CN113946863A - Data encryption storage method, system, equipment and storage medium - Google Patents

Data encryption storage method, system, equipment and storage medium Download PDF

Info

Publication number
CN113946863A
CN113946863A CN202111203423.XA CN202111203423A CN113946863A CN 113946863 A CN113946863 A CN 113946863A CN 202111203423 A CN202111203423 A CN 202111203423A CN 113946863 A CN113946863 A CN 113946863A
Authority
CN
China
Prior art keywords
data
encryption
server
identification information
user identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111203423.XA
Other languages
Chinese (zh)
Inventor
张连营
张宏斌
陈胜男
顾思宇
黄嘉骏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202111203423.XA priority Critical patent/CN113946863A/en
Publication of CN113946863A publication Critical patent/CN113946863A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Abstract

The invention provides a data encryption storage method, a system, equipment and a storage medium, wherein the method comprises the following steps: the method comprises the steps that a server obtains original characteristic information associated with data to be encrypted; the client generates user identification information based on a private key held by a current user and sends the user identification information to the server; after receiving the user identification information, the server generates an encryption key based on the original characteristic information and the user identification information; the server encrypts the data to be encrypted by using the encryption key to obtain ciphertext data and stores the ciphertext data; the method and the device are beneficial to improving the safety of the user data.

Description

Data encryption storage method, system, equipment and storage medium
Technical Field
The present invention relates to the field of data encryption technologies, and in particular, to a data encryption storage method, system, device, and storage medium.
Background
When the existing storage encryption server encrypts and decrypts the symmetric key, the encryption operation is usually performed by using only a single physical hardware feature, for example, a main key generated by an encryption card, as a parameter, and the encryption operation is transparent to a user in the data encryption and decryption process. In this case, as long as an attacker obtains the user operating system authority to log in the system, the encrypted ciphertext data can be decrypted to obtain sensitive data, so that the security of the user data cannot be guaranteed.
Disclosure of Invention
Aiming at the problems in the prior art, the invention aims to provide a data encryption storage method, a system, equipment and a storage medium, and solve the problem that the existing symmetric key encryption method cannot ensure the security of user data.
In order to achieve the above object, the present invention provides a data encryption storage method, which comprises the following steps:
the method comprises the steps that a server obtains original characteristic information associated with data to be encrypted;
the client generates user identification information based on a private key held by a current user and sends the user identification information to the server;
after receiving the user identification information, the server generates an encryption key based on the original characteristic information and the user identification information;
and the server encrypts the data to be encrypted by using the encryption key to obtain ciphertext data and stores the ciphertext data.
Optionally, the original feature information includes disk volume feature information, where the disk volume feature information corresponds to a number of a storage area in the storage medium after the data to be encrypted is encrypted.
Optionally, the original feature information includes a first key, and the first key is generated by a preset encryption device.
Optionally, the method further comprises the step of:
the server acquires the original characteristic information associated with the ciphertext data;
the client generates the user identification information based on a private key held by a current user and sends the user identification information to the server;
after receiving the user identification information, the server generates a decryption key based on the original characteristic information and the user identification information;
the server decrypts the ciphertext data based on the decryption key to obtain plaintext data; and sending the plaintext data to the client.
Optionally, before the step of obtaining, by the server, original feature information associated with the data to be encrypted, the method further includes:
and the server receives a data storage instruction sent by the client.
Optionally, the original characteristic information includes disc volume characteristic information;
the server acquires the original characteristic information associated with the ciphertext data, and the method comprises the following steps:
and the server acquires a storage area of the ciphertext data and acquires the disk volume characteristic information associated with the ciphertext data according to the storage area.
Optionally, the original feature information includes a first key, and the first key is generated by a preset encryption device.
Optionally, before the step of obtaining, by the server, the original feature information associated with the ciphertext data, the method further includes:
and the server receives a data reading instruction sent by the client.
Optionally, the step of generating, by the client, user identification information based on a private key held by a current user includes:
the client encrypts a private key held by a current user based on a first preset encryption algorithm to generate user identification information;
after receiving the user identification information, the server generates an encryption key based on the original characteristic information and the user identification information, and the method comprises the following steps:
the server encrypts the original characteristic information and the user identification information based on a second preset encryption algorithm to generate an encryption key;
the first preset encryption algorithm and the second preset encryption algorithm are both symmetric encryption algorithms.
The invention also provides a data encryption storage system, which is used for realizing the data encryption storage method, and the system comprises:
the server acquires original characteristic information associated with the data to be encrypted;
the client generates user identification information based on a private key held by a current user and sends the user identification information to the server;
the encryption key generation module is used for generating an encryption key based on the original characteristic information and the user identification information after the server receives the user identification information;
and the server encrypts the data to be encrypted by using the encryption key to obtain ciphertext data and stores the ciphertext data.
The invention also provides a data encryption storage device, comprising:
a processor;
a memory having stored therein an executable program of the processor;
wherein the processor is configured to perform the steps of any one of the above data encryption storage methods via execution of the executable program.
The present invention also provides a computer-readable storage medium for storing a program which, when executed by a processor, implements the steps of any one of the data encryption storage methods described above.
Compared with the prior art, the invention has the following advantages and prominent effects:
the data encryption storage method, the system, the equipment and the storage medium provided by the invention generate the encryption key by combining the original characteristic information and the user identification information for encryption operation, are different from the prior art that only single hardware characteristic information is used for encryption, and even if an attacker obtains the authority of a user operating system, sensitive data cannot be obtained, thereby ensuring the security of user data.
Drawings
Other features, objects and advantages of the present invention will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, with reference to the accompanying drawings.
Fig. 1 is a schematic diagram of a data encryption storage method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a data encryption storage method according to another embodiment of the present invention;
FIG. 3 is a schematic flowchart of a data encryption storage method according to an embodiment of the present invention;
FIG. 4 is a schematic diagram illustrating a data decryption process in a data encryption storage method according to another embodiment of the present invention;
FIG. 5 is a schematic structural diagram of a data encryption storage system according to an embodiment of the present invention;
FIG. 6 is a schematic structural diagram of a data encryption storage system according to another embodiment of the present invention;
fig. 7 is a schematic structural diagram of a data encryption storage device according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a computer-readable storage medium according to an embodiment of the disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The same reference numerals in the drawings denote the same or similar structures, and thus their repetitive description will be omitted.
As shown in fig. 1, an embodiment of the present invention discloses a data encryption storage method, which includes the following steps:
s110, the server acquires original characteristic information associated with the data to be encrypted. In this embodiment, the original feature information includes a plurality of pieces of physical hardware feature information. The physical hardware characteristic information may be disk volume characteristic information or a master key generated by an encryption card. This is not limited by the present application. The disc volume characteristic information corresponds to the number of the storage area in the storage medium after the data to be encrypted is encrypted. The disc volume characteristic information may include information such as a disc volume label. The server may be a storage encryption server. The storage medium may be a hard disk. The disc volume characteristic information may also correspond to other attribute characteristic information of the storage area. The number of the storage area in the storage medium may be a preset number of tracks or sectors in the hard disk. This is not limited by the present application.
And S120, the client generates user identification information based on a private key held by the current user, and sends the user identification information to the server. Specifically, the client uses a private key held by the current user as input of a first preset encryption algorithm, and the user identification information can be obtained through encryption operation. The subscriber identification information may be a serial number composed of a plurality of decimal digits. For example, the client performs encryption operation on a certificate with a private key of the current user to obtain the UPIN. The UPIN is the user identification information.
The first preset encryption algorithm may be a symmetric encryption algorithm, such as the SM3 algorithm. The present application does not limit the types of the first preset encryption algorithm and the symmetric encryption algorithm.
S130, after receiving the user identification information, the server generates an encryption key based on the original feature information and the user identification information. Specifically, the original feature information and the user identification information are used as input of a second preset encryption algorithm, and an encryption key can be generated through encryption operation. The second preset encryption algorithm may be a symmetric encryption algorithm, such as the SM4 algorithm. The second preset encryption algorithm and the symmetric encryption algorithm are not limited in types by the present application.
According to the method and the device, a plurality of physical hardware characteristic information and user identification information are combined to perform encryption operation instead of single physical hardware characteristic information, so that the encrypted ciphertext data is higher in security. Even if an attacker gains user operating system privileges, the difficulty of cracking to obtain sensitive data increases.
And S140, the server encrypts the data to be encrypted by using the encryption key to obtain ciphertext data, and stores the ciphertext data. Specifically, the server takes the encryption key and the data to be encrypted as input of a third preset encryption algorithm, and ciphertext data can be obtained through encryption operation. The above-mentioned cipher text data are stored in the server. The third preset encryption algorithm may be a symmetric encryption algorithm, such as the SM4 algorithm. When the original characteristic information includes disk volume characteristic information, the encrypted ciphertext data is stored in a storage area corresponding to the disk volume characteristic information in the step.
Another embodiment of the present application discloses another data encryption storage method. The method is based on the above embodiment, where the original characteristic information includes disk volume characteristic information and a first key. The disc volume characteristic information corresponds to the number of the storage area in the storage medium after the data to be encrypted is encrypted. The first key is generated by a preset encryption device. For example, the preset encryption device may be an encryption card, and the first key may be a master key generated by the encryption card.
As shown in fig. 2, another embodiment of the present application discloses another data encryption storage method. On the basis of the above embodiment, the method further comprises the steps of:
s160, the server obtains the original feature information associated with the ciphertext data. Wherein, the original feature information in this step is the same as the original feature information in step S110.
In another embodiment of the present application, the original characteristic information includes disc volume characteristic information. And the server acquires a storage area of the ciphertext data and acquires the disk volume characteristic information associated with the ciphertext data according to the storage area.
In another embodiment of the present application, the original feature information may include a first key, and the first key is generated by a preset encryption device. For example, the preset encryption device may be a hardware encryption card, and the first key may be a master key generated by the encryption card.
And S170, the client generates user identification information based on a private key held by the current user and sends the user identification information to the server. Wherein, the private key of the user in this step is the same as the private key in step S120. The user identification information in this step is the same as the user identification information in step S120.
And S180, after receiving the user identification information, the server generates a decryption key based on the original characteristic information and the user identification information. Specifically, the decryption key may be obtained by taking the original feature information and the user identification information as input of the second preset encryption algorithm and performing an operation.
S190, the server decrypts the ciphertext data based on the decryption key to obtain plaintext data; and sending the plaintext data to the client. Specifically, the ciphertext data and the decryption key are used as the input of the third preset encryption algorithm, and plaintext data can be obtained through decryption operation.
In another embodiment of the present application, another method of data encrypted storage is disclosed. On the basis of the above embodiment, before step S110, the method further includes the steps of:
s100, the server receives a data storage instruction sent by the client. That is, the server starts to acquire the original feature information associated with the data to be encrypted only after receiving the data storage instruction. According to the method and the system, independent instruction sending servers and encryption servers are not required to be arranged, all the processes can be realized by utilizing the communication between the encryption storage server and the client, the server resources are saved, and the cost of the server is reduced.
In another embodiment of the present application, another method of data encrypted storage is disclosed. On the basis of the above embodiment, before step S160, the method further includes the steps of:
s150, the server receives the data reading command sent by the client. That is, only after the server receives the data reading instruction, the original feature information associated with the ciphertext data starts to be acquired.
As shown in fig. 3, another embodiment of the present application discloses another data encryption storage method. Specifically, when the client corresponding to the current user 101 starts to send an instruction to the storage encryption server, step S201 is executed: in a write operation, that is, when writing the plaintext data 102 into the storage encryption server is started, the client performs step S202 based on the private key 103 held by the current user 101: the first encryption operation generates UPIN106, i.e., subscriber identification information. The MON104, that is, the storage encryption server management center, loads the UPIN106 of the user, the kernel encryption/decryption layer of the storage encryption server calls the encryption card to generate the first key 107, and then the kernel encryption/decryption layer calls the first key 107, the disk volume feature information 105, and the UPIN106 to execute step S203: a second encryption operation results in an encryption key 108. The storage encryption server performs step S204 on the plaintext data 102 based on the encryption key 108: and performing a third encryption operation to obtain ciphertext data 109, and storing the ciphertext data 109 in the hard disk of the server.
As shown in fig. 4, another embodiment of the present application discloses a data decryption process in a data encryption storage method. When the current user 101 needs to read data, the client corresponding to the current user 101 starts to send an instruction to the storage encryption server to execute step S210: data is read from the hard disk. At this time, if the storage encryption server does not have the encryption key 108, the client executes step S202 based on the private key 103 currently held by the user 101: the first encryption operation generates UPIN106, i.e., subscriber identification information. The MON104, that is, the storage encryption server management center, loads the UPIN106 of the user, the kernel encryption/decryption layer of the storage encryption server calls the encryption card to generate the first key 107, and then the kernel encryption/decryption layer calls the first key 107, the disk volume feature information 105, and the UPIN106 to execute step S203: a second encryption operation results in a decryption key 110. The storage encryption server reads the ciphertext data 109 from the hard disk based on step S210, and then performs step S211 on the ciphertext data 109 based on the decryption key 110: the decryption operation obtains the plaintext data 102, and the step S212 is executed on the plaintext data 102: and returning the data to the client for use by the user.
It should be noted that all the above embodiments disclosed in the present application can be freely combined, and the technical solutions obtained by combining them are also within the scope of the present application.
As shown in fig. 5, an embodiment of the present invention further discloses a data encryption storage system 3, which includes:
and an original characteristic information acquisition module 31, wherein the server acquires original characteristic information associated with the data to be encrypted.
The client generates user identification information based on a private key held by the current user, and sends the user identification information to the server.
And an encryption key generation module 33, configured to generate an encryption key based on the original feature information and the user identification information after the server receives the user identification information.
And the data encryption module 34, where the server encrypts the data to be encrypted by using the encryption key to obtain ciphertext data, and stores the ciphertext data.
As shown in fig. 6, another embodiment of the present invention further discloses a data encryption storage system 4, which on the basis of the above embodiment, further includes:
a first parameter obtaining module 36, where the server obtains the original feature information associated with the ciphertext data.
And a second parameter obtaining module 37, where the client generates the user identification information based on a private key held by the current user, and sends the user identification information to the server.
And a decryption key generation module 38, configured to generate a decryption key based on the original feature information and the user identification information after the server receives the user identification information.
The data decryption module 39, the server decrypts the ciphertext data based on the decryption key to obtain plaintext data; and sending the plaintext data to the client.
It is understood that the data encryption storage system of the present invention also includes other existing functional modules that support the operation of the data encryption storage system. The data encryption storage system shown in fig. 5 and 6 is only an example, and should not bring any limitation to the function and the scope of use of the embodiment of the present invention.
The data encryption storage system in this embodiment is used to implement the above method for data encryption storage, so for the specific implementation steps of the data encryption storage system, reference may be made to the above description of the method for data encryption storage, and details are not described here again.
The embodiment of the invention also discloses a data encryption storage device, which comprises a processor and a memory, wherein the memory stores the executable program of the processor; the processor is configured to perform the steps of the above-described data encryption storage method via execution of the executable program. Fig. 7 is a schematic structural diagram of a data encryption storage device disclosed by the invention. An electronic device 600 according to this embodiment of the invention is described below with reference to fig. 7. The electronic device 600 shown in fig. 7 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 7, the electronic device 600 is embodied in the form of a general purpose computing device. The components of the electronic device 600 may include, but are not limited to: at least one processing unit 610, at least one memory unit 620, a bus 630 connecting the different platform components (including the memory unit 620 and the processing unit 610), a display unit 640, etc.
Wherein the storage unit stores program code that can be executed by the processing unit 610, such that the processing unit 610 performs the steps according to various exemplary embodiments of the present invention described in the above-mentioned data encryption storage method section of the present specification. For example, processing unit 610 may perform the steps as shown in fig. 1.
The storage unit 620 may include readable media in the form of volatile memory units, such as a random access memory unit (RAM)6201 and/or a cache memory unit 6202, and may further include a read-only memory unit (ROM) 6203.
The memory unit 620 may also include a program/utility 6204 having a set (at least one) of program modules 6205, such program modules 6205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
Bus 630 may be one or more of several types of bus structures, including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 600 may also communicate with one or more external devices 700 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 600, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 600 to communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 650. Also, the electronic device 600 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via the network adapter 660. The network adapter 660 may communicate with other modules of the electronic device 600 via the bus 630. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 600, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage platforms, to name a few.
The invention also discloses a computer readable storage medium for storing a program, and the program realizes the steps in the data encryption storage method when being executed. In some possible embodiments, the various aspects of the present invention may also be implemented in the form of a program product including program code for causing a terminal device to perform the steps according to various exemplary embodiments of the present invention described in the above-mentioned data encryption storage method of the present specification, when the program product is run on the terminal device.
As described above, when the program of the computer-readable storage medium of this embodiment is executed, the original feature information and the user identification information are combined to perform an encryption operation, so as to generate an encryption key, and even if an attacker obtains the authority of the user operating system, the attacker cannot obtain sensitive data, thereby ensuring the security of the user data.
Fig. 8 is a schematic structural diagram of a computer-readable storage medium of the present invention. Referring to fig. 8, a program product 800 for implementing the above method according to an embodiment of the present invention is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The data encryption storage method, system, device and storage medium provided by the embodiment of the invention generate the encryption key by combining the original characteristic information and the user identification information for encryption operation, which is different from the prior art that only single hardware characteristic information is used for encryption, so that even if an attacker obtains the authority of a user operating system, sensitive data cannot be obtained, and the security of user data is ensured.
The foregoing is a more detailed description of the invention in connection with specific preferred embodiments and it is not intended that the invention be limited to these specific details. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.

Claims (12)

1. A data encryption storage method is characterized by comprising the following steps:
the method comprises the steps that a server obtains original characteristic information associated with data to be encrypted;
the client generates user identification information based on a private key held by a current user and sends the user identification information to the server;
after receiving the user identification information, the server generates an encryption key based on the original characteristic information and the user identification information;
and the server encrypts the data to be encrypted by using the encryption key to obtain ciphertext data and stores the ciphertext data.
2. The data encryption storage method according to claim 1, wherein the original characteristic information includes disk volume characteristic information corresponding to a number of a storage area in the storage medium after the data to be encrypted is encrypted.
3. The data encryption storage method according to claim 1 or 2, wherein the original characteristic information includes a first key, and the first key is generated by a preset encryption device.
4. The data encryption storage method according to claim 1, wherein said method further comprises the steps of:
the server acquires the original characteristic information associated with the ciphertext data;
the client generates the user identification information based on a private key held by a current user and sends the user identification information to the server;
after receiving the user identification information, the server generates a decryption key based on the original characteristic information and the user identification information;
the server decrypts the ciphertext data based on the decryption key to obtain plaintext data; and sending the plaintext data to the client.
5. The data encryption storage method of claim 1, wherein prior to the step of the server obtaining original characteristic information associated with data to be encrypted, the method further comprises:
and the server receives a data storage instruction sent by the client.
6. The data encryption storage method according to claim 4, wherein the original characteristic information includes disc volume characteristic information;
the server acquires the original characteristic information associated with the ciphertext data, and the method comprises the following steps:
and the server acquires a storage area of the ciphertext data and acquires the disk volume characteristic information associated with the ciphertext data according to the storage area.
7. The data encryption storage method according to claim 4 or 6, wherein the original characteristic information includes a first key, and the first key is generated by a preset encryption device.
8. The data encryption storage method of claim 4, wherein before the step of the server obtaining the original feature information associated with the ciphertext data, the method further comprises:
and the server receives a data reading instruction sent by the client.
9. The data encryption storage method according to claim 1, wherein the step of generating the user identification information by the client based on a private key held by a current user comprises:
the client encrypts a private key held by a current user based on a first preset encryption algorithm to generate user identification information;
after receiving the user identification information, the server generates an encryption key based on the original characteristic information and the user identification information, and the method comprises the following steps:
the server encrypts the original characteristic information and the user identification information based on a second preset encryption algorithm to generate an encryption key;
the first preset encryption algorithm and the second preset encryption algorithm are both symmetric encryption algorithms.
10. A data encryption storage system for implementing the data encryption storage method according to claim 1, the system comprising:
the server acquires original characteristic information associated with the data to be encrypted;
the client generates user identification information based on a private key held by a current user and sends the user identification information to the server;
the encryption key generation module is used for generating an encryption key based on the original characteristic information and the user identification information after the server receives the user identification information;
and the server encrypts the data to be encrypted by using the encryption key to obtain ciphertext data and stores the ciphertext data.
11. A data encryption storage device, comprising:
a processor;
a memory having stored therein an executable program of the processor;
wherein the processor is configured to perform the steps of the data encryption storage method of any one of claims 1 to 9 via execution of the executable program.
12. A computer-readable storage medium storing a program, wherein the program is configured to implement the steps of the data encryption storage method according to any one of claims 1 to 9 when executed by a processor.
CN202111203423.XA 2021-10-15 2021-10-15 Data encryption storage method, system, equipment and storage medium Pending CN113946863A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111203423.XA CN113946863A (en) 2021-10-15 2021-10-15 Data encryption storage method, system, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111203423.XA CN113946863A (en) 2021-10-15 2021-10-15 Data encryption storage method, system, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN113946863A true CN113946863A (en) 2022-01-18

Family

ID=79330620

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111203423.XA Pending CN113946863A (en) 2021-10-15 2021-10-15 Data encryption storage method, system, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113946863A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117010000A (en) * 2023-09-28 2023-11-07 之江实验室 Data security service method, device, computer equipment and storage medium
CN117610079A (en) * 2024-01-23 2024-02-27 中汽智联技术有限公司 Data security processing method, device and storage medium

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117010000A (en) * 2023-09-28 2023-11-07 之江实验室 Data security service method, device, computer equipment and storage medium
CN117010000B (en) * 2023-09-28 2024-03-01 之江实验室 Data security service method, device, computer equipment and storage medium
CN117610079A (en) * 2024-01-23 2024-02-27 中汽智联技术有限公司 Data security processing method, device and storage medium
CN117610079B (en) * 2024-01-23 2024-04-09 中汽智联技术有限公司 Data security processing method, device and storage medium

Similar Documents

Publication Publication Date Title
CN108632284B (en) User data authorization method, medium, device and computing equipment based on block chain
CN109150499B (en) Method and device for dynamically encrypting data, computer equipment and storage medium
CN106971121B (en) Data processing method, device, server and storage medium
CN102855452B (en) Fast Data Encipherment strategy based on encryption chunk is deferred to
US9973496B2 (en) Controlled use of a hardware security module
CN107612683B (en) Encryption and decryption method, device, system, equipment and storage medium
CN109951295B (en) Key processing and using method, device, equipment and medium
CN110636043A (en) File authorization access method, device and system based on block chain
CN108777685B (en) Method and apparatus for processing information
CN110245466B (en) Software integrity protection and verification method, system, device and storage medium
CN109076054B (en) System and method for managing encryption keys for single sign-on applications
CN110661814A (en) Bidding file encryption and decryption method, device, equipment and medium
CN110177099B (en) Data exchange method, transmitting terminal and medium based on asymmetric encryption technology
CN110708291B (en) Data authorization access method, device, medium and electronic equipment in distributed network
CN113946863A (en) Data encryption storage method, system, equipment and storage medium
CN111814166B (en) Data encryption method and device and electronic equipment
CN111464297A (en) Transaction processing method and device based on block chain, electronic equipment and medium
CN111200593A (en) Application login method and device and electronic equipment
CN109711178B (en) Key value pair storage method, device, equipment and storage medium
CN108459852A (en) Script processing method and device, storage medium, electronic equipment
CN114615031A (en) File storage method and device, electronic equipment and storage medium
US10462113B1 (en) Systems and methods for securing push authentications
CN110545542A (en) Main control key downloading method and device based on asymmetric encryption algorithm and computer equipment
CN109995774B (en) Key authentication method, system, device and storage medium based on partial decryption
CN110011807B (en) Key information maintenance method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination