CN112765617A - Data remote cooperative protection method and system - Google Patents
Data remote cooperative protection method and system Download PDFInfo
- Publication number
- CN112765617A CN112765617A CN202011535910.1A CN202011535910A CN112765617A CN 112765617 A CN112765617 A CN 112765617A CN 202011535910 A CN202011535910 A CN 202011535910A CN 112765617 A CN112765617 A CN 112765617A
- Authority
- CN
- China
- Prior art keywords
- key
- data block
- data
- server
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention provides a method and a system for collaborative protection of data at different places, wherein the method comprises the steps that a client splits local data into a first data block and a second data block according to a splitting rule; the client sends a request to the server, the second data block is transmitted to the server after the request is verified by the server, and the first data block is reserved to the client; and encrypting the first data block and the second data block through a key, and respectively storing the first data block and the second data block in different media at different places, wherein the system comprises modules corresponding to the steps of the method.
Description
Technical Field
The invention relates to the technical field of data protection, in particular to a method and a system for data long-distance cooperative protection.
Background
The mobile operator hosts sensitive data such as customer call lists, group customer data, operation analysis data and the like. Once sensitive data is leaked, competitor's chamfering and customer loss are caused; if the loss is in the hands of lawless persons, even media crisis can be caused, and the loss in both economic benefit and social benefit is brought. In order to avoid the abuse of sensitive data, the prior art generally adopts data disaster recovery backup for protection.
The disaster recovery backup system is characterized in that two or more sets of IT systems with the same function are established in different places far away from each other, health status monitoring and function switching can be performed among the IT systems, and when one system stops working due to accidents (such as fire, earthquake and the like), the whole application system can be switched to the other system, so that the system can continue to work normally.
With the development of cooperative office, the application of workflow technology is more and more extensive, the process of transmitting and interacting work data among a plurality of users in an enterprise is solidified on an information system, and the flow of work and data transmission is effectively standardized. However, the current security defense technology cannot effectively utilize the user information provided by the workflow technology, and therefore, the disaster recovery backup computing described above has the following problems:
the disaster recovery backup technical means need to specify data users, and lacks a method for remote cooperative protection, so that local data is safe and cannot be intrinsically safe, and when the local safety measures are cracked or bypassed, all data can be leaked, such as a Zhongxing event.
Disclosure of Invention
In order to at least partially solve the above problems, the present invention provides a method and a system for data allopatric cooperative protection, wherein the method comprises: the method comprises the following steps:
the client splits the local data into a first data block and a second data block according to a splitting rule;
the client sends a request to the server, the second data block is transmitted to the server after the request is verified by the server, and the first data block is reserved to the client;
and encrypting the first data block and the second data block through a key, and respectively storing the first data block and the second data block in different media at different places.
Further, the splitting, by the client, the local data into the first data block and the second data block according to the splitting rule includes:
acquiring the splitting rule;
and splitting the local data into a first data block and a second data block by a mode of taking the modulus through a main key according to a splitting rule.
Further, the client sends a request to a server, and transmits the second data block to the server after the request is verified by the server, and the first data block is reserved to the client, including:
the client sends a remote login request to the server sending end;
the server side sends an identity information request to the client side according to the remote login request;
the client sends user identity information to the server according to the identity information request;
the server side judges whether the user identity information sent by the client side is correct or not according to user identity authentication information prestored in the user identity list, if so, a console session process is established, and a second data block is obtained; if not, a new remote login request is waited for.
Further, the encrypting the first data block and the second data block by the key and storing the first data block and the second data block in different media at different locations respectively includes:
generating a working key for the split data, and encrypting the split data by using the working key to obtain encrypted ciphertext data;
establishing an asymmetric key, encrypting the working key by using a public key in the asymmetric key, and obtaining an encrypted key ciphertext;
and respectively storing the encrypted ciphertext data and the encrypted key ciphertext in different media at different places.
Further, the specific steps of creating the asymmetric key are as follows:
step a1, obtaining the key length according to the following formula:
wherein, A represents a first preset prime number, B represents a second preset prime number, pi represents a natural constant, sigma represents a data variance value after splitting, mu represents a mean value of the data after splitting, INT represents rounding, and n represents a key length;
step A2, determining a first number of numbers less than or equal to the key length that are coprime to the key length based on the key length and the following formula:
f(n)=(B-1)×(A-1)
wherein f (n) represents a first number;
step A3, randomly determining a first identification number which is relatively prime to the first number, wherein the first identification number is a positive number smaller than the first number, and determining a second identification number according to the first number and the first identification number by the following formula:
d*e=1mod f(n)
wherein e represents a first identification number, d represents a second identification number, and a key is determined according to the first identification number, the second identification number and the key length, and the key comprises: the system comprises a private key and a public key, wherein the private key is (n, d) and is used for decrypting an encrypted key ciphertext, and the public key is (n, e) and is used for encrypting a working key.
A system for displaced collaborative protection of data, the system comprising:
the splitting module is used for splitting the local data into a first data block and a second data block by the client according to the splitting rule;
the sending module is used for sending a request to a server by the client, transmitting the second data block to the server after the request is verified by the server, and reserving the first data block to the client;
and the encryption module is used for encrypting the first data block and the second data block through keys and respectively storing the first data block and the second data block in different media at different places.
Further, the splitting module performs the specific steps of splitting the local data into the first data block and the second data block by the client according to the splitting rule as follows:
acquiring the splitting rule;
and splitting the local data into a first data block and a second data block by a mode of taking the modulus through a main key according to a splitting rule.
Further, the sending module sends the request from the client to the server, and transmits the second data block to the server after the request is verified by the server, and the first data block is reserved to the client before further comprising:
the client sends a remote login request to the server sending end;
the server side sends an identity information request to the client side according to the remote login request;
the client sends user identity information to the server according to the identity information request;
the server side judges whether the user identity information sent by the client side is correct or not according to user identity authentication information prestored in the user identity list, if so, a console session process is established, and a second data block is obtained; if not, a new remote login request is waited for.
Further, the encrypting module encrypts the first data block and the second data block by a key, and stores the encrypted first data block and the encrypted second data block in different media at different locations respectively, and the specific steps are as follows:
generating a working key for the split data, and encrypting the split data by using the working key to obtain encrypted ciphertext data;
establishing an asymmetric key, encrypting the working key by using a public key in the asymmetric key, and obtaining an encrypted key ciphertext;
and respectively storing the encrypted ciphertext data and the encrypted key ciphertext in different media at different places.
Further, the specific steps of the encryption module for creating the asymmetric key are as follows:
step a1, obtaining the key length according to the following formula:
wherein, A represents a first preset prime number, B represents a second preset prime number, pi represents a natural constant, sigma represents a data variance value after splitting, mu represents a mean value of the data after splitting, INT represents rounding, and n represents a key length;
step A2, determining a first number of numbers less than or equal to the key length that are coprime to the key length based on the key length and the following formula:
f(n)=(B-1)×(A-1)
wherein f (n) represents a first number;
step A3, randomly determining a first identification number which is relatively prime to the first number, wherein the first identification number is a positive number smaller than the first number, and determining a second identification number according to the first number and the first identification number by the following formula:
d*e=1mod f(n)
wherein e represents a first identification number, d represents a second identification number, and a key is determined according to the first identification number, the second identification number and the key length, and the key comprises: the system comprises a private key and a public key, wherein the private key is (n, d) and is used for decrypting an encrypted key ciphertext, and the public key is (n, e) and is used for encrypting a working key.
Compared with the prior art, the invention has the beneficial effects that: the invention provides a method and a system for collaborative protection of data at different places, wherein the method comprises the steps that a client splits local data into a first data block and a second data block according to a splitting rule; the client sends a request to the server, the second data block is transmitted to the server after the request is verified by the server, and the first data block is reserved to the client; and encrypting the first data block and the second data block through a secret key, and respectively storing the encrypted data blocks in different media of different places, so that the safety of local data can be improved, and the data can be concealed.
The following description of the preferred embodiments for carrying out the present invention will be made in detail with reference to the accompanying drawings so that the features and advantages of the present invention can be easily understood.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings of the embodiments of the present invention will be briefly described below. Wherein the drawings are only for purposes of illustrating some embodiments of the invention and are not to be construed as limiting the invention to all embodiments thereof.
FIG. 1 is a flow chart of a data allopatric cooperative protection method according to the present invention;
fig. 2 is a block diagram of a data allopatric cooperative protection system according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1 and 2, the technical problem solved by the present invention is to provide a method and a system for data allopatric cooperative protection, wherein the method comprises:
s1, the client splits the local data into a first data block and a second data block according to the splitting rule;
s2, the client sends a request to the server, the second data block is transmitted to the server after the request is verified by the server, and the first data block is reserved to the client;
and S3, encrypting the first data block and the second data block through a key, and respectively storing the first data block and the second data block in different media at different places.
The working principle of the technical scheme is as follows: firstly, local data is split into a first data block and a second data block through a client according to a splitting rule; then the client sends a remote login request to the server sending end, and the server sends an identity information request to the client according to the remote login request; the client sends user identity information to the server according to the identity information request; the server side judges whether the user identity information sent by the client side is correct or not according to user identity authentication information prestored in the user identity list, if so, a console session process is established, a second data block is obtained, the second data block is transmitted to the server, and the first data block is reserved to the client side; if not, waiting for a new remote login request; then the server splits the local data according to a splitting rule; and finally, encrypting the first data block and the second data block through a key, and respectively storing the first data block and the second data block in different media at different places.
The beneficial effects of the above technical scheme are that: by utilizing the technology, the local data to be stored can be split according to the splitting rule and stored after being encrypted, the safety of the data can be ensured, and the split first data block and the second data block are encrypted by a key to realize that the first data block is encrypted and stored to the client, the second data block is encrypted and stored on the server, thereby satisfying the requirement that different media stored in different places of different positions do not have complete images at each position, and both will affect the information of the other, only two safe and credible parties can combine the data, and if any party is lost, the data can not be recovered, the data can be directly managed, the data is operated, and the data is not subjected to simple authority management, so that the safety of the data is improved, the data is concealed, and the loss of the data caused by leakage is avoided.
In an embodiment provided by the present invention, the splitting, by the client, the local data into the first data block and the second data block according to the splitting rule includes:
acquiring the splitting rule;
and splitting the local data into a first data block and a second data block by a mode of taking the modulus through a main key according to a splitting rule.
The working principle of the technical scheme is as follows: firstly, a splitting rule is obtained, a mixed value of unique information of two parts of storage media is used as a splitting factor in the splitting rule, so that data is split according to the splitting factor in a mode of taking a module by a main key, and the split data is divided into two parts of data, namely a first data block and a second data block.
The beneficial effects of the above technical scheme are that: through the technical scheme, the local data can be split, the management and the storage of the system are facilitated, the program is convenient to upgrade and maintain, and when the function of the main program is improved, only the front-end program needs to be replaced.
In an embodiment of the present invention, the encrypting the first data block and the second data block by a key, and storing the first data block and the second data block in different media at different locations respectively includes:
generating a working key for the split data, and encrypting the split data by using the working key to obtain encrypted ciphertext data;
establishing an asymmetric key, encrypting the working key by using a public key in the asymmetric key, and obtaining an encrypted key ciphertext;
and respectively storing the encrypted ciphertext data and the encrypted key ciphertext in different media at different places.
The working principle of the technical scheme is as follows: firstly, aiming at split data, a working key is generated for a first data block and a second data block, and the work key is used for carrying out encryption processing on the split first data block and the split second data block to obtain encrypted first ciphertext data and encrypted second ciphertext data; then, an asymmetric key is created, a public key in the asymmetric key is used for encrypting the working key, and an encryption key ciphertext is obtained; and finally, storing the encrypted first ciphertext data to the client, and storing the encrypted second ciphertext data and the encrypted key ciphertext on the server, so that the first ciphertext data and the encrypted key ciphertext are stored in different media at different places, and multi-position storage is realized.
The beneficial effects of the above technical scheme are that: according to the technical scheme, the data can be stored in multiple positions, so that each position does not have complete information, the information of the other side can be influenced mutually, only two safe and reliable sides can combine the data, any side is lost, the data cannot be recovered, a double-layer encryption technology is adopted for encryption, and the data security is guaranteed.
In an embodiment provided by the present invention, the specific steps of creating the asymmetric key are as follows:
step a1, obtaining the key length according to the following formula:
wherein, A represents a first preset prime number, B represents a second preset prime number, pi represents a natural constant, sigma represents a data variance value after splitting, mu represents a mean value of the data after splitting, INT represents rounding, and n represents a key length;
step A2, determining a first number of numbers less than or equal to the key length that are coprime to the key length based on the key length and the following formula:
f(n)=(B-1)×(A-1)
wherein f (n) represents a first number;
step A3, randomly determining a first identification number which is relatively prime to the first number, wherein the first identification number is a positive number smaller than the first number, and determining a second identification number according to the first number and the first identification number by the following formula:
d*e=1mod f(n)
wherein e represents a first identification number, d represents a second identification number, and a key is determined according to the first identification number, the second identification number and the key length, and the key comprises: the system comprises a private key and a public key, wherein the private key is (n, d) and is used for decrypting an encrypted key ciphertext, and the public key is (n, e) and is used for encrypting a working key.
The working principle of the technical scheme is as follows: firstly, acquiring the length of a secret key according to a first preset prime number and a second preset prime number; then determining a first number of numbers which are less than or equal to the key length and are prime to the key length from the key length; secondly, randomly determining a first identification number which is relatively prime with the first number, wherein the first identification number is a positive number smaller than the first number, and determining a second identification number according to the first number and the first identification number and the following formula; finally, a key is determined, the key comprising: the system comprises a private key and a public key, wherein the private key is (n, d) and is used for decrypting an encrypted key ciphertext, and the public key is (n, e) and is used for encrypting a working key.
The beneficial effects of the above technical scheme are that: the technical scheme realizes the encryption and decryption operations of the working key, the generated working key is encrypted, the safety of the working key can be ensured, the working key encrypts the split data, the absolute safety of the data is also ensured, serious loss caused by data leakage can not exist, the encrypted data needs to obtain the encrypted key ciphertext which must be decrypted through a private key, so that the working key is obtained, the working key is used for decrypting the encrypted first ciphertext data and the encrypted second ciphertext data, so that the split first data block and the split second data block are obtained, the original local data can be obtained by integrating the first data block and the second data block, the complexity of obtaining the original data is improved, the safety performance of the system is greatly improved, and the algorithm is simple and easy to understand, and the intelligent effect of the system is greatly embodied by automatic calculation of a computer.
A system for displaced collaborative protection of data, the system comprising:
the splitting module is used for splitting the local data into a first data block and a second data block by the client according to the splitting rule;
the sending module is used for sending a request to a server by the client, transmitting the second data block to the server after the request is verified by the server, and reserving the first data block to the client;
and the encryption module is used for encrypting the first data block and the second data block through keys and respectively storing the first data block and the second data block in different media at different places.
The working principle of the technical scheme is as follows: firstly, a splitting module splits local data into a first data block and a second data block according to splitting rules through a client; then a sending module sends a remote login request to the server sending end through a client, and the server sends an identity information request to the client according to the remote login request; the client sends user identity information to the server according to the identity information request; the server side judges whether the user identity information sent by the client side is correct or not according to user identity authentication information prestored in the user identity list, if so, a console session process is established, a second data block is obtained, the second data block is transmitted to the server, and the first data block is reserved to the client side; if not, waiting for a new remote login request; then the server splits the local data according to a splitting rule; and finally, the encryption module encrypts the first data block and the second data block through a key and stores the encrypted data blocks in different media at different places respectively.
The beneficial effects of the above technical scheme are that: by utilizing the technology, the local data to be stored can be split according to the splitting rule and stored after being encrypted, the safety of the data can be ensured, and the split first data block and the split second data block are encrypted through a key, the first data block is encrypted and then stored in the client, the second data block is encrypted and then stored in the server, thereby satisfying the requirement that different media stored in different places of different positions do not have complete images at each position, and both will affect the information of the other, only two safe and credible parties can combine the data, and if any party is lost, the data can not be recovered, the data can be directly managed, the data is operated, and the data is not subjected to simple authority management, so that the safety of the data is improved, the data is concealed, and the loss of the data caused by leakage is avoided.
In an embodiment provided by the present invention, the splitting module performs the specific steps of splitting the local data into the first data chunk and the second data chunk by the client according to the splitting rule as follows:
acquiring the splitting rule;
and splitting the local data into a first data block and a second data block by a mode of taking the modulus through a main key according to a splitting rule.
The working principle of the technical scheme is as follows: firstly, a splitting rule is obtained, a mixed value of unique information of two parts of storage media is used as a splitting factor in the splitting rule, so that data is split according to the splitting factor in a mode of taking a module by a main key, and the split data is divided into two parts of data, namely a first data block and a second data block.
The beneficial effects of the above technical scheme are that: through the technical scheme, the local data can be split, the management and the storage of the system are facilitated, the program is convenient to upgrade and maintain, and when the function of the main program is improved, only the front-end program needs to be replaced.
In an embodiment provided by the present invention, the specific steps of the encryption module encrypting the first data block and the second data block by using a key and respectively storing the encrypted first data block and the encrypted second data block in different media at different locations are as follows:
generating a working key for the split data, and encrypting the split data by using the working key to obtain encrypted ciphertext data;
establishing an asymmetric key, encrypting the working key by using a public key in the asymmetric key, and obtaining an encrypted key ciphertext;
and respectively storing the encrypted ciphertext data and the encrypted key ciphertext in different media at different places.
The working principle of the technical scheme is as follows: firstly, aiming at split data, a working key is generated for a first data block and a second data block, and the work key is used for carrying out encryption processing on the split first data block and the split second data block to obtain encrypted first ciphertext data and encrypted second ciphertext data; then, an asymmetric key is created, a public key in the asymmetric key is used for encrypting the working key, and an encryption key ciphertext is obtained; and finally, storing the encrypted first ciphertext data to the client, and storing the encrypted second ciphertext data and the encrypted key ciphertext on the server, so that the first ciphertext data and the encrypted key ciphertext are stored in different media at different places, and multi-position storage is realized.
The beneficial effects of the above technical scheme are that: according to the technical scheme, the data can be stored in multiple positions, so that each position does not have complete information, the information of the other side can be influenced mutually, only two safe and reliable sides can combine the data, any side is lost, the data cannot be recovered, a double-layer encryption technology is adopted for encryption, and the data security is guaranteed.
In an embodiment provided by the present invention, the specific steps of the encryption module to create the asymmetric key are as follows:
step a1, obtaining the key length according to the following formula:
wherein, A represents a first preset prime number, B represents a second preset prime number, pi represents a natural constant, sigma represents a data variance value after splitting, mu represents a mean value of the data after splitting, INT represents rounding, and n represents a key length;
step A2, determining a first number of numbers less than or equal to the key length that are coprime to the key length based on the key length and the following formula:
f(n)=(B-1)×(A-1)
wherein f (n) represents a first number;
step A3, randomly determining a first identification number which is relatively prime to the first number, wherein the first identification number is a positive number smaller than the first number, and determining a second identification number according to the first number and the first identification number by the following formula:
d*e=1mod f(n)
wherein e represents a first identification number, d represents a second identification number, and a key is determined according to the first identification number, the second identification number and the key length, and the key comprises: the system comprises a private key and a public key, wherein the private key is (n, d) and is used for decrypting an encrypted key ciphertext, and the public key is (n, e) and is used for encrypting a working key.
The working principle of the technical scheme is as follows: firstly, acquiring the length of a secret key according to a first preset prime number and a second preset prime number; then determining a first number of numbers which are less than or equal to the key length and are prime to the key length from the key length; secondly, randomly determining a first identification number which is relatively prime with the first number, wherein the first identification number is a positive number smaller than the first number, and determining a second identification number according to the first number and the first identification number and the following formula; finally, a key is determined, the key comprising: the system comprises a private key and a public key, wherein the private key is (n, d) and is used for decrypting an encrypted key ciphertext, and the public key is (n, e) and is used for encrypting a working key.
The beneficial effects of the above technical scheme are that: the technical scheme realizes the encryption and decryption operations of the working key, the generated working key is encrypted, the safety of the working key can be ensured, the working key encrypts the split data, the absolute safety of the data is also ensured, serious loss caused by data leakage can not exist, the encrypted data needs to obtain the encrypted key ciphertext which must be decrypted through a private key, so that the working key is obtained, the working key is used for decrypting the encrypted first ciphertext data and the encrypted second ciphertext data, so that the split first data block and the split second data block are obtained, the original local data can be obtained by integrating the first data block and the second data block, the complexity of obtaining the original data is improved, the safety performance of the system is greatly improved, and the algorithm is simple and easy to understand, and the intelligent effect of the system is greatly embodied by automatic calculation of a computer.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle scope of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method for the allopatric cooperative protection of data is characterized in that the method comprises the following steps:
the client splits the local data into a first data block and a second data block according to a splitting rule;
the client sends a request to the server, the second data block is transmitted to the server after the request is verified by the server, and the first data block is reserved to the client;
and encrypting the first data block and the second data block through a key, and respectively storing the first data block and the second data block in different media at different places.
2. The method according to claim 1, wherein the splitting the local data into the first data block and the second data block by the client according to the splitting rule comprises:
acquiring the splitting rule;
and splitting the local data into a first data block and a second data block by a mode of taking the modulus through a main key according to a splitting rule.
3. The method according to claim 1, wherein the client sends a request to the server, and transmits the second data block to the server after the request is verified by the server, and the first data block is reserved to the client, comprising:
the client sends a remote login request to the server sending end;
the server side sends an identity information request to the client side according to the remote login request;
the client sends user identity information to the server according to the identity information request;
the server side judges whether the user identity information sent by the client side is correct or not according to user identity authentication information prestored in the user identity list, if so, a console session process is established, and a second data block is obtained; if not, a new remote login request is waited for.
4. The method according to claim 1, wherein the encrypting the first data block and the second data block with a key and storing the encrypted data blocks in different media at different locations respectively comprises:
generating a working key for the split data, and encrypting the split data by using the working key to obtain encrypted ciphertext data;
establishing an asymmetric key, encrypting the working key by using a public key in the asymmetric key, and obtaining an encrypted key ciphertext;
and respectively storing the encrypted ciphertext data and the encrypted key ciphertext in different media at different places.
5. The method for allopatry cooperative protection of data according to claim 4, wherein the specific steps for creating the asymmetric key are as follows:
step a1, obtaining the key length according to the following formula:
wherein, A represents a first preset prime number, B represents a second preset prime number, pi represents a natural constant, sigma represents a data variance value after splitting, mu represents a mean value of the data after splitting, INT represents rounding, and n represents a key length;
step A2, determining a first number of numbers less than or equal to the key length that are coprime to the key length based on the key length and the following formula:
f(n)=(B-1)×(A-1)
wherein f (n) represents a first number;
step A3, randomly determining a first identification number which is relatively prime to the first number, wherein the first identification number is a positive number smaller than the first number, and determining a second identification number according to the first number and the first identification number by the following formula:
d*e=1modf(n)
wherein e represents a first identification number, d represents a second identification number, and a key is determined according to the first identification number, the second identification number and the key length, and the key comprises: the system comprises a private key and a public key, wherein the private key is (n, d) and is used for decrypting an encrypted key ciphertext, and the public key is (n, e) and is used for encrypting a working key.
6. A data allopatric cooperative protection system, the system comprising:
the splitting module is used for splitting the local data into a first data block and a second data block by the client according to the splitting rule;
the sending module is used for sending a request to a server by the client, transmitting the second data block to the server after the request is verified by the server, and reserving the first data block to the client;
and the encryption module is used for encrypting the first data block and the second data block through keys and respectively storing the first data block and the second data block in different media at different places.
7. The system of claim 6, wherein the splitting module performs the specific steps of splitting the local data into the first data block and the second data block according to the splitting rule by the client, as follows:
acquiring the splitting rule;
and splitting the local data into a first data block and a second data block by a mode of taking the modulus through a main key according to a splitting rule.
8. The system of claim 6, wherein the sending module sends the request from the client to the server, and transmits the second data block to the server after the request is verified by the server, and the first data block is reserved to the client before further comprising:
the client sends a remote login request to the server sending end;
the server side sends an identity information request to the client side according to the remote login request;
the client sends user identity information to the server according to the identity information request;
the server side judges whether the user identity information sent by the client side is correct or not according to user identity authentication information prestored in the user identity list, if so, a console session process is established, and a second data block is obtained; if not, a new remote login request is waited for.
9. The system of claim 6, wherein the encryption module encrypts the first data block and the second data block with a key and stores the encrypted data blocks in different media at different locations respectively, and the specific steps are as follows:
generating a working key for the split data, and encrypting the split data by using the working key to obtain encrypted ciphertext data;
establishing an asymmetric key, encrypting the working key by using a public key in the asymmetric key, and obtaining an encrypted key ciphertext;
and respectively storing the encrypted ciphertext data and the encrypted key ciphertext in different media at different places.
10. The system of claim 6, wherein the encryption module performs the specific steps of creating an asymmetric key as follows:
step a1, obtaining the key length according to the following formula:
wherein, A represents a first preset prime number, B represents a second preset prime number, pi represents a natural constant, sigma represents a data variance value after splitting, mu represents a mean value of the data after splitting, INT represents rounding, and n represents a key length;
step A2, determining a first number of numbers less than or equal to the key length that are coprime to the key length based on the key length and the following formula:
f(n)=(B-1)×(A-1)
wherein f (n) represents a first number;
step A3, randomly determining a first identification number which is relatively prime to the first number, wherein the first identification number is a positive number smaller than the first number, and determining a second identification number according to the first number and the first identification number by the following formula:
d*e=1modf(n)
wherein e represents a first identification number, d represents a second identification number, and a key is determined according to the first identification number, the second identification number and the key length, and the key comprises: the system comprises a private key and a public key, wherein the private key is (n, d) and is used for decrypting an encrypted key ciphertext, and the public key is (n, e) and is used for encrypting a working key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011535910.1A CN112765617A (en) | 2020-12-23 | 2020-12-23 | Data remote cooperative protection method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011535910.1A CN112765617A (en) | 2020-12-23 | 2020-12-23 | Data remote cooperative protection method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112765617A true CN112765617A (en) | 2021-05-07 |
Family
ID=75695277
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011535910.1A Pending CN112765617A (en) | 2020-12-23 | 2020-12-23 | Data remote cooperative protection method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112765617A (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067401A (en) * | 2013-01-10 | 2013-04-24 | 天地融科技股份有限公司 | Method and system for key protection |
| US20150286805A1 (en) * | 2012-12-12 | 2015-10-08 | Tencent Technology (Shenzhen) Company Ltd. | Method, system, server and terminal for implementing secure transmission of data |
| CN105320899A (en) * | 2014-07-22 | 2016-02-10 | 北京大学 | User-oriented cloud storage data integrity protection method |
| CN106533663A (en) * | 2016-11-01 | 2017-03-22 | 广东浪潮大数据研究有限公司 | Data encryption method, encryption party device, data decryption method, and decryption party device |
| CN109271376A (en) * | 2018-11-30 | 2019-01-25 | 北京锐安科技有限公司 | Database upgrade method, apparatus, equipment and storage medium |
| CN109492412A (en) * | 2018-10-31 | 2019-03-19 | 上海爱优威软件开发有限公司 | The encryption storage method and system of file |
| CN109561047A (en) * | 2017-09-26 | 2019-04-02 | 安徽问天量子科技股份有限公司 | Encryption data storage system and method based on the storage of key strange land |
| CN109948347A (en) * | 2017-12-21 | 2019-06-28 | 中移(杭州)信息技术有限公司 | A kind of date storage method and device, server and readable storage medium storing program for executing |
| CN111709040A (en) * | 2020-06-04 | 2020-09-25 | 江苏智先生信息科技有限公司 | Sensitive data oriented secure discrete storage method |
-
2020
- 2020-12-23 CN CN202011535910.1A patent/CN112765617A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150286805A1 (en) * | 2012-12-12 | 2015-10-08 | Tencent Technology (Shenzhen) Company Ltd. | Method, system, server and terminal for implementing secure transmission of data |
| CN103067401A (en) * | 2013-01-10 | 2013-04-24 | 天地融科技股份有限公司 | Method and system for key protection |
| CN105320899A (en) * | 2014-07-22 | 2016-02-10 | 北京大学 | User-oriented cloud storage data integrity protection method |
| CN106533663A (en) * | 2016-11-01 | 2017-03-22 | 广东浪潮大数据研究有限公司 | Data encryption method, encryption party device, data decryption method, and decryption party device |
| CN109561047A (en) * | 2017-09-26 | 2019-04-02 | 安徽问天量子科技股份有限公司 | Encryption data storage system and method based on the storage of key strange land |
| CN109948347A (en) * | 2017-12-21 | 2019-06-28 | 中移(杭州)信息技术有限公司 | A kind of date storage method and device, server and readable storage medium storing program for executing |
| CN109492412A (en) * | 2018-10-31 | 2019-03-19 | 上海爱优威软件开发有限公司 | The encryption storage method and system of file |
| CN109271376A (en) * | 2018-11-30 | 2019-01-25 | 北京锐安科技有限公司 | Database upgrade method, apparatus, equipment and storage medium |
| CN111709040A (en) * | 2020-06-04 | 2020-09-25 | 江苏智先生信息科技有限公司 | Sensitive data oriented secure discrete storage method |
Non-Patent Citations (1)
| Title |
|---|
| 蒋加伏 等: "《大学计算机》", 30 June 2017, 北京邮电大学出版社 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6120895B2 (en) | System and method for securing data in the cloud | |
| JP6118778B2 (en) | System and method for securing data in motion | |
| US9407431B2 (en) | Systems and methods for distributing and securing data | |
| JP2015097095A (en) | Systems and methods for securing data in motion | |
| CN107171796A (en) | A kind of many KMC key recovery methods | |
| CN110932850B (en) | Communication encryption method and system | |
| US20180115535A1 (en) | Blind En/decryption for Multiple Clients Using a Single Key Pair | |
| CN103546421A (en) | Network work communication security and secrecy system on basis of PKI (public key infrastructure) technology and method for implementing network work communication security and secrecy system | |
| CN112989320B (en) | User state management system and method for password equipment | |
| CN103916237A (en) | Method and system for managing user encrypted-key retrieval | |
| CN112437031A (en) | Multi-terminal converged homeland resource mobile government system based on heterogeneous network | |
| CN109274690A (en) | Group's data ciphering method | |
| CN106972928B (en) | Bastion machine private key management method, device and system | |
| CN115412236A (en) | Method for key management and password calculation, encryption method and device | |
| Kline et al. | Public key vs. conventional key encryption | |
| CN112765617A (en) | Data remote cooperative protection method and system | |
| CN114173303A (en) | Train-ground session key generation method and system for CTCS-3 level train control system | |
| Miyaho et al. | Study of a secure backup network mechanism for disaster recovery and practical network applications | |
| CN117640558A (en) | Instant messaging system based on block chain IM | |
| Vatchala et al. | Auto Sec SDN-XTR: A Hybrid End to End Security Mechanism with Efficient Trace Representation on Open Stack Cloud. | |
| AU2014240194B2 (en) | Systems and methods for distributing and securing data | |
| CN117708381A (en) | Privacy-protecting graph data query method and device | |
| CN117879888A (en) | Secret information processing method, device, equipment and medium | |
| CN115913516A (en) | Power consumption data sharing system based on block chain and IPFS | |
| NAZZIWA | APPLICATION FRAMEWORK FOR ENCRYPTING DATA FOR CLOUD TRANSMISSION USING A HOMOMORPHIC TOKEN |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210507 |
|
| RJ01 | Rejection of invention patent application after publication |