CN114430351A - Distributed database node secure communication method and system - Google Patents

Distributed database node secure communication method and system Download PDF

Info

Publication number
CN114430351A
CN114430351A CN202210352713.9A CN202210352713A CN114430351A CN 114430351 A CN114430351 A CN 114430351A CN 202210352713 A CN202210352713 A CN 202210352713A CN 114430351 A CN114430351 A CN 114430351A
Authority
CN
China
Prior art keywords
data
information
source
distributed database
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210352713.9A
Other languages
Chinese (zh)
Other versions
CN114430351B (en
Inventor
骆彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Fast Cube Technology Co ltd
Original Assignee
Beijing Fast Cube Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Fast Cube Technology Co ltd filed Critical Beijing Fast Cube Technology Co ltd
Priority to CN202210352713.9A priority Critical patent/CN114430351B/en
Publication of CN114430351A publication Critical patent/CN114430351A/en
Application granted granted Critical
Publication of CN114430351B publication Critical patent/CN114430351B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/146Tracing the source of attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a distributed database node secure communication method and a system, wherein the method comprises the following steps: acquiring first data information, wherein the first data information needs to be communicated and transmitted in distributed nodes in a first distributed database; performing source tracing analysis on each part of data in the first data information to obtain a plurality of source information; performing source importance analysis on the source information to obtain source information; according to the source important information, performing data blocking on the first data information to obtain a plurality of data blocks; respectively encrypting a plurality of data blocks according to a plurality of source important information to obtain a plurality of encrypted information; and respectively carrying out communication transmission on the plurality of data blocks in the first distributed database by adopting a plurality of pieces of encryption information.

Description

Distributed database node secure communication method and system
Technical Field
The invention relates to the technical field of distributed data storage, in particular to a distributed database node secure communication method and system.
Background
The distributed database is developed and obtained based on a centralized database and comprises a plurality of distributed database nodes, and data communication transmission can be performed among the nodes to ensure the stability of the database.
Data transmission between nodes of the distributed database needs to be carried out on the nodes with the corresponding authorities by determining whether each node has the corresponding authority, so that the safety of data stored in each node is ensured.
In the prior art, data communication transmission in a node is generally performed by judging whether a related node has an authority, and in the higher security requirement, the technical problem of lower communication security of a distributed database node exists.
Disclosure of Invention
The application provides a method and a system for safe communication of distributed database nodes, which are used for solving the technical problem that the communication safety between the nodes is low in the distributed database nodes in the prior art.
In view of the foregoing problems, the present application provides a method and a system for secure communication of distributed database nodes.
In a first aspect of the present application, a method for secure communication of distributed database nodes is provided, where the method includes: acquiring first data information, wherein the first data information needs to be communicated and transmitted in distributed nodes in a first distributed database; performing source tracing analysis on each part of data in the first data information to obtain a plurality of source information; performing source importance analysis on the source information to obtain source important information; according to the source important information, performing data blocking on the first data information to obtain a plurality of data blocks; respectively encrypting the data blocks according to the source important information to obtain a plurality of encrypted information; and respectively carrying out communication transmission on the plurality of data blocks in the first distributed database by adopting the plurality of encrypted information.
In a second aspect of the present application, there is provided a distributed database node secure communication system, the system comprising: the first obtaining unit is used for obtaining first data information, wherein the first data information needs to be communicated and transmitted in distributed nodes in a first distributed database; the first processing unit is used for performing source tracing analysis on each part of data in the first data information to obtain a plurality of source information; the second processing unit is used for carrying out source importance analysis on the source information to obtain source important information; the third processing unit is used for carrying out data blocking on the first data information according to the source important information to obtain a plurality of data blocks; a fourth processing unit, configured to encrypt the multiple data blocks according to the multiple source important information, respectively, to obtain multiple pieces of encrypted information; and the first execution unit is used for performing communication transmission on the plurality of data blocks in the first distributed database respectively by adopting the plurality of encrypted information.
In a third aspect of the present application, a distributed database node secure communication system is provided, including: a processor coupled to a memory for storing a program that, when executed by the processor, causes a system to perform the steps of the method according to the first aspect.
In a fourth aspect of the present application, a computer-readable storage medium is provided, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the method according to the first aspect.
One or more technical solutions provided in the present application have at least the following technical effects or advantages:
according to the technical scheme, when data transmission is carried out among distributed database nodes, source tracing analysis is carried out on all data in data information needing to be communicated and transmitted, a plurality of source information is obtained, then the importance of the source information is analyzed, a plurality of important information is obtained, the data information needing to be transmitted is blocked and encrypted according to the important information, an optimal encryption mode is obtained through optimization, the safety of data transmission is guaranteed, and then data transmission among different database nodes is carried out. According to the embodiment of the application, the source security of data needing data transmission among the nodes of the distributed database is analyzed, the importance degree of the data transmitted by each node can be analyzed, the occurrence of data security problems caused when the data are transmitted is avoided, block encryption is carried out according to the source importance of each part of data in the data when the data are transmitted, different encryption schemes are set according to different source importance, the encryption modes of data blocks and data blocks are dynamically formulated, in the data processing environment with high security requirements, the security coefficient of data communication transmission is improved, and the technical effect of improving the data transmission security in the nodes of the distributed database is achieved.
The foregoing description is only an overview of the technical solutions of the present application, and the present application can be implemented according to the content of the description in order to make the technical means of the present application more clearly understood, and the following detailed description of the present application is given in order to make the above and other objects, features, and advantages of the present application more clearly understandable.
Drawings
Fig. 1 is a schematic flow chart of a distributed database node secure communication method provided in the present application;
fig. 2 is a schematic view illustrating a process of constructing and obtaining important information from multiple sources in a distributed database node secure communication method provided by the present application;
fig. 3 is a schematic flowchart of optimizing and obtaining an optimal encryption scheme in the distributed database node secure communication method provided by the present application;
FIG. 4 is a schematic structural diagram of a distributed database node secure communication system provided in the present application;
fig. 5 is a schematic structural diagram of an exemplary electronic device of the present application.
Description of reference numerals: a first obtaining unit 11, a first processing unit 12, a second processing unit 13, a third processing unit 14, a fourth processing unit 15, a first execution unit 16, an electronic device 300, a memory 301, a processor 302, a communication interface 303, and a bus architecture 304.
Detailed Description
The application provides a method and a system for safe communication of distributed database nodes, which are used for solving the technical problem that the communication safety between the nodes is low in the distributed database nodes in the prior art.
Summary of the application
The distributed database is developed and obtained based on a centralized database and comprises a plurality of distributed database nodes, the distributed nodes are generally applied to each department of a unit, and data query and DML operation can be carried out in the distributed database according to different services among the departments. In the distributed database, data communication transmission can be carried out among all nodes, and the stability of the database and the consistency of partial data are ensured.
Data transmission between nodes of the distributed database needs to be carried out on the nodes with the corresponding authorities by determining whether each node has the corresponding authority, so that the safety of data stored in each node is ensured.
In the prior art, data communication transmission in a node is generally performed by judging whether a related node has an authority, and in the higher security requirement, the technical problem of lower communication security of a distributed database node exists.
In view of the above technical problems, the technical solution provided by the present application has the following general idea:
according to the technical scheme, when data transmission is carried out among distributed database nodes, source tracing analysis is carried out on all data in data information needing to be communicated and transmitted, a plurality of source information is obtained, then the importance of the source information is analyzed, a plurality of important information is obtained, the data information needing to be transmitted is blocked and encrypted according to the important information, an optimal encryption mode is obtained through optimization, the safety of data transmission is guaranteed, and then data transmission among different database nodes is carried out.
Having described the basic principles of the present application, the technical solutions in the present application will be described clearly and completely with reference to the accompanying drawings, and it should be understood that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments of the present application, and the present application is not limited to the exemplary embodiments described herein. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present application without making any creative effort belong to the protection scope of the present application. It should be further noted that, for the convenience of description, only some but not all of the elements relevant to the present application are shown in the drawings.
Example one
As shown in fig. 1, the present application provides a secure communication method for nodes of a distributed database, where the method includes:
s100: acquiring first data information, wherein the first data information needs to be communicated and transmitted in distributed nodes in a first distributed database;
in the embodiment of the present application, the first distributed database may be a database set in any enterprise, unit, or school in the prior art. In the prior art, according to the requirement of actual service, a plurality of nodes are respectively arranged in each department, and the like, and each database node stores different partial data, such as query rules, stored data, and the like, and also stores the same partial data.
Optionally, after the data in a certain distributed node is updated, at least part of the data may need to be transmitted to other distributed nodes, so as to maintain data consistency in part or all of the nodes, and to support functions of querying, adding and deleting the database, and the like.
The first data information is data obtained by updating a certain node in the first distributed database, and may also be data stored by a certain node in the first distributed database, and it needs to be communicated among a plurality of distributed nodes in the first distributed database. For example, the first data message may be transmitted from node a to all other nodes, and also from node a to node B and node C to support database services.
When the data is transmitted, the data security needs to be ensured, and the data leakage caused by the data transmission to other nodes is avoided.
S200: performing source tracing analysis on each part of data in the first data information to obtain a plurality of source information;
in this embodiment, the first data information may be a data set including multiple sets or portions of data, where the portions of data in the first data information are from different sources.
For example, the portions of data in the first data information may originate from network downloading, local uploading, or also from other database node transmissions, including various source channels.
In the process of storing the first data information in the first distributed database, the source information of each part of data can be stored at the same time, and the source information of each part of data is obtained by tracing and analyzing the source information of each part of data in the first data information.
S300: performing source importance analysis on the source information to obtain source important information;
in the embodiment of the present application, the sources of the data in each portion of the first data information are different, and the importance of each portion of the data is different and is related to the source of each portion of the data. The more important a part of data is, the higher the security requirements of the part of data, such as prevention of leakage, are.
Illustratively, among the parts of data in the first data information, the part of data from the network can be repeatedly downloaded, and the importance of the part of data from the local upload is greater than that of the part of data from the network. And in the partial data which is uploaded locally from the source, the importance of the data uploaded by different database nodes or different machines and different accounts is also different. There is also a difference in the importance of the data downloaded by the local network and the internet in the portion of the data that is sourced as the network download.
Optionally, the importance identification may be performed on multiple sources of the uploaded and stored data at each node in the first database under supervision, and after the stored data are uploaded and the first data information is obtained, the source importance analysis may be performed on the sources of the data of each part in the first data information to obtain the importance of each part of the data, that is, multiple pieces of source important information.
S400: according to the source important information, performing data blocking on the first data information to obtain a plurality of data blocks;
in the embodiment of the present application, the source important information respectively reflects the importance degree of each part of data in the first data information. Based on the source important information, each part of data in the first data information is partitioned to obtain a plurality of data blocks with different importance degrees.
S500: respectively encrypting the data blocks according to the source important information to obtain a plurality of encrypted information;
specifically, the source importance information may reflect the importance of each part of data in the first data information, and the data with different importance may have different security requirements for data transmission.
In the prior art, because the distributed databases are mostly used in a cooperative set, data can be transmitted only by ensuring that nodes receiving the data have corresponding authorities, and the security protection on data transmission is low. With the development of the distributed database, the distributed database can be applied to a plurality of groups with certain competition relationship, and at the moment, the security of data transmission needs to be ensured, and illegal nodes are prevented from intercepting data.
According to the source important information, the data blocks with different importance are encrypted in different modes and different complexity degrees, wherein the encryption mode of the data block with higher importance degree is higher in complexity degree and higher in safety. And the efficiency of encryption processing and decryption reading is considered simultaneously in the encryption process, so that the data transmission efficiency is prevented from being greatly reduced, and finally, an encryption scheme is set to encrypt the data blocks with different importance degrees in the first data information to obtain a plurality of encrypted information of the data blocks.
S600: and respectively carrying out communication transmission on the plurality of data blocks in the first distributed database by adopting the plurality of encrypted information.
Optionally, the multiple pieces of encrypted information are used for performing communication transmission on multiple data blocks in the first data information, the multiple data blocks are transmitted to the receiving database node by the transmitting database node, the receiving database node completes decryption and assembly of the multiple data blocks, complete first data information is obtained and stored, and subsequent functions of query, calculation, modification and the like are supported.
In the plurality of pieces of encrypted information, the plurality of pieces of encrypted information include keys which can be decrypted only by receiving the database nodes, and even if the first data information is stolen in the transmission process or transmitted to the wrong database node, the first data information cannot be decrypted to obtain data, so that the safety of data transmission in the plurality of nodes of the distributed database is improved.
According to the embodiment of the application, the importance degree of data transmission of each node can be analyzed and obtained by analyzing the source importance of the data needing data transmission among the nodes of the distributed database, block encryption is carried out according to the source importance of each part of data in the data when the data are transmitted, different encryption schemes are set according to different source importance, the encryption modes of the data blocks and the data blocks are dynamically formulated, the important coefficient of data communication transmission is improved in a data processing environment with high safety requirements, and the technical effect of improving the data transmission safety in the nodes of the distributed database is achieved.
The method provided by the embodiment of the application comprises the following steps of S100:
s110: obtaining the portions of data from a plurality of sources, wherein the plurality of sources includes a first type of source and a second type of source;
s120: performing hash processing on the source information of each part of data respectively to obtain a plurality of source hash values of the plurality of sources;
s130: and using the source hash values and the partial data as the first data information.
Before the first data information needs to be transmitted, first, each part of data in the first data information is obtained. Specifically, the user obtains each part of data in the first data information through a plurality of sources, and stores the data in the database node which needs to perform data transmission.
In the embodiment of the present application, the plurality of sources specifically include a first type of source and a second type of source. Illustratively, the first type of sources includes local sources, such as different accounts, different machines, etc., for uploading data locally into the database node, and the second type of sources includes network sources, such as different local networks or internet downloads for obtaining data uploads into the database node.
In general, the degree of importance of data within a first type of source is greater than the degree of importance of data within a second type of source.
Further, in the first distributed database, the types of the sources of the stored data in the database nodes are basically fixed, and hash mapping processing is performed on each data source to obtain the hash value of each data source. If the two data sources are similar, the hash processing of the two data sources can be scattered to be the same hash value.
In this way, after each part of data of the first data information is obtained through a plurality of sources, the source information of each part of data is respectively subjected to hash processing to obtain a plurality of source hash values of the plurality of sources of each part of data, wherein the source hash values, the data and the data sources are in one-to-one correspondence.
The source hash values are respectively corresponding to each part of data and are unified as the first data information.
According to the data transmission method and device, the hash mapping processing is carried out on the sources of the data of all parts in the first data information, the hash values of the sources of the data of all parts are obtained and added into the first data information, the source tracing of the data of all parts can be carried out according to the first data information, the source tracing is used as a data base for analyzing the importance degree of the data of all parts, and the data transmission safety of all nodes in the distributed database is improved.
Thus, in step S200 of the method provided in this embodiment of the application, source tracing analysis may be performed according to the source hash values of the data in the first data information, so as to obtain source information of the data in each portion.
As shown in fig. 2, step S300 in the method provided in the embodiment of the present application includes:
s310: constructing important information spaces of various data sources according to various data sources of the distributed nodes in the first distributed database;
s320: obtaining the data of each part and a plurality of source hash values according to the first data information;
s330: tracing and analyzing the sources of the data of each part according to the source Hash values to obtain first type source information and second type source information;
s340: inputting the first type of source information and the second type of source information into the important information space to obtain first type of important information and second type of important information;
s350: and mapping and associating according to the first type of important information, the second type of important information and the data of each part to obtain a plurality of source important information of the data of each part.
Wherein, step S310 includes:
s311: setting a first historical time period;
s312: collecting problems occurring when a plurality of distributed nodes transmit data of a plurality of data sources in a first historical time period to obtain a plurality of historical problem sets, wherein the historical problem sets comprise problem frequency information and problem scale information;
s313: constructing an important space coordinate system by using the problem frequency information and the problem scale information as coordinate axes;
s314: inputting a plurality of historical problem sets into the important space coordinate system to obtain a plurality of mapping points;
s315: clustering the mapping points to obtain a plurality of clustering results, wherein the clustering results comprise a first type of clustering result and a second type of clustering result;
s316: setting a plurality of corresponding important information according to the problem frequency level and the problem scale level in the clustering results;
s317: and constructing the important information space according to the plurality of clustering results and the plurality of important information.
In the embodiment of the present application, a first historical time period with an arbitrary time length is set, for example, it may be a year, a quarter, etc. And collecting the problems of the plurality of distributed nodes in the first distributed database in the first historical time period in the data transmission process of the data from the plurality of data sources. If the more problems occur in the data transmission process of data from one data source, the more problems may include data leakage, tampering and the like, the more security problems occur in the data from the data source, and further, the higher the importance of the data from the data source is, the more complicated encryption needs to be performed, so as to avoid the problems occurring in the data transmission.
In this way, a plurality of historical problem sets of problems occurring in the process of transmitting data of a plurality of data sources in a first historical time period by a plurality of distributed nodes are acquired, and the historical problem sets comprise problem frequency information and problem scale information.
The problem frequency information includes frequency information of occurrence of problems of certain data source data in a first historical time period, for example, frequency of data leakage and the like, and the problem scale information includes scale information of occurrence of problems of certain data source data in the first historical time period, for example, leakage data amount and the like. If the number of problems is increased and the scale of the problems is increased, the importance of the data from which the data is obtained is increased.
Based on the problem frequency information and the problem scale information as coordinate axes, for example, the problem frequency information as an abscissa axis and the problem scale information as an ordinate axis, a two-dimensional important space coordinate system is constructed.
Inputting a plurality of historical problem sets of the data sources into the important space coordinate system, and according to the problem frequency information and the problem scale information numerical value in each historical problem set, the chassis of the air ticket and the mapping points, wherein each mapping point corresponds to one historical problem set of the data sources.
And clustering the mapping points, wherein in the specific clustering process, the Euclidean distance between every two mapping points can be calculated, the two mapping points with the Euclidean distance smaller than a threshold value are classified into one class, and the threshold value can be set according to the distribution of the mapping points and the actual service requirement. Thus, the plurality of mapping points are clustered to obtain a plurality of clustering results.
The plurality of clustering results include a first clustering result and a second clustering result, and optionally, the first clustering result is a clustering result of a local data source, and the second clustering result is a clustering result of a network data source. Each clustering result can correspond to a type of data source with similar importance degree, and the frequency of problems occurring in the data transmission process of the data source in each clustering result is similar to the scale of the problems.
And setting a plurality of corresponding important information according to the problem frequency level and the problem scale level in the plurality of clustering results, for example, setting the important information of the clustering result to be more important for the clustering result with higher problem frequency level and problem scale level, and setting the important information of the clustering result to be generally important for the clustering result with lower problem frequency level and problem scale level. In this way, important information of a plurality of data sources in each clustering result can be obtained.
And constructing and obtaining an important information space according to the plurality of clustering results, the plurality of important information and the important space coordinate system. In the important information space, a plurality of data sources correspond to a clustering result and to an important information.
According to the data source analysis method and device, problem information occurring in the data transmission process of the multiple data sources in the historical time period is collected, the multiple data sources are subjected to clustering analysis by adopting a visual method, clustering results and importance of the multiple data sources are obtained, the clustering results and the importance can be further used as a data base for analyzing the importance of each data source in a tracing mode, and the data importance of each data source can be accurately and efficiently analyzed.
Based on the important information space, each part of data and a plurality of source hash values of each part of data are obtained according to the first data information. And performing Hash mapping operation according to the source Hash values, and performing source tracing analysis to obtain the source of each part of data to obtain first type source information and second type source information. The first type of source information is source information of a local source, and the second type of source information is source information of a network source.
Inputting the first type source information and the second type source information into the important information space, and according to the plurality of clustering results, obtaining clustering results corresponding to the source information in the first type source information and the second type source information respectively, further obtaining a plurality of corresponding important information respectively, and obtaining the first type important information and the second type important information.
Thus, the multiple important information in the first type of important information and the second type of important information are respectively mapped and associated with each part of data in the first data information, and the source important information of each part of data is obtained by specifically mapping and associating the clustering result, the first type of source information and the second type of source information, so that the source importance analysis of each part of data is completed.
In the embodiment of the application, by constructing the important information space, source tracing analysis is performed according to the source hash value of each part of data in the first data information, the importance of each source information is further analyzed according to the important information space, and then the source important information of each part of data is obtained through analysis and is used as a data basis for performing block division and data encryption on each part of data, so that an encryption scheme of each part of data can be formulated, and the security of each part of data in the transmission process of the distributed database node is improved.
Step S400 in the method provided in the embodiment of the present application includes:
s410: obtaining source importance level information of each part of data in the first data information according to a plurality of source importance information;
s420: judging whether the source importance level information of each part of data in the first data information is the same or not according to a plurality of pieces of source importance level information;
s430: and if the partial data exists, the partial data with the same source importance level information is blocked into the same data block, and if the partial data does not exist, the partial data is respectively blocked into a plurality of data blocks.
Specifically, based on the plurality of source importance information, each part of the data in the first data information is analyzed in a hierarchical manner according to different importance levels of the source importance information, and for example, a part of the data having a higher importance level in the source importance information is set to have a higher corresponding source importance level. In this way, the source importance level information of each part of data is obtained.
Further, according to the source importance level information of each part of data, whether two parts of data with the same source importance level information exist is judged, if the source importance level information of the two parts of data is the same, the importance degrees of the two parts of data are similar or the same, the two parts of data can be divided into the same data block, and the parts of data with different source importance level information are divided into a plurality of data blocks respectively.
Therefore, according to the important information of the sources of the data of each part, the data of each part in the first data information is blocked to obtain a plurality of data blocks, so that the data blocks with different importance degrees can be encrypted differently, the data security is improved, unnecessary encryption calculation time is avoided, the data encryption and transmission efficiency is improved, and meanwhile, the data transmission method is compatible with the data transmission of the TCP protocol.
As shown in fig. 3, step S500 in the method provided in the embodiment of the present application includes:
s510: obtaining source importance level information of each part of data in the first data information according to a plurality of source importance information;
s520: setting optimization constraint conditions, and constructing an optimization space according to the optimization constraint conditions, wherein the optimization constraint conditions comprise: decrypting the read speed constraint, the encryption speed constraint and the read time constraint;
s530: respectively grading the encryption importance levels of the source importance level information to different degrees, and taking the grades as optimization parameters;
s540: in the optimization space, carrying out iterative optimization on the encryption schemes of the data blocks by using the optimization parameters to obtain an optimal encryption scheme;
s550: and encrypting the data blocks by adopting the optimal encryption scheme to obtain a plurality of encrypted information.
Specifically, based on the plurality of source important information, each part of data in the first data information is analyzed in a hierarchical manner according to different importance levels of the source important information, for example, a part of data with a higher importance level in the source important information is set to have a higher corresponding source importance level. In this way, the source importance level information of each part of data is obtained.
In the embodiment of the present application, based on the plurality of data blocks obtained in step S400, for the data blocks of the information with different source importance levels, different encryption methods may be adopted to perform encryption with different complexity levels. For example, for a data block with a higher level corresponding to the source important level information, an encryption mode with a higher complexity and a higher safety factor needs to be adopted for encryption, so that the data security is ensured.
Because different encryption needs to be carried out on a plurality of data blocks with information of different source importance levels, the safety of the data blocks with higher importance degrees in the data transmission process is improved, meanwhile, unnecessary encryption work is reduced, and the data encryption, transmission and decryption reading efficiency is improved. In the embodiment of the application, based on a plurality of encryption modes and a plurality of data blocks of important grade information of different sources, a plurality of encryption schemes of first data information can be obtained in a combined mode, and in order to obtain an encryption scheme with the best encryption effect and high transmission efficiency, the method provided by the embodiment of the application carries out optimization in the plurality of encryption schemes to obtain a better encryption scheme.
Illustratively, the plurality of encryption manners may include a plurality of different encryption manners in the prior art, such as asymmetric encryption, symmetric encryption, further encryption algorithms such as DES, RSA, SHA, AES, and the like, and a plurality of manners of re-encrypting the key.
In the process of optimizing in various encryption schemes, optimization conditions need to be set so as to narrow the optimization range and ensure that the optimization result meets the service requirements.
In the embodiment of the application, a decryption reading speed constraint condition is set according to the decryption speed after the first data information is transmitted, an encryption speed constraint condition is set according to the encryption speed of a plurality of data blocks in an encryption scheme, and a reading time constraint condition is set according to the whole time of the whole process of encryption transmission and encryption reading of the first data information. And taking the decryption reading speed constraint condition, the encryption speed constraint condition and the reading time constraint condition as optimization constraint conditions. In the optimizing process, the obtained encryption scheme is required to be ensured to meet the optimization constraint condition, and the encryption effect and the data transmission efficiency are improved on the basis.
Optionally, the decryption reading speed constraint condition, the encryption speed constraint condition, and the reading time constraint condition may respectively include a decryption reading speed threshold, an encryption speed threshold, and a reading time threshold, where the decryption reading speed threshold, the encryption speed threshold, and the reading time threshold may be set according to actual encryption and data transmission services, and under the decryption reading speed threshold, the encryption speed threshold, and the reading time threshold, service requirements for data transmission and encryption may be substantially met, so that data security and transmission efficiency are ensured to a certain extent. Thus, the optimization of the encryption scheme is performed on this basis.
And constructing an optimization space according to the optimization constraint conditions, wherein the optimization space comprises a plurality of encryption schemes meeting the optimization constraint conditions, the number of the encryption schemes is less than that of all encryption schemes obtained by combination, and the encryption schemes not meeting the optimization constraint conditions are filtered out.
In the specific optimizing process, an encryption scheme is randomly selected in the optimization space as a first encryption scheme as a current optimizing result. And calculating an optimization parameter for the first encryption scheme. The optimization parameters can be obtained by scoring the data blocks of the important level information of a plurality of sources to different degrees according to the encryption complexity, the encryption efficiency and the decryption reading efficiency of the data blocks, and the scores are used as the optimization parameters.
Illustratively, in the process of calculating the optimization parameter, for a data block with a higher level corresponding to the source importance level information, the higher the encryption complexity of the data block is, the higher the score is, while the higher the encryption complexity is, the lower the encryption efficiency and the decryption reading efficiency are, and the corresponding scores such as the encryption efficiency, the decryption reading efficiency, and the reading time are lower. The scoring weights corresponding to the scores of the encryption complexity, the encryption efficiency and the decryption reading efficiency are different, for example, the scoring weight ratio of the encryption complexity is greater than the scoring weight ratio of the decryption reading efficiency which is greater than the encryption efficiency, so that when the encryption scheme is obtained by optimizing, the encryption scheme is scored to obtain the optimized parameters of the encryption scheme, and the optimized parameters are used as the basis for evaluating the quality of the encryption scheme.
Optionally, when the optimization parameter of the encryption scheme is calculated, the encryption complexity scores of different source importance level information are respectively subjected to weight distribution, for a data block with lower source importance level information, the score of the encryption complexity occupies a smaller weight, and the score obtained by calculation is lower, and for a data block with higher source importance level information, the score of the encryption complexity occupies a larger weight, and the score obtained by calculation is higher. For example, the weight assignment process may use a prior art weight assignment algorithm such as AHP hierarchy analysis, G1 weight assignment, and the like, but is not limited thereto.
And weight distribution can be carried out on the encryption efficiency, the decryption reading efficiency and the reading time according to the importance degree, so that when the encryption scheme is obtained, scores of the encryption scheme except the encryption complexity degree are calculated in a weighting mode in an adaptive mode, the scores are more accurate, actual service requirements are met better, and the optimization parameters of the encryption scheme are obtained.
And iteratively optimizing the encryption scheme of the plurality of data blocks by the optimization parameters in the optimization space. Specifically, optimizing in the optimized space again to randomly obtain an encryption scheme as a second encryption scheme, calculating the optimized parameters of the second encryption scheme based on the contents, if the optimized parameters of the second encryption scheme are greater than the optimized parameters of the first encryption scheme, indicating that the second encryption scheme is better than the first encryption scheme, and replacing the first encryption scheme with the second encryption scheme as the current optimization result.
If the optimized parameter of the second encryption scheme is less than the optimized parameter of the first encryption scheme, it indicates that the second encryption scheme is inferior to the first encryption scheme. At this time, the second encryption scheme is not directly abandoned, the optimization process is prevented from being stopped at the first encryption scheme, in order to improve the iterative optimization speed of a plurality of optimization schemes in the optimization space, the second encryption scheme is accepted as the current optimization result with a probability, and the first encryption scheme is abandoned, and the probability is calculated by the following formula:
Figure 467826DEST_PATH_IMAGE001
wherein e is the natural logarithm R1For the optimized parameter of the first encryption scheme, R2For the optimization parameter of the second encryption scheme, n is the optimal rate factor.
The optimization rate factor n can be reduced along with the number of optimization iterations, and n is larger in the initial optimization stage, so that the second encryption scheme with smaller acceptable optimization parameters in a large probability is the current optimization result, and the optimization iteration speed is improved. With the optimization iteration process, the reduction of n also reduces the number of P along with the optimization iteration, so that in the later period of optimization, for the encryption scheme with smaller optimization parameters, the probability of accepting the encryption scheme as the current optimization result is reduced, the accuracy of optimization is improved, and a new encryption scheme is accepted only under the condition of larger optimization parameters as far as possible.
Illustratively, the reduction of n may be an exponential reduction or other reduction known in the art.
Therefore, the optimization operation is repeated to carry out iterative optimization, when the current optimization result is not changed in the optimization iterations of the threshold times, the optimization parameters of the encryption scheme in the current optimization result are larger, a more optimal encryption scheme is difficult to find, P is gradually reduced, the encryption scheme with the smaller optimization parameters is difficult to accept as the current optimization result, the optimization process can confirm the later stage, and therefore the optimization can be completed, and the encryption scheme in the current optimization result is used as the optimal encryption scheme.
And respectively encrypting the plurality of data blocks by adopting the optimal encryption scheme, wherein the optimal encryption scheme comprises a specific encryption scheme for different data blocks, encryption is completed, and encryption information of the plurality of data blocks is obtained.
According to the method and the device, the source importance level information of each part of data is obtained through a plurality of source importance information of each part of data, optimization constraint conditions are set, an optimization space comprising a plurality of encryption schemes is constructed, optimization is conducted in the optimization space, different grading is conducted on the encryption complexity of the encryption schemes according to the source importance level information with different importance degrees, grading with different weights is conducted according to decryption reading efficiency, encryption efficiency and the like, a special optimization algorithm is set, optimization can be conducted in the optimization space quickly, the encryption complexity is the most appropriate, data safety can be guaranteed, the encryption scheme of data encryption transmission can be guaranteed to a certain degree, and the technical effect of improving the node data communication transmission safety in the distributed database is achieved.
Step S600 in the method provided in the embodiment of the present application includes:
s610: adding the plurality of encrypted information into data streams of a plurality of data blocks respectively;
s620: transmitting the processed data stream in the first distributed database;
s630: and after the data transmission is finished, destroying the encrypted information.
In the embodiment of the application, as the encryption of each data block in the first data information takes the time of data transmission, in order to improve the efficiency of data encryption transmission, a data transmission mode in which a data packet is encapsulated by combining an encryption key and a header in the current data encryption transmission is replaced, the encryption information of each data block is directly added into the data stream text of each data block for transmission, and is directly transmitted into the database node of the data to be received.
After the database node of the data to be received receives the acquired transmission data, the data blocks are directly received without decryption identification, the encrypted information in the data blocks is read and decrypted after the data blocks are received, and the text information in the data blocks can be read only after the data blocks are successfully decrypted, so that the safety of the data is guaranteed, and the efficiency in the data transmission process is improved.
The encrypted information includes only the key commonly identified by the data transmission node and the data receiving node, and if data transmission to the error node occurs, even if the error node receives the first data information, the data block cannot be decrypted and read.
Optionally, after the first data information is transmitted in the first distributed database and the decryption and reading are completed, the encrypted information in the data block is erased and destroyed, and then the transmitted data is used.
According to the embodiment of the application, the encrypted information is directly added into the data body for transmission in the data transmission completed through encryption, and the encrypted information is decrypted and read after the data is received, so that the data safety is ensured, and meanwhile, the efficiency in the data transmission process is improved.
In summary, the embodiment of the present application can analyze the importance degree of the data transmitted by each node by analyzing the source importance of the data that needs to be transmitted between the nodes of the distributed database, and use the importance degree as the data basis for encrypting and securely transmitting the data, and block encryption is carried out according to the source importance of each part of data in the data when the data are transmitted, setting encryption schemes with different encryption complexity degrees according to different importance, so as to obtain a plurality of encryption schemes, and sets constraint conditions, optimized space, optimized parameters and the like to optimize the encryption scheme, thereby dynamically formulating the data blocks and the encryption mode of each data block, in a data processing environment with higher safety requirements, the safety factor of data communication transmission is improved, and the technical effect of improving the safety of data transmission in the nodes of the distributed database is achieved.
Example two
Based on the same inventive concept as the secure communication method of a distributed database node in the foregoing embodiment, as shown in fig. 4, the present application provides a secure communication system of a distributed database node, wherein the system includes:
a first obtaining unit 11, configured to obtain first data information, where the first data information needs to be communicated and transmitted in distributed nodes in a first distributed database;
the first processing unit 12 is configured to perform source tracing analysis on each part of data in the first data information to obtain multiple pieces of source information;
the second processing unit 13 is configured to perform source importance analysis on the source information to obtain source importance information;
a third processing unit 14, configured to perform data blocking on the first data information according to a plurality of pieces of source important information to obtain a plurality of data blocks;
a fourth processing unit 15, configured to encrypt, according to the source important information, the data blocks to obtain a plurality of encrypted information;
a first executing unit 16, configured to perform communication transmission on the plurality of data blocks in the first distributed database respectively by using the plurality of encryption information.
Further, the system further comprises:
a second obtaining unit, configured to obtain the partial data through a plurality of sources, where the plurality of sources includes a first type of source and a second type of source;
a fifth processing unit, configured to perform hash processing on source information of the data of each portion, respectively, to obtain multiple source hash values of the multiple sources;
a third obtaining unit, configured to use the source hash values and the partial data as the first data information.
Further, the system further comprises:
the first construction unit is used for constructing important information spaces of various data sources according to the various data sources of the distributed nodes in the first distributed database;
a fourth obtaining unit, configured to obtain the portions of data and a plurality of source hash values according to the first data information;
a fifth obtaining unit, configured to perform source tracing analysis on the sources of the data of each part according to the multiple source hash values, so as to obtain first type source information and second type source information;
a sixth processing unit, configured to input the first type of source information and the second type of source information into the important information space, and obtain first type of important information and second type of important information;
and the seventh processing unit is used for mapping and associating the first type of important information, the second type of important information and the data of each part to obtain a plurality of source important information of the data of each part.
Further, the system further comprises:
an eighth processing unit for setting a first history time period;
a sixth obtaining unit, configured to collect problems that occur when the plurality of distributed nodes perform data transmission on data from multiple data sources within the first historical time period, and obtain a plurality of historical problem sets, where the historical problem sets include problem frequency information and problem scale information;
the second construction unit is used for constructing an important space coordinate system by using the problem frequency information and the problem scale information as coordinate axes;
a seventh obtaining unit, configured to input the plurality of historical problem sets into the important spatial coordinate system, and obtain a plurality of mapping points;
a ninth processing unit, configured to cluster the mapping points to obtain a plurality of clustering results, where the plurality of clustering results include a first-class clustering result and a second-class clustering result;
a tenth processing unit, configured to set a plurality of corresponding important information according to the problem frequency level and the problem scale level in the plurality of clustering results;
and the third construction unit is used for constructing the important information space according to the plurality of clustering results and the plurality of important information.
Further, the system further comprises:
an eighth obtaining unit, configured to obtain source importance level information of each part of the data in the first data information according to a plurality of pieces of the source importance information;
a first judging unit, configured to judge whether source importance level information of each portion of data in the first data information is the same according to a plurality of pieces of source importance level information;
and an eleventh processing unit, configured to block, if the partial data exists, the partial data with the same source importance level information into the same data block, and if the partial data does not exist, block the partial data into a plurality of data blocks respectively.
Further, the system further comprises:
a ninth obtaining unit, configured to obtain source importance level information of each part of data in the first data information according to a plurality of pieces of source importance information;
a twelfth processing unit, configured to set an optimization constraint condition, and construct an optimization space according to the optimization constraint condition, where the optimization constraint condition includes: decrypting the read speed constraint, the encryption speed constraint and the read time constraint;
a thirteenth processing unit, configured to score the encryption importance levels of the source importance level information by different degrees, and use the scores as optimization parameters;
a fourteenth processing unit, configured to perform iterative optimization on the encryption schemes of the multiple data blocks by using the optimization parameters in the optimization space, so as to obtain an optimal encryption scheme;
and a fifteenth processing unit, configured to encrypt the multiple data blocks by using the optimal encryption scheme, so as to obtain multiple pieces of encryption information.
Further, the system further comprises:
a sixteenth processing unit, configured to add the plurality of pieces of encryption information to data streams of the plurality of data blocks, respectively;
a seventeenth processing unit, configured to transmit the processed data stream in the first distributed database;
and the eighteenth processing unit is used for destroying the encrypted information after the data transmission is finished.
EXAMPLE III
Based on the same inventive concept as the secure communication method of one of the foregoing embodiments, the present application further provides a computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the method as in the first embodiment.
Exemplary electronic device
The electronic device of the present application is described below with reference to figure 5,
based on the same inventive concept as the distributed database node secure communication method in the foregoing embodiment, the present application also provides a distributed database node secure communication system, including: a processor coupled to a memory, the memory for storing a program that, when executed by the processor, causes the system to perform the steps of the method of embodiment one.
The electronic device 300 includes: processor 302, communication interface 303, memory 301. Optionally, the electronic device 300 may also include a bus architecture 304. Wherein, the communication interface 303, the processor 302 and the memory 301 may be connected to each other through a bus architecture 304; the bus architecture 304 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus architecture 304 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 5, but this is not intended to represent only one bus or type of bus.
Processor 302 may be a CPU, microprocessor, ASIC, or one or more integrated circuits for controlling the execution of programs in accordance with the teachings of the present application.
The communication interface 303 may be any device, such as a transceiver, for communicating with other devices or communication networks, such as an ethernet, a Radio Access Network (RAN), a Wireless Local Area Network (WLAN), a wired access network, and the like.
The memory 301 may be, but is not limited to, a ROM or other type of static storage device that can store static information and instructions, a RAM or other type of dynamic storage device that can store information and instructions, an electrically erasable Programmable read-only memory (EEPROM), a compact-read-only-memory (CD-ROM) or other optical disk storage, optical disk storage (including compact disk, laser disk, optical disk, digital versatile disk, blu-ray disk, etc.), a magnetic disk storage medium or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory may be self-contained and coupled to the processor through a bus architecture 304. The memory may also be integral to the processor.
The memory 301 is used for storing computer-executable instructions for executing the present application, and is controlled by the processor 302 to execute. The processor 302 is configured to execute the computer executable instructions stored in the memory 301, so as to implement a method for secure communication of a distributed database node according to the foregoing embodiment of the present application.
Those of ordinary skill in the art will understand that: the various numbers of the first, second, etc. mentioned in this application are for convenience of description and are not intended to limit the scope of this application nor to indicate the order of precedence. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one" means one or more. At least two means two or more. "at least one," "any," or similar expressions refer to any combination of these items, including any combination of singular or plural items. For example, at least one (one ) of a, b, or c, may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or multiple.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the procedures or functions described in accordance with the present application are generated, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer finger
The instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, where the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center by wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wirelessly (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device including one or more available media integrated servers, data centers, and the like. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
The various illustrative logical units and circuits described in this application may be implemented or operated through the design of a general purpose processor, a digital signal processor, an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof. A general-purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a digital signal processor and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a digital signal processor core, or any other similar configuration.
The steps of a method or algorithm described in this application may be embodied directly in hardware, in a software element executed by a processor, or in a combination of the two. The software cells may be stored in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. For example, a storage medium may be coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC, which may be disposed in a terminal. In the alternative, the processor and the storage medium may reside in different components within the terminal. These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Although the present application has been described in conjunction with specific features and embodiments thereof, it will be evident that various modifications and combinations can be made thereto without departing from the spirit and scope of the application. Accordingly, the specification and figures are merely exemplary of the application and are intended to cover any and all modifications, variations, combinations, or equivalents within the scope of the application. It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the present application and its equivalent technology, it is intended that the present application include such modifications and variations.

Claims (10)

1. A method for secure communication of distributed database nodes, the method comprising:
acquiring first data information, wherein the first data information needs to be communicated and transmitted in distributed nodes in a first distributed database;
performing source tracing analysis on each part of data in the first data information to obtain a plurality of source information;
performing source importance analysis on the source information to obtain source important information;
according to the source important information, performing data blocking on the first data information to obtain a plurality of data blocks;
respectively encrypting the data blocks according to the source important information to obtain a plurality of encrypted information;
and respectively carrying out communication transmission on the plurality of data blocks in the first distributed database by adopting the plurality of encrypted information.
2. The method of claim 1, wherein the obtaining the first data information comprises:
obtaining the portions of data from a plurality of sources, wherein the plurality of sources includes a first type of source and a second type of source;
performing hash processing on the source information of each part of data respectively to obtain a plurality of source hash values of the plurality of sources;
and using the source hash values and the partial data as the first data information.
3. The method of claim 2, wherein performing a source importance analysis on the plurality of source information comprises:
constructing important information spaces of various data sources according to various data sources of the distributed nodes in the first distributed database;
obtaining the data of each part and a plurality of source hash values according to the first data information;
tracing and analyzing the sources of the data of each part according to the source Hash values to obtain first type source information and second type source information;
inputting the first type of source information and the second type of source information into the important information space to obtain first type of important information and second type of important information;
and mapping and associating according to the first type of important information, the second type of important information and the data of each part to obtain a plurality of source important information of the data of each part.
4. The method of claim 3, wherein constructing a plurality of important information spaces of a plurality of data sources of a plurality of the distributed nodes from the plurality of data sources in the first distributed database comprises:
setting a first historical time period;
collecting problems occurring when a plurality of distributed nodes transmit data of a plurality of data sources in a first historical time period to obtain a plurality of historical problem sets, wherein the historical problem sets comprise problem frequency information and problem scale information;
constructing an important space coordinate system by using the problem frequency information and the problem scale information as coordinate axes;
inputting a plurality of historical problem sets into the important space coordinate system to obtain a plurality of mapping points;
clustering the mapping points to obtain a plurality of clustering results, wherein the clustering results comprise a first type of clustering result and a second type of clustering result;
setting a plurality of corresponding important information according to the problem frequency level and the problem scale level in the clustering results;
and constructing the important information space according to the plurality of clustering results and the plurality of important information.
5. The method of claim 1, wherein the data partitioning the first data information according to the plurality of source significant information comprises:
obtaining source importance level information of each part of data in the first data information according to a plurality of source importance information;
judging whether the source importance level information of each part of data in the first data information is the same or not according to a plurality of pieces of source importance level information;
and if the partial data exists, the partial data with the same source importance level information is blocked into the same data block, and if the partial data does not exist, the partial data is respectively blocked into a plurality of data blocks.
6. The method of claim 1, wherein the encrypting the plurality of data blocks according to the plurality of source important information respectively comprises:
obtaining source importance level information of each part of data in the first data information according to a plurality of source importance information;
setting optimization constraint conditions, and constructing an optimization space according to the optimization constraint conditions, wherein the optimization constraint conditions comprise: decrypting the read speed constraint, the encryption speed constraint and the read time constraint;
respectively grading the encryption importance levels of the source importance level information to different degrees, and taking the grades as optimization parameters;
in the optimization space, carrying out iterative optimization on the encryption schemes of the data blocks by using the optimization parameters to obtain an optimal encryption scheme;
and encrypting the plurality of data blocks by adopting the optimal encryption scheme to obtain a plurality of encrypted information.
7. The method of claim 1, wherein said communicating said plurality of data blocks within said first distributed database using said plurality of encrypted information, respectively, comprises:
adding the plurality of encrypted information into data streams of a plurality of data blocks respectively;
transmitting the processed data stream in the first distributed database;
and after the data transmission is finished, destroying the encrypted information.
8. A distributed database node secure communication system, the system comprising:
the first obtaining unit is used for obtaining first data information, wherein the first data information needs to be communicated and transmitted in distributed nodes in a first distributed database;
the first processing unit is used for performing source tracing analysis on each part of data in the first data information to obtain a plurality of source information;
the second processing unit is used for carrying out source importance analysis on the source information to obtain source important information;
the third processing unit is used for carrying out data blocking on the first data information according to the source important information to obtain a plurality of data blocks;
a fourth processing unit, configured to encrypt the multiple data blocks according to the multiple source important information, respectively, to obtain multiple pieces of encrypted information;
and the first execution unit is used for performing communication transmission on the plurality of data blocks in the first distributed database respectively by adopting the plurality of encrypted information.
9. A distributed database node secure communication system, comprising: a processor coupled to a memory, the memory for storing a program that, when executed by the processor, causes a system to perform the steps of the method of any of claims 1 to 7.
10. A computer-readable storage medium, characterized in that the storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 7.
CN202210352713.9A 2022-04-06 2022-04-06 Distributed database node secure communication method and system Active CN114430351B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210352713.9A CN114430351B (en) 2022-04-06 2022-04-06 Distributed database node secure communication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210352713.9A CN114430351B (en) 2022-04-06 2022-04-06 Distributed database node secure communication method and system

Publications (2)

Publication Number Publication Date
CN114430351A true CN114430351A (en) 2022-05-03
CN114430351B CN114430351B (en) 2022-06-14

Family

ID=81314313

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210352713.9A Active CN114430351B (en) 2022-04-06 2022-04-06 Distributed database node secure communication method and system

Country Status (1)

Country Link
CN (1) CN114430351B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103246653A (en) * 2012-02-03 2013-08-14 腾讯科技(深圳)有限公司 Data processing method and device
CN103699660A (en) * 2013-12-26 2014-04-02 清华大学 Large-scale network streaming data cache-write method
CN105069365A (en) * 2015-06-30 2015-11-18 广东欧珀移动通信有限公司 Data processing method and mobile terminal
CN107979584A (en) * 2016-11-22 2018-05-01 南京银链信息科技有限公司 Block chain information hierarchical sharing method and system
CN111934990A (en) * 2020-09-25 2020-11-13 支付宝(杭州)信息技术有限公司 Message transmission method and device
CN112084224A (en) * 2020-09-03 2020-12-15 北京锐安科技有限公司 Data management method, system, device and medium
US10924548B1 (en) * 2018-03-15 2021-02-16 Pure Storage, Inc. Symmetric storage using a cloud-based storage system
CN112765137A (en) * 2021-04-07 2021-05-07 暗链科技(深圳)有限公司 Block synchronization method based on block distributed block chain and electronic equipment

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103246653A (en) * 2012-02-03 2013-08-14 腾讯科技(深圳)有限公司 Data processing method and device
CN103699660A (en) * 2013-12-26 2014-04-02 清华大学 Large-scale network streaming data cache-write method
CN105069365A (en) * 2015-06-30 2015-11-18 广东欧珀移动通信有限公司 Data processing method and mobile terminal
CN107979584A (en) * 2016-11-22 2018-05-01 南京银链信息科技有限公司 Block chain information hierarchical sharing method and system
US10924548B1 (en) * 2018-03-15 2021-02-16 Pure Storage, Inc. Symmetric storage using a cloud-based storage system
CN112084224A (en) * 2020-09-03 2020-12-15 北京锐安科技有限公司 Data management method, system, device and medium
CN111934990A (en) * 2020-09-25 2020-11-13 支付宝(杭州)信息技术有限公司 Message transmission method and device
CN112765137A (en) * 2021-04-07 2021-05-07 暗链科技(深圳)有限公司 Block synchronization method based on block distributed block chain and electronic equipment

Also Published As

Publication number Publication date
CN114430351B (en) 2022-06-14

Similar Documents

Publication Publication Date Title
US10997142B2 (en) Cognitive blockchain automation and management
CN109947740B (en) Performance optimization method and device of block chain system
CN106934254B (en) Analysis method and device for open source license
CN109787960B (en) Abnormal flow data identification method, abnormal flow data identification device, abnormal flow data identification medium, and electronic device
CN110519290A (en) Anomalous traffic detection method, device and electronic equipment
CN110110160B (en) Method and device for determining data exception
WO2022142013A1 (en) Artificial intelligence-based ab testing method and apparatus, computer device and medium
CN113628049B (en) Conflict arbitration method of blockchain intelligent contracts based on group intelligence
CN112039702A (en) Model parameter training method and device based on federal learning and mutual learning
CN114189347A (en) Data safety transmission method combining data granulation and gatekeeper
CN114116828A (en) Association rule analysis method, device and storage medium for multidimensional network index
Gießen et al. Optimal mutation rates for the (1+ λ) EA on OneMax through asymptotically tight drift analysis
CN111832059A (en) Space big data management method and system based on cloud service
WO2021262155A1 (en) Differentially private frequency deduplication
CN110599278B (en) Method, apparatus, and computer storage medium for aggregating device identifiers
WO2016106944A1 (en) Method for creating virtual human on mapreduce platform
Nagaraja et al. Distribution‐free Approximate Methods for Constructing Confidence Intervals for Quantiles
CN114430351B (en) Distributed database node secure communication method and system
CN116644816A (en) Metering automation terminal chip encryption method based on asynchronous federal learning
EP4170534A1 (en) System and method for enabling differential privacy techniques
CN114584374B (en) Big data privacy sharing safety protection system and method based on blockchain
CN115718927A (en) Difference privacy mixed recommendation method based on untrusted server
CN113283677B (en) Index data processing method, device, equipment and storage medium
CN106407212A (en) Network account category determination method and apparatus, and object clustering method and apparatus
CN113988670A (en) Comprehensive enterprise credit risk early warning method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant