CN114640523B - Computer data security encryption method and system - Google Patents

Computer data security encryption method and system Download PDF

Info

Publication number
CN114640523B
CN114640523B CN202210272858.8A CN202210272858A CN114640523B CN 114640523 B CN114640523 B CN 114640523B CN 202210272858 A CN202210272858 A CN 202210272858A CN 114640523 B CN114640523 B CN 114640523B
Authority
CN
China
Prior art keywords
data
encrypted
key
internal
attribute
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210272858.8A
Other languages
Chinese (zh)
Other versions
CN114640523A (en
Inventor
李金战
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Gosling Network Technology Co ltd
Original Assignee
Shenzhen Gosling Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Gosling Network Technology Co ltd filed Critical Shenzhen Gosling Network Technology Co ltd
Priority to CN202210272858.8A priority Critical patent/CN114640523B/en
Publication of CN114640523A publication Critical patent/CN114640523A/en
Application granted granted Critical
Publication of CN114640523B publication Critical patent/CN114640523B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys

Abstract

The invention discloses a computer data security encryption method and a system, belonging to the technical field of computer data security, and comprising an internal encryption module, an encryption transmission module and a server; the internal encryption module is used for encrypting the internal storage data of the computer; the encryption transmission module is used for encrypting and transmitting computer data, establishing a key bank, wherein the key bank is used for storing encrypted data, the encrypted data comprises an encryption algorithm, a decryption algorithm and a key, establishing a coding bank, coding the key in the encrypted data to form a digital key code, and setting a sharing unit to share the key bank and the coding bank to a data sending party and a data receiving party; establishing D data transmission channels, acquiring data to be encrypted and transmitted, randomly matching D encrypted data from a key bank according to the attribute of the encrypted and transmitted data, setting a serial number on the encrypted data, and acquiring an encryption algorithm and a key of the encrypted data; the encrypted transmission data is divided into D parts.

Description

Computer data security encryption method and system
Technical Field
The invention belongs to the technical field of computer data security, and particularly relates to a computer data security encryption method and system.
Background
With the rapid development of computer communication technology, more and more important information is completed through a computer, part of the information needs to be stored in the computer, and part of the information needs to be transmitted through a network, so how to ensure the security of data transmission in the network and the privacy of data stored in the computer becomes one of the network security problems of great concern, and a computer data security encryption method and system are needed to solve the above problems or some problems.
Disclosure of Invention
In order to solve the problems existing in the scheme, the invention provides a computer data security encryption method and a computer data security encryption system.
The purpose of the invention can be realized by the following technical scheme:
a computer data security encryption system comprises an internal encryption module, an encryption transmission module and a server; the internal encryption module is used for encrypting the internal storage data of the computer;
the encryption transmission module is used for encrypting and transmitting computer data, establishing a key bank, the key bank is used for storing encrypted data, the encrypted data comprises an encryption algorithm, a decryption algorithm and a key, establishing a coding bank, coding the key in the encrypted data to form a digital key code, and setting a sharing unit to share the key bank and the coding bank to a data sending party and a data receiving party; establishing D data transmission channels, acquiring data to be encrypted and transmitted, randomly matching D encrypted data from a key database according to the attribute of the encrypted and transmitted data, setting an arrangement number on the encrypted data, and acquiring an encryption algorithm and a key of the encrypted data; dividing the encrypted transmission data into D parts, marking the serial numbers of the parts corresponding to the serial numbers on the encrypted data, marking each part of data to be encrypted as a front-end plaintext, encrypting the front-end plaintext through an encryption algorithm and a key corresponding to the serial numbers, marking the encrypted front-end plaintext as an encrypted ciphertext, and sending the encrypted ciphertext to a data receiver through a corresponding data transmission channel; and sending the digital key code to a block chain platform for uplink to obtain a unique identification ID, and sending the identification ID to a data receiver through a corresponding data transmission channel.
Further, the method for decrypting the received data by the data receiving side comprises the following steps:
acquiring the received identification ID and the encrypted ciphertext, acquiring a corresponding digital key code on the block chain platform, and sending the acquired digital key code to a code library to acquire a corresponding key; and matching the corresponding encrypted data in the key database through the key to obtain a decryption algorithm in the encrypted data, decrypting the encrypted ciphertext transmitted by the corresponding data transmission channel through the decryption algorithm and the key to obtain a rear-end plaintext, and integrating a plurality of rear-end plaintexts according to the number to obtain data sent by a data sender.
Further, D is a positive integer, and D is not less than 3.
Further, the working method of the internal encryption module comprises the following steps:
the method comprises the steps of obtaining data needing internal encryption, marking the data as internal data to be encrypted, dividing the internal data to be encrypted, establishing an internal database, arranging a plurality of storage nodes in the internal database, compressing the divided internal data to be encrypted and a dividing mode, and storing the compressed data to be encrypted and the divided data to be encrypted in corresponding storage nodes; setting a corresponding encryption algorithm and a decryption algorithm for each storage node, encrypting through the corresponding encryption algorithm when detecting that data are stored in the storage nodes, setting a linkage starting condition for the decryption algorithm, decrypting each encryption algorithm to obtain corresponding encrypted data after the linkage starting condition is verified successfully, and integrating the encrypted data according to a corresponding segmentation mode to obtain corresponding internal data to be encrypted.
Further, the method for segmenting the internal data to be encrypted comprises the following steps:
and performing attribute identification on the internal data to be encrypted to obtain attribute special values, establishing a space domain model, inputting the attribute special values into the space domain model to obtain a corresponding segmentation mode of the internal data to be encrypted, and segmenting the internal data to be encrypted according to the obtained segmentation mode.
Further, the method for establishing the spatial domain model comprises the following steps:
acquiring an attribute class table, establishing a point location model, setting a plurality of groups of simulation point locations through the point location model based on the attribute class table, establishing a plurality of space coordinate systems based on the attribute class table, marking corresponding attribute labels, inputting the simulation point locations into the corresponding space coordinate systems, identifying attribute data corresponding to each simulation point location in the space coordinate systems, clustering the simulation point locations in the space coordinate systems based on the identified attribute data to obtain a point location set, setting a corresponding coordinate area according to the point location set, and marking corresponding attribute feature labels; and setting a corresponding data segmentation mode for the coordinate area, and integrating all current space coordinate systems into a space domain model.
Further, the working method of the spatial domain model comprises the following steps:
the method comprises the steps of obtaining input attribute special values, identifying a space coordinate system corresponding to the attribute special values, inputting the attribute special values into the corresponding space coordinate system, identifying a coordinate area where the attribute special values are located, and outputting a corresponding data segmentation mode.
Further, the method for setting the linkage starting condition for the decryption algorithm comprises the following steps:
setting different fingerprint verification information by a user, respectively marking the fingerprint verification information as obfuscated fingerprint information and associated fingerprint information, setting a corresponding number of obfuscated storage nodes in an internal database according to the number and the types of the obfuscated fingerprint information, storing storage data specified by the user in the obfuscated storage nodes, and associating the obfuscated fingerprint information with the corresponding obfuscated storage nodes; setting the associated fingerprint information as verification information of linkage starting conditions; the method comprises the steps that an external verification unit is arranged and is connected with a mobile phone of a user through the external verification unit, verification information of verification personnel is collected through the connected mobile phone, and when the collected verification information is obfuscated fingerprint information, stored data corresponding to obfuscated storage nodes are directly matched; and when the acquired verification information is the associated fingerprint information, the linkage starting condition is successfully verified.
A computer data security encryption method specifically comprises the following steps:
the method comprises the following steps: identifying the encrypted data category, wherein the encrypted data category comprises internal data to be encrypted and encrypted transmission data; entering a second step when the encrypted data type is encrypted transmission data; entering a fifth step when the encrypted data category is internal data to be encrypted;
step two: establishing a key database and a coding database, sharing the key database and the coding database to a data sending party and a data receiving party, establishing D data transmission channels, randomly matching D encrypted data from the key database according to the attribute of the encrypted transmission data, and setting arrangement numbers on the encrypted data;
step three: dividing the encrypted transmission data into D parts, encrypting according to the obtained encrypted data, and sending the encrypted data to a data receiver through a corresponding data transmission channel;
step four: coding a key in the encrypted data to form a digital key code; sending the digital key code to a block chain platform for uplink to obtain a unique identification ID, and sending the identification ID to a data receiver through a corresponding data transmission channel; the data receiver decrypts the received data;
step five: establishing an airspace model, segmenting the internal data to be encrypted, compressing the segmented internal data to be encrypted and the segmentation mode, and storing the compressed data to be encrypted and the segmented data to corresponding storage nodes;
step six: encrypting the data stored in the storage node, setting linkage starting conditions for corresponding decryption algorithms, and decrypting each encryption algorithm to obtain corresponding encrypted data after the linkage starting conditions are verified successfully;
step seven: and integrating the encrypted data according to the corresponding segmentation mode to obtain the corresponding internal data to be encrypted.
Compared with the prior art, the invention has the beneficial effects that: by encrypting the transmitted data, the security of data transmission is improved, the privacy of both data transmission parties is protected, and the data is prevented from being leaked; the digital key code is uplinked to ensure that the digital key code is not modifiable and is obtained through the key code, so that irrelevant personnel cannot obtain a corresponding key from a block chain platform, and the confidentiality of the key is ensured while the key is not modifiable; by processing the original data, the transmitted data confidentiality is stronger, and even if the encrypted ciphertext is decoded, all original data information cannot be known through the keyword text; by setting the linkage starting condition, when the linkage starting condition is met, the corresponding decryption algorithm decrypts to obtain the corresponding encrypted data, the decryption work is completed quickly, and the security of the encrypted data is further improved by performing separate encryption and different encryption on the internal data to be encrypted.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic block diagram of the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, a computer data security encryption system includes an internal encryption module, an encryption transmission module and a server;
the encryption transmission module is used for encryption transmission of computer data, and the specific method comprises the following steps:
establishing a key bank, wherein the key bank is used for storing encrypted data, the encrypted data comprises an encryption algorithm, a decryption algorithm and a key, establishing an encoding bank, encoding the key in the encrypted data to form a digital key code, and setting a sharing unit to share the key bank and the encoding bank to a data sending party and a data receiving party; d data transmission channels are established, wherein D is a positive integer and is more than or equal to 3; acquiring data to be encrypted and transmitted, randomly matching D encrypted data from a key database according to the attribute of the encrypted and transmitted data, setting a serial number on the encrypted data, and acquiring an encryption algorithm and a key of the encrypted data; dividing the encrypted transmission data into D parts, marking the serial numbers of the parts corresponding to the serial numbers on the encrypted data, marking each part of data to be encrypted as a front-end plaintext, encrypting the front-end plaintext through an encryption algorithm and a key corresponding to the serial numbers, marking the encrypted front-end plaintext as an encrypted ciphertext, and sending the encrypted ciphertext to a data receiver through a corresponding data transmission channel; and sending the digital key code to a block chain platform for uplink to obtain a unique identification ID, and sending the identification ID to a data receiver through a corresponding data transmission channel.
The key library is created based on a conventional encryption algorithm such as a symmetric encryption algorithm or an asymmetric encryption algorithm, which is common knowledge in the art and therefore will not be described in detail. How to encode the key in the encrypted data and create the code library in detail is common knowledge in the art and therefore will not be described in detail.
The digital key code is linked up, so that the digital key code is ensured to be not modifiable, and the digital key code is obtained through the key code, so that irrelevant personnel cannot obtain a corresponding key from a block chain platform, and the key is not modifiable and the confidentiality of the key is ensured.
The method for decrypting the received data by the data receiver comprises the following steps:
acquiring the received identification ID and the encrypted ciphertext, acquiring the corresponding digital key code on the block chain platform, and sending the acquired digital key code to a code library to acquire the corresponding key; and matching the corresponding encrypted data in the key database through the key to obtain a decryption algorithm in the encrypted data, decrypting the encrypted ciphertext transmitted by the corresponding data transmission channel through the decryption algorithm and the key to obtain a rear-end plaintext, and integrating a plurality of rear-end plaintexts according to the number to obtain data sent by a data sender.
The internal encryption module is used for encrypting data stored in the computer, the internal encryption adopts an active encryption mode, namely, the data which is encrypted by a user is encrypted, because the computer always has various reasons to use the computer of the user, in the using process of the computer, the data which is encrypted by the user is encrypted to ensure the personal privacy of the user, the targeted encryption is realized, and the invalidity and the repeatability caused by large-area encryption are avoided, and the specific working method of the internal encryption module comprises the following steps:
acquiring data needing internal encryption, and marking the data as internal data to be encrypted, wherein the internal data to be encrypted is marked by a user; carrying out attribute identification on the internal data to be encrypted to obtain attribute special values, establishing a space domain model, inputting the attribute special values into the space domain model to obtain a corresponding segmentation mode of the internal data to be encrypted, and segmenting the internal data to be encrypted according to the obtained segmentation mode; establishing an internal database, wherein a plurality of storage nodes are arranged in the internal database, and the segmented internal data to be encrypted and the segmentation mode are compressed and then stored in the corresponding storage nodes; setting a corresponding encryption algorithm and a decryption algorithm for each storage node, encrypting through the corresponding encryption algorithm when detecting that data are stored in the storage nodes, setting a linkage starting condition for the decryption algorithm, decrypting each encryption algorithm to obtain corresponding encrypted data after the linkage starting condition is verified successfully, and integrating the encrypted data according to a corresponding segmentation mode to obtain corresponding internal data to be encrypted.
Because every storage node all corresponds an encryption algorithm and a decryption algorithm, single decryption is too loaded down with trivial details and low efficiency, through setting up the linkage start condition, when satisfying the linkage start condition, the decryption algorithm that corresponds decrypts, obtains corresponding encrypted data, accomplishes decryption work fast, and through carrying out the inside separately encryption and the different encryption of waiting to encrypt the data, further improvement encrypts the security of data.
The method for carrying out attribute identification on the internal data to be encrypted comprises the following steps:
defining an attribute class table, namely setting data attributes such as file types, text types, picture types, drawing types, video types and the like according to the data attributes possibly existing in a computer, setting corresponding assignment for each data attribute, identifying internal data to be encrypted according to the attribute class table, obtaining corresponding attribute assignment, collecting special values of the internal data to be encrypted, wherein the special values refer to distinguishing values of the data to be encrypted, such as values of memory occupation ratio, playing time and the like of videos, the special values of different attributes are provided with corresponding special value formats, specifically performing discussion setting by an expert group, and integrating the obtained attribute assignment and the special values into attribute special values.
The method for establishing the airspace model comprises the following steps:
acquiring an attribute class table, establishing a point location model, setting a plurality of groups of simulation point locations through the point location model based on the attribute class table, establishing a plurality of space coordinate systems based on the attribute class table, and marking corresponding attribute labels, wherein the simulation point locations corresponding to different attributes have different formats and cannot be positioned in the same space coordinate system; inputting simulation point locations into a corresponding space coordinate system, identifying attribute data corresponding to each simulation point location in the space coordinate system, clustering the simulation point locations in the space coordinate system based on the identified attribute data to obtain a point location set, setting a corresponding coordinate area according to the point location set, and marking corresponding attribute feature labels; the attribute feature tag is set according to the attribute of the corresponding coordinate area; and setting a corresponding data segmentation mode for the coordinate area, performing discussion setting by an expert group, and integrating all current space coordinate systems into a space domain model.
The working method of the spatial domain model comprises the following steps:
acquiring the input attribute special value, identifying a space coordinate system corresponding to the attribute special value, inputting the attribute special value into the corresponding space coordinate system, identifying a coordinate area where the attribute special value is located, and outputting a corresponding data segmentation mode.
The point location model is established based on the CNN network or the DNN network and is used for setting corresponding simulation point locations according to the attribute class table, the simulation point locations are the same as the attribute special values, and the specific establishing and training process is common knowledge in the field, so detailed description is omitted.
The step of clustering the simulation point locations in the spatial coordinate system based on the identified attribute data is to set clustering limit conditions according to the attribute data and then perform clustering according to the set limit conditions, and the specific clustering process is common knowledge in the art, so detailed description is omitted.
The method for setting the corresponding coordinate area according to the point collection set comprises the following steps: marking simulation point locations positioned at the periphery of the point location aggregate as boundary points, taking the boundary points as original points to perform outward divergence, realizing the combination of divergent regions of the boundary points of adjacent point location aggregates, and realizing full coverage, wherein the size of a specific divergent region is set according to the parameter attribute corresponding to the boundary points; the discussion setting can be carried out by an expert group, or the intelligent setting can be carried out by establishing a neural network model; and then the internal area is surrounded to form a coordinate area.
In one embodiment, the method for setting the linkage starting condition for the decryption algorithm comprises the following steps:
identifying keys corresponding to each encryption algorithm, combining the identified keys to obtain combined data, dividing the combined data into N data segments, wherein N is a positive integer greater than zero, obtaining a high-definition image, dividing the high-definition image into M image blocks, wherein M is a positive integer greater than zero and M is greater than N, randomly selecting N image blocks from a plurality of image blocks, randomly distributing the data segments into the N image blocks according to the sequence, marking the unselected image blocks in the high-definition image as interference blocks, marking the number of the interference blocks as Z, wherein Z is a positive integer greater than zero, randomly setting interference data segments in the interference blocks, changing the positions of each image block and the interference blocks, and marking the high-definition image as an encrypted image; and when the position of the encrypted picture is restored to the preset image, automatically outputting corresponding combined data, and finishing the verification of the linkage starting condition.
In another embodiment, a method for setting linked start conditions for a decryption algorithm includes:
storing user verification information, such as fingerprint information, facial identification information and other verification information, setting an external verification unit, connecting with a mobile phone of a user through the external verification unit, acquiring verification information of verification personnel through the connected mobile phone, comparing the acquired verification information with the stored user verification information, and when the verification requirements are met, successfully verifying the linkage starting conditions, otherwise, failing the verification.
In order to further increase the security of the encrypted data, the previous embodiment is optimized, and the specific method includes:
setting different fingerprint verification information by a user, respectively marking the fingerprint verification information as obfuscated fingerprint information and associated fingerprint information, setting a corresponding number of obfuscated storage nodes in an internal database according to the number and the types of the obfuscated fingerprint information, storing storage data specified by the user in the obfuscated storage nodes, and associating the obfuscated fingerprint information with the corresponding obfuscated storage nodes; setting the associated fingerprint information as verification information of linkage starting conditions; the method comprises the steps that an external verification unit is arranged and is connected with a mobile phone of a user through the external verification unit, verification information of verification personnel is collected through the connected mobile phone, and when the collected verification information is obfuscated fingerprint information, stored data corresponding to obfuscated storage nodes are directly matched; when the collected verification information is the associated fingerprint information, the linkage starting condition is successfully verified, and when the collected verification information is neither the obfuscated fingerprint information nor the associated fingerprint information, the operation is not performed.
A computer data security encryption method specifically comprises the following steps:
the method comprises the following steps: identifying the encrypted data category, wherein the encrypted data category comprises internal data to be encrypted and encrypted transmission data; entering a second step when the encrypted data type is encrypted transmission data; entering a fifth step when the encrypted data category is internal data to be encrypted;
step two: establishing a key database and a coding database, sharing the key database and the coding database to a data sending party and a data receiving party, establishing D data transmission channels, randomly matching D encrypted data from the key database according to the attribute of the encrypted transmission data, and setting arrangement numbers on the encrypted data;
step three: dividing the encrypted transmission data into D parts, encrypting according to the obtained encrypted data, and sending the encrypted data to a data receiver through a corresponding data transmission channel;
step four: coding a key in the encrypted data to form a digital key code; sending the digital key code to a block chain platform for uplink to obtain a unique identification ID, and sending the identification ID to a data receiver through a corresponding data transmission channel; the data receiver decrypts the received data;
step five: establishing an airspace model, segmenting the internal data to be encrypted, compressing the segmented internal data to be encrypted and the segmentation mode, and storing the compressed data to be encrypted and the segmented data to corresponding storage nodes;
step six: encrypting the data stored in the storage nodes, setting linkage starting conditions for corresponding decryption algorithms, and decrypting each encryption algorithm to obtain corresponding encrypted data after the linkage starting conditions are verified successfully;
step seven: and integrating the encrypted data according to the corresponding segmentation mode to obtain the corresponding internal data to be encrypted.
Although the present invention has been described in detail with reference to the preferred embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted for elements thereof without departing from the spirit and scope of the present invention.

Claims (8)

1. A computer data security encryption system is characterized by comprising an internal encryption module, an encryption transmission module and a server; the internal encryption module is used for encrypting internal storage data of the computer, acquiring data needing internal encryption, marking the data as internal data to be encrypted, dividing the internal data to be encrypted, establishing an internal database, arranging a plurality of storage nodes in the internal database, compressing the divided internal data to be encrypted and a division mode, and storing the compressed data into the corresponding storage nodes; setting a corresponding encryption algorithm and a decryption algorithm for each storage node, encrypting through the corresponding encryption algorithm when detecting that data are stored in the storage nodes, setting a linkage starting condition for the decryption algorithm, decrypting each encryption algorithm to obtain corresponding encrypted data after the linkage starting condition is verified successfully, and integrating the encrypted data according to a corresponding segmentation mode to obtain corresponding internal data to be encrypted;
the encryption transmission module is used for encrypting and transmitting computer data, establishing a key bank, wherein the key bank is used for storing encrypted data, the encrypted data comprises an encryption algorithm, a decryption algorithm and a key, establishing a coding bank, coding the key in the encrypted data to form a digital key code, and setting a sharing unit to share the key bank and the coding bank to a data sending party and a data receiving party; establishing D data transmission channels, acquiring data to be encrypted and transmitted, randomly matching D encrypted data from a key bank according to the attribute of the encrypted and transmitted data, setting a serial number on the encrypted data, and acquiring an encryption algorithm and a key of the encrypted data; dividing the encrypted transmission data into D parts, marking the serial numbers of the parts corresponding to the serial numbers on the encrypted data, marking each part of data to be encrypted as a front-end plaintext, encrypting the front-end plaintext through an encryption algorithm and a key corresponding to the serial numbers, marking the encrypted front-end plaintext as an encrypted ciphertext, and sending the encrypted ciphertext to a data receiver through a corresponding data transmission channel; and sending the digital key code to a block chain platform for cochain to obtain a unique identification ID, and sending the identification ID to a data receiver through a corresponding data transmission channel.
2. The computer data security encryption system of claim 1, wherein the method for the data receiver to decrypt the received data comprises:
acquiring the received identification ID and the encrypted ciphertext, acquiring a corresponding digital key code on the block chain platform, and sending the acquired digital key code to a code library to acquire a corresponding key; and matching the corresponding encrypted data in the key database through the key to obtain a decryption algorithm in the encrypted data, decrypting the encrypted ciphertext transmitted by the corresponding data transmission channel through the decryption algorithm and the key to obtain a rear-end plaintext, and integrating a plurality of rear-end plaintexts according to the number to obtain data sent by a data sender.
3. The computer data security encryption system of claim 1, wherein D is a positive integer, and D ≧ 3.
4. The computer data security encryption system of claim 1, wherein the method for partitioning the data to be encrypted inside comprises:
and performing attribute identification on the internal data to be encrypted to obtain attribute special values, establishing a space domain model, inputting the attribute special values into the space domain model to obtain a corresponding segmentation mode of the internal data to be encrypted, and segmenting the internal data to be encrypted according to the obtained segmentation mode.
5. The computer data security encryption system of claim 4, wherein the method of establishing the spatial domain model comprises:
acquiring an attribute class table, establishing a point location model, setting a plurality of groups of simulation point locations through the point location model based on the attribute class table, establishing a plurality of space coordinate systems based on the attribute class table, marking corresponding attribute labels, inputting the simulation point locations into the corresponding space coordinate systems, identifying attribute data corresponding to each simulation point location in the space coordinate systems, clustering the simulation point locations in the space coordinate systems based on the identified attribute data to obtain a point location set, setting a corresponding coordinate area according to the point location set, and marking corresponding attribute feature labels; and setting a corresponding data segmentation mode for the coordinate area, and integrating all current space coordinate systems into a space domain model.
6. The computer data security encryption system of claim 5, wherein the spatial domain model is operated by the method comprising:
the method comprises the steps of obtaining input attribute special values, identifying a space coordinate system corresponding to the attribute special values, inputting the attribute special values into the corresponding space coordinate system, identifying a coordinate area where the attribute special values are located, and outputting a corresponding data segmentation mode.
7. The system of claim 1, wherein the method for setting the linkage starting condition for the decryption algorithm comprises:
setting different fingerprint verification information by a user, respectively marking the fingerprint verification information as obfuscated fingerprint information and associated fingerprint information, setting a corresponding number of obfuscated storage nodes in an internal database according to the number and the types of the obfuscated fingerprint information, storing storage data specified by the user in the obfuscated storage nodes, and associating the obfuscated fingerprint information with the corresponding obfuscated storage nodes; setting the associated fingerprint information as verification information of linkage starting conditions; the method comprises the steps that an external verification unit is arranged and is connected with a mobile phone of a user through the external verification unit, verification information of a verification person is collected through the connected mobile phone, and when the collected verification information is the obfuscation fingerprint information, the storage data corresponding to the obfuscation storage node are directly matched; and when the acquired verification information is the associated fingerprint information, the linkage starting condition is successfully verified.
8. A computer data security encryption method, applied to the computer data security encryption system according to any one of claims 1 to 7, specifically comprising:
the method comprises the following steps: identifying the encrypted data category, wherein the encrypted data category comprises internal data to be encrypted and encrypted transmission data; entering a second step when the encrypted data type is encrypted transmission data; entering a fifth step when the encrypted data category is internal data to be encrypted;
step two: establishing a key database and a coding database, sharing the key database and the coding database to a data sending party and a data receiving party, establishing D data transmission channels, randomly matching D encrypted data from the key database according to the attribute of the encrypted transmission data, and setting arrangement numbers on the encrypted data;
step three: dividing the encrypted transmission data into D parts, encrypting according to the obtained encrypted data, and sending the encrypted data to a data receiver through a corresponding data transmission channel;
step four: coding a key in the encrypted data to form a digital key code; sending the digital key code to a block chain platform for uplink to obtain a unique identification ID, and sending the identification ID to a data receiver through a corresponding data transmission channel; the data receiver decrypts the received data;
step five: establishing an airspace model, segmenting the internal data to be encrypted, compressing the segmented internal data to be encrypted and the segmentation mode, and storing the compressed data to be encrypted and the segmented data to corresponding storage nodes;
step six: encrypting the data stored in the storage nodes, setting linkage starting conditions for corresponding decryption algorithms, and decrypting each encryption algorithm to obtain corresponding encrypted data after the linkage starting conditions are verified successfully;
step seven: and integrating the encrypted data according to the corresponding segmentation mode to obtain corresponding internal data to be encrypted.
CN202210272858.8A 2022-03-18 2022-03-18 Computer data security encryption method and system Active CN114640523B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210272858.8A CN114640523B (en) 2022-03-18 2022-03-18 Computer data security encryption method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210272858.8A CN114640523B (en) 2022-03-18 2022-03-18 Computer data security encryption method and system

Publications (2)

Publication Number Publication Date
CN114640523A CN114640523A (en) 2022-06-17
CN114640523B true CN114640523B (en) 2023-01-20

Family

ID=81950436

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210272858.8A Active CN114640523B (en) 2022-03-18 2022-03-18 Computer data security encryption method and system

Country Status (1)

Country Link
CN (1) CN114640523B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115065566A (en) * 2022-08-18 2022-09-16 广州万协通信息技术有限公司 Security chip encryption method and device for multi-channel data encryption processing
CN116010520B (en) * 2022-12-30 2023-06-30 航天广通科技(深圳)有限公司 Secret data storage method, device, equipment and storage medium based on block chain
CN116208420B (en) * 2023-03-08 2024-03-12 武汉维高凡科技有限公司 Monitoring information safety transmission method, system, equipment and storage medium
CN116436601B (en) * 2023-04-12 2023-12-01 山东三木众合信息科技股份有限公司 Intelligent data encryption method and system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102594920A (en) * 2012-03-20 2012-07-18 广东凌康科技有限公司 Remote data transmission system
WO2016010604A2 (en) * 2014-04-28 2016-01-21 Topia Technology, Inc. Systems and methods for security hardening of data in transit and at rest via segmentation, shuffling and multi-key encryption
JP2019029761A (en) * 2017-07-27 2019-02-21 京セラドキュメントソリューションズ株式会社 Information processing apparatus and method for controlling information processing apparatus
CN113194083A (en) * 2021-04-26 2021-07-30 鸣飞伟业技术有限公司 Method for transmitting throwing after video segmentation encryption
CN113129395B (en) * 2021-05-08 2021-09-10 深圳市数存科技有限公司 Data compression encryption system

Also Published As

Publication number Publication date
CN114640523A (en) 2022-06-17

Similar Documents

Publication Publication Date Title
CN114640523B (en) Computer data security encryption method and system
CN101436208B (en) Ciphertext database privacy protection enquiring method
CN1197023C (en) Method and system for securely transferring data set in a data communications system
CN106972927B (en) Encryption method and system for different security levels
TWI769753B (en) Image classification method and device for protecting data privacy
CN1068486C (en) A method for point-to-point communications within secure communication systems
CN106921493B (en) Encryption method and system
CN106911712B (en) Encryption method and system applied to distributed system
CN109274644A (en) A kind of data processing method, terminal and watermark server
CN114218322B (en) Data display method, device, equipment and medium based on ciphertext transmission
CN113411328B (en) Efficient transmission system based on data pre-identification sensitive data
CN110213202B (en) Identification encryption matching method and device, and identification processing method and device
CN109754322A (en) A kind of data service system
US20220191178A1 (en) Method and system for secure information distribution based on group shared key
CN112380404B (en) Data filtering method, device and system
CN106022158A (en) A takeout management system for file datas
CN114629701B (en) Information display system based on information encryption
CN112231309A (en) Method, device, terminal equipment and medium for removing duplicate of longitudinal federal data statistics
CN114422230B (en) Information transmission system based on data encryption
KR100995123B1 (en) Methods and apparatuses for cipher indexing in order to effective search of ciphered-database
CN105872013A (en) Cloud computing system
CN112311536B (en) Key hierarchical management method and system
CN112637442B (en) Method and device for encrypting circulating images by cloud server and local end
CN111970207A (en) Safe real-time data transmission system and method based on video two-dimension code recognition
CN109120589B (en) Terminal information protection method and device based on encryption password

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20230103

Address after: 518000 room 702, building D2, Kexing Science Park, No. 15, Keyuan Road, Science Park community, Yuehai street, Nanshan District, Shenzhen, Guangdong

Applicant after: Shenzhen Gosling Network Technology Co.,Ltd.

Address before: No. 2108, 21 / F, Xueli international, No. 999, Jinwa Road, Panlong District, Kunming, Yunnan 650233

Applicant before: Yunnan Jinshan Technology Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant