CN108923912B - Distributed electronic data information security method, device and system - Google Patents
Distributed electronic data information security method, device and system Download PDFInfo
- Publication number
- CN108923912B CN108923912B CN201810831916.XA CN201810831916A CN108923912B CN 108923912 B CN108923912 B CN 108923912B CN 201810831916 A CN201810831916 A CN 201810831916A CN 108923912 B CN108923912 B CN 108923912B
- Authority
- CN
- China
- Prior art keywords
- data information
- evidence
- hash value
- security
- corresponding data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method, a device and a system for preserving distributed electronic data information, wherein the method comprises the following steps: pushing the generated data information to an evidence security system in real time through a local data security exchange interface, wherein the local data security exchange interface is positioned at a data information generating party; after the evidence protection system carries out hash operation on the data information to obtain a first hash value, or after the evidence protection system carries out hash operation on the data information to obtain a first hash value and transmits the first hash value and attribute information corresponding to the data information to a server of the evidence protection system, the data information is stored in a WORM device, wherein the WORM device is a write-once read-write device, and the WORM device is located at a data information generator. The scheme can efficiently finish evidence preservation work under the condition of ensuring the safety of electronic data information.
Description
Technical Field
The invention relates to the technical field of electronic data information security, in particular to a distributed electronic data information security method, device and system.
Background
Evidence preservation of electronic data information generally involves the data generation mechanism transmitting data to an evidence preservation mechanism, where the data is solidified to complete evidence preservation. When high frequency and large data volume are involved, the network bandwidth overhead of transmitting data to a third party for solidification is too large, and the risk of leakage exists in the data transmission process.
Disclosure of Invention
The embodiment of the invention provides a distributed electronic data information security method, a distributed electronic data information security device and a distributed electronic data information security system, which can efficiently finish evidence security work under the condition of ensuring the security of electronic data information.
According to a first aspect of the present application, a distributed electronic data information security method is provided, including:
pushing the generated data information to an evidence security system in real time through a local data security exchange interface, wherein the local data security exchange interface is positioned at a data information generating party;
after the evidence protection system carries out hash operation on the data information to obtain a first hash value, or after the evidence protection system carries out hash operation on the data information to obtain a first hash value and transmits the first hash value and attribute information corresponding to the data information to a server of the evidence protection system, the data information is stored in a WORM device, wherein the WORM device is a write-once read-write device, and the WORM device is located at a data information generator.
According to a second aspect of the present application, a distributed electronic data information security apparatus is provided, including:
the data generating module is used for generating data information;
the local data security exchange interface is used for pushing the generated data information to the evidence security system in real time;
the WORM device is used for performing hash operation on the data information to obtain a first hash value in the evidence security protection mode, or performing hash operation on the data information to obtain a first hash value in the evidence security protection mode and transmitting the first hash value and the attribute information corresponding to the data information to a server of the evidence security protection mode to store the data information, wherein the WORM device is a write-in read-write device for multiple times.
According to a third aspect of the present application, a distributed electronic data information security method is provided, including:
receiving data information pushed by a data information generator in real time through a local data security exchange interface, wherein the local data security exchange interface is positioned at the data information generator;
carrying out hash operation on the data information to obtain a first hash value;
transmitting the first hash value and the attribute information corresponding to the data information to a server of an evidence preservation party;
and storing the data information into a WORM device of a data information generator, wherein the WORM device is a write-once read-write-many device.
According to a fourth aspect of the present application, a distributed electronic data information security apparatus is provided, including:
the data receiving module is used for receiving data information pushed by a data information generator in real time through a local data security exchange interface, wherein the local data security exchange interface is positioned at the data information generator;
the first hash operation module is used for carrying out hash operation on the data information to obtain a first hash value;
the data transmission module is used for transmitting the first hash value and the attribute information corresponding to the data information to a server of an evidence preservation party;
and storing the data information into a WORM device of a data information generator, wherein the WORM device is a write-once read-write-many device.
According to a fifth aspect of the present application, a distributed electronic data information security method is provided, including:
the data information generator generates data information;
the data information generating party pushes the data information to an evidence security system in real time through a local data security exchange interface, wherein the local data security exchange interface is positioned at the data information generating party;
the evidence depositor receives the data information;
performing hash operation on the data information by the evidence security system to obtain a first hash value;
the evidence security party transmits the first hash value and the attribute information corresponding to the data information to a server of the evidence security party;
and the data information generator stores the data information into a WORM device, wherein the WORM device is a write-once read-write-many device, and the WORM device is positioned at the data information generator.
According to a sixth aspect of the present application, a distributed electronic data information security system is provided, comprising:
the distributed electronic data information security apparatus proposed by the second aspect of the present application as described above;
the distributed electronic data information security apparatus as set forth in the fourth aspect of the present application as described above;
a server for evidence preservation.
According to a seventh aspect of the present application, there is also provided a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method proposed by the first aspect of the present application when executing the computer program.
According to an eighth aspect of the present application, there is also provided a computer-readable storage medium storing a computer program for executing the method set forth in the first aspect of the present application.
According to a ninth aspect of the present application, there is also provided a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method proposed by the third aspect of the present application when executing the computer program.
According to a tenth aspect of the present application, there is also provided a computer-readable storage medium storing a computer program for executing the method set forth in the third aspect of the present application.
In the embodiment of the invention, the generated data information is pushed to the evidence security system in real time through the local data security exchange interface positioned at the data information generating party instead of being transmitted to the server of the evidence security system, so that the data information is not required to be transmitted through a network when high frequency and large data volume are involved, and the evidence security work can be efficiently finished under the condition of ensuring the security of electronic data information.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow chart of a distributed electronic data information security method provided by an embodiment of the present invention (considered from the aspect of data information generation);
FIG. 2 is a flow chart of a data extraction method provided by an embodiment of the present invention (considered from the aspect of a data information generator);
FIG. 3 is a block diagram of a distributed electronic data information security apparatus according to an embodiment of the present invention (from the aspect of data information generation);
FIG. 4 is a flowchart of a distributed electronic data information security method provided by an embodiment of the present invention (considered in terms of evidence security);
fig. 5 is a flowchart of a data extraction method provided in an embodiment of the present invention (considered in terms of evidence preservation);
FIG. 6 is a block diagram of a distributed electronic data information security apparatus according to an embodiment of the present invention (in view of evidence security);
fig. 7 is a flowchart of a distributed electronic data information security method and a data extraction method provided in an embodiment of the present invention (interaction diagram between a data information generator and an evidence security party);
fig. 8 is a block diagram of a distributed electronic data information security system according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In an embodiment of the present invention, in view of a data information generating party, there is provided a distributed electronic data information security method, as shown in fig. 1, the method including:
s101: pushing the generated data information to an evidence security system in real time through a local data security exchange interface, wherein the local data security exchange interface is positioned at a data information generating party;
s102: after the evidence security system performs hash operation on the data information to obtain a first hash value, or after the evidence security system performs hash operation on the data information to obtain a first hash value and transmits (through a network) the first hash value and attribute information corresponding to the data information to a server (namely an evidence security side machine room) of the evidence security system, the data information is stored in a WORM device, wherein the WORM device is a write-in read-write device for multiple times, and the WORM device is located at a data information generator.
And completing evidence solidification work after the steps are executed.
Specifically, when the evidence is solidified, the evidence preservation position is located at the data information generator, and data leakage risk in the transmission process can not occur to the evidence preservation side data through the transmission of the local data security exchange interface (which can be optical fiber transmission). The local data security exchange interface can be understood as a pre-application of evidence preservation, which is deployed on a data producer, and the interface works locally on the data producer to solidify data in local storage (generally, data is transmitted through a SAN network FC protocol and not through an IP network), so that the original text of the data does not leave a data producer's computer room or data center. After local solidification is completed, the hash value and the corresponding information attribute are transmitted to a background server of the evidence security system through an IP network (the hash value and the corresponding attribute information leave a machine room of a data generating party and arrive in the machine room or the server of the evidence security system).
In the embodiment of the present invention, what is mentioned above is a data saving process, and when the saved data is to be verified, the present invention further provides a data extracting process, as shown in fig. 2, including:
s201: receiving a data information extraction request sent by the evidence security;
s202: reading corresponding data information from the WORM device according to the data information extraction request;
s203: and sending the corresponding data information to the evidence safety.
Specifically, the data information extraction request may include the second hash value and attribute information corresponding to the data information. The data information generator performs S202 as follows: and reading corresponding data information from the WORM device according to the attribute information corresponding to the data information.
Specifically, the data information generator needs to confirm that the hash value provided by the evidence depositor is consistent with the corresponding data information before sending the corresponding data information to the evidence depositor. Therefore, the data information generator further performs the following steps:
s204: performing hash operation on the corresponding data information to obtain a third hash value;
s205: comparing the third hash value to the second hash value;
s203 is specifically performed as follows:
and when the third hash value is consistent with the second hash value, sending the corresponding data information to the evidence security.
Specifically, in order to ensure the security of the corresponding data message transmitted to the evidence insurance server, the data message generator further performs the following steps before transmitting the corresponding data message to the evidence insurance server:
s206: carrying out encryption processing on the corresponding data information (the encryption mode can select a symmetric algorithm and an asymmetric algorithm);
s203 is specifically performed as follows:
and sending the encrypted corresponding data information to the evidence security system.
Based on the same inventive concept, an embodiment of the present invention further provides a distributed electronic data information security apparatus, as shown in fig. 3, where the distributed electronic data information security apparatus includes:
a data generating module 301, configured to generate data information;
the local data security exchange interface 302 is used for pushing the generated data information to the evidence security system in real time;
the WORM device 303 is configured to perform a hash operation on the data information to obtain a first hash value in the evidence security system, or perform a hash operation on the data information to obtain a first hash value in the evidence security system, and transmit the first hash value and the attribute information corresponding to the data information to a server in the evidence security system, and then store the data information, where the WORM device is a write-in read-write device.
This structure will be explained below.
In an embodiment of the present invention, the distributed electronic data information security apparatus further includes:
a data information extraction request receiving module 304, configured to receive a data information extraction request sent by the evidence security system;
a reading module 305, configured to read corresponding data information from the WORM device according to the data information extraction request;
a data information sending module 306, configured to send the corresponding data information to the evidence insurance policy.
Specifically, the data information extraction request includes a second hash value and attribute information corresponding to the data information;
the reading module 305 is specifically configured to:
reading corresponding data information from the WORM device according to the attribute information corresponding to the data information;
further comprising:
a third hash value operation module 307, configured to perform a hash operation on the corresponding data information to obtain a third hash value;
a first comparison module 308 for comparing the third hash value with the second hash value;
the data information sending module 306 is specifically configured to:
and when the third hash value is consistent with the second hash value, sending the corresponding data information to the evidence security.
Specifically, still include:
an encryption processing module 309, configured to perform encryption processing on the corresponding data information;
the data information sending module 306 is specifically configured to:
and sending the encrypted corresponding data information to the evidence security system.
In an embodiment of the present invention, in view of evidence protection, there is provided a distributed electronic data information protection method, as shown in fig. 4, the method including:
s401: receiving data information pushed by a data information generator in real time through a local data security exchange interface, wherein the local data security exchange interface is positioned at the data information generator;
s402: carrying out hash operation on the data information to obtain a first hash value;
s403: transmitting the first hash value and the attribute information corresponding to the data information to a server of an evidence preservation party;
and storing the data information into a WORM device of a data information generator, wherein the WORM device is a write-once read-write-many device.
In the embodiment of the present invention, what is mentioned above is a data saving process, and when the saved data is to be verified, the present invention further provides a data extracting process, as shown in fig. 5, including:
s501: sending a data information extraction request to the data information generator;
s502: receiving corresponding data information sent by the data information generator, wherein the corresponding data information is read from the WORM device by the data information generator according to the data information extraction request;
s503: determining whether the corresponding data information is valid data.
Specifically, the data information extraction request includes a second hash value and attribute information corresponding to the data information;
and the corresponding data information is read from the WORM device by the data information generator according to the attribute information corresponding to the data information and is sent when a third hash value is determined to be consistent with the second hash value, and the third hash value is obtained by performing hash operation on the corresponding data information by the data information generator.
S503 is performed as follows:
s5031: performing hash operation on the corresponding data information to obtain a fourth hash value;
s5032: and comparing the fourth hash value with the second hash value, and when the fourth hash value is consistent with the second hash value, the corresponding data information is valid (evidence extraction is completed).
Specifically, in order to ensure the security of the corresponding data information transmitted to the evidence insurance authority, the data information generator may encrypt the corresponding data information and then transmit the encrypted data information, and the evidence insurance authority performs S502 as follows: and receiving the encrypted corresponding data information sent by the data information generator. Based on this, the evidence preservation also performs the following steps:
s504: and decrypting the encrypted corresponding data information (the decryption algorithm decrypts by adopting a secret key of the corresponding algorithm according to the encryption) to obtain the decrypted corresponding data information. S5031 is performed as follows: and carrying out hash operation on the decrypted corresponding data information to obtain a fourth hash value.
Based on the same inventive concept, an embodiment of the present invention further provides a distributed electronic data information security apparatus, as shown in fig. 6, where the distributed electronic data information security apparatus includes:
the data receiving module 601 is configured to receive data information pushed by a data information generator in real time through a local data security exchange interface, where the local data security exchange interface is located at the data information generator;
a first hash operation module 602, configured to perform a hash operation on the data information to obtain a first hash value;
a data transmission module 603, configured to transmit the first hash value and the attribute information corresponding to the data information to a server of an evidence preservation party;
and storing the data information into a WORM device of a data information generator, wherein the WORM device is a write-once read-write-many device.
This structure will be explained below.
In an embodiment of the present invention, the distributed electronic data information security apparatus further includes:
a data information extraction request sending module 604, configured to send a data information extraction request to the data information generator;
a data information receiving module 605, configured to receive corresponding data information sent by the data information generator, where the corresponding data information is read by the data information generator from the WORM device according to the data information extraction request;
a valid data determining module 606, configured to determine whether the corresponding data information is valid data.
Specifically, the data information extraction request includes a second hash value and attribute information corresponding to the data information;
the corresponding data information is read from the WORM device by the data information generator according to the attribute information corresponding to the data information and is sent when a third hash value is determined to be consistent with the second hash value, and the third hash value is obtained by performing hash operation on the corresponding data information by the data information generator;
the valid data determining module 606 is specifically configured to:
performing hash operation on the corresponding data information to obtain a fourth hash value;
and comparing the fourth hash value with the second hash value, wherein when the fourth hash value is consistent with the second hash value, the corresponding data information is valid.
Specifically, the data information receiving module 605 is specifically configured to:
receiving the encrypted corresponding data information sent by the data information generator;
further comprising:
a decryption module 607, configured to decrypt the encrypted corresponding data information to obtain decrypted corresponding data information;
the valid data determining module 606 is specifically configured to:
and carrying out hash operation on the decrypted corresponding data information to obtain a fourth hash value.
The two methods mentioned above are both described from a single perspective as the distributed electronic data information security method and the data extraction process, and the specific flows of the distributed electronic data information security method and the data extraction process are described from the interaction perspective of the data information generator and the evidence maintainer. As shown in fig. 7, the distributed electronic data information security method and the data extraction process include:
s701: the data information generator generates data information;
s702: the data information generating party pushes the data information to an evidence security system in real time through a local data security exchange interface, wherein the local data security exchange interface is positioned at the data information generating party;
s703: the evidence preservation party receives the data information and carries out hash operation on the data information to obtain a first hash value;
s704: the evidence security party transmits the first hash value and the attribute information corresponding to the data information to a server of the evidence security party;
and the data information generator stores the data information into a WORM device, wherein the WORM device is a write-once read-write-many device, and the WORM device is positioned at the data information generator.
S705: the evidence security system generates a data information extraction request and sends the data information extraction request to the data information generator;
s706: the data information generator reads corresponding data information from the WORM device according to the data information extraction request;
s707: the data information generator sends the corresponding data information to the evidence safety;
s708: the evidence insurance server determines whether the corresponding data information is valid data.
Specifically, the data information extraction request includes a second hash value and attribute information corresponding to the data information;
s706 specifically includes:
the data information generator reads corresponding data information from the WORM device according to the attribute information corresponding to the data information;
s707 specifically includes:
the data information generator performs hash operation on the corresponding data information to obtain a third hash value;
comparing the third hash value to the second hash value;
when the third hash value is consistent with the second hash value, the data information generator sends the corresponding data information to the evidence security;
s708 specifically includes:
the evidence preservation party receives the corresponding data information and carries out hash operation on the corresponding data information to obtain a fourth hash value;
the evidence security module compares the fourth hash value with the second hash value, and when the fourth hash value is consistent with the second hash value, the corresponding data information is valid.
Before S707, the method further includes: the data information generator encrypts the corresponding data information;
s707 specifically includes: the data information generator sends the encrypted corresponding data information to the evidence security party;
s708 specifically includes: the evidence security party receives the encrypted corresponding data information; the evidence security system decrypts the encrypted corresponding data information to obtain the decrypted corresponding data information; and the evidence security entity performs hash operation on the decrypted corresponding data information to obtain a fourth hash value.
Based on the same inventive concept, an embodiment of the present invention further provides a distributed electronic data information security system, as shown in fig. 8, where the distributed electronic data information security system includes: the distributed electronic data information security device (data information generating side) shown in fig. 3, the distributed electronic data information security device (evidence security side) shown in fig. 6, and a server for evidence security.
Based on the same inventive concept, the embodiment of the present invention further provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the processor implements the distributed electronic data information security method described in fig. 1 and 2.
Based on the same inventive concept, the embodiment of the present invention further provides a computer-readable storage medium, where a computer program for executing the distributed electronic data information security method described in fig. 1 and fig. 2 is stored in the computer-readable storage medium.
Based on the same inventive concept, in an embodiment of the present invention, a computer device includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the processor implements the distributed electronic data information security method described in any one of fig. 4 and 5.
Based on the same inventive concept, a computer-readable storage medium storing a computer program for executing the distributed electronic data information security method of fig. 4 and 5 is provided in an embodiment of the present invention.
In summary, in the embodiment of the present invention, the generated data information is pushed to the evidence security system in real time through the local data security exchange interface located at the data information generating party, rather than being transmitted to the server of the evidence security system, so that when high frequency and large data volume are involved, transmission through a network is not required, and thus, the evidence security work can be efficiently completed under the condition of ensuring the security of the electronic data information.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes may be made to the embodiment of the present invention by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (11)
1. A distributed electronic data information security method is applied to a data information generating party and is characterized in that evidence security is located at the position of the data information generating party, and the method comprises the following steps:
pushing generated data information to an evidence safety management system in real time by adopting an SAN (storage area network) FC (fiber channel) protocol through a local data safety exchange interface, wherein the local data safety exchange interface is positioned at a data information generating party;
the data information is sent after the evidence protection is carried out on the data information through the WORM device to obtain a first hash value, or the data information is sent after the evidence protection is carried out on the data information to obtain a first hash value through the WORM device to store the data information, the first hash value and the attribute information corresponding to the data information are transmitted to a server of the evidence protection through an IP network, and information is solidified and stored locally; the WORM device is write-once read-write-many equipment and is positioned at a data information generator;
further comprising: receiving a data information extraction request sent by the evidence security;
reading corresponding data information from the WORM device according to the data information extraction request;
and sending the corresponding data information to the evidence security system, and verifying whether the corresponding data information is valid data or not by the evidence security system.
2. The distributed electronic data information preservation method according to claim 1, wherein the data information extraction request includes the second hash value and attribute information corresponding to the data information;
reading corresponding data information from the WORM device according to the data information extraction request, and the method comprises the following steps:
reading corresponding data information from the WORM device according to the attribute information corresponding to the data information;
before sending the corresponding data information to the evidence depositor, the method further comprises:
performing hash operation on the corresponding data information to obtain a third hash value;
comparing the third hash value to the second hash value;
sending the corresponding data information to the evidence insurance server, including:
and when the third hash value is consistent with the second hash value, sending the corresponding data information to the evidence security.
3. A distributed electronic data information preservation method according to claim 1 or 2, further comprising:
carrying out encryption processing on the corresponding data information;
sending the corresponding data information to the evidence insurance server, including:
and sending the encrypted corresponding data information to the evidence security system.
4. A distributed electronic data information security device is applied to a data information generating party and is characterized in that evidence security is located at the position of the data information generating party and comprises the following components:
the data generating module is used for generating data information;
the local data security exchange interface is used for pushing the generated data information to an evidence security system in real time by adopting an SAN (storage area network) FC (fiber channel) protocol, wherein the local data security exchange interface is positioned at a data information generating party;
the WORM device is used for storing the data information after the evidence security system performs hash operation on the data information to obtain a first hash value, or after the evidence security system performs hash operation on the data information to obtain a first hash value and transmits the first hash value and attribute information corresponding to the data information to a server of the evidence security system through an IP network, wherein the WORM device is a write-once read-write device for multiple times and realizes that the information is solidified and stored locally;
further comprising:
a data information extraction request receiving module, configured to receive a data information extraction request sent by the evidence security system;
the reading module is used for reading corresponding data information from the WORM device according to the data information extraction request;
and the data information sending module is used for sending the corresponding data information to the evidence security system, and the evidence security system verifies whether the corresponding data information is valid data.
5. The distributed electronic data information preservation apparatus according to claim 4, wherein the data information extraction request includes the second hash value and attribute information corresponding to the data information;
the reading module is specifically configured to:
reading corresponding data information from the WORM device according to the attribute information corresponding to the data information;
further comprising:
the third hash value operation module is used for carrying out hash operation on the corresponding data information to obtain a third hash value;
a first comparing module for comparing the third hash value with the second hash value;
the data information sending module is specifically configured to:
and when the third hash value is consistent with the second hash value, sending the corresponding data information to the evidence security.
6. A distributed electronic data information security device according to claim 4 or 5, further comprising:
the encryption processing module is used for carrying out encryption processing on the corresponding data information;
the data information sending module is specifically configured to:
and sending the encrypted corresponding data information to the evidence security system.
7. A method for protecting distributed electronic data information, wherein evidence is protected and located in the place where the data information produces, comprising:
the data information generator generates data information;
a data information generating party pushes the data information to an evidence security party in real time by adopting an SAN (storage area network) FC (fiber channel) protocol through a local data security exchange interface, wherein the local data security exchange interface is positioned at the data information generating party;
the evidence depositor receives the data information;
performing hash operation on the data information by the evidence security system to obtain a first hash value;
the evidence security system transmits the first hash value and attribute information corresponding to the data information to a server of the evidence security system through an IP network, stores the data information into a WORM device, and realizes information solidification in local storage, wherein the WORM device is write-once read-write-many device and is located at a data information generating party;
further comprising:
the evidence security system generates a data information extraction request and sends the data information extraction request to the data information generator;
the data information generator reads corresponding data information from the WORM device according to the data information extraction request;
the data information generator sends the corresponding data information to the evidence safety;
the evidence insurance server determines whether the corresponding data information is valid data.
8. The distributed electronic data information preservation method according to claim 7, wherein the data information extraction request includes the second hash value and attribute information corresponding to the data information;
the data information generator reads corresponding data information from the WORM device according to the data information extraction request, and the method comprises the following steps:
the data information generator reads corresponding data information from the WORM device according to the attribute information corresponding to the data information;
further comprising:
the data information generator performs hash operation on the corresponding data information to obtain a third hash value;
comparing the third hash value to the second hash value;
the data information generator sends the corresponding data information to the evidence insurance prescription, and the method comprises the following steps:
when the third hash value is consistent with the second hash value, the data information generator sends the corresponding data information to the evidence security;
the evidence preserving method for determining whether the corresponding data information is valid data comprises the following steps:
the evidence preservation party receives the corresponding data information and carries out hash operation on the corresponding data information to obtain a fourth hash value;
the evidence security module compares the fourth hash value with the second hash value, and when the fourth hash value is consistent with the second hash value, the corresponding data information is valid.
9. A distributed electronic data information preservation method according to claim 7 or 8 further comprising:
the data information generator encrypts the corresponding data information;
the data information generator sends the corresponding data information to the evidence insurance prescription, and the method comprises the following steps:
the data information generator sends the encrypted corresponding data information to the evidence security party;
the evidence preserving method for determining whether the corresponding data information is valid data comprises the following steps:
the evidence security party receives the encrypted corresponding data information;
the evidence security system decrypts the encrypted corresponding data information to obtain the decrypted corresponding data information;
and the evidence security entity performs hash operation on the decrypted corresponding data information to obtain a fourth hash value.
10. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the distributed electronic data information security method of any one of claims 1 to 3 when executing the computer program.
11. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program, which is executed by a processor to implement the distributed electronic data information security method of any one of claims 1 to 3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810831916.XA CN108923912B (en) | 2018-07-26 | 2018-07-26 | Distributed electronic data information security method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810831916.XA CN108923912B (en) | 2018-07-26 | 2018-07-26 | Distributed electronic data information security method, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108923912A CN108923912A (en) | 2018-11-30 |
| CN108923912B true CN108923912B (en) | 2022-03-04 |
Family
ID=64418395
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810831916.XA Active CN108923912B (en) | 2018-07-26 | 2018-07-26 | Distributed electronic data information security method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108923912B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111832078A (en) * | 2020-06-14 | 2020-10-27 | 北京联合信任技术服务有限公司 | Data acquisition verification system, data acquisition verification method, storage medium, and program product |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102223374A (en) * | 2011-06-22 | 2011-10-19 | 熊志海 | Third-party authentication security protection system and third-party authentication security protection method based on online security protection of electronic evidence |
| CN106657049A (en) * | 2016-12-15 | 2017-05-10 | 周影 | System and method for real-time collection and fixing of electronic evidence |
| CN106713297A (en) * | 2016-12-15 | 2017-05-24 | 周影 | Electronic data fixing platform based on cloud service |
| CN107395359A (en) * | 2017-07-17 | 2017-11-24 | 深圳市大恒数据安全科技有限责任公司 | A kind of electronic data demonstrate,proves method, terminal and system admittedly |
| CN107659579A (en) * | 2017-10-20 | 2018-02-02 | 国信嘉宁数据技术有限公司 | Deposit card method, equipment and related deposit system in a kind of scene |
| CN107888591A (en) * | 2017-11-10 | 2018-04-06 | 国信嘉宁数据技术有限公司 | The method and system that a kind of electronic data is saved from damage |
-
2018
- 2018-07-26 CN CN201810831916.XA patent/CN108923912B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102223374A (en) * | 2011-06-22 | 2011-10-19 | 熊志海 | Third-party authentication security protection system and third-party authentication security protection method based on online security protection of electronic evidence |
| CN106657049A (en) * | 2016-12-15 | 2017-05-10 | 周影 | System and method for real-time collection and fixing of electronic evidence |
| CN106713297A (en) * | 2016-12-15 | 2017-05-24 | 周影 | Electronic data fixing platform based on cloud service |
| CN107395359A (en) * | 2017-07-17 | 2017-11-24 | 深圳市大恒数据安全科技有限责任公司 | A kind of electronic data demonstrate,proves method, terminal and system admittedly |
| CN107659579A (en) * | 2017-10-20 | 2018-02-02 | 国信嘉宁数据技术有限公司 | Deposit card method, equipment and related deposit system in a kind of scene |
| CN107888591A (en) * | 2017-11-10 | 2018-04-06 | 国信嘉宁数据技术有限公司 | The method and system that a kind of electronic data is saved from damage |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108923912A (en) | 2018-11-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110798315B (en) | Data processing method and device based on block chain and terminal | |
| CN1717893B (en) | Device keys | |
| EP3780483A1 (en) | Cryptographic operation method, method for creating work key, and cryptographic service platform and device | |
| CN101515319B (en) | Cipher key processing method, cipher key cryptography service system and cipher key consultation method | |
| EP0725512A2 (en) | Data communication system using public keys | |
| CN108768963B (en) | Communication method and system of trusted application and secure element | |
| CN107005577B (en) | Fingerprint data processing method and processing device | |
| CN110868291B (en) | Data encryption transmission method, device, system and storage medium | |
| CN111541553A (en) | Trusted starting method and device of block chain all-in-one machine | |
| CN104205117A (en) | Device file encryption and decryption method and device | |
| CN105468940B (en) | Method for protecting software and device | |
| CN103152322A (en) | Method of data encryption protection and system thereof | |
| CN111970114B (en) | File encryption method, system, server and storage medium | |
| CN110460436A (en) | Hardware device key management method, system, storage medium and computer equipment | |
| CN108882030A (en) | A kind of monitor video classification encryption and decryption method and system based on time-domain information | |
| CN108923912B (en) | Distributed electronic data information security method, device and system | |
| CN113326518A (en) | Data processing method and device | |
| CN108965278A (en) | Transaction request processing method and processing device | |
| CN104253692A (en) | SE-based (symmetric encryption based) key management method and device | |
| CN113595742B (en) | Data transmission method, system, computer device and storage medium | |
| CN107016267B (en) | Resource operation method and system in offline state | |
| CN111865891B (en) | Data transmission method, user terminal, electronic equipment and readable storage medium | |
| CN109754251B (en) | Data processing method and device, medium and terminal thereof | |
| KR20150101896A (en) | System and method for data sharing of intercloud enviroment | |
| CN115361140B (en) | Method and device for verifying security chip key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |