CN114218557A - User data security protection method and device based on AI and cloud control - Google Patents

User data security protection method and device based on AI and cloud control Download PDF

Info

Publication number
CN114218557A
CN114218557A CN202111527939.XA CN202111527939A CN114218557A CN 114218557 A CN114218557 A CN 114218557A CN 202111527939 A CN202111527939 A CN 202111527939A CN 114218557 A CN114218557 A CN 114218557A
Authority
CN
China
Prior art keywords
data
cloud
terminal
user
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111527939.XA
Other languages
Chinese (zh)
Inventor
魏占旭
李海强
单晓宇
李�杰
罗强
李海明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianyi Telecom Terminals Co Ltd
Original Assignee
Tianyi Telecom Terminals Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianyi Telecom Terminals Co Ltd filed Critical Tianyi Telecom Terminals Co Ltd
Priority to CN202111527939.XA priority Critical patent/CN114218557A/en
Publication of CN114218557A publication Critical patent/CN114218557A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Telephonic Communication Services (AREA)

Abstract

本发明提出一种基于AI和云端控制的用户数据安全保护方法及装置,用户终端与云端建立通道,基于终端串码IMEI启动身份验证保护流程,新注册用户启用注册流程,基于人脸识别和活体检测生成用于数据加密保护流程的公私密钥对,并采集除人脸以外的若干用户生理信息用于远程控制加密保护流程;基于所述公私密钥对执行数据加密保护流程;基于所述用户生理信息执行远程控制加密保护流程。本发明解决云端备份安全性问题,实现不同场景下的不同加密保护方式,增强保护的有效性和安全性。

Figure 202111527939

The invention proposes a user data security protection method and device based on AI and cloud control. A user terminal establishes a channel with the cloud, starts an identity verification protection process based on the terminal serial code IMEI, and starts a registration process for newly registered users. Detecting and generating a public-private key pair for the data encryption protection process, and collecting several user physiological information other than the face for remote control of the encryption protection process; executing the data encryption protection process based on the public-private key pair; based on the user Physiological information performs remote control encryption protection process. The invention solves the security problem of cloud backup, realizes different encryption protection methods in different scenarios, and enhances the effectiveness and security of protection.

Figure 202111527939

Description

AI and cloud control-based user data security protection method and device
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a user data security protection method and device based on AI and cloud control.
Background
User data of terminal equipment (mobile phones, tablet computers, notebook computers and the like) is increasing, and many of the user data are data related to user privacy, such as important privacy data of address books, call records, short messages, photos, videos, files, APP and the like, so that once the terminal equipment is stolen or lost, the user privacy data are at risk of being leaked, and the work or life of a user himself can be greatly influenced; therefore, more and more users select to upload personal private data to the cloud for storage, so that the private data stored in the terminal device by the users are leaked due to the fact that the terminal device is stolen or lost, but the risk of data leakage exists in the cloud storage, and many risks can cause the data stored in the cloud by the users to be lost and leaked, for example, a cloud server is attacked by a hacker, and operation and maintenance personnel in a cloud service provider have super authority, so that the data stored in the cloud by the users can be leaked, stolen and lost.
The technology of data backup to the cloud on the existing terminal equipment basically uploads data to a personal storage space of a cloud user directly, the user needs to perform user identity authentication if the user needs to check the data, and after the authentication is passed, the user can check personal data at the cloud, but the prior art still has some defects, which are mainly expressed in the following aspects:
when data on the existing terminal equipment is backed up to a cloud end, only one authentication wall is arranged in a cloud end data storage space when a control association channel is established, authentication is carried out through a user name and a password, the data is not encrypted, and a user can worry that the authentication wall is broken by a hacker or operation and maintenance personnel in a cloud service provider have super authority so that the data stored in the cloud end of the user can be leaked, stolen and lost;
even if the data backed up at the cloud by the user is encrypted, if the user forgets the key or stores the key in the cloud, the key can be stolen when the cloud is broken, and the risk of data leakage still exists;
thirdly, most of the user identity authentication modes adopt a digital encryption mode, the efficiency is low, when the user forgets, the password needs to be retrieved, and the risk of being cracked by a hacker is high;
and (IV) when the terminal equipment of the user is lost, the user can read the backup from the cloud again to the new terminal, and even the internal data can be deleted by the cloud remote control lost terminal, but all operations are only based on common identity authentication and are not protected by encryption, so that misoperation is easily caused, and the serious consequences of data theft or damage are easily caused by the operation of hackers counterfeiting.
Disclosure of Invention
The invention provides a user data security protection method and device based on AI and cloud control, which solve the problem of cloud backup security, realize different encryption protection modes in different scenes and enhance the effectiveness and security of protection. In order to achieve the purpose, the technical scheme of the invention is realized as follows:
a user data security protection method based on AI and cloud control comprises the following steps:
s1, establishing a channel between the user terminal and the cloud, starting an identity verification protection process based on the terminal serial number IMEI, and jumping to the step S2 by the newly registered user; if the user name and the password are correct, the IMEI serial code is consistent with the cloud storage information, and the step S3 is skipped; if the user name and the password are correct, and the IMEI serial code is inconsistent with the cloud storage information, jumping to step S4;
s2, starting a registration process by a newly registered user, generating a public-private key pair for a data encryption protection process based on face recognition and living body detection, and collecting a plurality of user physiological information except for the face for remotely controlling the encryption protection process;
s3, executing a data encryption protection process based on the public and private key pair;
and S4, executing a remote control encryption protection process based on the user physiological information.
Further, the specific process of step S1 includes:
the terminal sends a request for establishing a control association channel to the cloud, the cloud sends a request for acquiring the IMEI (international mobile equipment identity) code string of the terminal to the terminal after receiving the request, and the cloud provides a user login interface for the terminal after receiving the IMEI code string sent back by the terminal response;
if the registered user is a new registered user, jumping to step S2; if the user name and the password are correct, and the registered user is judged, whether the user name, the password and the IMEI serial code are consistent with the cloud storage information is judged, and if so, the step S3 is skipped to; if not, the process goes to step S4.
Further, the specific process of step S2 includes:
s201, the cloud stores the user name, the password and the IMEI serial code;
s202, the newly registered user generates a pair of asymmetrically encrypted data encryption public and private key pairs at a terminal, and the data encryption public and private key pairs are generated by face recognition and living body detection technologies, so that a face recognition living body detection result of the user becomes a data encryption private key;
s203, the user uses the data encryption public key to encrypt private data to be protected in the terminal at the terminal, and then the encrypted data and the data encryption public key are sent to the cloud server together;
s204, collecting a plurality of user physiological information except for human faces, transmitting the physiological information to a cloud server, and carrying out encryption protection for cloud remote control; the physiological information is collected by the terminal and sent to the cloud.
Further, the specific process of step S3 includes:
s301, when the terminal sends an instruction to the cloud, matching a data encryption private key through face recognition and a living body detection result, using the data encryption private key to sign, and submitting signed instruction information to the cloud;
s302, the cloud end verifies the instruction information of the terminal by using the data encryption public key, and executes the instruction after the verification is passed;
s303, if the instruction is to read or download the encrypted data stored in the cloud, the cloud server sends the stored encrypted data to the terminal;
s304, the terminal decrypts the received encrypted data through the face recognition and living body detection result matching data encryption private key to obtain the original data.
Further, the specific process of step S4 includes:
s401, matching a data encryption private key by a new terminal to which a new IMEI serial code belongs through face recognition and a living body detection result, signing a command for recovering data by using the data encryption private key, and submitting signed command information to a cloud;
s402, the cloud verifies the instruction information by using the data encryption public key, and after the verification is passed, 2 data are randomly selected based on the user physiological information data stored in the cloud to generate a remote control public-private key pair;
s403, if the instruction of the new terminal is to restore data in the new terminal, the cloud end uses the remote control public key to carry out secondary encryption on the stored data, and the secondary encrypted data and the remote control private key are sent to the new terminal; after the new terminal receives the encrypted data and the remote control private key, the 2 items of physiological information data are collected through the new terminal according to prompts, the remote control private key is matched, the secondary encrypted data are decrypted to obtain the encrypted data originally stored in the cloud, the encrypted data are decrypted by matching the data encryption private key through face recognition and a living body detection result, and the data can be restored to new terminal equipment;
s404, if the command of the new terminal is to delete data in the original terminal, when the cloud terminal sends an inquiry deletion confirmation command to the terminal, the remote control public key is used for encrypting the deletion confirmation command, then the inquiry deletion confirmation command and the remote control private key are sent to the new terminal, after the new terminal receives the encrypted data and the remote control private key, the new terminal collects the 2 items of physiological information data through the new terminal according to prompts, the remote control private key is matched, the inquiry deletion confirmation command is decrypted, then the deletion confirmation command is sent to the cloud terminal, the deletion confirmation command is required to be signed through the remote control private key, the cloud terminal receives the signature confirmation deletion command, after the signature is verified through the remote control public key, the original terminal is controlled to delete the data after being online.
In another aspect, the present invention further provides a user data security protection device based on AI and cloud control, including:
the identity authentication protection module is used for establishing a channel between the user terminal and the cloud, starting an identity authentication protection process based on terminal serial IMEI, and switching a newly registered user to the registration module; if the user name and the password are correct, the IMEI serial code is consistent with the cloud storage information, and the IMEI serial code jumps to a data encryption protection module; if the user name and the password are correct, and the IMEI serial code is inconsistent with the cloud storage information, jumping to a remote control encryption protection module;
the registration module is used for starting a registration process by a newly registered user, generating a public-private key pair for a data encryption protection process based on face recognition and living body detection, and acquiring a plurality of user physiological information except for a face for remotely controlling the encryption protection process;
the data encryption protection module executes a data encryption protection process based on the public and private key pair;
and the remote control encryption protection module executes a remote control encryption protection process based on the user physiological information.
Further, the identity authentication protection module comprises:
a terminal string code obtaining unit configured to: the terminal sends a request for establishing a control association channel to the cloud, the cloud sends a request for acquiring the IMEI (international mobile equipment identity) code string of the terminal to the terminal after receiving the request, and the cloud provides a user login interface for the terminal after receiving the IMEI code string sent back by the terminal response;
a comparison unit for: if the registered user is a new registered user, jumping to a registration module; if the user name and the password are correct, judging that the user is a registered user, judging whether the user name, the password and the IMEI serial code are consistent with the cloud storage information, and if so, jumping to a data encryption protection module; and if the two are not consistent, jumping to a remote control encryption protection module.
Further, the registration module includes:
the storage unit is used for storing the user name, the password and the IMEI serial code at the cloud;
the key unit is used for generating a pair of asymmetrically encrypted data encryption public and private key pairs at a terminal by the newly registered user, and the data encryption public and private key pairs are generated by utilizing face recognition and living body detection technologies, so that a face recognition living body detection result of the user becomes a data encryption private key;
an encryption upload unit to: a user encrypts private data to be protected in the terminal by using a data encryption public key at the terminal, and then the encrypted data and the data encryption public key are sent to a cloud server together;
the physiological information collecting unit is used for collecting a plurality of user physiological information except the human face, transmitting the user physiological information to the cloud server and carrying out encryption protection of cloud remote control; the physiological information is collected by the terminal and sent to the cloud.
Further, the data encryption protection module comprises:
a terminal signature unit to: when the terminal sends an instruction to the cloud, matching a data encryption private key through face recognition and living body detection results, using the data encryption private key to sign, and submitting signed instruction information to the cloud;
a cloud verification unit configured to: the cloud end verifies the instruction information of the terminal by using the data encryption public key, and executes the instruction after the verification is passed;
a data issuing unit, configured to: if the instruction is to read or download the encrypted data stored in the cloud, the cloud server sends the stored encrypted data to the terminal;
a terminal decryption unit for: and the terminal decrypts the received encrypted data by matching the face recognition result with the data encryption private key according to the living body detection result to obtain the original data.
Further, the remote control encryption protection module comprises:
a new terminal signing unit for: the new terminal to which the new IMEI serial code belongs is matched with a data encryption private key through face recognition and a living body detection result, a data recovery instruction is signed by using the data encryption private key, and signed instruction information is submitted to the cloud;
a cloud key pair generation unit configured to: the cloud end verifies the instruction information by using the data encryption public key, and randomly selects 2 items of data based on the user physiological information data stored in the cloud end after the verification is passed, so as to generate a remote control public-private key pair;
a new terminal data recovery unit for: if the instruction of the new terminal is to recover the data in the new terminal, the cloud end uses the remote control public key to carry out secondary encryption on the stored data, and the secondary encrypted data and the remote control private key are sent to the new terminal; after the new terminal receives the encrypted data and the remote control private key, the 2 items of physiological information data are collected through the new terminal according to prompts, the remote control private key is matched, the secondary encrypted data are decrypted to obtain the encrypted data originally stored in the cloud, the encrypted data are decrypted by matching the data encryption private key through face recognition and a living body detection result, and the data can be restored to new terminal equipment;
the system comprises an original terminal data deleting unit, a cloud terminal and a remote control private key, wherein the original terminal data deleting unit is used for encrypting a deleting confirmation instruction by using the remote control public key when the cloud terminal sends an inquiry deleting confirmation instruction to the terminal if an instruction of a new terminal deletes data in the original terminal, then the deleting confirmation instruction and the remote control private key are sent to the new terminal, after the new terminal receives the encrypted data and the remote control private key, the new terminal collects 2 physiological information data through the new terminal according to prompts, the physiological information data are matched with the remote control private key, the inquiry deleting confirmation instruction is decrypted, then the deleting confirmation instruction is sent to the cloud terminal, the deleting confirmation instruction needs to be signed through the remote control private key, the cloud terminal receives the signed deleting confirmation instruction, and after the signature is verified through the remote control public key, the original terminal is on-line and is controlled to delete data.
Compared with the prior art, the invention has the following beneficial effects:
according to the method, through a first-layer identity authentication protection process when a terminal and a cloud channel are established, identity authentication is carried out through a user name and a password, and further identity authentication is carried out through obtaining an IMEI serial code of the terminal, so that different scenes of user login can be screened, corresponding encryption protection processes are matched respectively, and a hacker can be prevented from obtaining the user name and the password to carry out fake login preliminarily; different encryption protection modes under different scenes are realized, and the effectiveness and the safety of protection are enhanced;
the invention adopts the face recognition living body detection technology to generate the data encryption public and private key pair for data encryption protection, thereby improving the encryption reliability and the decryption convenience, preventing the risk that the decryption cannot be carried out due to the fact that a user forgets the password or the digital encryption is broken by a hacker, and simultaneously, compared with other encryption methods, the face recognition living body detection technology has the advantages of being safer, more reliable and more easily obtained;
and thirdly, the public and private key pair is remotely controlled by adopting 2 random physiological information data, and secondary identity verification and secondary data encryption are performed when the user remotely controls through the cloud, so that the safety and the effectiveness of remote control are improved, and the conditions of data leakage, theft, loss and the like caused by misoperation or utilization of a cloud remote control function are avoided.
Drawings
Fig. 1 is a schematic diagram of an authentication protection process according to an embodiment of the present invention;
fig. 2 is a schematic diagram illustrating a new user registration process according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a data encryption protection process according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a remote control encryption protection process according to an embodiment of the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
In order to make the objects and features of the present invention more comprehensible, embodiments accompanying the present invention are further described below. It is to be noted that the drawings are in a very simplified form and are provided solely for the purpose of facilitating and distinctly aiding in the description of the patented embodiments of the invention.
The first embodiment is as follows:
the invention provides a user data safety protection method based on AI technology and cloud control, which comprises the following steps for a newly registered user:
as shown in fig. 1, a control association channel is established based on a cloud and a terminal device, and is used for uploading terminal device data to the cloud, and the specific establishment process includes: the terminal sends a request for establishing a control association channel to the cloud, the cloud sends a request for acquiring the IMEI (international mobile equipment identity) code string of the terminal to the terminal after receiving the request, and the cloud provides a user login (registration) interface for the terminal after receiving the IMEI code string sent back by the terminal response;
if the user is a new registered user (first login and registration), a setting process of data encryption protection and remote control encryption protection as shown in fig. 2 is executed, the process is dedicated for setting and using the new registered user, and the main setting process includes the following four aspects:
(1) the cloud end stores the user name, the password and the IMEI serial code in an associated manner;
(2) a newly registered user generates a pair of asymmetrically encrypted data encryption public and private key pairs at a terminal, the data encryption public and private key pairs are generated by utilizing face recognition and living body detection technologies, so that a face recognition living body detection result of the user becomes a data encryption private key, and the living body detection refers to verifying whether the user is operated by a real living body by using face key point positioning, face tracking and other technologies through combined actions of blinking, mouth opening, head shaking, head pointing and the like;
(3) a user encrypts private data to be protected in the terminal by using a data encryption public key at the terminal, and then the encrypted data and the data encryption public key are sent to a cloud server together;
(4) collecting a plurality of user physiological information except for human faces, transmitting the physiological information to a cloud server, and carrying out encryption protection of cloud remote control; the physiological information comprises fingerprints, voiceprints, irises, palmprints and the like, is collected by the terminal and is sent to the cloud.
Example two:
the second embodiment is that, based on the first embodiment, when the new user registration and setting are completed, the encrypted data, the data encryption public key and the user physiological information are uploaded and stored in the cloud, and if the user wants to read or download the encrypted data from the cloud to the terminal of the user, the establishing process of the control association channel shown in fig. 1 is still executed at first;
the terminal sends a request for establishing a control association channel to the cloud, the cloud sends a request for acquiring the IMEI (international mobile equipment identity) code string of the terminal to the terminal after receiving the request, and the cloud provides a user login (registration) interface for the terminal after receiving the IMEI code string sent back by the terminal response;
if the user name and the password are correct, judging that the user is a registered user, judging whether the user name, the password and the IMEI serial code are consistent with the cloud storage information, and if so, executing a data encryption protection process shown in FIG. 3;
when the terminal sends an instruction to the cloud, matching a data encryption private key through face recognition and living body detection results, using the data encryption private key to sign, and submitting signed instruction information to the cloud;
the cloud end verifies the instruction information of the terminal by using the data encryption public key, and executes the instruction after the verification is passed;
if the instruction is to read or download the encrypted data stored in the cloud, the cloud server sends the stored encrypted data to the terminal; and the terminal decrypts the received encrypted data by matching the face recognition result with the data encryption private key according to the living body detection result to obtain the original data.
Example three:
in the third embodiment, based on the first embodiment, after the encrypted data, the data encryption public key, and the user physiological information are uploaded and stored in the cloud, the user terminal is accidentally lost or stolen and cannot be retrieved, the user needs to restore the encrypted data stored in the cloud to the new terminal, and needs to delete the lost data in the original terminal, and then the process of establishing the control association channel as shown in fig. 1 is still executed;
the new terminal sends a request for establishing a control association channel to the cloud, the cloud sends a request for acquiring the IMEI (international mobile equipment identity) code string of the terminal to the terminal after receiving the request, and the cloud provides a user login (registration) interface for the terminal after receiving the IMEI code string sent back by the terminal response;
if the user name and the password are correct, the registered user is judged, but the IMEI serial code is not consistent with the cloud storage information due to a new terminal, and a data encryption protection process shown in the figure 4 is executed;
the new terminal matches a data encryption private key through face recognition and living body detection results, signs the instruction by using the data encryption private key, and submits signed instruction information to the cloud;
the cloud end verifies the instruction information by using the data encryption public key, and after the verification is passed, a remote control public and private key pair is generated; the remote control public and private key pair is generated based on user physiological information data stored by a cloud end, the cloud end randomly selects 2 items in the stored user physiological information data, and the remote control public and private key pair is generated based on the 2 items of data;
if the instruction of the new terminal is to recover the data in the new terminal, the cloud end uses the remote control public key to carry out secondary encryption on the stored data, and the secondary encrypted data and the remote control private key are sent to the new terminal; after the new terminal receives the encrypted data and the remote control private key, the 2 items of physiological information data need to be collected through the new terminal according to prompts, such as fingerprints and voice of a user are collected to obtain fingerprint data and voiceprint data, the fingerprint data and the voiceprint data are matched with the remote control private key, the secondary encrypted data are decrypted to obtain encrypted data originally stored in a cloud end, then the encrypted data are decrypted by matching the data encryption private key through face recognition and a living body detection result, and the data can be recovered to new terminal equipment.
If the command of the new terminal is to delete the data in the original terminal, the cloud end encrypts the inquiry deletion confirmation command by using the remote control public key when sending the inquiry deletion confirmation command to the terminal, then the data and the remote control private key are sent to a new terminal, after the new terminal receives the encrypted data and the remote control private key, the 2 items of physiological information data need to be collected through the new terminal according to the prompt, for example, the fingerprint and voice of the user are collected, the fingerprint data and voice print data are obtained, the fingerprint data and voice print data are matched with a remote control private key, the inquiry deletion confirmation instruction is decrypted, then the deletion confirmation instruction is sent to the cloud end, the deletion confirmation instruction needs to be signed through a remote control private key, the cloud end receives the signed deletion confirmation instruction, after the signature is verified by the remote control public key, the lost terminal is controlled to delete data after being online and networked.
Based on the embodiments, when a control association channel between the terminal and the cloud is established, the cloud acquires an IMEI string code of the terminal, compares the IMEI string code with a stored IMEI string code during registration, and enters different encryption protection processes according to the result;
secondly, generating a data encryption public-private key pair on user terminal equipment by using a face recognition living body detection technology, encrypting data to be protected by using a public key, and uploading the encrypted data and the public key to a cloud backup for storage;
thirdly, the face recognition live body detection technology is utilized, the face recognition live body detection result of the user is matched with the private key on the terminal equipment, so that the face recognition live body detection result of the user becomes the private key, and the private key is also the only private key capable of decrypting cloud encrypted data;
fourthly, when the terminal equipment of the user is lost or stolen and data recovery and original terminal data deletion are required to be carried out under remote control, a remote control public and private key pair is generated by randomly adopting the physiological information data of the user, the data or an inquiry deletion confirmation instruction is encrypted through a remote control public key, a private key is sent to a new terminal, and the new terminal can continue the next operation only by acquiring the corresponding physiological information of the user to match the private key.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (10)

1.一种基于AI和云端控制的用户数据安全保护方法,其特征在于,包括:1. a user data security protection method based on AI and cloud control, is characterized in that, comprising: S1、用户终端与云端建立通道,基于终端串码IMEI启动身份验证保护流程,新注册用户跳转到步骤S2;若是用户名、密码正确,IMEI串码与云端存储信息一致,跳转到步骤S3;若是用户名、密码正确,IMEI串码与云端存储信息不一致,则跳转到步骤S4;S1. The user terminal establishes a channel with the cloud, starts the authentication protection process based on the terminal serial code IMEI, and the newly registered user jumps to step S2; if the user name and password are correct, and the IMEI serial code is consistent with the information stored in the cloud, jump to step S3 ; If the user name and password are correct, and the IMEI string code is inconsistent with the cloud storage information, then jump to step S4; S2、新注册用户启用注册流程,基于人脸识别和活体检测生成用于数据加密保护流程的公私密钥对,并采集除人脸以外的若干用户生理信息用于远程控制加密保护流程;S2. The newly registered user enables the registration process, generates a public-private key pair for the data encryption protection process based on face recognition and live detection, and collects several user physiological information other than the face to remotely control the encryption protection process; S3、基于所述公私密钥对执行数据加密保护流程;S3, performing a data encryption protection process based on the public-private key pair; S4、基于所述用户生理信息执行远程控制加密保护流程。S4. Execute a remote control encryption protection process based on the user's physiological information. 2.根据权利要求1所述的基于AI和云端控制的用户数据安全保护方法,其特征在于,步骤S1的具体过程包括:2. The user data security protection method based on AI and cloud control according to claim 1, wherein the specific process of step S1 comprises: 终端发送建立控制关联通道的请求给云端,云端接收到该请求后,向终端发送获取终端串码IMEI的请求,在接收到终端应答发回的IMEI串码后,云端向终端提供用户登录界面;The terminal sends a request for establishing a control association channel to the cloud. After receiving the request, the cloud sends a request for obtaining the terminal serial code IMEI to the terminal. After receiving the IMEI serial code returned by the terminal response, the cloud provides the terminal with a user login interface; 若为新注册用户,则跳转到步骤S2;若是用户名、密码正确,判断是已注册用户,则判断其用户名、密码与IMEI串码是否与云端存储信息一致,若一致则跳转到步骤S3;若不一致则跳转到步骤S4。If it is a newly registered user, then jump to step S2; if the user name and password are correct, it is judged that it is a registered user, then judge whether the user name, password and IMEI string code are consistent with the cloud storage information, if they are consistent, jump to Step S3; if not, jump to step S4. 3.根据权利要求1所述的基于AI和云端控制的用户数据安全保护方法,其特征在于,步骤S2的具体过程包括:3. The user data security protection method based on AI and cloud control according to claim 1, wherein the specific process of step S2 comprises: S201、云端将用户名、密码、IMEI串码存储;S201, the cloud stores the user name, password, and IMEI string code; S202、所述新注册用户在终端生成一对非对称加密的数据加密公私密钥对,所述数据加密公私密钥对利用人脸识别和活体检测技术生成,使用户的人脸识别活体检测结果成为数据加密私钥;S202, the newly registered user generates a pair of asymmetrically encrypted data encryption public and private key pairs on the terminal, and the data encryption public and private key pairs are generated by using face recognition and living body detection technology, so that the user's face recognition living body detection results Become the data encryption private key; S203、用户在终端使用数据加密公钥对终端内要保护的私密数据进行加密,然后将加密数据和数据加密公钥一起发送至云端服务器;S203, the user encrypts the private data to be protected in the terminal by using the data encryption public key in the terminal, and then sends the encrypted data and the data encryption public key to the cloud server; S204、收集除人脸以外的若干用户生理信息,传输至云端服务器,用于云端远程控制的加密保护;所述生理信息由终端收集,发送给云端。S204 , collect some physiological information of the user except the face, and transmit it to the cloud server for encryption protection of remote control in the cloud; the physiological information is collected by the terminal and sent to the cloud. 4.根据权利要求1所述的基于AI和云端控制的用户数据安全保护方法,其特征在于,步骤S3的具体过程包括:4. The user data security protection method based on AI and cloud control according to claim 1, wherein the specific process of step S3 comprises: S301、终端向云端发送指令时,通过人脸识别和活体检测结果匹配数据加密私钥,使用所述数据加密私钥进行签名,并将签名的指令信息提交给云端;S301, when the terminal sends an instruction to the cloud, matches the data encryption private key through the face recognition and living body detection results, uses the data encryption private key to sign, and submits the signed instruction information to the cloud; S302、云端使用数据加密公钥对终端的指令信息进行验证,验证通过后再执行指令;S302, the cloud uses the data encryption public key to verify the instruction information of the terminal, and executes the instruction after the verification is passed; S303、若指令为读取或下载存储在云端的加密数据,则云端服务器将存储的加密数据发给终端;S303, if the instruction is to read or download encrypted data stored in the cloud, the cloud server sends the stored encrypted data to the terminal; S304、终端通过人脸识别和活体检测结果匹配数据加密私钥,对收到的加密数据进行解密,得到原数据。S304: The terminal decrypts the received encrypted data by matching the data encryption private key with the results of face recognition and living body detection to obtain original data. 5.根据权利要求1所述的基于AI和云端控制的用户数据安全保护方法,其特征在于,步骤S4的具体过程包括:5. The user data security protection method based on AI and cloud control according to claim 1, wherein the specific process of step S4 comprises: S401、新IMEI串码所属的新终端通过人脸识别和活体检测结果匹配数据加密私钥,使用所述数据加密私钥对恢复数据的指令进行签名,并将签名的指令信息提交给云端;S401, the new terminal to which the new IMEI string code belongs matches the data encryption private key through face recognition and the living body detection result, uses the data encryption private key to sign the data recovery instruction, and submits the signed instruction information to the cloud; S402、云端使用数据加密公钥对指令信息进行验证,验证通过后,再基于云端存储的用户生理信息数据,随机选2项数据,生成远程控制公私密钥对;S402, the cloud uses the data encryption public key to verify the instruction information, and after the verification is passed, based on the user's physiological information data stored in the cloud, two items of data are randomly selected to generate a remote control public-private key pair; S403、若新终端的指令是在新终端恢复数据,则云端使用远程控制公钥对储存的数据进行二次加密,将二次加密数据连同远程控制私钥一起发送给新终端;新终端接收到加密数据和远程控制私钥后,按照提示通过新终端采集所述2项生理信息数据,匹配远程控制私钥,对二次加密数据进行解密,得到原存储在云端的加密数据,再通过人脸识别和活体检测结果匹配数据加密私钥,对加密数据进行解密,即可将数据恢复到新的新终端设备上;S403. If the instruction of the new terminal is to restore data in the new terminal, the cloud uses the remote control public key to perform secondary encryption on the stored data, and sends the secondary encrypted data together with the remote control private key to the new terminal; the new terminal receives the After encrypting the data and the remote control private key, follow the prompts to collect the two pieces of physiological information data through the new terminal, match the remote control private key, decrypt the secondary encrypted data, obtain the encrypted data originally stored in the cloud, and then pass the face The identification and living detection results match the data encryption private key, decrypt the encrypted data, and then restore the data to a new new terminal device; S404、若新终端的指令是删除原终端内的数据,则云端向终端发送询问删除确认指令时,使用远程控制公钥对删除确认指令进行加密,然后连同远程控制私钥一起发送给新终端,新终端接收到加密数据和远程控制私钥后,按照提示通过新终端采集所述2项生理信息数据,匹配远程控制私钥,对询问删除确认指令进行解密,然后发送确认删除的指令给云端,确认删除的指令需要通过远程控制私钥进行签名,云端接收到签名的确认删除指令,通过远程控制公钥对签名验证后,在原终端上线联网后控制其删除数据。S404. If the instruction of the new terminal is to delete the data in the original terminal, when the cloud sends the terminal to ask for the deletion confirmation instruction, it uses the remote control public key to encrypt the deletion confirmation instruction, and then sends it together with the remote control private key to the new terminal. After receiving the encrypted data and the remote control private key, the new terminal collects the two pieces of physiological information data through the new terminal according to the prompts, matches the remote control private key, decrypts the instruction to confirm the deletion of the query, and then sends the instruction to confirm the deletion to the cloud. The command to confirm the deletion needs to be signed by the remote control private key. The cloud receives the signed confirmation deletion command, and after the signature is verified by the remote control public key, the original terminal is controlled to delete data after it goes online. 6.一种基于AI和云端控制的用户数据安全保护装置,其特征在于,包括:6. A user data security protection device based on AI and cloud control, characterized in that, comprising: 身份验证保护模块,用于用户终端与云端建立通道,基于终端串码IMEI启动身份验证保护流程,新注册用户跳转到注册模块;若是用户名、密码正确,IMEI串码与云端存储信息一致,跳转到数据加密保护模块;若是用户名、密码正确,IMEI串码与云端存储信息不一致,则跳转到远程控制加密保护模块;The authentication protection module is used to establish a channel between the user terminal and the cloud. Based on the terminal serial code IMEI, the authentication protection process is started, and the newly registered user jumps to the registration module; if the user name and password are correct, the IMEI serial code is consistent with the information stored in the cloud. Jump to the data encryption protection module; if the user name and password are correct, and the IMEI string code is inconsistent with the cloud storage information, jump to the remote control encryption protection module; 注册模块,用于新注册用户启用注册流程,基于人脸识别和活体检测生成用于数据加密保护流程的公私密钥对,并采集除人脸以外的若干用户生理信息用于远程控制加密保护流程;The registration module is used for newly registered users to enable the registration process, generate public and private key pairs for data encryption and protection processes based on face recognition and live detection, and collect several user physiological information other than faces for remote control of encryption protection processes. ; 数据加密保护模块,基于所述公私密钥对执行数据加密保护流程;a data encryption protection module, which performs a data encryption protection process based on the public-private key pair; 远程控制加密保护模块,基于所述用户生理信息执行远程控制加密保护流程。The remote control encryption protection module executes the remote control encryption protection process based on the user's physiological information. 7.根据权利要求6所述的基于AI和云端控制的用户数据安全保护装置,其特征在于,所述身份验证保护模块包括:7. The user data security protection device based on AI and cloud control according to claim 6, wherein the identity verification protection module comprises: 终端串码获取单元,用于:终端发送建立控制关联通道的请求给云端,云端接收到该请求后,向终端发送获取终端串码IMEI的请求,在接收到终端应答发回的IMEI串码后,云端向终端提供用户登录界面;The terminal serial code acquisition unit is used for: the terminal sends a request for establishing a control association channel to the cloud, and after receiving the request, the cloud sends a request for obtaining the terminal serial code IMEI to the terminal, and after receiving the IMEI serial code returned by the terminal in response , the cloud provides a user login interface to the terminal; 比较单元,用于:若为新注册用户,则跳转到注册模块;若是用户名、密码正确,判断是已注册用户,则判断其用户名、密码与IMEI串码是否与云端存储信息一致,若一致则跳转到数据加密保护模块;若不一致则跳转到远程控制加密保护模块。The comparison unit is used for: if it is a new registered user, then jump to the registration module; if the user name and password are correct, it is judged that it is a registered user, and then it is judged whether the user name, password and IMEI string code are consistent with the cloud storage information, If it is consistent, it will jump to the data encryption protection module; if it is inconsistent, it will jump to the remote control encryption protection module. 8.根据权利要求6所述的基于AI和云端控制的用户数据安全保护装置,其特征在于,所述注册模块包括:8. The user data security protection device based on AI and cloud control according to claim 6, wherein the registration module comprises: 存储单元,用于云端将用户名、密码、IMEI串码存储;The storage unit is used to store the user name, password and IMEI string code in the cloud; 密钥单元,用于所述新注册用户在终端生成一对非对称加密的数据加密公私密钥对,所述数据加密公私密钥对利用人脸识别和活体检测技术生成,使用户的人脸识别活体检测结果成为数据加密私钥;The key unit is used for the newly registered user to generate a pair of asymmetrically encrypted data encryption public and private key pairs at the terminal, and the data encryption public and private key pairs are generated by using face recognition and living body detection technology to make the user's face Identify the results of live detection and become the private key for data encryption; 加密上传单元,用于:用户在终端使用数据加密公钥对终端内要保护的私密数据进行加密,然后将加密数据和数据加密公钥一起发送至云端服务器;The encryption uploading unit is used for: the user encrypts the private data to be protected in the terminal by using the data encryption public key in the terminal, and then sends the encrypted data together with the data encryption public key to the cloud server; 生理信息收集单元,用于收集除人脸以外的若干用户生理信息,传输至云端服务器,用于云端远程控制的加密保护;所述生理信息由终端收集,发送给云端。The physiological information collection unit is used to collect several user physiological information except the face, and transmit it to the cloud server for encryption protection of the cloud remote control; the physiological information is collected by the terminal and sent to the cloud. 9.根据权利要求6所述的基于AI和云端控制的用户数据安全保护装置,其特征在于,所述数据加密保护模块包括:9. The user data security protection device based on AI and cloud control according to claim 6, wherein the data encryption protection module comprises: 终端签名单元,用于:终端向云端发送指令时,通过人脸识别和活体检测结果匹配数据加密私钥,使用所述数据加密私钥进行签名,并将签名的指令信息提交给云端;The terminal signature unit is used for: when the terminal sends an instruction to the cloud, match the data encryption private key through the face recognition and living body detection results, use the data encryption private key to sign, and submit the signed instruction information to the cloud; 云端验证单元,用于:云端使用数据加密公钥对终端的指令信息进行验证,验证通过后再执行指令;The cloud verification unit is used for: the cloud uses the data encryption public key to verify the instruction information of the terminal, and executes the instruction after the verification is passed; 数据下发单元,用于:若指令为读取或下载存储在云端的加密数据,则云端服务器将存储的加密数据发给终端;The data sending unit is used for: if the instruction is to read or download the encrypted data stored in the cloud, the cloud server sends the stored encrypted data to the terminal; 终端解密单元,用于:终端通过人脸识别和活体检测结果匹配数据加密私钥,对收到的加密数据进行解密,得到原数据。The terminal decryption unit is used for: the terminal decrypts the received encrypted data and obtains the original data by matching the data encryption private key with the face recognition and living body detection results. 10.根据权利要求6所述的基于AI和云端控制的用户数据安全保护装置,其特征在于,所述远程控制加密保护模块包括:10. The user data security protection device based on AI and cloud control according to claim 6, wherein the remote control encryption protection module comprises: 新终端签名单元,用于:新IMEI串码所属的新终端通过人脸识别和活体检测结果匹配数据加密私钥,使用所述数据加密私钥对恢复数据的指令进行签名,并将签名的指令信息提交给云端;The new terminal signature unit is used for: the new terminal to which the new IMEI string code belongs matches the data encryption private key through face recognition and the living body detection result, uses the data encryption private key to sign the data recovery instruction, and signs the signed instruction information is submitted to the cloud; 云端密钥对生成单元,用于:云端使用数据加密公钥对指令信息进行验证,验证通过后,再基于云端存储的用户生理信息数据,随机选2项数据,生成远程控制公私密钥对;The cloud key pair generation unit is used for: the cloud uses the data encryption public key to verify the instruction information, and after the verification is passed, based on the user's physiological information data stored in the cloud, 2 items of data are randomly selected to generate a remote control public-private key pair; 新终端数据恢复单元,用于:若新终端的指令是在新终端恢复数据,则云端使用远程控制公钥对储存的数据进行二次加密,将二次加密数据连同远程控制私钥一起发送给新终端;新终端接收到加密数据和远程控制私钥后,按照提示通过新终端采集所述2项生理信息数据,匹配远程控制私钥,对二次加密数据进行解密,得到原存储在云端的加密数据,再通过人脸识别和活体检测结果匹配数据加密私钥,对加密数据进行解密,即可将数据恢复到新的新终端设备上;The new terminal data recovery unit is used for: if the command of the new terminal is to restore data in the new terminal, the cloud uses the remote control public key to perform secondary encryption on the stored data, and sends the secondary encrypted data together with the remote control private key to the data recovery unit. New terminal; after receiving the encrypted data and the remote control private key, the new terminal collects the 2 pieces of physiological information data through the new terminal according to the prompts, matches the remote control private key, decrypts the secondary encrypted data, and obtains the original data stored in the cloud. Encrypt the data, and then decrypt the encrypted data by matching the data encryption private key with the results of face recognition and live detection, and then restore the data to a new new terminal device; 原终端数据删除单元,用于若新终端的指令是删除原终端内的数据,则云端向终端发送询问删除确认指令时,使用远程控制公钥对删除确认指令进行加密,然后连同远程控制私钥一起发送给新终端,新终端接收到加密数据和远程控制私钥后,按照提示通过新终端采集所述2项生理信息数据,匹配远程控制私钥,对询问删除确认指令进行解密,然后发送确认删除的指令给云端,确认删除的指令需要通过远程控制私钥进行签名,云端接收到签名的确认删除指令,通过远程控制公钥对签名验证后,在原终端上线联网后控制其删除数据。The original terminal data deletion unit is used to encrypt the deletion confirmation instruction with the remote control public key when the cloud sends an inquiry deletion confirmation instruction to the terminal if the instruction of the new terminal is to delete the data in the original terminal, and then together with the remote control private key Send them to the new terminal together. After receiving the encrypted data and the remote control private key, the new terminal collects the two pieces of physiological information data through the new terminal according to the prompts, matches the remote control private key, decrypts the query deletion confirmation command, and then sends the confirmation. The deleted instruction is sent to the cloud, and the instruction to confirm the deletion needs to be signed by the remote control private key. The cloud receives the signed confirmation deletion instruction, and after the signature is verified by the remote control public key, the original terminal is controlled to delete data after it goes online.
CN202111527939.XA 2021-12-14 2021-12-14 User data security protection method and device based on AI and cloud control Pending CN114218557A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111527939.XA CN114218557A (en) 2021-12-14 2021-12-14 User data security protection method and device based on AI and cloud control

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111527939.XA CN114218557A (en) 2021-12-14 2021-12-14 User data security protection method and device based on AI and cloud control

Publications (1)

Publication Number Publication Date
CN114218557A true CN114218557A (en) 2022-03-22

Family

ID=80701871

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111527939.XA Pending CN114218557A (en) 2021-12-14 2021-12-14 User data security protection method and device based on AI and cloud control

Country Status (1)

Country Link
CN (1) CN114218557A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116405211A (en) * 2023-06-07 2023-07-07 深圳市乐凡信息科技有限公司 Multiple encryption method, device, equipment and storage medium based on biological characteristics

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2014127721A (en) * 2012-12-25 2014-07-07 Hitachi Solutions Ltd Encryption key management program and data management system
CN104168112A (en) * 2014-07-07 2014-11-26 中国科学院信息工程研究所 Secret key generation method based on multi-modal biological characteristics
CN107332659A (en) * 2017-05-24 2017-11-07 舒翔 A kind of identity identifying method based on biological characteristic, storage medium and system
CN107968774A (en) * 2016-10-20 2018-04-27 深圳联友科技有限公司 A kind of protecting information safety method of car networking terminal device
CN110661617A (en) * 2018-06-28 2020-01-07 厦门本能管家科技有限公司 Private key generation and decryption method and system based on face recognition
CN111246455A (en) * 2020-01-10 2020-06-05 高新兴物联科技有限公司 Registration activation method, equipment and computer readable storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2014127721A (en) * 2012-12-25 2014-07-07 Hitachi Solutions Ltd Encryption key management program and data management system
CN104168112A (en) * 2014-07-07 2014-11-26 中国科学院信息工程研究所 Secret key generation method based on multi-modal biological characteristics
CN107968774A (en) * 2016-10-20 2018-04-27 深圳联友科技有限公司 A kind of protecting information safety method of car networking terminal device
CN107332659A (en) * 2017-05-24 2017-11-07 舒翔 A kind of identity identifying method based on biological characteristic, storage medium and system
CN110661617A (en) * 2018-06-28 2020-01-07 厦门本能管家科技有限公司 Private key generation and decryption method and system based on face recognition
CN111246455A (en) * 2020-01-10 2020-06-05 高新兴物联科技有限公司 Registration activation method, equipment and computer readable storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116405211A (en) * 2023-06-07 2023-07-07 深圳市乐凡信息科技有限公司 Multiple encryption method, device, equipment and storage medium based on biological characteristics
CN116405211B (en) * 2023-06-07 2023-09-01 深圳市乐凡信息科技有限公司 Multiple encryption method, device, equipment and storage medium based on biological characteristics

Similar Documents

Publication Publication Date Title
CN113545006B (en) Remote authorized access locked data storage device
US9454656B2 (en) System and method for verifying status of an authentication device through a biometric profile
US8930700B2 (en) Remote device secure data file storage system and method
CN110706379B (en) Access control method and device based on block chain
WO2017032263A1 (en) Identity authentication method and apparatus
CN107864124B (en) Terminal information security protection method, terminal and Bluetooth lock
WO2017177435A1 (en) Identity authentication method, terminal and server
CN110086608A (en) User authen method, device, computer equipment and computer readable storage medium
US20170142087A1 (en) Device authentication agent
CN109145562A (en) A kind of lasting authenticating identity method and its equipment by finger print mouse
CN103916848B (en) A kind of method and system of mobile terminal data backup and recovery
CN106789024B (en) A kind of remote de-locking method, device and system
CN113472793A (en) Personal data protection system based on hardware password equipment
CN109462572B (en) Multi-factor authentication method, system, storage medium and security gateway based on encryption card and UsbKey
CN111401901A (en) Authentication method and device of biological payment device, computer device and storage medium
CN108629172B (en) A kind of fingerprint management method and system
CN112425116B (en) Intelligent door lock wireless communication method, intelligent door lock, gateway and communication equipment
JP6115292B2 (en) Biometric authentication system, biometric authentication method, and biometric authentication device
JP4859631B2 (en) ENCRYPTED COMMUNICATION SYSTEM, COMMUNICATION TERMINAL DEVICE, ENCRYPTED COMMUNICATION PROGRAM, AND ENCRYPTED COMMUNICATION METHOD
CN114218557A (en) User data security protection method and device based on AI and cloud control
CN109584421A (en) A kind of intelligent door lock authentication administrative system based on domestic safety chip
CN111127019B (en) Method, system and device for backing up mnemonic words
Johnson et al. With vaulted voice verification my voice is my key
CN101123506A (en) Sensitive information monitoring and automatic recovery system and method
JP2009021739A (en) Encryption unit and portable device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination