CN109462608A - Data encryption processing method, apparatus and system - Google Patents
Data encryption processing method, apparatus and system Download PDFInfo
- Publication number
- CN109462608A CN109462608A CN201811567130.8A CN201811567130A CN109462608A CN 109462608 A CN109462608 A CN 109462608A CN 201811567130 A CN201811567130 A CN 201811567130A CN 109462608 A CN109462608 A CN 109462608A
- Authority
- CN
- China
- Prior art keywords
- key
- data
- cloud
- encryption
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Abstract
The present invention provides a kind of data encryption processing methods, apparatus and system;After receiving the data encryption request that user sends, basic key is generated according to preset first algorithm, and encrypt to be-encrypted data using basic key, encrypted data is sent to cloud server, so that cloud server stores encrypted data;According to preset second algorithm and basic key, the sub-key of setting quantity is generated;According to pre-set user password, local key is encrypted, generates and saves local cipher key;According to the user biological characteristic information pre-saved, cloud key is encrypted, generates cloud encryption key, and send it to cloud server, so that cloud server saves cloud encryption key.The present invention is decomposed into two parts in data encryption treatment process, by foundation key, and a part is saved in local cipher, and another part is sent to cloud encrypting storing, improves the safety of key, thus the safety to data encryption.
Description
Technical field
The present invention relates to technical field of data security, more particularly, to a kind of data encryption processing method, apparatus and system.
Background technique
In cipher system, the safeguard protection of key is the safety issue of most critical, and cryptographic technique is widely used in letter
In the numerous areas for ceasing safety, whether symmetry cipher or unsymmetrical key system, safety all rely on key
The safety of itself.There are mainly two types of modes for the management of key at present: being taken care of by client and client user;Such as by third party
Key Management server trustship.However, both the above mode has drawback, in the first way, no matter key is saved
What medium any medium is not stored in perhaps at only remembers that there are still be stolen or by the risk of Brute Force by user.It is right
There is large effect to the safety of encryption data when having external attack or internal leakage event occurs in the second way.
Summary of the invention
In view of this, the purpose of the present invention is to provide a kind of data encryption processing method, apparatus and system, with raising pair
The safety of data encryption.
In a first aspect, this method is applied to client, visitor the embodiment of the invention provides a kind of data encryption processing method
Family end and cloud server communicate to connect;This method comprises: receiving the data encryption request that user sends;Data encryption request packet
Include be-encrypted data;Basic key is generated according to preset first algorithm;Be-encrypted data is encrypted using basic key, is generated
Encrypted data is sent to cloud server by encrypted data, so that encrypted data is stored in advance by cloud server
The cloud database of foundation;According to preset second algorithm and basic key, the sub-key of setting quantity is generated;Sub-key includes
At least one local key and a cloud key;According to pre-set user password, local key is encrypted, is generated local
Encryption key, and save local cipher key;According to the biological information of the user pre-saved, cloud key is encrypted,
Generate cloud encryption key;Cloud key is sent to cloud server, so that cloud server saves cloud encryption key
Database beyond the clouds.
With reference to first aspect, the embodiment of the invention provides the first possible embodiments of first aspect, wherein on
State method further include: receive the data download request that user sends;Data download request include user biological information and
The storage location of data to be downloaded server beyond the clouds;Believed according to biological information and the biological characteristic of the user pre-saved
Breath, judges whether data download request is legal;If legal, the first random number is generated, using the cloud public key pair pre-saved
First random number encryption generates the first encrypted random number;First encrypted random number and data download request are sent to cloud clothes
Business device, so that cloud server is treated the corresponding cloud encryption key of downloading data and be decrypted, obtain according to data download request
To cloud key, the first encrypted random number is decrypted using the corresponding private key of cloud public key pre-saved, it is random to obtain first
Number;Cloud key and the corresponding encrypted data of data to be downloaded are encrypted using the first random number, obtain encryption key data,
And encryption key data is sent to client;Receive encryption key data;Using the first random number to encryption key data solution
It is close, obtain cloud key and encrypted data;After receiving the user password of user's transmission, according to user password and preparatory guarantor
The corresponding local cipher key decryption of the encryption data deposited, obtains local key;According to cloud key and local key, to encryption
Data deciphering obtains data to be downloaded.
With reference to first aspect or the first possible embodiment of first aspect, the embodiment of the invention provides first party
The possible embodiment of second of face, wherein above-mentioned second algorithm includes Shamir privacy sharing algorithm.
The possible embodiment of second with reference to first aspect, the embodiment of the invention provides the third of first aspect
Possible embodiment, wherein above-mentioned that data to be downloaded are obtained to encryption data decryption according to cloud key and local key
The step of, comprising: according to the second algorithm, cloud key and local key, generate the corresponding basic key of data to be downloaded;Using
Basic key decrypts encryption data, obtains data to be downloaded.
Second aspect, the embodiment of the invention provides a kind of data encryption processing method, this method is applied to cloud service
Device, cloud server are connect with client communication;This method comprises: the encrypted data that client is sent is received, after encryption
Data are stored in the cloud database pre-established;Encrypted data is generated by client according to preset first algorithm substantially close
Key is treated the encryption data encryption in data encryption request using basic key and is generated;Data encryption request is sent by user
To client;The cloud encryption key that client is sent is received, and cloud encryption key is stored in cloud database;Cloud adds
Key encrypts cloud key according to the biological information of the user pre-saved by client and is generated;Cloud key by
Client is generated according to preset second algorithm and basic key.
In conjunction with second aspect, the embodiment of the invention provides the first possible embodiments of second aspect, wherein on
State method further include: receive the first encrypted random number and data download request that client is sent;First encrypted random number is by visitor
After family end judges that data download request is legal, the first random number is generated, and random to first using the cloud public key pre-saved
Number is encrypted and is generated;Data download request is sent to client by user;Data download request includes the biological characteristic letter of user
The storage location of breath and data to be downloaded server beyond the clouds;According to data download request, the corresponding cloud of downloading data is treated
Encryption key is decrypted, and obtains cloud key;It is random to the first encryption using the corresponding private key of cloud public key pre-saved
Number decryption, obtains the first random number;Cloud key and the corresponding encrypted data of data to be downloaded are added using the first random number
It is close, obtain encryption key data;Encryption key data is sent to client, so that client is using the first random number to encryption
Key data decryption, obtains cloud key and encrypted data;After receiving the user password of user's transmission, according to the registered permanent residence
The corresponding local cipher key decryption of the encryption data for enabling and pre-saving, obtains local key;According to cloud key and local
Key decrypts encryption data, obtains data to be downloaded.
In conjunction with the first possible embodiment of second aspect, the embodiment of the invention provides second of second aspect
Possible embodiment, wherein it is above-mentioned according to data download request, it treats the corresponding cloud encryption key of downloading data and is solved
It is close, the step of obtaining cloud key, comprising: according to storage location, search the corresponding cloud of data to be downloaded in database beyond the clouds
Hold encryption key;Using biometric identification to cloud encryption key decryption, cloud key is obtained.
The third aspect, the embodiment of the invention provides a kind of data encryption processing unit, which is set to client, visitor
Family end and cloud server communicate to connect;The device includes: CIPHERING REQUEST receiving module, and the data for receiving user's transmission add
Close request;Data encryption request includes be-encrypted data;Basic key generation module, for being generated according to preset first algorithm
Basic key;Data encryption module is generated encrypted data, will encrypted for being encrypted using basic key to be-encrypted data
Data are sent to cloud server afterwards, so that encrypted data is stored in the cloud database pre-established by cloud server;
Sub-key generation module, for generating the sub-key of setting quantity according to preset second algorithm and basic key;Sub-key packet
Include at least one local key and a cloud key;Local cipher key encryption block is used for according to pre-set user password,
Local key is encrypted, generates local cipher key, and save local cipher key;Cloud cipher key encryption block is used for basis
The biological information of the user pre-saved encrypts cloud key, generates cloud encryption key;Cloud key sends mould
Block, for cloud key to be sent to cloud server, so that cloud encryption key is saved data beyond the clouds by cloud server
Library.
Fourth aspect, the embodiment of the invention provides a kind of data encryption processing unit, which is set to cloud service
Device, cloud server are connect with client communication;The device includes: encrypted data memory module, for receiving client hair
Encrypted data is stored in the cloud database pre-established by the encrypted data sent;Encrypted data by client according to
Preset first algorithm generates basic key, treats the encryption data encryption in data encryption request using basic key and gives birth to
At;Data encryption request is sent to client by user;Cloud encryption key preserving module, for saving cloud encryption key
Database beyond the clouds;Cloud encryption key adds cloud key according to the biological information of the user pre-saved by client
It is close and generate;Cloud key is generated by client according to preset second algorithm and basic key.
5th aspect, the embodiment of the invention provides a kind of data encryption processing systems, including client and cloud service
Device;Device described in the above-mentioned third aspect is set to client;Cloud server is set to described in above-mentioned fourth aspect.
The embodiment of the present invention bring it is following the utility model has the advantages that
The embodiment of the invention provides a kind of data encryption processing methods, apparatus and system;Receive the data that user sends
After CIPHERING REQUEST, basic key is generated according to preset first algorithm, and encrypt to be-encrypted data using basic key, generated
Encrypted data is sent to cloud server by encrypted data, so that encrypted data is stored in advance by cloud server
The cloud database of foundation;According to preset second algorithm and basic key, the sub-key of setting quantity is generated;Sub-key includes
At least one local key and a cloud key;According to pre-set user password, local key is encrypted, is generated local
Encryption key, and save local cipher key;According to the biological information of the user pre-saved, cloud key is encrypted,
Cloud encryption key is generated, and cloud key is sent to cloud server, so that cloud server protects cloud encryption key
There are cloud databases.Which encrypts be-encrypted data using foundation key, and it is close that foundation key is decomposed into two parts
Key, a part are sent to cloud and carry out encrypting storing in locally progress encrypting storing, another part, improve the safety of key
Property, thus the safety to data encryption.
Other features and advantages of the present invention will illustrate in the following description, alternatively, Partial Feature and advantage can be with
Deduce from specification or unambiguously determine, or by implementing above-mentioned technology of the invention it can be learnt that.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, better embodiment is cited below particularly, and match
Appended attached drawing is closed, is described in detail below.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art
Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below
Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor
It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is a kind of flow chart of data encryption processing method provided in an embodiment of the present invention;
Fig. 2 is the flow chart of data downloading process in a kind of data encryption processing method provided in an embodiment of the present invention;
Fig. 3 is the flow chart of another data encryption processing method provided in an embodiment of the present invention;
Fig. 4 is another data encryption processing method provided in an embodiment of the present invention, the flow chart of data downloading process;
Fig. 5 is that a kind of Shamir secret sharing scheme combination biological characteristic that is based on provided in an embodiment of the present invention utilizes multiterminal
In the method for managing encrypted key, the flow chart of file upload procedure is encrypted;
Fig. 6 is that a kind of Shamir secret sharing scheme combination biological characteristic that is based on provided in an embodiment of the present invention utilizes multiterminal
In the method for managing encrypted key, the flow chart of file download process;
Fig. 7 is a kind of structural schematic diagram of data encryption processing unit provided in an embodiment of the present invention;
Fig. 8 is the structural schematic diagram of another data encryption processing unit provided in an embodiment of the present invention;
Fig. 9 is a kind of structural schematic diagram of data encryption processing system provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with attached drawing to the present invention
Technical solution be clearly and completely described, it is clear that described embodiments are some of the embodiments of the present invention, rather than
Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise
Under every other embodiment obtained, shall fall within the protection scope of the present invention.
Currently, the safety of existing data encryption processing mode is poor, it is based on this, the embodiment of the invention provides one kind
Data encryption processing method, apparatus and system, can be applied to.
For convenient for understanding the present embodiment, first to a kind of data encryption processing side disclosed in the embodiment of the present invention
Method describes in detail.
A kind of flow chart of data encryption processing method shown in Figure 1, this method be applied to client, client with
Cloud server communication connection;Method includes the following steps:
Step S100 receives the data encryption request that user sends;Data encryption request includes be-encrypted data;Specifically
Ground, user can send client for be-encrypted data after logging in client.
Step S102 generates basic key according to preset first algorithm;Specifically, there are many algorithms for generating key;
Key is a kind of parameter, it is the parameter inputted in being converted to ciphertext or the algorithm for converting ciphertext into plaintext in plain text.Key
It is divided into symmetric key and unsymmetrical key, can be accordingly generated using symmetric encipherment algorithm and rivest, shamir, adelman corresponding
Key.
Step S104 encrypts be-encrypted data using basic key, generates encrypted data, encrypted data is sent
To cloud server, so that encrypted data is stored in the cloud database pre-established by cloud server.
Specifically, basic key is inputted during encrypting to be-encrypted data as parameter, is obtained by encryption
Encrypted data;Client will be sent to cloud server by the encrypted data of encryption;Cloud server is after the encryption
Data distribute memory space, and encrypted data is stored in the cloud database pre-established.
Step S106 generates the sub-key of setting quantity according to preset second algorithm and basic key;Sub-key includes
At least one local key and a cloud key.
Specifically, above-mentioned second algorithm is for decomposing basic key with certain format, which can be with
For Shamir privacy sharing algorithm scheduling algorithm;Above-mentioned setting quantity is at least 2;Sub-key a part of generation is for being stored in this
The positions such as ground or U-shield, another part is for being stored in cloud server.
Step S108 encrypts local key according to pre-set user password, generates local cipher key, and protect
Deposit local cipher key.
Specifically, above-mentioned user password can be stored in the multidigit letter of client, number for user in registration process
Deng, or later period input;Local key is encrypted by the user password, obtains local cipher key, and will
It is saved to local server or output file, so that user saves local cipher key into the memories such as U-shield.
Step S110 encrypts cloud key according to the biological information of the user pre-saved, generates cloud encryption
Key;Specifically, above-mentioned biological information can be input to client when registration for user;Biological characteristic letter
Breath can be fingerprint, vocal print, facial characteristics etc..
Cloud key is sent to cloud server by step S112, so as to which cloud encryption key is saved data beyond the clouds
Library.
The embodiment of the invention provides a kind of data encryption processing methods;After receiving the data encryption request that user sends,
Basic key is generated according to preset first algorithm, and be-encrypted data is encrypted using basic key, generates encrypted data,
Encrypted data is sent to cloud server, so that encrypted data is stored in the cloud number pre-established by cloud server
According to library;According to preset second algorithm and basic key, the sub-key of setting quantity is generated;The registered permanent residence is used according to pre-set
It enables, local key is encrypted, generate local cipher key, and save local cipher key;According to the life of the user pre-saved
Object characteristic information encrypts cloud key, generates cloud encryption key, and cloud key is sent to cloud server, so that
Cloud encryption key is stored in cloud database by cloud server.This method encrypts be-encrypted data using foundation key,
And foundation key is decomposed into two parts key, for a part in locally progress encrypting storing, another part is sent to cloud progress
Encrypting storing improves the safety of key, thus the safety to data encryption.
After carrying out encryption storage to data using the above method, when user needs to be downloaded stored data
When, it can specifically be realized by following steps, flow chart is as shown in Figure 2:
Step S200 receives the data download request that user sends;Data download request includes the biological characteristic letter of user
The storage location of breath and data to be downloaded server beyond the clouds;Specifically, user can be according to the biological characteristic of Client-Prompt
Type inputs corresponding biological information;The biological information and the biological information pair for being pre-stored in client
It answers.
Step S202 judges under data according to biological information and the biological information of the user pre-saved
Whether legal carry request;Specifically, the biological information of user's input and the biological information pre-saved are compared, if
The two is consistent, it is determined that data download request is legal.
Step S204 is generated the first random number, is added using the cloud public key pre-saved to the first random number if legal
It is close, generate the first encrypted random number;Specifically, above-mentioned first random number generates at random;The cloud saved corresponding to client
Hold public key, the in store private key of cloud server;The file encrypted using cloud public key as key can will encrypt file with private key
Decryption.
First encrypted random number and data download request are sent to cloud server, so that cloud service by step S206
Device is treated the corresponding cloud encryption key of downloading data and is decrypted, cloud key is obtained, using pre- according to data download request
The corresponding private key of cloud public key first saved decrypts the first encrypted random number, obtains the first random number;Using the first random number
To cloud key and data to be downloaded corresponding encrypted data encryption, encryption key data is obtained, and by encryption key data
It is sent to client.
Specifically, cloud server can determine number to be downloaded after receiving data download request according to storage location
According to stubborn and reluctant encryption file and cloud encryption key, further according to user biological information to cloud encryption key decryption, obtain
To cloud key;Next it is decrypted to the first encrypted random number, obtains the first random number;Can will cloud key and encryption after
Data merge into a data with certain format, then using the first random number as encryption key to number after cloud key and encryption
According to symmetric cryptography is carried out, encryption key data is obtained.
Step S208 receives encryption key data.
Step S210 decrypts encryption key data using the first random number, obtains cloud key and encrypted data;By
Symmetric cryptography is used in cloud server, therefore client can be carried out using the first random number as key pair encryption key data
Decryption, obtains cloud key and the corresponding encrypted data of file to be downloaded.
Step S212, after receiving the user password of user's transmission, according to user password and the encryption number pre-saved
It is decrypted according to corresponding local cipher key, obtains local key;Specifically, the execution sequence of step S210 and step 212 can be with
It exchanges;After receiving user password, local cipher key is decrypted using user password, if the user password with it is right
The user password of local cipher key encryption is identical, then successful decryption, obtains local key.
Step S214 decrypts encryption data, obtains data to be downloaded according to cloud key and local key;Specifically,
The corresponding basic key of data to be downloaded can be generated according to the second algorithm, cloud key and local key;Using basic key
Encryption data is decrypted, data to be downloaded are obtained.
This method respectively adds cloud using biological information and user password when user carries out data downloading
Key and local cipher key are decrypted, and are finally obtained basic key and are treated downloading data and are decrypted;This method mentions
The high safety of data decrypting process, to improve the safety of data storage.
The embodiment of the invention also provides another data encryption processing method, flow chart is as shown in Figure 3;This method is answered
For cloud server, cloud server is connect with client communication;Method includes the following steps:
Step S300 receives the encrypted data that client is sent, encrypted data is stored in the cloud pre-established
Database;Specifically, encrypted data generates basic key according to preset first algorithm by client, using basic key pair
Encryption data in pending data CIPHERING REQUEST is encrypted and is generated;Data encryption request is sent to client by user.
Step S302 receives the cloud encryption key that client is sent, and cloud encryption key is saved data beyond the clouds
Library;Cloud encryption key encrypts cloud key according to the biological information of the user pre-saved by client and is generated;
Cloud key is generated by client according to preset second algorithm and basic key;Specifically, the second algorithm is for will be basic
Key is decomposed with certain format, which can be Shamir privacy sharing algorithm scheduling algorithm;The cloud key
It can be a part of basic key.
Another kind data encryption processing method provided in an embodiment of the present invention adds with a kind of data provided by the above embodiment
Close processing method technical characteristic having the same,.
After carrying out encryption storage to data using the above method, when user needs to be downloaded stored data
When, it can specifically be realized by following steps, flow chart is as shown in Figure 2:
Step S400 receives the first encrypted random number and data download request that client is sent;Specifically, the first encryption
After random number judges that data download request is legal by client, the first random number is generated, and using the cloud public key pre-saved
First random number encryption is generated;Data download request is sent to client by user;Data download request includes user's
The storage location of biological information and data to be downloaded server beyond the clouds.
Step S402 treats the corresponding cloud encryption key of downloading data and is decrypted, obtain according to data download request
Cloud key;Specifically, it is close can be searched according to storage location beyond the clouds for the corresponding cloud encryption of data to be downloaded in database
Key;Using biometric identification to cloud encryption key decryption, cloud key is obtained.
Step S404 decrypts the first encrypted random number using the corresponding private key of cloud public key pre-saved, obtains
One random number.
Step S406 encrypts cloud key and the corresponding encrypted data of data to be downloaded using the first random number, obtains
To encryption key data.
Encryption key data is sent to client by step S408, so that client is close to encrypting using the first random number
Key data deciphering obtains cloud key and encrypted data;After receiving the user password of user's transmission, according to user password
And the corresponding local cipher key decryption of encryption data pre-saved, obtain local key;It is close according to cloud key and local
Key decrypts encryption data, obtains data to be downloaded.
This method respectively adds cloud using biological information and user password when user carries out data downloading
Key and local cipher key are decrypted, and are finally obtained basic key and are treated downloading data and are decrypted;This method mentions
The high safety of data decrypting process, to improve the safety of data storage.
It is managing encrypted using multiterminal based on Shamir secret sharing scheme combination biological characteristic that the present invention also provides one kind
The method of key;Wherein, key is a kind of parameter, it is in being converted to ciphertext or the algorithm for converting ciphertext into plaintext in plain text
The parameter of input.Key is divided into symmetric key and unsymmetrical key;What this method was applied to that client and server end form is
System has provided safely mainly for client under key management scene or the insincere problem of server end for user key
The solution of effect.
With the rapid development of the emerging internets technology such as Internet of Things, cloud computing and big data, information security, which has become, to be worked as
One pressing issues of modern China's information driving society.Nowadays, user gets used to a large amount of personal data to store to cloud, and
Data are obtained by various equipment when needed.But the problems such as safety existing for cloud and secret protection, causes
Cloud will be uploaded to again after individual privacy data encryption by generally selecting user, be read before data in terminal deciphering data.This
A process needs a suitable key management method.However, traditional key management method has certain limitation, tradition
The safety of cryptography places one's entire reliance upon the safety of encryption key, and the not no inevitable connection of encryption key and legitimate user
System.Accordingly, upon encryption key is lost or is stolen, encryption system will be unable to guarantee the safety of user identity.And biology is special
The fast development of sign authentication techniques is that the key management under mobile cloud scene brings a completely new solution;It utilizes use
The biological feature encryption key at family, not only easy to carry, not easy to lose but also user's uniqueness obtains effective guarantee.
The method of existing managing encrypted key faces following technical problem:
(1) after dispersing, cipher key processes complexity is obtained, multiple media is needed to be brought together.
(2) encryption is also possible that and is cracked, and cannot determine user identity by biological characteristic.
(3) client and server-side are all incredible, but legacy system all assumes that and comes on the basis of one end is believable
Save key.
For these disadvantages, method provided in an embodiment of the present invention has carried out following improvement:
(1) key has all deposited part of key in client and server-side, realizes fraction, increases safety, increase close
The difficulty that key is lost.
(2) certification for combining biological characteristic, by client, the feature binding that server-side and user itself have exists
Together, break through wherein any one in addition cannot both obtain decruption key.And realize the uniqueness of certification.
(3) two-way authentication is realized using biological characteristic and certificate when downloading.
Specifically, this method includes the upload of encryption file and two parts of file download;Wherein, file upload procedure is encrypted
Flow chart as shown in figure 5, specific as follows:
(1) cloud certificate (information such as cloud public key, Encryption Algorithm) are saved in client;
(2) client generates the encryption key K (being equivalent to above-mentioned foundation key) of file M at random;
(3) carrying out symmetric cryptography to classified papers M by key K is that C is uploaded to cloud;
(4) being divided K using Shamir privacy sharing is that k1 (being equivalent to above-mentioned local key) and k2 (are equivalent to above-mentioned cloud
Key);
(5) k1 is encrypted as C1 using user password and is saved in the equipment such as local or U-shield;
(6) k2 is that C2 is uploaded to cloud using biometric templates feature encryption.
The flow chart of file download decrypting process is as shown in fig. 6, specific as follows:
(1) user carries out certification identification (such as recognition of face, fingerprint) by biological characteristic, by that can request text after certification
Part is downloaded, otherwise turn-off request;
(2) after by certification, cloud decrypts to obtain k2 using biological characteristic;
(3) client generates random generation number S;
It (4) the use of cloud public key encryption S is that C3 is sent to cloud;
(5) cloud receives and decrypts random number S by private key after C3;
(6) cloud is sent to client using S encryption (C, K2);
(7) client decrypts to obtain k2 and C using random number S;
(8) user goes out k1 using password decryption;
(9) client obtains M using k1 and k2 decryption C.
Method of the invention splits key, uses password and biological feature encryption respectively, is stored in different ends, ties simultaneously
It closes biological characteristic and certificate carries out two-way authentication, high degree increases the difficulty for stealing key, greatly reduces key loss
Risk.
The embodiment of the invention provides a kind of data encryption processing unit, structural schematic diagram is as shown in Figure 7;The device is set
It is placed in client, client and cloud server communicate to connect;The device includes: CIPHERING REQUEST receiving module 700, for receiving
The data encryption request that user sends;Data encryption request includes be-encrypted data;Basic key generation module 702 is used for root
Basic key is generated according to preset first algorithm;Data encryption module 704, for being added using basic key to be-encrypted data
It is close, encrypted data is generated, encrypted data is sent to cloud server, so that cloud server stores encrypted data
In the cloud database pre-established;Sub-key generation module 706, for according to preset second algorithm and basic key, life
At the sub-key of setting quantity;Sub-key includes at least one local key and a cloud key;Local cipher key encryption block
708, for being encrypted to local key according to pre-set user password, local cipher key is generated, and save local cipher
Key;Cloud cipher key encryption block 710 encrypts cloud key for the biological information according to the user pre-saved,
Generate cloud encryption key;Cloud key sending module 712, for cloud key to be sent to cloud server, so that cloud
Cloud encryption key is stored in cloud database by server.
A kind of data encryption processing unit provided in an embodiment of the present invention, with a kind of data encryption provided by the above embodiment
Processing method technical characteristic having the same reaches identical technical effect so also can solve identical technical problem.
The embodiment of the invention also provides another data encryption processing unit, structural schematic diagram is as shown in Figure 8;The dress
It installs and is placed in cloud server, cloud server is connect with client communication;The device includes: encrypted data memory module
800, for receiving the encrypted data of client transmission, encrypted data is stored in the cloud database pre-established;Add
Data generate basic key according to preset first algorithm by client after close, are treated in data encryption request using basic key
Encryption data encryption and generate;Data encryption request is sent to client by user;Cloud encryption key preserving module 802,
For cloud encryption key to be stored in cloud database;Cloud encryption key is by client according to the life of the user pre-saved
Object characteristic information encrypts cloud key and generates;Cloud key by client according to preset second algorithm and basic key and
It generates.
Another kind data encryption processing unit provided in an embodiment of the present invention, with another data provided by the above embodiment
Cipher processing method technical characteristic having the same reaches identical technical effect so also can solve identical technical problem.
Corresponding to above-described embodiment, the embodiment of the invention provides a kind of data encryption processing system, structural schematic diagrams
As shown in Figure 9;The system includes client 90 and cloud server 91;A kind of above-mentioned data encryption processing unit is set to client
End;Above-mentioned another kind data encryption processing unit is set to cloud server.
The computer program product of data encryption processing method, device and system provided by the embodiment of the present invention, packet
The computer readable storage medium for storing program code is included, the instruction that said program code includes can be used for executing previous methods
Method as described in the examples, specific implementation can be found in embodiment of the method, and details are not described herein.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description
And/or the specific work process of device, it can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
In addition, in the description of the embodiment of the present invention unless specifically defined or limited otherwise, term " installation ", " phase
Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can
To be mechanical connection, it is also possible to be electrically connected;It can be directly connected, can also can be indirectly connected through an intermediary
Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood at this with concrete condition
Concrete meaning in invention.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially in other words
The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a
People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention.
And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic or disk.
In the description of the present invention, it should be noted that term " center ", "upper", "lower", "left", "right", "vertical",
The orientation or positional relationship of the instructions such as "horizontal", "inner", "outside" be based on the orientation or positional relationship shown in the drawings, merely to
Convenient for description the present invention and simplify description, rather than the device or element of indication or suggestion meaning must have a particular orientation,
It is constructed and operated in a specific orientation, therefore is not considered as limiting the invention.In addition, term " first ", " second ",
" third " is used for descriptive purposes only and cannot be understood as indicating or suggesting relative importance.
Finally, it should be noted that embodiment described above, only a specific embodiment of the invention, to illustrate the present invention
Technical solution, rather than its limitations, scope of protection of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair
It is bright to be described in detail, those skilled in the art should understand that: anyone skilled in the art
In the technical scope disclosed by the present invention, it can still modify to technical solution documented by previous embodiment or can be light
It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make
The essence of corresponding technical solution is detached from the spirit and scope of technical solution of the embodiment of the present invention, should all cover in protection of the invention
Within the scope of.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. a kind of data encryption processing method, which is characterized in that the method is applied to client, and the client and cloud take
Business device communication connection;The described method includes:
Receive the data encryption request that user sends;The data encryption request includes be-encrypted data;
Basic key is generated according to preset first algorithm;
The be-encrypted data is encrypted using the basic key, encrypted data is generated, the encrypted data is sent
To the cloud server, so that the encrypted data is stored in the cloud data pre-established by the cloud server
Library;
According to preset second algorithm and the basic key, the sub-key of setting quantity is generated;The sub-key includes at least
One local key and a cloud key;
According to pre-set user password, the local key is encrypted, generates local cipher key, and save the local
Encryption key;
According to the biological information of the user pre-saved, the cloud key is encrypted, generates cloud encryption key;
The cloud key is sent to the cloud server, so that the cloud server protects the cloud encryption key
There are the cloud databases.
2. the method according to claim 1, wherein the method also includes:
Receive the data download request that user sends;The data download request include the user biological information and to
Storage location of the downloading data in the cloud server;
According to the biological information and the biological information of the user pre-saved, judge that the data downloading is asked
Seeking Truth is no legal;
If legal, the first random number is generated, using the cloud public key pre-saved to first random number encryption, generates the
One encrypted random number;
First encrypted random number and the data download request are sent to the cloud server, so that the cloud server
According to the data download request, the corresponding cloud encryption key of the data to be downloaded is decrypted, the cloud is obtained
Key decrypts first encrypted random number using the corresponding private key of the cloud public key pre-saved, obtains described
One random number;The cloud key and the corresponding encrypted data of the data to be downloaded are added using first random number
It is close, encryption key data is obtained, and the encryption key data is sent to the client;
Receive the encryption key data;
The encryption key data is decrypted using first random number, obtains the cloud key and encrypted data;
It is corresponding according to the user password and the encryption data pre-saved after receiving the user password of user's transmission
Local cipher key decryption, obtain the local key;
According to the cloud key and the local key, the encryption data is decrypted, the data to be downloaded are obtained.
3. according to method of any of claims 1 or 2, which is characterized in that second algorithm includes Shamir privacy sharing algorithm.
4. benefit require 3 described in method, which is characterized in that it is described according to the cloud key and the local key, to described
The step of encryption data is decrypted, and the data to be downloaded are obtained, comprising:
According to second algorithm, the cloud key and the local key, it is corresponding basic to generate the data to be downloaded
Key;
The encryption data is decrypted using the basic key, obtains the data to be downloaded.
5. a kind of data encryption processing method, which is characterized in that the method is applied to cloud server, the cloud server
It is connect with client communication;The described method includes:
The encrypted data that the client is sent is received, the encrypted data is stored in the cloud data pre-established
Library;The encrypted data generates basic key according to preset first algorithm by the client, using the basic key
It treats the encryption data encryption in data encryption request and generates;The data encryption request is sent to the client by user
End;
The cloud encryption key that the client is sent is received, and the cloud encryption key is stored in the cloud data
Library;The cloud encryption key is by the client according to the biological information of the user pre-saved to the cloud
Key is encrypted and is generated;The cloud key is given birth to by the client according to preset second algorithm and the basic key
At.
6. according to the method described in claim 5, it is characterized in that, the method also includes:
Receive the first encrypted random number and data download request that the client is sent;First encrypted random number is by client
After end judge that the data download request is legal, the first random number is generated, and the cloud public key that pre-saves of use is to described the
One random number encryption and generate;The data download request is sent to the client by the user;The data downloading is asked
Ask biological information including the user and data to be downloaded in the storage location of the cloud server;
According to the data download request, the corresponding cloud encryption key of the data to be downloaded is decrypted, cloud is obtained
Key;
First encrypted random number is decrypted using the corresponding private key of the cloud public key pre-saved, obtains described first
Random number;
The cloud key and the corresponding encrypted data of the data to be downloaded are encrypted using first random number, obtained
Encryption key data;
The encryption key data is sent to the client, so that the client is using first random number to described
Encryption key data decryption, obtains the cloud key and encrypted data;After receiving the user password of user's transmission, root
According to the user password and the corresponding local cipher key decryption of the encryption data pre-saved, local key is obtained;Root
According to the cloud key and the local key, the encryption data is decrypted, the data to be downloaded are obtained.
7. according to the method described in claim 6, it is characterized in that, described according to the data download request, to described under
Carry the step of corresponding cloud encryption key of data is decrypted, obtains the cloud key, comprising:
According to the storage location, the corresponding cloud encryption key of the data to be downloaded is searched in the cloud database;
Using the biometric identification to the cloud encryption key decryption, the cloud key is obtained.
8. a kind of data encryption processing unit, which is characterized in that described device is set to client, and the client and cloud take
Business device communication connection;Described device includes:
CIPHERING REQUEST receiving module, for receiving the data encryption request of user's transmission;The data encryption request includes to be added
Ciphertext data;
Basic key generation module, for generating basic key according to preset first algorithm;
Data encryption module generates encrypted data, by institute for encrypting using the basic key to the be-encrypted data
It states encrypted data and is sent to the cloud server, so that the encrypted data is stored in advance by the cloud server
The cloud database of foundation;
Sub-key generation module, for generating the sub-key of setting quantity according to preset second algorithm and the basic key;
The sub-key includes at least one local key and a cloud key;
Local cipher key encryption block is used to encrypt the local key according to pre-set user password, generate local add
Key, and save the local cipher key;
Cloud cipher key encryption block, for the biological information according to the user pre-saved, to the cloud key
Encryption generates cloud encryption key;
Cloud key sending module, for the cloud key to be sent to the cloud server, so that the cloud service
The cloud encryption key is stored in the cloud database by device.
9. a kind of data encryption processing unit, which is characterized in that described device is set to cloud server, the cloud server
It is connect with client communication;Described device includes:
Encrypted data memory module, the encrypted data sent for receiving the client, the encrypted data is deposited
Storage is in the cloud database pre-established;The encrypted data is generated by the client according to preset first algorithm basic
Key is treated the encryption data encryption in data encryption request using the basic key and is generated;The data encryption request
The client is sent to by user;
Cloud encryption key preserving module, for the cloud encryption key to be stored in the cloud database;The cloud
Encryption key the cloud key is encrypted according to the biological information of the user pre-saved by the client and
It generates;The cloud key is generated by the client according to preset second algorithm and the basic key.
10. a kind of data encryption processing system, which is characterized in that including client and cloud server;It is according to any one of claims 8
Device is set to the client;Device as claimed in claim 9 is set to the cloud server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811567130.8A CN109462608A (en) | 2018-12-19 | 2018-12-19 | Data encryption processing method, apparatus and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811567130.8A CN109462608A (en) | 2018-12-19 | 2018-12-19 | Data encryption processing method, apparatus and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109462608A true CN109462608A (en) | 2019-03-12 |
Family
ID=65614091
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811567130.8A Pending CN109462608A (en) | 2018-12-19 | 2018-12-19 | Data encryption processing method, apparatus and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109462608A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110400223A (en) * | 2019-07-26 | 2019-11-01 | 中国工商银行股份有限公司 | Interactive log based on block chain encrypts, transfers, Anti-theft method, apparatus |
| CN110516460A (en) * | 2019-08-29 | 2019-11-29 | 重庆市筑智建信息技术有限公司 | Encryption security method and system for BIM data |
| CN111709027A (en) * | 2020-06-22 | 2020-09-25 | 湖南大学 | Data storage safety management method |
| CN111756741A (en) * | 2020-06-24 | 2020-10-09 | 安徽听见科技有限公司 | Data transmission method, device, equipment and storage medium |
| CN113517981A (en) * | 2021-04-28 | 2021-10-19 | 河南中烟工业有限责任公司 | Key management method, code version management method and device |
| CN113765927A (en) * | 2021-09-09 | 2021-12-07 | 图易(常熟)信息技术有限公司 | Method and system for encrypting network copyright of cloud uploaded content |
| WO2022078073A1 (en) * | 2020-10-12 | 2022-04-21 | Kyndryl, Inc. | Ultrasound split key transmission for enhanced security |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101083556A (en) * | 2007-07-02 | 2007-12-05 | 蔡水平 | Region based layered wireless information publishing, searching and communicating application system |
| CN101631305A (en) * | 2009-07-28 | 2010-01-20 | 交通银行股份有限公司 | Encryption method and system |
| CN103780609A (en) * | 2014-01-14 | 2014-05-07 | 北京淦蓝润和信息技术有限公司 | Cloud data processing method and device and cloud data security gateway |
| CN103812927A (en) * | 2012-11-14 | 2014-05-21 | 书生云服务公司 | Storage method |
| CN105227566A (en) * | 2015-10-16 | 2016-01-06 | 中国联合网络通信集团有限公司 | Cipher key processing method, key handling device and key handling system |
-
2018
- 2018-12-19 CN CN201811567130.8A patent/CN109462608A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101083556A (en) * | 2007-07-02 | 2007-12-05 | 蔡水平 | Region based layered wireless information publishing, searching and communicating application system |
| CN101631305A (en) * | 2009-07-28 | 2010-01-20 | 交通银行股份有限公司 | Encryption method and system |
| CN103812927A (en) * | 2012-11-14 | 2014-05-21 | 书生云服务公司 | Storage method |
| CN103780609A (en) * | 2014-01-14 | 2014-05-07 | 北京淦蓝润和信息技术有限公司 | Cloud data processing method and device and cloud data security gateway |
| CN105227566A (en) * | 2015-10-16 | 2016-01-06 | 中国联合网络通信集团有限公司 | Cipher key processing method, key handling device and key handling system |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110400223A (en) * | 2019-07-26 | 2019-11-01 | 中国工商银行股份有限公司 | Interactive log based on block chain encrypts, transfers, Anti-theft method, apparatus |
| CN110516460A (en) * | 2019-08-29 | 2019-11-29 | 重庆市筑智建信息技术有限公司 | Encryption security method and system for BIM data |
| CN110516460B (en) * | 2019-08-29 | 2021-05-14 | 重庆市筑智建信息技术有限公司 | Encryption security method and system for BIM data |
| CN111709027A (en) * | 2020-06-22 | 2020-09-25 | 湖南大学 | Data storage safety management method |
| CN111756741A (en) * | 2020-06-24 | 2020-10-09 | 安徽听见科技有限公司 | Data transmission method, device, equipment and storage medium |
| WO2022078073A1 (en) * | 2020-10-12 | 2022-04-21 | Kyndryl, Inc. | Ultrasound split key transmission for enhanced security |
| GB2611694A (en) * | 2020-10-12 | 2023-04-12 | Kyndryl Inc | Ultrasound split key transmission for enhanced security |
| CN113517981A (en) * | 2021-04-28 | 2021-10-19 | 河南中烟工业有限责任公司 | Key management method, code version management method and device |
| CN113517981B (en) * | 2021-04-28 | 2023-05-23 | 河南中烟工业有限责任公司 | Key management method, code version management method and device |
| CN113765927A (en) * | 2021-09-09 | 2021-12-07 | 图易(常熟)信息技术有限公司 | Method and system for encrypting network copyright of cloud uploaded content |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109462608A (en) | Data encryption processing method, apparatus and system | |
| CN109495274B (en) | Decentralized intelligent lock electronic key distribution method and system | |
| CN104486315B (en) | A kind of revocable key outsourcing decryption method based on contents attribute | |
| CN1939028B (en) | Accessing protected data on network storage from multiple devices | |
| CN109951513B (en) | Quantum-resistant computing smart home quantum cloud storage method and system based on quantum key card | |
| CN103124269A (en) | Bidirectional identity authentication method based on dynamic password and biologic features under cloud environment | |
| CN103957109A (en) | Cloud data privacy protection security re-encryption method | |
| CN108989325A (en) | Encryption communication method, apparatus and system | |
| CN103067160A (en) | Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD) | |
| CN101640590A (en) | Method for obtaining a secret key for identifying cryptographic algorithm and cryptographic center thereof | |
| CN107094138B (en) | A kind of smart home safe communication system and communication means | |
| CN109194474A (en) | A kind of data transmission method and device | |
| CN107465665A (en) | A kind of file encryption-decryption method based on fingerprint identification technology | |
| CN114036539A (en) | Safety auditable Internet of things data sharing system and method based on block chain | |
| CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
| CN110224816A (en) | Anti- quantum calculation application system and short distance energy-saving communication method and computer equipment based on key card and sequence number | |
| CN108400862A (en) | A kind of intelligent power trusted end-user data fusion encryption method | |
| CN103354637B (en) | A kind of internet-of-things terminal M2M communication encrypting method | |
| Almuzaini et al. | Key aggregation cryptosystem and double encryption method for cloud-based intelligent machine learning techniques-based health monitoring systems | |
| CN114697042A (en) | Block chain-based Internet of things security data sharing proxy re-encryption method | |
| CN102752112A (en) | Authority control method and device based on signed message 1 (SM1)/SM2 algorithm | |
| CN111245609B (en) | Secret sharing and random number based quantum secret communication key distribution and negotiation system and method thereof | |
| CN114079921B (en) | Session key generation method, anchor point function network element and system | |
| CN107104792B (en) | Portable mobile password management system and management method thereof | |
| CN109949457B (en) | Intelligent door lock control method and related device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190312 |