CN110399732B - Information embedding and data security processing method, device and equipment - Google Patents
Information embedding and data security processing method, device and equipment Download PDFInfo
- Publication number
- CN110399732B CN110399732B CN201810374727.4A CN201810374727A CN110399732B CN 110399732 B CN110399732 B CN 110399732B CN 201810374727 A CN201810374727 A CN 201810374727A CN 110399732 B CN110399732 B CN 110399732B
- Authority
- CN
- China
- Prior art keywords
- carrier object
- security
- policy information
- security policy
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses an information embedding method, which comprises the following steps: determining a carrier object; determining security policy information of a carrier object; embedding the security policy information of the carrier object into the carrier object to obtain the carrier object containing the security policy information; wherein, the security policy information refers to information used for data security processing of the carrier object. By adopting the method, more refined differential safety processing on the data is realized.
Description
Technical Field
The application relates to the technical field of computers, in particular to an information embedding method and device, electronic equipment and storage equipment. The application also relates to a data security processing method and device, electronic equipment and storage equipment.
Background
With the rapid development of data services including mobile internet and big data, secure processing of data is increasingly important.
In some scenarios, differentiated security processing of data is required. For example, for public data and less secure data, processing may be done in a lightweight manner, e.g., as long as ownership of the data is identified; for data with a higher security level, a certain extent of propagation may be allowed, but a higher level of security processing is required before propagation.
Therefore, how to perform differentiated security processing on data is a problem to be solved.
Disclosure of Invention
The application provides an information embedding method and device, electronic equipment and storage equipment, and a data security processing method and device, electronic equipment and storage equipment, so as to realize differentiated security processing on data.
The application provides an information embedding method, which comprises the following steps:
determining a carrier object;
determining security policy information of a carrier object;
embedding the security policy information of the carrier object into the carrier object to obtain the carrier object containing the security policy information;
wherein, the security policy information refers to information used for data security processing of the carrier object.
Alternatively to this, the first and second parts may,
the security policy information includes: security level information;
the embedding the security policy information of the carrier object into the carrier object to obtain the carrier object containing the security policy information includes: and embedding the security level information of the carrier object into the carrier object to obtain the carrier object containing the security level information.
Optionally, the security policy information further includes:
the data type and/or mode of operation of the carrier object; the operation mode refers to a mode for carrying out data processing on the carrier object;
the embedding the security policy information of the carrier object into the carrier object to obtain the carrier object containing the security policy information, further includes: and embedding the data category and/or the operation mode of the carrier object into the carrier object to obtain the carrier object containing the data category and/or the operation mode of the carrier object.
Optionally, the security policy information includes at least one security level information.
Optionally, the method further includes:
determining the quantity of the security level information contained in the security policy information according to the quantity of the embedded security level information agreed in advance; alternatively, the first and second electrodes may be,
and providing the quantity of the embedded security level information to a security policy information extraction terminal.
Optionally, the embedding the security policy information of the carrier object into the carrier object includes:
embedding security policy information of the carrier object into the carrier object using an embedding key.
Optionally, the embedding the security policy information of the carrier object into the carrier object to obtain the carrier object containing the security policy information includes:
embedding the security policy information of the carrier object into the carrier object in a hidden manner to obtain the carrier object containing the security policy information; or
And embedding the security policy information of the carrier object into the carrier object in a visible mode to obtain the carrier object containing the security policy information.
The application also provides a data security processing method, which comprises the following steps:
obtaining a carrier object;
extracting security policy information from the carrier object;
performing data security processing on the carrier object based on the security policy information;
wherein, the security policy information refers to information used for data security processing of the carrier object.
Alternatively to this, the first and second parts may,
the security policy information includes: security level information;
the extracting of the security policy information from the carrier object includes:
security level information is extracted from the carrier object.
Optionally, the extracting security level information from the carrier object includes:
at least one security level information is extracted from the carrier object.
Optionally, the method further includes:
when a plurality of security level information is extracted from the carrier object, determining security level information corresponding to an operation subject performing data processing on the carrier object or a reception subject receiving a data processing result for the carrier object;
the performing data security processing on the carrier object based on the security policy information includes:
and performing data security processing on the carrier object based on the security level information corresponding to the operation body or the receiving body.
Optionally, the extracting security policy information from the carrier object further includes:
extracting the data category and/or the operation mode of the carrier object from the carrier object; the operation mode refers to a mode for carrying out data processing on the carrier object.
Optionally, the extracting at least one piece of security level information from the carrier object includes:
extracting safety level information of a predetermined number from the carrier object; alternatively, the first and second electrodes may be,
security level information is extracted from the carrier object, the security level information being the amount of security level information provided by the security policy information embedding end.
Optionally, the extracting security policy information from the carrier object includes:
security policy information is extracted from the carrier object using an extraction key corresponding to the embedded key.
The present application further provides an information embedding device, the device comprising:
a carrier object determination unit for determining a carrier object;
a security policy information determining unit for determining security policy information of the carrier object;
a security policy information embedding unit, configured to embed security policy information of the carrier object into the carrier object, so as to obtain a carrier object including the security policy information;
wherein, the security policy information refers to information used for data security processing of the carrier object.
The present application further provides a data security processing apparatus, the apparatus comprising:
a carrier object obtaining unit for obtaining a carrier object;
the security policy information extraction unit is used for extracting security policy information from the carrier object;
the data security processing unit is used for carrying out data security processing on the carrier object based on the security policy information;
wherein, the security policy information refers to information used for data security processing of the carrier object.
The present application additionally provides an electronic device comprising:
a processor; and
a memory for storing a program of an information embedding method, the apparatus performing the following steps after being powered on and running the program of the information embedding method by the processor:
determining a carrier object;
determining security policy information of a carrier object;
embedding the security policy information of the carrier object into the carrier object to obtain the carrier object containing the security policy information;
wherein, the security policy information refers to information used for data security processing of the carrier object.
The present application further provides an electronic device, comprising:
a processor; and
a memory for storing a program of a data security processing method, wherein the following steps are executed after the device is powered on and the program of the data security processing method is executed by the processor:
obtaining a carrier object;
extracting security policy information from the carrier object;
performing data security processing on the carrier object based on the security policy information;
wherein, the security policy information refers to information used for data security processing of the carrier object.
The present application further provides a storage device,
a program storing an information embedding method, the program being executed by a processor to perform the steps of:
determining a carrier object;
determining security policy information of a carrier object;
embedding the security policy information of the carrier object into the carrier object to obtain the carrier object containing the security policy information;
wherein, the security policy information refers to information used for data security processing of the carrier object.
The present application also provides a storage device that,
a program storing a data security processing method, the program being executed by a processor to perform the steps of:
obtaining a carrier object;
extracting security policy information from the carrier object;
performing data security processing on the carrier object based on the security policy information;
wherein, the security policy information refers to information used for data security processing of the carrier object.
Compared with the prior art, the method has the following advantages:
according to the information embedding method, the information embedding device, the electronic equipment and the storage equipment, the security policy information of the carrier object is embedded into the carrier object, and the carrier object containing the security policy information is obtained. By embedding the security policy information in the carrier object, the carrier object receiving end can perform data security processing on the carrier object according to the security policy information, so that the convenience of acquiring the security policy information is increased, and more refined differentiated security processing of different carrier objects is realized.
According to the data security processing method and device, the electronic equipment and the storage equipment, data security processing is performed on the carrier object based on the security policy information, and more refined differentiated security processing of different carrier objects is achieved.
Drawings
Fig. 1 is a flowchart of an information embedding method according to a first embodiment of the present application.
Fig. 2 is a schematic diagram of a security level provided in a first embodiment of the present application.
Fig. 3 is a schematic diagram of security policy information according to a first embodiment of the present application.
Fig. 4 is a flowchart of a data security processing method according to a second embodiment of the present application.
Fig. 5 is a schematic diagram of an information embedding apparatus according to a third embodiment of the present application.
Fig. 6 is a schematic diagram of a data security processing apparatus according to a fourth embodiment of the present application.
Fig. 7 is a schematic diagram of an electronic device according to a fifth embodiment of the present application.
Fig. 8 is a schematic diagram of an electronic device according to a sixth embodiment of the present application.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present application. This application is capable of implementation in many different ways than those herein set forth and of similar import by those skilled in the art without departing from the spirit of this application and is therefore not limited to the specific implementations disclosed below.
The first embodiment of the present application provides an information embedding method. The following description will be made in detail with reference to fig. 1, 2, and 3.
As shown in fig. 1, in step S101, a carrier object is determined.
The carrier object refers to data in which security policy information needs to be embedded. For example, the financial data of the corporate financial department, which may be referred to as a carrier object, may have security policy information embedded in the financial data because of the need for data security processing. Wherein, the security policy information refers to information used for data security processing of the carrier object.
As shown in fig. 1, in step S102, security policy information of the carrier object is determined.
The security policy information may include: security level information. The security policy information may include one security level information or a plurality of security level information. The security policy information here refers to general security policy information, i.e., includes all security level information. For example, as shown in FIG. 2, the data security levels include: a minimum security level, a specific security level, a generic security level, a maximum security level. In a specific implementation, the number of the security level information included in the security policy information may be determined according to a requirement. The purpose of setting a plurality of safety level information is to enable an operation main body which processes data of the carrier object or a receiving main body which receives a data processing result aiming at the carrier object to perform differentiated safety processing on the same carrier object according to different safety levels according to actual conditions.
For example, if the carrier object is financial data of the corporate finance department, a minimum level of security (e.g., level 3) may be set for the document author or the department leader to which the document author belongs; higher access rights may be available to the personnel of the department of finance, so a certain level of security (e.g. level 4) may be set for the personnel of the department of finance; for the staff in the enterprise, a general safety level (for example, 5 levels) can be set; for those outside of the enterprise, a highest security level (e.g., level 6) may be set, and the security policy information may be "{ 3, 4, 5, 6 }".
It should be noted that, when the security policy information includes a plurality of security level information, the plurality of security levels may be completely or partially the same in some cases. For example, for data that can be disclosed to the outside, the lowest security level, the specific security level, the general security level, and the highest security level may all be set to the same security level, such as level 1, and the security policy information may be: "{ 1, 1 }" or "{ 1 }"; for data disclosed inside an enterprise, the three levels of the lowest security level, the specific security level, and the general security level may be set to be the same, for example, level 1, and the highest security level may be set to level 2, and then the security policy information may be: "{ 1, 2 }".
Preferably, the security policy information includes the number of security level information, and may be determined according to the number of embedded security level information agreed in advance by the security policy information embedding terminal and the security policy information extracting terminal. For example, the security policy information embedding end and the security policy information extracting end agree in advance that the number of the embedded security level information is 4, and the number of the security policy information including the security level information is 4. Further, when a plurality of security levels exist partially at the same time, in order to enable the security policy information extraction side to accurately obtain the security policy information, the number of security level information included in the security policy information should be the number of embedded security level information agreed in advance. For example, for the carrier object, a lowest security level, a specific security level, a general security level, and a highest security level are set, where three levels of the lowest security level, the specific security level, and the general security level are set to be the same security level (assuming level 1), and the highest security level is set to be level 2, the security policy information is: "{ 1, 2 }" and not "{ 1, 2 }", because if "{ 1, 2 }", the security policy information extraction side cannot determine that several security level 1 levels and several security level 2 levels are included, which may result in false extraction.
In addition, the security policy information includes the quantity of the security level information, and can be determined by the security policy information embedding end according to the requirement, and then the quantity of the embedded security level information is provided for the security policy information extraction end by the security policy information embedding end.
The security policy information may include, in addition to security level information: the data type and/or mode of operation of the carrier object; the data category of the carrier object may refer to an attribute type of the carrier object, such as: financial, statement, etc. The operation mode refers to a mode for carrying out data processing on the carrier object, and can include: editing, copying, distributing, etc. As shown in fig. 3, the security policy information includes a data category, a security level, and an operation manner. For example, if the carrier object is financial data of the corporate finance department, the data category of the carrier object is "financial class", the corresponding lowest security level, specific security level, general security level and highest security level are "3", "4", "5" and "6", respectively, and the operation mode is "distribution", the security policy information may be "financial class, {3, 4, 5, 6}, distribution".
After determining the security policy information of the carrier object, the security policy information of the carrier object may be embedded into the carrier object, resulting in the carrier object containing the security policy information.
As shown in fig. 1, in step S103, the security policy information of the carrier object is embedded into the carrier object, so as to obtain the carrier object containing the security policy information.
When the security policy information of the carrier object is embedded into the carrier object, the security policy information of the carrier object may be embedded into the carrier object in a hidden manner or in a visible manner. For example, the security policy information of the carrier object is embedded in the carrier object in the form of watermark information.
If the security policy information of the carrier object only includes the security level information, said embedding the security policy information of the carrier object into the carrier object to obtain the carrier object containing the security policy information, including: and embedding the security level information of the carrier object into the carrier object to obtain the carrier object containing the security level information. In specific implementation, if the security level information of the carrier object is embedded into the carrier object in the form of watermark information, the security level information of the carrier object may be encoded first, and the encoded security policy information is the watermark information to be actually embedded, and then the encoded security policy information is embedded into the carrier object.
For example, assuming that it is necessary to embed a piece of financial data FD (carrier object) into security policy information, and the corresponding minimum security level, specific security level, general security level, and maximum security level are "3", "4", "5", and "6", respectively, the security policy information is "{ 3, 4, 5, and 6 }", the security policy information "{ 3, 4, 5, and 6 }" is appropriately encoded, the encoded security policy information is represented as "security policy information encoded", the encoded security policy information "security policy information encoded" may be used as watermark information to be actually embedded, and the encoded security policy information "security policy information encoded" is embedded into the data FD by using an information hiding algorithm, so as to obtain data FD' including the security policy information.
If the security policy information of the carrier object further includes the data category and/or the operation mode of the carrier object, the embedding the security policy information of the carrier object into the carrier object to obtain the carrier object containing the security policy information, further including: and embedding the data category and/or the operation mode of the carrier object into the carrier object to obtain the carrier object containing the data category and/or the operation mode of the carrier object. For example, assuming that it is necessary to embed a financial data FD into the security policy information, the data category of which is "financial class", the corresponding lowest security level, specific security level, general security level, and highest security level are "3", "4", "5", "6", respectively, and the operation mode is "distribution", the security policy information may be "financial class, {3, 4, 5, 6}, distribution", the security policy information is "financial class, {3, 4, 5, 6}, distribution", and is appropriately encoded, and the encoded security policy information is denoted as "security policy information encoded". The encoded security policy information ' security policy information encoded ' is used as actual watermark information to be embedded, and the encoded security policy information is embedded into the data FD by using an information hiding algorithm to obtain the data FD ' containing the security policy information.
In order to improve the security of the embedded security policy information, the security policy information of the carrier object may be embedded into the carrier object using an embedded key, for example, the security policy information of the carrier object may be encrypted by the embedded key, and the embedded key may be used to determine the location of the embedded security policy information of the carrier object. The embedded key can be sent to the security policy information extraction end by the security policy information embedding end, and the security policy information extraction end can also obtain the embedded key according to the mode agreed by the security policy information embedding end and the security policy information extraction end.
The second embodiment of the present application provides a data security processing method. This is explained in detail below with reference to fig. 4.
As shown in fig. 4, in step S401, a carrier object is obtained.
The carrier object refers to data in which security policy information is embedded. The security policy information refers to information for performing data security processing on the carrier object. For example, data FD' in the previous example containing security policy information.
As shown in fig. 4, in step S402, security policy information is extracted from the carrier object.
The security policy information may include: security level information. The security policy information may include one security level information or a plurality of security level information. The security policy information here refers to general security policy information, i.e., includes all security level information. For example, as shown in FIG. 2, the data security levels include: a minimum security level, a specific security level, a generic security level, a maximum security level.
For example, if the carrier object is financial data of the corporate finance department, a minimum level of security (e.g., level 3) may be set for the document author or the department leader to which the document author belongs; higher access rights may be available to the personnel of the department of finance, so a certain level of security (e.g. level 4) may be set for the personnel of the department of finance; for the staff in the enterprise, a general safety level (for example, 5 levels) can be set; for those outside of the enterprise, a highest security level (e.g., level 6) may be set, and the security policy information may be "{ 3, 4, 5, 6 }".
When the security policy information contains security level information, the extracting the security policy information from the carrier object includes: security level information is extracted from the carrier object. The security level information extracted from the carrier object may be a code corresponding to the security level information embedded in the carrier object. For example, if the encoded security policy information, which is expressed as "security level information encoded", is embedded, the encoded security policy information is extracted from the carrier object as "security level information encoded". If the embedded security policy information is the encoded security policy information, the security policy information needs to be restored to the security policy information before encoding.
The extracting of the security level information from the carrier object includes: at least one security level information is extracted from the carrier object. If the security level information embedded into the carrier object is one, extracting the security level information; if the security level information embedded in the carrier object is multiple, the multiple security level information is extracted.
The extracting at least one security level information from the carrier object includes: extracting safety level information of a predetermined number from the carrier object; alternatively, security level information is extracted from the carrier object, the security level information being the amount of security level information provided by the security policy information embedding terminal. If the quantity of the embedded security level information is agreed in advance by the security policy information embedding end and the security policy information extraction end, the quantity of the security level information extracted by the security policy information extraction end is the agreed quantity in advance. For example, if the security policy information embedding terminal and the security policy information extraction terminal agree in advance that the number of embedded security level information is 4, the number of extracted security level information is 4.
If the security policy information embedded in the carrier object further includes a data category and/or an operation mode of the carrier object, the extracting the security policy information from the carrier object may further include: extracting the data category and/or the operation mode of the carrier object from the carrier object; the operation mode refers to a mode for carrying out data processing on the carrier object. For example, assuming that it is necessary to embed a financial data FD into the security policy information, the data category of which is "financial class", the corresponding lowest security level, specific security level, general security level, and highest security level are "3", "4", "5", "6", respectively, and the operation mode is "distribution", the security policy information may be "financial class, {3, 4, 5, 6}, distribution", the security policy information is "financial class, {3, 4, 5, 6}, distribution", and is appropriately encoded, and the encoded security policy information is denoted as "security policy information encoded". And embedding the encoded security policy information into the data FD by using an information hiding algorithm to obtain the data FD' containing the security policy information. The security policy information can be extracted from the data FD' as "security policy information encoded". After the "security policy information encoded" is extracted, the extracted "security policy information encoded" needs to be subjected to inverse coding (i.e. decoding), and the obtained actual security policy information is "financial class, {3, 4, 5, 6}, distributed", so that not only the security level information but also the data class and/or operation mode of the carrier object are extracted from the carrier object.
It should be noted that, if the security policy information embedding end embeds the security policy information of the carrier object into the carrier object by using the embedding key, when the security policy information is extracted from the carrier object, the security policy information needs to be extracted from the carrier object by using the extraction key corresponding to the embedding key. For example, the security policy information of the carrier object may be decrypted by an extraction key corresponding to the embedding key, or the location where the security policy information of the carrier object is embedded may be obtained by an extraction key corresponding to the embedding key.
As shown in fig. 4, in step S403, data security processing is performed on the carrier object based on the security policy information.
And performing data security processing on the carrier object based on the security policy information, and performing corresponding data security processing on the carrier object according to the security level information included in the security policy information.
When only one piece of security level information is extracted from the carrier object, corresponding processing may be performed according to the security level information, for example, if the security policy information includes the same or only one piece of security level information, the same processing may be performed on a different operation subject that performs data processing on the carrier object or a receiving subject that receives a result of the data processing on the carrier object.
When a plurality of security level information is extracted from the carrier object, security level information corresponding to an operation subject or a reception subject may be determined first according to the operation subject performing data processing on the carrier object or the reception subject receiving a data processing result for the carrier object; and performing data security processing on the carrier object based on the security level information corresponding to the operation subject or the receiving subject. The operation body may be a body that receives a carrier object, and extracts security level information from the carrier object. For example, the operation body may store its own security level information in advance, or may store the security level information of the reception body. When the operating body extracts a plurality of security level information from the carrier object, the security level of the operating body may be determined by pre-storing the security level information of the operating body itself, or the security level information of the receiving body may be determined based on the pre-stored security level information of the receiving body.
For example, if the security level of the operation subject is set to level 2, after receiving the carrier object and extracting the security level, the operation subject determines that its security level is level 2, and then determines that the security level information extracted from the carrier object includes the level 2 security level, the operation subject performs data security processing on the carrier object using the level 2 security level.
The receiving entity may refer to a receiving end that receives a data processing result of the carrier object, for example, if the corporate finance part (corresponding to the above-mentioned operating entity) needs to send financial data (the carrier object received by the corporate finance part) to a document author or a department leader to which the document author belongs (corresponding to the above-mentioned receiving entity), the corporate finance part first determines that a security level corresponding to the document author or the department leader to which the document author belongs is 3, and then sends the financial data to the document author or the department leader to which the document author belongs by using the 3-level security level; if the financial data needs to be sent to the staff of the financial department (corresponding to the receiving main body), the enterprise financial department firstly determines that the safety level corresponding to the staff of the financial department is 4, and then sends the financial data to the staff of the financial department by using the 4-level safety level; if the financial data needs to be sent to the internal personnel of the enterprise (corresponding to the receiving main body), the enterprise financial department firstly determines that the security level corresponding to the internal personnel of the enterprise is 5, and then sends the financial data to the internal personnel of the enterprise by using the 5-level security level; if the financial data needs to be sent to the staff outside the enterprise (corresponding to the receiving subject), the corporate financial department first determines that the security level corresponding to the staff outside the enterprise is level 6, and then sends the financial data to the staff outside the enterprise using the level 6 security level.
The following is an example of data security processing on the carrier object based on the security level information corresponding to the operation subject or the reception subject.
1) For the carrier object with the security level information of 1, no processing can be performed, and free operation such as editing or distribution on the carrier object is allowed;
2) for the carrier object with the security level information of 2, no processing can be carried out, and the limited operation of the carrier object is allowed; or embedding the trace-back information in the carrier object and then allowing further operations, such as distribution, to be performed on the carrier object.
3) For the carrier object with the security level information of 3, allowing the restricted operation on the carrier object; distribution is only allowed after encryption or embedding of the trace back information.
4) For a carrier object with security level information of N-1, editing operations on the carrier object may be blocked and corresponding warning information may be sent.
5) For a carrier object with security level information N, the redistribution of the carrier object may be blocked and corresponding warning information may be sent.
Note: the security level information 1 to N indicates a security policy that is gradually increased to some extent, but is not absolute, and in some cases, although the security level information is different in value, it may be juxtaposed or differently weighted in terms of security.
For example, suppose that the security policy information of the carrier object (financial data) is the aforementioned "financial class, {3, 4, 5, 6}, distribution", and that the carrier object is now to be distributed to another colleague within the enterprise, the data class to which the data corresponds is "financial class", the security level is "5" (specific security level), and the operation mode is "transmittable". The summary of financial data, 5, delivery is a "specific security policy" that is sent to colleagues within the enterprise. Based on this "specific security policy", the sending of the data is managed accordingly, e.g. the identity information of the recipient is embedded in the data. Subsequently, the data embedded with the recipient identity information will be sent to the recipient.
For another example, when a user (operation subject) wants to send a document, a document (carrier object) on a computer is opened by the user, security policy information embedded in the document can be extracted, whether the sending operation can be performed is determined according to security level information corresponding to a receiving subject of the document, and if the security level information corresponding to the receiving subject of the document is level 6, the sending operation on the document can be blocked; if a user (operation subject) wants to perform editing operation on a document, when the user opens the document, whether the document can be edited or not is determined according to the security level information corresponding to the user.
Corresponding to the information embedding method provided above, the third embodiment of the present application also provides an information embedding apparatus.
As shown in fig. 5, the information embedding apparatus includes: a carrier object determination unit 501, a security policy information determination unit 502, and a security policy information embedding unit 503.
A carrier object determination unit 501 for determining a carrier object;
a security policy information determining unit 502, configured to determine security policy information of a carrier object;
a security policy information embedding unit 503, configured to embed the security policy information of the carrier object into the carrier object, so as to obtain a carrier object containing the security policy information;
wherein, the security policy information refers to information used for data security processing of the carrier object.
Optionally, the security policy information includes: security level information;
the security policy information embedding unit is specifically configured to: and embedding the security level information of the carrier object into the carrier object to obtain the carrier object containing the security level information.
Optionally, the security policy information further includes:
the data type and/or mode of operation of the carrier object; the operation mode refers to a mode for carrying out data processing on the carrier object;
the security policy information embedding unit further includes: and embedding the data category and/or the operation mode of the carrier object into the carrier object to obtain the carrier object containing the data category and/or the operation mode of the carrier object.
Optionally, the security policy information includes at least one security level information.
Optionally, the apparatus further comprises: a unit for determining the amount of security level information,
the security policy information processing device is used for determining the quantity of the security level information contained in the security policy information according to the quantity of the embedded security level information agreed in advance; alternatively, the first and second electrodes may be,
for providing the quantity of the embedded security level information to the security policy information extraction side.
Optionally, the embedding the security policy information of the carrier object into the carrier object includes:
embedding security policy information of the carrier object into the carrier object using an embedding key.
Optionally, the security policy information embedding unit includes:
a hidden mode embedding subunit, configured to embed, in a hidden mode, the security policy information of the carrier object into the carrier object, so as to obtain the carrier object including the security policy information; or
And the visible embedding subunit is used for embedding the security policy information of the carrier object into the carrier object in a visible mode to obtain the carrier object containing the security policy information.
It should be noted that, for the detailed description of the information embedding apparatus provided in the third embodiment of the present application, reference may be made to the related description of the first embodiment of the present application, and details are not repeated here.
Corresponding to the above-mentioned data security processing method, a fourth embodiment of the present application further provides a data security processing apparatus.
As shown in fig. 6, the data security processing apparatus includes: a carrier object obtaining unit 601, a security policy information extraction unit 602, and a data security processing unit 603.
A carrier object obtaining unit 601 for obtaining a carrier object;
a security policy information extraction unit 602, configured to extract security policy information from the carrier object;
a data security processing unit 603, configured to perform data security processing on the carrier object based on the security policy information;
wherein, the security policy information refers to information used for data security processing of the carrier object.
Alternatively to this, the first and second parts may,
the security policy information includes: security level information;
the security policy information extraction unit is specifically configured to:
security level information is extracted from the carrier object.
Optionally, the extracting security level information from the carrier object includes:
at least one security level information is extracted from the carrier object.
Optionally, the method further includes:
when a plurality of security level information is extracted from the carrier object, determining security level information corresponding to an operation subject performing data processing on the carrier object or a reception subject receiving a data processing result for the carrier object;
the data security processing unit is specifically configured to:
and performing data security processing on the carrier object based on the security level information corresponding to the operation body or the receiving body.
Optionally, the security policy information extracting unit is further configured to:
extracting the data category and/or the operation mode of the carrier object from the carrier object; the operation mode refers to a mode for carrying out data processing on the carrier object.
Optionally, the extracting at least one piece of security level information from the carrier object includes:
extracting safety level information of a predetermined number from the carrier object; alternatively, the first and second electrodes may be,
security level information is extracted from the carrier object, the security level information being the amount of security level information provided by the security policy information embedding end.
Optionally, the security policy information extracting unit is specifically configured to:
security policy information is extracted from the carrier object using an extraction key corresponding to the embedded key.
It should be noted that, for the detailed description of the data security processing apparatus provided in the fourth embodiment of the present application, reference may be made to the related description of the second embodiment of the present application, and details are not repeated here.
Corresponding to the information embedding method provided above, a fifth embodiment of the present application further provides an electronic device.
As shown in fig. 7, the electronic apparatus includes:
a processor 701; and
a memory 702 for storing a program of an information embedding method, the apparatus performing the following steps after being powered on and running the program of the information embedding method by the processor:
determining a carrier object;
determining security policy information of a carrier object;
embedding the security policy information of the carrier object into the carrier object to obtain the carrier object containing the security policy information;
wherein, the security policy information refers to information used for data security processing of the carrier object.
Alternatively to this, the first and second parts may,
the security policy information includes: security level information;
the embedding the security policy information of the carrier object into the carrier object to obtain the carrier object containing the security policy information includes: and embedding the security level information of the carrier object into the carrier object to obtain the carrier object containing the security level information.
Optionally, the security policy information further includes:
the data type and/or mode of operation of the carrier object; the operation mode refers to a mode for carrying out data processing on the carrier object;
the embedding the security policy information of the carrier object into the carrier object to obtain the carrier object containing the security policy information, further includes: and embedding the data category and/or the operation mode of the carrier object into the carrier object to obtain the carrier object containing the data category and/or the operation mode of the carrier object.
Optionally, the security policy information includes at least one security level information.
Optionally, the electronic device further performs the following steps:
determining the quantity of the security level information contained in the security policy information according to the quantity of the embedded security level information agreed in advance; alternatively, the first and second electrodes may be,
and providing the quantity of the embedded security level information to a security policy information extraction terminal.
Optionally, the embedding the security policy information of the carrier object into the carrier object includes:
embedding security policy information of the carrier object into the carrier object using an embedding key.
Optionally, the embedding the security policy information of the carrier object into the carrier object to obtain the carrier object containing the security policy information includes:
embedding the security policy information of the carrier object into the carrier object in a hidden manner to obtain the carrier object containing the security policy information; or
And embedding the security policy information of the carrier object into the carrier object in a visible mode to obtain the carrier object containing the security policy information.
It should be noted that, for the detailed description of the electronic device provided in the fifth embodiment of the present application, reference may be made to the related description of the first embodiment of the present application, and details are not described here again.
Corresponding to the above-mentioned data security processing method, a sixth embodiment of the present application further provides an electronic device.
As shown in fig. 8, the electronic apparatus includes:
a processor 801; and
a memory 802 for storing a program of a data security processing method, wherein after the device is powered on and the program of the data security processing method is executed by the processor, the following steps are executed:
obtaining a carrier object;
extracting security policy information from the carrier object;
performing data security processing on the carrier object based on the security policy information;
wherein, the security policy information refers to information used for data security processing of the carrier object.
Alternatively to this, the first and second parts may,
the security policy information includes: security level information;
the extracting of the security policy information from the carrier object includes:
security level information is extracted from the carrier object.
Optionally, the extracting security level information from the carrier object includes:
at least one security level information is extracted from the carrier object.
Optionally, the electronic device is further configured to perform the following steps:
when a plurality of security level information is extracted from the carrier object, determining security level information corresponding to an operation subject performing data processing on the carrier object or a reception subject receiving a data processing result for the carrier object;
the performing data security processing on the carrier object based on the security policy information includes:
and performing data security processing on the carrier object based on the security level information corresponding to the operation body or the receiving body.
Optionally, the extracting security policy information from the carrier object further includes:
extracting the data category and/or the operation mode of the carrier object from the carrier object; the operation mode refers to a mode for carrying out data processing on the carrier object.
Optionally, the extracting at least one piece of security level information from the carrier object includes:
extracting safety level information of a predetermined number from the carrier object; alternatively, the first and second electrodes may be,
security level information is extracted from the carrier object, the security level information being the amount of security level information provided by the security policy information embedding end.
Optionally, the extracting security policy information from the carrier object includes:
security policy information is extracted from the carrier object using an extraction key corresponding to the embedded key.
It should be noted that, for the detailed description of the electronic device provided in the sixth embodiment of the present application, reference may be made to the related description of the second embodiment of the present application, and details are not described here again.
Corresponding to the information embedding method provided above, a seventh embodiment of the present application further provides a storage device.
The storage device stores a program of an information embedding method, the program is executed by a processor, and the following steps are executed:
determining a carrier object;
determining security policy information of a carrier object;
embedding the security policy information of the carrier object into the carrier object to obtain the carrier object containing the security policy information;
wherein, the security policy information refers to information used for data security processing of the carrier object.
It should be noted that, for the detailed description of the storage device provided in the seventh embodiment of the present application, reference may be made to the related description of the first embodiment of the present application, and details are not described here again.
Corresponding to the above-mentioned data security processing method, an eighth embodiment of the present application further provides a storage device.
The storage device stores a program of a data security processing method, the program is executed by a processor, and the following steps are executed:
obtaining a carrier object;
extracting security policy information from the carrier object;
performing data security processing on the carrier object based on the security policy information;
wherein, the security policy information refers to information used for data security processing of the carrier object.
It should be noted that, for the detailed description of the storage device provided in the eighth embodiment of the present application, reference may be made to the related description of the second embodiment of the present application, and details are not described here again.
Although the present application has been described with reference to the preferred embodiments, it is not intended to limit the present application, and those skilled in the art can make variations and modifications without departing from the spirit and scope of the present application, therefore, the scope of the present application should be determined by the claims that follow.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-transitory computer readable media (transient media), such as modulated data signals and carrier waves.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Claims (19)
1. An information embedding method, comprising:
determining a carrier object;
determining security policy information of a carrier object; the security policy information includes security level information and the number of the security level information;
embedding the security policy information of the carrier object into the carrier object to obtain the carrier object containing the security policy information, including: determining safety level information corresponding to an operation subject or a receiving subject for the carrier object according to the operation subject for carrying out data processing on the carrier object or the receiving subject for receiving a data processing result of the carrier object; determining security policy information corresponding to the operation subject or the receiving subject targeted by the carrier object based on security level information corresponding to the operation subject or the receiving subject targeted by the carrier object, and embedding the security policy information corresponding to the operation subject or the receiving subject targeted by the carrier object into the carrier object to obtain a carrier object containing the security policy information corresponding to the operation subject or the receiving subject targeted by the carrier object;
wherein, the security policy information refers to information used for data security processing of the carrier object.
2. The method of claim 1,
the embedding the security policy information of the carrier object into the carrier object to obtain the carrier object containing the security policy information includes: and embedding the security level information of the carrier object into the carrier object to obtain the carrier object containing the security level information.
3. The method of claim 2, wherein the security policy information further comprises:
the data type and/or mode of operation of the carrier object; the operation mode refers to a mode for carrying out data processing on the carrier object;
the embedding the security policy information of the carrier object into the carrier object to obtain the carrier object containing the security policy information, further includes: and embedding the data category and/or the operation mode of the carrier object into the carrier object to obtain the carrier object containing the data category and/or the operation mode of the carrier object.
4. The method of claim 2, wherein the security policy information comprises at least one security level information.
5. The method of claim 2, further comprising:
determining the quantity of the security level information contained in the security policy information according to the quantity of the embedded security level information agreed in advance; alternatively, the first and second electrodes may be,
and providing the quantity of the embedded security level information to a security policy information extraction terminal.
6. The method of claim 1, wherein embedding the security policy information of the carrier object into the carrier object comprises:
embedding security policy information of the carrier object into the carrier object using an embedding key.
7. The method according to claim 1, wherein said embedding the security policy information of the carrier object into the carrier object, resulting in the carrier object containing the security policy information, comprises:
embedding the security policy information of the carrier object into the carrier object in a hidden manner to obtain the carrier object containing the security policy information; or
And embedding the security policy information of the carrier object into the carrier object in a visible mode to obtain the carrier object containing the security policy information.
8. A data security processing method is characterized by comprising the following steps:
obtaining a carrier object;
extracting security policy information from the carrier object; the security policy information includes security level information and the number of the security level information;
and performing data security processing on the carrier object based on the security policy information, wherein the data security processing comprises the following steps: determining safety level information corresponding to an operation subject or a receiving subject for the carrier object according to the operation subject for carrying out data processing on the carrier object or the receiving subject for receiving a data processing result of the carrier object; carrying out data security processing on the carrier object based on security level information corresponding to the operation subject or the receiving subject aimed at by the carrier object;
wherein, the security policy information refers to information used for data security processing of the carrier object.
9. The method of claim 8,
the extracting of the security policy information from the carrier object includes:
security level information is extracted from the carrier object.
10. The method of claim 9, wherein extracting security level information from the carrier object comprises:
at least one security level information is extracted from the carrier object.
11. The method of claim 10, wherein extracting security policy information from the carrier object further comprises:
extracting the data category and/or the operation mode of the carrier object from the carrier object; the operation mode refers to a mode for carrying out data processing on the carrier object.
12. The method according to claim 10, wherein said extracting at least one security level information from the carrier object comprises:
extracting safety level information of a predetermined number from the carrier object; alternatively, the first and second electrodes may be,
security level information is extracted from the carrier object, the security level information being the amount of security level information provided by the security policy information embedding end.
13. The method of claim 8, wherein extracting security policy information from the carrier object comprises:
security policy information is extracted from the carrier object using an extraction key corresponding to the embedded key.
14. An information embedding apparatus, comprising:
a carrier object determination unit for determining a carrier object;
a security policy information determining unit for determining security policy information of the carrier object; the security policy information includes security level information and the number of the security level information;
a security policy information embedding unit, configured to embed security policy information of the carrier object into the carrier object, so as to obtain a carrier object including the security policy information; the security policy information embedding unit is specifically configured to: determining safety level information corresponding to an operation subject or a receiving subject for the carrier object according to the operation subject for carrying out data processing on the carrier object or the receiving subject for receiving a data processing result of the carrier object; determining security policy information corresponding to the operation subject or the receiving subject targeted by the carrier object based on security level information corresponding to the operation subject or the receiving subject targeted by the carrier object, and embedding the security policy information corresponding to the operation subject or the receiving subject targeted by the carrier object into the carrier object to obtain a carrier object containing the security policy information corresponding to the operation subject or the receiving subject targeted by the carrier object;
wherein, the security policy information refers to information used for data security processing of the carrier object.
15. A data security processing apparatus, comprising:
a carrier object obtaining unit for obtaining a carrier object;
the security policy information extraction unit is used for extracting security policy information from the carrier object; the security policy information includes security level information and the number of the security level information;
the data security processing unit is used for carrying out data security processing on the carrier object based on the security policy information; the data security processing unit is specifically configured to: determining safety level information corresponding to an operation subject or a receiving subject for the carrier object according to the operation subject for carrying out data processing on the carrier object or the receiving subject for receiving a data processing result of the carrier object; carrying out data security processing on the carrier object based on security level information corresponding to the operation subject or the receiving subject aimed at by the carrier object;
wherein, the security policy information refers to information used for data security processing of the carrier object.
16. An electronic device, comprising:
a processor; and
a memory for storing a program of an information embedding method, the apparatus performing the following steps after being powered on and running the program of the information embedding method by the processor:
determining a carrier object;
determining security policy information of a carrier object; the security policy information includes security level information and the number of the security level information;
embedding the security policy information of the carrier object into the carrier object to obtain the carrier object containing the security policy information, including: determining safety level information corresponding to an operation subject or a receiving subject for the carrier object according to the operation subject for carrying out data processing on the carrier object or the receiving subject for receiving a data processing result of the carrier object; determining security policy information corresponding to the operation subject or the receiving subject targeted by the carrier object based on security level information corresponding to the operation subject or the receiving subject targeted by the carrier object, and embedding the security policy information corresponding to the operation subject or the receiving subject targeted by the carrier object into the carrier object to obtain a carrier object containing the security policy information corresponding to the operation subject or the receiving subject targeted by the carrier object;
wherein, the security policy information refers to information used for data security processing of the carrier object.
17. An electronic device, comprising:
a processor; and
a memory for storing a program of a data security processing method, wherein the following steps are executed after the device is powered on and the program of the data security processing method is executed by the processor:
obtaining a carrier object;
extracting security policy information from the carrier object; the security policy information includes security level information and the number of the security level information;
and performing data security processing on the carrier object based on the security policy information, wherein the data security processing comprises the following steps: determining safety level information corresponding to an operation subject or a receiving subject for the carrier object according to the operation subject for carrying out data processing on the carrier object or the receiving subject for receiving a data processing result of the carrier object; carrying out data security processing on the carrier object based on security level information corresponding to the operation subject or the receiving subject aimed at by the carrier object;
wherein, the security policy information refers to information used for data security processing of the carrier object.
18. A storage device, characterized in that,
a program storing an information embedding method, the program being executed by a processor to perform the steps of:
determining a carrier object;
determining security policy information of a carrier object; the security policy information includes security level information and the number of the security level information;
embedding the security policy information of the carrier object into the carrier object to obtain the carrier object containing the security policy information, including: determining safety level information corresponding to an operation subject or a receiving subject for the carrier object according to the operation subject for carrying out data processing on the carrier object or the receiving subject for receiving a data processing result of the carrier object; determining security policy information corresponding to the operation subject or the receiving subject targeted by the carrier object based on security level information corresponding to the operation subject or the receiving subject targeted by the carrier object, and embedding the security policy information corresponding to the operation subject or the receiving subject targeted by the carrier object into the carrier object to obtain a carrier object containing the security policy information corresponding to the operation subject or the receiving subject targeted by the carrier object;
wherein, the security policy information refers to information used for data security processing of the carrier object.
19. A storage device, characterized in that,
a program storing a data security processing method, the program being executed by a processor to perform the steps of:
obtaining a carrier object;
extracting security policy information from the carrier object; the security policy information includes security level information and the number of the security level information;
and performing data security processing on the carrier object based on the security policy information, wherein the data security processing comprises the following steps: determining safety level information corresponding to an operation subject or a receiving subject for the carrier object according to the operation subject for carrying out data processing on the carrier object or the receiving subject for receiving a data processing result of the carrier object; carrying out data security processing on the carrier object based on security level information corresponding to the operation subject or the receiving subject aimed at by the carrier object;
wherein, the security policy information refers to information used for data security processing of the carrier object.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810374727.4A CN110399732B (en) | 2018-04-24 | 2018-04-24 | Information embedding and data security processing method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810374727.4A CN110399732B (en) | 2018-04-24 | 2018-04-24 | Information embedding and data security processing method, device and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110399732A CN110399732A (en) | 2019-11-01 |
| CN110399732B true CN110399732B (en) | 2022-03-18 |
Family
ID=68321943
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810374727.4A Active CN110399732B (en) | 2018-04-24 | 2018-04-24 | Information embedding and data security processing method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110399732B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102932382A (en) * | 2011-08-08 | 2013-02-13 | 中兴通讯股份有限公司 | Safety on-demand supply method and system, and service type acquisition method |
| CN103377329A (en) * | 2012-04-19 | 2013-10-30 | 常熟南师大发展研究院有限公司 | Method for protecting CAD (computer-aided design) data on basis of watermark encryption identities |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7647630B2 (en) * | 2005-12-15 | 2010-01-12 | International Business Machines Corporation | Associating security information with information objects in a data processing system |
-
2018
- 2018-04-24 CN CN201810374727.4A patent/CN110399732B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102932382A (en) * | 2011-08-08 | 2013-02-13 | 中兴通讯股份有限公司 | Safety on-demand supply method and system, and service type acquisition method |
| CN103377329A (en) * | 2012-04-19 | 2013-10-30 | 常熟南师大发展研究院有限公司 | Method for protecting CAD (computer-aided design) data on basis of watermark encryption identities |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110399732A (en) | 2019-11-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11934497B2 (en) | Content anti-piracy management system and method | |
| Kumar et al. | A recent survey on multimedia and database watermarking | |
| CN110915164B (en) | Processing blockchain data based on smart contract operations performed in trusted execution environments | |
| US9336406B2 (en) | Multiprotocol access control list with guaranteed protocol compliance | |
| US10284372B2 (en) | Method and system for secure management of computer applications | |
| US20220075900A1 (en) | Tracing objects across different parties | |
| US8160247B2 (en) | Providing local storage service to applications that run in an application execution environment | |
| US10083311B2 (en) | Cryptographic key | |
| US9769654B2 (en) | Method of implementing a right over a content | |
| CN109040134B (en) | Information encryption design method and related device | |
| US11481477B2 (en) | Method for recording a multimedia content, method for detecting a watermark within a multimedia content, corresponding devices and computer programs | |
| US9098713B2 (en) | Clipboard protection system in DRM environment and recording medium in which program for executing method in computer is recorded | |
| CN110795747A (en) | Data encryption storage method, device, equipment and readable storage medium | |
| CN114139204A (en) | Method, device and medium for inquiring hiding trace | |
| CN112073807A (en) | Video data processing method and device based on block chain | |
| CN111147248A (en) | Encrypted transmission method, device and system of face feature library and storage medium | |
| WO2022068235A1 (en) | Information processing method and apparatus for generating random number on the basis of attribute of information, and device | |
| CN110874456A (en) | Watermark embedding method, watermark extracting method, watermark embedding device, watermark extracting device and data processing method | |
| CN110399732B (en) | Information embedding and data security processing method, device and equipment | |
| US11308238B2 (en) | Server and method for identifying integrity of application | |
| CN112887297A (en) | Privacy-protecting difference data determination method, device, equipment and system | |
| US20190362051A1 (en) | Managing access to a media file | |
| CN111143879A (en) | Android platform SD card file protection method, terminal device and storage medium | |
| CN108985109A (en) | A kind of date storage method and device | |
| CN114547562A (en) | Method and device for adding and applying text watermark |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |