CN110995757B - Encryption device, encryption system, and data encryption method - Google Patents
Encryption device, encryption system, and data encryption method Download PDFInfo
- Publication number
- CN110995757B CN110995757B CN201911334840.0A CN201911334840A CN110995757B CN 110995757 B CN110995757 B CN 110995757B CN 201911334840 A CN201911334840 A CN 201911334840A CN 110995757 B CN110995757 B CN 110995757B
- Authority
- CN
- China
- Prior art keywords
- encryption
- data
- encrypted
- user
- determining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Abstract
The invention discloses a data encryption method, which is applied to an encryption device, wherein the encryption device is connected with a block chain, and the data encryption method comprises the following steps: receiving an encryption request of data, and acquiring data to be encrypted and user information according to the encryption request; determining the type of a block chain connected with the encryption device, and determining the encryption grade of the data to be encrypted according to the encryption request; determining a target encryption strategy of the data to be encrypted according to the type and the encryption grade, and encrypting the data to be encrypted by adopting the target encryption strategy; and sending the encrypted data and the user information to the block chain for correlation storage. The invention also discloses an encryption device and an encryption system. The data encryption method is reasonable.
Description
Technical Field
The present invention relates to the field of data security technologies, and in particular, to an encryption apparatus, an encryption system, and a data encryption method.
Background
The block chain technology is a chain data structure which combines data in a time sequence by taking cryptography as a guarantee. The blocks in the block chain are related through summary information, the head of each block comprises the summary information of the previous block, and all the blocks which are linked together can be ensured to be arranged in sequence through the summary information. The concept of blockchains was first described in self-reported journal article "bitcoin: a point-to-point Electronic Cash System (Bitcoin: A Peer-to-Peer Electronic Cash System) is proposed, so that Bitcoin can be regarded as the first digital currency realized by using the block chain technology. Due to the fact that the block chain has decentralization, openness, autonomy, anonymity, information non-falsification and the like, the block chain can be understood as a worldwide distributed ledger and is widely used in the financial field and the supply chain management field.
For security measures of financial data on a block chain, most supply chain financial platforms encrypt the data in various encryption modes at present, and the supply chain management field even has no security measures. The encryption of data is unreasonably imperfect.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide an encryption device, an encryption system and a data encryption method, and aims to solve the problem that the data encryption mode is unreasonable and incomplete.
In order to achieve the above object, the present invention provides a method for encrypting data, the method for encrypting data being applied to an encryption device, the encryption device connecting a block chain, the method for encrypting data comprising the steps of:
receiving an encryption request of data, and acquiring data to be encrypted and user information according to the encryption request;
determining the type of a block chain connected with the encryption device, and determining the encryption grade of the data to be encrypted according to the encryption request;
determining a target encryption strategy of the data to be encrypted according to the type and the encryption grade, and encrypting the data to be encrypted by adopting the target encryption strategy;
and sending the encrypted data and the user information to the block chain for correlation storage.
In an embodiment, the step of determining the target encryption policy of the data to be encrypted according to the type and the encryption level includes:
determining a first encryption strategy of the data to be encrypted according to the type, and determining a second encryption strategy of the data to be encrypted according to the encryption grade of the data to be encrypted;
determining an encryption priority of the first encryption policy and the second encryption policy;
and determining an encryption policy with a high encryption priority as a target encryption policy in the first encryption policy and the second encryption policy.
In an embodiment, the encryption policy of the data to be encrypted includes partial encryption of the data, full encryption of the data, and non-encryption of the data, where the encryption priority corresponding to the full encryption of the data is higher than the encryption priority corresponding to the partial encryption of the data, and the encryption priority corresponding to the partial encryption of the data is higher than the encryption priority corresponding to the non-encryption of the data.
In an embodiment, the step of determining the first encryption policy of the data to be encrypted according to the type includes:
when the block chain is a public chain, the first encryption strategy is data non-encryption or partial encryption of the data;
when the block chain is a alliance chain, the first encryption strategy is partial encryption of data;
and when the block chain is a private chain, the first encryption strategy is full encryption of data or partial encryption of the data.
In an embodiment, after the step of sending the encrypted data and the user information to the block chain for association and storage, the method further includes:
receiving a data viewing request, and determining a first user corresponding to the viewing request;
performing identity verification on the first user to judge whether the first user has a viewing right on data;
when the first user has the viewing right of the data, acquiring the encrypted data corresponding to the viewing request from the block chain, and decrypting the encrypted data;
outputting the decrypted data for viewing by the first user.
In an embodiment, after the step of authenticating the first user to determine whether the first user has a right to view data, the method further includes:
when the first user does not have the viewing right of the data, obtaining the user information of the first user, and generating prompt information according to the user information of the first user
Sending the prompt information to a terminal of a second user to which the data corresponding to the viewing request belongs;
when receiving authorization information sent by the terminal based on the prompt information, acquiring encrypted data corresponding to the viewing request from the block chain, and decrypting the encrypted data;
outputting the decrypted data for viewing by the first user.
In an embodiment, when the blockchain connected with the encryption device is a federation chain and the first user is a member of the federation chain, the first user has the view permission of the data or the view permission of part of the data;
when the first user is one of the two transaction parties to which the encrypted data corresponding to the viewing request belongs, the first user has the viewing permission of the data or the viewing permission of partial data;
and when the block chain connected with the encryption system is a private chain, and the first user is the owner of the data, the first user has the view right of the data.
In an embodiment, the authorization information includes time authorization information, and a duration of the encrypted data output by the encryption device is a duration corresponding to the time authorization information.
To achieve the above object, the present invention further provides an encryption apparatus including a memory, a processor, and a data encryption program stored in the memory and executable on the processor, the data encryption program implementing the steps of the encryption method of data as described above when executed by the processor.
To achieve the above object, the present invention further provides an encryption system, which includes an encryption device, a protection device, and a blockchain, wherein the encryption device connects the blockchain and the protection device,
the encryption device is used for receiving an encryption request of data, acquiring data to be encrypted and user information according to the encryption request, determining the type of a block chain connected with the encryption device, determining the encryption grade of the data to be encrypted according to the encryption request, determining a target encryption strategy of the data to be encrypted according to the type and the encryption grade, encrypting the data to be encrypted by adopting the target encryption strategy, and sending the encrypted data and the user information to the block chain for associated storage;
the block chain is used for storing the encrypted data and the user information sent by the encryption device;
the protection device is used for carrying out identity authentication on an accessed user, providing a data transmission encryption channel and resisting DDOS attack and WEB attack.
According to the encryption device, the encryption system and the data encryption method provided by the embodiment of the invention, the encryption device receives an encryption request of data, acquires data to be encrypted and user information according to the encryption request, determines the type of a block chain connected with the encryption device and determines the encryption grade of the data to be encrypted according to the encryption request, so that the encryption device determines a target encryption strategy to be encrypted according to the type and the encryption grade, encrypts the data to be encrypted by adopting the target encryption strategy, and finally sends the encrypted data and the user information to the block chain for associated storage. The encryption device can select a proper encryption strategy according to the block chain type connected with the encryption device and the encryption level of the data request, so that the data is encrypted according with the intention of a user and the block chain type, and the encryption mode of the data is reasonable and perfect.
Drawings
Fig. 1 is a schematic diagram of a hardware configuration of an encryption apparatus according to an embodiment of the present invention;
fig. 2 is a system architecture diagram of an encryption system according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating a first embodiment of a method for encrypting data according to the present invention;
FIG. 4 is a detailed flowchart of step S30 in FIG. 3;
fig. 5 is a flowchart illustrating a data encryption method according to a second embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The main solution of the embodiment of the invention is as follows: receiving an encryption request of data, and acquiring data to be encrypted and user information according to the encryption request; determining the type of a block chain connected with the encryption device, and determining the encryption grade of the data to be encrypted according to the encryption request; determining a target encryption strategy of the data to be encrypted according to the type and the encryption grade, and encrypting the data to be encrypted by adopting the target encryption strategy; and sending the encrypted data and the user information to the block chain for correlation storage.
The encryption device can select a proper encryption strategy according to the block chain type connected with the encryption device and the encryption level of the data request, so that the data is encrypted according with the intention of a user and the block chain type, and the encryption mode of the data is reasonable and perfect.
As shown in fig. 1, fig. 1 is a schematic diagram of a hardware structure of an encryption apparatus according to an embodiment of the present invention.
As shown in fig. 1, the clearing device may include: a processor 1001, such as a CPU, a communication bus 1002, and a memory 1003. Wherein a communication bus 1002 is used to enable connective communication between these components. The memory 1003 may be a high-speed RAM memory or a non-volatile memory (e.g., a disk memory). The memory 1003 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the configuration of the apparatus shown in fig. 1 does not constitute a limitation of the encryption apparatus and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1003 as a kind of computer storage medium may include an operating system and an encryption program of data.
In the apparatus shown in fig. 1, the processor 1001 may be configured to call up an encryption program of data stored in the memory 1003, and perform the following operations:
receiving an encryption request of data, and acquiring data to be encrypted and user information according to the encryption request;
determining the type of a block chain connected with the encryption device, and determining the encryption grade of the data to be encrypted according to the encryption request;
determining a target encryption strategy of the data to be encrypted according to the type and the encryption grade, and encrypting the data to be encrypted by adopting the target encryption strategy;
and sending the encrypted data and the user information to the block chain for correlation storage.
In one embodiment, the processor 1001 may call an encryption program of data stored in the memory 1003, and further perform the following operations:
determining a first encryption strategy of the data to be encrypted according to the type, and determining a second encryption strategy of the data to be encrypted according to the encryption grade of the data to be encrypted;
determining an encryption priority of the first encryption policy and the second encryption policy;
and determining an encryption policy with a high encryption priority as a target encryption policy in the first encryption policy and the second encryption policy.
In one embodiment, the processor 1001 may call an encryption program of data stored in the memory 1003, and further perform the following operations:
the encryption strategy of the data to be encrypted comprises partial encryption of the data, total encryption of the data and non-encryption of the data, the encryption priority corresponding to the total encryption of the data is higher than the encryption priority corresponding to the partial encryption of the data, and the encryption priority corresponding to the partial encryption of the data is higher than the encryption priority corresponding to the non-encryption of the data.
In one embodiment, the processor 1001 may call an encryption program of data stored in the memory 1003, and further perform the following operations:
when the block chain is a public chain, the first encryption strategy is data non-encryption or partial encryption of the data;
when the block chain is a alliance chain, the first encryption strategy is partial encryption of data;
and when the block chain is a private chain, the first encryption strategy is full encryption of data or partial encryption of the data.
In one embodiment, the processor 1001 may call an encryption program of data stored in the memory 1003, and further perform the following operations:
receiving a data viewing request, and determining a first user corresponding to the viewing request;
performing identity verification on the first user to judge whether the first user has a viewing right on data;
when the first user has the viewing right of the data, acquiring the encrypted data corresponding to the viewing request from the block chain, and decrypting the encrypted data;
outputting the decrypted data for viewing by the first user.
In one embodiment, the processor 1001 may call an encryption program of data stored in the memory 1003, and further perform the following operations:
when the first user does not have the viewing right of the data, obtaining the user information of the first user, and generating prompt information according to the user information of the first user
Sending the prompt information to a terminal of a second user to which the data corresponding to the viewing request belongs;
when receiving authorization information sent by the terminal based on the prompt information, acquiring encrypted data corresponding to the viewing request from the block chain, and decrypting the encrypted data;
outputting the decrypted data for viewing by the first user.
In one embodiment, the processor 1001 may call an encryption program of data stored in the memory 1003, and further perform the following operations:
when the block chain connected with the encryption device is a alliance chain and the first user is a member of the alliance chain, the first user has data viewing permission or partial data viewing permission;
when the first user is one of the two transaction parties to which the encrypted data corresponding to the viewing request belongs, the first user has the viewing permission of the data or the viewing permission of partial data;
and when the block chain connected with the encryption system is a private chain, and the first user is the owner of the data, the first user has the view right of the data.
In one embodiment, the processor 1001 may call an encryption program of data stored in the memory 1003, and further perform the following operations:
the authorization information comprises time authorization information, and the time length of the encrypted data output by the encryption device is the time length corresponding to the time authorization information.
As one implementation, the encryption system may be as shown in fig. 2.
Referring to fig. 2, the encryption system 100 includes an encryption device 110, a blockchain 120 and a guard 130,
the encryption device 110 is configured to receive an encryption request for data, obtain data to be encrypted and user information according to the encryption request, determine a type of a block chain connected to the encryption device, determine an encryption level of the data to be encrypted according to the encryption request, determine a target encryption policy for the data to be encrypted according to the type and the encryption level, encrypt the data to be encrypted by using the target encryption policy, and send the encrypted data and the user information to the block chain for associated storage. The encryption device 110 is connected to a block chain 120, and the encryption device 110 is provided with a password generation module 111 and a key management module 112. The password generation module 111 provides key generation, data encryption and decryption, data signature and signature verification services, and supports file encryption, field encryption and data desensitization; and the key management module 112 provides key full lifecycle management functions including key distribution, key renewal, key revocation, and the like.
And a block chain 120, configured to store the encrypted data sent by the encryption apparatus and the user information. Blockchain 120 may be a federation chain, a private chain, or a public chain.
And the protection device 130 is used for authenticating the accessed user, providing a data transmission encryption channel and resisting DDOS attack and WEB attack.
The guard 130 includes a border guard module 131 and an access management module 132. The boundary protection module 131 is composed of a firewall, a WAF and an anti-D device, establishes logical security isolation between the network of the encryption system and the internet, provides WEB attack defense and DDOS attack defense, performs website security protection through the WAF (WEB application protection system), and realizes stable operation of a website through the anti-DDOS system; the access management module 132 deploys a secure access platform, and provides network secure access, network access authorization, and data transmission encryption services to the user side. When accessing, a user needs to firstly perform network security access, an encryption transmission channel is established with an encryption system security access platform, and the security access platform performs fine-grained access authorization on the accessed user. The identity authentication of an access user is realized by an SM9 algorithm, the data encryption transmission is realized by an SM4 algorithm, and the integrity protection of the transmitted data is realized by an SM3 algorithm. The system platform does not develop WEB services for the external network, and can greatly reduce intrusion attacks directly from the Internet.
Based on the hardware construction, various embodiments of the data encryption method are provided.
Referring to fig. 3, fig. 3 is a first embodiment of the data encryption method of the present invention, which includes the following steps:
step S10, receiving an encryption request of data, and acquiring data to be encrypted and user information according to the encryption request;
in this embodiment, the execution subject is an encryption device. The data may be financial data, such as digital certificates. The digital voucher can be used for mobile funds of business or individuals for trading, financing and settlement at a financial platform. The user can send an encryption request of data to the encryption device through the APP loaded with the encryption program, and the encryption device can be a physical device of the financial platform. The encryption device can determine the data required to be encrypted by the user according to the encryption request after receiving the encryption request of the data, the data is the data to be encrypted, the encryption device can also determine the user information of the user according to the terminal sending the encryption request, or the user information is directly obtained through the login information of the user on the encryption device, and the user information is personal information or enterprise information filled when the user registers on the financial platform.
Step S20, determining the type of the block chain connected with the encryption device, and determining the encryption grade of the data to be encrypted according to the encryption request;
the encryption device connects the blockchain. And the type of block chain to which the encryption device is connected is determined according to the storage property of the data. For example, if the data is social public oriented, the blockchain connected with the encryption device is a public chain; the data is only checked by both transaction parties or coalition members, and the block chain connected with the encryption device is a coalition chain; when the data is only viewed by the data holder, the block chain connected with the encryption device is a private chain. In addition, when the user needs to encrypt the data, the user may set an encryption level of the data, that is, what degree of encryption the data is required to be encrypted, that is, the encryption level of the data to be encrypted may be carried in the encryption request.
Step S30, determining a target encryption strategy of the data to be encrypted according to the type and the encryption grade, and encrypting the data to be encrypted by adopting the target encryption strategy;
encryption strategies for data include partial encryption of data, full encryption of data, and non-encryption of data. Different block chains correspond to different encryption strategies, the encryption level of the data to be encrypted also corresponds to different encryption strategies, and the encryption device needs to select a target encryption strategy from the encryption strategies corresponding to the two. Specifically, referring to fig. 4, that is, step S30 includes:
step S31, determining a first encryption strategy of the data to be encrypted according to the type, and determining a second encryption strategy of the data to be encrypted according to the encryption grade of the data to be encrypted;
step S32, determining encryption priorities of the first encryption policy and the second encryption policy;
step S33 is to determine, as a target encryption policy, an encryption policy having a high encryption priority from among the first encryption policy and the second encryption policy.
And defining an encryption strategy corresponding to the type of the block chain as a first encryption strategy, and defining an encryption strategy corresponding to the encryption grade of the data to be encrypted as a second encryption strategy. When the blockchain is a public chain, the data in the blockchain is popular, that is, people can view the data, and therefore, the first encryption strategy is that the data is not encrypted, and certainly, the data can also be partially encrypted. When the blockchain is a federation chain, the data can be viewed by members of the federation chain, and the first encryption strategy is partial encryption of the data. When the blockchain is a private chain, the data is only viewed by the holder of the data, and the first encryption policy is to encrypt all the data, or may be to encrypt part of the data.
The encryption level of the data to be encrypted is set by the user, and therefore, the second encryption policy is also set by the user. But the encryption device needs to combine the first encryption policy with the second encryption policy. Therefore, an encryption priority is set to the encryption policy. The encryption device sets an encryption priority corresponding to total encryption of the data to be higher than an encryption priority corresponding to partial encryption of the data, and sets an encryption priority corresponding to partial encryption of the data to be higher than an encryption priority corresponding to no encryption of the data. Thus, the first encryption policy and the second encryption policy each contain a corresponding encryption priority.
The encryption device selects an encryption policy with a high encryption priority from the first encryption policy and the second encryption policy as a target encryption policy. For example, if the block chain is a public chain, the first encryption policy is that the data is not encrypted, and the second encryption policy is that the data is partially encrypted, where the second encryption policy is a target encryption policy, that is, the encryption device partially encrypts the data to be encrypted.
After the encryption device determines the target encryption strategy, the encryption device can encrypt the data to be encrypted by adopting the target encryption strategy. The encryption device may encrypt the data to be encrypted using an encryption algorithm such as SM2, SM4, SM9, or the like. Identifying cryptographic algorithms based on SM9 may implement time-based encryption strategies. In SM9, the identity is a public key, which can be used directly to encrypt data. The data may be encrypted by generating the SM9 identification with the time as a parameter. The key management system can set a key security policy during decryption, and the SM9 private key corresponding to the time can be generated only after the time, so that data can be decrypted.
In addition, when the data to be encrypted is encrypted, the sensitive data can be desensitized, and then the desensitized data to be encrypted is encrypted.
And step S40, sending the encrypted data and the user information to the block chain for association and storage.
After data to be encrypted is encrypted, the encrypted data and the user information are correlated, and then the correlated encrypted data and the user information are sent to the block chain together, so that the block chain is stored.
In the technical scheme provided by this embodiment, the encryption device receives an encryption request of data, acquires data to be encrypted and user information according to the encryption request, determines the type of a block chain connected to the encryption device, and determines the encryption level of the data to be encrypted according to the encryption request, so that the encryption device determines a target encryption policy to be encrypted according to the type and the encryption level, encrypts the data to be encrypted by using the target encryption policy, and finally sends the encrypted data and the user information to the block chain for associated storage. The encryption device can select a proper encryption strategy according to the block chain type connected with the encryption device and the encryption level of the data request, so that the data is encrypted according with the intention of a user and the block chain type, and the encryption mode of the data is reasonable.
Referring to fig. 5, fig. 5 is a second embodiment of the data encryption method of the present invention, and based on the first embodiment, after step 40, the method further includes:
step S50, receiving a viewing request of data, and determining a first user corresponding to the viewing request;
step S60, performing identity authentication on the first user to determine whether the first user has a viewing right for data;
step S70, when the first user has the viewing right of the data, obtaining the encrypted data corresponding to the viewing request from the block chain, and decrypting the encrypted data;
step S80, outputting the decrypted data for viewing by the first user.
In this embodiment, the user may send a viewing request for data based on the encryption device, and the user is not necessarily the user who requests the data encryption, and is defined as the first user. The encryption device receives a data viewing request, determines a first user corresponding to the data viewing request, and performs identity authentication on the first user to judge whether the first user has a data viewing permission. The encryption device may directly identify the first user of the user to determine the identity of the user.
And when the block chain connected with the encryption device is a alliance chain, the data can be viewed by alliance members. And if the first user is a member of the alliance chain, the first user has the data viewing permission or partial data viewing permission. When the block chain is a public chain, if the data requested to be viewed is not encrypted, the first user has the data viewing permission; if the data requested to be viewed is encrypted and the first user is one of the two transaction parties to which the encrypted data corresponding to the viewing request belongs, the first user has the data viewing permission or partial data viewing permission. When the block chain connected with the encryption system is a private chain, only the user to which the data requested to be viewed belongs has the data viewing authority, so that the first user has the data viewing authority when the first user is the data owner.
And when the first user has the viewing right of the data, the encrypted data acquires the encrypted data corresponding to the viewing request from the block chain, and then the encrypted data is decrypted, so that the decrypted data is output for the first user to view.
And when the first user does not have the data viewing right, the encryption device acquires the user information of the first user, so that prompt information is generated according to the user information, and then the prompt information is sent to a terminal of a second user belonging to the data corresponding to the viewing request, so that the second user can know that the first user needs to view the data based on the prompt information. The second user can authorize the first user to check the data, the second user can send authorization information to the encryption device based on the terminal, the encryption device receives the authorization information and determines that the second user allows the first user to check the data, at the moment, the encryption device extracts encrypted data corresponding to the check request from the block chain, decrypts the data, and outputs the decrypted data for the first user to check. It should be noted that the authorization information may include time authorization information, where the time authorization information is a time length for allowing the user to view the data, and after the time length of the time authorization information is reached, the encryption device hides the decrypted data, so that the first user ends viewing the decrypted data. That is, the time length of the encrypted data output by the encryption device is the time length corresponding to the time authorization information.
In the technical scheme provided by this embodiment, when a user needs to view data, the encryption device needs to perform authentication on the user, so as to avoid data leakage.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (9)
1. A method for encrypting data, wherein the method for encrypting data is applied to an encryption device, the encryption device is connected with a block chain, and the method for encrypting data comprises the following steps:
receiving an encryption request of data, and acquiring data to be encrypted and user information according to the encryption request;
determining the type of a block chain connected with the encryption device, and determining the encryption grade of the data to be encrypted according to the encryption request;
determining a target encryption strategy of the data to be encrypted according to the type and the encryption grade, and encrypting the data to be encrypted by adopting the target encryption strategy;
sending the encrypted data and the user information to the block chain for associated storage;
wherein the step of determining the target encryption policy of the data to be encrypted according to the type and the encryption level comprises:
determining a first encryption strategy of the data to be encrypted according to the type, and determining a second encryption strategy of the data to be encrypted according to the encryption grade of the data to be encrypted;
determining an encryption priority of the first encryption policy and the second encryption policy;
and determining an encryption policy with a high encryption priority as a target encryption policy in the first encryption policy and the second encryption policy.
2. The data encryption method according to claim 1, wherein the encryption policy of the data to be encrypted includes partial encryption of the data, full encryption of the data, and non-encryption of the data, the full encryption of the data corresponding to a higher encryption priority than the partial encryption of the data, and the partial encryption of the data corresponding to a higher encryption priority than the non-encryption of the data.
3. The method for encrypting data according to claim 1, wherein the step of determining the first encryption policy of the data to be encrypted according to the type comprises:
when the block chain is a public chain, the first encryption strategy is data non-encryption or partial encryption of the data;
when the block chain is a alliance chain, the first encryption strategy is partial encryption of data;
and when the block chain is a private chain, the first encryption strategy is full encryption of data or partial encryption of the data.
4. The data encryption method according to claim 1, wherein after the step of sending the encrypted data and the user information to the block chain for associated storage, the method further comprises:
receiving a data viewing request, and determining a first user corresponding to the viewing request;
performing identity verification on the first user to judge whether the first user has a viewing right on data;
when the first user has the viewing right of the data, acquiring the encrypted data corresponding to the viewing request from the block chain, and decrypting the encrypted data;
outputting the decrypted data for viewing by the first user.
5. The method for encrypting data according to claim 4, wherein said step of authenticating said first user to determine whether said first user has a right to view data further comprises:
when the first user does not have the viewing right of the data, acquiring the user information of the first user, and generating prompt information according to the user information of the first user;
sending the prompt information to a terminal of a second user to which the data corresponding to the viewing request belongs;
when receiving authorization information sent by the terminal based on the prompt information, acquiring encrypted data corresponding to the viewing request from the block chain, and decrypting the encrypted data;
outputting the decrypted data for viewing by the first user.
6. The method for encrypting data according to claim 4,
when the block chain connected with the encryption device is a alliance chain and the first user is a member of the alliance chain, the first user has data viewing permission or partial data viewing permission;
when the first user is one of the two transaction parties to which the encrypted data corresponding to the viewing request belongs, the first user has the viewing permission of the data or the viewing permission of partial data;
and when the block chain connected with the encryption system is a private chain, and the first user is the owner of the data, the first user has the view right of the data.
7. The data encryption method according to claim 5, wherein the authorization information includes time authorization information, and a time duration for which the encryption device outputs the encrypted data is a time duration corresponding to the time authorization information.
8. An encryption apparatus comprising a memory, a processor, and a data encryption program stored in the memory and executable on the processor, the data encryption program when executed by the processor implementing the steps of the encryption method of data according to any one of claims 1 to 7.
9. An encryption system comprising an encryption device, a guard, and a blockchain, the encryption device connecting the blockchain and the guard, wherein,
the encryption device is used for receiving an encryption request of data, acquiring data to be encrypted and user information according to the encryption request, determining the type of a block chain connected with the encryption device, determining the encryption grade of the data to be encrypted according to the encryption request, determining a target encryption strategy of the data to be encrypted according to the type and the encryption grade, encrypting the data to be encrypted by adopting the target encryption strategy, and sending the encrypted data and the user information to the block chain for associated storage, wherein the step of determining the target encryption strategy of the data to be encrypted according to the type and the encryption grade comprises the following steps: determining a first encryption strategy of the data to be encrypted according to the type, and determining a second encryption strategy of the data to be encrypted according to the encryption grade of the data to be encrypted; determining an encryption priority of the first encryption policy and the second encryption policy; determining an encryption policy with a high encryption priority as a target encryption policy from the first encryption policy and the second encryption policy;
the block chain is used for storing the encrypted data and the user information sent by the encryption device;
the protection device is used for carrying out identity authentication on an accessed user, providing a data transmission encryption channel and resisting DDOS attack and WEB attack.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911334840.0A CN110995757B (en) | 2019-12-19 | 2019-12-19 | Encryption device, encryption system, and data encryption method |
| PCT/CN2020/102693 WO2021120615A1 (en) | 2019-12-19 | 2020-07-17 | Encryption apparatus, encryption system and data encryption method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911334840.0A CN110995757B (en) | 2019-12-19 | 2019-12-19 | Encryption device, encryption system, and data encryption method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110995757A CN110995757A (en) | 2020-04-10 |
| CN110995757B true CN110995757B (en) | 2022-03-11 |
Family
ID=70074291
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911334840.0A Active CN110995757B (en) | 2019-12-19 | 2019-12-19 | Encryption device, encryption system, and data encryption method |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN110995757B (en) |
| WO (1) | WO2021120615A1 (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110995757B (en) * | 2019-12-19 | 2022-03-11 | 肖光昱 | Encryption device, encryption system, and data encryption method |
| CN111475531A (en) * | 2020-04-12 | 2020-07-31 | 魏秋云 | Information analysis system based on student employment data |
| CN111526167A (en) * | 2020-07-06 | 2020-08-11 | 南京可信区块链与算法经济研究院有限公司 | Data transmission method and device applied to block chain |
| CN113285960B (en) * | 2021-07-21 | 2021-10-01 | 湖南轻悦健康管理有限公司 | Data encryption method and system for service data sharing cloud platform |
| CN114584300B (en) * | 2022-03-02 | 2024-02-02 | 中国科学院国家授时中心 | Encryption and decryption method and system for bidirectional time service |
| CN115065524A (en) * | 2022-06-10 | 2022-09-16 | 国网江苏省电力有限公司 | Method for encrypting client side comprehensive energy public information transmission data |
| CN115086062B (en) * | 2022-06-30 | 2023-08-11 | 三一电动车科技有限公司 | Remote safety control method, system, device and vehicle |
| CN114979281B (en) * | 2022-07-11 | 2022-11-08 | 成都信息工程大学 | Data interaction method applied to industrial internet cloud service platform |
| CN115589303B (en) * | 2022-07-11 | 2024-02-27 | 昆明理工大学 | SM9 algorithm and cross-link technology based data sharing and privacy protection method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108563788A (en) * | 2018-04-27 | 2018-09-21 | 腾讯科技(深圳)有限公司 | Data query method, apparatus, server and storage medium based on block chain |
| CN109087214A (en) * | 2018-07-23 | 2018-12-25 | 江苏恒宝智能系统技术有限公司 | A kind of natural gas life payment management system based on block chain |
| CN109977697A (en) * | 2019-04-03 | 2019-07-05 | 陕西医链区块链集团有限公司 | A kind of data grant method of block chain |
| CN110245942A (en) * | 2019-05-20 | 2019-09-17 | 阿里巴巴集团控股有限公司 | In conjunction with the receipt storage method and node of user type and Rule of judgment |
| CN110493168A (en) * | 2018-07-19 | 2019-11-22 | 江苏恒宝智能系统技术有限公司 | Medical curative effect based on asymmetric encryption techniques monitors sharing method |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107979584B (en) * | 2016-11-22 | 2019-08-13 | 南京银链信息科技有限公司 | Block chain information hierarchical sharing method and system |
| US11238543B2 (en) * | 2017-05-06 | 2022-02-01 | Adp, Llc | Payroll based blockchain identity |
| CN107425959A (en) * | 2017-06-20 | 2017-12-01 | 郑州云海信息技术有限公司 | A kind of method for realizing encryption, system, client and service end |
| CN108364218A (en) * | 2018-02-11 | 2018-08-03 | 中国银行股份有限公司 | A kind of sharing method and device of user's collage-credit data |
| US20190347651A1 (en) * | 2018-05-12 | 2019-11-14 | Mauricio Octavio Moreno | Computer-implemented system and method for transferring money from a sender to a recipient |
| CN108881474B (en) * | 2018-07-10 | 2021-06-25 | 南京邮电大学 | Internet of things data hierarchical protection architecture based on block chain |
| CN109936626B (en) * | 2019-02-19 | 2020-05-29 | 阿里巴巴集团控股有限公司 | Method, node and storage medium for implementing privacy protection in block chain |
| CN110197707B (en) * | 2019-05-23 | 2021-07-30 | 泰康保险集团股份有限公司 | Block chain-based medical record information processing method, device, medium and electronic equipment |
| CN110995757B (en) * | 2019-12-19 | 2022-03-11 | 肖光昱 | Encryption device, encryption system, and data encryption method |
-
2019
- 2019-12-19 CN CN201911334840.0A patent/CN110995757B/en active Active
-
2020
- 2020-07-17 WO PCT/CN2020/102693 patent/WO2021120615A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108563788A (en) * | 2018-04-27 | 2018-09-21 | 腾讯科技(深圳)有限公司 | Data query method, apparatus, server and storage medium based on block chain |
| CN110493168A (en) * | 2018-07-19 | 2019-11-22 | 江苏恒宝智能系统技术有限公司 | Medical curative effect based on asymmetric encryption techniques monitors sharing method |
| CN109087214A (en) * | 2018-07-23 | 2018-12-25 | 江苏恒宝智能系统技术有限公司 | A kind of natural gas life payment management system based on block chain |
| CN109977697A (en) * | 2019-04-03 | 2019-07-05 | 陕西医链区块链集团有限公司 | A kind of data grant method of block chain |
| CN110245942A (en) * | 2019-05-20 | 2019-09-17 | 阿里巴巴集团控股有限公司 | In conjunction with the receipt storage method and node of user type and Rule of judgment |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2021120615A1 (en) | 2021-06-24 |
| CN110995757A (en) | 2020-04-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110995757B (en) | Encryption device, encryption system, and data encryption method | |
| CN110034924B (en) | Data processing method and device | |
| CN109858262B (en) | Process approval method, device and system based on block chain system and storage medium | |
| CN109067539B (en) | Alliance chain transaction method, alliance chain transaction equipment and computer readable storage medium | |
| CN102099810B (en) | Mobile device assisted secure computer network communications | |
| US7526649B2 (en) | Session key exchange | |
| US7877604B2 (en) | Proof of execution using random function | |
| US20180034810A1 (en) | A system and methods for protecting keys in computerized devices operating versus a server | |
| JP2019506103A (en) | How to manage trusted identities | |
| EP1376976A1 (en) | Methods for authenticating potential members invited to join a group | |
| JP2008501176A (en) | Information distribution system that protects privacy | |
| JP2009529832A (en) | Undiscoverable, ie secure data communication using black data | |
| CN104767731A (en) | Identity authentication protection method of Restful mobile transaction system | |
| CN107920052B (en) | Encryption method and intelligent device | |
| CN112766962A (en) | Method for receiving and sending certificate, transaction system, storage medium and electronic device | |
| CN110020869B (en) | Method, device and system for generating block chain authorization information | |
| US20110162053A1 (en) | Service assisted secret provisioning | |
| CN111914293A (en) | Data access authority verification method and device, computer equipment and storage medium | |
| CN112565205B (en) | Credible authentication and measurement method, server, terminal and readable storage medium | |
| CN112632574A (en) | Multi-mechanism data processing method and device based on alliance chain and related equipment | |
| CN113239363A (en) | Firmware updating method, device, equipment, readable storage medium and memory system | |
| CN110942382A (en) | Electronic contract generating method and device, computer equipment and storage medium | |
| JP2010231404A (en) | System, method, and program for managing secret information | |
| Gaber et al. | Privdrm: A privacy-preserving secure digital right management system | |
| CN113132116A (en) | Sensitive data anonymous access method based on knowledge signature |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |