed electronic data information security method described in Shi Shixian Fig. 1 and Fig. 2.
Based on the same inventive concept, a kind of computer readable storage medium, the meter are additionally provided in the embodiment of the present invention
Calculation machine readable storage medium storing program for executing is stored with the computer program for executing distributed electronic data information security method described in Fig. 1 and Fig. 2.
Based on the same inventive concept, a kind of computer equipment in the embodiment of the present invention, including memory, processor and storage
On a memory and the computer program that can run on a processor, the processor realize figure when executing the computer program
Any distributed electronic data information security method of 4 and Fig. 5.
Based on the same inventive concept, a kind of computer readable storage medium in the embodiment of the present invention, it is described computer-readable
Storage medium is stored with the computer program for executing distributed electronic data information security method described in Fig. 4 and Fig. 5.
In conclusion in embodiments of the present invention, the local data secure exchange by being located at data information generation side connects
The data information of generation is pushed to preservation of evidence side by mouth in real time, without being transmitted in the server of preservation of evidence side, in this way
It, in this way can be in the case where ensureing electronic data information safety without passing through network transmission when being related to frequent, big data quantity
Efficiently complete preservation of evidence work.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field
For art personnel, the embodiment of the present invention can have various modifications and variations.All within the spirits and principles of the present invention, made
Any modification, equivalent substitution, improvement and etc. should all be included in the protection scope of the present invention.
Claims (25)
1. a kind of distributed electronic data information security method, which is characterized in that including:
The data information of generation is pushed to preservation of evidence side in real time by local data secure exchange interface, wherein described
Ground data safety Fabric Interface is located at data information generation side;
After preservation of evidence side carries out Hash operation the first cryptographic Hash of acquisition to the data information, or, in preservation of evidence side pair
The data information carries out Hash operation and obtains the first cryptographic Hash and first cryptographic Hash and the data information is corresponding
After attribute information is transferred to the server of preservation of evidence side, by the data information memory into WORM device, wherein described
WORM device is the multiple read-write equipment of write-once, and the WORM device is located at data information generation side.
2. distributed electronic data information security method as described in claim 1, which is characterized in that further include:
It receives the data information that the preservation of evidence side is sent and extracts request;
Request is extracted according to the data information, and corresponding data information is read from the WORM device;
Corresponding data information is sent to the preservation of evidence side.
3. distributed electronic data information security method as claimed in claim 2, which is characterized in that the data information extracts
Request includes the second cryptographic Hash and the corresponding attribute information of data information;
Request is extracted according to the data information, and corresponding data information is read from the WORM device, including:
Corresponding data information is read from the WORM device according to the corresponding attribute information of the data information;
Before corresponding data information is sent to the preservation of evidence side, further include:
Hash operation is carried out to corresponding data information and obtains third cryptographic Hash;
The third cryptographic Hash is compared with second cryptographic Hash;
Corresponding data information is sent to the preservation of evidence side, including:
When the third cryptographic Hash is consistent with second cryptographic Hash, corresponding data information is sent to the evidence
The side of saving from damage.
4. distributed electronic data information security method as claimed in claim 2 or claim 3, which is characterized in that further include:
Corresponding data information is encrypted;
Corresponding data information is sent to the preservation of evidence side, including:
Encrypted corresponding data information is sent to the preservation of evidence side.
5. a kind of distributed electronic data information secure device, which is characterized in that including:
Data generating module, for generating data information;
Local data secure exchange interface, for the data information of generation to be pushed to preservation of evidence side in real time;
WORM device, after being used to carry out the data information Hash operation the first cryptographic Hash of acquisition in preservation of evidence side, or,
Preservation of evidence side carries out Hash operation to the data information and obtains the first cryptographic Hash and by first cryptographic Hash and the number
It is believed that ceasing after corresponding attribute information is transferred to the server of preservation of evidence side, the data information is stored, wherein the WORM
Equipment is the multiple read-write equipment of write-once.
6. distributed electronic data information secure device as claimed in claim 5, which is characterized in that further include:
Data information extracts request receiving module, extracts request for receiving the data information that the preservation of evidence side is sent;
Read module reads corresponding data information for extracting request according to the data information from the WORM device;
Data information sending module, for corresponding data information to be sent to the preservation of evidence side.
7. distributed electronic data information secure device as claimed in claim 6, which is characterized in that the data information extracts
Request includes the second cryptographic Hash and the corresponding attribute information of data information;
The read module is specifically used for:
Corresponding data information is read from the WORM device according to the corresponding attribute information of the data information;
Further include:
Third cryptographic Hash computing module obtains third cryptographic Hash for carrying out Hash operation to corresponding data information;
First comparison module, for the third cryptographic Hash to be compared with second cryptographic Hash;
The data information sending module is specifically used for:
When the third cryptographic Hash is consistent with second cryptographic Hash, corresponding data information is sent to the evidence
The side of saving from damage.
8. distributed electronic data information secure device as claimed in claims 6 or 7, which is characterized in that further include:
Encryption processing module, for corresponding data information to be encrypted;
The data information sending module is specifically used for:
Encrypted corresponding data information is sent to the preservation of evidence side.
9. a kind of distributed electronic data information security method, which is characterized in that including:
It receives data information generation side and passes through the data information that local data secure exchange interface pushes in real time, wherein described
Ground data safety Fabric Interface is located at data information generation side;
Hash operation is carried out to the data information and obtains the first cryptographic Hash;
First cryptographic Hash and the corresponding attribute information of the data information are transferred to the server of preservation of evidence side itself
In;
Wherein, for the data information memory into the WORM device of data information generation side, the WORM device is write-once
Multiple read-write equipment.
10. distributed electronic data information security method as claimed in claim 9, which is characterized in that further include:
Data information is extracted into request and is sent to the data information generation side;
The corresponding data information that the data information generation side is sent is received, wherein corresponding data information is the number
It is believed that breath, which generates root, extracts what request was read from WORM device according to the data information;
Determine whether corresponding data information is valid data.
11. distributed electronic data information security method as claimed in claim 10, which is characterized in that the data information mentions
Taking request includes the second cryptographic Hash and the corresponding attribute information of data information;
Corresponding data information be the data information generate root according to the corresponding attribute information of the data information from
It is read in WORM device, and sent when determining that third cryptographic Hash is consistent with second cryptographic Hash, the third Hash
Value is that the data information generation side carries out Hash operation acquisition to corresponding data information;
Determine whether corresponding data information is valid data, including:
Hash operation is carried out to corresponding data information, obtains the 4th cryptographic Hash;
4th cryptographic Hash is compared with second cryptographic Hash, when the 4th cryptographic Hash and second cryptographic Hash
When consistent, corresponding data information is effective.
12. distributed electronic data information security method as described in claim 10 or 11, which is characterized in that receive the number
It is believed that the corresponding data information that breath generation side is sent, including:
Receive the encrypted corresponding data information that the data information generation side is sent;
Further include:
The encrypted corresponding data information is decrypted, the corresponding data information after being decrypted;
Hash operation is carried out to corresponding data information, obtains the 4th cryptographic Hash, including:
Hash operation is carried out to the corresponding data information after decryption, obtains the 4th cryptographic Hash.
13. a kind of distributed electronic data information secure device, which is characterized in that including:
Data reception module, information generation side passes through the data that local data secure exchange interface pushes in real time for receiving data
Information, wherein the local data secure exchange interface is located at data information generation side;
First Hash operation module obtains the first cryptographic Hash for carrying out Hash operation to the data information;
Data transmission module is protected for first cryptographic Hash and the corresponding attribute information of the data information to be transferred to evidence
In the server of full side itself;
Wherein, for the data information memory into the WORM device of data information generation side, the WORM device is write-once
Multiple read-write equipment.
14. distributed electronic data information secure device as claimed in claim 13, which is characterized in that further include:
Data information extracts request sending module, is sent to the data information generation side for data information to be extracted request;
Data information receiving module, the corresponding data information sent for receiving the data information generation side, wherein described
Corresponding data information is that data information generation root is read from WORM device according to data information extraction request
's;
Valid data determining module, for determining whether corresponding data information is valid data.
15. distributed electronic data information secure device as claimed in claim 14, which is characterized in that the data information mentions
Taking request includes the second cryptographic Hash and the corresponding attribute information of data information;
Corresponding data information be the data information generate root according to the corresponding attribute information of the data information from
It is read in WORM device, and sent when determining that third cryptographic Hash is consistent with second cryptographic Hash, the third Hash
Value is that the data information generation side carries out Hash operation acquisition to corresponding data information;
The valid data determining module is specifically used for:
Hash operation is carried out to corresponding data information, obtains the 4th cryptographic Hash;
4th cryptographic Hash is compared with second cryptographic Hash, when the 4th cryptographic Hash and second cryptographic Hash
When consistent, corresponding data information is effective.
16. the distributed electronic data information secure device as described in claims 14 or 15, which is characterized in that the data letter
Breath receiving module is specifically used for:
Receive the encrypted corresponding data information that the data information generation side is sent;
Further include:
Deciphering module, for the encrypted corresponding data information to be decrypted, the corresponding data after being decrypted
Information;
The valid data determining module is specifically used for:
Hash operation is carried out to the corresponding data information after decryption, obtains the 4th cryptographic Hash.
17. a kind of distributed electronic data information security method, which is characterized in that including:
Data information generation side generates data information;
The data information is pushed to preservation of evidence side by local data secure exchange interface by data information generation side in real time,
Wherein, the local data secure exchange interface is located at data information generation side;
Preservation of evidence side receives the data information;
Preservation of evidence side carries out Hash operation to the data information and obtains the first cryptographic Hash;
First cryptographic Hash and the corresponding attribute information of the data information are transferred to preservation of evidence side certainly by preservation of evidence side
In the server of body;
Data information generation side is by the data information memory into WORM device, wherein the WORM device is write-once
Multiple read-write equipment, the WORM device are located at data information generation side.
18. distributed electronic data information security method as claimed in claim 17, which is characterized in that further include:
Preservation of evidence side generates data information and extracts request, and the data information is extracted request and is sent to the data information
Generation side;
Data information generates root and reads corresponding data information from WORM device according to data information extraction request;
Corresponding data information is sent to the preservation of evidence side by data information generation side;
Preservation of evidence side determines whether corresponding data information is valid data.
19. distributed electronic data information security method as claimed in claim 18, which is characterized in that the data information mentions
Taking request includes the second cryptographic Hash and the corresponding attribute information of data information;
Data information generates root and reads corresponding data information from WORM device according to data information extraction request, wraps
It includes:
Data information generates root and reads corresponding data letter from WORM device according to the corresponding attribute information of the data information
Breath;
Further include:
Data information generation side carries out Hash operation to corresponding data information, obtains third cryptographic Hash;
The third cryptographic Hash is compared with second cryptographic Hash;
Corresponding data information is sent to the preservation of evidence side by data information generation side, including:
Data information generation side is when the third cryptographic Hash is consistent with second cryptographic Hash, by corresponding data information
It is sent to the preservation of evidence side;
Preservation of evidence side determines whether corresponding data information is valid data, including:
Preservation of evidence side receives corresponding data information, and carries out Hash operation to corresponding data information, obtains
4th cryptographic Hash;
4th cryptographic Hash is compared by preservation of evidence side with second cryptographic Hash, when the 4th cryptographic Hash with it is described
When second cryptographic Hash is consistent, corresponding data information is effective.
20. the distributed electronic data information security method as described in claim 18 or 19, further includes:
Corresponding data information is encrypted in data information generation side;
Corresponding data information is sent to the preservation of evidence side by data information generation side, including:
Encrypted corresponding data information is sent to the preservation of evidence side by data information generation side;
Preservation of evidence side determines whether corresponding data information is valid data, including:
Preservation of evidence side receives the encrypted corresponding data information;
The encrypted corresponding data information is decrypted in preservation of evidence side, the corresponding data letter after being decrypted
Breath;
Preservation of evidence side carries out Hash operation to the corresponding data information after decryption, obtains the 4th cryptographic Hash.
21. a kind of distributed electronic data information safety system, which is characterized in that including:
Such as the described in any item distributed electronic data information secure devices of claim 5-8;
Such as the described in any item distributed electronic data information secure devices of claim 13-16;
The server of preservation of evidence side.
22. a kind of computer equipment including memory, processor and stores the meter that can be run on a memory and on a processor
Calculation machine program, which is characterized in that the processor realizes any described point of Claims 1-4 when executing the computer program
Cloth electronic data information security method.
23. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage has perform claim
It is required that the computer program of 1 to 4 any distributed electronic data information security method.
24. a kind of computer equipment including memory, processor and stores the meter that can be run on a memory and on a processor
Calculation machine program, which is characterized in that the processor realizes any described point of claim 9 to 12 when executing the computer program
Cloth electronic data information security method.
25. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage has perform claim
It is required that the computer program of 9 to 12 any distributed electronic data information security methods.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810831916.XA CN108923912B (en) | 2018-07-26 | 2018-07-26 | Distributed electronic data information security method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810831916.XA CN108923912B (en) | 2018-07-26 | 2018-07-26 | Distributed electronic data information security method, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108923912A true CN108923912A (en) | 2018-11-30 |
| CN108923912B CN108923912B (en) | 2022-03-04 |
Family
ID=64418395
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810831916.XA Active CN108923912B (en) | 2018-07-26 | 2018-07-26 | Distributed electronic data information security method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108923912B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111832078A (en) * | 2020-06-14 | 2020-10-27 | 北京联合信任技术服务有限公司 | Data acquisition verification system, data acquisition verification method, storage medium, and program product |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102223374A (en) * | 2011-06-22 | 2011-10-19 | 熊志海 | Third-party authentication security protection system and third-party authentication security protection method based on online security protection of electronic evidence |
| CN106657049A (en) * | 2016-12-15 | 2017-05-10 | 周影 | System and method for real-time collection and fixing of electronic evidence |
| CN106713297A (en) * | 2016-12-15 | 2017-05-24 | 周影 | Electronic data fixing platform based on cloud service |
| CN107395359A (en) * | 2017-07-17 | 2017-11-24 | 深圳市大恒数据安全科技有限责任公司 | A kind of electronic data demonstrate,proves method, terminal and system admittedly |
| CN107659579A (en) * | 2017-10-20 | 2018-02-02 | 国信嘉宁数据技术有限公司 | Deposit card method, equipment and related deposit system in a kind of scene |
| CN107888591A (en) * | 2017-11-10 | 2018-04-06 | 国信嘉宁数据技术有限公司 | The method and system that a kind of electronic data is saved from damage |
-
2018
- 2018-07-26 CN CN201810831916.XA patent/CN108923912B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102223374A (en) * | 2011-06-22 | 2011-10-19 | 熊志海 | Third-party authentication security protection system and third-party authentication security protection method based on online security protection of electronic evidence |
| CN106657049A (en) * | 2016-12-15 | 2017-05-10 | 周影 | System and method for real-time collection and fixing of electronic evidence |
| CN106713297A (en) * | 2016-12-15 | 2017-05-24 | 周影 | Electronic data fixing platform based on cloud service |
| CN107395359A (en) * | 2017-07-17 | 2017-11-24 | 深圳市大恒数据安全科技有限责任公司 | A kind of electronic data demonstrate,proves method, terminal and system admittedly |
| CN107659579A (en) * | 2017-10-20 | 2018-02-02 | 国信嘉宁数据技术有限公司 | Deposit card method, equipment and related deposit system in a kind of scene |
| CN107888591A (en) * | 2017-11-10 | 2018-04-06 | 国信嘉宁数据技术有限公司 | The method and system that a kind of electronic data is saved from damage |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111832078A (en) * | 2020-06-14 | 2020-10-27 | 北京联合信任技术服务有限公司 | Data acquisition verification system, data acquisition verification method, storage medium, and program product |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108923912B (en) | 2022-03-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111738238B (en) | Face recognition method and device | |
| CN104378649B (en) | It is a kind of that real-time encrypted method and system being carried out to video flowing using the close SM1 algorithms of state | |
| US20160036793A1 (en) | Key downloading method, management method, downloading management method, device and system | |
| Longley et al. | Data And Computer Security: A Dictionary Of Terms And Concepts | |
| CN110798315A (en) | Data processing method and device based on block chain and terminal | |
| CN108768963A (en) | The communication means and system of trusted application and safety element | |
| CN111062045B (en) | Information encryption and decryption method and device, electronic equipment and storage medium | |
| CN107871081A (en) | A kind of computer information safe system | |
| CN110519046A (en) | Quantum communications service station cryptographic key negotiation method and system based on disposable asymmetric key pair and QKD | |
| CN206611427U (en) | A kind of key storage management system based on trust computing device | |
| CN104463012A (en) | Virtual machine image file exporting and importing method and device | |
| CN109977684A (en) | A kind of data transmission method, device and terminal device | |
| CN109190401A (en) | A kind of date storage method, device and the associated component of Qemu virtual credible root | |
| CN213426286U (en) | Encryption camera based on quantum random number chip and video processing system | |
| CN107609428A (en) | Date safety storing system and method | |
| CN108882030A (en) | A kind of monitor video classification encryption and decryption method and system based on time-domain information | |
| CN112134899A (en) | Factory terminal control double identity authentication method based on vision and network security | |
| CN115242514A (en) | Privacy set intersection method, system and related equipment based on national password | |
| CN105404470B (en) | Date storage method and safety device, data-storage system | |
| CN108885667A (en) | Safety risk management system, server, control method and non-transitory computer-readable medium | |
| CN108923912A (en) | Distributed electronic data information security method, apparatus and system | |
| CN117240625A (en) | Tamper-resistant data processing method and device and electronic equipment | |
| CN104809411A (en) | Medical image authentication preservation method based on data integrity checking and restoration | |
| CN108023732A (en) | A kind of data guard method, device, equipment and storage medium | |
| CN104702407A (en) | Digital signature apparatus, and system and digital signature method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |