CN113064763B - Encryption and decryption-based continuous data protection method and device - Google Patents

Encryption and decryption-based continuous data protection method and device Download PDF

Info

Publication number
CN113064763B
CN113064763B CN202110408762.5A CN202110408762A CN113064763B CN 113064763 B CN113064763 B CN 113064763B CN 202110408762 A CN202110408762 A CN 202110408762A CN 113064763 B CN113064763 B CN 113064763B
Authority
CN
China
Prior art keywords
data
byte
backup
file
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110408762.5A
Other languages
Chinese (zh)
Other versions
CN113064763A (en
Inventor
朱黎娟
陈勇铨
周华
江俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Information2 Software Inc
Original Assignee
Shanghai Information2 Software Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Information2 Software Inc filed Critical Shanghai Information2 Software Inc
Priority to CN202110408762.5A priority Critical patent/CN113064763B/en
Publication of CN113064763A publication Critical patent/CN113064763A/en
Application granted granted Critical
Publication of CN113064763B publication Critical patent/CN113064763B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1448Management of the data involved in backup or backup restore
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Quality & Reliability (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a continuous data protection method and a device based on encryption and decryption, wherein the method comprises the following steps: s1, when a backup task is carried out, backup data transmitted by the working machine is obtained, the obtained backup data are encrypted byte by byte and stored under a CDP path of the disaster backup machine, the backup data comprise static data of a full backup stage, an event list of an incremental backup stage and CDP incremental data, S2, when a recovery task is carried out, a time point of recovery data selected by a user is used as an incremental data deadline, the encrypted event list file is decrypted, the deadline in the event list is found according to a decryption result, all events before the deadline are operated based on the static data, the incremental data are merged into the static data according to the position and the length of the incremental data recorded by the event, and the merged data are decrypted and recovered.

Description

Encryption and decryption-based continuous data protection method and device
Technical Field
The invention relates to the technical field of computer disaster recovery backup, in particular to a continuous data protection method and device based on encryption and decryption.
Background
CDP (Continuous Data Protection) technology is a major breakthrough in the field of Data backup technology, and 2011, the CDP technical group of SNIA (global network storage industry association) promulgates three conditions of CDP technology: 1. any data change can be captured; 2. at least one other place can be backed up (disaster recovery); 3. it is possible to recover to any point in time.
In CDP technology, the CDP system continuously monitors data changes and records these changes, and after a disaster occurs, the user can select any point in time to recover to the pre-disaster state.
CDP data includes two parts of backup data of static data and incremental data, these two parts of backup data are generally stored in the designated position of the standby machine, in the present CDP technology, the backup data of CDP generally do not adopt encryption processing, the backup data stored in the standby machine is easy to be obtained or even changed, and the security is not high.
Disclosure of Invention
In order to overcome the defects of the prior art, the present invention provides a continuous data protection method and device based on encryption and decryption, so that in the CDP data protection process, backup data is encrypted and then backed up at a standby end, and when data is restored, the obtained encrypted content is decrypted and then restored according to the decryption result, thereby improving the security of the data.
In order to achieve the above object, the present invention provides a continuous data protection method based on encryption and decryption, comprising the following steps:
step S1, when carrying out backup task, obtaining backup data transmitted by the working machine, encrypting the obtained backup data byte by byte and storing the encrypted backup data under the CDP path of the disaster backup machine, wherein the backup data comprises static data of a full backup stage, an event list of an incremental backup stage and CDP incremental data;
step S2, when the recovery task is carried out, the time point of the recovery data selected by the user is used as the cut-off time of the incremental data, the encrypted event list file is decrypted, the cut-off time in the event list is found according to the decryption result, all events before the cut-off time are operated based on the static data, the incremental data are merged into the static data according to the position and the length of the incremental data recorded by the events, and the merged data are decrypted and recovered.
Preferably, in step S1, the file content of the backup data, the offset value of the file content in the file, and the key are obtained during encryption, and byte-by-byte encryption of the file content is realized by encrypting the byte content, encrypting the position of the byte in the file, and the key.
Preferably, in step S1, the encryption process includes the following steps:
step S100, for the obtained backup data, the file content, the offset value of the file content in the file, and the key are obtained.
Step S101, performing negation and shift operation on each byte in the file content;
step S102, performing byte cyclic shift and XOR operation on the position of each byte in the file respectively to obtain a corresponding position encryption result;
step S103, carrying out XOR operation on the position encryption result of the step S102 and the key obtained in the step S100;
and step S104, carrying out XOR operation on the byte encryption result of the step S101 and the position encryption result obtained in the step S103 and the XOR result of the key to obtain final encrypted byte data.
Preferably, in step S2, the decryption process includes the following steps:
step S200, obtaining encrypted byte data of each byte of file content, position information and a key thereof according to the encrypted file under the CDP path of the disaster backup machine, and encrypting the position;
step S201, carrying out XOR operation on the position encryption result of each byte of the file content and the obtained key;
step S202, carrying out XOR operation on the encrypted byte data and the XOR result of the step S201;
step S203, performing negation and shift operation on the result of step S202 to obtain the final decrypted byte.
Preferably, in step S101, after negating each byte of the file content, the whole is circularly shifted to the right by one, and the lowest bit is shifted to the highest bit.
Preferably, in step S102, for the 1 st to nth bytes from low to high, the 1 st byte is circularly shifted to the right by one bit, and exclusive or is performed with the nth byte of the highest bit; and for the ith byte in the middle, performing integral circulation right shift by i bits, and then performing exclusive OR with the processing result of the (i-1) th bit to obtain the processing result of the (n-1) th bit as the final position encryption result.
In order to achieve the above object, the present invention further provides a continuous data protection device based on encryption and decryption, including:
the backup processing module is used for acquiring backup data transmitted by the working machine during a backup task, encrypting the acquired backup data byte by byte and storing the encrypted backup data under a CDP (continuous data path) of the disaster backup machine, wherein the backup data comprises static data of a full backup stage, an event list of an incremental backup stage and CDP incremental data;
and the recovery processing module is used for decrypting the encrypted event list file by taking the time point of the recovery data selected by the user as the incremental data deadline when the recovery task is performed, finding the deadline in the event list according to a decryption result, operating all events before the deadline on the basis of static data, merging the incremental data into the static data according to the position and the length of the incremental data recorded by the events, and decrypting and recovering the merged data.
Preferably, the backup processing module obtains the file content of the backup data, the offset value of the file content in the file, and the key during encryption, and implements byte-by-byte encryption of the file content by encrypting the byte content, encrypting the position of the byte in the file, and the key.
Preferably, the backup processing module is specifically configured to:
and acquiring the file content, the offset value of the file content in the file and the key for the acquired backup data.
Negating and shifting each byte in the file content;
performing cyclic shift and XOR operation on the position of each byte in the file according to the byte respectively to obtain a corresponding position encryption result;
performing XOR operation on the position encryption result and a secret key;
and performing exclusive OR operation on the byte encryption result obtained by performing negation and shifting operation on each byte in the file content and the exclusive OR result of the position encryption result and the key to obtain final encrypted byte data.
Preferably, the recovery processing module is specifically configured to:
acquiring encrypted byte data of each byte of file content, a position and a key thereof according to an encrypted file under a CDP path of the disaster recovery backup unit, and encrypting the position;
performing XOR operation on the position encryption result of each byte of the file content and the obtained key;
carrying out XOR operation on the encrypted byte data, the position encryption result and the XOR operation result of the key;
and performing negation and shift operation on the encrypted byte data, the position encryption result and the XOR result of the XOR operation result of the key byte to obtain final decrypted byte data.
Compared with the prior art, the continuous data protection method and device based on encryption and decryption provided by the invention have the advantages that in the CDP data protection process, the backup data is encrypted and then backed up at the standby terminal, and meanwhile, the obtained encrypted content is decrypted and then restored according to the decryption result in the data restoration process, so that the safety of the standby data is improved.
Drawings
FIG. 1 is a flow chart illustrating steps of a continuous data protection method based on encryption and decryption according to the present invention;
FIG. 2 is a system structure diagram of a continuous data protection device based on encryption and decryption according to the present invention;
FIG. 3 is a flow chart of a continuous CDP data backup and encryption process according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating a method for encrypting file contents according to an embodiment of the present invention;
FIG. 5 is a flow chart of a continuous CDP data decryption and recovery process according to an embodiment of the present invention;
FIG. 6 is a flowchart illustrating a method for decrypting file content according to an embodiment of the present invention.
Detailed Description
Other advantages and capabilities of the present invention will be readily apparent to those skilled in the art from the present disclosure by describing the embodiments of the present invention with specific embodiments thereof in conjunction with the accompanying drawings. The invention is capable of other and different embodiments and its several details are capable of modification in various other respects, all without departing from the spirit and scope of the present invention.
Fig. 1 is a flowchart illustrating steps of a continuous data protection method based on encryption and decryption according to the present invention. As shown in fig. 1, the method for protecting continuous data based on encryption and decryption of the present invention is applied to a disaster recovery side, and includes the following steps:
step S1, when performing a backup task, acquiring backup data transmitted by the working machine, and storing the acquired backup data in the CDP path of the disaster backup machine after encrypting the backup data byte by byte, where the backup data includes static data in a full backup stage, an event list in an incremental backup stage, and CDP incremental data.
Specifically, when the backup task of the working machine is started, the working machine enters into a full backup stage, the working machine firstly transmits the static data in the monitoring directory to the disaster backup machine, and the disaster backup machine encrypts the static data and then backs up the static data to the CDP path of the disaster backup machine.
And after the disaster backup machine writes the static data, entering an incremental backup stage, and sending the captured event list and the CDP incremental data to the disaster backup machine by the working machine, and encrypting the event list and the CDP incremental data by the disaster backup machine and then backing up the encrypted event list and the encrypted CDP incremental data to a CDP path of the disaster backup machine.
In an embodiment of the present invention, the disaster backup machine acquires a file containing backup data in a CDP path, and encrypts the acquired static data or event list and the CDP incremental data, specifically, the disaster backup machine acquires file content, an offset value of the file content in the file, and a key during encryption, and encrypts the file content byte by byte, where the key is predefined, the encryption and decryption use the same key, and the position P represents an offset of the data in the file. For example: p =100, L =8, Array [ L ] = [0x30,0x20,0x15,0x2E,0x1F,0x3C,0x4B,0x8A ], then the key value is the Array position P% L, i.e., 100%8=4, Array [4] =0x1F, the key value is 0x1F, i.e., 31. In the present invention, the specific encryption process includes the following steps:
step S100, for the obtained backup data, the file content, the offset value (i.e. position P) of the file content in the file, and the key are obtained, in the embodiment of the present invention, the key is a byte of the key found in the key array according to the position P.
Step S101, performing an inversion and shift operation on each byte in the file content, that is, in the present invention, the encryption of the byte content adopts the inversion and shift operation on the byte content. For example, for byte a "00100011" of the file content, a0, a0=11011100 is obtained by inverting a "00100011", and then a0 is shifted, the shift principle is that the whole loop is shifted to the right by one bit, and the lowest bit is shifted to the highest bit, then a0 is shifted to obtain a1, and a1= 01101110.
Step S102, performing byte cyclic shift and xor operation on the position (64 bits) of each byte in the file respectively to obtain the corresponding position encryption result, that is, in the present invention, the position encryption method is to perform byte cyclic shift and xor operation on 8 bytes (64 bits) of the position content respectively, assuming that the position p of the byte a in the file is "1001001101101100110100110011100100000000001001101101110100100001" 8 bytes, wherein the highest position p8=10010011 and the lowest position p1=00100001, first circularly right shift the p1 byte by 1 bit, that is, integrally right shift the original 2 nd bit to the 8 th bit, and finally shift the lowest position 1 to the highest 8 th bit to obtain p1 ', p 1' =10010000, then xor the p1 'and the p8 to obtain r, r =00000011, circularly right shift the byte p2=11011101 by 2 bits, that is integrally right shift the original 3 rd bit to the 8 th bit, and circularly right shift the lowest position and 2 bit of the original p 2', p2 '= 01110111, then exclusive-or is carried out on p 2' and r to obtain new r, r =01110100, and the like, the p7 bytes are circularly shifted to the right by 7 bits, and exclusive-or is carried out on the exclusive-or result r of the p6 bytes to obtain the final position encryption result r = 11101110.
Step S103 is to perform an exclusive or operation on the position encryption result obtained in step S102 and the key obtained in step S100. In the embodiment of the present invention, the byte length len of the key may be specified by itself, if the byte a is at the position p in the file, the key of the byte a is key [ p% len ], that is, p and len are complemented to obtain the key byte corresponding to a, assuming that the key [ p% len ] is "01001001", the xor result r =11101110 in step S102 is xored with the key to obtain "10100111".
In step S104, the byte encryption result in step S101 and the position encryption result in step S103 are xor-calculated to obtain the final encrypted byte data, for example, if the byte encryption result in step S101 is "01101110", and the position encryption result in step S103 is "10100111", the final encrypted byte data is "11001001".
Step S2, when performing a recovery task, using the time point of the recovery data selected by the user as the deadline of the incremental data, first decrypting the encrypted event list file, finding the deadline in the event list according to the decryption result, operating all events before the deadline on the basis of the static data (the operations performed by the user on the file, including creation, deletion, renaming, attribute modification, etc.), merging the incremental data into the static data according to the position and length of the incremental data recorded by the event, and decrypting and recovering the merged data.
That is, after the user establishes the recovery task, the encrypted result of the file storing the event list is decrypted, the event list is read from the decrypted file, the event before the time point of selecting recovery is operated, the position of each operation event in the original file (i.e., the static data which is backed up to the specified directory before the generation of the increment) and the position and length of the increment data related to the operation in the increment file are read, the static data are modified and merged according to the operation and the increment data, the merged static data are decrypted and recovered to the working machine.
Specifically, in step S2, the decryption process includes the following steps:
step S200, obtaining encrypted byte data A2 of each byte of file content according to the encrypted file under the CDP path of the disaster backup machine, position information p and a key thereof, encrypting the position p, wherein the position p of the byte A2 in the file is '1001001101101100110100110011100100000000001001101101110100100001' 8 bytes, the encryption method is the same as S102, the result of the position p after encryption is r =11101110, the key is the same as the step S103, and the obtained key byte is '01001001'
In step S201, the xor operation is performed on the position encryption result of each byte of the file content and the obtained key. In the embodiment of the present invention, assuming that the encryption result r =11101110 of the position p is obtained, and the encryption result is xor-ed with the key byte, and the key byte obtained according to step S200 is "01001001", the xor-operation results in "10100111".
Step S202, xoring the encrypted byte data of step S200 with the xor result of step S201. Specifically, the encrypted byte a2 (assumed to be the value "11001001" of step S104) is xored with the result "10100111" of step S201, resulting in the encrypted value r =01101110 of step S101,
in step S203, the result of step S202 is inverted and shifted to obtain the final decrypted byte a "00100011".
Fig. 2 is a system structure diagram of a continuous data protection device based on encryption and decryption according to the present invention. As shown in fig. 1, the present invention provides a continuous data protection device based on encryption and decryption, which is applied to a disaster recovery device, and includes:
the backup processing module 20 is configured to, when performing a backup task, acquire backup data transmitted by the working machine, encrypt the acquired backup data byte by byte, and store the encrypted backup data into a CDP path of the disaster backup machine, where the backup data includes static data in a full backup stage, an event list in an incremental backup stage, and CDP incremental data.
Specifically, when the backup task of the working machine is started, the working machine first enters a full backup stage, the working machine first transmits the static data in the monitoring directory to the standby disaster recovery machine, and the standby disaster recovery machine backup processing module 20 encrypts the static data and then backs up the encrypted static data to the CDP path of the standby disaster recovery machine.
After the disaster backup machine writes the static data, it enters an incremental backup stage, the working machine sends the captured event list and CDP incremental data to the disaster backup machine, and the backup processing module 20 of the disaster backup machine encrypts the event list and CDP incremental data and backups them to the CDP path of the disaster backup machine.
In the embodiment of the present invention, the disaster recovery backup machine encrypts the acquired static data or event list and the CDP incremental data, acquires the file content, the offset value of the file content in the file, and the key during encryption, and encrypts the file content byte by byte, and the encryption process of the backup processing module 20 includes:
step S100, for the obtained backup data, the file content, the offset value of the file content in the file, and the key are obtained.
Step S101, perform negation and shift operations on each byte in the file content. That is, in the present invention, the encryption of the byte content employs the operations of shifting and inverting the byte content. For example, for byte a "00100011" of the file content, a0, a0=11011100 is obtained by inverting a "00100011", and then a0 is shifted, the shift principle is that the whole loop is shifted to the right by one bit, and the lowest bit is shifted to the highest bit, then a0 is shifted to obtain a1, and a1= 01101110.
Step S102, the positions (64 bits) of each byte in the file are respectively subjected to byte cyclic shift and XOR operation, namely in the invention, the position encryption method adopts the cyclic shift and XOR operation on 8 bytes (64 bits) of the position content according to the bytes respectively, and the corresponding position encryption result is obtained.
Step S103, xoring the position encryption result of step S102 with the key obtained in step S100.
And step S104, performing XOR operation on the byte encryption result of the step S101 and the position encryption result obtained in the step S103 and the XOR result of the key to obtain final encrypted byte data.
The recovery processing module 21 is configured to, when performing a recovery task, use a time point of recovery data selected by a user as an incremental data deadline, decrypt the encrypted event list file, find the deadline in the event list according to a decryption result, perform an operation on all events before the deadline based on the static data, merge the incremental data into the static data according to a position and a length of the incremental data recorded by the event, and decrypt and recover the merged data.
That is, after the user establishes the recovery task, the event list file encryption result is decrypted first, the event list is read from the decrypted file, the event before the time point of selecting recovery is operated, the position of each operation event in the original file is read, the position and the length of the increment data related to the operation in the increment file are read, the static data are modified and merged according to the operation and the increment data, the merged static data are decrypted and recovered to the working machine.
Specifically, the decryption process of the recovery processing module 21 includes:
step S200, acquiring encrypted byte data of each byte of file content, position information and a key thereof according to an encrypted file under a CDP path of the disaster backup machine, and encrypting the position information;
step S201, carrying out XOR operation on the position encryption result of each byte of the file content and the obtained key byte;
step S202, carrying out XOR operation on the encrypted byte data of the step S200 and the result of the step S201;
step S203, performing negation and shift operation on the result of step S202 to obtain the final decrypted byte.
Examples
In this embodiment, as shown in fig. 3, the working machine is a user working server, and the disaster recovery machine is a user data backup server.
After the continuous data protection task is started, all data under the protection path of the working machine are sent to the disaster backup machine, and the disaster backup machine encrypts and backs up the received static data to a CDP directory.
Acquiring file content, an offset value of the file content in a file and a key during encryption, encrypting the file content byte by byte, as shown in fig. 4, encrypting the position of the file content (for example, the position P of the byte A in the file), performing shift and XOR operation on 8 bytes of the position content respectively according to the byte to obtain P1, and performing XOR operation on the whole 8-byte encryption result and the key B (finding a corresponding key byte B in a key K array according to the position P) to obtain a position encryption result B1; then, the byte content (byte a) is inverted and shifted to obtain a1, and then exclusive or operation is performed on a1 and the result B1 after position encryption to obtain the final encrypted byte data a 2.
After the disaster backup machine finishes writing data and completes full backup, the working machine monitors the change of the data under the protection directory, the captured event list and the incremental data are sent to the disaster backup machine, the disaster backup machine encrypts the file storing the event list and the file storing the incremental data respectively and then backs up the files under the CDP directory, for example, the captured event list is written into a CDP directory A file and encrypted, the incremental data is written into a CDP directory B file and encrypted, and the encryption method is the same as the encryption method of the static data.
As shown in fig. 5, when the user establishes a recovery task, first, the static data S in the CDP directory is read, then the file of the event list storing the CDP directory a file is read for decryption, the event list is read from the decrypted file, the event before the time point of selecting recovery is operated, the position of each operation event in the original file is read according to the sequence of the events, the position and the length of the incremental data related to the operation in the incremental file are read, the static data is modified and merged according to the operation and the incremental data, the merged static data is decrypted, and the work machine is recovered.
When decrypting, the encrypted file content, the offset value and the key in each byte file in the file content need to be read, and the file content is decrypted byte by byte. As shown in fig. 6, in the decryption process, a position (for example, a position P of the encrypted byte a2 in the file) is subjected to byte shift and xor calculation to obtain P1, and xor with the key B (the corresponding key byte B is found in the key K array according to the position P) to obtain B1, xor is performed between the B1 and the encrypted byte a2 to obtain an intermediate result a1 of the decrypted byte, and then reverse shift is performed on the intermediate result a1 to obtain a final decrypted byte.
The invention adopts byte internal encryption, does not depend on other bytes of the file content, does not need to decrypt according to data blocks, increases the flexibility and the convenience of decryption, and simultaneously combines a triple encryption method of the file content, the file position and the secret key to ensure the security and the reliability of encryption.
The foregoing embodiments are merely illustrative of the principles and utilities of the present invention and are not intended to limit the invention. Modifications and variations can be made to the above-described embodiments by those skilled in the art without departing from the spirit and scope of the present invention. Therefore, the scope of the invention should be determined from the following claims.

Claims (8)

1. A continuous data protection method based on encryption and decryption comprises the following steps:
step S1, when carrying out backup task, obtaining backup data transmitted by the working machine, encrypting the obtained backup data byte by byte and storing the encrypted backup data under the CDP path of the disaster backup machine, wherein the backup data comprises static data of a full backup stage, an event list of an incremental backup stage and CDP incremental data; in step S1, the encryption process includes the following steps:
step S100, acquiring file contents, offset values of the file contents in files and keys for the acquired backup data;
step S101, performing negation and shift operation on each byte in the file content;
step S102, performing byte cyclic shift and XOR operation on the position of each byte in the file respectively to obtain a corresponding position encryption result;
step S103, carrying out XOR operation on the position encryption result of the step S102 and the key obtained in the step S100;
step S104, carrying out XOR operation on the byte encryption result of the step S101 and the position encryption result obtained in the step S103 and the XOR result of the key to obtain final encrypted byte data;
step S2, when the recovery task is carried out, the time point of the recovery data selected by the user is used as the cut-off time of the incremental data, the encrypted event list file is decrypted, the cut-off time in the event list is found according to the decryption result, all events before the cut-off time are operated based on the static data, the incremental data are merged into the static data according to the position and the length of the incremental data recorded by the events, and the merged data are decrypted and recovered.
2. The continuous data protection method based on encryption and decryption as claimed in claim 1, wherein in step S1, the file contents of the backup data, the offset value of the file contents in the file, and the key are obtained during encryption, and byte-by-byte encryption of the file contents is achieved by encrypting the byte contents, encrypting the position of the byte in the file, and the key.
3. A method for continuous data protection based on encryption and decryption as claimed in claim 2, wherein in step S2, the decryption process includes the following steps:
step S200, obtaining encrypted byte data of each byte of file content, position information and a key thereof according to the encrypted file under the CDP path of the disaster backup machine, and encrypting the position;
step S201, carrying out XOR operation on the position encryption result of each byte of the file content and the obtained key;
step S202, carrying out XOR operation on the encrypted byte data and the XOR result of the step S201;
step S203, performing negation and shift operation on the result of step S202 to obtain the final decrypted byte.
4. A method for continuous data protection based on encryption and decryption as claimed in claim 3, characterized in that: in step S101, after negating each byte of the file content, the whole is circularly shifted to the right by one bit, and the lowest bit is shifted to the highest bit.
5. A method for continuous data protection based on encryption and decryption as claimed in claim 4, characterized in that: in step S102, for the 1 st to nth bytes from low to high, the 1 st byte is circularly shifted to the right by one bit, and exclusive or is performed with the nth byte of the highest bit; and for the ith byte in the middle, performing integral circulation right shift by i bits, and then performing exclusive OR with the processing result of the (i-1) th bit to obtain the processing result of the (n-1) th bit as the final position encryption result.
6. An encryption and decryption based continuous data protection apparatus, comprising:
the backup processing module is used for acquiring backup data transmitted by the working machine during a backup task, encrypting the acquired backup data byte by byte and storing the encrypted backup data under a CDP (continuous data path) of the disaster backup machine, wherein the backup data comprises static data of a full backup stage, an event list of an incremental backup stage and CDP incremental data; the backup processing module is specifically configured to:
acquiring file contents, and offset values and keys of the file contents in the files for the acquired backup data;
negating and shifting each byte in the file content;
performing cyclic shift and XOR operation on the position of each byte in the file according to the byte respectively to obtain a corresponding position encryption result;
performing XOR operation on the position encryption result and a secret key;
performing exclusive-or operation on a byte encryption result obtained by performing negation and shifting operation on each byte in the file content and an exclusive-or result of a position encryption result and a secret key to obtain final encrypted byte data;
and the recovery processing module is used for decrypting the encrypted event list file by taking the time point of the recovery data selected by the user as the incremental data deadline when the recovery task is performed, finding the deadline in the event list according to a decryption result, operating all events before the deadline on the basis of static data, merging the incremental data into the static data according to the position and the length of the incremental data recorded by the events, and decrypting and recovering the merged data.
7. The continuous data protection device based on encryption and decryption as claimed in claim 6, wherein the backup processing module obtains the file content of the backup data, the offset value of the file content in the file and the key when encrypting, and the byte-by-byte encryption of the file content is realized by encrypting the byte content, encrypting the position of the byte in the file and the key.
8. The encryption and decryption-based continuous data protection apparatus according to claim 7, wherein the recovery processing module is specifically configured to:
acquiring encrypted byte data of each byte of file content, a position and a key thereof according to an encrypted file under a CDP path of the disaster recovery backup unit, and encrypting the position;
performing XOR operation on the position encryption result of each byte of the file content and the obtained key;
carrying out XOR operation on the encrypted byte data, the position encryption result and the XOR operation result of the key;
and performing negation and shift operation on the encrypted byte data, the position encryption result and the XOR result of the XOR operation result of the key byte to obtain final decrypted byte data.
CN202110408762.5A 2021-04-16 2021-04-16 Encryption and decryption-based continuous data protection method and device Active CN113064763B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110408762.5A CN113064763B (en) 2021-04-16 2021-04-16 Encryption and decryption-based continuous data protection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110408762.5A CN113064763B (en) 2021-04-16 2021-04-16 Encryption and decryption-based continuous data protection method and device

Publications (2)

Publication Number Publication Date
CN113064763A CN113064763A (en) 2021-07-02
CN113064763B true CN113064763B (en) 2022-04-19

Family

ID=76566898

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110408762.5A Active CN113064763B (en) 2021-04-16 2021-04-16 Encryption and decryption-based continuous data protection method and device

Country Status (1)

Country Link
CN (1) CN113064763B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113591127B (en) * 2021-08-16 2024-06-18 京东科技控股股份有限公司 Data desensitization method and device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8041641B1 (en) * 2006-12-19 2011-10-18 Symantec Operating Corporation Backup service and appliance with single-instance storage of encrypted data
CN102236589A (en) * 2010-05-04 2011-11-09 南京壹进制信息技术有限公司 Data protection method for managing increment file based on digital identifiers
CN102460460A (en) * 2009-06-12 2012-05-16 微软公司 Secure and private backup storage and processing for trusted computing and data services
CN104966525A (en) * 2015-01-14 2015-10-07 腾讯科技(深圳)有限公司 File encryption method and apparatus, and file decryption method and apparatus
CN108255641A (en) * 2017-12-25 2018-07-06 南京壹进制信息技术股份有限公司 A kind of CDP disaster recovery methods based on cloud platform
CN109067814A (en) * 2018-10-31 2018-12-21 苏州科达科技股份有限公司 Media data encryption method, system, equipment and storage medium
CN112214354A (en) * 2020-10-21 2021-01-12 上海英方软件股份有限公司 Rapid recovery method and device for continuous data protection

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107885616A (en) * 2017-09-29 2018-04-06 上海爱数信息技术股份有限公司 A kind of mass small documents back-up restoring method based on file system parsing

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8041641B1 (en) * 2006-12-19 2011-10-18 Symantec Operating Corporation Backup service and appliance with single-instance storage of encrypted data
CN102460460A (en) * 2009-06-12 2012-05-16 微软公司 Secure and private backup storage and processing for trusted computing and data services
CN102236589A (en) * 2010-05-04 2011-11-09 南京壹进制信息技术有限公司 Data protection method for managing increment file based on digital identifiers
CN104966525A (en) * 2015-01-14 2015-10-07 腾讯科技(深圳)有限公司 File encryption method and apparatus, and file decryption method and apparatus
CN108255641A (en) * 2017-12-25 2018-07-06 南京壹进制信息技术股份有限公司 A kind of CDP disaster recovery methods based on cloud platform
CN109067814A (en) * 2018-10-31 2018-12-21 苏州科达科技股份有限公司 Media data encryption method, system, equipment and storage medium
CN112214354A (en) * 2020-10-21 2021-01-12 上海英方软件股份有限公司 Rapid recovery method and device for continuous data protection

Also Published As

Publication number Publication date
CN113064763A (en) 2021-07-02

Similar Documents

Publication Publication Date Title
US7962763B2 (en) Data transfer device
AU2018255501B2 (en) Encryption enabling storage systems
US8621240B1 (en) User-specific hash authentication
US6754827B1 (en) Secure File Archive through encryption key management
US9396136B2 (en) Cascaded data encryption dependent on attributes of physical memory
US8341429B2 (en) Data transfer device
JP6018200B2 (en) System and method for wireless data protection
US8225109B1 (en) Method and apparatus for generating a compressed and encrypted baseline backup
CN101311942B (en) Software encryption and decryption method and encryption and decryption device
US9256499B2 (en) Method and apparatus of securely processing data for file backup, de-duplication, and restoration
US20050050342A1 (en) Secure storage utility
US9122882B2 (en) Method and apparatus of securely processing data for file backup, de-duplication, and restoration
CN113064763B (en) Encryption and decryption-based continuous data protection method and device
US20090132802A1 (en) Encryption Data Integrity Check With Dual Parallel Encryption Engines
CN101403985B (en) Software permission backup method for software protection apparatus
EP4196880B1 (en) Devices and methods for fast backup
CN113672876A (en) OTG-based method and device for quickly obtaining evidence of mobile phone
CN117724896A (en) Method, device, medium and electronic equipment for checking cloud hard disk backup data
CN116775380A (en) Robot fault data recovery method, device, computer equipment and medium
WO2020076404A2 (en) Initial vector value storage and derivation for encryption of segmented data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant