Disclosure of Invention
This section provides a general summary of the disclosure, and is not a comprehensive disclosure of its full scope or all of its features.
The purpose of the present disclosure is to provide a security management system for data stored in an esim card, which includes: the device comprises a request module, a data segmentation module, a write-in module, an additional sequence generation module and a data recovery module;
the request module is used for receiving a user data downloading instruction, generating data downloading request information by combining an authentication parameter KI code of the esim card and sending the request information to a corresponding target server;
the data segmentation module is used for receiving a current required data file and a historical data file sent by a target server according to a current request data identifier, and dividing the current required data file into first data and second data according to each parameter identifier in the current required data file;
the writing module is used for respectively writing the first data sequence and the second data sequence into a data array where the currently required data file is located according to preset conditions;
the additional sequence generating module is used for intercepting data sequences with corresponding lengths from the acquired historical data file according to the length of the remaining positions in every other row in the data array in sequence, and then generating additional sequences by using the intercepted data sequences;
the writing module is further configured to write the additional sequences into the array according to the sequence and the remaining length in each row, corresponding to the remaining positions in each other row in the array, of each segment sequence in the additional sequences;
and the data recovery module is used for removing the additional sequence when reading the data and recovering the first data and the second data into a complete data file required by the user currently according to the previous storage mode.
Preferably, the request module is further specifically configured to generate a current data file download request according to the current request data identifier, synthesize the current data file download request and the recent historical data download request into a data download request, and then send the data download request to the target server according to the target server identifier.
Preferably, the current request data identifier includes a data file name or other one or more parameter combinations; the target server identification comprises a server IP address and a server name.
Preferably, the length of the first or second data sequence in each row in the array is equally distributed according to the size of the actual data file or the total length of each sequence, so as to ensure that the sequence length of each storage row is the same and the content proportion of each row is the same.
Preferably, the writing module writes the additional sequence of each segment in sequence according to the remaining positions in every other row in the array, and finally generates a complete data array including the first data sequence, the second data sequence, and the additional sequence.
The invention also provides a safety management method for the stored data in the esim card, which specifically comprises the following steps:
(1) receiving a user data downloading instruction, generating data downloading request information by combining an authentication parameter KI code of the esim card, and then sending the request information to a corresponding target server;
(2) receiving a current required data file sent by a target server according to a current request data identifier, receiving a historical data file sent by the target server, and dividing the current required data file into first data and second data according to each parameter identifier in the current required data file;
(3) respectively writing the first data sequence and the second data sequence into a data array where a currently required data file is located according to preset conditions;
(4) intercepting data sequences with corresponding lengths from the acquired historical data file according to the length of the rest positions in every other row in the data array in sequence, and then generating additional sequences by utilizing the intercepted data sequences;
(5) writing each segmented sequence in the additional sequence into the array according to the sequence and the remaining length in each row corresponding to the remaining positions in each other row in the array;
(6) when the data is read, the additional sequence is removed, and the first data and the second data are restored into a complete data file currently required by the user according to the previous storage mode.
Has the advantages that: for important data, when it is not known which sequences are additional sequences or the combination rule of the first data, the complete first data cannot be obtained after being stolen, and the data content is protected. Moreover, the data safety is improved, meanwhile, the data recovery has certain basis, and the data reading and recovery speed is ensured.
Further areas of applicability will become apparent from the description provided herein. The description and specific examples in this summary are intended for purposes of illustration only and are not intended to limit the scope of the present disclosure.
Detailed Description
Examples of the present disclosure will now be described more fully with reference to the accompanying drawings. The following description is merely exemplary in nature and is not intended to limit the present disclosure, application, or uses.
Example embodiments are provided so that this disclosure will be thorough, and will fully convey the scope to those skilled in the art. Numerous specific details are set forth such as examples of specific components, devices, and methods to provide a thorough understanding of embodiments of the present disclosure. It will be apparent to those skilled in the art that specific details need not be employed, that example embodiments may be embodied in many different forms and that neither should be construed to limit the scope of the disclosure. In certain example embodiments, well-known processes, well-known structures, and well-known technologies are not described in detail.
The technical problems posed by the present disclosure will be explained in detail below. It is to be noted that this technical problem is merely exemplary and is not intended to limit the application of the present invention.
As shown in FIG. 1, the invention provides a security management system for data stored in an esim card, which comprises: the device comprises a request module, a data segmentation module, a writing module, an additional sequence generation module and a data recovery module.
Wherein the content of the first and second substances,
and the request module is used for receiving a user data downloading instruction, generating data downloading request information by combining the authentication parameter KI code of the esim card and sending the request information to the corresponding target server.
The data downloading instruction comprises a current request data identifier, a user account, a target server identifier and the like;
the request module is specifically used for generating a recent historical data downloading request according to a user account and an esim card authentication parameter KI code, namely acquiring a part of data file downloaded last time from the target server aiming at the user, or acquiring the part of data file downloaded last time from the target server aiming at the esim card. The partial data file size is equal to or smaller than the data file size of the current request.
And if the request module can not acquire the last downloaded data aiming at the user or the esim card, requesting the target server to generate a part of data file according to the name or the size of the currently requested data file. The partial data file serves as a history data file.
The request module is further specifically configured to generate a current data file download request according to the current request data identifier, combine the current data file download request and the recent historical data download request into a data download request, and then send the data download request to the target server according to the target server identifier.
The current request data identification comprises a data file name or other one or more parameters, such as file size, format, and the like.
The target server identification comprises a server IP address, a server name and the like.
The data segmentation module is used for receiving a current required data file sent by a target server according to a current request data identifier, receiving a historical data file sent by the target server, and dividing the current required data file into first data and second data according to each parameter identifier in the current required data file.
The first data is important data, namely data content which is encrypted or related to privacy or marked as important in a data file currently required by a user; the second data is common data, that is, data content related to identification parameters such as file time, format, name, size and the like or marked as being publicable in the data file currently required by the user.
The data segmentation module is specifically configured to receive a currently required data file, and extract a plurality of parameter identifiers therein, such as encryption information, tag information, or a file format. And then, the data segmentation module segments the currently required data file into a first data sequence and a second data sequence according to the parameter identification. The first and second data sequences constitute a completed data file currently required by the user.
And the writing module is used for respectively writing the first data sequence and the second data sequence into the data array where the currently required data file is located according to preset conditions.
The writing module is specifically configured to divide the first data sequence and the second data sequence into a plurality of identical rows according to the length, and then perform a writing process, where the process satisfies two conditions: writing part of the first data sequence in each row and all the second data sequences in each row into the same row in every other row, so that every other row of the array comprises the first data and the second data; secondly, the remaining part of the first data sequence of the row is written into the next row comprising the first data and the second data row at intervals of the same size and ensuring that the row has a remaining position compared to the previous row.
The length of the first or second data sequence of each row in the array is evenly distributed according to the size of an actual data file or the total length of each sequence, so that the length of each storage row sequence is the same, and the content proportion of each row is the same.
For example: the total length of the first data sequence is 2000, which is divided into 10 rows, 200 each; the second data sequence has a total length of 700 and is divided into 10 rows, each row 70. If the first data of length 140 is written every other row, while the second data of length 70 is written, the total length of the row is 210, the remaining data of length 60 of the first data sequence is written in the next row, which needs to be the same length as the previous row, 150 remains. I.e. 10 lines of first data and second data lines in total, and 10 lines of first data and remaining position lines in total.
The additional sequence generating module is used for intercepting data sequences with corresponding lengths from the acquired historical data file according to the length of the remaining positions in every other row in the data array in sequence, and then the additional sequence generating module generates additional sequences by using a plurality of intercepted data sequences.
The additional sequence generation module is specifically configured to extract a historical data file sequence, and because the lengths of the remaining positions of every other row are the same, each segment sequence with the same length is sequentially read from the file sequence according to an interlaced sequence, and the number of the segment sequences is acquired at the same time. And then, the additional sequence generation module forms a complete additional sequence by the sequence of each segment sequence and the information of the number of the segments according to the acquisition sequence of each segment, and deletes the file sequence of the historical data.
For example: as described in the above example, the appended sequence generation module extracts a data sequence from the historical data file sequence according to the length of 150 every other line with the remaining length of 150. And aiming at the 10 rows of residual positions, the additional sequence generation module sequentially extracts 10 data sequences with the length of 150 bits and combines the 10 data sequences with the parameter 10 to generate a complete additional sequence with the length of 150+1 bits.
The writing module is further configured to write the additional sequence into the array according to the sequence and the remaining length in each row, corresponding to the remaining positions in each other row in the array.
That is, the writing module sequentially writes the additional sequence of each segment according to the remaining positions in every other row in the array, and finally generates a complete data array including the first data sequence, the second data sequence and the additional sequence.
And the data recovery module is used for removing the additional sequence when reading the data and recovering the first data and the second data into a complete data file required by the user currently according to the previous storage mode.
Because the currently required data file is located in the storage array, the row header position of each of the first data sequence and the second data sequence is located in every other row of data rows, and the second data sequence is also stored in the array at intervals. Thus, the data recovery module can read the complete first and second data sequences according to the rules and headers.
The method specifically comprises the following steps: firstly, the data recovery module extracts the additional sequence and the number information of the segments, positions the position of the additional sequence in the first row of the array according to the content of the initial part sequence of the additional sequence, and deletes the segment content of the additional sequence in the row according to the position.
Subsequently, the data recovery module deletes all the additional sequence segments of the segment number at the same position every other row, so that the remaining array includes only the contents of the first data sequence and the second data sequence.
Then, the data recovery module reads the first data sequence from the first row of the array, switches to the next row starting position to continue reading the first data sequence when the position of the second data sequence row header in the row is reached, continues to switch to the next row when the position of the row header in the row is reached, and so on, namely, each row reads the position of the second data sequence row header or the position of the blank, switches to the next row to read until the reading of the last row of the first data sequence is finished. Thus, the data recovery module reads in the order of each line to obtain the complete first data sequence.
Again, the data recovery module starts reading from the second data sequence row header of each row until the end of the row and switches to the next row of the interval, also starting reading from the second data sequence row header, and so on until the end of the last row of the second data sequence reading. Thus, the data recovery module reads in the order of every other row to obtain the complete second data sequence.
And finally, the data recovery module combines the complete first data sequence and the complete second data sequence into a complete data file required by the user according to each parameter identifier in the current required data file.
In another case, if the stored data array is illegally stolen, the actual required data file cannot be restored because the storage rule and the additional sequence cannot be obtained. Reading is usually performed in a line-by-line sequential manner, a data file containing useless information such as an additional sequence is obtained, and important information cannot be acquired for uncertainty of positions of segments of the important data, so that the safety of the important data is protected.
As shown in fig. 2, the present invention provides a security management method for stored data in an esim card, which specifically includes:
1. and receiving a user data downloading instruction, generating data downloading request information by combining the authentication parameter KI code of the esim card, and then sending the request information to a corresponding target server.
The data downloading instruction comprises a current request data identifier, a user account, a target server identifier and the like;
and generating a recent historical data downloading request according to the user account and the authentication parameter KI code of the esim card, namely acquiring a part of data file downloaded last time from the target server aiming at the user, or acquiring the part of data file downloaded last time from the target server aiming at the esim card, wherein the size of the part of data file is equal to or smaller than that of the data file requested currently. And if the last downloaded data aiming at the user or the esim card cannot be acquired, requesting the target server to generate a partial data file according to the name or the size of the currently requested data file. The partial data file serves as a history data file.
And generating a current data file downloading request according to the current request data identifier, synthesizing the current data file downloading request and the latest historical data downloading request into a data downloading request, and then sending the data downloading request to a target server according to the target server identifier.
The current request data identification comprises a data file name or other one or more parameters, such as file size, format, and the like.
The target server identification comprises a server IP address, a server name and the like.
2. And receiving a current required data file and a historical data file sent by a target server according to the current request data identifier, and dividing the current required data file into first data and second data according to each parameter identifier in the current required data file.
The first data is important data, namely data content which is encrypted or related to privacy or marked as important in a data file currently required by a user;
the second data is common data, that is, data content related to identification parameters such as file time, format, name, size and the like or marked as being publicable in the data file currently required by the user.
After receiving the current required data file, extracting a plurality of parameter identifications, such as encryption information, marking information or file format, and dividing the current required data file into a first data sequence and a second data sequence according to the parameter identifications. The first and second data sequences constitute a completed data file currently required by the user.
3. And respectively writing the first data sequence and the second data sequence into the data array where the current required data file is located according to preset conditions.
The method specifically comprises the following steps: first, the first data sequence and the second data sequence are equally divided into a plurality of same rows according to the length, and then, a writing process is performed, wherein the process meets two conditions: writing a part of the first data sequence of each row and all second data sequences of each row into the same row in every other row, so that every other row of the array comprises the first data and the second data; secondly, the remaining part of the first data sequence of the row is written into the next row comprising the first data and the second data row at intervals of the same size and ensuring that the row has a remaining position compared to the previous row.
The length of the first or second data sequence of each row in the array is evenly distributed according to the size of an actual data file or the total length of each sequence, so that the length of each storage row sequence is the same, and the content proportion of each row is the same.
For example: the total length of the first data sequence is 2000, which is divided into 10 rows, 200 each; the second data sequence has a total length of 700 and is divided into 10 rows, each row 70. If the first data of length 140 is written every other row, while the second data of length 70 is written, the total length of the row is 210, the remaining data of length 60 of the first data sequence is written in the next row, which needs to be the same length as the previous row, 150 remains. I.e. 10 lines of first data and second data lines in total, and 10 lines of first data and remaining position lines in total.
4. And intercepting data sequences with corresponding lengths from the acquired historical data file according to the length of the rest positions in every other row in the data array in sequence, and generating an additional sequence by utilizing the intercepted data sequences.
And extracting a historical data file sequence, and sequentially reading each segmented sequence with the same length from the file sequence according to an interlaced sequence because the lengths of the rest positions of every other line are the same, and simultaneously acquiring the number of the segmented sequences. And then, according to the acquisition sequence of each segment, forming a complete additional sequence by the sequence of each segment and the number information of the segments, and deleting the historical data file sequence.
For example: as in the example above, every other row is left of length 150, then the data sequence is extracted from the sequence of history data files at a length of 150. And sequentially extracting 10 data sequences with the length of 150 bits from the 10 rows of residual positions, and combining the 10 data sequences with the parameters 10 to generate a complete additional sequence with the length of 150+1 bits.
5. And writing the segmentation sequences in the additional sequence into the array according to the sequence and the residual length in each row corresponding to the residual positions in each other row in the array.
That is, the additional sequence of each segment is written in sequence according to the remaining positions in every other row in the array, and finally, a complete data array including the first data sequence, the second data sequence and the additional sequence is generated.
6. When the data is read, the additional sequence is removed, and the first data and the second data are restored into a complete data file currently required by the user according to the previous storage mode.
In the storage array where the currently required data file is located, the row header position of each of the first data sequence and the second data sequence is in the data row of every other row, and the second data sequence is also stored in the array at intervals. The complete first and second data sequences can be read according to the rules and headers described above.
The method specifically comprises the following steps: firstly, extracting the additional sequence and the segmentation number information, positioning the position of the additional sequence in the first row of the array according to the initial part sequence content of the additional sequence, and deleting the segmentation content of the additional sequence in the row according to the position.
Subsequently, every other row is deleted in the same position of all the segment-number additional sequence segments, so that the remaining array comprises only the contents of the first and second data sequences.
Then, the first data sequence is read from the first row of the array, when the position of the head of the second data sequence row in the row is reached, the first data sequence is switched to the next row starting position to continue reading the first data sequence, when the position of the blank position of the row is reached, the next row is switched to, and so on, namely, each row reads the head position or the blank position of the second data sequence row, the next row is switched to read, and the reading of the first data sequence in the last row is finished. Thus, reading in the order of each line, the complete first data sequence is obtained.
Again, the reading starts from the second data sequence row header for each row until the end of the row and switches to the next row of the interval, again starting from the second data sequence row header and so on until the end of the last row of the second data sequence reading. This results in a complete second data sequence, read in the order of every other row.
And finally, combining the complete first data sequence and the complete second data sequence into a complete data file required by the user according to each parameter identifier in the current required data file.
In another case, if the stored data array is illegally stolen, the actual required data file cannot be restored because the storage rule and the additional sequence cannot be obtained. Reading is usually performed in a line-by-line sequential manner, a data file containing useless information such as an additional sequence is obtained, and important information cannot be acquired for uncertainty of positions of segments of the important data, so that the safety of the important data is protected.
The preferred embodiments of the present disclosure are described above with reference to the drawings, but the present disclosure is of course not limited to the above examples. Various changes and modifications within the scope of the appended claims may be made by those skilled in the art, and it should be understood that these changes and modifications naturally will fall within the technical scope of the present disclosure.
For example, a plurality of functions included in one unit may be implemented by separate devices in the above embodiments. Alternatively, a plurality of functions implemented by a plurality of units in the above embodiments may be implemented by separate devices, respectively. In addition, one of the above functions may be implemented by a plurality of units. Needless to say, such a configuration is included in the technical scope of the present disclosure.
In this specification, the steps described in the flowcharts include not only the processing performed in time series in the described order but also the processing performed in parallel or individually without necessarily being performed in time series. Further, even in the steps processed in time series, needless to say, the order can be changed as appropriate.
Although the embodiments of the present disclosure have been described in detail with reference to the accompanying drawings, it should be understood that the above-described embodiments are merely illustrative of the present disclosure and do not constitute a limitation of the present disclosure. It will be apparent to those skilled in the art that various modifications and variations can be made in the above-described embodiments without departing from the spirit and scope of the disclosure. Accordingly, the scope of the disclosure is to be defined only by the claims appended hereto, and by their equivalents.