CN111680325A - Data escorting method and device - Google Patents
Data escorting method and device Download PDFInfo
- Publication number
- CN111680325A CN111680325A CN202010507985.2A CN202010507985A CN111680325A CN 111680325 A CN111680325 A CN 111680325A CN 202010507985 A CN202010507985 A CN 202010507985A CN 111680325 A CN111680325 A CN 111680325A
- Authority
- CN
- China
- Prior art keywords
- data
- escorting
- key
- equipment
- storage space
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 238000003860 storage Methods 0.000 claims abstract description 112
- 230000011218 segmentation Effects 0.000 claims abstract description 17
- 238000004422 calculation algorithm Methods 0.000 claims description 39
- 238000013507 mapping Methods 0.000 claims description 35
- 239000012634 fragment Substances 0.000 claims description 23
- 238000013467 fragmentation Methods 0.000 claims description 18
- 238000006062 fragmentation reaction Methods 0.000 claims description 18
- 238000012795 verification Methods 0.000 claims description 14
- 238000011084 recovery Methods 0.000 claims description 10
- 238000013524 data verification Methods 0.000 claims description 8
- 238000005516 engineering process Methods 0.000 abstract description 6
- 230000006870 function Effects 0.000 description 80
- 238000010586 diagram Methods 0.000 description 12
- 238000004590 computer program Methods 0.000 description 6
- 230000000694 effects Effects 0.000 description 4
- 238000000638 solvent extraction Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000004321 preservation Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000009826 distribution Methods 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 238000012888 cubic function Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data escorting method and a device, wherein the method comprises the following steps: the data escorting equipment acquires data to be escorting; the data escorting equipment acquires the each slicing key from the non-adjacent storage positions, and takes the key spliced by the each slicing key according to a preset splicing rule corresponding to the preset segmentation rule as an escorting key; the data escorting equipment creates a temporary storage space and stores the escorting key into the temporary storage space; and the data escorting equipment obtains the data fingerprint of the data to be escorting at least according to the escorting key and the data to be escorting in the temporary storage space, and deletes the escorting key in the temporary storage space. When the method is applied to financial technology (Fintech), the added secret key is generated only in the process of using the added secret key, so that the hidden danger of leakage of the added secret key is greatly reduced.
Description
Technical Field
The invention relates to the field of data preservation in the field of financial technology (Fintech), in particular to a data escorting method and a data escorting device.
Background
With the development of computer technology, more and more technologies are applied in the financial field, and the traditional financial industry is gradually changing to financial technology (Fintech), but because of the requirements of the financial industry on safety and real-time performance and higher requirements put forward by the technologies, the popularization of online financial transactions brings more and more convenience, but also brings some dispute risks. When a dispute occurs, it is likely that secured reliable data will need to be provided to justify the dispute, and thus, the securing of financial transaction data is essential. One important step in preserving data is to preserve the integrity of the data and verify whether the data has been tampered with maliciously.
At present, integrity is generally protected by a data key mode, data can be added through a key, and a data fingerprint is generated and then stored in a database. When disputes occur, it can be verified whether the purported data is the original actual data by comparing the data fingerprint of the purported data with the data fingerprint of the actual data, so that the data fingerprint is a verification certificate of the data. In this process, the importance of key security is self evident. If the secret key is leaked to an attacker, the attacker can also generate a data fingerprint corresponding to the maliciously-tampered data to be implanted into the database by the attacker through the secret key to add the data which is maliciously tampered with, and the data which shows the maliciously-tampered with can also pass verification in disputes, which is undoubtedly a great potential safety hazard. However, when data is currently secured, the key is usually loaded completely into the data area, so that the key completely resides in the data area, and during the process of swapping in and out of the storage of the system, a complete trace may be left on the disk, and during this process, the key may be analyzed and utilized by a hacker. Therefore, when the existing key is used, the key has a large hidden danger of leakage, which is a problem to be solved urgently.
Disclosure of Invention
The invention provides a data encryption method and device, which solve the problem that when an encryption key is used, the encryption key has large hidden danger of leakage in the prior art.
In a first aspect, the present invention provides a data escorting method, including: the data escorting equipment acquires data to be escorting; the data escorting equipment stores each fragmented key after the main key is fragmented according to a preset fragmentation rule in each non-adjacent storage position; the data escorting equipment acquires the each slicing key from the non-adjacent storage positions, and takes the key spliced by the each slicing key according to a preset splicing rule corresponding to the preset segmentation rule as an escorting key; the data escorting equipment creates a temporary storage space and stores the escorting key into the temporary storage space; and the data escorting equipment obtains the data fingerprint of the data to be escorting at least according to the escorting key and the data to be escorting in the temporary storage space, and deletes the escorting key in the temporary storage space.
In the above manner, the data escrow device does not store the master key completely in the data area for a long time, but stores the fragment keys obtained by segmenting the master key according to the preset segmentation rule in the non-adjacent storage positions in advance, so that the fragment keys are difficult to be analyzed together, after the data escrow device obtains the data to be escrowed, the data escrow device creates a temporary storage space, then obtains the fragment keys from the non-adjacent storage positions temporarily, and temporarily forms an escrow key, stores the escrow key in the temporary storage space, and then the data escrow device obtains the data fingerprint of the data to be escrowed according to at least the escrow key and the data to be escrowed in the temporary storage space, and deletes the escrow key in the temporary storage space, thereby escrowing the data to be escrowed, the data escorting equipment generates the escorting key only in the process of using the escorting key, thereby greatly reducing the hidden danger of leakage of the escorting key.
Optionally, before the data escorting device acquires the data to be escorting, the data escorting device performs segmentation according to the following preset segmentation rules to obtain the segment keys: and the data escorting equipment combines the characters at the set positions of the fragments in the main key to be used as the fragment keys.
In the method, the slicing key is split by setting the position, so that the slicing key is simple and efficient when being spliced.
Optionally, before the data mortgage device obtains the data to be mortgaged, the data mortgage device obtains the master key according to the following method: the data escorting equipment acquires t sub-keys and an original image from n sub-keys of a key center; each sub-key in the n sub-keys is a function value obtained by the original image of the sub-key according to the mapping relation of a t-1 degree polynomial function; t and n are both positive integers greater than 2, and t is less than n; the data escorting equipment determines the mapping relation of the t-1 th-order polynomial function according to the t sub-keys and the primary image; and the data escorting equipment takes a function value obtained by a preset random number according to the mapping relation of the t-1 th-order polynomial function as the main key.
In the method, the data escorting equipment can determine the mapping relation of the t-1-degree polynomial function through t sub-keys and the original image in n sub-keys in the key center, and when n sub-keys are leaked less than t and n sub-keys are lost less than n-t, the data escorting equipment can safely determine the mapping relation of the t-1-degree polynomial function so as to obtain the main key, thereby reducing the leakage risk of the main key.
Optionally, the n sub-keys are generated as follows: taking n random numbers as an original image of the mapping relation of the t-1-degree polynomial function, and taking a function value obtained by the n random numbers according to the mapping relation of the t-1-degree polynomial function as the n sub-keys; the mapping relation of the t-1 degree polynomial function is generated by using t different random numbers as each degree coefficient and constant term of the t-1 degree polynomial function by the key center.
In the above manner, the mapping relationship of the t-1 th-order polynomial function is generated by using t different random numbers as each of the polynomial coefficients and constant terms of the t-1 th-order polynomial function in the key center, that is, the t-1 th-order polynomial is randomly generated based on t different random numbers, and the n random numbers are used as the functional values obtained by using the n random numbers as the original images of the mapping relationship of the t-1 th-order polynomial function as the n sub-keys, so that the randomness of the generation of the n sub-keys is increased, and the n sub-keys are difficult to forge and crack.
Optionally, the data escorting device obtains the data fingerprint of the data to be escorting at least according to the escorting key and the data to be escorting in the temporary storage space, and includes: and the data adding and escorting equipment takes the adding and escorting key in the temporary storage space as a key in a Hash operation message authentication code hmac algorithm, takes the data to be added and the data spliced at the preset moment as messages in the hmac algorithm, and generates the data fingerprint of the data to be added and escorting according to the hmac algorithm.
In the above mode, the data to be added and the data spliced at the preset time are used as the information in the hmac algorithm, so that the binding relationship between the data to be added and the data fingerprint of the data to be added and the preset time is established, the hmac algorithm can better protect the original information privacy, and the adding and adding secret key is difficult to analyze according to the data fingerprint of the data to be added and added.
In a second aspect, the present invention provides a data escorting method, including: the data escorting equipment acquires data to be verified; the data escorting equipment stores each fragmented key after the main key is fragmented according to a preset fragmentation rule in each non-adjacent storage position; the data escorting equipment acquires the each slicing key from the non-adjacent storage positions, and takes the key spliced by the each slicing key according to a preset splicing rule corresponding to the preset segmentation rule as an escorting key; the data escorting equipment creates a temporary storage space and loads the escorting key to the temporary storage space; the data escorting equipment obtains a data fingerprint of the data to be verified at least according to the escorting key and the data to be verified in the temporary storage space; and if the data escorting equipment determines that the data fingerprint of the data to be verified is consistent with the data fingerprint of the escorting data corresponding to the data to be verified, determining that the data to be verified passes the verification.
In the above manner, the data escrow device does not store the master key completely in the data area for a long time, but stores the fragment keys obtained by segmenting the master key according to the preset segmentation rule in the non-adjacent storage positions in advance, so that the fragment keys are difficult to be analyzed together, after the data escrow device obtains the data to be verified, the data escrow device creates a temporary storage space, then obtains the fragment keys from the non-adjacent storage positions temporarily, and forms escrow keys temporarily, stores the escrow keys in the temporary storage space, and then obtains the data fingerprint of the data to be verified according to at least the escrow keys and the data to be verified in the temporary storage space, and verifies the data to be verified, the data escrow device generates an escrow key only in the process of using the escrow key, thereby greatly reducing the hidden danger of the leakage of the added and secured key.
Optionally, the data escorting device obtains a data fingerprint of the data to be verified at least according to the escorting key and the data to be verified in the temporary storage space; the method comprises the following steps: and the data adding and escorting equipment takes the added and escorting key in the temporary storage space as a key in a Hash operation message authentication code hmac algorithm, takes the data which is spliced at the preset moment corresponding to the data to be verified and the added and escorting data as a message in the hmac algorithm, and generates the data fingerprint of the data to be verified according to the hmac algorithm.
In the above manner, the data after splicing the data to be verified and the preset time is used as the message in the hmac algorithm, so that the binding relationship between the data to be verified and the data fingerprint of the data to be verified and the preset time is established, the hmac algorithm can better protect the original message privacy, and the added security key is difficult to be analyzed according to the data fingerprint of the data to be verified.
Optionally, the data escorting device recovers a polynomial function of degree t-1 according to the following recovery formula:
wherein x isiIs that
Wherein f (x) is the polynomial function of degree t-1, t is the total number of each sub-term coefficient and constant term of f (x), p is an integer greater than 2,
refers to a set of positive integers less than or equal to p, mod represents the modulo operation; and the data escorting equipment substitutes a preset random number into the function value obtained by the t-1 th-order polynomial function to be used as the main key.
In the above manner, the t-1 th order polynomial function is recovered by recovering the formula and t different random numbers and function values, and siThe function value obtained according to the original f (x) is more original data, so that the t-1 degree polynomial function obtained by restoring the formula is more reliable, and the more reliable master key is directly obtained.
In a third aspect, the present invention provides a data escorting apparatus, including: the acquisition module is used for acquiring data to be added as escort; storing each partitioned key after the main key is partitioned according to a preset partitioning rule in each non-adjacent storage position; acquiring the slicing keys from the non-adjacent storage positions, and using keys spliced by the slicing keys according to a preset splicing rule corresponding to the preset segmentation rule as encryption keys; the escorting module is used for creating a temporary storage space and storing the escorting key into the temporary storage space; the data fingerprint of the data to be added and saved is obtained at least according to the key to be added and saved and the data to be added and saved in the temporary storage space, and the key to be added and saved in the temporary storage space is deleted.
Optionally, before the data to be added is obtained, the obtaining module is further configured to: and splitting according to the following preset splitting rules to obtain each split key: and combining the characters at the set positions of the fragments in the master key to serve as the fragment keys.
Optionally, before the data to be added is obtained, the obtaining module is further configured to: the master key is obtained as follows: the data escorting equipment acquires t sub-keys and an original image from n sub-keys of a key center; each sub-key in the n sub-keys is a function value obtained by the original image of the sub-key according to the mapping relation of a t-1 degree polynomial function; t and n are both positive integers greater than 2, and t is less than n; the data escorting equipment determines the mapping relation of the t-1 th-order polynomial function according to the t sub-keys and the primary image; and taking a function value obtained by a preset random number according to the mapping relation of the t-1 th-order polynomial function as the main key.
Optionally, the n sub-keys are generated as follows: taking n random numbers as an original image of the mapping relation of the t-1-degree polynomial function, and taking a function value obtained by the n random numbers according to the mapping relation of the t-1-degree polynomial function as the n sub-keys; the mapping relation of the t-1 degree polynomial function is generated by using t different random numbers as each degree coefficient and constant term of the t-1 degree polynomial function by the key center.
Optionally, the adding and escorting module is specifically configured to: and taking the added and secured key in the temporary storage space as a key in a Hash operation message authentication code hmac algorithm, taking the data to be added and the data spliced at the preset moment as messages in the hmac algorithm, and generating the data fingerprint of the data to be added and secured according to the hmac algorithm.
The advantageous effects of the optional apparatuses in the third aspect and the third aspect may refer to the advantageous effects of the optional methods in the first aspect and the first aspect, and are not described herein again.
In a fourth aspect, the present invention provides a data escorting apparatus, including: the acquisition module is used for acquiring data to be verified; storing each partitioned key after the main key is partitioned according to a preset partitioning rule in each non-adjacent storage position; acquiring the slicing keys from the non-adjacent storage positions, and using keys spliced by the slicing keys according to a preset splicing rule corresponding to the preset segmentation rule as encryption keys; the verification module is used for creating a temporary storage space and loading the added key into the temporary storage space; obtaining a data fingerprint of the data to be verified at least according to the escorting secret key and the data to be verified in the temporary storage space; and if the data fingerprint of the data to be verified is consistent with the data fingerprint of the added data corresponding to the data to be verified, determining that the data to be verified passes the verification.
Optionally, the verification module is specifically configured to: and taking the added and secured key in the temporary storage space as a key in a Hash operation message authentication code hmac algorithm, taking the data which is spliced at the preset moment corresponding to the data to be verified and the added and secured data as a message in the hmac algorithm, and generating the data fingerprint of the data to be verified according to the hmac algorithm.
Optionally, the obtaining module is specifically configured to: recovering the t-1 degree polynomial function according to the following recovery formula:
wherein x isiIs that
Wherein f (x) is the polynomial function of degree t-1, t is the total number of each sub-term coefficient and constant term of f (x), p is an integer greater than 2,
refers to a set of positive integers less than or equal to p, mod represents the modulo operation; and substituting a preset random number into the function value obtained by the t-1 th-order polynomial function to serve as the main key.
The advantageous effects of the optional apparatuses in the fourth aspect and the fourth aspect may refer to the advantageous effects of the optional methods in the second aspect and the second aspect, and are not described herein again.
In a fifth aspect, the present invention provides a computer apparatus comprising a program or instructions which, when executed, is operable to perform the first or second aspects and various alternative methods described above.
In a sixth aspect, the present invention provides a storage medium comprising a program or instructions which, when executed, is operable to carry out the first or second aspect and various alternative methods described above.
Drawings
Fig. 1 is a schematic diagram illustrating an architecture of a data escort method according to an embodiment of the present disclosure;
fig. 2 is a schematic flowchart illustrating steps of a data escorting method according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a data escorting apparatus according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a data escorting apparatus according to an embodiment of the present application.
Detailed Description
In order to better understand the technical solutions, the technical solutions will be described in detail below with reference to the drawings and the specific embodiments of the specification, and it should be understood that the specific features in the embodiments and examples of the present application are detailed descriptions of the technical solutions of the present application, but not limitations of the technical solutions of the present application, and the technical features in the embodiments and examples of the present application may be combined with each other without conflict.
The terms and explanations appearing in the examples of the present application are listed first below.
The key sharing scheme is as follows: a key is divided into a plurality of subkeys, and each member of the plurality of members is then allowed to store one subkey. When the key is required to be recovered, the required key can be recovered according to a set recovery algorithm after more than a certain number of members in the plurality of members take out the subkeys respectively held by the members, and the key sharing enables the key holder to safely and effectively share the plurality of keys.
Data adding: according to a cryptographic algorithm, data is encrypted through a secret key to generate a data fingerprint specific to the data, so that a binding relationship is established with the data, and whether the data is maliciously tampered or not is verified.
And (3) data preservation: and storing and preserving the data. When disputes occur, the data can be provided for sanctioning. In the process of arbitration, it is often compared whether the data fingerprint encrypted by the key data is consistent with the temporarily generated data fingerprint.
In the operation process of financial institutions (banking institutions, insurance institutions or security institutions) for carrying out services (such as loan services and deposit services of banks, etc.), the popularization of online financial transactions brings more and more convenience, but also brings some dispute risks. When a dispute occurs, it is likely that reliable secured data needs to be provided, and therefore, the securing of financial transaction data is essential.
At present, integrity is generally protected by a data key mode, data can be added through a key, and a data fingerprint is generated and then stored in a database. However, when data is currently secured, a key is usually loaded into the global data area, so that the key resides in the global data area, and during the process of swapping in and out of the storage of the system, a complete trace may be left on the disk, and during this process, the key may be analyzed and utilized by a hacker. This situation is not in accordance with the requirements of financial institutions such as banks, and the safe operation of various services of the financial institutions cannot be ensured. Therefore, the application provides a data escorting method. Fig. 1 is a schematic diagram illustrating an architecture of a data escort method according to the present application. The architecture diagram shown in fig. 1 includes 3 bodies.
The key center: the key center is a key generator and manager, and provides a key for adding data. The carrier of the key center may be a key device.
Data escorting system: the data adding and saving system is a system for executing data adding and saving, and after the data adding and saving system obtains the key, the data adding and saving system needs to add and save the data (such as receiving a security request of a user). And calling the key in a safe mode, and adding the data to be added with the key to generate the data fingerprint uniquely mapped by the data to be added with the key. After the data fingerprint of the data to be added is generated, if the related dispute of the data to be added subsequently occurs, the data fingerprint obtained by adding the key again can be consistent with the data fingerprint obtained by the original data to be added unless the data with consistent data to be added is provided, so that the data provided during dispute can be certified whether the data is the data to be added. The carrier of the data escrow system may be a data escrow device.
The user: and (4) a demander for data verification when data is preserved or disputed. The user's bearer may be user equipment.
The following describes a data escorting method provided by the present application in detail through specific stages. The method is divided into 3 stages: the method comprises an initialization stage, a data escorting stage and a data verification stage. The initialization phase refers to the key center generating the key. And the data adding system obtains the key. The data adding and escorting stage refers to the stage of the data adding and escorting system adding and escorting the data to be added and escorting the data according to the secret key. The data verification stage refers to a stage of verifying whether the data to be verified of the user is the data to be added by the data adding and escorting system. Each stage is described in detail below.
An initialization stage:
the key center generates a key. The specific generation method may be various, such as generating a random number as the key, generating a plurality of random numbers, and generating the key according to the generated plurality of random numbers. An alternative embodiment (hereinafter referred to as an alternative embodiment of the random number generation key) is as follows:
the key center takes t different random numbers as each subnomial coefficient and constant item of the t-1 subnomial function, so as to generate the mapping relation of the t-1 subnomial function; a random number is preset in the key center, and a function value generated according to the mapping relation of the t-1 th-order polynomial function is used as a main key; taking n random numbers as an original image of the mapping relation of the t-1-degree polynomial function, and taking a function value obtained by the n random numbers according to the mapping relation of the t-1-degree polynomial function as n sub-keys; t and n are both positive integers greater than 2, and t is less than n.
For example, an alternative embodiment of the random number generation key may be more specifically as follows:
step (1-1): the key center selects t different random numbers a in a predetermined random number rangei(i=0,…,t-1)。
For example, in step (1-1), the key center randomly selects a large prime number p (e.g., a prime number of more than 128 of 2), and randomly takes t small numbersPrime number in p
Representing a set of positive integers less than p.
Step (1-2): the key center generates t different random numbers a according to the preset random number rangeiAnd determining a polynomial function of degree t-1.
For example, the t-1 degree polynomial function is specifically as follows:
f(x)=(a0+a1x1+a2x2+…+at-1xt-1) mod p, where mod represents the modulo operation.
Step (1-3): the key center takes a preset random number as a main key according to a function value generated by the t-1 th-order polynomial function; t is a positive integer.
For example, the predetermined random number is 0, and the master key is s ═ f (0) ═ a0I.e. a0As the master key s, f (1) is changed to a0+a1+…+at-1F (1) is used as the master key s.
Step (1-4): and the key center takes a function value generated by each random number in the n random numbers according to a t-1 degree polynomial function as a sub-key of the main key according to the n random numbers in a preset random number range.
For n users, n random numbers are respectively selected
Calculating function values s of n random numbersi=f(xi) Wherein (i ═ 1, 2., n). Will siThe n administrators distributed to the key center as subkeys are kept secret, and the polynomial coefficient a can be destroyed immediately after distribution for safetyi。
It should be noted that, according to the conclusion of the solution of the linear equation set, t unknowns require t linearly independent equation sets to be solved, so s can be recovered by t sub-keys provided by t administrators in the key center subsequently. Specifically, f (x) can be recovered by the following formula (hereinafter referred to as a recovery formula):
obviously, the final master key can be obtained by substituting the preset random number into f (x).
The key center may be capable of associating x withi(i 1, 2., n) to the data escrow system, and saved as a parameter of the data escrow system. It should be noted that, the data escrow system needs a certain condition to start, and the data escrow system has the key s to perform data escrow.
An alternative implementation of the process of data escort system startup is as follows:
the data escorting equipment acquires t sub-keys and an original image from n sub-keys of a key center; each sub-key in the n sub-keys is a function value obtained by the original image of the sub-key according to the mapping relation of a t-1 degree polynomial function; t and n are both positive integers greater than 2, and t is less than n; the data escorting equipment determines the mapping relation of the t-1 th-order polynomial function according to the t sub-keys and the primary image; and the data escorting equipment takes a function value obtained by a preset random number according to the mapping relation of the t-1 th-order polynomial function as the main key.
Specifically, the data escorting system starts up at least t administrators in n administrators requiring a key center to participate, and x can be stored in advancei(i ═ 1, 2.., n), receiving subkeys s corresponding to t administratorsiWhere (i ═ 1,2, …, t), or (x) may be received directlyi,si)。
After the data adding system collects the received information, f (x) can be recovered through a recovery formula,
and calculates the master key s. Calculating the master key at initialization reduces subsequent generation of data fingerprintsAnd calculating the overhead.
The method adopts a threshold scheme, improves the fault tolerance of the data escorting system, allows a small amount of sub-keys to be leaked and lost, adopts the (t, n) threshold scheme to produce the main key, can recover the main key when t is met, completes data preservation and verification, allows a certain amount of keys to be lost and leaked, and has strong fault tolerance.
After the data escorting system calculates the master key s, the s needs to be stored, and the specific storage mode can be various, such as directly storing the master key or storing the master key in a fragmentation manner; from the storage sequence level, s can be stored in the temporary variables on the stack, and after s is stored persistently, the temporary variables on the stack where s is stored are destroyed.
An alternative implementation of sharded master key storage is as follows:
and the data escorting equipment combines the characters at the set positions of the fragments in the main key to be used as the fragment keys. It should be noted that the set position of each fragment is a combination of one or more bits in the master key. For example, the master key includes 1 to 100 bits, and the combination of the 1 st bit and the 11 th bit … and the 91 st bit is a slice setting position.
In particular, the sharded master key store may be: after the data escorting system receives the subkeys of each key manager, a temporary variable is generated on a stack by a recovery formula of a generating function and is used for storing a main key, the data escorting system divides the main key into each fragment key and divides s into d (k) parts1,…kd) And d is a positive integer larger than 2, storing the structural variables of the non-adjacent storage positions, wherein the structural variables refer to variables of the persistent storage space, and then destroying and releasing the variables of the non-adjacent storage positions to complete system initialization.
The preset segmentation rule can be realized in various ways:
for example, the master key is a character of R bits (R is a positive integer), and a combination of bits of characters having the same result of fixed values of the respective bits of the digital-analog of the master key is used as each slice key. If R is 100, the fixed value is 10, and the numbers of bits 1 and 11 th … are modulo 10 to each obtain 1, the combination of characters of the same bits as the 1 st and 11 th … and 91 st bits is used as the 1 st slicing key, and correspondingly, the combination of characters of the same bits as the 2 nd and 12 th … and 92 nd bits is used as the 2 nd slicing key …, and so on.
For another example, characters of adjacent digits of the master key are used as a slicing key. For example, when R is 100 bits, the 1 st bit character is used as the 1 st fragmentation key, the 2 nd to 3 rd bit characters are used as the 2 nd fragmentation key, the 4 th to 6 th bits are used as the 3 rd fragmentation key, …, the 79 th to 91 th bits are used as the 13 th fragmentation key, and the 92 th to 100 th bits are used as the 14 th fragmentation key. The number of bits of the master key can be complemented, and the intercepted number of bits is recorded, for example, 92 th bit to 100 th bit, and 5 complementing characters are added to be used as a 14 th slicing key. More specifically, characters adjacent to a fixed number of bits of the master key are directly used as a fragmentation key, and if R is 100 bits and the adjacent fixed number of bits is 5, the 1 st to 5 th bits of characters are used as a 1 st fragmentation key, the 6 th to 10 th bits of characters are used as a 2 nd fragmentation key, the 11 th to 15 th bits are used as a 3 rd fragmentation key, …, and the 96 th to 100 th bits are used as a 20 th fragmentation key.
Obviously, each implementation manner in the preset splitting rules has an implementation manner of a corresponding preset splicing rule, the preset splicing rule refers to a rule how each split key is spliced into a master key, for example, a combination of each character with the same result of each digital-to-analog fixed value of the master key is used as an implementation manner of each split key, when R is 100, the fixed value is 10, digits of 1 st digit and … th digit of 11 th digit modulo 10 are all 1, the 1 st digit of the 1 st split key and the 1 st digit of the 2 nd split key are spliced together in sequence until the 1 st digit of the 10 th split key is spliced together in sequence to obtain the 1 st to 10 th digits of the master key, correspondingly, the 2 nd digit of the 1 st split key and the 2 nd digit of the 2 nd split key are spliced together in sequence until the 2 nd digit of the 10 th split key is spliced together to obtain the 11 th to 20 th digits of the master key, and the rest of corresponding implementation manners can be analogized in sequence, and will not be described in detail herein.
The data adding and escorting system adopts a fragmentation storage form, only temporarily stores and loads as required, greatly reduces the exposure risk of the main key, enhances the use safety of the main key, ensures the integrity of the data based on a key fragmentation data adding and escorting protection method, prevents the data which is maliciously tampered from being added and escorted,
after the initialization stage, the data escorting system can execute data escorting after obtaining the key, and the specific process is detailed in the data escorting stage.
And (3) data adding stage:
fig. 2 illustrates a data mortgage phase according to the present application.
Step 201: and the data escorting equipment acquires the data to be escorting.
The data escorting equipment stores the slicing keys of the main key after being sliced according to the preset slicing rule in the non-adjacent storage positions.
Step 202: and the data escorting equipment acquires the each fragment key from the non-adjacent storage positions, and takes the key spliced by the each fragment key according to a preset splicing rule corresponding to the preset segmentation rule as the escorting key.
Step 203: and the data escorting equipment creates a temporary storage space and stores the escorting key into the temporary storage space.
Step 204: and the data escorting equipment obtains the data fingerprint of the data to be escorting at least according to the escorting key and the data to be escorting in the temporary storage space, and deletes the escorting key in the temporary storage space.
The steps 201 to 204 can be triggered by the user as follows:
and after the user equipment executes the transaction, generating transaction data as the data to be added. The user equipment sends a data escorting request to the data escorting equipment, so that the data to be escorting is escorted through the data escorting equipment.
The data pledge request includes data to be pledged. And the data escorting request indicates the data escorting equipment to escort the data to be escorting.
In step 202, in particular, temporary storage is then created on the stackSpace, said data escorting device will store in different storage locations (k)1,…kd) And splicing and recovering the master key s, and putting the master key s into a temporary storage space on the stack, wherein the specific splicing process can refer to an implementation mode of a preset splicing rule in an initialization stage, and details are not repeated here.
An alternative implementation of step 203 is as follows:
and the data adding and escorting equipment takes the adding and escorting key in the temporary storage space as a key in a Hash operation message authentication code hmac algorithm, takes the data to be added and the data spliced at the preset moment as messages in the hmac algorithm, and generates the data fingerprint of the data to be added and escorting according to the hmac algorithm.
For example, after receiving the data m to be added, the data adding device takes the current time as the preset time l, m, s as the input parameter of the hmac algorithm, calculates the data fingerprint sig of the data to be added as hmac (s, m | | | l) (after m and l are spliced, calculates the data fingerprint of the data to be added by using the master key s), generates the data fingerprint sig corresponding to the data to be added, and then destroys the temporary storage space of the master key. It should be noted that the hmac algorithm is adopted in the data escorting process, so that the calculation overhead is low and the data integrity can be effectively ensured.
It should be noted that the preset time may be temporarily allocated by the data escorting device for the data to be escorting, and when the user triggers data escorting according to the data escorting request mode, the preset time may also be included in the data escorting request.
After step 203 is executed as in the above embodiment, the data escorting apparatus may store the identifier of the data to be escorting and the data fingerprint of the data to be escorting together. More specifically, the data escorting device may store the identifier of the data to be escorting, the preset time, and the data fingerprint of the data to be escorting together, so as to establish a binding relationship between the identifier of the data to be escorting and the data fingerprint of the data to be escorting. Through the solidified storage of the three, a basis can be provided for inquiry and verification when a subsequent dispute is generated, and the data escorting process is finished.
A data verification stage:
when disputes occur, the user provides data to be verified for waiting, and integrity verification is carried out according to data fingerprints of the data to be added and generated in the data adding and escorting process. An alternative embodiment is as follows:
step (3-1): and the data escorting equipment acquires the data to be verified.
The data escorting equipment stores the slicing keys of the main key after being sliced according to the preset slicing rule in the non-adjacent storage positions.
Step (3-2): and the data escorting equipment acquires the each fragment key from the non-adjacent storage positions, and takes the key spliced by the each fragment key according to a preset splicing rule corresponding to the preset segmentation rule as the escorting key.
Step (3-3): and the data escorting equipment creates a temporary storage space and loads the escorting key into the temporary storage space.
Step (3-4): and the data escorting equipment obtains the data fingerprint of the data to be verified at least according to the escorting key and the data to be verified in the temporary storage space.
Step (3-5): and if the data escorting equipment determines that the data fingerprint of the data to be verified is consistent with the data fingerprint of the escorting data corresponding to the data to be verified, determining that the data to be verified passes the verification.
The alternative embodiment described in the above steps (3-1) to (3-5) can be triggered by the user in the following manner:
and the user equipment sends a data verification request to the data escorting equipment, so that the data to be verified is verified through the data escorting equipment. The data verification request comprises data to be verified. And the data verification request indicates the data escorting equipment to verify the data to be verified.
It should be noted that, if the data escrow device does not store each fragment key, for the case that the master key needs to be regenerated, reference may be made to the process of generating the master key when the data escrow system is started in the initialization process, which is not described herein again.
It should be noted that, the master key mentioned in step (3-1) may also be obtained by substituting a preset random number after f (x) is recovered by a recovery formula, where the recovery formula is:
wherein x isiIs that
T is the coefficient of each time item of f (x) and the total number of constant items. For example, f (x) is a cubic function, f (x) is the number of coefficients of each time term of 3, the constant term is 1, and t is 4. Namely, it is
p is an integer greater than 2, and in particular, p is a large prime number (e.g., a prime number greater than 2^ 1024),
is a set of integers less than p and, more particularly,
may be a set of prime numbers smaller than p. si=f(xi) Is selected xiAnd (4) obtaining a function value according to the relation f.
In the above manner, the t-1 th order polynomial function is recovered by recovering the formula and t different random numbers and function values, and siThe function value obtained according to the original f (x) is more original data, so that the t-1 degree polynomial function obtained by restoring the formula is more reliable, and the more reliable master key is directly obtained.
It should be noted that, in the initial selection, n random numbers may be selected for n users respectively
At this time, (i ═ 1, 2., n), the function value s of n random numbers is calculatedi=f(xi). Will siThe n administrators distributed to the key center as subkeys are kept secret, and the polynomial coefficient a can be destroyed immediately after distribution for safetyi。
According to the conclusion of the linear equation set solution, t unknowns need t linearly independent equation sets to be solved, so s can be recovered by t sub-keys (namely t sub-keys in the original n sub-keys) provided by t administrators in the key center.
It should be noted that, in step (3-5), the determining manner of the added data corresponding to the data to be verified may be implemented by an identifier of the data to be verified, for example, the data adding device stores an identifier of the added data and a data fingerprint of the added data, where the added data corresponding to the data to be verified is the added data corresponding to the identifier that is the same as the identifier of the data to be verified.
It should be noted that, in the case that the user provides a preset time or the data escorting device determines that the data to be verified corresponds to the preset time, an optional implementation manner of the step (3-4) is as follows:
and the data adding and escorting equipment takes the added and escorting key in the temporary storage space as a key in a Hash operation message authentication code hmac algorithm, takes the data which is spliced at the preset moment corresponding to the data to be verified and the added and escorting data as a message in the hmac algorithm, and generates the data fingerprint of the data to be verified according to the hmac algorithm.
For example, after receiving the data m ' to be verified, the data escrow device takes preset time l ', m ' provided by a user and an escrow key s as input parameters of an hmac algorithm, calculates a data fingerprint sig ' of the data to be verified as hmac (s, m ' | | l ') (after m ' and l ' are spliced, calculates a data fingerprint of the data to be verified through a master key s), generates a data fingerprint sig ' corresponding to the data to be verified, compares the data fingerprint sig ' with the data sig ' to see whether the data to be verified are consistent, and if so, indicates that the data to be verified is data which has not been tampered.
As shown in fig. 3, the present invention provides a data escorting apparatus, including: the obtaining module 301 is configured to obtain data to be added as a deposit; storing each partitioned key after the main key is partitioned according to a preset partitioning rule in each non-adjacent storage position; acquiring the slicing keys from the non-adjacent storage positions, and using keys spliced by the slicing keys according to a preset splicing rule corresponding to the preset segmentation rule as encryption keys; a pledge module 302, configured to create a temporary storage space and store the pledge key in the temporary storage space; the data fingerprint of the data to be added and saved is obtained at least according to the key to be added and saved and the data to be added and saved in the temporary storage space, and the key to be added and saved in the temporary storage space is deleted.
Optionally, before the data to be added is obtained, the obtaining module 301 is further configured to: and splitting according to the following preset splitting rules to obtain each split key: and combining the characters at the set positions of the fragments in the master key to serve as the fragment keys.
Optionally, before the data to be added is obtained, the obtaining module 301 is further configured to: the master key is obtained as follows: the data escorting equipment acquires t sub-keys and an original image from n sub-keys of a key center; each sub-key in the n sub-keys is a function value obtained by the original image of the sub-key according to the mapping relation of a t-1 degree polynomial function; t and n are both positive integers greater than 2, and t is less than n; the data escorting equipment determines the mapping relation of the t-1 th-order polynomial function according to the t sub-keys and the primary image; and taking a function value obtained by a preset random number according to the mapping relation of the t-1 th-order polynomial function as the main key.
Optionally, the n sub-keys are generated as follows: taking n random numbers as an original image of the mapping relation of the t-1-degree polynomial function, and taking a function value obtained by the n random numbers according to the mapping relation of the t-1-degree polynomial function as the n sub-keys; the mapping relation of the t-1 degree polynomial function is generated by using t different random numbers as each degree coefficient and constant term of the t-1 degree polynomial function by the key center.
Optionally, the adding module 302 is specifically configured to: and taking the added and secured key in the temporary storage space as a key in a Hash operation message authentication code hmac algorithm, taking the data to be added and the data spliced at the preset moment as messages in the hmac algorithm, and generating the data fingerprint of the data to be added and secured according to the hmac algorithm.
As shown in fig. 4, the present invention provides a data escorting apparatus, including: an obtaining module 401, configured to obtain data to be verified; storing each partitioned key after the main key is partitioned according to a preset partitioning rule in each non-adjacent storage position; acquiring the slicing keys from the non-adjacent storage positions, and using keys spliced by the slicing keys according to a preset splicing rule corresponding to the preset segmentation rule as encryption keys; a verification module 402, configured to create a temporary storage space, and load the escrow key into the temporary storage space; obtaining a data fingerprint of the data to be verified at least according to the escorting secret key and the data to be verified in the temporary storage space; and if the data fingerprint of the data to be verified is consistent with the data fingerprint of the added data corresponding to the data to be verified, determining that the data to be verified passes the verification.
Optionally, the verification module 402 is specifically configured to: and taking the added and secured key in the temporary storage space as a key in a Hash operation message authentication code hmac algorithm, taking the data which is spliced at the preset moment corresponding to the data to be verified and the added and secured data as a message in the hmac algorithm, and generating the data fingerprint of the data to be verified according to the hmac algorithm.
Optionally, the obtaining module 401 is specifically configured to: recovering the t-1 degree polynomial function according to the following recovery formula:
wherein x isiIs that
Wherein f (x) is the polynomial function of degree t-1, and t is each sub-term system of f (x)The total number of number and constant terms, p is an integer greater than 2,
refers to a set of positive integers less than or equal to p, mod represents the modulo operation; and substituting a preset random number into the function value obtained by the t-1 th-order polynomial function to serve as the main key.
Embodiments of the present application provide a computer device, which includes a program or an instruction, and when the program or the instruction is executed, the computer device is configured to execute a data escorting method and any optional method provided in embodiments of the present application.
Embodiments of the present application provide a storage medium, which includes a program or an instruction, and when the program or the instruction is executed, the storage medium is configured to execute a data escorting method and any optional method provided in embodiments of the present application.
Finally, it should be noted that: as will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.
Claims (11)
1. A method for data escorting, comprising:
the data escorting equipment acquires data to be escorting; the data escorting equipment stores each fragmented key after the main key is fragmented according to a preset fragmentation rule in each non-adjacent storage position;
the data escorting equipment acquires the each slicing key from the non-adjacent storage positions, and takes the key spliced by the each slicing key according to a preset splicing rule corresponding to the preset segmentation rule as an escorting key;
the data escorting equipment creates a temporary storage space and stores the escorting key into the temporary storage space;
and the data escorting equipment obtains the data fingerprint of the data to be escorting at least according to the escorting key and the data to be escorting in the temporary storage space, and deletes the escorting key in the temporary storage space.
2. The method of claim 1, wherein before the data escorting device acquires the data to be escorting, the data escorting device performs the slicing according to the following preset slicing rules to obtain the slicing keys:
and the data escorting equipment combines the characters at the set positions of the fragments in the main key to be used as the fragment keys.
3. The method of claim 1, wherein before the data pledge device obtains the data to be pledged, the data pledge device obtains the master key by:
the data escorting equipment acquires t sub-keys and an original image from n sub-keys of a key center; each sub-key in the n sub-keys is a function value obtained by the original image of the sub-key according to the mapping relation of a t-1 degree polynomial function; t and n are both positive integers greater than 2, and t is less than n;
the data escorting equipment determines the mapping relation of the t-1 th-order polynomial function according to the t sub-keys and the primary image;
and the data escorting equipment takes a function value obtained by a preset random number according to the mapping relation of the t-1 th-order polynomial function as the main key.
4. The method of claim 3, wherein the n sub-keys are generated as follows:
taking n random numbers as an original image of the mapping relation of the t-1-degree polynomial function, and taking a function value obtained by the n random numbers according to the mapping relation of the t-1-degree polynomial function as the n sub-keys; the mapping relation of the t-1 degree polynomial function is generated by using t different random numbers as each degree coefficient and constant term of the t-1 degree polynomial function by the key center.
5. The method of any one of claims 1 to 4, wherein the data escrow device obtains a data fingerprint of the data to be escrowed based on at least the escrow key and the data to be escrowed in the temporary storage space, including:
and the data adding and escorting equipment takes the adding and escorting key in the temporary storage space as a key in a Hash operation message authentication code hmac algorithm, takes the data to be added and the data spliced at the preset moment as messages in the hmac algorithm, and generates the data fingerprint of the data to be added and escorting according to the hmac algorithm.
6. A method of data verification, comprising:
the data escorting equipment acquires data to be verified; the data escorting equipment stores each fragmented key after the main key is fragmented according to a preset fragmentation rule in each non-adjacent storage position;
the data escorting equipment acquires the each slicing key from the non-adjacent storage positions, and takes the key spliced by the each slicing key according to a preset splicing rule corresponding to the preset segmentation rule as an escorting key;
the data escorting equipment creates a temporary storage space and loads the escorting key to the temporary storage space;
the data escorting equipment obtains a data fingerprint of the data to be verified at least according to the escorting key and the data to be verified in the temporary storage space;
and if the data escorting equipment determines that the data fingerprint of the data to be verified is consistent with the data fingerprint of the escorting data corresponding to the data to be verified, determining that the data to be verified passes the verification.
7. The method of claim 6, wherein the data escrow device obtains a data fingerprint of the data to be authenticated based on at least the escrow key and the data to be authenticated in the temporary storage space; the method comprises the following steps:
and the data adding and escorting equipment takes the added and escorting key in the temporary storage space as a key in a Hash operation message authentication code hmac algorithm, takes the data which is spliced at the preset moment corresponding to the data to be verified and the added and escorting data as a message in the hmac algorithm, and generates the data fingerprint of the data to be verified according to the hmac algorithm.
8. The method of claim 6, further comprising:
the data adding and escorting equipment recovers a t-1 th-order polynomial function according to the following recovery formula:
wherein f (x) is the t-1 degree polynomial function, xiIs that
In a randomly selected random number, siIs f (x)i) T is the total number of each sub-term coefficient and constant term of f (x), p is an integer greater than 2,
refers to a set of positive integers less than or equal to p, mod represents the modulo operation;
and the data escorting equipment substitutes a preset random number into the function value obtained by the t-1 th-order polynomial function to be used as the main key.
9. A data escrow device, comprising:
the acquisition module is used for acquiring data to be added as escort; the data escorting equipment stores each fragmented key after the main key is fragmented according to a preset fragmentation rule in each non-adjacent storage position; acquiring the slicing keys from the non-adjacent storage positions, and using keys spliced by the slicing keys according to a preset splicing rule corresponding to the preset segmentation rule as encryption keys;
the escorting module is used for creating a temporary storage space and storing the escorting key into the temporary storage space; the data fingerprint of the data to be added and saved is obtained at least according to the key to be added and saved and the data to be added and saved in the temporary storage space, and the key to be added and saved in the temporary storage space is deleted.
10. A computer device comprising a program or instructions that, when executed, perform the method of any of claims 1 to 5 or 6 to 8.
11. A storage medium comprising a program or instructions which, when executed, perform the method of any one of claims 1 to 5 or 6 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010507985.2A CN111680325A (en) | 2020-06-05 | 2020-06-05 | Data escorting method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010507985.2A CN111680325A (en) | 2020-06-05 | 2020-06-05 | Data escorting method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111680325A true CN111680325A (en) | 2020-09-18 |
Family
ID=72435231
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010507985.2A Pending CN111680325A (en) | 2020-06-05 | 2020-06-05 | Data escorting method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111680325A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112084525A (en) * | 2020-10-23 | 2020-12-15 | 北京东方通科技股份有限公司 | Distributed key encryption method and device, electronic equipment and storage medium |
| CN112822010A (en) * | 2021-01-28 | 2021-05-18 | 成都信息工程大学 | Removable storage medium management method based on quantum key and block chain |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101145233A (en) * | 2006-09-12 | 2008-03-19 | 中国农业银行 | Data ciphered-mortgage transaction system, teller identification system, trans-center transaction system and method |
| CN106027245A (en) * | 2016-07-22 | 2016-10-12 | 中国工商银行股份有限公司 | Key sharing method and device |
| CN106611135A (en) * | 2016-06-21 | 2017-05-03 | 四川用联信息技术有限公司 | Storage data integrity verification and recovery method |
| CN110417543A (en) * | 2018-04-27 | 2019-11-05 | 腾讯科技(深圳)有限公司 | A kind of data ciphering method, device and storage medium |
| CN111181938A (en) * | 2019-12-20 | 2020-05-19 | 北京交通大学 | Edge calculation distributed data encryption transmission method based on fragment transmission |
| EP3654578A1 (en) * | 2018-11-16 | 2020-05-20 | SafeTech BVBA | Methods and systems for cryptographic private key management for secure multiparty storage and transfer of information |
-
2020
- 2020-06-05 CN CN202010507985.2A patent/CN111680325A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101145233A (en) * | 2006-09-12 | 2008-03-19 | 中国农业银行 | Data ciphered-mortgage transaction system, teller identification system, trans-center transaction system and method |
| CN106611135A (en) * | 2016-06-21 | 2017-05-03 | 四川用联信息技术有限公司 | Storage data integrity verification and recovery method |
| CN106027245A (en) * | 2016-07-22 | 2016-10-12 | 中国工商银行股份有限公司 | Key sharing method and device |
| CN110417543A (en) * | 2018-04-27 | 2019-11-05 | 腾讯科技(深圳)有限公司 | A kind of data ciphering method, device and storage medium |
| EP3654578A1 (en) * | 2018-11-16 | 2020-05-20 | SafeTech BVBA | Methods and systems for cryptographic private key management for secure multiparty storage and transfer of information |
| CN111181938A (en) * | 2019-12-20 | 2020-05-19 | 北京交通大学 | Edge calculation distributed data encryption transmission method based on fragment transmission |
Non-Patent Citations (3)
| Title |
|---|
| ABDELRHMAN SAYED AWAD ETC.: "Enhanced Model for Cloud Data Security based on Searchable Encryption and Hybrid Fragmentation", 2019 INTERNATIONAL CONFERENCE ON COMPUTER, CONTROL, ELECTRICAL, AND ELECTRONICS ENGINEERING (ICCCEEE), 20 April 2020 (2020-04-20) * |
| 肖亮 等: "云存储安全技术研究进展综述", 数据采集与处理, vol. 31, no. 03, 15 May 2016 (2016-05-15) * |
| 郝云芳;吴静;王立炜;: "Boneh-Boyen_1基于身份加密体制的安全密钥分发", 计算机科学, no. 1, 15 June 2012 (2012-06-15) * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112084525A (en) * | 2020-10-23 | 2020-12-15 | 北京东方通科技股份有限公司 | Distributed key encryption method and device, electronic equipment and storage medium |
| CN112822010A (en) * | 2021-01-28 | 2021-05-18 | 成都信息工程大学 | Removable storage medium management method based on quantum key and block chain |
| CN112822010B (en) * | 2021-01-28 | 2022-08-26 | 成都信息工程大学 | Removable storage medium management method based on quantum key and block chain |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111130757B (en) | Multi-cloud CP-ABE access control method based on block chain | |
| EP3961974B1 (en) | Block content editing methods and apparatuses | |
| CN102484638B (en) | Layered protection and validation of identity data delivered online via multiple intermediate clients | |
| CN110677487A (en) | Outsourcing data duplicate removal cloud storage method supporting privacy and integrity protection | |
| EP1714420B1 (en) | One way authentication | |
| CN111385084A (en) | Key management method and device for digital assets and computer readable storage medium | |
| CN107040520B (en) | Cloud computing data sharing system and method | |
| CN110011998B (en) | Identity-based multi-backup remote data holding verification method | |
| CN117349895B (en) | Block chain-based automobile financial digital archive management method and device | |
| CN103595696B (en) | The method and device that a kind of File Ownership proves | |
| JP2010231404A (en) | System, method, and program for managing secret information | |
| CN111680325A (en) | Data escorting method and device | |
| CN117155549A (en) | Key distribution method, key distribution device, computer equipment and storage medium | |
| CN110557247B (en) | Identity-based blockchain method and system | |
| CA2981202C (en) | Hashed data retrieval method | |
| CN115809459B (en) | Data protection and decryption method, system, equipment and medium of software cryptographic module | |
| CN117294484A (en) | Method, apparatus, device, medium and product for data interaction | |
| CN107947934B (en) | Fingerprint identification and authentication system and method of mobile terminal based on bank system | |
| Akshay et al. | Dynamic list based data integrity verification in cloud environment | |
| CN109922228B (en) | Ciphertext preservation method under carrier damage | |
| AU2021252194A1 (en) | Systems and methods for adaptive recursive descent data redundancy | |
| Tang et al. | Fragile watermarking based proofs of retrievability for archival cloud data | |
| CN118378240B (en) | Firmware secure start method and system | |
| CN113032816B (en) | Encrypted file searching method, device and computer readable medium | |
| CN118138354A (en) | Data integrity auditing method and system for key removal management center |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |