CN113239369A - Method, device, equipment and medium for auditing sensitivity of ciphertext data - Google Patents

Method, device, equipment and medium for auditing sensitivity of ciphertext data Download PDF

Info

Publication number
CN113239369A
CN113239369A CN202110446192.9A CN202110446192A CN113239369A CN 113239369 A CN113239369 A CN 113239369A CN 202110446192 A CN202110446192 A CN 202110446192A CN 113239369 A CN113239369 A CN 113239369A
Authority
CN
China
Prior art keywords
encrypted
sensitivity
file data
preset
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110446192.9A
Other languages
Chinese (zh)
Inventor
徐培明
陈霖
蒋屹新
杨祎巍
匡晓云
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CSG Electric Power Research Institute
Research Institute of Southern Power Grid Co Ltd
Original Assignee
Research Institute of Southern Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Research Institute of Southern Power Grid Co Ltd filed Critical Research Institute of Southern Power Grid Co Ltd
Priority to CN202110446192.9A priority Critical patent/CN113239369A/en
Publication of CN113239369A publication Critical patent/CN113239369A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/16Matrix or vector computation, e.g. matrix-matrix or matrix-vector multiplication, matrix factorization
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/06Electricity, gas or water supply
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Abstract

The invention discloses an auditing method, a device, equipment and a medium for ciphertext data sensitivity. By adopting the embodiment of the invention, the auditing of the data sensitivity can be realized under the condition of not decrypting the file data and the abstract thereof, thereby improving the auditing efficiency of the sensitivity of the ciphertext data and simultaneously ensuring the safety of the data.

Description

Method, device, equipment and medium for auditing sensitivity of ciphertext data
Technical Field
The invention relates to the technical field of power systems, in particular to an auditing method, device, equipment and medium for ciphertext data sensitivity.
Background
With the rapid promotion of the power business informatization construction, each power business informatization system is gradually operated on line to form a large amount of power business data, and the characteristics of explosive growth and mass aggregation are presented. At present, the method is in an active development stage of deep fusion of a big data technology and the power industry, technical evolution and application innovation are promoted in parallel, and data resources become fundamental strategic resources and innovative elements of power production in the power industry. Therefore, the security protection of the power service data is very important in the power service informatization construction.
However, the data storage in the encrypted state will seriously affect the implementation of a plurality of key technologies for data security protection to a certain extent, and at present, the sensitive audit of data in the encrypted state generally needs to be performed after the encrypted data is decrypted, which undoubtedly greatly reduces the efficiency of data audit.
Disclosure of Invention
Embodiments of the present invention provide an auditing method, apparatus, device and medium for ciphertext data sensitivity, which can implement data sensitivity auditing without decrypting file data and its abstract, thereby improving efficiency of ciphertext data sensitivity auditing.
In order to achieve the above object, an embodiment of the present invention provides an auditing method for ciphertext data sensitivity, including the following steps:
acquiring file data to be encrypted, a preset sensitivity measurement vector and a preset encryption key;
extracting the abstract of the file data to be encrypted according to a preset abstract extraction method to obtain the abstract of the file data to be encrypted;
encrypting the abstract of the file data to be encrypted and the preset sensitivity measurement vector by using the preset encryption key to obtain the encrypted abstract of the file data and the encrypted preset sensitivity measurement vector;
calculating the sensitivity score of the encrypted file data according to the abstract of the encrypted file data and the encrypted preset sensitivity measurement vector and a preset sensitivity score calculation method to obtain the sensitivity score of the encrypted file data so as to audit the sensitivity of the encrypted file data.
As an improvement of the above scheme, the method for acquiring the preset encryption key specifically includes:
acquiring a randomly generated key vector, a first reversible matrix, a second reversible matrix, a third reversible matrix and a fourth reversible matrix;
generating a preset encryption key according to the key vector, the first reversible matrix, the second reversible matrix, the third reversible matrix and the fourth reversible matrix;
wherein the preset encryption key expression is as follows:
Figure BDA0003036973310000021
wherein the content of the first and second substances,
Figure BDA0003036973310000022
for the key vector, M1Is said first invertible matrix, M2Is said second invertible matrix, MAIs said third invertible matrix, MBIs the fourth invertible matrix.
As an improvement of the above scheme, the extracting the digest of the file data to be encrypted according to a preset digest extracting method to obtain the digest of the file data to be encrypted specifically includes:
extracting a keyword weight vector of the data of the file to be encrypted according to a TF-IDF algorithm;
decomposing the keyword weight vector into a first random vector and a second random vector according to the keyword vector.
As an improvement of the above scheme, the encrypting the digest of the file data to be encrypted and the preset sensitivity metric vector by using the preset encryption key to obtain the digest of the encrypted file data and the encrypted preset sensitivity metric vector specifically includes:
encrypting the abstract of the file data to be encrypted according to the preset encryption key to obtain the encrypted abstract of the file data;
encrypting the preset sensitivity measurement vector according to the first key to obtain an encrypted preset sensitivity measurement vector;
the first key is a partial element of the preset sensitivity metric vector, and the expression specifically includes:
Figure BDA0003036973310000031
as an improvement of the above scheme, the encrypting the digest of the file data to be encrypted according to the preset encryption key to obtain the encrypted digest of the file data includes the specific steps of:
generating a first ciphertext according to the first random vector, the first reversible matrix and the third reversible matrix;
generating a second ciphertext according to the second random vector, the second reversible matrix and the fourth reversible matrix;
and generating an abstract ciphertext of the encrypted file data according to the first ciphertext and the second ciphertext.
As an improvement of the above scheme, the encrypting the preset sensitivity metric vector according to the first key to obtain the encrypted preset sensitivity metric vector specifically includes:
decomposing the preset sensitivity measurement vector into a third random vector and a fourth random vector according to the key vector;
generating a third ciphertext according to the third random vector and the first reversible matrix;
generating a fourth ciphertext according to the fourth random vector and the second reversible matrix;
and generating an encrypted ciphertext of the preset sensitivity measurement vector according to the third ciphertext and the fourth ciphertext.
As an improvement of the above solution, the method for calculating the sensitivity score of the encrypted file data according to the digest of the encrypted file data and the encrypted preset sensitivity metric vector and a preset sensitivity score calculation method to obtain the sensitivity score of the encrypted file data includes the specific steps of:
calculating the sensitivity score of the encrypted file data according to the first ciphertext, the second ciphertext, the third ciphertext, the fourth ciphertext, the third reversible matrix and the fourth reversible matrix and a preset sensitivity score calculation method to obtain the sensitivity score of the encrypted file data;
the calculation formula of the sensitivity score of the encrypted file data is specifically as follows:
SC=C1·(MA -1P1)+C2·(MB -1P2)
wherein S isCSensitivity score for said encrypted document data, C1As the first ciphertext, C2For the second ciphertext, P1For the third ciphertext, P2Is the fourth ciphertext.
Another embodiment of the present invention correspondingly provides an auditing apparatus for ciphertext data sensitivity, including:
the data acquisition module is used for acquiring file data to be encrypted, a preset sensitivity measurement vector and a preset encryption key;
the abstract extraction module is used for extracting the abstract of the file data to be encrypted according to a preset abstract extraction method to obtain the abstract of the file data to be encrypted;
the data encryption module is used for encrypting the abstract of the file data to be encrypted and the preset sensitivity measurement vector by using the preset encryption key to obtain the abstract of the encrypted file data and the encrypted preset sensitivity measurement vector;
and the sensitivity auditing module is used for calculating the sensitivity score of the encrypted file data according to the abstract of the encrypted file data and the encrypted preset sensitivity measurement vector and a preset sensitivity score calculating method to obtain the sensitivity score of the encrypted file data so as to audit the sensitivity of the encrypted file data.
Another embodiment of the present invention provides a terminal device, which includes a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, and when the processor executes the computer program, the processor implements the method for auditing ciphertext data sensitivity according to the above embodiment of the present invention.
Another embodiment of the present invention provides a computer-readable storage medium, where the computer-readable storage medium includes a stored computer program, where when the computer program runs, an apparatus where the computer-readable storage medium is located is controlled to execute the method for auditing sensitivity of ciphertext data according to the above-described embodiment of the present invention.
Compared with the prior art, the auditing method, the auditing device, the auditing equipment and the auditing medium for ciphertext data sensitivity disclosed by the embodiment of the invention are characterized in that the method comprises the steps of obtaining document data to be encrypted, a preset sensitivity measurement vector and a preset encryption key, extracting the abstract of the document data to be encrypted according to a preset abstract extraction method to obtain the abstract of the document data to be encrypted, encrypting the abstract of the document data to be encrypted and the preset sensitivity measurement vector by using the preset encryption key to obtain the abstract of the encrypted document data and the preset sensitivity measurement vector, and finally calculating the sensitivity score of the encrypted document data according to the abstract of the encrypted document data and the preset sensitivity measurement vector after encryption and a preset sensitivity score calculation method, and obtaining the sensitivity score of the encrypted file data so as to audit the sensitivity of the encrypted file data. By adopting the embodiment of the invention, the sensitivity audit of the data can be realized under the conditions of not revealing decryption keys and data information and not needing to decrypt the file data and the abstract thereof, thereby improving the efficiency of the sensitivity audit of the ciphertext data and simultaneously ensuring the safety of the data.
Drawings
Fig. 1 is a schematic flowchart of an auditing method for ciphertext data sensitivity according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a preset sensitivity audit model of an audit method of ciphertext data sensitivity according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an auditing apparatus for ciphertext data sensitivity according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a terminal device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without any inventive step, are within the scope of the present invention.
Referring to fig. 1, it is a flow chart of an auditing method for ciphertext data sensitivity according to an embodiment of the present invention, where the method includes steps S1 to S4:
and S1, acquiring the file data to be encrypted, a preset sensitivity measurement vector and a preset encryption key.
And S2, extracting the abstract of the file data to be encrypted according to a preset abstract extraction method to obtain the abstract of the file data to be encrypted.
S3, encrypting the abstract of the file data to be encrypted and the preset sensitivity measurement vector by using the preset encryption key to obtain the encrypted abstract of the file data and the encrypted preset sensitivity measurement vector.
And S4, calculating the sensitivity score of the encrypted file data according to the abstract of the encrypted file data and the preset sensitivity measurement vector after encryption and a preset sensitivity score calculation method to obtain the sensitivity score of the encrypted file data, and auditing the sensitivity of the encrypted file data.
It should be noted that the method of this embodiment is implemented based on a preset sensitivity audit model, and referring to fig. 2, is a schematic structural diagram of the preset sensitivity audit model provided in the embodiment of the present invention, where the preset sensitivity audit model is composed of three parts, which are respectively: the system comprises a power consumer, an audit terminal and a storage medium.
Compared with the prior art, the auditing method for ciphertext data sensitivity disclosed by the embodiment of the invention obtains the digest of the file data to be encrypted by obtaining the file data to be encrypted, the preset sensitivity measurement vector and the preset encryption key, then extracts the digest of the file data to be encrypted according to the preset digest extraction method to obtain the digest of the file data to be encrypted, then encrypts the digest of the file data to be encrypted and the preset sensitivity measurement vector by using the preset encryption key to obtain the digest of the encrypted file data and the encrypted preset sensitivity measurement vector, and finally calculates the sensitivity score of the encrypted file data according to the digest of the encrypted file data and the encrypted preset sensitivity measurement vector and the preset sensitivity score calculation method, and obtaining the sensitivity score of the encrypted file data so as to audit the sensitivity of the encrypted file data. By adopting the embodiment of the invention, the audit of the data sensitivity can be realized under the conditions of not revealing the decryption key and the data information and not needing to decrypt the file data and the abstract thereof, thereby improving the audit efficiency of the ciphertext data sensitivity and simultaneously ensuring the data security.
As an improvement of the above scheme, the present embodiment encrypts the digest of the document data and the preset sensitivity metric vector through an encryption key generation algorithm KeyGen (λ) established by a security factor λ, thereby effectively preventing the leakage of the data information.
It should be noted that, since the security factor is a common parameter in the field of cryptography, generating the key requires security coefficients, such as RSA1024, 2048 bit security factor, which is not described in detail herein.
The specific steps of generating the preset encryption key by the encryption key generation algorithm KeyGen (λ) are as follows:
obtaining a randomly generated key vector, a first reversible matrix, a second reversible matrix, a third reversible matrix and a fourth reversible matrix
Generating a preset encryption key according to the key vector, the first reversible matrix, the second reversible matrix, the third reversible matrix and the fourth reversible matrix;
wherein the preset encryption key expression is as follows:
Figure BDA0003036973310000071
wherein the content of the first and second substances,
Figure BDA0003036973310000081
for the key vector, M1Is said first invertible matrix, M2Is the second invertible matrix, MAIs said third invertible matrix, MBIs the fourth invertible matrix.
In particular, the key vector
Figure BDA0003036973310000082
Is an n-dimensional vector, and the first reversible matrix, the second reversible matrix, the third reversible matrix and the fourth reversible matrix are all n × n reversible matrices; where n is the total number of keywords.
It should be noted that the preset sensitivity metric vector is created by a customized sensitivity metric vector standard, and the customized sensitivity metric standard is defined according to the data classification grading standard of different enterprises.
As an improvement to the above, the present embodiment is achieved by
Figure BDA0003036973310000083
The algorithm is used for extracting and encrypting the abstract of the file data to be encrypted, namely a preset encryption key k is utilizedaTo the weight vector of the keyword
Figure BDA0003036973310000085
Encrypting and generating a summary ciphertext C of the encrypted file dataa
Then the passing
Figure BDA0003036973310000084
The method comprises the following steps of (1) extracting the file data to be encrypted by an algorithm, namely extracting the abstract of the file data to be encrypted according to a preset abstract extraction method, wherein the specific steps of obtaining the abstract of the file data to be encrypted are as follows:
extracting a keyword weight vector of the data of the file to be encrypted according to a TF-IDF algorithm;
decomposing the keyword weight vector into a first random vector and a second random vector according to the keyword vector.
It should be noted that the TF-IDF algorithm belongs to the prior artThe details are not repeated herein. Wherein the keyword weight vector
Figure BDA0003036973310000086
As shown in table 1 below:
TABLE 1
w1 w2 w3 wn-1 wn
S1 S2 S3 Sn-1 Sn
Wherein S isiIs a keyword wiThe weight value of (2).
As one optional implementation, the decomposing the weight vector of the keyword into a first random vector and a second random vector according to the weight vector of the keyword specifically includes:
according to the key vector
Figure BDA0003036973310000091
Weighting the keyword with the vector
Figure BDA0003036973310000092
Decomposed into first random vectors
Figure BDA0003036973310000093
Figure BDA0003036973310000094
And a second random vector
Figure BDA0003036973310000095
If k isiWhen the value is 0, then Si″=Si′=SiIf k isi1, two random vectors are randomly generated such that Si″+Si′=Si
As an improvement of the above, the said
Figure BDA0003036973310000096
The method comprises the following specific steps of encrypting file data to be encrypted by an algorithm, namely encrypting the digest of the file data to be encrypted and the preset sensitivity metric vector by using the preset encryption key to obtain the digest of the encrypted file data and the encrypted preset sensitivity metric vector:
encrypting the abstract of the file data to be encrypted according to the preset encryption key to obtain the encrypted abstract of the file data;
encrypting the preset sensitivity measurement vector according to the first key to obtain an encrypted preset sensitivity measurement vector;
the first key is a partial element of the preset sensitivity metric vector, and the expression specifically includes:
Figure BDA0003036973310000097
it should be noted that, unlike the prior art in which the encryption and decryption keys of the file data need to be strictly protected, the first key is stored by the auditing terminal as a partial element of the preset sensitivity metric vector, so as to encrypt the preset sensitivity metric vector, thereby preventing sensitive information from being leaked during the process of performing sensitivity auditing on the ciphertext data.
As an improvement of the above scheme, the encrypting the digest of the file data to be encrypted according to the preset encryption key to obtain the encrypted digest of the file data includes the specific steps of:
generating a first ciphertext according to the first random vector, the first reversible matrix and the third reversible matrix;
generating a second ciphertext according to the second random vector, the second reversible matrix and the fourth reversible matrix;
and generating an abstract ciphertext of the encrypted file data according to the first ciphertext and the second ciphertext.
Illustratively, the first ciphertext C1The expression (c) is specifically:
Figure BDA0003036973310000101
the first ciphertext C2The expression (c) is specifically:
Figure BDA0003036973310000102
according to said first cryptogram C1And the second ciphertext C2Generating a summary ciphertext C of the encrypted file dataaThe method specifically comprises the following steps:
Ca={C1,C2}
it should be noted that, the file data to be encrypted is encrypted by a transparent encryption technology, and under the transparent encryption technology, the interaction between the user and the storage medium is automatically completed by encrypting and decrypting the file no matter the user writes the file or reads the file. In addition, the file data to be encrypted is encrypted by the transparent encryption technology and then is stored in the storage medium together with the digest of the encrypted file data.
It should be noted that the encrypted file data is used to restore the file data, because the encrypted file data needs to be decrypted after being retrieved to use the file data.
As an improvement to the above, the present embodiment is achieved by
Figure BDA0003036973310000103
The algorithm encrypts the preset sensitivity metric vector by using a preset encryption key kaTo a preset sensitivity metric vector
Figure BDA0003036973310000104
And encrypting and generating an encrypted ciphertext P of the preset sensitivity measurement vector.
It should be noted that, in the following description,
Figure BDA0003036973310000105
is a preset sensitivity measurement vector and a keyword weight vector which are created according to a self-defined sensitivity measurement standard
Figure BDA0003036973310000106
The same position corresponds to the same keyword, if the keyword does not belong to the sensitive information, the vector value of the corresponding position is set to be 0, and if the keyword belongs to the sensitive information, the vector value of the corresponding position is set to be a priority value.
Then pass through
Figure BDA0003036973310000111
The algorithm encrypts a preset sensitivity metric vector, namely the sensitivity metric vector according to the first keyEncrypting the preset sensitivity measurement vector to obtain the encrypted preset sensitivity measurement vector, which comprises the following specific steps:
decomposing the preset sensitivity measurement vector into a third random vector and a fourth random vector according to the key vector;
generating a third ciphertext according to the third random vector and the first reversible matrix;
generating a fourth ciphertext according to the fourth random vector and the second reversible matrix;
and generating an encrypted ciphertext of the preset sensitivity measurement vector according to the third ciphertext and the fourth ciphertext.
In a specific embodiment, the decomposing the preset sensitivity metric vector into a third random vector and a fourth random vector according to the key vector specifically includes:
according to the key vector
Figure BDA0003036973310000112
The preset sensitivity measurement vector is measured
Figure BDA0003036973310000113
Decomposed into third random vectors
Figure BDA0003036973310000114
And a second random vector
Figure BDA0003036973310000115
If k isiWhen the value is 0, then pi″+pi′=piIf k isi1, two random vectors are randomly generated such that pi″=pi′=pi
The expression of the third ciphertext specifically is as follows:
Figure BDA0003036973310000116
the expression of the fourth ciphertext specifically is as follows:
Figure BDA0003036973310000117
then said third ciphertext P is obtained1And the fourth ciphertext P2Generating an encrypted ciphertext P of the preset sensitivity metric vector, specifically:
P=(P1,P2)
as an improvement of the above, the present embodiment passes Com (C)aP) algorithm to calculate the sensitivity score of the encrypted file data, i.e. by the digest ciphertext C of the encrypted file dataaAnd calculating the sensitivity score of the encrypted file data by using the encrypted ciphertext P of the preset sensitivity measurement vector.
Then the passing Com (C)aP) calculating the sensitivity score of the encrypted file data by using an algorithm, that is, calculating the sensitivity score of the encrypted file data according to the digest of the encrypted file data and the encrypted preset sensitivity metric vector by using a preset sensitivity score calculation method, wherein the specific step of obtaining the sensitivity score of the encrypted file data is as follows:
calculating the sensitivity score of the encrypted file data according to the first ciphertext, the second ciphertext, the third ciphertext, the fourth ciphertext, the third reversible matrix and the fourth reversible matrix and a preset sensitivity score calculation method to obtain the sensitivity score of the encrypted file data;
the calculation formula of the sensitivity score of the encrypted file data is specifically as follows:
Figure BDA0003036973310000121
Figure BDA0003036973310000122
it should be noted that the sensitivity score of the encrypted file data is used to determine whether the file data contains sensitivity information, and the higher the sensitivity score is, the larger the amount of sensitivity information contained in the file data is.
Illustratively, the sensitive information mainly comprises privacy information of the user, enterprise business secret information and the like.
It should be noted that, in the preset sensitivity audit model, after the electric power service data of the electric power consumer is acquired, firstly, the digest of the data and the encryption key of the preset sensitivity measurement vector are generated through the KeyGen (λ) algorithm, and then, the digest and the encryption key are passed through
Figure BDA0003036973310000131
When the auditing end needs to carry out sensitivity auditing on the data, firstly, a sensitivity measurement vector is created according to a self-defined sensitivity measurement standard, and the sensitivity measurement vector passes through the sensitivity measurement standard
Figure BDA0003036973310000132
The algorithm encrypts the preset sensitivity measurement vector and finally passes through Com (C)aAnd P) calculating the sensitivity score of the encrypted file data by using a calculation method, so that the sensitivity of the file data can be further judged when the sensitivity score of the file data is calculated on the premise of not decrypting the file data, not decrypting the abstract of the file data and not revealing data information.
Referring to fig. 3, it is a structural schematic diagram of an auditing apparatus for sensitivity of ciphertext data according to an embodiment of the present invention, including:
the data obtaining module 31 is configured to obtain file data to be encrypted, a preset sensitivity measurement vector, and a preset encryption key.
And the abstract extracting module 32 is configured to extract the abstract of the file data to be encrypted according to a preset abstract extracting method, so as to obtain the abstract of the file data to be encrypted.
The data encryption module 33 is configured to encrypt the digest of the file data to be encrypted and the preset sensitivity metric vector by using the preset encryption key, so as to obtain the digest of the encrypted file data and the encrypted preset sensitivity metric vector.
And the sensitivity auditing module 34 is used for calculating the sensitivity score of the encrypted file data according to the abstract of the encrypted file data and the encrypted preset sensitivity measurement vector and a preset sensitivity score calculating method to obtain the sensitivity score of the encrypted file data so as to audit the sensitivity of the encrypted file data.
Compared with the prior art, the auditing device for ciphertext data sensitivity disclosed by the embodiment of the invention obtains the file data to be encrypted, the preset sensitivity measurement vector and the preset encryption key through the data obtaining module 31, obtains the abstract of the file data to be encrypted through the abstract extracting module 32, obtains the abstract of the encrypted file data and the encrypted preset sensitivity measurement vector through the data encrypting module 33, and obtains the sensitivity score of the encrypted file data through the sensitivity auditing module 34 so as to audit the sensitivity of the encrypted file data. By adopting the embodiment of the invention, the sensitivity audit of the data can be realized under the conditions of not revealing the decryption key and the data information and not needing to decrypt the file data and the abstract thereof, thereby improving the efficiency of the sensitivity audit of the ciphertext data and simultaneously ensuring the safety of the data.
Fig. 4 is a schematic structural diagram of a terminal device according to an embodiment of the present invention. The terminal device 4 of this embodiment includes: a processor 40, a memory 41 and a computer program stored in said memory 41 and executable on said processor 40. The processor 40 implements the steps in the above-described embodiments of the auditing method of ciphertext data sensitivity when executing the computer program. Alternatively, the processor 40 implements the functions of the modules in the embodiments of the apparatuses when executing the computer program.
Illustratively, the computer program may be partitioned into one or more modules that are stored in the memory 41 and executed by the processor 40 to implement the present invention. The one or more modules may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution process of the computer program in the terminal device 4.
The terminal device 4 may be a desktop computer, a notebook, a palm computer, a cloud server, or other computing devices. The terminal device 4 may include, but is not limited to, a processor 40 and a memory 41. It will be understood by those skilled in the art that the schematic diagram is merely an example of a terminal device, and does not constitute a limitation of the terminal device, and may include more or less components than those shown, or combine some components, or different components, for example, the terminal device 4 may further include an input-output device, a network access device, a bus, etc.
The Processor 40 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. The general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like, and the processor 40 is a control center of the terminal device 4 and connects various parts of the whole terminal device 4 by using various interfaces and lines.
The memory 41 may be used for storing the computer programs and/or modules, and the processor 40 implements various functions of the terminal device 4 by running or executing the computer programs and/or modules stored in the memory 41 and calling data stored in the memory 41. The memory 41 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 41 may include a high speed random access memory, and may also include a non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
Wherein, the module integrated by the terminal device 4 can be stored in a computer readable storage medium if it is implemented in the form of software functional unit and sold or used as a separate product. Based on such understanding, all or part of the flow in the method according to the above embodiments may be implemented by a computer program, which may be stored in a computer readable storage medium and used by the processor 40 to implement the steps of the above embodiments. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, and software distribution medium, etc. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice within a jurisdiction, for example, in some jurisdictions, computer readable media may not include electrical carrier signals and telecommunications signals in accordance with legislation and patent practice.
It should be noted that the above-described device embodiments are merely illustrative, where the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. In addition, in the drawings of the embodiment of the apparatus provided by the present invention, the connection relationship between the modules indicates that there is a communication connection between them, and may be specifically implemented as one or more communication buses or signal lines. One of ordinary skill in the art can understand and implement it without inventive effort.
The embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium includes a stored computer program, where when the computer program runs, the apparatus on which the computer-readable storage medium is located is controlled to execute the above-mentioned auditing method for ciphertext data sensitivity.
To sum up, in the auditing method, apparatus, device and medium for ciphertext data sensitivity disclosed in the embodiments of the present invention, a digest of file data to be encrypted is obtained by obtaining the file data to be encrypted, a preset sensitivity metric vector and a preset encryption key, extracting the digest of the file data to be encrypted according to a preset digest extraction method, encrypting the digest of the file data to be encrypted and the preset sensitivity metric vector by using the preset encryption key, obtaining the digest of the encrypted file data and the encrypted preset sensitivity metric vector, and finally calculating a sensitivity score of the encrypted file data according to the digest of the encrypted file data and the encrypted preset sensitivity metric vector and a preset sensitivity score calculation method, and obtaining the sensitivity score of the encrypted file data so as to audit the sensitivity of the encrypted file data. By adopting the embodiment of the invention, the sensitivity audit of the data can be realized under the conditions of not revealing the decryption key and the data information and not needing to decrypt the file data and the abstract thereof, thereby improving the efficiency of the sensitivity audit of the ciphertext data and simultaneously ensuring the safety of the data.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention.

Claims (10)

1. An auditing method for ciphertext data sensitivity is characterized by comprising the following steps:
acquiring file data to be encrypted, a preset sensitivity measurement vector and a preset encryption key;
extracting the abstract of the file data to be encrypted according to a preset abstract extraction method to obtain the abstract of the file data to be encrypted;
encrypting the abstract of the file data to be encrypted and the preset sensitivity measurement vector by using the preset encryption key to obtain the encrypted abstract of the file data and the encrypted preset sensitivity measurement vector;
and calculating the sensitivity score of the encrypted file data according to the abstract of the encrypted file data and the encrypted preset sensitivity measurement vector and a preset sensitivity score calculation method to obtain the sensitivity score of the encrypted file data so as to audit the sensitivity of the encrypted file data.
2. The method for auditing sensitivity of ciphertext data according to claim 1, wherein the method for obtaining the preset encryption key specifically comprises:
acquiring a randomly generated key vector, a first reversible matrix, a second reversible matrix, a third reversible matrix and a fourth reversible matrix;
generating a preset encryption key according to the key vector, the first reversible matrix, the second reversible matrix, the third reversible matrix and the fourth reversible matrix;
wherein the preset encryption key expression is as follows:
Figure FDA0003036973300000011
wherein the content of the first and second substances,
Figure FDA0003036973300000012
for the key vector, M1Is said first invertible matrix, M2Is said second invertible matrix, MAIs said third invertible matrix, MBIs the fourth invertible matrix.
3. The auditing method for ciphertext data sensitivity according to claim 2, wherein the extracting the digest of the file data to be encrypted according to a preset digest extraction method to obtain the digest of the file data to be encrypted specifically comprises:
extracting a keyword weight vector of the data of the file to be encrypted according to a TF-IDF algorithm;
decomposing the keyword weight vector into a first random vector and a second random vector according to the keyword vector.
4. The method for auditing sensitivity of ciphertext data according to claim 3, wherein the encrypting the digest of the to-be-encrypted file data and the preset sensitivity metric vector by using the preset encryption key to obtain the encrypted digest of the file data and the encrypted preset sensitivity metric vector specifically comprises:
encrypting the abstract of the file data to be encrypted according to the preset encryption key to obtain the encrypted abstract of the file data;
encrypting the preset sensitivity measurement vector according to the first key to obtain an encrypted preset sensitivity measurement vector;
the first key is a partial element of the preset sensitivity metric vector, and the expression specifically includes:
Figure FDA0003036973300000021
5. the auditing method for sensitivity of ciphertext data according to claim 4, wherein the encrypting the digest of the file data to be encrypted according to the preset encryption key to obtain the encrypted digest of the file data comprises the following specific steps:
generating a first ciphertext according to the first random vector, the first reversible matrix and the third reversible matrix;
generating a second ciphertext according to the second random vector, the second reversible matrix and the fourth reversible matrix;
and generating an abstract ciphertext of the encrypted file data according to the first ciphertext and the second ciphertext.
6. The method for auditing sensitivity of ciphertext data according to claim 4, wherein the encrypting the preset sensitivity metric vector according to the first key to obtain the encrypted preset sensitivity metric vector comprises the specific steps of:
decomposing the preset sensitivity measurement vector into a third random vector and a fourth random vector according to the key vector;
generating a third ciphertext according to the third random vector and the first reversible matrix;
generating a fourth ciphertext according to the fourth random vector and the second reversible matrix;
and generating an encrypted ciphertext of the preset sensitivity measurement vector according to the third ciphertext and the fourth ciphertext.
7. The method for auditing sensitivity of ciphertext data according to claim 6, wherein the method for calculating the sensitivity score of the encrypted file data according to the digest of the encrypted file data and the encrypted preset sensitivity metric vector and a preset sensitivity score calculation method to obtain the sensitivity score of the encrypted file data comprises the steps of:
calculating the sensitivity score of the encrypted file data according to the first ciphertext, the second ciphertext, the third ciphertext, the fourth ciphertext, the third reversible matrix and the fourth reversible matrix and a preset sensitivity score calculation method to obtain the sensitivity score of the encrypted file data;
the calculation formula of the sensitivity score of the encrypted file data is specifically as follows:
SC=C1·(MA -1P1)+C2·(MB -1P2)
wherein S isCSensitivity score for said encrypted document data, C1As the first ciphertext, C2For the second ciphertext, P1For the third ciphertext, P2Is the fourth ciphertext.
8. An auditing apparatus for sensitivity of ciphertext data, comprising:
the data acquisition module is used for acquiring file data to be encrypted, a preset sensitivity measurement vector and a preset encryption key;
the abstract extraction module is used for extracting the abstract of the file data to be encrypted according to a preset abstract extraction method to obtain the abstract of the file data to be encrypted;
the data encryption module is used for encrypting the abstract of the file data to be encrypted and the preset sensitivity measurement vector by using the preset encryption key to obtain the encrypted abstract of the file data and the encrypted preset sensitivity measurement vector;
and the sensitivity auditing module is used for calculating the sensitivity score of the encrypted file data according to the abstract of the encrypted file data and the encrypted preset sensitivity measurement vector and a preset sensitivity score calculating method to obtain the sensitivity score of the encrypted file data so as to audit the sensitivity of the encrypted file data.
9. A terminal device comprising a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, the processor implementing the method of auditing ciphertext data sensitivity of any of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, comprising a stored computer program, wherein the computer program, when executed, controls an apparatus in which the computer-readable storage medium is located to perform the method for auditing sensitivity of ciphertext data according to any one of claims 1 to 7.
CN202110446192.9A 2021-04-25 2021-04-25 Method, device, equipment and medium for auditing sensitivity of ciphertext data Pending CN113239369A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110446192.9A CN113239369A (en) 2021-04-25 2021-04-25 Method, device, equipment and medium for auditing sensitivity of ciphertext data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110446192.9A CN113239369A (en) 2021-04-25 2021-04-25 Method, device, equipment and medium for auditing sensitivity of ciphertext data

Publications (1)

Publication Number Publication Date
CN113239369A true CN113239369A (en) 2021-08-10

Family

ID=77129528

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110446192.9A Pending CN113239369A (en) 2021-04-25 2021-04-25 Method, device, equipment and medium for auditing sensitivity of ciphertext data

Country Status (1)

Country Link
CN (1) CN113239369A (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160241546A1 (en) * 2015-02-17 2016-08-18 Ca, Inc. Provide Insensitive Summary For An Encrypted Document
CN110365679A (en) * 2019-07-15 2019-10-22 华瑞新智科技(北京)有限公司 Context aware cloud data-privacy guard method based on crowdsourcing assessment
US20190392166A1 (en) * 2018-06-20 2019-12-26 University Of Central Florida Research Foundation, Inc. System, method and computer readable medium for file encryption and memory encryption of secure byte-addressable persistent memory and auditing
US20200052901A1 (en) * 2018-08-13 2020-02-13 Seagate Technology Llc Secure audit scheme in a distributed data storage system
CN110891061A (en) * 2019-11-26 2020-03-17 中国银联股份有限公司 Data encryption and decryption method and device, storage medium and encrypted file
CN111832030A (en) * 2020-07-29 2020-10-27 南方电网科学研究院有限责任公司 Data security audit device and method based on domestic password data identification
CN112134701A (en) * 2020-09-24 2020-12-25 西安电子科技大学 Encryption method capable of repudiating editing of sensitive keywords
US20210058229A1 (en) * 2019-08-19 2021-02-25 The Board Of Regents Of The University Of Texas System Performing computations on sensitive data while guaranteeing privacy
CN112583809A (en) * 2020-12-09 2021-03-30 北京国研数通软件技术有限公司 Data encryption and decryption method of non-immersion multiple encryption algorithms

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160241546A1 (en) * 2015-02-17 2016-08-18 Ca, Inc. Provide Insensitive Summary For An Encrypted Document
US20190392166A1 (en) * 2018-06-20 2019-12-26 University Of Central Florida Research Foundation, Inc. System, method and computer readable medium for file encryption and memory encryption of secure byte-addressable persistent memory and auditing
US20200052901A1 (en) * 2018-08-13 2020-02-13 Seagate Technology Llc Secure audit scheme in a distributed data storage system
CN110365679A (en) * 2019-07-15 2019-10-22 华瑞新智科技(北京)有限公司 Context aware cloud data-privacy guard method based on crowdsourcing assessment
US20210058229A1 (en) * 2019-08-19 2021-02-25 The Board Of Regents Of The University Of Texas System Performing computations on sensitive data while guaranteeing privacy
CN110891061A (en) * 2019-11-26 2020-03-17 中国银联股份有限公司 Data encryption and decryption method and device, storage medium and encrypted file
CN111832030A (en) * 2020-07-29 2020-10-27 南方电网科学研究院有限责任公司 Data security audit device and method based on domestic password data identification
CN112134701A (en) * 2020-09-24 2020-12-25 西安电子科技大学 Encryption method capable of repudiating editing of sensitive keywords
CN112583809A (en) * 2020-12-09 2021-03-30 北京国研数通软件技术有限公司 Data encryption and decryption method of non-immersion multiple encryption algorithms

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
PEIMING XU: "Research on Sensitivity Audit Scheme of Encrypted Data in Power Business", 《2020 IEEE INTERNATIONAL CONFERENCE ON ENERGY INTERNET (ICEI)》, pages 6 - 10 *
牛爱民;: "一种云存储中密文重删数据完整性审计方案研究", 山东英才学院学报, no. 03 *
金瑜;龚鑫;何亨;李鹏;: "CDED:支持加密数据去重的云数据审计方案", 小型微型计算机系统, no. 07 *
陈伟;王D;秦志光;刘鑫忠;: "基于双重加密的敏感数据限时访问研究", 电子科技大学学报, no. 03 *

Similar Documents

Publication Publication Date Title
US11902413B2 (en) Secure machine learning analytics using homomorphic encryption
US10284372B2 (en) Method and system for secure management of computer applications
CN111950022A (en) Desensitization method, device and system based on structured data
WO2014007296A1 (en) Order-preserving encryption system, encryption device, decryption device, encryption method, decryption method, and programs thereof
US11184163B2 (en) Value comparison server, value comparison encryption system, and value comparison method
CN107609410A (en) Android system data guard method, terminal device and storage medium based on HOOK
CN111970106B (en) Short ciphertext attribute-based encryption method and system supporting full homomorphism in lattice
CN108170753B (en) Key-Value database encryption and security query method in common cloud
CN112000978A (en) Private data output method, data processing system, and storage medium
CN112487444A (en) Database-based data encryption method and device, storage medium and electronic equipment
WO2019178981A1 (en) Password management method and device employing customized rules, terminal apparatus, and storage medium
CN113239369A (en) Method, device, equipment and medium for auditing sensitivity of ciphertext data
CN116361849A (en) Backup data encryption and decryption method and device for encrypted database
CN109255225A (en) Hard disc data security control apparatus based on dual-identity authentication
US11455404B2 (en) Deduplication in a trusted execution environment
CN115114653A (en) Data processing method and device, electronic equipment and storage medium
US20210240840A1 (en) Data protection using functional encryption
CN107391970A (en) Function access control method and device in Flash application programs
CN115499141A (en) Data encryption method and device based on attributes
Dasari et al. An effective framework for ensuring data privacy in private cloud
CN113839773A (en) LUKS key offline extraction method, terminal equipment and storage medium
CN104484611A (en) Partition-mounting control method and device of Android system
CN114760081A (en) File encryption and decryption method and device and electronic equipment
CN111191272A (en) Data desensitization method, electronic device and storage medium
CN114006689B (en) Data processing method, device and medium based on federal learning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination