CN112491904B - Big data privacy protection sharing method and system - Google Patents

Big data privacy protection sharing method and system Download PDF

Info

Publication number
CN112491904B
CN112491904B CN202011381236.6A CN202011381236A CN112491904B CN 112491904 B CN112491904 B CN 112491904B CN 202011381236 A CN202011381236 A CN 202011381236A CN 112491904 B CN112491904 B CN 112491904B
Authority
CN
China
Prior art keywords
data
generation network
ciphertext
nodes
networks
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011381236.6A
Other languages
Chinese (zh)
Other versions
CN112491904A (en
Inventor
周伟
李燕
杨东岳
宋彬彬
杨雪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dezhou Vocational and Technical College
Original Assignee
Dezhou Vocational and Technical College
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dezhou Vocational and Technical College filed Critical Dezhou Vocational and Technical College
Priority to CN202011381236.6A priority Critical patent/CN112491904B/en
Publication of CN112491904A publication Critical patent/CN112491904A/en
Application granted granted Critical
Publication of CN112491904B publication Critical patent/CN112491904B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a big data privacy protection sharing method, which comprises the following steps: after each node of the big data generation network generates data, encrypting the generated data, and sending the encrypted data and a corresponding ciphertext to a data storage terminal for data storage; when the data storage terminal receives a data sharing request sent by other networks or other nodes of the big data generation network, the data storage terminal carries out security verification on the other networks or other nodes of the big data generation network; carrying out data sharing aiming at other networks passing security verification or other nodes of the big data generation network; and aiming at other networks which do not pass the safety verification or other nodes of the big data generation network, information recording and potential safety hazard reminding are carried out. The system comprises modules corresponding to the method steps.

Description

Big data privacy protection sharing method and system
Technical Field
The invention provides a big data privacy protection sharing method and system, and belongs to the technical field of data sharing.
Background
In recent years, with the rapid development of technologies such as cloud computing, the security field is undergoing a revolution, the security system is increasingly perfected, the time for disease diagnosis is shortened, and great convenience is brought to the life of people. The advent of secure big data sharing systems based on cloud computing technology enables convenient storage, management and sharing of large amounts of data. In the process of safe big data sharing, due to the data storage pressure and the convenient resource sharing, however, in the current data sharing process, the problem of low safety still exists.
Disclosure of Invention
The invention provides a big data privacy protection sharing method and a big data privacy protection sharing system, which are used for solving the problem of poor safety in the data sharing process of the existing big data cluster, and adopt the technical scheme that:
the invention provides a big data privacy protection sharing method, which comprises the following steps:
after each node of the big data generation network generates data, encrypting the generated data, and sending the encrypted data and the corresponding ciphertext to a data storage terminal for data storage;
when the data storage terminal receives a data sharing request sent by other networks or other nodes of the big data generation network, the data storage terminal carries out security verification on the other networks or other nodes of the big data generation network;
carrying out data sharing aiming at other networks passing the security verification or other nodes of the big data generation network;
and aiming at other networks which do not pass the safety verification or other nodes of the big data generation network, carrying out information filing and potential safety hazard reminding.
Further, after each node of the big data generation network generates data, encrypting the generated data includes:
extracting a data generation timestamp, a data type and a data keyword corresponding to data of each node generation data of the big data generation network;
encrypting the data generation timestamp, the data type and the data keyword by an encryption method to form a first ciphertext;
generating dynamic factors corresponding to the nodes by using the data volume of single generated data of each node of the big data generation network and the data sending times of each node;
and generating a second ciphertext by using the dynamic encryption factor and the IP address information corresponding to each node through an encryption method.
Further, generating a dynamic factor through a dynamic factor generation model, wherein the dynamic factor generation model is as follows:
Figure BDA0002809376770000021
wherein, λ represents a dynamic factor, and C represents a numerical value corresponding to a data quantity currently transmitted by each node of the big data generation network; c represents each section of the big data generation networkThe data quantity corresponding to the data transmission carried out by the point ith time corresponds to a numerical value; n represents the number of data transmission times corresponding to each node; cmaxRepresenting a numerical value corresponding to the maximum data volume of single-time transmitted data in the process of transmitting the n times of data by each node of the big data generation network; (ii) a CminRepresenting a numerical value corresponding to the minimum data volume of data sent at a time in the process of sending n times of data by each node of the big data generation network; h represents a random number generated by each node of the big data generation network when data are sent, the random number is three digits, and each digit is a randomly selected numerical value of 0-9.
Further, when receiving a data sharing request sent by another network or another node of the big data generation network, the data storage terminal performs security verification on the other network or another node of the big data generation network, including:
when the data storage terminal receives data generated by each node, the second ciphertext is sent to other networks which have data sharing with each node generating the data and other nodes in the big data generation network according to the data sharing corresponding relation recorded in the history sharing record;
after receiving a second ciphertext, other nodes in the other networks and the big data generation network decrypt the second ciphertext through a decryption algorithm to obtain plaintext information, wherein the plaintext information comprises the dynamic encryption factor and the IP address information;
other nodes in the other networks and the big data generation network generate third ciphertexts by utilizing dynamic encryption factors, IP address information and self IP address information of other nodes in the other networks and the big data generation network;
when data sharing is needed, other nodes in the other networks and the big data generation network send data sharing requests and third ciphertexts to a data storage terminal; the data sharing request comprises a data type requested to be shared and a keyword corresponding to the data information;
and after receiving the data sharing request and the third ciphertext, the data storage terminal performs security verification on other networks or other nodes of the big data generation network by using the data sharing request, the third ciphertext and the first ciphertext and obtains a security verification result.
Further, after receiving the data sharing request and the third ciphertext, the data storage terminal performs security verification on other networks or other nodes of the big data generation network by using the data sharing request, the third ciphertext and the first ciphertext, including:
after receiving a data sharing request and a third ciphertext sent by other networks or other nodes of the big data generation network, the data storage terminal decrypts the third ciphertext through a decryption algorithm to obtain plaintext information, wherein the plaintext information comprises a dynamic factor, IP address information corresponding to a generation node of data to be shared and IP address information corresponding to other networks or other nodes of the big data generation network;
the data storage terminal extracts historical IP address information corresponding to other nodes of the other networks or the big data generation network from a historical shared record, compares the historical IP address information with IP address information corresponding to other nodes of the other networks or the big data generation network obtained from a third ciphertext, and if the historical IP address information is consistent with the IP address information, determines that the other nodes of the other networks or the big data generation network are primary safety;
the data storage terminal extracts a first ciphertext of data required by the data sharing request from a storage area of the data storage terminal according to the data type in the data sharing request and a keyword corresponding to the data information, decrypts the first ciphertext, and obtains the data type and the data keyword in the first ciphertext;
and comparing the data type and the data key in the first ciphertext with the data type and the data key in the data sharing request, and if the data type and the data key are consistent, determining that other networks or other nodes of the big data generation network are safe.
A big data privacy preserving sharing system, the system comprising:
the encryption module is used for encrypting the generated data after each node of the big data generation network generates the data, and sending the encrypted data and the corresponding ciphertext to the data storage terminal for data storage;
the security verification module is used for performing security verification on other networks or other nodes of the big data generation network when the data storage terminal receives data sharing requests sent by other networks or other nodes of the big data generation network;
the data sharing module is used for sharing data aiming at other networks passing the security verification or other nodes of the big data generation network;
and the post-processing module is used for carrying out information filing and potential safety hazard reminding aiming at other networks which do not pass the safety verification or other nodes of the big data generation network.
Further, the encryption module includes:
the extraction module is used for extracting a data generation timestamp and a data type of data generated by each node of the big data generation network and a data keyword corresponding to the data;
the first encryption module is used for encrypting the data generation timestamp, the data type and the data keyword by an encryption method to form a first ciphertext;
the dynamic factor generation module is used for generating a dynamic factor corresponding to each node by using the data volume of single generated data of each node of the big data generation network and the data transmission times of each node;
and the second encryption module is used for generating a second ciphertext by using the dynamic encryption factor and the IP address information corresponding to each node through an encryption method.
Further, generating a dynamic factor through a dynamic factor generation model, wherein the dynamic factor generation model is as follows:
Figure BDA0002809376770000041
wherein, λ represents a dynamic factor, and C represents a numerical value corresponding to a data quantity currently transmitted by each node of the big data generation network; c represents a data quantity corresponding value of each node of the big data generation network for carrying out data transmission for the ith time; n represents the number of data transmission times corresponding to each node; cmaxRepresenting a numerical value corresponding to the maximum data volume of single-time transmitted data in the process of transmitting the n times of data by each node of the big data generation network; (ii) a CminRepresenting a numerical value corresponding to the minimum data volume of data sent at a time in the process of sending n times of data by each node of the big data generation network; h represents a random number generated by each node of the big data generation network when data are sent, the random number is three digits, and each digit is a randomly selected numerical value of 0-9.
Further, the security authentication module includes:
a sending module, configured to send the second ciphertext to other networks that have performed data sharing with each node that generates data and other nodes in the big data generation network according to a data sharing correspondence recorded in a history sharing record when the data storage terminal receives data of data generated by each node;
the decryption module is used for decrypting the second ciphertext through a decryption algorithm after the second ciphertext is received by other networks and other nodes in the big data generation network to obtain plaintext information, wherein the plaintext information comprises the dynamic encryption factor and the IP address information;
a third encryption module, configured to encrypt other nodes in the other networks and the big data generating network by using dynamic encryption factors, IP address information, and own IP address information of other nodes in the other networks and the big data generating network to generate a third ciphertext;
the request sending module is used for sending a data sharing request and a third ciphertext to a data storage terminal by other nodes in the other networks and the big data generation network when data sharing is needed; the data sharing request comprises a data type requested to be shared and a keyword corresponding to the data information;
and the verification module is used for performing security verification on other networks or other nodes of the big data generation network by using the data sharing request, the third ciphertext and the first ciphertext after the data storage terminal receives the data sharing request and the third ciphertext, and obtaining a security verification result.
Further, the verification module includes:
a third ciphertext decryption module, configured to decrypt, by using a decryption algorithm, the third ciphertext after the data storage terminal receives a data sharing request and a third ciphertext, where the data sharing request and the third ciphertext are sent by other nodes of another network or the big data generation network, to obtain plaintext information, where the plaintext information includes a dynamic factor, IP address information corresponding to a generation node of data to be shared, and IP address information corresponding to other nodes of the other network or the big data generation network;
the primary security verification module is used for extracting historical IP address information corresponding to other nodes of the other networks or the big data generation network from a historical shared record by the data storage terminal, comparing the historical IP address information with IP address information corresponding to other nodes of the other networks or the big data generation network obtained from a third ciphertext, and if the historical IP address information is consistent with the IP address information, determining that the other nodes of the other networks or the big data generation network are primary security;
the first ciphertext extraction module is used for extracting a first ciphertext of data required by the data sharing request from a storage area of the data storage terminal according to the data type in the data sharing request and a keyword corresponding to the data information, and decrypting the first ciphertext to obtain the data type and the data keyword in the first ciphertext;
and the final checking module is used for comparing the data type and the data keyword in the first ciphertext with the data type and the keyword in the data sharing request, and if the data type and the keyword are consistent, determining that other nodes of the other networks or the big data generation network are safe.
The invention has the beneficial effects that:
the big data privacy protection sharing method and system provided by the invention can effectively improve the data privacy performance, and cannot be easily decrypted after other third parties maliciously acquire the data of each node. And further, the data security of the whole big data generation network is effectively improved. Meanwhile, a third party can be effectively prevented from acquiring the encryption rule to crack the data through the generation of the dynamic factor, and the safety performance of the data is further improved.
Drawings
FIG. 1 is a flow chart of the method of the present invention;
fig. 2 is a block diagram of the system of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.
As shown in fig. 1, a big data privacy protection sharing method provided by an embodiment of the present invention includes:
s1, after each node of the big data generation network generates data, encrypting the generated data, and sending the encrypted data and the corresponding ciphertext to a data storage terminal for data storage;
s2, when the data storage terminal receives a data sharing request sent by other networks or other nodes of the big data generation network, the data storage terminal carries out security verification on the other networks or other nodes of the big data generation network;
s3, sharing data aiming at other networks passing security verification or other nodes of the big data generation network;
and S4, recording information and reminding potential safety hazards aiming at other networks which do not pass the safety verification or other nodes of the big data generation network.
The effect of the above technical scheme is as follows: through encryption processing and security verification between the data storage terminal and the sharing requirement node, the security in the data sharing process can be effectively improved.
In an embodiment of the present invention, after each node of the big data generating network generates data, encrypting the generated data includes:
s101, extracting data generation time stamps and data types of data generated by each node of the big data generation network and data keywords corresponding to the data;
s102, encrypting the data generation timestamp, the data type and the data keyword by an encryption method to form a first ciphertext;
s103, generating dynamic factors corresponding to the nodes by using the data volume of single generation data of each node of the big data generation network and the data sending times of each node;
and S104, generating a second ciphertext by using the dynamic encryption factor and the IP address information corresponding to each node through an encryption method.
The dynamic factor generation model generates a dynamic factor, and the dynamic factor generation model is as follows:
Figure BDA0002809376770000061
wherein, λ represents a dynamic factor, and C represents a numerical value corresponding to a data quantity currently transmitted by each node of the big data generation network; c represents a data quantity corresponding value of each node of the big data generation network for carrying out data transmission for the ith time; n represents the number of data transmission times corresponding to each node; cmaxRepresenting a numerical value corresponding to the maximum data volume of single-time transmitted data in the process of transmitting the n times of data by each node of the big data generation network; (ii) a CminRepresenting a numerical value corresponding to the minimum data volume of data sent at a time in the process of sending n times of data by each node of the big data generation network; h represents a random number generated by each node of the big data generation network when data is transmitted, the random number is three digits,each digit is a randomly selected number from 0 to 9.
The effect of the above technical scheme is as follows: the data encryption by the encryption mode can effectively improve the confidentiality of the data, and the data cannot be easily decrypted after other third parties maliciously acquire the data of each node. And further, the data security of the whole big data generation network is effectively improved. Meanwhile, a third party can be effectively prevented from acquiring the encryption rule to crack the data through the generation of the dynamic factor, and the safety performance of the data is further improved. Meanwhile, the dynamic factors obtained through the formula are generated according to the actual operation condition and the randomness of each node of the big data generation network, so that the change degree of the dynamic factors can be effectively improved, and the anti-cracking performance of the data is further improved.
In an embodiment of the present invention, when receiving a data sharing request sent by another network or another node of the big data generation network, the data storage terminal performs security verification on the other network or another node of the big data generation network, including:
s201, when the data storage terminal receives data generated by each node, the data storage terminal sends the second ciphertext to other networks which have data sharing with each node generating the data and other nodes in the big data generation network according to the data sharing corresponding relation recorded in the history sharing record;
s202, after receiving a second ciphertext, the other networks and other nodes in the big data generation network decrypt the second ciphertext through a decryption algorithm to obtain plaintext information, wherein the plaintext information comprises the dynamic encryption factor and the IP address information;
s203, encrypting other nodes in the other networks and the big data generation network by using dynamic encryption factors, IP address information and self IP address information of other nodes in the other networks and the big data generation network to generate a third ciphertext;
s204, when data sharing is needed, other nodes in the other networks and the big data generation network send data sharing requests and third ciphertexts to a data storage terminal; the data sharing request comprises a data type requested to be shared and a keyword corresponding to the data information;
and S205, after receiving the data sharing request and the third ciphertext, the data storage terminal performs security verification on other networks or other nodes of the big data generation network by using the data sharing request, the third ciphertext and the first ciphertext, and obtains a security verification result.
The effect of the above technical scheme is as follows: through the generation of the third ciphertext and the elements used by the generation of the third ciphertext, and the mode of performing security verification on other networks or other nodes of the big data generation network by combining the third ciphertext and the first ciphertext, the reliability of verification on a data sharing party can be effectively improved, the efficiency and the accuracy of security verification are improved, and the security performance of data sharing is further improved.
In an embodiment of the present invention, after receiving the data sharing request and the third ciphertext, the data storage terminal performs security verification on other networks or other nodes of the big data generating network by using the data sharing request, the third ciphertext, and the first ciphertext, including:
s2051, after receiving a data sharing request and a third ciphertext sent by other networks or other nodes of the big data generation network, the data storage terminal decrypts the third ciphertext through a decryption algorithm to obtain plaintext information, wherein the plaintext information comprises a dynamic factor, IP address information corresponding to a generation node of data to be shared, and IP address information corresponding to other networks or other nodes of the big data generation network;
s2052, the data storage terminal extracts historical IP address information corresponding to other nodes of the other networks or the big data generation network from a historical shared record, compares the historical IP address information with IP address information corresponding to other nodes of the other networks or the big data generation network obtained from a third ciphertext, and if the historical IP address information is consistent with the IP address information, determines that the other nodes of the other networks or the big data generation network are primary safety;
s2053, the data storage terminal extracts a first ciphertext of the data required by the data sharing request from the storage area of the data storage terminal according to the data type in the data sharing request and the keyword corresponding to the data information, decrypts the first ciphertext, and obtains the data type and the data keyword in the first ciphertext;
s2054, comparing the data type and the data key word in the first ciphertext with the data type and the data key word in the data sharing request, and if the data types and the data key words are consistent, determining that other networks or other nodes of the big data generation network are safe.
The effect of the above technical scheme is: the reliability of verification of the data sharing party is effectively improved, the efficiency and the accuracy of safety verification are improved, and the safety performance of data sharing is further improved.
An embodiment of the present invention provides a big data privacy protection sharing system, as shown in fig. 2, the system includes:
the encryption module is used for encrypting the generated data after each node of the big data generation network generates the data, and sending the encrypted data and the corresponding ciphertext to the data storage terminal for data storage;
the security verification module is used for performing security verification on other networks or other nodes of the big data generation network when the data storage terminal receives data sharing requests sent by other networks or other nodes of the big data generation network;
the data sharing module is used for sharing data aiming at other networks passing the security verification or other nodes of the big data generation network;
and the post-processing module is used for carrying out information recording and potential safety hazard reminding aiming at other networks which do not pass the safety verification or other nodes of the big data generation network.
The working principle of the technical scheme is as follows: firstly, after data are generated at each node of the big data generation network through an encryption module, the generated data are encrypted, and the encrypted data and a corresponding ciphertext are sent to a data storage terminal for data storage; then, a security verification module is used for performing security verification on other networks or other nodes of the big data generation network when the data storage terminal receives data sharing requests sent by other networks or other nodes of the big data generation network; then, carrying out data sharing on other networks passing the security verification or other nodes of the big data generation network through a data sharing module; and finally, performing information recording and potential safety hazard reminding by adopting a post-processing module aiming at other networks which do not pass the safety verification or other nodes of the big data generation network.
The effect of the above technical scheme is as follows: through encryption processing and security verification between the data storage terminal and the sharing requirement node, the security in the data sharing process can be effectively improved.
In one embodiment of the present invention, the encryption module includes:
the extraction module is used for extracting a data generation timestamp and a data type of data generated by each node of the big data generation network and a data keyword corresponding to the data;
the first encryption module is used for encrypting the data generation timestamp, the data type and the data keyword by an encryption method to form a first ciphertext;
the dynamic factor generation module is used for generating a dynamic factor corresponding to each node by using the data volume of single generated data of each node of the big data generation network and the data transmission times of each node;
and the second encryption module is used for generating a second ciphertext by using the dynamic encryption factors and the IP address information corresponding to each node through an encryption method.
The dynamic factor generation module generates a dynamic factor through a dynamic factor generation model, wherein the dynamic factor generation model is as follows:
Figure BDA0002809376770000091
wherein, λ represents a dynamic factor, and C represents a numerical value corresponding to a data quantity currently transmitted by each node of the big data generation network; c represents a numerical value corresponding to the data volume of the ith data transmission of each node of the big data generation network; n represents the number of data transmission times corresponding to each node; cmaxRepresenting a numerical value corresponding to the maximum data volume of single-time transmitted data in the process of transmitting the n times of data by each node of the big data generation network; (ii) a CminRepresenting a numerical value corresponding to the minimum data volume of data sent at a time in the process of sending n times of data by each node of the big data generation network; h represents a random number generated by each node of the big data generation network when data are sent, the random number is three digits, and each digit is a randomly selected numerical value of 0-9.
The working principle of the technical scheme is as follows: firstly, extracting a data generation timestamp, a data type and a data keyword corresponding to data of each node generation data of the big data generation network through an extraction module; then, a first encryption module is used for encrypting the data generation timestamp, the data type and the data keyword through an encryption method to form a first ciphertext; then, generating dynamic factors corresponding to the nodes by using the data volume of single generated data of each node of the big data generation network and the data sending times of each node through a dynamic factor generation module; and finally, generating a second ciphertext by using the dynamic encryption factor and the IP address information corresponding to each node through an encryption method by adopting a second encryption module.
The effect of the above technical scheme is as follows: the data encryption by the encryption mode can effectively improve the confidentiality of the data, and the data cannot be easily decrypted after other third parties maliciously acquire the data of each node. And further, the data security of the whole big data generation network is effectively improved. Meanwhile, the generation of the dynamic factors can effectively prevent a third party from obtaining the encryption rule to crack data, and the safety performance of the data is further improved. Meanwhile, the dynamic factors obtained through the formula are generated according to the actual operation condition and the randomness of each node of the big data generation network, so that the change degree of the dynamic factors can be effectively improved, and the anti-cracking performance of the data is further improved.
In one embodiment of the present invention, the security verification module includes:
a sending module, configured to send the second ciphertext to other networks that have performed data sharing with each node that generates data and other nodes in the big data generation network according to a data sharing correspondence recorded in a history sharing record when the data storage terminal receives data of data generated by each node;
the decryption module is used for decrypting the second ciphertext through a decryption algorithm after the second ciphertext is received by other networks and other nodes in the big data generation network to obtain plaintext information, wherein the plaintext information comprises the dynamic encryption factor and the IP address information;
a third encryption module, configured to encrypt other nodes in the other networks and the big data generating network by using dynamic encryption factors, IP address information, and own IP address information of other nodes in the other networks and the big data generating network to generate a third ciphertext;
the request sending module is used for sending a data sharing request and a third ciphertext to a data storage terminal by other nodes in the other networks and the big data generation network when data sharing is needed; the data sharing request comprises a data type requested to be shared and a keyword corresponding to the data information;
and the verification module is used for performing security verification on other networks or other nodes of the big data generation network by using the data sharing request, the third ciphertext and the first ciphertext after the data storage terminal receives the data sharing request and the third ciphertext, and obtaining a security verification result.
The working principle of the technical scheme is as follows:
firstly, when the data storage terminal receives data of data generated by each node, a sending module sends the second ciphertext to other networks which have data sharing with each node generating the data and other nodes in the big data generation network according to the data sharing corresponding relation recorded in the history sharing record;
then, after a decryption module is used for receiving a second ciphertext at other nodes in the other networks and the big data generation network, decrypting the second ciphertext through a decryption algorithm to obtain plaintext information, wherein the plaintext information comprises the dynamic encryption factor and the IP address information;
then, a third encryption module is adopted to control other nodes in the other networks and the big data generation network to encrypt and generate a third ciphertext by utilizing the dynamic encryption factor, the IP address information and the self IP address information of the other nodes in the other networks and the big data generation network;
then, when data sharing is needed, the request sending module controls other nodes in the other networks and the big data generation network to send data sharing requests and third ciphertexts to the data storage terminal; the data sharing request comprises a data type requested to be shared and a keyword corresponding to the data information;
and finally, after the data storage terminal receives the data sharing request and the third ciphertext, a verification module is adopted to perform security verification on other networks or other nodes of the big data generation network by using the data sharing request, the third ciphertext and the first ciphertext, and a security verification result is obtained.
The effect of the above technical scheme is as follows: through the generation of the third ciphertext and the elements used by the generation of the third ciphertext, and the mode of performing security verification on other networks or other nodes of the big data generation network by combining the third ciphertext and the first ciphertext, the reliability of verification on a data sharing party can be effectively improved, the efficiency and the accuracy of security verification are improved, and the security performance of data sharing is further improved.
In one embodiment of the invention, the verification module comprises:
a third ciphertext decryption module, configured to decrypt, by using a decryption algorithm, the third ciphertext after the data storage terminal receives a data sharing request and a third ciphertext, where the data sharing request and the third ciphertext are sent by other nodes of another network or the big data generation network, to obtain plaintext information, where the plaintext information includes a dynamic factor, IP address information corresponding to a generation node of data to be shared, and IP address information corresponding to other nodes of the other network or the big data generation network;
the primary security verification module is used for extracting historical IP address information corresponding to other nodes of the other networks or the big data generation network from a historical shared record by the data storage terminal, comparing the historical IP address information with IP address information corresponding to other nodes of the other networks or the big data generation network obtained from a third ciphertext, and if the historical IP address information is consistent with the IP address information, determining that the other nodes of the other networks or the big data generation network are primary security;
the first ciphertext extraction module is used for extracting a first ciphertext of data required by the data sharing request from a storage area of the data storage terminal according to the data type in the data sharing request and a keyword corresponding to the data information, and decrypting the first ciphertext to obtain the data type and the data keyword in the first ciphertext;
and the final checking module is used for comparing the data type and the data keyword in the first ciphertext with the data type and the keyword in the data sharing request, and if the data type and the keyword are consistent, determining that other nodes of the other networks or the big data generation network are safe.
The working principle of the technical scheme is as follows: firstly, after a data storage terminal receives a data sharing request and a third ciphertext transmitted by other networks or other nodes of the big data generation network, a third ciphertext decryption module is adopted to decrypt the third ciphertext through a decryption algorithm to obtain plaintext information, wherein the plaintext information comprises a dynamic factor, IP address information corresponding to a generation node of data to be shared and IP address information corresponding to other networks or other nodes of the big data generation network; then, controlling the data storage terminal to extract historical IP address information corresponding to other nodes of the other networks or the big data generation network from a historical shared record by using a primary security verification module, comparing the historical IP address information with IP address information corresponding to other nodes of the other networks or the big data generation network acquired from a third ciphertext, and if the historical IP address information is consistent with the IP address information, determining that the other nodes of the other networks or the big data generation network are primary security;
then, a first ciphertext extraction module is adopted to control the data storage terminal to extract a first ciphertext of data required by the data sharing request from a storage area of the data storage terminal according to the data type in the data sharing request and a keyword corresponding to the data information, and the first ciphertext is decrypted to obtain the data type and the data keyword in the first ciphertext; and finally, comparing the data type and the data keyword in the first ciphertext with the data type and the keyword in the data sharing request through a final checking module, and if the data type and the keyword are consistent, determining that other nodes of the other networks or the big data generation network are safe.
The effect of the above technical scheme is as follows: the reliability of verification of the data sharing party is effectively improved, the efficiency and the accuracy of safety verification are improved, and the safety performance of data sharing is further improved.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (6)

1. A big data privacy protection sharing method is characterized by comprising the following steps:
after each node of the big data generation network generates data, encrypting the generated data, and sending the encrypted data and the corresponding ciphertext to a data storage terminal for data storage;
when the data storage terminal receives a data sharing request sent by other networks or other nodes of the big data generation network, the data storage terminal carries out security verification on the other networks or other nodes of the big data generation network;
carrying out data sharing aiming at other networks passing the security verification or other nodes of the big data generation network;
aiming at other networks which do not pass the safety verification or other nodes of the big data generation network, carrying out information filing and potential safety hazard reminding;
after each node of the big data generation network generates data, encrypting the generated data comprises:
extracting a data generation timestamp, a data type and a data keyword corresponding to data of each node generation data of the big data generation network;
encrypting the data generation timestamp, the data type and the data keyword by an encryption method to form a first ciphertext;
generating dynamic factors corresponding to the nodes by using the data volume of single generated data of each node of the big data generation network and the data sending times of each node;
generating a second ciphertext by using the dynamic encryption factor and the IP address information corresponding to each node through an encryption method;
the dynamic factor generation model generates a dynamic factor, and the dynamic factor generation model is as follows:
Figure FDA0003512873940000011
wherein, λ represents a dynamic factor, and C represents a numerical value corresponding to a data quantity currently transmitted by each node of the big data generation network; c represents a data quantity corresponding value of each node of the big data generation network for carrying out data transmission for the ith time; n represents the number of data transmission times corresponding to each node; cmaxRepresents the aboveEach node of the big data generation network sends a numerical value corresponding to the maximum data volume of data in a single time in the process of sending data for n times; cminRepresenting a numerical value corresponding to the minimum data volume of data sent at a time in the process of sending n times of data by each node of the big data generation network; h represents a random number generated by each node of the big data generation network when data are sent, the random number is three digits, and each digit is a randomly selected numerical value of 0-9.
2. The method according to claim 1, wherein the data storage terminal performs security verification on other networks or other nodes of the big data generation network when receiving data sharing requests sent by the other networks or other nodes of the big data generation network, and the method includes:
when the data storage terminal receives data generated by each node, the second ciphertext is sent to other networks which have data sharing with each node generating the data and other nodes in the big data generation network according to the data sharing corresponding relation recorded in the history sharing record;
after receiving a second ciphertext, other nodes in the other networks and the big data generation network decrypt the second ciphertext through a decryption algorithm to obtain plaintext information, wherein the plaintext information comprises the dynamic encryption factor and the IP address information;
other nodes in the other networks and the big data generation network generate third ciphertexts by utilizing dynamic encryption factors, IP address information and self IP address information of other nodes in the other networks and the big data generation network;
when data sharing is needed, other nodes in the other networks and the big data generation network send data sharing requests and third ciphertexts to a data storage terminal; the data sharing request comprises a data type requested to be shared and a keyword corresponding to the data information;
and after receiving the data sharing request and the third ciphertext, the data storage terminal performs security verification on other networks or other nodes of the big data generation network by using the data sharing request, the third ciphertext and the first ciphertext and obtains a security verification result.
3. The method of claim 2, wherein after receiving the data sharing request and the third ciphertext, the data storage terminal performs security verification on other nodes of the other networks or the big data generation network by using the data sharing request, the third ciphertext and the first ciphertext, and includes:
after receiving a data sharing request and a third ciphertext sent by other networks or other nodes of the big data generation network, the data storage terminal decrypts the third ciphertext through a decryption algorithm to obtain plaintext information, wherein the plaintext information comprises a dynamic factor, IP address information corresponding to a generation node of data to be shared and IP address information corresponding to other networks or other nodes of the big data generation network;
the data storage terminal extracts historical IP address information corresponding to other nodes of the other networks or the big data generation network from a historical shared record, compares the historical IP address information with IP address information corresponding to other nodes of the other networks or the big data generation network obtained from a third ciphertext, and if the historical IP address information is consistent with the IP address information, determines that the other nodes of the other networks or the big data generation network are primary safety;
the data storage terminal extracts a first ciphertext of data required by the data sharing request from a storage area of the data storage terminal according to the data type in the data sharing request and a keyword corresponding to the data information, decrypts the first ciphertext, and obtains the data type and the data keyword in the first ciphertext;
and comparing the data type and the data key in the first ciphertext with the data type and the data key in the data sharing request, and if the data type and the data key are consistent, determining that other networks or other nodes of the big data generation network are safe.
4. A big data privacy protection sharing system, the system comprising:
the encryption module is used for encrypting the generated data after each node of the big data generation network generates the data, and sending the encrypted data and the corresponding ciphertext to the data storage terminal for data storage;
the security verification module is used for performing security verification on other networks or other nodes of the big data generation network when the data storage terminal receives data sharing requests sent by other networks or other nodes of the big data generation network;
the data sharing module is used for sharing data aiming at other networks passing the security verification or other nodes of the big data generation network;
the post-processing module is used for carrying out information recording and potential safety hazard reminding aiming at other networks which do not pass safety verification or other nodes of the big data generation network;
wherein the encryption module comprises:
the extraction module is used for extracting a data generation timestamp and a data type of data generated by each node of the big data generation network and a data keyword corresponding to the data;
the first encryption module is used for encrypting the data generation timestamp, the data type and the data keyword by an encryption method to form a first ciphertext;
the dynamic factor generation module is used for generating a dynamic factor corresponding to each node by using the data volume of single generated data of each node of the big data generation network and the data transmission times of each node;
and the second encryption module is used for generating a second ciphertext by using the dynamic encryption factor and the IP address information corresponding to each node through an encryption method.
The dynamic factor generation model generates a dynamic factor, and the dynamic factor generation model is as follows:
Figure FDA0003512873940000031
wherein, λ represents a dynamic factor, and C represents a numerical value corresponding to the data volume currently transmitted by each node of the big data generation network; c represents a data quantity corresponding value of each node of the big data generation network for carrying out data transmission for the ith time; n represents the number of data transmission times corresponding to each node; cmaxRepresenting a numerical value corresponding to the maximum data volume of single-time transmitted data in the process of transmitting the n times of data by each node of the big data generation network; cminRepresenting a numerical value corresponding to the minimum data volume of data sent at a time in the process of sending n times of data by each node of the big data generation network; h represents a random number generated by each node of the big data generation network when data are sent, the random number is three digits, and each digit is a randomly selected numerical value of 0-9.
5. The system of claim 4, wherein the security authentication module comprises:
a sending module, configured to send the second ciphertext to other networks that have performed data sharing with each node that generates data and other nodes in the big data generation network according to a data sharing correspondence recorded in a history sharing record when the data storage terminal receives data of data generated by each node;
the decryption module is used for decrypting the second ciphertext through a decryption algorithm after the second ciphertext is received by other networks and other nodes in the big data generation network to obtain plaintext information, wherein the plaintext information comprises the dynamic encryption factor and the IP address information;
a third encryption module, configured to encrypt other nodes in the other networks and the big data generating network by using dynamic encryption factors, IP address information, and own IP address information of other nodes in the other networks and the big data generating network to generate a third ciphertext;
the request sending module is used for sending a data sharing request and a third ciphertext to a data storage terminal by other nodes in the other networks and the big data generation network when data sharing is needed; the data sharing request comprises a data type requested to be shared and a keyword corresponding to the data information;
and the verification module is used for performing security verification on other networks or other nodes of the big data generation network by using the data sharing request, the third ciphertext and the first ciphertext after the data storage terminal receives the data sharing request and the third ciphertext, and obtaining a security verification result.
6. The system of claim 5, wherein the verification module comprises:
a third ciphertext decryption module, configured to decrypt, by using a decryption algorithm, the third ciphertext after the data storage terminal receives a data sharing request and a third ciphertext, where the data sharing request and the third ciphertext are sent by other nodes of another network or the big data generation network, to obtain plaintext information, where the plaintext information includes a dynamic factor, IP address information corresponding to a generation node of data to be shared, and IP address information corresponding to other nodes of the other network or the big data generation network;
the primary security verification module is used for extracting historical IP address information corresponding to other nodes of the other networks or the big data generation network from a historical shared record by the data storage terminal, comparing the historical IP address information with IP address information corresponding to other nodes of the other networks or the big data generation network obtained from a third ciphertext, and if the historical IP address information is consistent with the IP address information, determining that the other nodes of the other networks or the big data generation network are primary security;
the first ciphertext extraction module is used for extracting a first ciphertext of data required by the data sharing request from a storage area of the data storage terminal according to the data type in the data sharing request and a keyword corresponding to data information, and decrypting the first ciphertext to obtain the data type and the data keyword in the first ciphertext;
and the final checking module is used for comparing the data type and the data keyword in the first ciphertext with the data type and the keyword in the data sharing request, and if the data type and the keyword are consistent, determining that other nodes of the other networks or the big data generation network are safe.
CN202011381236.6A 2020-12-01 2020-12-01 Big data privacy protection sharing method and system Active CN112491904B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011381236.6A CN112491904B (en) 2020-12-01 2020-12-01 Big data privacy protection sharing method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011381236.6A CN112491904B (en) 2020-12-01 2020-12-01 Big data privacy protection sharing method and system

Publications (2)

Publication Number Publication Date
CN112491904A CN112491904A (en) 2021-03-12
CN112491904B true CN112491904B (en) 2022-05-20

Family

ID=74938619

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011381236.6A Active CN112491904B (en) 2020-12-01 2020-12-01 Big data privacy protection sharing method and system

Country Status (1)

Country Link
CN (1) CN112491904B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107181599A (en) * 2017-07-18 2017-09-19 天津理工大学 The storage of route location data confidentiality and sharing method based on block chain
WO2018045568A1 (en) * 2016-09-09 2018-03-15 深圳大学 Access control method oriented to cloud storage service platform and system thereof
WO2018157858A1 (en) * 2017-03-03 2018-09-07 腾讯科技(深圳)有限公司 Information storage method, device, and computer-readable storage medium
CN111274594A (en) * 2020-01-20 2020-06-12 上海市大数据中心 Block chain-based secure big data privacy protection sharing method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105681470B (en) * 2012-03-29 2018-12-28 北京奇虎科技有限公司 Communication means, server based on hypertext transfer protocol, terminal
CN108055274B (en) * 2017-12-22 2020-09-11 广东工业大学 Encryption and sharing method and system based on alliance chain storage data

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018045568A1 (en) * 2016-09-09 2018-03-15 深圳大学 Access control method oriented to cloud storage service platform and system thereof
WO2018157858A1 (en) * 2017-03-03 2018-09-07 腾讯科技(深圳)有限公司 Information storage method, device, and computer-readable storage medium
CN107181599A (en) * 2017-07-18 2017-09-19 天津理工大学 The storage of route location data confidentiality and sharing method based on block chain
CN111274594A (en) * 2020-01-20 2020-06-12 上海市大数据中心 Block chain-based secure big data privacy protection sharing method

Also Published As

Publication number Publication date
CN112491904A (en) 2021-03-12

Similar Documents

Publication Publication Date Title
CN109033855B (en) Data transmission method and device based on block chain and storage medium
CN113691502B (en) Communication method, device, gateway server, client and storage medium
CN113067699B (en) Data sharing method and device based on quantum key and computer equipment
CN112182609A (en) Block chain-based data uplink storage method and tracing method, device and equipment
US20200213331A1 (en) Data service system
CN103414682A (en) Method for cloud storage of data and system
CN105227566A (en) Cipher key processing method, key handling device and key handling system
CN111274599A (en) Data sharing method based on block chain and related device
CN112685786B (en) Financial data encryption and decryption method, system, equipment and storage medium
CN111404952B (en) Transformer substation data encryption transmission method and device, computer equipment and storage medium
CN107465665A (en) A kind of file encryption-decryption method based on fingerprint identification technology
CN111970114B (en) File encryption method, system, server and storage medium
CN104158827A (en) Cryptograph data sharing method and device, inquiring server and data uploading client terminal
CN112866227A (en) File authorization protection method and system
CN116866029B (en) Random number encryption data transmission method, device, computer equipment and storage medium
CN109726584B (en) Cloud database key management system
CN109302283B (en) Anti-quantum computing agent cloud storage method and system based on public asymmetric key pool
Yang et al. Provable Ownership of Encrypted Files in De-duplication Cloud Storage.
CN112491904B (en) Big data privacy protection sharing method and system
CN116049792A (en) Face registration and recognition method and face data protection system
CN113672955B (en) Data processing method, system and device
CN114124914B (en) Data security transmission method, device, computer equipment and storage medium
CN113411347B (en) Transaction message processing method and processing device
CN111431846B (en) Data transmission method, device and system
Patel A survey on security techniques used for confidentiality in cloud computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant