CN111460483A - Financial informatization data processing method based on encryption - Google Patents
Financial informatization data processing method based on encryption Download PDFInfo
- Publication number
- CN111460483A CN111460483A CN202010297434.8A CN202010297434A CN111460483A CN 111460483 A CN111460483 A CN 111460483A CN 202010297434 A CN202010297434 A CN 202010297434A CN 111460483 A CN111460483 A CN 111460483A
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- security
- key
- programmable logic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
- H04L9/16—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an encryption-based financial informatization data processing method, which comprises the following steps: step one, collecting safety information; secondly, generating key data according to the collected safety information; step three, reconfiguring a hard encryption mode, generating a new bit stream according to the key data, and reconfiguring the bit stream into a programmable logic unit to realize the change of an encryption algorithm encryption mode in the programmable logic unit; step four, the encrypted security data are transmitted to cloud storage for backup storage; and step five, logging in cloud storage to obtain the security data, and accessing the backup key data in the corresponding computer in the local area network through the local area network to realize decoding of the corresponding security data so as to realize security access of the data. The invention can realize local real-time encryption according to the data security requirement and realize backup or replacement of trusted data in a local area network or a cloud storage platform.
Description
The technology is a financial informatization data processing method based on encryption.
Technical Field
The invention relates to the field of trusted data security, in particular to a financial informatization data processing method based on encryption.
Background
Data security, particularly the internet, is of great importance today in increasingly complex business competitions, and not only business secrets but also financial data or research and development data within a company require special attention to secure storage of data.
In the prior art, a distributed storage manner is adopted to overcome potential safety hazards in single-machine storage, for example, application number CN201410810750.5 discloses a disaster recovery method and device for a distributed storage system, in which backup data of first data to be stored is sent to a second storage server through a first storage server for storage; the second storage server is a storage server where the first storage medium is located; the first storage server belongs to a production site, and the second storage server belongs to a disaster tolerance site; the same data and the backup data thereof are respectively stored in the storage servers of different sites; when one site fails, backup data of data stored in the failed site is stored on the other site, and safety and reliability of the data stored in the distributed storage system are guaranteed.
In the prior art, an encryption storage method aiming at cloud storage data security also appears, for example, application number WO2012163043a1 discloses a method for protecting data security in a cloud, a key management center encrypts original data M sent by a first terminal, uploads encrypted data C1 obtained through encryption to a cloud server, obtains encrypted data C2 when receiving a request for decrypting data or a request for downloading data sent by a second terminal, and sends the encrypted data C2 to the second terminal, so that the second terminal decrypts the encrypted data C2 according to a key grasped by the second terminal to obtain the original data M, the encryption of cloud storage data is a storage technology commonly used in the present stage, but cloud storage is an encryption method provided by a cloud storage platform after all, the encryption method is not controlled by a storage demand party, and because attack aiming at the platform and the probability of vulnerability is higher, and is not suitable for storing important data such as financial data, important research and development data, or business secrets.
Aiming at the platform of the undifferentiated backup and encryption mode in the prior art, the safe storage price of the trusted data is high, and the controllability of the data safety and the personalized encryption requirement are not met.
Disclosure of Invention
The invention provides an encryption-based financial informatization data processing method which can realize local real-time encryption according to data security requirements and realize backup or replacement of trusted data in a local area network or a cloud storage platform.
In order to realize the technical effects, the invention adopts the technical scheme that:
an encryption-based financial informatization data processing method comprises the following steps:
step one, collecting safety information, wherein the safety information comprises login data of a computer operator, operation data types and network conditions.
And step two, generating key data according to the collected safety information.
And step three, reconfiguring a hard encryption mode, generating a new bit stream according to the key data, and reconfiguring the programmable logic unit with the bit stream to realize the change of an encryption algorithm encryption mode in the programmable logic unit.
And step four, transmitting the encrypted security data to cloud storage for backup storage.
And step five, logging in cloud storage to obtain the security data, and accessing the backup key data in the corresponding computer in the local area network through the local area network to realize decoding of the corresponding security data so as to realize security access of the data.
The second step of generating key data is realized in a specific way as follows: the security information data such as the login data (Pi) of the computer operator, the account or password data (Ci) of the system user or administrator, the data type (Si) of the operation and the network condition (Ni) are respectively expressed by a plurality of bits, and then the key data is expressed by the combination of the plurality of bits of the security information data.
Preferably, the encryption algorithm in the third step adopts a DES algorithm, and the sub-key generated in advance consists of the key data in the second step.
Preferably, the key data in the second step also needs to be stored to the computer for decoding of the security data.
Preferably, the safety information in the step one is also used for judging whether to generate new key data to realize the reconfiguration of the programmable logic unit, if the safety information represents no risk, the new key data does not need to be generated, namely, the safety can be ensured by adopting the original data encryption mode; if the safety information represents the risk such as abnormal login of computer operators, continuous errors of password data, network attack and the like, new key data needs to be generated to reconfigure the programmable logic unit to realize a new encryption mode, the original important data is re-encrypted, and the key party needing the new key data can decrypt the encrypted data. And update the data in the cloud storage to the newly encrypted secure data.
Different computers in the local area network have different data encryption modes, and different key data are required to be decrypted as keys, namely, the data responsible by each user can realize authority control of data access, meanwhile, the safety data in the respective local data storage module can be encrypted and updated to the cloud storage module when an attack occurs, and the data in the cloud storage module can be ensured to be encrypted and protected in real time.
The invention also discloses an encryption-based financial informatization data processing system, which comprises a local area network consisting of a plurality of computers and cloud storage; the computers are all connected with a trusted module, the trusted module comprises a parameter configuration module and a programmable logic unit, the programmable logic unit can be reconfigured by the parameter configuration module, and the trusted module is connected with a data storage module in the computer and used for carrying out encryption operation on the security data.
The computer comprises a safety information collection module, a Key backup module, a Key generation module and a data storage module, wherein the safety information collection module sends collected safety information to the Key generation module, the Key generation module recombines the safety information to generate Key data, the Key data is sent to the Key backup module for backup, and meanwhile, the Key data is sent to a parameter configuration module to generate a bit stream (bitstream) of the reconfigurable programmable logic unit; the programmable logic unit encrypts important data in the data storage module to cover original data.
The programmable logic unit can be realized by adopting an FPGA (field programmable gate array), and can realize a hardware encryption algorithm.
The security information collection module is used for collecting login data (Pi) of computer operators, account or password data (Ci) of system users or administrators, data types (Si) of operation and network conditions (Ni); the security information collection module respectively represents the different types of security information data by a plurality of bits, namely Pi represents login data of a computer operator, Ci represents account or password data of a system user or an administrator, Si represents the data type of Si operation, Ni represents the network condition, and preferably, Pi, Ci, Si and Ni are all composed of 8 bits.
The computer operator login data includes, but is not limited to, operating system login data, an information system user or administrator account, password data (Ci), and the like, which can verify the authority of the operator.
The data types comprise data security level, what data, modification time and data size, and further comprise what operations are performed on the data, such as deletion, modification, replacement, addition and the like.
The network conditions comprise external network connection conditions, security threats (such as firewall attacks, external intrusion threats and the like), and local area network access conditions.
The Key generation module is used for comprehensively judging the security condition and generating corresponding Key data according to the information collected by the security information collection module, and the Key data is used for selecting the encryption process and/or the encryption type of hard encryption; the key data are characterized using Pi, Ci, Si, Ni, i.e. Ki = Pi + Ci + Si + Ni, Ki representing the key data.
And the parameter configuration module generates a bit stream (bitstream) capable of reconfiguring the programmable logic unit according to the key data, and reconfigures the bit stream to the programmable logic unit.
The programmable logic unit reads unencrypted data in the data storage module, real-time hard encryption of the unencrypted data is achieved through an encryption algorithm, and the encrypted data are transmitted to the data storage module;
preferably, the encryption and decryption algorithm realized by the programmable logic unit can adopt a modified DES encryption algorithm, and the iterative characteristic of the DES algorithm makes the DES algorithm suitable for design by adopting loop full-open and pipeline structure. The key data Ki is used as a part of a 64-bit key to generate a sub-key, and a logic circuit is used for completing S box design, so that 16 times of cyclic iteration of a DES algorithm can be unlocked to be 16-stage pipeline data block encryption, and 16 data blocks can be simultaneously encrypted. Therefore, after 16 rounds of time delay, one data block is coded and a ciphertext block is output in each round of time delay.
According to the invention, the trusted module is arranged on the computer in the local area network, the encryption algorithm in the trusted module is updated in real time by utilizing the safety information of the computer, so that the data in the data storage module is encrypted again and updated to cloud storage, local real-time encryption is realized according to the data safety requirement, and backup or replacement of trusted data is realized on the local area network or the cloud storage platform, so that the data safety is effectively improved.
Drawings
FIG. 1 is a schematic diagram of an encryption-based financial information data processing system according to the present invention.
FIG. 2 is a block diagram of a trusted module in connection with a computer.
Fig. 3 is a flow chart for implementing dynamic encryption of data.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
Referring to fig. 1-2, embodiment 1 implements an encryption-based financial information-based data processing system, including a local area network composed of computers 1-N, a router, and cloud storage; the computers 1 to N are respectively connected to the trusted modules 1 to N, and taking a connection relationship between the first trusted module 1 and the computer 2 as an example for explanation, referring to fig. 2, the trusted module 1 includes a parameter configuration module 1-2 and a programmable logic unit 1-1, where the programmable logic unit 1-1 is reconfigurable by the parameter configuration module 1-2, and is connected to a data storage module 2-4 in the computer 2 for performing an encryption operation on the secure data.
The computer 2 comprises a security information collection module 2-1, a Key generation module 2-2, a Key backup module 2-3 and a data storage module 2-4, wherein the security information collection module 2-1 sends collected security information to the Key generation module 2-2, the Key generation module 2-2 recombines the security information to generate Key data, the Key data is sent to the Key backup module 2-3 for backup, and meanwhile the Key data is sent to a parameter configuration module 1-2 to generate a bit stream (bitstream) of a reconfigurable programmable logic unit 1-1; the programmable logic unit 1-1 encrypts important data in the data storage module 2-4 to cover the original data.
The programmable logic unit 1-1 can be realized by adopting an FPGA (field programmable gate array), and can realize a hardware encryption algorithm.
The security information collection module 2-1 is used for collecting computer operator login data (Pi), account or password data (Ci) of a system user or an administrator, data type (Si) of operation and network condition (Ni); the security information collection module 2-1 respectively represents the different types of security information data by a plurality of bits, namely Pi represents login data of computer operators, Ci represents account or password data of system users or administrators, Si operates data type, and Ni represents network conditions, wherein Pi, Ci, Si and Ni can all be composed of 8 bits.
The computer operator login data comprises but is not limited to operating system login data, an account of an information system user or an administrator, password data (Ci) and other information capable of verifying the authority of a worker;
the data type includes data security level, what data, modification time and data size, and also includes what operations are performed on the data, such as deletion, modification, replacement, addition and the like.
The network conditions comprise external network connection conditions, security threats (such as firewall attacks, external intrusion threats and the like), and local area network access conditions.
The Key generating module 2-2 is used for comprehensively judging the security condition and generating corresponding Key data according to the information collected by the security information collecting module 2-1, wherein the Key data is used for selecting the encryption process and/or the encryption type of hard encryption; the key data are characterized using Pi, Ci, Si, Ni, i.e. Ki = Pi + Ci + Si + Ni, Ki representing the key data.
The parameter configuration module 1-2 generates a bit stream (bitstream) capable of reconfiguring the programmable logic unit 1-1 according to the key data, and reconfigures the bit stream to the programmable logic unit 1-1.
The programmable logic 1-1 unit reads unencrypted data in the data storage module 2-4, real-time hard encryption of the data is realized through the unencrypted data through an encryption algorithm, and the encrypted data are transmitted to the data storage module 2-4.
The encryption and decryption algorithm realized by the programmable logic unit 1-1 can adopt an improved DES encryption algorithm, and the iteration characteristic of the DES algorithm makes the DES algorithm suitable for design by adopting cycle full-open and a pipeline structure. The key data Ki is used as a part of a 64-bit key to generate a sub-key, and a logic circuit is used for completing S box design, so that 16 times of cyclic iteration of a DES algorithm can be unlocked to be 16-stage pipeline data block encryption, and 16 data blocks can be simultaneously encrypted. Therefore, after 16 rounds of time delay, one data block is coded and a ciphertext block is output in each round of time delay.
Example 2
As shown in fig. 3, an unattended financial indoor safety early warning method adopts the above system and includes the following steps:
step one, collecting safety information, wherein the safety information comprises login data of a computer operator, operation data types and network conditions.
And step two, generating key data according to the collected safety information.
And step three, reconfiguring a hard encryption mode, generating a new bit stream according to the key data, and reconfiguring the bit stream into the programmable logic unit 1-1 to change the encryption mode of the encryption algorithm in the programmable logic unit 1-1.
And step four, transmitting the encrypted security data to cloud storage for backup storage.
And step five, logging in cloud storage to obtain the security data, and accessing the backup key data in the corresponding computer 2 in the local area network through the local area network to realize decoding of the corresponding security data so as to realize security access of the data.
The specific implementation manner of generating the key data in the second step is as follows: the data of security information 2-1 such as computer operator login data (Pi), account or password data (Ci) of a system user or an administrator, data type (Si) of operation, network condition (Ni) and the like are respectively represented by a plurality of bits, and then key data is represented by a combination of the plurality of bits of the security information data.
Example 3
In this embodiment, the rest is the same as embodiment 2, except that: the encryption algorithm in the third step adopts a DES algorithm, and the sub-key generated in advance consists of the key data in the second step.
Example 4
In this embodiment, the rest is the same as embodiment 2, except that: the key data in step two also needs to be stored to the computer 2 for decoding of the security data.
Example 5
In this embodiment, the rest is the same as embodiment 2, except that: the safety information in the step one is also used for judging whether new key data are generated to realize the reconfiguration of the programmable logic unit 1-1, if the safety information represents no risk, the new key data do not need to be generated, namely, the safety can be ensured by adopting the original data encryption mode; if the safety information represents the risk such as abnormal login of a computer operator, continuous error of password data, network attack and the like, new key data needs to be generated to reconfigure the programmable logic unit 1-1 to realize a new encryption mode, the original important data is re-encrypted, and the key party needing the new key data can decrypt the encrypted data. And update the data in the cloud storage to the newly encrypted secure data.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (6)
1. The financial informatization data processing method based on encryption is characterized by comprising the following steps:
firstly, collecting safety information, wherein the safety information comprises login data of a computer operator, an operation data type and a network condition;
secondly, generating key data according to the collected safety information;
step three, reconfiguring a hard encryption mode, generating a new bit stream according to the key data, and reconfiguring the bit stream into a programmable logic unit to realize the change of an encryption algorithm encryption mode in the programmable logic unit;
step four, the encrypted security data are transmitted to cloud storage for backup storage;
and step five, logging in cloud storage to obtain the security data, and accessing the backup key data in the corresponding computer in the local area network through the local area network to realize decoding of the corresponding security data so as to realize security access of the data.
2. The encryption-based financial informationized data processing method of claim 1, wherein the encryption algorithm in step three employs a DES algorithm, and the pre-generated sub-key is composed of the key data in step two.
3. The financial informationized data processing method based on encryption according to claim 1 or 2, wherein the security information in the first step is further used for judging whether to generate new key data to implement reconfiguration of the programmable logic unit, and if the security information represents no risk, the security can be ensured by adopting an original data encryption mode without generating new key data.
4. An encryption-based financial informatization data processing method according to claim 1, wherein different computers in the local area network have different data encryption modes, and require different key data as keys to decrypt.
5. The encryption-based financial informatization data processing method of claim 3, wherein if the security information is characterized as risky, new key data needs to be generated to reconfigure the programmable logic unit to implement a new encryption mode, the original important data is re-encrypted, a new key data key is needed to decrypt and update the data in the cloud storage to the newly encrypted security data.
6. The encryption-based financial information data processing method according to claim 4 wherein the secure data in each local data storage module is encrypted and updated to the cloud storage module when an attack occurs.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010297434.8A CN111460483A (en) | 2020-04-16 | 2020-04-16 | Financial informatization data processing method based on encryption |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010297434.8A CN111460483A (en) | 2020-04-16 | 2020-04-16 | Financial informatization data processing method based on encryption |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111460483A true CN111460483A (en) | 2020-07-28 |
Family
ID=71683903
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010297434.8A Pending CN111460483A (en) | 2020-04-16 | 2020-04-16 | Financial informatization data processing method based on encryption |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111460483A (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1627682A (en) * | 2003-12-12 | 2005-06-15 | 华为技术有限公司 | Method for creating dynamic cipher at time of building connection in network transmission |
CN101005357A (en) * | 2006-12-28 | 2007-07-25 | 北京飞天诚信科技有限公司 | Method and system for updating certification key |
CN101340279A (en) * | 2008-07-09 | 2009-01-07 | 深圳市金蝶移动互联技术有限公司 | Method, system and apparatus for data ciphering and deciphering |
US20180295147A1 (en) * | 2015-12-16 | 2018-10-11 | Panasonic Intellectual Property Corporation Of America | Security processing method and server |
CN108833336A (en) * | 2018-04-18 | 2018-11-16 | 北京百度网讯科技有限公司 | Data processing method, device, computer equipment and storage medium |
CN109948322A (en) * | 2018-10-25 | 2019-06-28 | 贵州财经大学 | Localize the personal cloud storage data assurance case apparatus and method of encryption protection |
-
2020
- 2020-04-16 CN CN202010297434.8A patent/CN111460483A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1627682A (en) * | 2003-12-12 | 2005-06-15 | 华为技术有限公司 | Method for creating dynamic cipher at time of building connection in network transmission |
CN101005357A (en) * | 2006-12-28 | 2007-07-25 | 北京飞天诚信科技有限公司 | Method and system for updating certification key |
CN101340279A (en) * | 2008-07-09 | 2009-01-07 | 深圳市金蝶移动互联技术有限公司 | Method, system and apparatus for data ciphering and deciphering |
US20180295147A1 (en) * | 2015-12-16 | 2018-10-11 | Panasonic Intellectual Property Corporation Of America | Security processing method and server |
CN108833336A (en) * | 2018-04-18 | 2018-11-16 | 北京百度网讯科技有限公司 | Data processing method, device, computer equipment and storage medium |
CN109948322A (en) * | 2018-10-25 | 2019-06-28 | 贵州财经大学 | Localize the personal cloud storage data assurance case apparatus and method of encryption protection |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Ghosh et al. | A survey of security in SCADA networks: Current issues and future challenges | |
EP3691216B1 (en) | Key offsite storage-based data encryption storage system and method | |
Gao et al. | SCADA communication and security issues | |
US11201872B2 (en) | Inline filtering to secure access and data between user and application to device and between device to device | |
US20030233573A1 (en) | System and method for securing network communications | |
Qiu et al. | Secure data sharing through untrusted clouds with blockchain-enhanced key management | |
CN101098224B (en) | Method for encrypting/deciphering dynamically data file | |
CN102111349A (en) | Security certificate gateway | |
CN102857520A (en) | Telnet protocol security access system and method for character terminal | |
Musa et al. | Secure security model implementation for security services and related attacks base on end-to-end, application layer and data link layer security | |
Marian et al. | Experimenting with digital signatures over a DNP3 protocol in a multitenant cloud-based SCADA architecture | |
KR101472320B1 (en) | Method for data security using secret sharing system in cloud environments | |
Junghanns et al. | Engineering of secure multi-cloud storage | |
US8316232B1 (en) | Cryptographic manager tool system | |
Ozturk et al. | SCADA security: challenges and solutions | |
CN111460483A (en) | Financial informatization data processing method based on encryption | |
CN111414281A (en) | Financial information data processing system based on encryption | |
CN115022044A (en) | Storage method and system based on multi-cloud architecture | |
Jenefa et al. | A cloud storage system with data confidentiality and data forwarding | |
Marwan et al. | A cloud solution for securing medical image storage | |
Miyaho et al. | Study of a secure backup network mechanism for disaster recovery and practical network applications | |
Gaur et al. | Analyzing storage and time delay by hybrid blowfish-Md5 technique | |
KR102571495B1 (en) | Security system and method for optical transmission facilities | |
Luo et al. | Research on OPC UA Security Encryption Method | |
CN116405940A (en) | Password safety isolation protection system of mobile terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |