CN110933042B - Data security messenger method and system suitable for alliance chain - Google Patents
Data security messenger method and system suitable for alliance chain Download PDFInfo
- Publication number
- CN110933042B CN110933042B CN201911078759.0A CN201911078759A CN110933042B CN 110933042 B CN110933042 B CN 110933042B CN 201911078759 A CN201911078759 A CN 201911078759A CN 110933042 B CN110933042 B CN 110933042B
- Authority
- CN
- China
- Prior art keywords
- data
- data security
- envelope
- security envelope
- program body
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Abstract
The invention discloses a data security messenger method and a system suitable for a alliance chain.A data generating terminal configures a data security envelope according to a security strategy, encapsulates a data security envelope program body and a shadow daemon process into an encrypted shell, and loads the encrypted data body and the encrypted shell to the data security envelope; the data generation end uploads the data security envelope to a block chain network; the data using end obtains a data security envelope from the block chain network; the data using end acquires the data security envelope, activates the data security envelope, establishes a completely controlled virtual logic disk by the data security envelope program body, loads the data body after the encrypted data body is recombined and decrypted into the virtual logic disk, controls the using authority of the data body by the authority configured to the user in the data security envelope program body, and monitors and guards the data security envelope program body by a shadow daemon process; the invention can realize safe and controllable data circulation and legal compliance use.
Description
Technical Field
The invention relates to the technical field of block chain application, in particular to a data security messenger method and a data security messenger system suitable for a alliance chain.
Background
Blockchains (Blockchain) are distributed database systems based on cryptography. The concept of blockchain originally originated from a title published in 11 months of 2008, bitcoin: a peer-to-peer electronic cash system, in which a blockchain technique is proposed as a basis for constructing a bitcoin data structure and encrypting and transmitting transaction information, the bitcoin is also the first application of the blockchain technique. Generally, the block chain is a distributed shared account book system with a time sequence characteristic and composed of data blocks through a chain structure, and has the characteristics of universal centralization, openness, anonymity, information non-falsification and the like.
Blockchains can be divided into public, federation, and private chains. The block chain is only limited to join of the alliance members, and the read-write authority and the participation accounting authority on the block chain are formulated according to alliance rules. The whole network is maintained by member organization, the network access is generally accessed by gateway node of member organization, and the consensus process is controlled by the node selected in advance.
Data in the federation chain is not disclosed by default, and the data is limited to the enterprises in the federation and users thereof to have access rights. The requirement of the alliance chain on data privacy protection and data security control is high.
A data security transmission method and device based on a block chain have a certain protection effect on data security transmission. Generally, a data provider and a data user realize data encryption transmission and decryption by presetting a public key and a private key, so that the safety of data transmission is effectively protected.
The prior art realizes certain safety protection function for the processed data. However, the data provider cannot control the behavior of data circulation after the data provider decrypts the data, and an effective leakage prevention means is lacked.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the data security messenger method and the system suitable for the alliance chain are provided, and the safe and controllable circulation and legal compliance use of data are realized.
In order to solve the technical problems, the invention adopts the technical scheme that:
a data security messenger method applicable to a federation chain, comprising the steps of:
s1, configuring a data security envelope by the data generation end according to a security policy, packaging a data security envelope program body and a shadow daemon process into an encryption shell, and loading the encryption data body and the encryption shell to the data security envelope;
s2, the data generation end uploads the data safety envelope to a block chain network;
s3, the data use end obtains the data security envelope through the transaction on the blockchain network;
s4, the data using end acquires the data security envelope, activates the data security envelope, establishes a completely controlled virtual logic disk by the data security envelope program body, loads the data body decrypted by the encrypted data recombination into the virtual logic disk, controls the use authority of the data body by the authority configured to the user in the data security envelope program body, and monitors and guards the data security envelope program body by the shadow daemon process.
In order to solve the technical problem, the invention adopts another technical scheme as follows:
a data security messenger system suitable for alliance chain, including data generation end and data consumer, the data generation end includes first memory, first processor and first computer program that is stored on first memory and can be operated on first processor, the data consumer includes second memory, second processor and second computer program that is stored on second memory and can be operated on second processor, the first processor realizes the following step when executing the first computer program:
s1, configuring a data security envelope according to a security policy, packaging a data security envelope program body and a shadow daemon process into an encryption shell, and loading the encryption data body and the encryption shell to the data security envelope;
s2, uploading the data security envelope to a block chain network;
the second processor, when executing the second computer program, implements the steps of:
s3, obtaining the data security envelope from the block chain network;
s4, acquiring the data security envelope, activating the data security envelope, establishing a completely controlled virtual logic disk by the data security envelope program body, loading the data body decrypted by the encrypted data recombination into the virtual logic disk, controlling the use authority of the data body by the authority configured to a user in the data security envelope program body, and supervising and protecting the data security envelope program body by the shadow daemon.
The invention has the beneficial effects that: a data security messenger method and system suitable for alliance chain, set up a totally controlled virtual logic disk by the envelope program body of the data security, load the data body after encrypting the data body and regrouping the decipher into the virtual logic disk and the use authority of the data body is controlled by the authority configured to users in the envelope program body of the data security, supervise and defend the envelope program body of the data security by the shadow daemon, because all operations on the virtual logic disk of the users of the data are totally controlled, thus has realized the safe and controllable circulation and legal compliance use of the data.
Drawings
FIG. 1 is a flow chart illustrating a data security messenger method for a federation chain according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of a data security envelope according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of information interaction of a data security envelope according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a data security messenger system suitable for a federation chain according to an embodiment of the present invention.
Description of reference numerals:
1. a data security messenger system adapted for use in a federation chain; 2. a data generation end; 3. a first processor; 4. a first memory; 5. a data using end; 6. a second processor; 7. a second memory.
Detailed Description
In order to explain technical contents, achieved objects, and effects of the present invention in detail, the following description is made with reference to the accompanying drawings in combination with the embodiments.
Referring to fig. 1 to 3, a data security messenger method for a federation chain includes the steps of:
s1, configuring a data security envelope by the data generation end according to a security policy, packaging a data security envelope program body and a shadow daemon process into an encryption shell, and loading the encryption data body and the encryption shell to the data security envelope;
s2, the data generation end uploads the data safety envelope to a block chain network;
s3, the data use end obtains the data security envelope through the transaction on the blockchain network;
s4, the data using end acquires the data security envelope, activates the data security envelope, establishes a completely controlled virtual logic disk by the data security envelope program body, loads the data body decrypted by the encrypted data recombination into the virtual logic disk, controls the use authority of the data body by the authority configured to the user in the data security envelope program body, and monitors and guards the data security envelope program body by the shadow daemon process.
From the above description, the beneficial effects of the present invention are: the method comprises the steps of establishing a completely controlled virtual logic disk by a data security envelope program body, loading the data body after the encrypted data body is recombined and decrypted into the virtual logic disk, controlling the use authority of the data body by the authority configured to a user in the data security envelope program body, and supervising and protecting the data security envelope program body by a shadow daemon process.
Further, the step S4 further includes:
and the data security envelope program body records the opening time and the operation record, and uploads the opening time and the operation record to a block chain network as a diary file.
From the above description, the log auditing system of the data security envelope is based on the blockchain technology, each operation record of a user on each data security envelope is subjected to real-time chaining verification, the blockchain technology effectively ensures forgery prevention and falsification prevention of log files, and a supervisor can also perform verification, verification and traceability on the log files so as to realize the full-process chaining verification record for data transfer.
Further, the step S1 further includes:
the method comprises the steps of obtaining an envelope packaging suite, carrying out desensitization processing on a data body by the envelope packaging suite to obtain desensitization data, extracting a message abstract from the desensitization data through a Hash algorithm, carrying out digital signature on the message abstract to obtain a data label, adding a watermark to the data label, randomly selecting an encryption algorithm provided by the envelope packaging suite, carrying out encryption processing on the data body added with the watermark by using a public key, and packaging the data body, the data label, the watermark and the encrypted data body sequentially from inside to outside.
From the above description, the data body of the present invention is protected by multiple protection to ensure the security performance of the data body.
Further, the "security policy" in the step S1 includes the computer software and hardware environment and the security public key;
in step S4, the step of "the data using end obtains the data security envelope and activates the data security envelope" specifically includes:
the data security envelope is obtained by a data using end, the data security envelope is opened by using a security private key, the data security envelope is planned, whether the software and hardware environment of the current computer meets the software and hardware environment of the computer set in a security policy or not is automatically detected by the data security envelope program body, if the data security envelope program body is detected to be in a non-security environment or a non-authorized environment, alarm information is sent to the block chain network by the data security envelope program body so as to receive a control instruction returned by the block chain network, and if response information returned by the block chain network is not received within a preset time, all data in the data security envelope are automatically destroyed by the data security envelope program body;
in the step S4, the "supervising and guarding the data security envelope program body by the shadow daemon" specifically includes:
the shadow daemon monitors whether the data security envelope program body is subjected to malicious attack behaviors of injection, hijacking or tampering, and if the data security envelope program body is monitored to be subjected to the malicious attack behaviors, the data security envelope program body automatically destroys all data in the data security envelope;
the data security envelope program body judges whether illegal operation is carried out currently or not, if yes, the data security envelope program body automatically destroys all data in the data security envelope, and the illegal operation comprises the fact that the current opening times exceed the preset opening times set in the security policy and the current password error times exceed the preset password error times set in the security policy.
As can be seen from the above description, the data user needs to activate and open the data security envelope on a compliant host according to the specified configuration and the security key, and use the data security envelope according to the usage right set by the data provider, thereby ensuring the controllability of the data provider on the data body; meanwhile, a safety threshold value is set, so that the data can be automatically destroyed when illegal operation or malicious attack is received, violent forcible dismantling is effectively prevented, and the leakage of the data body is avoided, so that the safety of the data body is ensured.
Further, the step S4 is followed by:
and after the data using end exits the data security envelope, the data body is restored into an encrypted data body by the data security envelope program body.
From the above description, it can be known that after the data user finishes using the data, and the data body is recovered to the encrypted data body after exiting the data security envelope, so that other users without authority cannot identify the data content.
Referring to fig. 2 to 4, a data security messenger system suitable for a alliance chain includes a data generating end and a data using end, the data generating end includes a first memory, a first processor and a first computer program stored on the first memory and operable on the first processor, the data using end includes a second memory, a second processor and a second computer program stored on the second memory and operable on the second processor, and the first processor implements the following steps when executing the first computer program:
s1, configuring a data security envelope according to a security policy, packaging a data security envelope program body and a shadow daemon process into an encryption shell, and loading the encryption data body and the encryption shell to the data security envelope;
s2, uploading the data security envelope to a block chain network;
the second processor, when executing the second computer program, implements the steps of:
s3, obtaining the data security envelope from the block chain network;
s4, acquiring the data security envelope, activating the data security envelope, establishing a completely controlled virtual logic disk by the data security envelope program body, loading the data body decrypted by the encrypted data recombination into the virtual logic disk, controlling the use authority of the data body by the authority configured to a user in the data security envelope program body, and supervising and protecting the data security envelope program body by the shadow daemon.
From the above description, the beneficial effects of the present invention are: the method comprises the steps of establishing a completely controlled virtual logic disk by a data security envelope program body, loading the data body after the encrypted data body is recombined and decrypted into the virtual logic disk, controlling the use authority of the data body by the authority configured to a user in the data security envelope program body, and supervising and protecting the data security envelope program body by a shadow daemon process.
Further, the first processor when executing the step S4 in the first computer program further realizes the following steps:
and the data security envelope program body records the opening time and the operation record, and uploads the opening time and the operation record to a block chain network as a diary file.
From the above description, the log auditing system of the data security envelope is based on the blockchain technology, each operation record of a user on each data security envelope is subjected to real-time chaining verification, the blockchain technology effectively ensures forgery prevention and falsification prevention of log files, and a supervisor can also perform verification, verification and traceability on the log files so as to realize the full-process chaining verification record for data transfer.
Further, the first processor when executing the step S1 in the first computer program further realizes the following steps:
the method comprises the steps of obtaining an envelope packaging suite, carrying out desensitization processing on a data body by the envelope packaging suite to obtain desensitization data, extracting a message abstract from the desensitization data through a Hash algorithm, carrying out digital signature on the message abstract to obtain a data label, adding a watermark to the data label, randomly selecting an encryption algorithm provided by the envelope packaging suite, carrying out encryption processing on the data body added with the watermark by using a public key, and packaging the data body, the data label, the watermark and the encrypted data body sequentially from inside to outside.
From the above description, the data body of the present invention is protected by multiple protection to ensure the security performance of the data body.
Further, the "security policy" in the step S1 includes the computer software and hardware environment and the security public key;
the second processor, when executing the "acquiring the data security envelope and activating the data security envelope" in the step S4 in the second computer program, specifically implements the following steps:
the data security envelope is obtained, a security private key is used for opening the data security envelope, the data security envelope is planned, the data security envelope program body automatically detects whether the software and hardware environment of the current computer meets the computer software and hardware environment set in a security strategy or not, if the data security envelope program body detects that the data security envelope program body is in a non-security environment or a non-authorized environment, the data security envelope program body sends alarm information to the block chain network to receive a control instruction returned by the block chain network, and if the data security envelope program body does not receive response information returned by the block chain network within preset time, the data security envelope program body automatically destroys all data in the data security envelope;
the second processor, when executing the "supervising daemon by the shadow daemon on the data security envelope program body" in the step S4 in the second computer program, specifically implements the following steps:
the shadow daemon monitors whether the data security envelope program body is subjected to malicious attack behaviors of injection, hijacking or tampering, and if the data security envelope program body is monitored to be subjected to the malicious attack behaviors, the data security envelope program body automatically destroys all data in the data security envelope;
the data security envelope program body judges whether illegal operation is carried out currently or not, if yes, the data security envelope program body automatically destroys all data in the data security envelope, and the illegal operation comprises the fact that the current opening times exceed the preset opening times set in the security policy and the current password error times exceed the preset password error times set in the security policy.
As can be seen from the above description, the data user needs to activate and open the data security envelope on a compliant host according to the specified configuration and the security key, and use the data security envelope according to the usage right set by the data provider, thereby ensuring the controllability of the data provider on the data body; meanwhile, a safety threshold value is set, so that the data can be automatically destroyed when illegal operation or malicious attack is received, violent forcible dismantling is effectively prevented, and the leakage of the data body is avoided, so that the safety of the data body is ensured.
Further, the following steps are also implemented after the first processor executes the step S4 in the first computer program:
and after the data using end exits the data security envelope, the data body is restored into an encrypted data body by the data security envelope program body.
From the above description, it can be known that after the data user finishes using the data, and the data body is recovered to the encrypted data body after exiting the data security envelope, so that other users without authority cannot identify the data content.
Referring to fig. 1 to fig. 3, a first embodiment of the present invention is:
a data security messenger method applicable to a federation chain, comprising the steps of:
s1, configuring a data security envelope by the data generation end according to a security policy, packaging a data security envelope program body and a shadow daemon process into an encryption shell, and loading the encryption data body and the encryption shell to the data security envelope, wherein in the embodiment, the security policy comprises a computer software and hardware environment and a security public key;
as shown in fig. 2, step S1 further includes:
the method comprises the steps of obtaining an envelope packaging suite, carrying out desensitization processing on a data body by the envelope packaging suite to obtain desensitization data, extracting a message abstract from the desensitization data through a Hash algorithm, carrying out digital signature on the message abstract to obtain a data label, adding a watermark to the data label, randomly selecting an encryption algorithm provided by the envelope packaging suite, carrying out encryption processing on the data body added with the watermark by using a public key, and packaging the data body, the data label, the watermark and the encrypted data body from inside to outside in sequence.
S2, the data generation end uploads the data security envelope to the block chain network;
s3, the data use end obtains the data safety envelope through the transaction on the block chain network;
s4, the data using end obtains the data safety envelope, activates the data safety envelope, establishes a completely controlled virtual logic disk by the data safety envelope program body, loads the data body after the encrypted data body is recombined and decrypted into the virtual logic disk, controls the use authority of the data body by the authority configured to the user in the data safety envelope program body, and supervises and guards the data safety envelope program body by a shadow daemon process, wherein the use authority comprises checking, copying, editing and the like.
As shown in fig. 3, step S4 further includes:
and the data security envelope program body records the opening time and the operation record, and uploads the opening time and the operation record as a diary file to the block chain network.
In this embodiment, in step S4, the "the data using end obtains the data security envelope and activates the data security envelope" specifically includes:
the data security envelope is obtained by a data using end, the data security envelope is opened by using a security private key, the data security envelope is planned, whether the software and hardware environment of the current computer meets the software and hardware environment of the computer set in a security strategy or not is automatically detected by a data security envelope program body, if the data security envelope program body is detected to be in a non-security environment or a non-authorized environment, alarm information is sent to the block chain network by the data security envelope program body so as to receive a control instruction returned by the block chain network, and if response information returned by the block chain network is not received within preset time, all data in the data security envelope is automatically destroyed by the data security envelope program body;
in step S4, "the shadow daemon supervises the data security envelope program body" specifically includes:
the shadow daemon monitors whether the data security envelope program body is subjected to malicious attack behaviors of injection, hijacking or tampering, and if the data security envelope program body is monitored to be subjected to the malicious attack behaviors, the data security envelope program body automatically destroys all data in the data security envelope;
and the data security envelope program body judges whether illegal operation is carried out currently or not, if so, the data security envelope program body automatically destroys all data in the data security envelope, and the illegal operation comprises that the current opening times exceed the preset opening times set in the security policy and the current password error times exceed the preset password error times set in the security policy.
In this embodiment, step S4 is followed by:
and after the data using end exits the data security envelope, the data body is restored into the encrypted data body by the data security envelope.
As shown in fig. 3, executing the data security envelope program body, i.e. generating a data envelope process, also includes obtaining relevant data from the business system during the process of using the data body.
Referring to fig. 2 to 4, a second embodiment of the present invention is:
a data security messenger system 1 suitable for a alliance chain comprises a data generating terminal 3 and a data using terminal 5, wherein the data generating terminal 2 comprises a first memory 4, a first processor 3 and a first computer program which is stored on the first memory 4 and can be operated on the first processor 3, the data using terminal 5 comprises a second memory 7, a second processor 6 and a second computer program which is stored on the second memory 7 and can be operated on the second processor 6, the corresponding steps in the first embodiment are realized when the first processor 3 executes the first computer program, and the corresponding steps in the first embodiment are realized when the second processor 6 executes the second computer program.
From the functional component, the whole is a data security messenger, which comprises a data security envelope, an envelope packaging suite and a messenger blockchain network.
The data security envelope provides a security controlled monitorable container mold body, which is composed of an encrypted data body and a core program encrypted shell, and is shown in figure 2. The data security envelope does not depend on three-party software and an operating environment, and has self-protection capability.
The envelope packaging suite is a generation module of the data security envelope.
The messenger block chain network is a key module of a data security messenger, and is a block chain network based on alliance chain technology, which is composed of a data provider, a data user, a data manager and the like. And transferring from the generation of the data security envelope to the data security envelope and then to the use of the data security envelope, wherein the data transfer uses the full flow to realize chain link certificate storage record.
In summary, according to the data security messenger method and system applicable to the alliance chain provided by the present invention, a data user needs to open a data security envelope on a compliant host according to a designated configuration and a security key activation; then, a completely controlled virtual logic disk is established by the data security envelope program body, and the data body which is subjected to multi-protection encryption data reassembly and decryption is loaded into the virtual logic disk; in addition, each operation record of each data security envelope by a user is subjected to real-time uplink storage, the block chain technology effectively ensures the forgery prevention and the falsification prevention of log files, and supervisors can also perform verification, verification and source tracing on the log files so as to realize the data transfer and use of the uplink storage records in the whole process; finally, after the data user finishes using the data, the data body is recovered to be an encrypted data body after the data security envelope is quitted, so that other users without permission can not identify the data content; meanwhile, the shadow daemon monitors and guards the data security envelope program body in the whole process, so that the method has the functions of access control, multiple protection, violation blocking, block chain-based security audit and the like, and can realize the safe and controllable circulation and legal compliance use of data to the maximum extent.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all equivalent changes made by using the contents of the present specification and the drawings, or applied directly or indirectly to the related technical fields, are included in the scope of the present invention.
Claims (10)
1. A data security messenger method for a federation chain, comprising the steps of:
s1, configuring a data security envelope by the data generation end according to a security policy, packaging a data security envelope program body and a shadow daemon process into an encryption shell, and loading the encryption data body and the encryption shell to the data security envelope;
s2, the data generation end uploads the data safety envelope to a block chain network;
s3, the data use end obtains the data security envelope through the transaction on the blockchain network;
s4, the data using end acquires the data security envelope, activates the data security envelope, establishes a completely controlled virtual logic disk by the data security envelope program body, loads the data body decrypted by the encrypted data recombination into the virtual logic disk, controls the use authority of the data body by the authority configured to the user in the data security envelope program body, and monitors and guards the data security envelope program body by the shadow daemon process.
2. The method for data security messenger applicable to alliance chain as claimed in claim 1, wherein the step S4 further includes:
and the data security envelope program body records the opening time and the operation record, and uploads the opening time and the operation record to a block chain network as a diary file.
3. The method for data security messenger applicable to alliance chain according to claim 1, wherein said step S1 further includes:
the method comprises the steps of obtaining an envelope packaging suite, carrying out desensitization processing on a data body by the envelope packaging suite to obtain desensitization data, extracting a message abstract from the desensitization data through a Hash algorithm, carrying out digital signature on the message abstract to obtain a data label, adding a watermark to the data label, randomly selecting an encryption algorithm provided by the envelope packaging suite, carrying out encryption processing on the data body added with the watermark by using a public key, and packaging the data body, the data label, the watermark and the encrypted data body sequentially from inside to outside.
4. The method of claim 3, wherein the "security policy" in step S1 includes computer software and hardware environment and security public key;
in step S4, the step of "the data using end obtains the data security envelope and activates the data security envelope" specifically includes:
the data security envelope is obtained by a data using end, the data security envelope is opened by using a security private key, the data security envelope is planned, whether the software and hardware environment of the current computer meets the software and hardware environment of the computer set in a security policy or not is automatically detected by the data security envelope program body, if the data security envelope program body is detected to be in a non-security environment or a non-authorized environment, alarm information is sent to the block chain network by the data security envelope program body so as to receive a control instruction returned by the block chain network, and if response information returned by the block chain network is not received within a preset time, all data in the data security envelope are automatically destroyed by the data security envelope program body;
in the step S4, the "supervising and guarding the data security envelope program body by the shadow daemon" specifically includes:
the shadow daemon monitors whether the data security envelope program body is subjected to malicious attack behaviors of injection, hijacking or tampering, and if the data security envelope program body is monitored to be subjected to the malicious attack behaviors, the data security envelope program body automatically destroys all data in the data security envelope;
the data security envelope program body judges whether illegal operation is carried out currently or not, if yes, the data security envelope program body automatically destroys all data in the data security envelope, and the illegal operation comprises the fact that the current opening times exceed the preset opening times set in the security policy and the current password error times exceed the preset password error times set in the security policy.
5. The method for data security messenger applicable to alliance chain as claimed in claim 1, wherein said step S4 is followed by further comprising:
and after the data using end exits the data security envelope, the data body is restored into an encrypted data body by the data security envelope program body.
6. A data security messenger system suitable for alliance chain, including data generation end and data consumer, the data generation end includes first memory, first processor and first computer program that is stored on first memory and can be operated on first processor, the data consumer includes second memory, second processor and second computer program that is stored on second memory and can be operated on second processor, characterized in that, the first processor realizes the following steps when executing the first computer program:
s1, configuring a data security envelope according to a security policy, packaging a data security envelope program body and a shadow daemon process into an encryption shell, and loading the encryption data body and the encryption shell to the data security envelope;
s2, uploading the data security envelope to a block chain network;
the second processor, when executing the second computer program, implements the steps of:
s3, obtaining the data security envelope from the block chain network;
s4, acquiring the data security envelope, activating the data security envelope, establishing a completely controlled virtual logic disk by the data security envelope program body, loading the data body decrypted by the encrypted data recombination into the virtual logic disk, controlling the use authority of the data body by the authority configured to a user in the data security envelope program body, and supervising and protecting the data security envelope program body by the shadow daemon.
7. A data security messenger system suitable for alliance chain as claimed in claim 6 wherein the first processor when executing the step S4 in the first computer program further implements the steps of:
and the data security envelope program body records the opening time and the operation record, and uploads the opening time and the operation record to a block chain network as a diary file.
8. A data security messenger system suitable for alliance chain as claimed in claim 6 wherein the first processor when executing the step S1 in the first computer program further implements the steps of:
the method comprises the steps of obtaining an envelope packaging suite, carrying out desensitization processing on a data body by the envelope packaging suite to obtain desensitization data, extracting a message abstract from the desensitization data through a Hash algorithm, carrying out digital signature on the message abstract to obtain a data label, adding a watermark to the data label, randomly selecting an encryption algorithm provided by the envelope packaging suite, carrying out encryption processing on the data body added with the watermark by using a public key, and packaging the data body, the data label, the watermark and the encrypted data body sequentially from inside to outside.
9. A data security messenger system suitable for alliance chain according to claim 8 wherein the "security policy" in step S1 includes computer software and hardware environment and security public key;
the second processor, when executing the "acquiring the data security envelope and activating the data security envelope" in the step S4 in the second computer program, specifically implements the following steps:
the data security envelope is obtained, a security private key is used for opening the data security envelope, the data security envelope is planned, the data security envelope program body automatically detects whether the software and hardware environment of the current computer meets the computer software and hardware environment set in a security strategy or not, if the data security envelope program body detects that the data security envelope program body is in a non-security environment or a non-authorized environment, the data security envelope program body sends alarm information to the block chain network to receive a control instruction returned by the block chain network, and if the data security envelope program body does not receive response information returned by the block chain network within preset time, the data security envelope program body automatically destroys all data in the data security envelope;
the second processor, when executing the "supervising daemon by the shadow daemon on the data security envelope program body" in the step S4 in the second computer program, specifically implements the following steps:
the shadow daemon monitors whether the data security envelope program body is subjected to malicious attack behaviors of injection, hijacking or tampering, and if the data security envelope program body is monitored to be subjected to the malicious attack behaviors, the data security envelope program body automatically destroys all data in the data security envelope;
the data security envelope program body judges whether illegal operation is carried out currently or not, if yes, the data security envelope program body automatically destroys all data in the data security envelope, and the illegal operation comprises the fact that the current opening times exceed the preset opening times set in the security policy and the current password error times exceed the preset password error times set in the security policy.
10. A data security messenger system applicable to a federation chain as claimed in claim 6 wherein the first processor, after performing said step S4 in the first computer program, further implements the steps of:
and after the data using end exits the data security envelope, the data body is restored into an encrypted data body by the data security envelope program body.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911078759.0A CN110933042B (en) | 2019-11-06 | 2019-11-06 | Data security messenger method and system suitable for alliance chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911078759.0A CN110933042B (en) | 2019-11-06 | 2019-11-06 | Data security messenger method and system suitable for alliance chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110933042A CN110933042A (en) | 2020-03-27 |
| CN110933042B true CN110933042B (en) | 2021-09-14 |
Family
ID=69853423
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911078759.0A Active CN110933042B (en) | 2019-11-06 | 2019-11-06 | Data security messenger method and system suitable for alliance chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110933042B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112580110A (en) * | 2020-12-23 | 2021-03-30 | 国家电网有限公司大数据中心 | Data resource sharing safety method based on watermark technology |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101953111A (en) * | 2007-12-21 | 2011-01-19 | 科库数据控股有限公司 | System and method for securing data |
| CN106131048A (en) * | 2016-08-13 | 2016-11-16 | 深圳市樊溪电子有限公司 | A kind of non-trusted remote transaction file security for block chain stores system |
| CN106326752A (en) * | 2016-08-13 | 2017-01-11 | 深圳市樊溪电子有限公司 | Program-controlled encrypted file storage system for block chain and method thereof |
| CN108848063A (en) * | 2018-05-24 | 2018-11-20 | 中链科技有限公司 | Data processing method, system and computer readable storage medium based on block chain |
| CN109325355A (en) * | 2018-01-11 | 2019-02-12 | 白令海 | Mobile terminal data method for secure storing based on virtual disk |
| CN110086804A (en) * | 2019-04-25 | 2019-08-02 | 广州大学 | A kind of internet of things data method for secret protection based on block chain and reliable hardware |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10346814B2 (en) * | 2014-06-04 | 2019-07-09 | MONI Limited | System and method for executing financial transactions |
-
2019
- 2019-11-06 CN CN201911078759.0A patent/CN110933042B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101953111A (en) * | 2007-12-21 | 2011-01-19 | 科库数据控股有限公司 | System and method for securing data |
| CN106131048A (en) * | 2016-08-13 | 2016-11-16 | 深圳市樊溪电子有限公司 | A kind of non-trusted remote transaction file security for block chain stores system |
| CN106326752A (en) * | 2016-08-13 | 2017-01-11 | 深圳市樊溪电子有限公司 | Program-controlled encrypted file storage system for block chain and method thereof |
| CN109325355A (en) * | 2018-01-11 | 2019-02-12 | 白令海 | Mobile terminal data method for secure storing based on virtual disk |
| CN108848063A (en) * | 2018-05-24 | 2018-11-20 | 中链科技有限公司 | Data processing method, system and computer readable storage medium based on block chain |
| CN110086804A (en) * | 2019-04-25 | 2019-08-02 | 广州大学 | A kind of internet of things data method for secret protection based on block chain and reliable hardware |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110933042A (en) | 2020-03-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Greenberg et al. | Mobile agents and security | |
| Denning et al. | Key escrowing today | |
| US6981156B1 (en) | Method, server system and device for making safe a communication network | |
| CN101098224B (en) | Method for encrypting/deciphering dynamically data file | |
| CN102227734A (en) | Client computer for protecting confidential file, server computer therefor, method therefor, and computer program | |
| Alfalayleh et al. | An overview of security issues and techniques in mobile agents | |
| CN103455763A (en) | Internet surfing log recording system and method capable of protecting personal privacies of users | |
| US10164980B1 (en) | Method and apparatus for sharing data from a secured environment | |
| CN113872944A (en) | Block chain-oriented zero-trust security architecture and cluster deployment framework thereof | |
| CN107563221A (en) | A kind of certification decoding security management system for encrypting database | |
| Dadhich et al. | Security issues in mobile agents | |
| CN104219077A (en) | Information management system for middle and small-sized enterprises | |
| CN112329050A (en) | File security management terminal and system | |
| Manthiramoorthy et al. | Comparing several encrypted cloud storage platforms | |
| CN202872828U (en) | A circulation control system of files | |
| CN104376270A (en) | File protection method and system | |
| Morovati et al. | A network based document management model to prevent data extrusion | |
| CN110933042B (en) | Data security messenger method and system suitable for alliance chain | |
| Genç et al. | Security analysis of key acquiring strategies used by cryptographic ransomware | |
| EP2709333A1 (en) | Method and devices for data leak protection | |
| CN106685912A (en) | Secure access method of application system | |
| CN110445804A (en) | A kind of safe handling protection system about outgoing document | |
| CN105897730A (en) | User name and password information encryption and verification method | |
| Wang et al. | MobileGuardian: A security policy enforcement framework for mobile devices | |
| CN111464543B (en) | Teaching information safety protection system based on cloud platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |