CN110012004B - A data leakage prevention method based on data temporary storage technology - Google Patents

A data leakage prevention method based on data temporary storage technology Download PDF

Info

Publication number
CN110012004B
CN110012004B CN201910253632.1A CN201910253632A CN110012004B CN 110012004 B CN110012004 B CN 110012004B CN 201910253632 A CN201910253632 A CN 201910253632A CN 110012004 B CN110012004 B CN 110012004B
Authority
CN
China
Prior art keywords
temporary storage
data
encrypted ciphertext
pointer
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910253632.1A
Other languages
Chinese (zh)
Other versions
CN110012004A (en
Inventor
王龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Huidawei Information Technology Co ltd
Original Assignee
Nanjing Huidawei Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Huidawei Information Technology Co Ltd filed Critical Nanjing Huidawei Information Technology Co Ltd
Publication of CN110012004A publication Critical patent/CN110012004A/en
Application granted granted Critical
Publication of CN110012004B publication Critical patent/CN110012004B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a data leakage prevention method based on a data temporary storage technology, which is provided with a local area network formed by connecting a plurality of terminals, wherein the local area network is provided with a central server, the central server is connected with each terminal in the local area network, each terminal is provided with a storage module for storing data, and the storage module is formed by a plurality of storage intervals and specifically comprises the following steps: a data processing step; a data configuration step; and a step of refreshing temporary storage, wherein a terminal where the first encrypted ciphertext is located is taken as a relay terminal, and the step of refreshing temporary storage comprises a first temporary storage step, a pointer encryption step, a second temporary storage step and an address encryption step. Through the arrangement, the concept of data sharing storage is established in the local area network, and the safety of data is ensured through a time-varying and jumping storage mode.

Description

一种基于数据暂存技术的数据防泄漏方法A data leakage prevention method based on data temporary storage technology

技术领域technical field

本发明涉及数据存储方法,更具体地说,涉及一种基于数据暂存技术的数据防泄漏方法。The present invention relates to a data storage method, and more particularly, to a data leakage prevention method based on data temporary storage technology.

背景技术Background technique

数据(Data)是对事实、概念或指令的一种表达形式,可由人工或自动化装置进行处理。数据经过解释并赋予一定的意义之后,便成为信息。数据处理(data processing)是对数据的采集、存储、检索、加工、变换和传输。Data is an expression of facts, concepts or instructions that can be processed by human or automated means. When data is interpreted and given meaning, it becomes information. Data processing is the collection, storage, retrieval, processing, transformation and transmission of data.

数据处理的基本目的是从大量的、可能是杂乱无章的、难以理解的数据中抽取并推导出对于某些特定的人们来说是有价值、有意义的数据。The basic purpose of data processing is to extract and derive valuable and meaningful data for some specific people from a large amount of data that may be disorganized and difficult to understand.

数据处理是系统工程和自动控制的基本环节。数据处理贯穿于社会生产和社会生活的各个领域。数据处理技术的发展及其应用的广度和深度,极大地影响着人类社会发展的进程。Data processing is the basic link of system engineering and automatic control. Data processing runs through all fields of social production and social life. The development of data processing technology and the breadth and depth of its application greatly affect the development of human society.

而实际使用的过程中,由于数据的存储在一个终端,而针对终端进行数据窃取的方式较多,所以只要终端被入侵,那么非常容易造成数据的泄漏,而在数据链路层实现数据窃取的实例较多,一旦数据失窃,会对用户造成巨大的损失。In the process of actual use, since the data is stored in a terminal, there are many ways to steal data from the terminal, so as long as the terminal is invaded, it is very easy to cause data leakage, and the data theft is realized at the data link layer. There are many instances, and once data is stolen, it will cause huge losses to users.

发明内容SUMMARY OF THE INVENTION

有鉴于此,本发明目的是提供一种基于数据暂存技术的数据防泄漏方法,以解决上述问题。In view of this, the purpose of the present invention is to provide a data leakage prevention method based on data temporary storage technology to solve the above problems.

为了解决上述技术问题,本发明的技术方案是:一种基于数据暂存技术的数据防泄漏方法,提供有由若干终端连接组成的局域网络,所述局域网络配置有一中心服务器,所述中心服务器连接所述局域网络内的每一终端,每一所述终端配置有存储模块用于存储数据,所述存储模块由若干存储区间组成,具体包括以下步骤:In order to solve the above technical problems, the technical solution of the present invention is: a data leakage prevention method based on data temporary storage technology, which provides a local area network composed of a plurality of terminal connections, the local area network is configured with a central server, and the central server Each terminal in the local area network is connected, and each terminal is configured with a storage module for storing data, the storage module is composed of several storage sections, and specifically includes the following steps:

数据处理步骤,以待处理数据所在的终端为初始终端,通过第一加密算法加密带处理数据以生成第一加密密文以及该第一加密密文对应的第一密钥,进入数据配置步骤;In the data processing step, taking the terminal where the data to be processed is located as the initial terminal, encrypting the data with the first encryption algorithm to generate the first encrypted ciphertext and the first key corresponding to the first encrypted ciphertext, and entering the data configuration step;

数据配置步骤,为所述第一加密密文配置第一刷新时间以及第二刷新时间,进入刷新暂存步骤;The data configuration step is to configure a first refresh time and a second refresh time for the first encrypted ciphertext, and enter the refresh temporary storage step;

刷新暂存步骤,以所述第一加密密文所在的终端为中继终端,包括第一暂存步骤、指针加密步骤、第二暂存步骤以及地址加密步骤;Refreshing the temporary storage step, taking the terminal where the first encrypted ciphertext is located as the relay terminal, including a first temporary storage step, a pointer encryption step, a second temporary storage step and an address encryption step;

第一暂存步骤,配置有第一累计时间,当第一累计时间到达第一刷新时间时,在中继终端的所述存储模块随机生成一空的存储区间以存储所述第一加密密文,并获得该存储区间的存储指针信息,所述存储指针信息指向所述存储空间,重置所述第一累计时间,进入指针加密步骤;The first temporary storage step is configured with a first accumulated time, and when the first accumulated time reaches the first refresh time, an empty storage interval is randomly generated in the storage module of the relay terminal to store the first encrypted ciphertext, And obtain the storage pointer information of the storage interval, the storage pointer information points to the storage space, reset the first accumulated time, and enter the pointer encryption step;

指针加密步骤,通过第二加密算法加密所述存储指针信息以生成指针密文信息以及对应的指针密钥,保存所述指针密钥,将所述指针密文信息发送至中心服务器;a pointer encryption step, encrypting the stored pointer information by a second encryption algorithm to generate pointer ciphertext information and a corresponding pointer key, save the pointer key, and send the pointer ciphertext information to the central server;

第二暂存步骤,配置第二累计时间,当第二累计时间达到第二刷新时间时,根据中继终端的所在的路由表随机生成一目的地址,将所述第一加密密文发送至该目的地址所在的终端,并重置所述第二累计时间,进入地址加密步骤;In the second temporary storage step, a second accumulated time is configured, and when the second accumulated time reaches the second refresh time, a destination address is randomly generated according to the routing table where the relay terminal is located, and the first encrypted ciphertext is sent to the the terminal where the destination address is located, and reset the second accumulated time, and enter the address encryption step;

地址加密步骤,通过第三加密算法加密所述目的地址以生成地址密文信息以及对应的地址密钥,将所述地址密文信息发送至对应的中继终端,将地址密钥发送至对应的初始终端。In the address encryption step, the destination address is encrypted by a third encryption algorithm to generate address ciphertext information and a corresponding address key, the address ciphertext information is sent to the corresponding relay terminal, and the address key is sent to the corresponding address key. initial terminal.

进一步地:所述指针加密步骤中,当所述中心服务器从同一中继终端接收到一新的指针密文信息时,删除该中继终端原有的指针密文信息。Further: in the pointer encryption step, when the central server receives a new pointer ciphertext information from the same relay terminal, the original pointer ciphertext information of the relay terminal is deleted.

进一步地:所述指针加密步骤中,当所述中继终端生成一新的指针密钥时,删除该中继终端原有的指针密钥。Further: in the pointer encryption step, when the relay terminal generates a new pointer key, the original pointer key of the relay terminal is deleted.

进一步地:所述第二刷新时间的时长为第一刷新时间的时长的5-20倍。Further: the duration of the second refresh time is 5-20 times the duration of the first refresh time.

进一步地:所述地址加密步骤还配置有基准迁移次数,对应一第一加密密文设置有实际迁移次数,每当执行一次所述地址加密步骤所述实际迁移次数增加一个单位,当所述实际迁移次数超过所述基准迁移次数时,将所述地址密文信息发送至发送至对应的初始终端。Further: the address encryption step is also configured with a reference number of migrations, and corresponding to a first encrypted ciphertext, an actual number of migrations is set, and the actual number of migrations increases by one unit each time the address encryption step is performed, and when the actual number of migrations is performed once When the number of migrations exceeds the reference number of migrations, the address ciphertext information is sent to the corresponding initial terminal.

进一步地:所述基准迁移次数设置为10次。Further: the number of times of the reference migration is set to 10 times.

进一步地:所述第一暂存步骤还包括,当所述第一加密密文被存入所述存储区间前,通过第一暂存加密算法加密所述第一加密密文以获得第一暂存加密密文;当所述第一暂存加密密文从所述存储区间被取出前,通过第一暂存解密算法解密所述第一暂存加密密文以获得第一加密密文。Further: the first temporary storage step further includes, before the first encrypted ciphertext is stored in the storage area, encrypting the first encrypted ciphertext by a first temporary storage encryption algorithm to obtain a first temporary storage Store the encrypted ciphertext; before the first temporarily stored encrypted ciphertext is taken out from the storage area, decrypt the first temporarily stored encrypted ciphertext through the first temporarily stored decryption algorithm to obtain the first encrypted ciphertext.

进一步地:所述第一暂存加密密文的数据格式与其对应的第一加密密文的数据格式相同。Further: the data format of the first temporarily stored encrypted ciphertext is the same as the data format of the corresponding first encrypted ciphertext.

进一步地:所述第二暂存步骤还包括,当一中继终端接收所述第一加密密文时,通过第二暂存加密算法加密所述第一加密密文以获得第二暂存加密密文;当一中继终端发送所述第二暂存加密密文时,通过第二暂存解密算法解密所述第二暂存加密密文以获得第一加密密文。Further: the second temporary storage step further includes, when a relay terminal receives the first encrypted ciphertext, encrypting the first encrypted ciphertext through a second temporary storage encryption algorithm to obtain a second temporary storage encryption Ciphertext; when a relay terminal sends the second temporarily stored encrypted ciphertext, the second temporarily stored encrypted ciphertext is decrypted by a second temporarily stored decryption algorithm to obtain the first encrypted ciphertext.

进一步地:所述的第二暂存加密密文与所述第一加密密文的数据格式相同。Further: the data format of the second temporarily stored encrypted ciphertext is the same as that of the first encrypted ciphertext.

本发明技术效果主要体现在以下方面:通过这样设置,在局域网内建立数据共享存储的概念,通过时变和跳动的存储方式,而保证了数据的安全性。The technical effect of the present invention is mainly reflected in the following aspects: by setting in this way, the concept of data sharing storage is established in the local area network, and the data security is ensured through the time-varying and beating storage mode.

附图说明Description of drawings

图1:本发明的基于数据暂存技术的数据防泄漏方法的步骤逻辑图;Fig. 1: the step logic diagram of the data leakage prevention method based on the data temporary storage technology of the present invention;

图2:本发明的基于数据暂存技术的数据防泄漏方法的系统架构原理图;Fig. 2: The schematic diagram of the system architecture of the data leakage prevention method based on the data temporary storage technology of the present invention;

图3:本发明的基于数据暂存技术的数据防泄漏方法的刷新暂存步骤逻辑图;Fig. 3: The logic diagram of the refresh temporary storage step of the data leakage prevention method based on the data temporary storage technology of the present invention;

附图标记:1、初始终端;2、中继终端;3、中心服务器;10、存储模块;110、存储区间;a1、数据处理步骤;a2、数据配置步骤;a3、刷新暂存步骤;a31、第一暂存步骤;a32、指针加密步骤;a33、第二暂存步骤;a34、地址加密步骤。Reference numerals: 1, initial terminal; 2, relay terminal; 3, central server; 10, storage module; 110, storage section; a1, data processing step; a2, data configuration step; a3, refresh temporary storage step; a31 , the first temporary storage step; a32, the pointer encryption step; a33, the second temporary storage step; a34, the address encryption step.

具体实施方式Detailed ways

以下结合附图,对本发明的具体实施方式作进一步详述,以使本发明技术方案更易于理解和掌握。The specific embodiments of the present invention will be described in further detail below in conjunction with the accompanying drawings, so as to make the technical solutions of the present invention easier to understand and grasp.

参照图1所示,一种基于数据暂存技术的数据防泄漏方法,提供有由若干终端连接组成的局域网络,所述局域网络配置有一中心服务器3,所述中心服务器3连接所述局域网络内的每一终端,每一所述终端配置有存储模块10用于存储数据,所述存储模块10由若干存储区间110组成,首先本发明用于局域网内的数据存储,而数据存储包括两个位置,一个是数据位于的终端的位置,另一个是数据位于哪一存储区间110的位置,而需要说明的是,首先需要从终端中划分出一个独立的存储模块10,而将存储模块10划分为若干个存储区间110,存储区间110大小相同,而同样的需要保证每个待加密数据的大小小于存储空间的容量。具体包括以下步骤:Referring to FIG. 1, a data leakage prevention method based on data temporary storage technology is provided with a local area network composed of several terminals connected, the local area network is configured with a central server 3, and the central server 3 is connected to the local area network. Each terminal in the terminal is equipped with a storage module 10 for storing data, and the storage module 10 is composed of several storage sections 110. First, the present invention is used for data storage in a local area network, and the data storage includes two. location, one is the location of the terminal where the data is located, and the other is the location of the storage section 110 where the data is located. It should be noted that, first, an independent storage module 10 needs to be divided from the terminal, and the storage module 10 needs to be divided into There are several storage areas 110, and the storage areas 110 have the same size, and it is also necessary to ensure that the size of each data to be encrypted is smaller than the capacity of the storage space. Specifically include the following steps:

数据处理步骤a1,以待处理数据所在的终端为初始终端1,通过第一加密算法加密带处理数据以生成第一加密密文以及该第一加密密文对应的第一密钥,进入数据配置步骤a2;首先是对数据进行处理,就可以得到加密后的数据,而第一加密密文仅可以通过初始终端1才能解密,也就是说,无论第一加密密文被发送到什么位置,其使用权还是属于初始终端1,这样就可以防止数据泄露。In the data processing step a1, the terminal where the data to be processed is located is the initial terminal 1, and the data is encrypted with the first encryption algorithm to generate the first encrypted ciphertext and the first key corresponding to the first encrypted ciphertext, and enter the data configuration. Step a2: First, the data is processed to obtain the encrypted data, and the first encrypted ciphertext can only be decrypted by the initial terminal 1, that is, no matter where the first encrypted ciphertext is sent, its The right to use still belongs to the initial terminal 1, so that data leakage can be prevented.

数据配置步骤a2,为所述第一加密密文配置第一刷新时间以及第二刷新时间,进入刷新暂存步骤a3;而后对应每一个第一加密密文配置第一刷新时间和第二刷新时间,所述第二刷新时间的时长为第一刷新时间的时长的5-20倍。Data configuration step a2, configure the first refresh time and the second refresh time for the first encrypted ciphertext, and enter the refresh temporary storage step a3; then configure the first refresh time and the second refresh time corresponding to each first encrypted ciphertext , the duration of the second refresh time is 5-20 times the duration of the first refresh time.

刷新暂存步骤a3,以所述第一加密密文所在的终端为中继终端2,包括第一暂存步骤a31、指针加密步骤a32、第二暂存步骤a33以及地址加密步骤a34;作为本发明的核心步骤,进行详述,对应一个加密密文而言,定义其所在的终端为中继终端2,例如此时中继终端2B接收到该加密密文。需要说明的是,刷新暂存步骤a3对应一个第一加密密文而言是不断重复进行执行,根据时间实际的时间进行触发,而不是根据步骤顺序触发。Refreshing the temporary storage step a3, taking the terminal where the first encrypted ciphertext is located as the relay terminal 2, including the first temporary storage step a31, the pointer encryption step a32, the second temporary storage step a33 and the address encryption step a34; The core steps of the invention will be described in detail. For an encrypted ciphertext, the terminal where it is located is defined as the relay terminal 2. For example, the relay terminal 2B receives the encrypted ciphertext at this time. It should be noted that the step a3 of refreshing the temporary storage is continuously repeated for a first encrypted ciphertext, and is triggered according to the actual time of the time, not according to the sequence of steps.

第一暂存步骤a31,配置有第一累计时间,当第一累计时间到达第一刷新时间时,在中继终端2的所述存储模块10随机生成一空的存储区间110以存储所述第一加密密文,并获得该存储区间110的存储指针信息,所述存储指针信息指向所述存储空间,重置所述第一累计时间,进入指针加密步骤a32;累计时间根据实际时间获得,可以以中继终端2接收到第一加密密文为初始时间,而例如第一刷新时间设置为60秒,也就是说,每隔60秒则为第一加密密文换一个存储空间,在另一个实施例中,当所述第一加密密文被存入所述存储区间110前,通过第一暂存加密算法加密所述第一加密密文以获得第一暂存加密密文;当所述第一暂存加密密文从所述存储区间110被取出前,通过第一暂存解密算法解密所述第一暂存加密密文以获得第一加密密文。也就是每次存入和取出分别进行一次加密和解密步骤,提高数据安全性,而存储指针信息是唯一可以获取到存储区间110的位置的信息,所以只要初始终端1获取到中继终端2的地址以及获取到存储指针信息的位置就可以获得第一加密密文,从而进行使用。所述第一暂存加密密文的数据格式与其对应的第一加密密文的数据格式相同。The first temporary storage step a31 is configured with a first accumulated time, and when the first accumulated time reaches the first refresh time, an empty storage section 110 is randomly generated in the storage module 10 of the relay terminal 2 to store the first Encrypt the ciphertext, and obtain the storage pointer information of the storage area 110, the storage pointer information points to the storage space, reset the first accumulated time, and enter the pointer encryption step a32; the accumulated time is obtained according to the actual time, which can be It is the initial time when the relay terminal 2 receives the first encrypted ciphertext, and for example, the first refresh time is set to 60 seconds, that is to say, every 60 seconds, a storage space is changed for the first encrypted ciphertext, and in another implementation In the example, before the first encrypted ciphertext is stored in the storage area 110, the first encrypted ciphertext is encrypted by the first temporarily stored encryption algorithm to obtain the first temporarily stored encrypted ciphertext; Before a temporarily stored encrypted ciphertext is retrieved from the storage area 110 , the first temporarily stored encrypted ciphertext is decrypted by a first temporarily stored decryption algorithm to obtain the first encrypted ciphertext. That is to say, encryption and decryption steps are performed once for each deposit and withdrawal to improve data security, and the storage pointer information is the only information that can obtain the location of the storage area 110, so as long as the initial terminal 1 obtains the information of the relay terminal 2. The first encrypted ciphertext can be obtained by obtaining the address and the location where the pointer information is stored, so as to be used. The data format of the first temporarily stored encrypted ciphertext is the same as the data format of the corresponding first encrypted ciphertext.

指针加密步骤a32,通过第二加密算法加密所述存储指针信息以生成指针密文信息以及对应的指针密钥,保存所述指针密钥,将所述指针密文信息发送至中心服务器3;而指针加密步骤a32是通过第二加密算法对存储指针信息进行加密,这样一来,这个位置信息需要通过指针密钥才能进行获取。而所以如果初始终端1需要获取存储指针信息,就需要得到指针密文信息以及对应的指针密钥,而指针密文信息在中心服务器3进行统一管理,每一中继终端2不保留指针密文信息,而指针密钥则在对应的中继终端2保存,这样一来,初始终端1需要发送请求到中心服务器3,中心服务器3接收请求后找到对应的中继终端2,获取对应的指针密钥,获得存储指针信息,这样初始终端1才能完成第一加密密文的获取,更加安全可靠。所述指针加密步骤a32中,当所述中心服务器3从同一中继终端2接收到一新的指针密文信息时,删除该中继终端2原有的指针密文信息。所述指针加密步骤a32中,当所述中继终端2生成一新的指针密钥时,删除该中继终端2原有的指针密钥。In the pointer encryption step a32, the stored pointer information is encrypted by the second encryption algorithm to generate pointer ciphertext information and a corresponding pointer key, save the pointer key, and send the pointer ciphertext information to the central server 3; and The pointer encryption step a32 is to encrypt the stored pointer information through the second encryption algorithm, so that the location information needs to be obtained through the pointer key. Therefore, if the initial terminal 1 needs to obtain the stored pointer information, it needs to obtain the pointer ciphertext information and the corresponding pointer key, and the pointer ciphertext information is uniformly managed in the central server 3, and each relay terminal 2 does not retain the pointer ciphertext. information, and the pointer key is stored in the corresponding relay terminal 2. In this way, the initial terminal 1 needs to send a request to the central server 3. After receiving the request, the central server 3 finds the corresponding relay terminal 2 and obtains the corresponding pointer key. key to obtain the storage pointer information, so that the initial terminal 1 can complete the acquisition of the first encrypted ciphertext, which is more secure and reliable. In the pointer encryption step a32, when the central server 3 receives a new pointer ciphertext information from the same relay terminal 2, the original pointer ciphertext information of the relay terminal 2 is deleted. In the pointer encryption step a32, when the relay terminal 2 generates a new pointer key, the original pointer key of the relay terminal 2 is deleted.

第二暂存步骤a33,配置第二累计时间,当第二累计时间达到第二刷新时间时,根据中继终端2的所在的路由表随机生成一目的地址,将所述第一加密密文发送至该目的地址所在的终端,并重置所述第二累计时间,进入地址加密步骤a34;而这个步骤是为了将数据发出,所以通过配置第二累计时间,第二累计时间根据实际时间累计,例如设置为5分钟,当时间达到5分钟时,就可以发送到下一终端,而目的地址是根据该中继终端2路由表随机生成,不具有规律性,无法追踪。所述第二暂存步骤a33还包括,当一中继终端2接收所述第一加密密文时,通过第二暂存加密算法加密所述第一加密密文以获得第二暂存加密密文;当一中继终端2发送所述第二暂存加密密文时,通过第二暂存解密算法解密所述第二暂存加密密文以获得第一加密密文。所述的第二暂存加密密文与所述第一加密密文的数据格式相同。这样一来,提高可靠性和安全性。The second temporary storage step a33 is to configure the second accumulated time, when the second accumulated time reaches the second refresh time, randomly generate a destination address according to the routing table where the relay terminal 2 is located, and send the first encrypted ciphertext to the terminal where the destination address is located, and reset the second accumulated time, and enter the address encryption step a34; and this step is to send the data, so by configuring the second accumulated time, the second accumulated time is accumulated according to the actual time, For example, set it to 5 minutes. When the time reaches 5 minutes, it can be sent to the next terminal, and the destination address is randomly generated according to the routing table of the relay terminal 2, which is not regular and cannot be traced. The second temporary storage step a33 further includes, when a relay terminal 2 receives the first encrypted ciphertext, encrypting the first encrypted ciphertext through a second temporary storage encryption algorithm to obtain a second temporary storage encrypted password. When a relay terminal 2 sends the second temporarily stored encrypted ciphertext, the second temporarily stored encrypted ciphertext is decrypted by the second temporarily stored encrypted ciphertext to obtain the first encrypted ciphertext. The data format of the second temporarily stored encrypted ciphertext is the same as that of the first encrypted ciphertext. In this way, reliability and security are improved.

地址加密步骤a34,通过第三加密算法加密所述目的地址以生成地址密文信息以及对应的地址密钥,将所述地址密文信息发送至对应的中继终端2,将地址密钥发送至对应的初始终端1。地址加密步骤a34的设置,目的是为了加密地址,而地址密钥是发送到初始终端1的,地址密文信息发送到对应的中继终端2,也就是说,对应一个数据X,经过A-B-C-D-E终端,初始终端1A仅具有B的地址密文信息,但是初始终端1具有所有的地址密钥,所以就可以获得B的地址,而B具有C的地址密文信息,而根据B反馈得到C的地址,从而依次直至得到该第一加密数据的位置,向中心服务器3发送请求并获得对应的指针存储信息,以获得对应的第一加密数据。在另一个实施例中,所述地址加密步骤a34还配置有基准迁移次数,对应一第一加密密文设置有实际迁移次数,每当执行一次所述地址加密步骤a34所述实际迁移次数增加一个单位,当所述实际迁移次数超过所述基准迁移次数时,将所述地址密文信息发送至发送至对应的初始终端1。而需要说明的是,如果不断重复进行数据发送,那长时间形成的数据发送距离增加,而调用数据效率降低,所以配置一个次数值,例如所述基准迁移次数设置为10次。而当10次发送以后,初始终端1就可以得到目前的位置,也就是说以前的地址密钥以及地址密文信息就无效了,减少数据量。Address encryption step a34: Encrypt the destination address with a third encryption algorithm to generate address ciphertext information and a corresponding address key, send the address ciphertext information to the corresponding relay terminal 2, and send the address key to The corresponding initial terminal 1. The purpose of the address encryption step a34 is to encrypt the address, and the address key is sent to the initial terminal 1, and the address ciphertext information is sent to the corresponding relay terminal 2, that is, corresponding to a data X, through the A-B-C-D-E terminal , the initial terminal 1A only has the address ciphertext information of B, but the initial terminal 1 has all the address keys, so the address of B can be obtained, and B has the address ciphertext information of C, and the address of C is obtained according to the feedback of B , so as to sequentially reach the position where the first encrypted data is obtained, send a request to the central server 3 and obtain the corresponding pointer storage information, so as to obtain the corresponding first encrypted data. In another embodiment, the address encryption step a34 is further configured with a reference number of migrations, and an actual number of migrations is set corresponding to a first encrypted ciphertext, and the actual number of migrations is increased by one each time the address encryption step a34 is performed. unit, when the actual number of migrations exceeds the reference number of migrations, the address ciphertext information is sent to the corresponding initial terminal 1. It should be noted that, if the data transmission is repeated continuously, the long-term data transmission distance increases, and the data invocation efficiency decreases. Therefore, a number of times is configured. For example, the reference number of migrations is set to 10 times. After 10 times of sending, the initial terminal 1 can obtain the current position, that is to say, the previous address key and address ciphertext information are invalid, reducing the amount of data.

当然,以上只是本发明的典型实例,除此之外,本发明还可以有其它多种具体实施方式,凡采用等同替换或等效变换形成的技术方案,均落在本发明要求保护的范围之内。Of course, the above are only typical examples of the present invention. In addition, the present invention can also have other various specific embodiments. All technical solutions formed by equivalent replacement or equivalent transformation fall within the scope of protection of the present invention. Inside.

Claims (10)

1. A data leakage prevention method based on a data temporary storage technology is characterized in that: the method comprises the following steps that a local area network formed by connecting a plurality of terminals is provided, the local area network is provided with a central server, the central server is connected with each terminal in the local area network, each terminal is provided with a storage module for storing data, and each storage module is formed by a plurality of storage intervals and specifically comprises the following steps:
a data processing step, namely encrypting the data to be processed by using a first encryption algorithm by taking a terminal where the data to be processed is located as an initial terminal to generate a first encrypted ciphertext and a first key corresponding to the first encrypted ciphertext, and entering a data configuration step;
a data configuration step, namely configuring first refreshing time and second refreshing time for the first encrypted ciphertext, and entering a refreshing temporary storage step;
a step of refreshing temporary storage, which takes a terminal where the first encrypted ciphertext is located as a relay terminal and comprises a first temporary storage step, a pointer encryption step, a second temporary storage step and an address encryption step;
a first temporary storage step, configured with a first accumulated time, when the first accumulated time reaches a first refresh time, randomly generating an empty storage interval in the storage module of the relay terminal to store the first encrypted ciphertext and obtaining storage pointer information of the storage interval, wherein the storage pointer information points to the storage interval, resetting the first accumulated time, and entering a pointer encryption step;
a pointer encryption step, namely encrypting the stored pointer information through a second encryption algorithm to generate pointer ciphertext information and a corresponding pointer key, storing the pointer key, and sending the pointer ciphertext information to a central server;
a second temporary storage step, namely configuring second accumulated time, randomly generating a destination address according to a routing table of the relay terminal when the second accumulated time reaches second refreshing time, sending the first encrypted ciphertext to the relay terminal corresponding to the destination address, resetting the second accumulated time, and entering an address encryption step;
and an address encryption step, namely encrypting the target address through a third encryption algorithm to generate address ciphertext information and a corresponding address key, sending the address ciphertext information to a relay terminal generating the target address, and sending the address key to a corresponding initial terminal.
2. A data leakage prevention method based on a data temporary storage technology as claimed in claim 1, characterized in that: in the pointer encryption step, when the central server receives a new pointer ciphertext message from the same relay terminal, the original pointer ciphertext message of the relay terminal is deleted.
3. A data leakage prevention method based on a data temporary storage technology as claimed in claim 2, characterized in that: in the pointer encryption step, when the relay terminal generates a new pointer key, the original pointer key of the relay terminal is deleted.
4. A data leakage prevention method based on a data temporary storage technology as claimed in claim 1, characterized in that: the duration of the second refreshing time is 5-20 times of the duration of the first refreshing time.
5. A data leakage prevention method based on a data temporary storage technology as claimed in claim 1, characterized in that: and the address encryption step is also configured with reference migration times, actual migration times are set corresponding to a first encrypted ciphertext, each time the actual migration times of the address encryption step are increased by one unit, and when the actual migration times exceed the reference migration times, the address ciphertext information is sent to the corresponding initial terminal.
6. A data leakage prevention method based on a data temporary storage technology as claimed in claim 5, characterized in that: the reference migration number is set to 10 times.
7. A data leakage prevention method based on a data temporary storage technology as claimed in claim 1, characterized in that: the first temporary storage step further comprises the step of encrypting the first encrypted ciphertext through a first temporary storage encryption algorithm to obtain a first temporary storage encrypted ciphertext before the first encrypted ciphertext is stored in the storage section; and before the first temporary storage encrypted ciphertext is taken out of the storage interval, decrypting the first temporary storage encrypted ciphertext through a first temporary storage decryption algorithm to obtain a first encrypted ciphertext.
8. A data leakage prevention method based on a data temporary storage technique according to claim 7, characterized in that: the data format of the first temporary storage encrypted ciphertext is the same as that of the corresponding first encrypted ciphertext.
9. A data leakage prevention method based on a data temporary storage technology as claimed in claim 1, characterized in that: the second temporary storage step further comprises the step of encrypting the first encrypted ciphertext through a second temporary storage encryption algorithm to obtain a second temporary storage encrypted ciphertext when a relay terminal receives the first encrypted ciphertext; and when a relay terminal sends the second temporary storage encrypted ciphertext, decrypting the second temporary storage encrypted ciphertext through a second temporary storage decryption algorithm to obtain a first encrypted ciphertext.
10. A data leakage prevention method based on a data temporary storage technique according to claim 9, characterized in that: the second temporary storage encrypted ciphertext has the same data format as the first encrypted ciphertext.
CN201910253632.1A 2018-10-12 2019-03-30 A data leakage prevention method based on data temporary storage technology Active CN110012004B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811191841X 2018-10-12
CN201811191841 2018-10-12

Publications (2)

Publication Number Publication Date
CN110012004A CN110012004A (en) 2019-07-12
CN110012004B true CN110012004B (en) 2020-08-18

Family

ID=67169105

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910253632.1A Active CN110012004B (en) 2018-10-12 2019-03-30 A data leakage prevention method based on data temporary storage technology

Country Status (1)

Country Link
CN (1) CN110012004B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103544217A (en) * 2013-09-26 2014-01-29 福建省闽保信息技术股份有限公司 Data storage system
CN105262843A (en) * 2015-11-12 2016-01-20 武汉理工大学 Data anti-leakage protection method for cloud storage environment
CN108446172A (en) * 2018-02-26 2018-08-24 平安普惠企业管理有限公司 Data transfer method, apparatus, computer equipment and storage medium
CN108596618A (en) * 2018-04-26 2018-09-28 众安信息技术服务有限公司 Data processing method, device and the computer readable storage medium of block catenary system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020097419A1 (en) * 2001-01-19 2002-07-25 Chang William Ho Information apparatus for universal data output
CN103152362B (en) * 2013-03-28 2015-09-16 胡祥义 Based on the large data files encrypted transmission method of cloud computing
CN104143355B (en) * 2013-05-09 2018-01-23 华为技术有限公司 A kind of method and apparatus of refreshed dram
CN106209373B (en) * 2015-04-30 2019-05-17 富泰华工业(深圳)有限公司 Key generation system, data stamped signature and encryption system and method
CN106409336B (en) * 2016-09-13 2019-10-11 天津大学 Non-volatile memory data secure erasing method based on random time
CN106682903B (en) * 2017-01-18 2017-11-28 齐宇庆 A kind of feedback validation method of bank paying Licensing Authority information

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103544217A (en) * 2013-09-26 2014-01-29 福建省闽保信息技术股份有限公司 Data storage system
CN105262843A (en) * 2015-11-12 2016-01-20 武汉理工大学 Data anti-leakage protection method for cloud storage environment
CN108446172A (en) * 2018-02-26 2018-08-24 平安普惠企业管理有限公司 Data transfer method, apparatus, computer equipment and storage medium
CN108596618A (en) * 2018-04-26 2018-09-28 众安信息技术服务有限公司 Data processing method, device and the computer readable storage medium of block catenary system

Also Published As

Publication number Publication date
CN110012004A (en) 2019-07-12

Similar Documents

Publication Publication Date Title
CN110300112B (en) Block chain key hierarchical management method
Gao et al. BSSPD: A Blockchain‐Based Security Sharing Scheme for Personal Data with Fine‐Grained Access Control
EP4002181A1 (en) A consensus method and framework for a blockchain system
CN106301774B (en) Security chip, encryption key generation method and encryption method thereof
CN105610837B (en) For identity authentication method and system between SCADA system main website and slave station
Lu et al. A Fine‐Grained IoT Data Access Control Scheme Combining Attribute‐Based Encryption and Blockchain
CN105007157B (en) Generating and managing multiple base keys based on device-generated keys
CN113067838B (en) Cross-chain interaction method and device
CN104660551B (en) A kind of database access device and method based on webservice
Bi et al. Internet of things assisted public security management platform for urban transportation using hybridised cryptographic‐integrated steganography
CN110688666B (en) Data encryption and preservation method in distributed storage
CN107359998A (en) A kind of foundation of portable intelligent password management system and operating method
WO2022022009A1 (en) Message processing method and apparatus, device, and storage medium
Xiong et al. A secure document self-destruction scheme: an ABE approach
CN107070896B (en) Safe and efficient block chain network customized login method and safe reinforcement system
Pujar et al. Survey on data integrity and verification for cloud storage
CN107733936A (en) A kind of encryption method of mobile data
GB2587541A (en) A consensus method and framework for a blockchain system
Li et al. A lightweight identity-based authentication protocol
CN110012004B (en) A data leakage prevention method based on data temporary storage technology
CN117828673B (en) Data circulation and privacy protection method and device based on blockchain
Chiang et al. A quantum assisted secure client-centric polyvalent blockchain architecture for smart cities
CN118764196A (en) Multi-party broadcast encryption method, device and equipment based on MPT tree
CN109120621B (en) Data processor
CN118694538A (en) Symmetric identity authentication method, device, equipment and medium for local communication in distribution network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20200723

Address after: Room 651, 128 Lushan Road, Jianye District, Nanjing City, Jiangsu Province

Applicant after: Nanjing huidawei Information Technology Co.,Ltd.

Address before: The large village of Qinglong Town Yuxi City, Yunnan province 652803 Huaning County will White Village No. 73

Applicant before: Wang Long

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: A data leakage prevention method based on data staging technology

Granted publication date: 20200818

Pledgee: China Construction Bank Corporation Nanjing Jianye sub branch

Pledgor: Nanjing huidawei Information Technology Co.,Ltd.

Registration number: Y2026980007550