CN114218557A - AI and cloud control-based user data security protection method and device - Google Patents

AI and cloud control-based user data security protection method and device Download PDF

Info

Publication number
CN114218557A
CN114218557A CN202111527939.XA CN202111527939A CN114218557A CN 114218557 A CN114218557 A CN 114218557A CN 202111527939 A CN202111527939 A CN 202111527939A CN 114218557 A CN114218557 A CN 114218557A
Authority
CN
China
Prior art keywords
data
cloud
terminal
user
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111527939.XA
Other languages
Chinese (zh)
Inventor
魏占旭
李海强
单晓宇
李�杰
罗强
李海明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianyi Telecom Terminals Co Ltd
Original Assignee
Tianyi Telecom Terminals Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianyi Telecom Terminals Co Ltd filed Critical Tianyi Telecom Terminals Co Ltd
Priority to CN202111527939.XA priority Critical patent/CN114218557A/en
Publication of CN114218557A publication Critical patent/CN114218557A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention provides a user data security protection method and device based on AI and cloud control.A channel is established between a user terminal and a cloud, an identity verification protection process is started based on terminal serial number IMEI, a newly registered user starts a registration process, a public and private key pair for a data encryption protection process is generated based on face identification and living body detection, and a plurality of user physiological information except for a face is collected for remotely controlling the encryption protection process; executing a data encryption protection process based on the public and private key pair; and executing a remote control encryption protection process based on the user physiological information. The invention solves the problem of cloud backup safety, realizes different encryption protection modes in different scenes, and enhances the effectiveness and safety of protection.

Description

AI and cloud control-based user data security protection method and device
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a user data security protection method and device based on AI and cloud control.
Background
User data of terminal equipment (mobile phones, tablet computers, notebook computers and the like) is increasing, and many of the user data are data related to user privacy, such as important privacy data of address books, call records, short messages, photos, videos, files, APP and the like, so that once the terminal equipment is stolen or lost, the user privacy data are at risk of being leaked, and the work or life of a user himself can be greatly influenced; therefore, more and more users select to upload personal private data to the cloud for storage, so that the private data stored in the terminal device by the users are leaked due to the fact that the terminal device is stolen or lost, but the risk of data leakage exists in the cloud storage, and many risks can cause the data stored in the cloud by the users to be lost and leaked, for example, a cloud server is attacked by a hacker, and operation and maintenance personnel in a cloud service provider have super authority, so that the data stored in the cloud by the users can be leaked, stolen and lost.
The technology of data backup to the cloud on the existing terminal equipment basically uploads data to a personal storage space of a cloud user directly, the user needs to perform user identity authentication if the user needs to check the data, and after the authentication is passed, the user can check personal data at the cloud, but the prior art still has some defects, which are mainly expressed in the following aspects:
when data on the existing terminal equipment is backed up to a cloud end, only one authentication wall is arranged in a cloud end data storage space when a control association channel is established, authentication is carried out through a user name and a password, the data is not encrypted, and a user can worry that the authentication wall is broken by a hacker or operation and maintenance personnel in a cloud service provider have super authority so that the data stored in the cloud end of the user can be leaked, stolen and lost;
even if the data backed up at the cloud by the user is encrypted, if the user forgets the key or stores the key in the cloud, the key can be stolen when the cloud is broken, and the risk of data leakage still exists;
thirdly, most of the user identity authentication modes adopt a digital encryption mode, the efficiency is low, when the user forgets, the password needs to be retrieved, and the risk of being cracked by a hacker is high;
and (IV) when the terminal equipment of the user is lost, the user can read the backup from the cloud again to the new terminal, and even the internal data can be deleted by the cloud remote control lost terminal, but all operations are only based on common identity authentication and are not protected by encryption, so that misoperation is easily caused, and the serious consequences of data theft or damage are easily caused by the operation of hackers counterfeiting.
Disclosure of Invention
The invention provides a user data security protection method and device based on AI and cloud control, which solve the problem of cloud backup security, realize different encryption protection modes in different scenes and enhance the effectiveness and security of protection. In order to achieve the purpose, the technical scheme of the invention is realized as follows:
a user data security protection method based on AI and cloud control comprises the following steps:
s1, establishing a channel between the user terminal and the cloud, starting an identity verification protection process based on the terminal serial number IMEI, and jumping to the step S2 by the newly registered user; if the user name and the password are correct, the IMEI serial code is consistent with the cloud storage information, and the step S3 is skipped; if the user name and the password are correct, and the IMEI serial code is inconsistent with the cloud storage information, jumping to step S4;
s2, starting a registration process by a newly registered user, generating a public-private key pair for a data encryption protection process based on face recognition and living body detection, and collecting a plurality of user physiological information except for the face for remotely controlling the encryption protection process;
s3, executing a data encryption protection process based on the public and private key pair;
and S4, executing a remote control encryption protection process based on the user physiological information.
Further, the specific process of step S1 includes:
the terminal sends a request for establishing a control association channel to the cloud, the cloud sends a request for acquiring the IMEI (international mobile equipment identity) code string of the terminal to the terminal after receiving the request, and the cloud provides a user login interface for the terminal after receiving the IMEI code string sent back by the terminal response;
if the registered user is a new registered user, jumping to step S2; if the user name and the password are correct, and the registered user is judged, whether the user name, the password and the IMEI serial code are consistent with the cloud storage information is judged, and if so, the step S3 is skipped to; if not, the process goes to step S4.
Further, the specific process of step S2 includes:
s201, the cloud stores the user name, the password and the IMEI serial code;
s202, the newly registered user generates a pair of asymmetrically encrypted data encryption public and private key pairs at a terminal, and the data encryption public and private key pairs are generated by face recognition and living body detection technologies, so that a face recognition living body detection result of the user becomes a data encryption private key;
s203, the user uses the data encryption public key to encrypt private data to be protected in the terminal at the terminal, and then the encrypted data and the data encryption public key are sent to the cloud server together;
s204, collecting a plurality of user physiological information except for human faces, transmitting the physiological information to a cloud server, and carrying out encryption protection for cloud remote control; the physiological information is collected by the terminal and sent to the cloud.
Further, the specific process of step S3 includes:
s301, when the terminal sends an instruction to the cloud, matching a data encryption private key through face recognition and a living body detection result, using the data encryption private key to sign, and submitting signed instruction information to the cloud;
s302, the cloud end verifies the instruction information of the terminal by using the data encryption public key, and executes the instruction after the verification is passed;
s303, if the instruction is to read or download the encrypted data stored in the cloud, the cloud server sends the stored encrypted data to the terminal;
s304, the terminal decrypts the received encrypted data through the face recognition and living body detection result matching data encryption private key to obtain the original data.
Further, the specific process of step S4 includes:
s401, matching a data encryption private key by a new terminal to which a new IMEI serial code belongs through face recognition and a living body detection result, signing a command for recovering data by using the data encryption private key, and submitting signed command information to a cloud;
s402, the cloud verifies the instruction information by using the data encryption public key, and after the verification is passed, 2 data are randomly selected based on the user physiological information data stored in the cloud to generate a remote control public-private key pair;
s403, if the instruction of the new terminal is to restore data in the new terminal, the cloud end uses the remote control public key to carry out secondary encryption on the stored data, and the secondary encrypted data and the remote control private key are sent to the new terminal; after the new terminal receives the encrypted data and the remote control private key, the 2 items of physiological information data are collected through the new terminal according to prompts, the remote control private key is matched, the secondary encrypted data are decrypted to obtain the encrypted data originally stored in the cloud, the encrypted data are decrypted by matching the data encryption private key through face recognition and a living body detection result, and the data can be restored to new terminal equipment;
s404, if the command of the new terminal is to delete data in the original terminal, when the cloud terminal sends an inquiry deletion confirmation command to the terminal, the remote control public key is used for encrypting the deletion confirmation command, then the inquiry deletion confirmation command and the remote control private key are sent to the new terminal, after the new terminal receives the encrypted data and the remote control private key, the new terminal collects the 2 items of physiological information data through the new terminal according to prompts, the remote control private key is matched, the inquiry deletion confirmation command is decrypted, then the deletion confirmation command is sent to the cloud terminal, the deletion confirmation command is required to be signed through the remote control private key, the cloud terminal receives the signature confirmation deletion command, after the signature is verified through the remote control public key, the original terminal is controlled to delete the data after being online.
In another aspect, the present invention further provides a user data security protection device based on AI and cloud control, including:
the identity authentication protection module is used for establishing a channel between the user terminal and the cloud, starting an identity authentication protection process based on terminal serial IMEI, and switching a newly registered user to the registration module; if the user name and the password are correct, the IMEI serial code is consistent with the cloud storage information, and the IMEI serial code jumps to a data encryption protection module; if the user name and the password are correct, and the IMEI serial code is inconsistent with the cloud storage information, jumping to a remote control encryption protection module;
the registration module is used for starting a registration process by a newly registered user, generating a public-private key pair for a data encryption protection process based on face recognition and living body detection, and acquiring a plurality of user physiological information except for a face for remotely controlling the encryption protection process;
the data encryption protection module executes a data encryption protection process based on the public and private key pair;
and the remote control encryption protection module executes a remote control encryption protection process based on the user physiological information.
Further, the identity authentication protection module comprises:
a terminal string code obtaining unit configured to: the terminal sends a request for establishing a control association channel to the cloud, the cloud sends a request for acquiring the IMEI (international mobile equipment identity) code string of the terminal to the terminal after receiving the request, and the cloud provides a user login interface for the terminal after receiving the IMEI code string sent back by the terminal response;
a comparison unit for: if the registered user is a new registered user, jumping to a registration module; if the user name and the password are correct, judging that the user is a registered user, judging whether the user name, the password and the IMEI serial code are consistent with the cloud storage information, and if so, jumping to a data encryption protection module; and if the two are not consistent, jumping to a remote control encryption protection module.
Further, the registration module includes:
the storage unit is used for storing the user name, the password and the IMEI serial code at the cloud;
the key unit is used for generating a pair of asymmetrically encrypted data encryption public and private key pairs at a terminal by the newly registered user, and the data encryption public and private key pairs are generated by utilizing face recognition and living body detection technologies, so that a face recognition living body detection result of the user becomes a data encryption private key;
an encryption upload unit to: a user encrypts private data to be protected in the terminal by using a data encryption public key at the terminal, and then the encrypted data and the data encryption public key are sent to a cloud server together;
the physiological information collecting unit is used for collecting a plurality of user physiological information except the human face, transmitting the user physiological information to the cloud server and carrying out encryption protection of cloud remote control; the physiological information is collected by the terminal and sent to the cloud.
Further, the data encryption protection module comprises:
a terminal signature unit to: when the terminal sends an instruction to the cloud, matching a data encryption private key through face recognition and living body detection results, using the data encryption private key to sign, and submitting signed instruction information to the cloud;
a cloud verification unit configured to: the cloud end verifies the instruction information of the terminal by using the data encryption public key, and executes the instruction after the verification is passed;
a data issuing unit, configured to: if the instruction is to read or download the encrypted data stored in the cloud, the cloud server sends the stored encrypted data to the terminal;
a terminal decryption unit for: and the terminal decrypts the received encrypted data by matching the face recognition result with the data encryption private key according to the living body detection result to obtain the original data.
Further, the remote control encryption protection module comprises:
a new terminal signing unit for: the new terminal to which the new IMEI serial code belongs is matched with a data encryption private key through face recognition and a living body detection result, a data recovery instruction is signed by using the data encryption private key, and signed instruction information is submitted to the cloud;
a cloud key pair generation unit configured to: the cloud end verifies the instruction information by using the data encryption public key, and randomly selects 2 items of data based on the user physiological information data stored in the cloud end after the verification is passed, so as to generate a remote control public-private key pair;
a new terminal data recovery unit for: if the instruction of the new terminal is to recover the data in the new terminal, the cloud end uses the remote control public key to carry out secondary encryption on the stored data, and the secondary encrypted data and the remote control private key are sent to the new terminal; after the new terminal receives the encrypted data and the remote control private key, the 2 items of physiological information data are collected through the new terminal according to prompts, the remote control private key is matched, the secondary encrypted data are decrypted to obtain the encrypted data originally stored in the cloud, the encrypted data are decrypted by matching the data encryption private key through face recognition and a living body detection result, and the data can be restored to new terminal equipment;
the system comprises an original terminal data deleting unit, a cloud terminal and a remote control private key, wherein the original terminal data deleting unit is used for encrypting a deleting confirmation instruction by using the remote control public key when the cloud terminal sends an inquiry deleting confirmation instruction to the terminal if an instruction of a new terminal deletes data in the original terminal, then the deleting confirmation instruction and the remote control private key are sent to the new terminal, after the new terminal receives the encrypted data and the remote control private key, the new terminal collects 2 physiological information data through the new terminal according to prompts, the physiological information data are matched with the remote control private key, the inquiry deleting confirmation instruction is decrypted, then the deleting confirmation instruction is sent to the cloud terminal, the deleting confirmation instruction needs to be signed through the remote control private key, the cloud terminal receives the signed deleting confirmation instruction, and after the signature is verified through the remote control public key, the original terminal is on-line and is controlled to delete data.
Compared with the prior art, the invention has the following beneficial effects:
according to the method, through a first-layer identity authentication protection process when a terminal and a cloud channel are established, identity authentication is carried out through a user name and a password, and further identity authentication is carried out through obtaining an IMEI serial code of the terminal, so that different scenes of user login can be screened, corresponding encryption protection processes are matched respectively, and a hacker can be prevented from obtaining the user name and the password to carry out fake login preliminarily; different encryption protection modes under different scenes are realized, and the effectiveness and the safety of protection are enhanced;
the invention adopts the face recognition living body detection technology to generate the data encryption public and private key pair for data encryption protection, thereby improving the encryption reliability and the decryption convenience, preventing the risk that the decryption cannot be carried out due to the fact that a user forgets the password or the digital encryption is broken by a hacker, and simultaneously, compared with other encryption methods, the face recognition living body detection technology has the advantages of being safer, more reliable and more easily obtained;
and thirdly, the public and private key pair is remotely controlled by adopting 2 random physiological information data, and secondary identity verification and secondary data encryption are performed when the user remotely controls through the cloud, so that the safety and the effectiveness of remote control are improved, and the conditions of data leakage, theft, loss and the like caused by misoperation or utilization of a cloud remote control function are avoided.
Drawings
Fig. 1 is a schematic diagram of an authentication protection process according to an embodiment of the present invention;
fig. 2 is a schematic diagram illustrating a new user registration process according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a data encryption protection process according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a remote control encryption protection process according to an embodiment of the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
In order to make the objects and features of the present invention more comprehensible, embodiments accompanying the present invention are further described below. It is to be noted that the drawings are in a very simplified form and are provided solely for the purpose of facilitating and distinctly aiding in the description of the patented embodiments of the invention.
The first embodiment is as follows:
the invention provides a user data safety protection method based on AI technology and cloud control, which comprises the following steps for a newly registered user:
as shown in fig. 1, a control association channel is established based on a cloud and a terminal device, and is used for uploading terminal device data to the cloud, and the specific establishment process includes: the terminal sends a request for establishing a control association channel to the cloud, the cloud sends a request for acquiring the IMEI (international mobile equipment identity) code string of the terminal to the terminal after receiving the request, and the cloud provides a user login (registration) interface for the terminal after receiving the IMEI code string sent back by the terminal response;
if the user is a new registered user (first login and registration), a setting process of data encryption protection and remote control encryption protection as shown in fig. 2 is executed, the process is dedicated for setting and using the new registered user, and the main setting process includes the following four aspects:
(1) the cloud end stores the user name, the password and the IMEI serial code in an associated manner;
(2) a newly registered user generates a pair of asymmetrically encrypted data encryption public and private key pairs at a terminal, the data encryption public and private key pairs are generated by utilizing face recognition and living body detection technologies, so that a face recognition living body detection result of the user becomes a data encryption private key, and the living body detection refers to verifying whether the user is operated by a real living body by using face key point positioning, face tracking and other technologies through combined actions of blinking, mouth opening, head shaking, head pointing and the like;
(3) a user encrypts private data to be protected in the terminal by using a data encryption public key at the terminal, and then the encrypted data and the data encryption public key are sent to a cloud server together;
(4) collecting a plurality of user physiological information except for human faces, transmitting the physiological information to a cloud server, and carrying out encryption protection of cloud remote control; the physiological information comprises fingerprints, voiceprints, irises, palmprints and the like, is collected by the terminal and is sent to the cloud.
Example two:
the second embodiment is that, based on the first embodiment, when the new user registration and setting are completed, the encrypted data, the data encryption public key and the user physiological information are uploaded and stored in the cloud, and if the user wants to read or download the encrypted data from the cloud to the terminal of the user, the establishing process of the control association channel shown in fig. 1 is still executed at first;
the terminal sends a request for establishing a control association channel to the cloud, the cloud sends a request for acquiring the IMEI (international mobile equipment identity) code string of the terminal to the terminal after receiving the request, and the cloud provides a user login (registration) interface for the terminal after receiving the IMEI code string sent back by the terminal response;
if the user name and the password are correct, judging that the user is a registered user, judging whether the user name, the password and the IMEI serial code are consistent with the cloud storage information, and if so, executing a data encryption protection process shown in FIG. 3;
when the terminal sends an instruction to the cloud, matching a data encryption private key through face recognition and living body detection results, using the data encryption private key to sign, and submitting signed instruction information to the cloud;
the cloud end verifies the instruction information of the terminal by using the data encryption public key, and executes the instruction after the verification is passed;
if the instruction is to read or download the encrypted data stored in the cloud, the cloud server sends the stored encrypted data to the terminal; and the terminal decrypts the received encrypted data by matching the face recognition result with the data encryption private key according to the living body detection result to obtain the original data.
Example three:
in the third embodiment, based on the first embodiment, after the encrypted data, the data encryption public key, and the user physiological information are uploaded and stored in the cloud, the user terminal is accidentally lost or stolen and cannot be retrieved, the user needs to restore the encrypted data stored in the cloud to the new terminal, and needs to delete the lost data in the original terminal, and then the process of establishing the control association channel as shown in fig. 1 is still executed;
the new terminal sends a request for establishing a control association channel to the cloud, the cloud sends a request for acquiring the IMEI (international mobile equipment identity) code string of the terminal to the terminal after receiving the request, and the cloud provides a user login (registration) interface for the terminal after receiving the IMEI code string sent back by the terminal response;
if the user name and the password are correct, the registered user is judged, but the IMEI serial code is not consistent with the cloud storage information due to a new terminal, and a data encryption protection process shown in the figure 4 is executed;
the new terminal matches a data encryption private key through face recognition and living body detection results, signs the instruction by using the data encryption private key, and submits signed instruction information to the cloud;
the cloud end verifies the instruction information by using the data encryption public key, and after the verification is passed, a remote control public and private key pair is generated; the remote control public and private key pair is generated based on user physiological information data stored by a cloud end, the cloud end randomly selects 2 items in the stored user physiological information data, and the remote control public and private key pair is generated based on the 2 items of data;
if the instruction of the new terminal is to recover the data in the new terminal, the cloud end uses the remote control public key to carry out secondary encryption on the stored data, and the secondary encrypted data and the remote control private key are sent to the new terminal; after the new terminal receives the encrypted data and the remote control private key, the 2 items of physiological information data need to be collected through the new terminal according to prompts, such as fingerprints and voice of a user are collected to obtain fingerprint data and voiceprint data, the fingerprint data and the voiceprint data are matched with the remote control private key, the secondary encrypted data are decrypted to obtain encrypted data originally stored in a cloud end, then the encrypted data are decrypted by matching the data encryption private key through face recognition and a living body detection result, and the data can be recovered to new terminal equipment.
If the command of the new terminal is to delete the data in the original terminal, the cloud end encrypts the inquiry deletion confirmation command by using the remote control public key when sending the inquiry deletion confirmation command to the terminal, then the data and the remote control private key are sent to a new terminal, after the new terminal receives the encrypted data and the remote control private key, the 2 items of physiological information data need to be collected through the new terminal according to the prompt, for example, the fingerprint and voice of the user are collected, the fingerprint data and voice print data are obtained, the fingerprint data and voice print data are matched with a remote control private key, the inquiry deletion confirmation instruction is decrypted, then the deletion confirmation instruction is sent to the cloud end, the deletion confirmation instruction needs to be signed through a remote control private key, the cloud end receives the signed deletion confirmation instruction, after the signature is verified by the remote control public key, the lost terminal is controlled to delete data after being online and networked.
Based on the embodiments, when a control association channel between the terminal and the cloud is established, the cloud acquires an IMEI string code of the terminal, compares the IMEI string code with a stored IMEI string code during registration, and enters different encryption protection processes according to the result;
secondly, generating a data encryption public-private key pair on user terminal equipment by using a face recognition living body detection technology, encrypting data to be protected by using a public key, and uploading the encrypted data and the public key to a cloud backup for storage;
thirdly, the face recognition live body detection technology is utilized, the face recognition live body detection result of the user is matched with the private key on the terminal equipment, so that the face recognition live body detection result of the user becomes the private key, and the private key is also the only private key capable of decrypting cloud encrypted data;
fourthly, when the terminal equipment of the user is lost or stolen and data recovery and original terminal data deletion are required to be carried out under remote control, a remote control public and private key pair is generated by randomly adopting the physiological information data of the user, the data or an inquiry deletion confirmation instruction is encrypted through a remote control public key, a private key is sent to a new terminal, and the new terminal can continue the next operation only by acquiring the corresponding physiological information of the user to match the private key.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (10)

1. A user data security protection method based on AI and cloud control is characterized by comprising the following steps:
s1, establishing a channel between the user terminal and the cloud, starting an identity verification protection process based on the terminal serial number IMEI, and jumping to the step S2 by the newly registered user; if the user name and the password are correct, the IMEI serial code is consistent with the cloud storage information, and the step S3 is skipped; if the user name and the password are correct, and the IMEI serial code is inconsistent with the cloud storage information, jumping to step S4;
s2, starting a registration process by a newly registered user, generating a public-private key pair for a data encryption protection process based on face recognition and living body detection, and collecting a plurality of user physiological information except for the face for remotely controlling the encryption protection process;
s3, executing a data encryption protection process based on the public and private key pair;
and S4, executing a remote control encryption protection process based on the user physiological information.
2. The AI-and cloud-control-based user data security protection method according to claim 1, wherein the specific process of step S1 includes:
the terminal sends a request for establishing a control association channel to the cloud, the cloud sends a request for acquiring the IMEI (international mobile equipment identity) code string of the terminal to the terminal after receiving the request, and the cloud provides a user login interface for the terminal after receiving the IMEI code string sent back by the terminal response;
if the registered user is a new registered user, jumping to step S2; if the user name and the password are correct, and the registered user is judged, whether the user name, the password and the IMEI serial code are consistent with the cloud storage information is judged, and if so, the step S3 is skipped to; if not, the process goes to step S4.
3. The AI-and cloud-control-based user data security protection method according to claim 1, wherein the specific process of step S2 includes:
s201, the cloud stores the user name, the password and the IMEI serial code;
s202, the newly registered user generates a pair of asymmetrically encrypted data encryption public and private key pairs at a terminal, and the data encryption public and private key pairs are generated by face recognition and living body detection technologies, so that a face recognition living body detection result of the user becomes a data encryption private key;
s203, the user uses the data encryption public key to encrypt private data to be protected in the terminal at the terminal, and then the encrypted data and the data encryption public key are sent to the cloud server together;
s204, collecting a plurality of user physiological information except for human faces, transmitting the physiological information to a cloud server, and carrying out encryption protection for cloud remote control; the physiological information is collected by the terminal and sent to the cloud.
4. The AI-and cloud-control-based user data security protection method according to claim 1, wherein the specific process of step S3 includes:
s301, when the terminal sends an instruction to the cloud, matching a data encryption private key through face recognition and a living body detection result, using the data encryption private key to sign, and submitting signed instruction information to the cloud;
s302, the cloud end verifies the instruction information of the terminal by using the data encryption public key, and executes the instruction after the verification is passed;
s303, if the instruction is to read or download the encrypted data stored in the cloud, the cloud server sends the stored encrypted data to the terminal;
s304, the terminal decrypts the received encrypted data through the face recognition and living body detection result matching data encryption private key to obtain the original data.
5. The AI-and cloud-control-based user data security protection method according to claim 1, wherein the specific process of step S4 includes:
s401, matching a data encryption private key by a new terminal to which a new IMEI serial code belongs through face recognition and a living body detection result, signing a command for recovering data by using the data encryption private key, and submitting signed command information to a cloud;
s402, the cloud verifies the instruction information by using the data encryption public key, and after the verification is passed, 2 data are randomly selected based on the user physiological information data stored in the cloud to generate a remote control public-private key pair;
s403, if the instruction of the new terminal is to restore data in the new terminal, the cloud end uses the remote control public key to carry out secondary encryption on the stored data, and the secondary encrypted data and the remote control private key are sent to the new terminal; after the new terminal receives the encrypted data and the remote control private key, the 2 items of physiological information data are collected through the new terminal according to prompts, the remote control private key is matched, the secondary encrypted data are decrypted to obtain the encrypted data originally stored in the cloud, the encrypted data are decrypted by matching the data encryption private key through face recognition and a living body detection result, and the data can be restored to new terminal equipment;
s404, if the command of the new terminal is to delete data in the original terminal, when the cloud terminal sends an inquiry deletion confirmation command to the terminal, the remote control public key is used for encrypting the deletion confirmation command, then the inquiry deletion confirmation command and the remote control private key are sent to the new terminal, after the new terminal receives the encrypted data and the remote control private key, the new terminal collects the 2 items of physiological information data through the new terminal according to prompts, the remote control private key is matched, the inquiry deletion confirmation command is decrypted, then the deletion confirmation command is sent to the cloud terminal, the deletion confirmation command is required to be signed through the remote control private key, the cloud terminal receives the signature confirmation deletion command, after the signature is verified through the remote control public key, the original terminal is controlled to delete the data after being online.
6. The utility model provides a user data safety arrangement based on AI and high in the clouds control which characterized in that includes:
the identity authentication protection module is used for establishing a channel between the user terminal and the cloud, starting an identity authentication protection process based on terminal serial IMEI, and switching a newly registered user to the registration module; if the user name and the password are correct, the IMEI serial code is consistent with the cloud storage information, and the IMEI serial code jumps to a data encryption protection module; if the user name and the password are correct, and the IMEI serial code is inconsistent with the cloud storage information, jumping to a remote control encryption protection module;
the registration module is used for starting a registration process by a newly registered user, generating a public-private key pair for a data encryption protection process based on face recognition and living body detection, and acquiring a plurality of user physiological information except for a face for remotely controlling the encryption protection process;
the data encryption protection module executes a data encryption protection process based on the public and private key pair;
and the remote control encryption protection module executes a remote control encryption protection process based on the user physiological information.
7. The AI-and cloud-based user data security protection device of claim 6, wherein the authentication protection module comprises:
a terminal string code obtaining unit configured to: the terminal sends a request for establishing a control association channel to the cloud, the cloud sends a request for acquiring the IMEI (international mobile equipment identity) code string of the terminal to the terminal after receiving the request, and the cloud provides a user login interface for the terminal after receiving the IMEI code string sent back by the terminal response;
a comparison unit for: if the registered user is a new registered user, jumping to a registration module; if the user name and the password are correct, judging that the user is a registered user, judging whether the user name, the password and the IMEI serial code are consistent with the cloud storage information, and if so, jumping to a data encryption protection module; and if the two are not consistent, jumping to a remote control encryption protection module.
8. The AI-and cloud-based user data security protection device of claim 6, wherein the registration module comprises:
the storage unit is used for storing the user name, the password and the IMEI serial code at the cloud;
the key unit is used for generating a pair of asymmetrically encrypted data encryption public and private key pairs at a terminal by the newly registered user, and the data encryption public and private key pairs are generated by utilizing face recognition and living body detection technologies, so that a face recognition living body detection result of the user becomes a data encryption private key;
an encryption upload unit to: a user encrypts private data to be protected in the terminal by using a data encryption public key at the terminal, and then the encrypted data and the data encryption public key are sent to a cloud server together;
the physiological information collecting unit is used for collecting a plurality of user physiological information except the human face, transmitting the user physiological information to the cloud server and carrying out encryption protection of cloud remote control; the physiological information is collected by the terminal and sent to the cloud.
9. The AI-and cloud-based user data security protection device of claim 6, wherein the data encryption protection module comprises:
a terminal signature unit to: when the terminal sends an instruction to the cloud, matching a data encryption private key through face recognition and living body detection results, using the data encryption private key to sign, and submitting signed instruction information to the cloud;
a cloud verification unit configured to: the cloud end verifies the instruction information of the terminal by using the data encryption public key, and executes the instruction after the verification is passed;
a data issuing unit, configured to: if the instruction is to read or download the encrypted data stored in the cloud, the cloud server sends the stored encrypted data to the terminal;
a terminal decryption unit for: and the terminal decrypts the received encrypted data by matching the face recognition result with the data encryption private key according to the living body detection result to obtain the original data.
10. The AI-and cloud-based user data security protection apparatus of claim 6, wherein the remote control encryption protection module comprises:
a new terminal signing unit for: the new terminal to which the new IMEI serial code belongs is matched with a data encryption private key through face recognition and a living body detection result, a data recovery instruction is signed by using the data encryption private key, and signed instruction information is submitted to the cloud;
a cloud key pair generation unit configured to: the cloud end verifies the instruction information by using the data encryption public key, and randomly selects 2 items of data based on the user physiological information data stored in the cloud end after the verification is passed, so as to generate a remote control public-private key pair;
a new terminal data recovery unit for: if the instruction of the new terminal is to recover the data in the new terminal, the cloud end uses the remote control public key to carry out secondary encryption on the stored data, and the secondary encrypted data and the remote control private key are sent to the new terminal; after the new terminal receives the encrypted data and the remote control private key, the 2 items of physiological information data are collected through the new terminal according to prompts, the remote control private key is matched, the secondary encrypted data are decrypted to obtain the encrypted data originally stored in the cloud, the encrypted data are decrypted by matching the data encryption private key through face recognition and a living body detection result, and the data can be restored to new terminal equipment;
the system comprises an original terminal data deleting unit, a cloud terminal and a remote control private key, wherein the original terminal data deleting unit is used for encrypting a deleting confirmation instruction by using the remote control public key when the cloud terminal sends an inquiry deleting confirmation instruction to the terminal if an instruction of a new terminal deletes data in the original terminal, then the deleting confirmation instruction and the remote control private key are sent to the new terminal, after the new terminal receives the encrypted data and the remote control private key, the new terminal collects 2 physiological information data through the new terminal according to prompts, the physiological information data are matched with the remote control private key, the inquiry deleting confirmation instruction is decrypted, then the deleting confirmation instruction is sent to the cloud terminal, the deleting confirmation instruction needs to be signed through the remote control private key, the cloud terminal receives the signed deleting confirmation instruction, and after the signature is verified through the remote control public key, the original terminal is on-line and is controlled to delete data.
CN202111527939.XA 2021-12-14 2021-12-14 AI and cloud control-based user data security protection method and device Pending CN114218557A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111527939.XA CN114218557A (en) 2021-12-14 2021-12-14 AI and cloud control-based user data security protection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111527939.XA CN114218557A (en) 2021-12-14 2021-12-14 AI and cloud control-based user data security protection method and device

Publications (1)

Publication Number Publication Date
CN114218557A true CN114218557A (en) 2022-03-22

Family

ID=80701871

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111527939.XA Pending CN114218557A (en) 2021-12-14 2021-12-14 AI and cloud control-based user data security protection method and device

Country Status (1)

Country Link
CN (1) CN114218557A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116405211A (en) * 2023-06-07 2023-07-07 深圳市乐凡信息科技有限公司 Multiple encryption method, device, equipment and storage medium based on biological characteristics

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116405211A (en) * 2023-06-07 2023-07-07 深圳市乐凡信息科技有限公司 Multiple encryption method, device, equipment and storage medium based on biological characteristics
CN116405211B (en) * 2023-06-07 2023-09-01 深圳市乐凡信息科技有限公司 Multiple encryption method, device, equipment and storage medium based on biological characteristics

Similar Documents

Publication Publication Date Title
US9454656B2 (en) System and method for verifying status of an authentication device through a biometric profile
TWI463349B (en) Method and system for secure data access among two devices
CN101958892B (en) Electronic data protection method, device and system based on face recognition
US11972637B2 (en) Systems and methods for liveness-verified, biometric-based encryption
CN107864124B (en) Terminal information security protection method, terminal and Bluetooth lock
CN113545006A (en) Remote authorized access locked data storage device
CN113472793B (en) Personal data protection system based on hardware password equipment
CN106789024B (en) A kind of remote de-locking method, device and system
CN110706379A (en) Access control method and device based on block chain
CN111401901B (en) Authentication method and device of biological payment device, computer device and storage medium
CN109145562A (en) A kind of lasting authenticating identity method and its equipment by finger print mouse
CN109587164A (en) A kind of information encrypting transmission method, device, equipment and storage medium
US11403380B2 (en) Method for managing fingerprint and system thereof
CN106357678A (en) Cloud encryption storage method for intelligent terminal and intelligent terminal
CN112115523A (en) Data self-destruction encryption storage device
CN114218557A (en) AI and cloud control-based user data security protection method and device
EP2775658A2 (en) A password based security method, systems and devices
CN112425116B (en) Intelligent door lock wireless communication method, intelligent door lock, gateway and communication equipment
CN109584421A (en) A kind of intelligent door lock authentication administrative system based on domestic safety chip
CN107292133B (en) Artificial intelligence confusion technical method and device
CN109064602B (en) Identification method based on mobile terminal and two-dimensional code dynamic identity authentication
CN112184960B (en) Intelligent lock control method and device, intelligent lock system and storage medium
CN111127019B (en) Method, system and device for backing up mnemonic words
CN108875398B (en) Encryption and decryption system based on certificate chain technology and application method thereof
Johnson et al. With vaulted voice verification my voice is my key

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination