CN111859345A - Computer data safety storage system - Google Patents

Computer data safety storage system Download PDF

Info

Publication number
CN111859345A
CN111859345A CN202010738416.9A CN202010738416A CN111859345A CN 111859345 A CN111859345 A CN 111859345A CN 202010738416 A CN202010738416 A CN 202010738416A CN 111859345 A CN111859345 A CN 111859345A
Authority
CN
China
Prior art keywords
data
information
target
fingerprint
face image
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010738416.9A
Other languages
Chinese (zh)
Inventor
刘少强
鄂敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Aoteng Network Technology Co ltd
Original Assignee
Zhengzhou Aoteng Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Aoteng Network Technology Co ltd filed Critical Zhengzhou Aoteng Network Technology Co ltd
Priority to CN202010738416.9A priority Critical patent/CN111859345A/en
Publication of CN111859345A publication Critical patent/CN111859345A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/12Fingerprints or palmprints
    • G06V40/1365Matching; Classification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/16Human faces, e.g. facial parts, sketches or expressions
    • G06V40/172Classification, e.g. identification

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Human Computer Interaction (AREA)
  • Health & Medical Sciences (AREA)
  • Multimedia (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Oral & Maxillofacial Surgery (AREA)
  • Bioethics (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The invention relates to a computer data security storage system, which comprises an identity information acquisition module, an identity verification module, an initial data acquisition module, a data processing module, a data encryption module, an association module, a storage database, a storage module and a storage relationship establishment module. Before data storage, check data storage personnel's identity, can guarantee data storage's security, reduce the possibility that data are stolen, after authentication passes, divide into the data set of at least two kinds of different data attributes with initial data information, encrypt according to different encryption mechanisms to different data sets, even if there is some data sets to be illegally deciphered, can not cause all data sets to be deciphered yet, further reduce the stolen possibility of data, promote data storage's security, and, different encrypted data sets store in different storage areas, promote data storage's reliability, be convenient for later stage data extraction.

Description

Computer data safety storage system
Technical Field
The invention relates to a computer data security storage system.
Background
With the rapid development of computer technology, the data storage capacity is larger and larger, and the data storage security is more and more important. However, the confidentiality and security of the current data storage method are not good, and data is easily lost or stolen.
Disclosure of Invention
The invention aims to provide a computer data security storage system which is used for solving the problems of poor confidentiality and poor security of the existing data storage method.
In order to solve the problems, the invention adopts the following technical scheme:
a computer data secure storage system comprising:
the identity information acquisition module is used for acquiring actual face image information and actual fingerprint information of a data storage person;
the identity verification module is used for inputting the actual face image information into a preset face image database, judging whether the actual face image information is certain face image information in the face image database, and if the actual face image information is the certain face image information in the face image database, acquiring first target identity information corresponding to the certain face image information; the face image database comprises at least two pieces of face image information and first identity information corresponding to the face image information, and the face image information in the face image database is face image information of people with data storage authority; inputting the actual fingerprint information into a preset fingerprint database, judging whether the actual fingerprint information is certain fingerprint information in the fingerprint database, and if the actual fingerprint information is the certain fingerprint information in the fingerprint database, acquiring second target identity information corresponding to the certain fingerprint information; the fingerprint database comprises at least two pieces of fingerprint information and second identity information corresponding to the fingerprint information, and the fingerprint information in the fingerprint database is the fingerprint information of the person with the data storage authority; comparing the first target identity information with the second target identity information, and if the first target identity information and the second target identity information are the same identity information, judging that the identity information of the data storage personnel is verified;
the initial data acquisition module is used for acquiring initial data information if the identity information of the data storage personnel passes the verification;
the data processing module is used for dividing the initial data information into at least two data sets with different data attributes according to the data attributes, wherein each data set comprises data with the same data attribute, and each data attribute is associated with each data set;
the data encryption module is used for encrypting each data set according to a corresponding encryption mechanism to obtain each encrypted data set; the data encryption module is preset with encryption mechanisms with the same number as the data sets, and each encryption mechanism corresponds to each data set one by one;
the association module is used for associating the actual face image information, the actual fingerprint information and the encrypted data sets to obtain sub-databases, wherein the sub-databases comprise corresponding encrypted data sets, the actual face image information and the actual fingerprint information;
the storage database is provided with storage areas with the same number as the data sets, and each encrypted data set corresponds to each storage area one to one;
the storage module is used for storing each sub-database in a corresponding storage area; and
and the storage relation establishing module is used for generating a storage relation, and the storage relation comprises the corresponding relation between each data attribute and the corresponding storage area.
Further, the computer data security storage system further comprises:
the data extraction instruction acquisition module is used for acquiring a data extraction instruction, wherein the data extraction instruction comprises a target data attribute of a data set to be extracted, and target face image information and target fingerprint information of a data extraction person;
the data extraction module is used for extracting a target sub-database from a corresponding storage area according to the target data attribute and the storage relation, and acquiring a corresponding target encryption data set, the actual face image information and the actual fingerprint information from the target sub-database;
the data comparison module is used for comparing the actual face image information with the target face image information, and comparing the actual fingerprint information with the target fingerprint information; and
and the data output module is used for outputting the target encrypted data set if the matching degree of the actual face image information and the target face image information is greater than or equal to a face image matching degree threshold value and the matching degree of the actual fingerprint information and the target fingerprint information is greater than or equal to a fingerprint matching degree threshold value.
Further, the computer data security storage system further comprises:
the data decryption module is used for acquiring a decryption mechanism corresponding to the target encrypted data set according to the target data attribute and a preset decryption relation, and decrypting the target encrypted data set according to the acquired decryption mechanism; the decryption relationship comprises the corresponding relationship between each data attribute and each decryption mechanism, and each decryption mechanism corresponds to each encryption mechanism one to one.
Further, the comparing the actual face image information with the target face image information includes:
extracting facial image features of the actual facial image information to obtain actual facial feature parameters, and extracting facial image features of the target facial image information to obtain target facial feature parameters;
comparing the actual facial feature parameters with the target facial feature parameters;
correspondingly, the matching degree between the actual face image information and the target face image information is greater than or equal to a face image matching degree threshold, including:
the matching degree of the actual facial feature parameters and the target facial feature parameters is greater than or equal to the threshold value of the matching degree of the facial image;
the comparing the actual fingerprint information with the target fingerprint information includes:
performing fingerprint feature extraction on the actual fingerprint information to obtain actual fingerprint feature parameters, and performing fingerprint feature extraction on the target fingerprint information to obtain target fingerprint feature parameters;
comparing the actual fingerprint characteristic parameter with the target fingerprint characteristic parameter;
correspondingly, the matching degree of the actual fingerprint information and the target fingerprint information is greater than or equal to a fingerprint matching degree threshold value, and the method comprises the following steps:
the matching degree of the actual fingerprint characteristic parameters and the target fingerprint characteristic parameters is larger than or equal to the fingerprint matching degree threshold value.
The invention has the beneficial effects that:
before data storage, the identity of a data storage person needs to be verified, actual face image information and actual fingerprint information of the data storage person are obtained, first target identity information and second target identity information are obtained through data processing, if the first target identity information and the second target identity information are the same identity information, the identity information of the data storage person is judged to be verified, therefore, before the data storage, the identity of the data storage person is verified, the data storage is started only after the identity of the data storage person is verified, and operation of irrelevant personnel is avoided; after the identity authentication is passed, dividing the obtained initial data information into at least two data sets with different data attributes according to the data attributes, then encrypting each data set according to a corresponding encryption mechanism, i.e., each data set has a specific encryption scheme, the encryption schemes for different data sets are different, the possibility of data theft or loss can be reduced by encryption, even if the data is lost or stolen, the data leakage can not be caused, the data security is improved, in addition, the initial data information is not divided by adopting the completely same encryption mechanism, different parts are encrypted in different modes, even if part of the data sets are illegally decrypted, all the data sets cannot be decrypted, the possibility of data theft is further reduced, the confidentiality is high, and the safety of data storage is improved; and each encrypted data set is stored in a corresponding storage area, and different encrypted data sets are stored in different storage areas, so that the reliability of data storage is improved, and the later-stage data extraction is facilitated. Therefore, the computer data safety storage system can greatly reduce the risk of data loss or theft, and can reduce the possibility of data leakage as much as possible even if the data is lost or stolen, thereby improving the safety of data storage.
Drawings
Fig. 1 is a schematic structural diagram of a computer data secure storage system provided by the present invention.
Detailed Description
The present embodiment provides a computer data security storage system, each module in the computer data security storage system may be a hardware module or a software module, and if the module is a software module, a hardware execution main body corresponding to the computer data security storage system may be a notebook computer, a desktop computer, a server, an intelligent mobile terminal, and the like.
As shown in fig. 1, the computer data secure storage system includes an identity information obtaining module, an identity verifying module, an initial data obtaining module, a data processing module, a data encrypting module, an associating module, a storage database, a storage module, and a storage relationship establishing module.
The data storage personnel carry out data storage operation, and the identity information acquisition module is used for acquiring actual face image information and actual fingerprint information of the data storage personnel. The actual face image information can be collected through face image collecting equipment such as a camera, and the actual fingerprint information is collected through a fingerprint collector. The actual face image information collected by the camera and the actual fingerprint information collected by the fingerprint collector are output to the identity information acquisition module. It should be understood that the actual face image information and the actual fingerprint information are the face image and the fingerprint of the same data storage person.
The identity authentication module is used for performing identity authentication according to the acquired actual face image information and actual fingerprint information, and specifically comprises the following steps:
the identity verification module is preset with a face image database and a fingerprint database. The human face image database comprises at least two pieces of human face image information and first identity information corresponding to the human face image information, the specific number of the human face image information is set according to actual needs, the human face image information in the human face image database is the human face image information of personnel with data storage permission, the personnel with the data storage permission can be specially responsible for data storage workers, and it is understood that the personnel specially responsible for data storage are more than one person. The first identity information is an identifier used for representing the uniqueness of the identity of the person corresponding to the face image information, and can be name information, an identity card number or an employee number. The face image database is collected and recorded in advance, for example, the face image information of each person with data storage authority is collected, the collected face image information is associated with the corresponding first identity information, and then the face image information is stored in the database to form the face image database. Similarly, the fingerprint database comprises at least two pieces of fingerprint information and second identity information corresponding to the fingerprint information, the number of the fingerprint information is set according to actual conditions, and the fingerprint information in the fingerprint database is the fingerprint information of the personnel with the data storage authority. The second identity information is an identifier used for representing the uniqueness of the identity of the person corresponding to the fingerprint information, and can be name information, an identity card number or an employee work number. For the convenience of subsequent comparison, the second identity information and the first identity information are the same kind of identity information, such as: all name information, or all identity card numbers, or all employee job numbers. The fingerprint database is also collected and recorded in advance, for example, fingerprint information of each person with data storage authority is collected, each fingerprint information is associated with corresponding second identity information, and then the fingerprint information is stored in the database to form the fingerprint database.
The identity authentication module inputs actual face image information into a preset face image database, judges whether the actual face image information is certain face image information in the face image database, and provides a specific implementation process which comprises the following steps:
(1) acquiring the matching degree of the actual face image information and each face image information in a face image database, wherein the higher the matching degree is, the more similar the two pieces of face image information are;
(2) comparing each matching degree with a preset threshold, wherein the preset threshold is set according to actual needs, such as 95%;
(3) if a certain matching degree is greater than or equal to a preset threshold value, the matching degree is higher, the similarity between the actual face image information and the face image information corresponding to the matching degree in the face image database is higher, the two pieces of face image information can be judged to be the same face image information, and the actual face image information is judged to be a certain piece of face image information in the face image database; and if all the matching degrees are smaller than the preset threshold value, the fact that the similarity between the actual face image information and each face image information in the face image database is not high is shown, and the fact that the actual face image information is not a certain face image information in the face image database is judged.
If the actual face image information is one of the face image information in the face image database, first identity information corresponding to the determined face image information is acquired, and the first identity information is first target identity information.
The identity authentication module inputs actual fingerprint information into a preset fingerprint database, and judges whether the actual fingerprint information is a certain fingerprint information in the fingerprint database, and the embodiment provides a specific implementation process:
(1) acquiring the matching degree of the actual fingerprint information and each fingerprint information in the fingerprint database, wherein the higher the matching degree is, the more similar the two fingerprint information is;
(2) comparing each matching degree with a preset threshold, wherein the preset threshold is set according to actual needs, such as 95%;
(3) if a certain matching degree is larger than or equal to a preset threshold value, the matching degree is high, the similarity between the actual fingerprint information and the fingerprint information corresponding to the matching degree in the fingerprint database is high, the two pieces of fingerprint information can be judged to be the same fingerprint information, and the actual fingerprint information is judged to be the certain fingerprint information in the fingerprint database; and if all the matching degrees are smaller than the preset threshold value, the similarity between the actual fingerprint information and each fingerprint information in the fingerprint database is not high, and the actual fingerprint information is judged not to be a certain fingerprint information in the fingerprint database.
And if the actual fingerprint information is certain fingerprint information in the fingerprint database, acquiring second identity information corresponding to the determined fingerprint information, wherein the second identity information is second target identity information.
Through the two identity verification processes, the first target identity information and the second target identity information can be obtained. The identity verification module compares the first target identity information with the second target identity information, and if the first target identity information and the second target identity information are the same identity information, for example: if the identity card numbers obtained in the two identity verification processes are the same, the fact that the identity information obtained finally corresponds to the same person through the identity verification in the two identity verification processes is indicated, and the identity information of the data storage person is judged to be verified.
The initial data acquisition module is used for acquiring initial data information if the identity information of the data storage personnel passes the verification. It should be understood that the execution subject may be communicatively coupled to various data collection devices or to a data forwarding device in order to obtain the initial data information. Various data acquisition devices output acquired initial data information to an execution subject. The concrete category of the data acquisition equipment is determined by the application scenario of the computer data security storage system, such as: if the computer data security storage system is applied to the power grid industry, the initial data information is power grid data information, and then the data acquisition equipment is acquisition equipment for various electrical parameters in the power grid, for example: voltage sensors, current sensors, breaker switch status sensors, fault sensors, etc.; if the computer data security storage system is applied to a hospital, the initial data information is medical data of a patient, and then the data acquisition devices are various medical data acquisition devices in the hospital, for example: electrocardiography, glucometer, chest-puncture, B-ultrasonic, etc. As another embodiment, the initial data information may also be directly retrieved from a related database, and the database is determined by a specific application scenario. It should be understood that the present application is not limited to the specific content of the initial data information and the specific manner of acquisition.
The data processing module is used for dividing the initial data information into at least two data sets with different data attributes according to the data attributes, wherein each data set comprises data with the same data attributes, and each data attribute is associated with each data set.
The division of the data attributes is determined by the actual application scenarios, such as: if the initial data information is the power grid data information, the data attributes may be divided based on different data types, and the data types are respectively: the circuit breaker comprises electric analog quantity data, switching quantity data and fault data, wherein the electric analog quantity data can comprise current data, voltage data and power data on each section of line, the switching quantity data can comprise a breaker switching signal on each section of line, and the fault data can comprise fault data on each section of line. Then, the data attributes include three types, which are: electrical analog data, switching value data and fault data, and accordingly, three data sets are: an electrical analog data set, a switching value data set, and a fault data set. Each data set comprises data with the same data attribute, and the data with different data attributes are divided into different data sets. Associating each data attribute with each data set, namely establishing a corresponding relationship between each data attribute and each data set, specifically: the electric analog quantity data corresponds to an electric analog quantity data set, the switching quantity data corresponds to a switching quantity data set, and the fault data corresponds to a fault data set. If the initial data information is medical data, the data is divided into two types according to data attributes, namely quantitative data and state data, wherein the quantitative data has specific numerical values, and the state data does not have specific numerical values. The quantitative data may include heartbeat per minute values, blood glucose values, blood pressure values, etc., and the status data may include chest X-ray and B-mode indications, etc. Accordingly, the two data sets are: a quantitative dataset and a status dataset. Associating each data attribute with each data set, namely establishing a corresponding relationship between each data attribute and each data set, specifically: the quantitative data corresponds to a quantitative data set and the status data corresponds to a status data set. As another embodiment, if the initial data information is medical data, the initial data information may be further divided according to a division rule of other data attributes, for example, according to different families to which the data belongs, such as: medical data and surgical medical data. Therefore, the division rules corresponding to different data attributes in different application scenarios, regardless of the division rules of the data attributes, divide the initial data information into at least two data sets with different data attributes, where each data set includes data with the same data attribute.
The data encryption module is preset with encryption mechanisms with the same number as the data sets, and each encryption mechanism corresponds to each data set one by one. It should be understood that, according to how many data sets are obtained by different division of data attributes, how many encryption mechanisms are preset in the data encryption module, and each data set corresponds to a specific encryption mechanism. Moreover, the encryption mechanisms preset by the data encryption module are different encryption mechanisms, and each encryption mechanism is an encryption mechanism disclosed in the prior art. Then different data sets correspond to different encryption schemes.
And the data encryption module encrypts each data set according to the corresponding encryption mechanism to obtain each encrypted data set. Such as: if there are three data sets, respectively a first data set, a second data set, and a third data set, then there are three encryption mechanisms, respectively a first encryption mechanism, a second encryption mechanism, and a third encryption mechanism, where the first data set corresponds to the first encryption mechanism, the second data set corresponds to the second encryption mechanism, and the third data set corresponds to the third encryption mechanism, then: the data encryption module encrypts the first data set according to the first encryption mechanism to obtain a first encrypted data set, the data encryption module encrypts the second data set according to the second encryption mechanism to obtain a second encrypted data set, and the data encryption module encrypts the third data set according to the third encryption mechanism to obtain a third encrypted data set.
The association module is used for associating the actual face image information, the actual fingerprint information and each encrypted data set to obtain each sub-database, wherein each sub-database comprises the corresponding encrypted data set, the actual face image information and the actual fingerprint information. It should be understood that for any one sub-database, the corresponding encrypted data set, the actual face image information and the actual fingerprint information of the data storage person are included. Therefore, different sub-databases include different encrypted data sets, but include the same actual face image information and actual fingerprint information, which are both the actual face image information and actual fingerprint information of the data storage personnel that are actually acquired. The actual face image information, the actual fingerprint information and the encrypted data set are associated, and the corresponding relationship among the actual face image information, the actual fingerprint information and the encrypted data set can be understood to be established, for example: the sub-database is a data compression packet, and data compression is carried out on the actual face image information, the actual fingerprint information and the corresponding encrypted data set to obtain a corresponding data compression packet.
The storage database is provided with storage areas with the same number as the data sets, and each encrypted data set corresponds to each storage area one to one. The storage device corresponding to the storage database may be a storage hard disk, a floppy disk, a cloud storage, and the like, wherein each storage area is a storage area divided in the storage device and independent from each other, and it should be understood that the storage capacity of each storage area needs to meet the requirement. Furthermore, the storage database may have a predetermined correspondence relationship between each encrypted data set and each storage area, that is, a correspondence relationship between each sub-database and each storage area, or may be understood as a correspondence relationship between each data attribute and each storage area.
The storage module is used for storing each sub-database in the corresponding storage area. It should be understood that the storage module stores each sub-database in a corresponding storage area according to the above correspondence relationship between each sub-database and each storage area.
The storage relation establishing module is used for generating a storage relation, and the storage relation comprises a corresponding relation between the data attribute and the storage area. Since the data attributes correspond to the data sets one to one, the storage relationship is essentially a correspondence relationship between each data set and the storage area. According to the storage relation and the data attribute of the data set to be extracted, the required encrypted data set can be obtained from the corresponding storage area. It should be understood that the storage relationship may be embodied by a table.
Further, the computer data security storage system further comprises a data extraction related module, specifically: the device comprises a data extraction instruction acquisition module, a data extraction module, a data comparison module and a data output module.
And when the data is extracted, the data extraction personnel performs operation.
The data extraction instruction acquisition module is used for acquiring a data extraction instruction, and the data extraction instruction is sent by a data extraction person. The data extraction instruction comprises target data attributes of a data set to be extracted, and target face image information and target fingerprint information of data extraction personnel. It should be understood that the image information of the target face of the data extraction personnel is collected by the camera, and the fingerprint information of the target is collected by the fingerprint collector.
And the data extraction module is used for obtaining a storage area corresponding to the target data attribute according to the target data attribute and the storage relation, and extracting the target sub-database from the corresponding storage area. It should be understood that the target sub-database corresponds to the target data attributes. Then, the data extraction module obtains a corresponding target encryption data set, actual face image information and actual fingerprint information from the target sub-database. As a specific implementation manner, if the sub-database is a data compression packet, the data extraction module decompresses the target sub-database to obtain a target encrypted data set, actual face image information, and actual fingerprint information.
The data comparison module is used for comparing the actual face image information with the target face image information, and the actual fingerprint information with the target fingerprint information. The data comparison module compares actual face image information with target face image information, and determines whether the matching degree of the actual face image information and the target face image information is greater than or equal to a face image matching degree threshold value, that is, whether the actual face image information and the target face image information are the same face image information, which provides a specific implementation process in this embodiment:
and extracting the facial image characteristics of the actual facial image information to obtain actual facial characteristic parameters, and extracting the facial image characteristics of the target facial image information to obtain target facial characteristic parameters. It should be understood that a facial feature extraction program is preset in the data comparison module, and is used for performing facial image feature extraction on the actual facial image information and the target facial image information to obtain facial feature parameters, wherein the implementation process of facial image feature extraction belongs to the conventional technology, and is not described in detail.
And comparing the actual face characteristic parameters with the target face characteristic parameters, and judging whether the matching degree of the actual face characteristic parameters and the target face characteristic parameters is greater than or equal to a face image matching degree threshold value. Wherein, the matching degree of the actual face image information and the target face image information is greater than or equal to the face image matching degree threshold value, including: the matching degree of the actual facial feature parameters and the target facial feature parameters is greater than or equal to a human face image matching degree threshold value; correspondingly, the matching degree of the actual face image information and the target face image information is smaller than the face image matching degree threshold value, and the method comprises the following steps: the matching degree of the actual face characteristic parameters and the target face characteristic parameters is smaller than the threshold value of the matching degree of the face image.
The data comparison module compares actual fingerprint information with target fingerprint information, and judges whether the matching degree of the actual fingerprint information and the target fingerprint information is greater than or equal to a fingerprint matching degree threshold value, namely, whether the actual fingerprint information and the target fingerprint information are the same fingerprint information, and the embodiment provides a specific implementation process:
and extracting the fingerprint characteristics of the actual fingerprint information to obtain actual fingerprint characteristic parameters, and extracting the fingerprint characteristics of the target fingerprint information to obtain target fingerprint characteristic parameters. It should be understood that a fingerprint extraction program is preset in the data comparison module, and is used for performing fingerprint feature extraction on the actual fingerprint information and the target fingerprint information to obtain fingerprint feature parameters, wherein the implementation process of fingerprint feature extraction belongs to the conventional technology, and is not described again.
And comparing the actual fingerprint characteristic parameters with the target fingerprint characteristic parameters, and judging whether the matching degree of the actual fingerprint characteristic parameters and the target fingerprint characteristic parameters is greater than or equal to a fingerprint matching degree threshold value. Wherein, the matching degree of actual fingerprint information and target fingerprint information is greater than or equal to the fingerprint matching degree threshold value, including: the matching degree of the actual fingerprint characteristic parameters and the target fingerprint characteristic parameters is greater than or equal to a fingerprint matching degree threshold value; correspondingly, the matching degree of the actual fingerprint information and the target fingerprint information is smaller than the threshold value of the matching degree of the fingerprints, and the method comprises the following steps: the matching degree of the actual fingerprint characteristic parameters and the target fingerprint characteristic parameters is smaller than a fingerprint matching degree threshold value.
It should be understood that the face image matching degree threshold and the fingerprint matching degree threshold are both specifically set according to actual needs.
And the data output module is used for outputting a target encrypted data set if the matching degree of the actual face image information and the target face image information is greater than or equal to a face image matching degree threshold value, and the matching degree of the actual fingerprint information and the target fingerprint information is greater than or equal to a fingerprint matching degree threshold value, which indicates that the identity comparison is passed, and the data extraction personnel and the data storage personnel are the same personnel.
It should be understood that the target encrypted data set may be directly output to the external device, and the target encrypted data set may be decrypted by the external device, or may be decrypted by the computer data security storage system and then output to the external device. In this embodiment, the target encrypted data set is decrypted by the computer data security storage system, and then the computer data security storage system further includes a data decryption module.
In order to implement data decryption, each decryption mechanism adapted to each encryption mechanism in the foregoing is preset in the data decryption module, and it should be understood that each decryption mechanism corresponds to each encryption mechanism one to one, and since the encryption mechanisms belong to the encryption algorithm disclosed in the prior art, each decryption mechanism is also the decryption algorithm disclosed in the prior art. Because each data attribute corresponds to a specific encryption mechanism, and each data attribute also corresponds to a specific decryption mechanism, a decryption relationship is also preset in the data decryption module, and the decryption relationship comprises the corresponding relationship between each data attribute and each decryption mechanism.
And the data decryption module acquires a decryption mechanism corresponding to the target encrypted data set according to the target data attribute and a preset decryption relation, and decrypts the target encrypted data set according to the acquired decryption mechanism. The decryption process is related to the decryption mechanism, and since the decryption mechanism belongs to the existing decryption algorithm, the corresponding decryption process is also the prior art, and is not described in detail.
The above-mentioned embodiments are merely illustrative of the technical solutions of the present invention in a specific embodiment, and any equivalent substitutions and modifications or partial substitutions of the present invention without departing from the spirit and scope of the present invention should be covered by the claims of the present invention.

Claims (4)

1. A computer data secure storage system, comprising:
the identity information acquisition module is used for acquiring actual face image information and actual fingerprint information of a data storage person;
the identity verification module is used for inputting the actual face image information into a preset face image database, judging whether the actual face image information is certain face image information in the face image database, and if the actual face image information is the certain face image information in the face image database, acquiring first target identity information corresponding to the certain face image information; the face image database comprises at least two pieces of face image information and first identity information corresponding to the face image information, and the face image information in the face image database is face image information of people with data storage authority; inputting the actual fingerprint information into a preset fingerprint database, judging whether the actual fingerprint information is certain fingerprint information in the fingerprint database, and if the actual fingerprint information is the certain fingerprint information in the fingerprint database, acquiring second target identity information corresponding to the certain fingerprint information; the fingerprint database comprises at least two pieces of fingerprint information and second identity information corresponding to the fingerprint information, and the fingerprint information in the fingerprint database is the fingerprint information of the person with the data storage authority; comparing the first target identity information with the second target identity information, and if the first target identity information and the second target identity information are the same identity information, judging that the identity information of the data storage personnel is verified;
the initial data acquisition module is used for acquiring initial data information if the identity information of the data storage personnel passes the verification;
the data processing module is used for dividing the initial data information into at least two data sets with different data attributes according to the data attributes, wherein each data set comprises data with the same data attribute, and each data attribute is associated with each data set;
the data encryption module is used for encrypting each data set according to a corresponding encryption mechanism to obtain each encrypted data set; the data encryption module is preset with encryption mechanisms with the same number as the data sets, and each encryption mechanism corresponds to each data set one by one;
the association module is used for associating the actual face image information, the actual fingerprint information and the encrypted data sets to obtain sub-databases, wherein the sub-databases comprise corresponding encrypted data sets, the actual face image information and the actual fingerprint information;
the storage database is provided with storage areas with the same number as the data sets, and each encrypted data set corresponds to each storage area one to one;
the storage module is used for storing each sub-database in a corresponding storage area; and
and the storage relation establishing module is used for generating a storage relation, and the storage relation comprises the corresponding relation between each data attribute and the corresponding storage area.
2. The computer data secure storage system of claim 1, further comprising:
the data extraction instruction acquisition module is used for acquiring a data extraction instruction, wherein the data extraction instruction comprises a target data attribute of a data set to be extracted, and target face image information and target fingerprint information of a data extraction person;
the data extraction module is used for extracting a target sub-database from a corresponding storage area according to the target data attribute and the storage relation, and acquiring a corresponding target encryption data set, the actual face image information and the actual fingerprint information from the target sub-database;
the data comparison module is used for comparing the actual face image information with the target face image information, and comparing the actual fingerprint information with the target fingerprint information; and
and the data output module is used for outputting the target encrypted data set if the matching degree of the actual face image information and the target face image information is greater than or equal to a face image matching degree threshold value and the matching degree of the actual fingerprint information and the target fingerprint information is greater than or equal to a fingerprint matching degree threshold value.
3. The computer data secure storage system of claim 2, further comprising:
the data decryption module is used for acquiring a decryption mechanism corresponding to the target encrypted data set according to the target data attribute and a preset decryption relation, and decrypting the target encrypted data set according to the acquired decryption mechanism; the decryption relationship comprises the corresponding relationship between each data attribute and each decryption mechanism, and each decryption mechanism corresponds to each encryption mechanism one to one.
4. The computer data security storage system of claim 2, wherein the comparing the actual facial image information with the target facial image information comprises:
extracting facial image features of the actual facial image information to obtain actual facial feature parameters, and extracting facial image features of the target facial image information to obtain target facial feature parameters;
comparing the actual facial feature parameters with the target facial feature parameters;
correspondingly, the matching degree between the actual face image information and the target face image information is greater than or equal to a face image matching degree threshold, including:
the matching degree of the actual facial feature parameters and the target facial feature parameters is greater than or equal to the threshold value of the matching degree of the facial image;
the comparing the actual fingerprint information with the target fingerprint information includes:
performing fingerprint feature extraction on the actual fingerprint information to obtain actual fingerprint feature parameters, and performing fingerprint feature extraction on the target fingerprint information to obtain target fingerprint feature parameters;
comparing the actual fingerprint characteristic parameter with the target fingerprint characteristic parameter;
correspondingly, the matching degree of the actual fingerprint information and the target fingerprint information is greater than or equal to a fingerprint matching degree threshold value, and the method comprises the following steps:
the matching degree of the actual fingerprint characteristic parameters and the target fingerprint characteristic parameters is larger than or equal to the fingerprint matching degree threshold value.
CN202010738416.9A 2020-07-28 2020-07-28 Computer data safety storage system Pending CN111859345A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010738416.9A CN111859345A (en) 2020-07-28 2020-07-28 Computer data safety storage system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010738416.9A CN111859345A (en) 2020-07-28 2020-07-28 Computer data safety storage system

Publications (1)

Publication Number Publication Date
CN111859345A true CN111859345A (en) 2020-10-30

Family

ID=72947635

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010738416.9A Pending CN111859345A (en) 2020-07-28 2020-07-28 Computer data safety storage system

Country Status (1)

Country Link
CN (1) CN111859345A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113254973A (en) * 2021-06-10 2021-08-13 永旗(北京)科技有限公司 Safety encryption system and method based on big data

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102200936A (en) * 2011-05-11 2011-09-28 杨钧 Intelligent configuration storage backup method suitable for cloud storage
CN103096303A (en) * 2011-10-31 2013-05-08 华为技术有限公司 Data packet transmission method and equipment
CN103136124A (en) * 2011-11-28 2013-06-05 国民技术股份有限公司 Intelligent card hardware firewall system and realizing method thereof
CN104123565A (en) * 2014-07-30 2014-10-29 中山艺展装饰工程有限公司 Identity card authentication and holder identity authentication method based on multimodal identification
CN104134046A (en) * 2014-07-29 2014-11-05 深圳市中兴移动通信有限公司 Encryption method and device
CN105450645A (en) * 2015-12-01 2016-03-30 上海汽车集团股份有限公司 Data transmission method for vehicle-mounted automatic diagnosis system
CN108537028A (en) * 2018-04-17 2018-09-14 西安电子科技大学 A kind of computer identity identifying system and method
CN109063438A (en) * 2018-08-06 2018-12-21 中钞信用卡产业发展有限公司杭州区块链技术研究院 A kind of data access method, device, local data secure access equipment and terminal
CN109658102A (en) * 2018-12-27 2019-04-19 江苏万家美居网络科技有限公司 A kind of e-commerce electric signing system
CN109741803A (en) * 2019-01-14 2019-05-10 南京大学 Medical data security cooperation system based on block chain
CN110502906A (en) * 2019-07-04 2019-11-26 北京泰立鑫科技有限公司 A kind of method and system of data safety outgoing

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102200936A (en) * 2011-05-11 2011-09-28 杨钧 Intelligent configuration storage backup method suitable for cloud storage
CN103096303A (en) * 2011-10-31 2013-05-08 华为技术有限公司 Data packet transmission method and equipment
CN103136124A (en) * 2011-11-28 2013-06-05 国民技术股份有限公司 Intelligent card hardware firewall system and realizing method thereof
CN104134046A (en) * 2014-07-29 2014-11-05 深圳市中兴移动通信有限公司 Encryption method and device
CN104123565A (en) * 2014-07-30 2014-10-29 中山艺展装饰工程有限公司 Identity card authentication and holder identity authentication method based on multimodal identification
CN105450645A (en) * 2015-12-01 2016-03-30 上海汽车集团股份有限公司 Data transmission method for vehicle-mounted automatic diagnosis system
CN108537028A (en) * 2018-04-17 2018-09-14 西安电子科技大学 A kind of computer identity identifying system and method
CN109063438A (en) * 2018-08-06 2018-12-21 中钞信用卡产业发展有限公司杭州区块链技术研究院 A kind of data access method, device, local data secure access equipment and terminal
CN109658102A (en) * 2018-12-27 2019-04-19 江苏万家美居网络科技有限公司 A kind of e-commerce electric signing system
CN109741803A (en) * 2019-01-14 2019-05-10 南京大学 Medical data security cooperation system based on block chain
CN110502906A (en) * 2019-07-04 2019-11-26 北京泰立鑫科技有限公司 A kind of method and system of data safety outgoing

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113254973A (en) * 2021-06-10 2021-08-13 永旗(北京)科技有限公司 Safety encryption system and method based on big data

Similar Documents

Publication Publication Date Title
CN107819587B (en) Authentication method based on fully homomorphic encryption, user equipment and authentication server
US10680808B2 (en) 1:N biometric authentication, encryption, signature system
US10594688B2 (en) Privacy-enhanced biometrics-secret binding scheme
US9189612B2 (en) Biometric verification with improved privacy and network performance in client-server networks
US20090110192A1 (en) Systems and methods for encrypting patient data
CN104239815A (en) Electronic document encryption and decryption method and method based on iris identification
CN109033873B (en) Data desensitization method for preventing privacy leakage
CN111625856B (en) Traceability and forward security searchable ciphertext medical record system based on national cryptographic algorithm
CN113824900B (en) Cloud video editing system
KR20140099362A (en) security system and method for electronic health record using biometric
CN110287670A (en) A kind of biological information and identity information correlating method, system and equipment
WO2021021821A1 (en) Integrating distributed systems using biometric identification
Gobi et al. A secured public key cryptosystem for biometric encryption
CN114996727A (en) Biological feature privacy encryption method and system based on palm print and palm vein recognition
CN111859345A (en) Computer data safety storage system
CN115662657A (en) Online inquiry system based on internet hospital
Pedrosa et al. A pseudonymisation protocol with implicit and explicit consent routes for health records in federated ledgers
WO2022247790A1 (en) Data management method and apparatus, device and storage medium
CN104751042B (en) Creditability detection method based on cryptographic hash and living things feature recognition
CN111698253A (en) Computer network safety system
CN111159674A (en) Novel safe and confidential intelligent information acquisition device and method
CN115859336A (en) Medical inspection report analysis system capable of backing up encrypted data loss prevention
CN114697043B (en) Identity authentication unified management platform based on blockchain technology and authentication method thereof
CN111885069B (en) Computer network safety system
CN116049792A (en) Face registration and recognition method and face data protection system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20201030