CN110768790A - Data security authorization access method, device, equipment and storage medium - Google Patents

Data security authorization access method, device, equipment and storage medium Download PDF

Info

Publication number
CN110768790A
CN110768790A CN201910843112.6A CN201910843112A CN110768790A CN 110768790 A CN110768790 A CN 110768790A CN 201910843112 A CN201910843112 A CN 201910843112A CN 110768790 A CN110768790 A CN 110768790A
Authority
CN
China
Prior art keywords
sub
service data
request
keys
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910843112.6A
Other languages
Chinese (zh)
Inventor
赵达悦
王梦寒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
OneConnect Smart Technology Co Ltd
Original Assignee
OneConnect Smart Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by OneConnect Smart Technology Co Ltd filed Critical OneConnect Smart Technology Co Ltd
Priority to CN201910843112.6A priority Critical patent/CN110768790A/en
Publication of CN110768790A publication Critical patent/CN110768790A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application discloses a data security authorization access method, a data security authorization access device, data security authorization access equipment and a storage medium, and relates to the technical field of communication security. The method comprises the following steps: receiving plaintext service data and encrypting the plaintext service data to generate ciphertext service data and an initial key; identifying all correlation parties; splitting the initial key into N sub-keys, and sending the N sub-keys to N correlation parties; receiving a reading request of a request end to plaintext service data, analyzing the reading request, sending an authorization request to N correlation parties, and sending a stored sub-secret key through the N correlation parties; and the server or the request terminal decrypts the ciphertext service data so that the request terminal acquires the plaintext service data. According to the method and the device, a plurality of associated parties of the business data can carry out authority control on authorization and decryption of the data, only authorized parties which are approved by all the associated parties can acquire decrypted plaintext data through a complete secret key, and therefore the data privacy protection right of any one of the associated parties is guaranteed.

Description

Data security authorization access method, device, equipment and storage medium
Technical Field
The embodiment of the application relates to the technical field of communication security, in particular to a data security authorization access method, a device, equipment and a storage medium.
Background
Encryption is the change of original information data by a special algorithm, so that even if an unauthorized user obtains encrypted information, the content of the information cannot be known because the unauthorized user does not know the decryption method. A key is a parameter input in an algorithm that converts plaintext into ciphertext during encryption or converts ciphertext into plaintext during decryption. When business data are exchanged, based on the requirement of data privacy security, a data owner can encrypt some business data, and when a user requests to access the encrypted business data, the user needs to hold a key given by the data owner to decrypt the encrypted business data.
In actual business, some business data are contributed by a plurality of related parties together, and all related parties consider that part of business data is shared by all related parties, so that the whole business data or any part of the business data can be authorized by all related parties together before authorized people can obtain related information. However, in the current business system, when data or a part of data is owned by a certain party, authorization can be performed by the party alone, and common authorization cannot be performed by all associated parties.
Disclosure of Invention
The technical problem to be solved by the embodiments of the present application is to provide a method, an apparatus, a device and a storage medium for data security authorization access, so that a plurality of associated parties of data can jointly control authorization decryption of the data.
In order to solve the above technical problem, the data security authorization access method according to the embodiment of the present application adopts the following technical solutions:
a method of securely authorizing access to data, comprising:
the server receives plaintext service data, encrypts the plaintext service data to generate ciphertext service data and an initial key based on the plaintext service data, and writes and stores the ciphertext service data;
the server identifies all the associated parties of the plaintext service data, and the number of the associated parties is marked as N;
the server divides the initial key into N parts of sub-keys based on the number of the associated parties, and deletes the initial key after respectively sending the N parts of sub-keys to the N associated parties in a one-to-one mode for storage;
the server receives a request for reading the plaintext service data from a request end;
the server analyzes the reading request and sends an authorization request for the sub-key to N associated parties corresponding to the plaintext service data, wherein the authorization request carries a feedback identifier pointing to the server or the request end to indicate the N associated parties to respond to the authorization request of the sub-key and send the sub-key stored in the authorization request to the server or the request end;
if the feedback identification points to the server side, the server side carries out splicing after receiving N parts of sub-keys sent by N associated parties, and decrypts the ciphertext service data by using the spliced initial key so as to obtain the plaintext service data and send the plaintext service data to the request side;
if the feedback identification points to the request end, the server end calls the ciphertext business data and sends the ciphertext business data to the request end, so that the request end decrypts the ciphertext business data by using the initial key formed by splicing the received N sub-keys, and the plaintext business data is obtained.
According to the data security authorization access method, a plurality of associated parties of the service data can perform authority control on authorization decryption of the data on the block chain network, only authorized parties which are all authorized by all the associated parties can acquire a complete secret key, if any one of the associated parties does not agree with authorization, a third party cannot acquire the decryption authority of the ciphertext data, and therefore the data privacy protection right of any one of the associated parties is guaranteed.
Further, the step of splitting the initial key into N parts of subkeys includes:
splitting the initial key into N sections of sub-keys in an equal division mode, setting the number of each section of sub-key, and binding respective sub-splicing rules for each section of sub-key; and the sub-splicing rule indicates the numbers of other sub-keys spliced correspondingly at the two ends of the sub-key.
Further, the step of splitting the initial key into N parts of subkeys includes:
splitting the initial key into N parts of sub-keys in an irregular mode, and binding respective sub-splicing rules for each part of sub-keys; the sub-splicing rule comprises a splicing mode between each splicing position of the sub-key and the splicing positions of other corresponding sub-keys.
Further, in the data security authorization access method, after the step of receiving plaintext service data by the server, and encrypting the plaintext service data to generate ciphertext service data and an initial key based on the plaintext service data, the method further includes:
setting indexing information corresponding to the plaintext business data for the ciphertext business data;
establishing a mapping table of all correlation parties of the ciphertext business data and the corresponding plaintext business data;
the step of the server side analyzing the reading request comprises the following steps:
and the server side extracts the indexing information in the reading request and acquires the ciphertext business data and the N associated parties corresponding to the reading request in the mapping table based on the indexing information.
Further, in the data security authorization access method, the step of the server analyzing the read request and sending an authorization request of a sub-key to N associated parties corresponding to the plaintext service data includes:
the server analyzes the identity of the request terminal and judges whether the request terminal belongs to one of the N association parties based on the mapping table;
and if the request end is confirmed to be one of the N association parties, the server end activates a preset forced authorization instruction and sends the preset forced authorization instruction to the other N-1 association parties, so that the other N-1 association parties respond to the forced authorization instruction and directly send the stored sub-secret key.
Further, in the data security authorization access method, when the initial key is split into N parts of sub-keys, corresponding splitting rules are recorded;
if the feedback identifier points to the server, the step of splicing after receiving the N parts of sub-keys sent by the N associated parties by the server includes:
the server side calls a splitting rule applied when the initial key is split into N parts of sub keys;
analyzing the splitting rule to obtain a splicing rule among N parts of sub-keys matched with the splitting rule;
and splicing the N sub-keys into the complete initial key based on the splicing rule.
Further, in the data security authorization access method, when the initial key is split into N parts of sub-keys, corresponding splitting rules are recorded;
if the feedback identifier points to a request end, the server end calls the ciphertext service data to send to the request end, so that the request end decrypts the ciphertext service data by using the initial key formed by splicing the received N sub-keys, and the step of obtaining the plaintext service data comprises the following steps:
the server side calls a splitting rule applied when the initial key is split into N parts of sub keys;
analyzing the splitting rule to obtain a splicing rule among N parts of sub-keys matched with the splitting rule;
and sending the splicing rule and the ciphertext service data to the request end together, so that the request end splices the N received sub-keys into a complete initial key based on the splicing rule, and then decrypting the ciphertext service data through the initial key to obtain the plaintext service data.
In order to solve the above technical problem, an embodiment of the present application further provides a data security authorization access apparatus, which adopts the following technical solutions:
a data security authorization access device, comprising:
the data encryption module is used for receiving plaintext service data by the server, encrypting the plaintext service data to generate ciphertext service data and an initial key based on the plaintext service data, and writing and storing the ciphertext service data;
the system comprises a correlation party identification module, a plaintext service data acquisition module and a plaintext service data processing module, wherein the correlation party identification module is used for identifying all correlation parties of the plaintext service data by a server, and the number of the correlation parties is marked as N;
the key splitting module is used for splitting the initial key into N parts of sub-keys based on the number of the associated parties by the server, respectively sending the N parts of sub-keys to the N associated parties in a one-to-one mode for storage, and then deleting the initial key;
a request receiving module, configured to receive, by a server, a request for reading the plaintext service data from a requesting end;
a request response module, configured to analyze the read request by the server, and send an authorization request for a sub-key to N associated parties corresponding to the plaintext service data, where the authorization request carries a feedback identifier pointing to the server or the request, so as to instruct the N associated parties to send respective stored sub-keys to the server or the request in response to the authorization request for the sub-key;
the first decryption module is used for splicing after receiving N parts of sub-keys sent by N associated parties if the feedback identifier points to the server, decrypting the ciphertext service data by using the spliced initial keys to obtain the plaintext service data and sending the plaintext service data to the request end;
and the second decryption module is used for calling the ciphertext business data and sending the ciphertext business data to the request end by the server end if the feedback identifier points to the request end, so that the request end decrypts the ciphertext business data by using the initial key formed by splicing the received N parts of sub-keys to obtain the plaintext business data.
The data security authorization access device provided by the embodiment of the application enables a plurality of associated parties of service data to perform authority control on authorization decryption of the data on a block chain network, only authorized parties which are all authorized by all the associated parties can acquire a complete secret key, if any one of the associated parties disagrees with authorization, a third party cannot acquire decryption authority of ciphertext data, and therefore data privacy protection authority of any one of the associated parties is guaranteed.
In order to solve the above technical problem, an embodiment of the present application further provides a computer device, which adopts the following technical solutions:
a computer device comprising a memory and a processor, wherein the memory stores a computer program, and the processor implements the steps of the data security authorization access method according to any one of the above technical solutions when executing the computer program.
In order to solve the above technical problem, an embodiment of the present application further provides a computer-readable storage medium, which adopts the following technical solutions:
a computer-readable storage medium, having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method for secure authorized access to data as set forth in any of the preceding claims.
Compared with the prior art, the embodiment of the application mainly has the following beneficial effects:
the embodiment of the application discloses a data security authorization access method, a device, equipment and a storage medium, wherein the data security authorization access method receives plaintext service data, encrypts the plaintext service data, and generates ciphertext service data and an initial key; identifying all correlation parties; splitting the initial key into N sub-keys, and sending the N sub-keys to N correlation parties; receiving a request for reading plaintext service data from a request end; analyzing the reading request, and sending an authorization request for the sub-secret key to the associated party, wherein the authorization request carries a feedback identifier pointing to a service end or a request end so as to indicate N associated parties to respond to the authorization request of the sub-secret key and send the sub-secret key stored in the authorization request to the service end or the request end; if the feedback identification points to the server side, the server side carries out splicing after receiving N parts of sub-keys sent by N associated parties, and decrypts the ciphertext service data by using the spliced initial key so as to obtain the plaintext service data and send the plaintext service data to the request side; if the feedback identification points to the request end, the server end calls the ciphertext business data and sends the ciphertext business data to the request end, so that the request end decrypts the ciphertext business data by using the initial key formed by splicing the received N sub-keys, and the plaintext business data is obtained. The method enables a plurality of associated parties of the business data to carry out authority control on data authorization and decryption, only authorized parties which are all authorized by authorized parties can obtain decrypted plaintext data through a complete secret key, if any party in the associated parties does not agree with authorization, a third party request end cannot obtain the decryption authority of the ciphertext data, and therefore the data privacy protection authority of any party in the associated parties is guaranteed.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
FIG. 1 is a diagram of an exemplary system architecture to which embodiments of the present application may be applied;
FIG. 2 is a flow chart of an embodiment of a method for securing authorized access to data according to an embodiment of the present application;
FIG. 3 is a schematic structural diagram of an embodiment of a data security authorization access device according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an embodiment of a computer device in an embodiment of the present application.
Detailed Description
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein in the description of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application.
It is noted that the terms "comprises," "comprising," and "having" and any variations thereof in the description and claims of this application and the drawings described above are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus. In the claims, the description and the drawings of the specification of the present application, relational terms such as "first" and "second", and the like, may be used solely to distinguish one entity/action/object from another entity/action/object without necessarily requiring or implying any actual such relationship or order between such entities/actions/objects.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
In order to make the technical solutions of the present application better understood, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the relevant drawings in the embodiments of the present application.
As shown in fig. 1, the system architecture 100 may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have various communication client applications installed thereon, such as a web browser application, a shopping application, a search application, an instant messaging tool, a mailbox client, social platform software, and the like.
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, e-book readers, MP3 players (Moving Picture experts Group Audio Layer III, mpeg compression standard Audio Layer 3), MP4 players (Moving Picture experts Group Audio Layer IV, mpeg compression standard Audio Layer 4), laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background server providing support for pages displayed on the terminal devices 101, 102, 103.
It should be noted that, the data security authorization access method provided in the embodiment of the present application is generally executed by a server/terminal device, and accordingly, the data security authorization access apparatus is generally disposed in the server/terminal device.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
With continuing reference to FIG. 2, a flow diagram of one embodiment of a method for securing authorized access to data as described in embodiments of the present application is shown. The data security authorization access method comprises the following steps:
step 201: and the server receives plaintext service data, encrypts the plaintext service data to generate ciphertext service data and an initial key based on the plaintext service data, and writes and stores the ciphertext service data.
The service end in this application may be regarded as a block chain network, and the plaintext service data refers to initial service data provided by a data owner (i.e., an associated party) in the block chain network, where the initial service data is unencrypted information data. In this application, the provider of the initial business data may be one or more data associators, but ownership of the initial business data should be considered as being commonly owned by all the associators. That is, when the related information of the initial service data needs to be obtained, the authority granted by all the associated parties corresponding to the initial service data together needs to be possessed.
For example, in a service, related data of the service relates to two related parties a and B, a part of the related data is provided by the related party a, the other part of the related data is provided by the related party B, and the whole or any part of the related data is considered to be owned by both the related parties a and B, and if data information of any part of the related data is desired to be acquired, authorization should be performed by both the related parties a and B.
In a block chain network, after the plaintext service data is received, the plaintext service data is encrypted through an encryption algorithm, ciphertext service data corresponding to the plaintext service data is generated, and the ciphertext service data can be decrypted and recovered to be an initial key of the plaintext service data.
And writing the ciphertext service data into the block chain network for storage, deleting the plaintext service data from the block chain network to avoid a requester from directly acquiring the plaintext service data from the block chain network, and further processing the initial key.
Step 202: and the server identifies all the associated parties of the plaintext service data, and the number of the associated parties is marked as N.
The related party may be a device or an individual, or may be an object such as an organization or an enterprise. All the related parties refer to all data owners who own ownership of the plaintext service data, and the number of the related parties is marked as N.
Step 203: and the server divides the initial key into N parts of sub-keys based on the number of the associated parties, and deletes the initial key after respectively sending the N parts of sub-keys to the N associated parties in a one-to-one manner for storage.
In this application, the initial key generated in step 201 needs to be split based on the number N of the associated parties acquired in step 202, and the initial key is split into N parts of sub-keys, where the N parts of sub-keys can be completely spliced into the initial key.
In order to realize that a user needs to obtain authorization at all the associated parties when requesting plaintext service data, the N split sub-keys are respectively matched with the N associated parties in a one-to-one manner through a block chain network, the sub-keys matched with each associated party are respectively sent to the corresponding associated parties for independent storage, and the initial key is deleted from the block chain network.
In step 203 of one specific implementation manner in the embodiment of the present application, the step of splitting the initial key into N parts of subkeys includes:
step 2031: splitting the initial key into N sections of sub-keys in an equal division mode, setting the number of each section of sub-key, and binding respective sub-splicing rules for each section of sub-key; and the sub-splicing rule indicates the numbers of other sub-keys spliced correspondingly at the two ends of the sub-key.
When the initial key is split, the initial key is split in an equal-division manner, that is, the key is split into N equal-length sub-keys according to the length of the key, different numbers are set for each sub-key to facilitate the division and association, and then the N equal-length sub-keys are sent to N associated parties one-to-one.
And sending the N sub-keys with the same length together with sub-splicing rules which are respectively bound with the sub-keys of each segment, wherein the sub-splicing rules at least indicate the numbers of other splicing objects (namely other sub-keys) which need to be spliced at two ends correspondingly when the sub-keys of the segment are spliced. Only one end of the two sub-keys located at the head end and the tail end of the initial key needs to be spliced with other sub-keys, so that the number of the other sub-keys corresponding to the end to be spliced is only recorded in the sub-splicing rules of the two sub-keys. After equal-length splitting, when each sub-key needs to be spliced, the corresponding sub-keys can be conveniently matched according to the serial numbers in the sub-splicing rules for splicing.
Specifically, the information recorded in the splicing rule corresponding to each segment of sub-key further includes: the number of the segment subkeys, the total number of segments N of the subkeys, and more specifically the splicing approach.
In step 203 of another specific implementation manner in this embodiment of the present application, the splitting the initial key into N parts of sub-keys includes:
step 2032: splitting the initial key into N parts of sub-keys in an irregular mode, and binding respective sub-splicing rules for each part of sub-keys; the sub-splicing rule comprises splicing modes between each splicing position of the sub-key and other corresponding splicing positions of the sub-key.
When the initial key is irregularly split, the split N parts of sub-keys are all random in length, and each part of sub-key can be discontinuous key information, namely each part of sub-key can be formed by combining a plurality of key sections at discontinuous positions in the initial key. At this time, in the splicing rule bound to each share of subkeys and related to the share of subkeys, more complex and detailed splicing information needs to be recorded, which may specifically include: the number of the partial sub-key, the total number N of the partial sub-keys, the number of other partial sub-keys correspondingly spliced at each splicing position of the partial sub-key and the splicing mode between the partial sub-keys and the splicing positions of the other partial sub-keys.
Of course, in other embodiments of the present application, the server may also record a corresponding splitting rule when splitting the initial key into N shares of subkeys, where the splitting rule is generally stored in the server. At this time, the subkey does not bind the subsplicing rule.
Step 204: and the server receives a data reading request of the request end to the plaintext service data.
Step 205: and the server analyzes the reading request and sends an authorization request for the sub-key to N associated parties corresponding to the plaintext service data, wherein the authorization request carries a feedback identifier pointing to the server or the request end so as to indicate the N associated parties to respond to the authorization request of the sub-key and send the respectively stored sub-key to the server or the request end.
When a user is used as a request end and needs to check the related information of the plaintext service data, the information of N associated parties having the ownership of the plaintext service data needs to be acquired, and then a request is sent to the N associated parties to acquire the complete authorization authority for checking the plaintext service data. In the embodiment of the application, the user sends a data reading request for the plaintext service to the server so as to obtain the authorization for the subkey from the associated party indirectly through the server.
And the block chain network is used as a server side to send the authorization requests for the sub-secret keys to the N correlation parties respectively or simultaneously. After the N associated parties receive the authorization request, the N associated parties respectively judge whether corresponding authorities should be granted to corresponding request terminals or not by analyzing the authorization request. And the feedback identification carried in the authorization request is preset arbitrarily by a server manager of the blockchain network according to different requirements of the scene when the blockchain network is applied.
And if the N associated parties confirm that the authority of the request end can be granted, responding to the authorization request and sending the stored sub-keys to the server end or the request end.
And if one or more association parties in the N association parties judge that the authority of the request end should not be granted, sending the stored sub-keys to the block chain network or the request end as the feedback of the authorization request only by the association party which judges that the authority of the request end can be granted, wherein the number of the sub-keys received by the block chain network or the request end does not reach N, and the sub-keys are not enough to be spliced into the complete initial key.
In some embodiments of the present application, after step 201, the method for securely authorizing access to data further comprises the steps of: setting indexing information corresponding to the plaintext business data for the ciphertext business data;
establishing a mapping table of all correlation parties of the ciphertext business data and the corresponding plaintext business data;
in step 205, the step of the server parsing the read request includes:
and the server side extracts the indexing information in the reading request and acquires the ciphertext business data and the N associated parties corresponding to the reading request in the mapping table based on the indexing information.
Further, in a specific implementation manner of the embodiment of the present application, the step 205 includes:
step 2051; the server analyzes the identity of the request terminal and judges whether the request terminal belongs to N correlation parties based on the mapping table;
step 2052: and if the request end is confirmed to be one of the N association parties, the server end activates a preset forced authorization instruction and sends the preset forced authorization instruction to the other N-1 association parties, so that the other N-1 association parties respond to the forced authorization instruction and directly send the stored sub-secret key.
If it is determined in step 2051 that the current request end does not belong to one of the N associated parties corresponding to the plaintext service data, the original step 205 is continuously executed.
If the current request end is one of N associated parties, the request end is one of direct relatives of the partial data, and the request end has complete authority of accessing the plaintext service data.
Specifically, a mandatory authorization instruction corresponding to the situation may be preset in an interactive system of the blockchain network, and at this time, the request terminal serving as one of the N associators may activate the mandatory authorization instruction and send the mandatory authorization instruction to the other N-1 associators through the blockchain network. The mandatory authorization instruction is used for indicating the associated party receiving the mandatory authorization instruction to skip the authorized right-determining process and directly sending the subkey stored in the mandatory authorization instruction to the blockchain network or the request end.
After receiving the N-1 parts of sub-keys sent by other related parties, the block chain network combines the sub-keys stored by the request end, and then the complete initial key can be obtained through splicing. And after receiving the N-1 parts of sub-keys sent by other related parties, the requesting end is spliced with the sub-keys stored by the requesting end, so that the complete initial key can be obtained.
Step 206: and if the feedback identifier points to the server, the server splices the N sub-keys sent by the N associated parties after receiving the N sub-keys, decrypts the ciphertext business data by using the spliced initial key to obtain the plaintext business data, and sends the plaintext business data to the request end.
Step 207: if the feedback identification points to the request end, the server end calls the ciphertext business data and sends the ciphertext business data to the request end, so that the request end decrypts the ciphertext business data by using the initial key formed by splicing the received N sub-keys, and the plaintext business data is obtained.
In some embodiments of the application, after splitting the initial key into N parts of sub-keys, the server side stores corresponding splitting rules, and the sub-splicing rules are not bound to the sub-keys.
In a specific implementation manner of this embodiment of the present application, when the initial key is split into N parts of subkeys, the step 203 further includes: and recording the corresponding splitting rule. After step 205, if the feedback identifier points to the server, the step of splicing by the server after receiving N parts of subkeys sent by N associated parties in step 206 includes:
the server side calls a splitting rule applied when the initial key is split into N parts of sub keys;
analyzing the splitting rule to obtain a splicing rule among N parts of sub-keys matched with the splitting rule;
and splicing the N sub-keys into the complete initial key based on the splicing rule.
When the server side splices the sub-keys, the server side does not need to bind related splicing rules for the sub-keys in advance, and the generation of the splicing rules is actually based on the splitting rules when the initial key is split, so that the splitting rules when the initial key is split by the server side are only needed to be read, the splicing rules between the N parts of sub-keys matched with the splitting rules can be obtained according to the splitting rules, and then the N parts of sub-keys can be spliced and restored to the initial key based on the splicing rules.
And splicing the sub-keys in the public block chain network to form a complete initial key, decrypting the ciphertext service data in the block chain network through the initial key, and then sending the plaintext service data obtained by decryption to the corresponding request terminal. Therefore, the key can be prevented from being transmitted for the second time by the request terminal and is privately revealed to a third party, and the safety in the data access process is ensured.
In another specific implementation manner of this embodiment of this application, when splitting the initial key into N shares of subkeys, the step 203 further includes: and recording the corresponding splitting rule. The step 207 comprises:
the server side calls a splitting rule applied when the initial key is split into N parts of sub keys;
analyzing the splitting rule to obtain a splicing rule among N parts of sub-keys matched with the splitting rule;
and sending the splicing rule and the ciphertext service data to the request end together, so that the request end splices the N received sub-keys into a complete initial key based on the splicing rule, and then decrypting the ciphertext service data through the initial key to obtain the plaintext service data.
The above steps correspond to an application scenario when the correlation party sends the stored sub-keys to the request terminal, in the application scenario, N correlation parties may send the respective stored sub-keys as feedback of the authorization request to the request terminal in a point-to-point manner, and after receiving the N sub-keys and the splicing rule sent by the service terminal, the request terminal may splice the N sub-keys into a complete initial key. And sending a reading request for plaintext service data to a blockchain network at a request end, receiving the total ciphertext service data which are fed back by the blockchain network and matched with the required plaintext service data, and then decrypting the ciphertext service data according to the spliced initial key so as to obtain the required plaintext service data. After possessing the complete initial key formed by splicing, when the request end expects to obtain the plaintext service data by sending a reading request to the block chain network, the ciphertext service data corresponding to the plaintext service data can be decrypted by the initial key, so that the request end finally obtains the required plaintext service data which is decrypted and recovered.
In other embodiments of the present application, after the initial key is split into N sub-keys in step 2031 or step 2032, a sub-split rule is bound in the sub-keys, and at this time, the server or the request receiving the sub-keys does not need to invoke the corresponding split rule. Therefore, in a specific implementation process, after receiving N parts of sub-keys sent by N associated parties, a server or a request detects whether the sub-keys carry sub-splicing rules, if not, the split rules are called, and if yes, the N parts of sub-keys are spliced into a complete initial key according to the sub-splicing rules.
The implementation of the steps realizes the subsection authorization of the common data with a plurality of authority owners, thereby ensuring the data privacy protection right of any party in all the authority owners and protecting the legal rights and interests of all the authority owners of the common data.
In the embodiment of the present application, an electronic device (for example, the server/terminal device shown in fig. 1) on which the data security authorization access method operates may receive a reading request sent by a user through a wired connection manner or a wireless connection manner. It should be noted that the wireless connection means may include, but is not limited to, a 3G/4G connection, a WiFi connection, a bluetooth connection, a WiMAX connection, a Zigbee connection, a uwb (ultra wideband) connection, and other wireless connection means now known or developed in the future.
According to the data security authorization access method, a plurality of associated parties of the service data can perform authority control on authorization decryption of the data on the block chain network, only authorized parties which are all authorized by all the associated parties as authorized parties can obtain decrypted plaintext data through a complete secret key, and if any one of the associated parties does not agree with authorization, a third party request end cannot obtain decryption authority of the ciphertext data, so that data privacy protection rights of any one of the associated parties are guaranteed.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the computer program is executed. The storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disk, a Read-Only Memory (ROM), or a Random Access Memory (RAM).
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
With further reference to fig. 3, fig. 3 shows a schematic structural diagram of an embodiment of the data security authorization access device described in the embodiment of the present application. As an implementation of the method shown in fig. 2, the present application provides an embodiment of a data security authorization access apparatus, where the embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 2, and the apparatus may be applied to various electronic devices.
As shown in fig. 3, the data security authorization access device according to this embodiment includes:
a data encryption module 301; the server side is used for receiving plaintext business data, encrypting the plaintext business data to generate ciphertext business data and an initial key based on the plaintext business data, and writing and storing the ciphertext business data.
An associator identification module 302; and the method is used for the server side to identify all the associated parties of the plaintext service data, and the number of the associated parties is marked as N.
A key splitting module 303; and the server divides the initial key into N parts of sub-keys based on the number of the associated parties, and deletes the initial key after respectively sending the N parts of sub-keys to the N associated parties in a one-to-one manner for storage.
A request receiving module 304; and the server receives a reading request of the request end to the plaintext service data.
A request response module 305, configured to analyze the read request by the server, and send an authorization request for a sub-key to N associated parties corresponding to the plaintext service data, where the authorization request carries a feedback identifier pointing to the server or the request, so as to indicate that the N associated parties send respective stored sub-keys to the server or the request in response to the authorization request for the sub-key;
the first decryption module 306 is configured to splice, if the feedback identifier points to the server, the server after receiving N parts of sub-keys sent by N associated parties, decrypt the ciphertext service data by using the spliced initial key to obtain the plaintext service data, and send the plaintext service data to the request end;
a second decryption module 307, configured to, if the feedback identifier points to the request end, the server end calls the ciphertext service data and sends the ciphertext service data to the request end, so that the request end decrypts the ciphertext service data by using the initial key formed by splicing the received N sub-keys, so as to obtain the plaintext service data.
In some embodiments of the present application, the key splitting module 303 is configured to split the initial key into N segments of sub-keys in an equal manner, set a number of each segment of sub-key, and bind respective sub-splicing rules for each segment of sub-key; and the sub-splicing rule indicates the numbers of other sub-keys spliced correspondingly at the two ends of the sub-key.
In other embodiments of the present application, the key splitting module 303 is configured to split the initial key into N parts of sub-keys in an irregular manner, where each part of sub-keys binds to its own sub-splicing rule; the sub-splicing rule comprises a splicing mode between each splicing position of the sub-key and the splicing positions of other corresponding sub-keys.
In some embodiments of the present application, the data security authorization access device further includes: and a table building module. The request response module 305 further includes a mapping obtaining sub-module. The table building module is used for setting indexing information corresponding to the plaintext business data for the ciphertext business data; and establishing a mapping table of the ciphertext business data and all the correlation parties corresponding to the plaintext business data. The mapping obtaining submodule is used for the server side to extract the indexing information in the reading request, and obtaining the ciphertext business data and the N associated parties corresponding to the reading request in the mapping table based on the indexing information.
Further, the data security authorization access device further includes: and an identity recognition module. The identity identification module is used for analyzing the identity of the request terminal and judging whether the request terminal belongs to N correlation parties based on the mapping table; and if the request end is confirmed to be one of the N association parties, the server end activates a preset forced authorization instruction and sends the preset forced authorization instruction to the other N-1 association parties, so that the other N-1 association parties respond to the forced authorization instruction and directly send the stored sub-secret key.
In a specific implementation manner of the embodiment of the present application, when the key splitting module 303 splits the initial key into N sub-keys, the key splitting module is further configured to record a corresponding splitting rule. The first decryption module 306 is configured to invoke, by the server, a splitting rule applied when the initial key is split into N parts of sub-keys; analyzing the splitting rule to obtain a splicing rule among N parts of sub-keys matched with the splitting rule; and splicing the N sub-keys into the complete initial key based on the splicing rule.
In a specific implementation manner of the embodiment of the present application, when the key splitting module 303 splits the initial key into N sub-keys, the key splitting module is further configured to record a corresponding splitting rule. The second decryption module 307 is configured to invoke, by the server, a splitting rule applied when the initial key is split into N parts of sub-keys; analyzing the splitting rule to obtain a splicing rule among N parts of sub-keys matched with the splitting rule; and sending the splicing rule and the ciphertext service data to the request end together, so that the request end splices the N received sub-keys into a complete initial key based on the splicing rule, and then decrypting the ciphertext service data through the initial key to obtain the plaintext service data.
The data security authorization access device provided by the embodiment of the application enables a plurality of associated parties of service data to perform authority control on authorization decryption of the data on a block chain network, only authorized parties which are all authorized by all the associated parties as authorization parties can acquire decrypted plaintext data through a complete secret key, and if any party in the associated parties does not agree with authorization, a third party request end cannot acquire decryption authority of the ciphertext data, so that the data privacy protection right of any party in the associated parties is guaranteed.
In order to solve the technical problem, an embodiment of the present application further provides a computer device. Referring to fig. 4, fig. 4 is a block diagram of a basic structure of a computer device according to the present embodiment.
The computer device 6 comprises a memory 61, a processor 62, a network interface 63 communicatively connected to each other via a system bus. It is noted that only a computer device 6 having components 61-63 is shown, but it is understood that not all of the shown components are required to be implemented, and that more or fewer components may be implemented instead. As will be understood by those skilled in the art, the computer device is a device capable of automatically performing numerical calculation and/or information processing according to a preset or stored instruction, and the hardware includes, but is not limited to, a microprocessor, an Application Specific Integrated Circuit (ASIC), a Programmable gate array (FPGA), a Digital Signal Processor (DSP), an embedded device, and the like.
The computer device can be a desktop computer, a notebook, a palm computer, a cloud server and other computing devices. The computer equipment can carry out man-machine interaction with a user through a keyboard, a mouse, a remote controller, a touch panel or voice control equipment and the like.
The memory 61 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, etc. In some embodiments, the memory 61 may be an internal storage unit of the computer device 6, such as a hard disk or a memory of the computer device 6. In other embodiments, the memory 61 may also be an external storage device of the computer device 6, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a flash Card (FlashCard), and the like, which are provided on the computer device 6. Of course, the memory 61 may also comprise both an internal storage unit of the computer device 6 and an external storage device thereof. In this embodiment, the memory 61 is generally used for storing an operating system installed in the computer device 6 and various application software, such as program codes of data security authorization access methods. Further, the memory 61 may also be used to temporarily store various types of data that have been output or are to be output.
The processor 62 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 62 is typically used to control the overall operation of the computer device 6. In this embodiment, the processor 62 is configured to execute the program code stored in the memory 61 or process data, for example, execute the program code of the data security authorization access method.
The network interface 63 may comprise a wireless network interface or a wired network interface, and the network interface 63 is typically used for establishing a communication connection between the computer device 6 and other electronic devices.
The present application further provides another embodiment, which is to provide a computer-readable storage medium storing a data security authorization access program, which is executable by at least one processor to cause the at least one processor to perform the steps of the data security authorization access method as described above.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present application.
In the above embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a logical division, and other divisions may be realized in practice, for example, a plurality of modules or components may be combined or integrated into another system, or some features may be omitted, or not executed.
The modules or components may or may not be physically separate, and the components shown as modules or components may or may not be physical modules, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules or components can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
The present application is not limited to the above-mentioned embodiments, the above-mentioned embodiments are preferred embodiments of the present application, and the present application is only used for illustrating the present application and not for limiting the scope of the present application, it should be noted that, for a person skilled in the art, it is still possible to make several improvements and modifications to the technical solutions described in the foregoing embodiments or to make equivalent substitutions for some technical features without departing from the principle of the present application. All equivalent structures made by using the contents of the specification and the drawings of the present application can be directly or indirectly applied to other related technical fields, and the same should be considered to be included in the protection scope of the present application.
It is to be understood that the above-described embodiments are merely illustrative of some, but not restrictive, of the broad invention, and that the appended drawings illustrate preferred embodiments of the invention and do not limit the scope of the invention. This application is capable of embodiments in many different forms and is provided for the purpose of enabling a thorough understanding of the disclosure of the application. Although the present application has been described in detail with reference to the foregoing embodiments, it will be apparent to one skilled in the art that the present application may be practiced without modification or with equivalents of some of the features described in the foregoing embodiments. All other embodiments that can be obtained by a person skilled in the art based on the embodiments in this application without any creative effort and all equivalent structures made by using the contents of the specification and the drawings of this application can be directly or indirectly applied to other related technical fields and are within the scope of protection of the present application.

Claims (10)

1. A method for securing authorized access to data, comprising:
the server receives plaintext service data, encrypts the plaintext service data to generate ciphertext service data and an initial key based on the plaintext service data, and writes and stores the ciphertext service data;
the server identifies all the associated parties of the plaintext service data, and the number of the associated parties is marked as N;
the server divides the initial key into N parts of sub-keys based on the number of the associated parties, and sends the N parts of sub-keys to the N associated parties respectively in a one-to-one mode for storage, and deletes the initial key;
the server receives a request for reading the plaintext service data from a request end;
the server analyzes the reading request and sends an authorization request for the sub-key to N associated parties corresponding to the plaintext service data, wherein the authorization request carries a feedback identifier pointing to the server or the request end to indicate the N associated parties to respond to the authorization request of the sub-key and send the sub-key stored in the authorization request to the server or the request end;
if the feedback identification points to the server side, the server side carries out splicing after receiving N parts of sub-keys sent by N associated parties, and decrypts the ciphertext service data by using the spliced initial key so as to obtain the plaintext service data and send the plaintext service data to the request side;
if the feedback identification points to the request end, the server end calls the ciphertext business data and sends the ciphertext business data to the request end, so that the request end decrypts the ciphertext business data by using the initial key formed by splicing the received N sub-keys, and the plaintext business data is obtained.
2. The method of claim 1, wherein the step of splitting the initial key into N shares of subkeys comprises:
splitting the initial key into N sections of sub-keys in an equal division mode, setting the number of each section of sub-key, and binding respective sub-splicing rules for each section of sub-key; and the sub-splicing rule indicates the numbers of other sub-keys spliced correspondingly at the two ends of the sub-key.
3. The method of claim 1, wherein the step of splitting the initial key into N shares of subkeys comprises:
splitting the initial key into N parts of sub-keys in an irregular mode, and binding respective sub-splicing rules for each part of sub-keys; the sub-splicing rule comprises a splicing mode between each splicing position of the sub-key and the splicing positions of other corresponding sub-keys.
4. The data security authorization access method according to claim 1, wherein after the step of receiving plaintext service data by the server, encrypting the plaintext service data to generate ciphertext service data and an initial key based on the plaintext service data, the method further comprises:
setting indexing information corresponding to the plaintext business data for the ciphertext business data;
establishing a mapping table of all correlation parties of the ciphertext business data and the corresponding plaintext business data;
the step of the server side analyzing the reading request comprises the following steps:
and the server side extracts the indexing information in the reading request and acquires the ciphertext business data and the N associated parties corresponding to the reading request in the mapping table based on the indexing information.
5. The data security authorization access method according to claim 4, wherein the step of the server side parsing the read request and sending an authorization request of a sub-key to N associated parties corresponding to the plaintext service data comprises:
the server analyzes the identity of the request terminal and judges whether the request terminal belongs to one of the N association parties based on the mapping table;
and if the request end is confirmed to be one of the N association parties, the server end activates a preset forced authorization instruction and sends the preset forced authorization instruction to the other N-1 association parties, so that the other N-1 association parties respond to the forced authorization instruction and directly send the stored sub-secret key.
6. The method according to claim 1, wherein when the initial key is split into N sub-keys, a corresponding splitting rule is recorded;
if the feedback identifier points to the server, the step of splicing after receiving the N parts of sub-keys sent by the N associated parties by the server includes:
the server side calls a splitting rule applied when the initial key is split into N parts of sub keys;
analyzing the splitting rule to obtain a splicing rule among N parts of sub-keys matched with the splitting rule;
and splicing the N sub-keys into the complete initial key based on the splicing rule.
7. The method according to claim 1, wherein when the initial key is split into N sub-keys, a corresponding splitting rule is recorded;
if the feedback identifier points to a request end, the server end calls the ciphertext service data to send to the request end, so that the request end decrypts the ciphertext service data by using the initial key formed by splicing the received N sub-keys, and the step of obtaining the plaintext service data comprises the following steps:
the server side calls a splitting rule applied when the initial key is split into N parts of sub keys;
analyzing the splitting rule to obtain a splicing rule among N parts of sub-keys matched with the splitting rule;
and sending the splicing rule and the ciphertext service data to the request end together, so that the request end splices the N received sub-keys into a complete initial key based on the splicing rule, and then decrypting the ciphertext service data through the initial key to obtain the plaintext service data.
8. A data security authorization access device, comprising:
the data encryption module is used for receiving plaintext service data by the server, encrypting the plaintext service data to generate ciphertext service data and an initial key based on the plaintext service data, and writing and storing the ciphertext service data;
the system comprises a correlation party identification module, a plaintext service data acquisition module and a plaintext service data processing module, wherein the correlation party identification module is used for identifying all correlation parties of the plaintext service data by a server, and the number of the correlation parties is marked as N;
the key splitting module is used for splitting the initial key into N parts of sub-keys based on the number of the associated parties by the server, respectively sending the N parts of sub-keys to the N associated parties in a one-to-one mode for storage, and then deleting the initial key;
a request receiving module, configured to receive, by a server, a request for reading the plaintext service data from a requesting end;
a request response module, configured to analyze the read request by the server, and send an authorization request for a sub-key to N associated parties corresponding to the plaintext service data, where the authorization request carries a feedback identifier pointing to the server or the request, so as to instruct the N associated parties to send respective stored sub-keys to the server or the request in response to the authorization request for the sub-key;
the first decryption module is used for splicing after receiving N parts of sub-keys sent by N associated parties if the feedback identifier points to the server, decrypting the ciphertext service data by using the spliced initial keys to obtain the plaintext service data and sending the plaintext service data to the request end;
and the second decryption module is used for calling the ciphertext business data and sending the ciphertext business data to the request end by the server end if the feedback identifier points to the request end, so that the request end decrypts the ciphertext business data by using the initial key formed by splicing the received N parts of sub-keys to obtain the plaintext business data.
9. A computer device comprising a memory in which a computer program is stored and a processor which, when executing the computer program, carries out the steps of the data security authorization access method according to any of claims 1-7.
10. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the data security authorization access method according to any of the claims 1-7.
CN201910843112.6A 2019-09-06 2019-09-06 Data security authorization access method, device, equipment and storage medium Pending CN110768790A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910843112.6A CN110768790A (en) 2019-09-06 2019-09-06 Data security authorization access method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910843112.6A CN110768790A (en) 2019-09-06 2019-09-06 Data security authorization access method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN110768790A true CN110768790A (en) 2020-02-07

Family

ID=69330774

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910843112.6A Pending CN110768790A (en) 2019-09-06 2019-09-06 Data security authorization access method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN110768790A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111368322A (en) * 2020-03-11 2020-07-03 中电科(天津)网络信息安全有限公司 File decryption method and device, electronic equipment and storage medium
CN112053058A (en) * 2020-09-02 2020-12-08 平安银行股份有限公司 Index model generation method and device
CN112883367A (en) * 2021-01-26 2021-06-01 北京高因科技有限公司 Trigger data secure transmission method and device
CN113570190A (en) * 2021-06-18 2021-10-29 中国科学院地理科学与资源研究所 Quick poverty information acquisition method, module and equipment based on multi-source data
CN114117460A (en) * 2020-09-01 2022-03-01 鸿富锦精密电子(天津)有限公司 Data protection method and device, electronic equipment and storage medium
CN114710274A (en) * 2022-03-28 2022-07-05 恒安嘉新(北京)科技股份公司 Data calling method and device, electronic equipment and storage medium
CN114978679A (en) * 2022-05-18 2022-08-30 深圳市乐凡信息科技有限公司 Tablet-based online examination method and related equipment
CN116155619A (en) * 2023-04-04 2023-05-23 江西农业大学 Data processing method, data request terminal, data possession terminal and data processing device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160028719A1 (en) * 2013-01-17 2016-01-28 Nippon Telegraph And Telephone Corporation Segmented secret-key storage system, segment storage apparatus, segmented secret-key storage method
CN106604070A (en) * 2016-11-24 2017-04-26 中国传媒大学 Distributed secret key management system and secret key management method for streaming media in cloud environment
CN108833096A (en) * 2018-06-26 2018-11-16 湖南格凡安信科技有限公司 A kind of data encryption dynamic key management system and method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160028719A1 (en) * 2013-01-17 2016-01-28 Nippon Telegraph And Telephone Corporation Segmented secret-key storage system, segment storage apparatus, segmented secret-key storage method
CN106604070A (en) * 2016-11-24 2017-04-26 中国传媒大学 Distributed secret key management system and secret key management method for streaming media in cloud environment
CN108833096A (en) * 2018-06-26 2018-11-16 湖南格凡安信科技有限公司 A kind of data encryption dynamic key management system and method

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111368322A (en) * 2020-03-11 2020-07-03 中电科(天津)网络信息安全有限公司 File decryption method and device, electronic equipment and storage medium
CN111368322B (en) * 2020-03-11 2022-04-12 中电科(天津)网络信息安全有限公司 File decryption method and device, electronic equipment and storage medium
CN114117460A (en) * 2020-09-01 2022-03-01 鸿富锦精密电子(天津)有限公司 Data protection method and device, electronic equipment and storage medium
CN112053058A (en) * 2020-09-02 2020-12-08 平安银行股份有限公司 Index model generation method and device
CN112883367A (en) * 2021-01-26 2021-06-01 北京高因科技有限公司 Trigger data secure transmission method and device
CN113570190A (en) * 2021-06-18 2021-10-29 中国科学院地理科学与资源研究所 Quick poverty information acquisition method, module and equipment based on multi-source data
CN113570190B (en) * 2021-06-18 2023-02-24 中国科学院地理科学与资源研究所 Quick poverty information acquisition method, module and equipment based on multi-source data
CN114710274A (en) * 2022-03-28 2022-07-05 恒安嘉新(北京)科技股份公司 Data calling method and device, electronic equipment and storage medium
CN114978679A (en) * 2022-05-18 2022-08-30 深圳市乐凡信息科技有限公司 Tablet-based online examination method and related equipment
CN114978679B (en) * 2022-05-18 2024-05-31 深圳市乐凡信息科技有限公司 Online examination method based on flat plate and related equipment
CN116155619A (en) * 2023-04-04 2023-05-23 江西农业大学 Data processing method, data request terminal, data possession terminal and data processing device

Similar Documents

Publication Publication Date Title
CN110768790A (en) Data security authorization access method, device, equipment and storage medium
CN113364760A (en) Data encryption processing method and device, computer equipment and storage medium
WO2021003980A1 (en) Blacklist sharing method and apparatus, computer device and storage medium
CN111464500B (en) Method, device, equipment and storage medium for sharing protocol data
US10187389B2 (en) Technologies for supporting multiple digital rights management protocols on a client device
US10250613B2 (en) Data access method based on cloud computing platform, and user terminal
CN110636043A (en) File authorization access method, device and system based on block chain
CN112287372B (en) Method and apparatus for protecting clipboard privacy
CN110611657A (en) File stream processing method, device and system based on block chain
CN111787530A (en) Block chain digital identity management method based on SIM card
CN110677382A (en) Data security processing method, device, computer system and storage medium
CN110708291B (en) Data authorization access method, device, medium and electronic equipment in distributed network
CN112039826A (en) Login method and device applied to applet terminal
US8639941B2 (en) Data security in mobile devices
US20110154436A1 (en) Provider Management Methods and Systems for a Portable Device Running Android Platform
CN115659378A (en) Case record information evidence storing method and related equipment
CN111431922A (en) Internet of things data encryption transmission method and system
CN113904832A (en) Data encryption method, device, equipment and storage medium
KR101680536B1 (en) Method for Service Security of Mobile Business Data for Enterprise and System thereof
EP3651034B1 (en) Systems and methods for watermarking audio of saas applications
CN109995534B (en) Method and device for carrying out security authentication on application program
CN110955909A (en) Personal data protection method and block link point
US11468178B1 (en) Embedded obfuscated channel cryptography
CN116264505A (en) Key management system and method, electronic device, and computer-readable storage medium
CN110619236A (en) File authorization access method, device and system based on file credential information

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20200207