CN115001813A - Information security method, system, equipment and medium - Google Patents

Information security method, system, equipment and medium Download PDF

Info

Publication number
CN115001813A
CN115001813A CN202210610419.3A CN202210610419A CN115001813A CN 115001813 A CN115001813 A CN 115001813A CN 202210610419 A CN202210610419 A CN 202210610419A CN 115001813 A CN115001813 A CN 115001813A
Authority
CN
China
Prior art keywords
encryption
key
user
level
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210610419.3A
Other languages
Chinese (zh)
Other versions
CN115001813B (en
Inventor
陈轩毅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanxi Xidian Information Technology Research Institute Co ltd
Original Assignee
Shanxi Xidian Information Technology Research Institute Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanxi Xidian Information Technology Research Institute Co ltd filed Critical Shanxi Xidian Information Technology Research Institute Co ltd
Priority to CN202210610419.3A priority Critical patent/CN115001813B/en
Publication of CN115001813A publication Critical patent/CN115001813A/en
Application granted granted Critical
Publication of CN115001813B publication Critical patent/CN115001813B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an information security method, equipment, a system and a medium, wherein the method comprises the following steps: acquiring data to be encrypted sent by a target user and an encryption level corresponding to the data to be encrypted; determining an encryption strategy according to the encryption level; wherein the encryption policy comprises an encryption key and a storage key; and encrypting and storing the data to be encrypted according to the encryption strategy. The information security confidentiality method provided by the embodiment of the invention provides different levels of keys for users in different levels, provides different encryption keys and storage keys for the users in the same level by setting different levels of key parameters, realizes the encryption of confidential information through the encryption keys, and realizes the encryption of confidential information addresses through the storage keys, thereby ensuring the security of data.

Description

Information security method, system, equipment and medium
Technical Field
The invention relates to the technical field of information security, in particular to an information security method, an information security system, information security equipment and an information security medium.
Background
At present, the existing data has relatively low security because the encryption mode is relatively simple and the key used for decryption is generally set by the user; in addition, the storage address of the system is generally fixed, and a user can find the position where the secret information is stored through a fixed storage path, so that an illegal molecule can still decrypt the secret information through illegal decryption after finding the corresponding secret information at the cloud end to obtain the content of the secret information, and the secret information is easy to steal.
Disclosure of Invention
In view of the defects in the prior art, the invention provides an information security and secrecy method, system, device and medium.
In a first aspect, a method for securing information includes the following:
acquiring data to be encrypted sent by a target user and an encryption level corresponding to the data to be encrypted;
determining an encryption strategy according to the encryption level; wherein the encryption policy comprises an encryption key and a storage key;
and encrypting and storing the data to be encrypted according to the encryption strategy.
Preferably, the obtaining of the data to be encrypted sent by the target user and the encryption level corresponding to the data to be encrypted further includes:
performing identity authentication on a target user;
after the identity authentication of the target user is successful, performing level authentication on the target user;
after the target user level authentication is successful, determining a level key and a level key sequence corresponding to the target user from a user database according to the user level, wherein the level key sequence is used for representing a set from the lowest user level to the level key corresponding to the user level of the target user.
Preferably, the authenticating the user identity includes:
acquiring identity information of a target user, and extracting a user identifier from the identity information;
and searching corresponding identity information in a user database according to the user identification, and if the query is successful, the user identity authentication is successful.
Preferably, the performing of the hierarchical authentication on the target user includes:
determining the user grade of the target user from a user database according to the user identification;
sending a level authentication request to at least one other user with a user level higher than the target user;
and other users return confirmation information according to the grade authentication request, and the grade authentication of the user is successful.
Preferably, the determining an encryption policy according to the encryption level includes:
determining a grade key parameter according to the encryption grade;
and calculating an encryption key and a storage key according to the grade key parameter, the grade key and the grade key sequence.
Preferably, the formula for calculating the encryption key and the storage key according to the rank key parameter, the rank key and the rank key sequence is as follows:
E s =E m E m+1 …(E K ) 2
E f =E 1 E 2 …E m-1 E K
wherein E is s Representing an encryption key, E f Representing a storage key, E K And m represents a grade key parameter corresponding to the grade of the target user.
Preferably, the encrypting and storing the data to be encrypted according to the encryption policy includes:
encrypting data to be encrypted by using the encryption key to obtain secret data, and storing the secret data;
and acquiring a storage address of the confidential data, encrypting the storage address by using a storage key to obtain a target access code, and realizing the access of the confidential information through the target access code.
In a second aspect, an information security system includes:
the device comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring data to be encrypted sent by a target user and an encryption level corresponding to the data to be encrypted;
a determining module, configured to determine an encryption policy according to the encryption level; wherein the encryption policy comprises an encryption key and a storage key;
and the execution module is used for encrypting and storing the data to be encrypted according to the encryption strategy.
In a third aspect, an information security and privacy device includes: at least one memory and at least one processor;
the at least one memory to store a machine readable program;
the at least one processor, configured to invoke the machine readable program to perform the method of any of claims 1-7.
In a fourth aspect, a computer readable medium has stored thereon computer instructions which, when executed by a processor, cause the processor to perform the above-described method.
The invention has the following beneficial effects: the information security confidentiality method provided by the embodiment of the invention provides different levels of keys for users in different levels, provides different encryption keys and storage keys for the users in the same level by setting different levels of key parameters, and realizes the encryption of confidential information and the encryption of confidential information addresses through the encryption keys, thereby ensuring the security of data. Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the detailed description of the invention or the technical solutions in the prior art, the drawings that are needed in the detailed description of the invention or the prior art will be briefly described below. Throughout the drawings, like elements or portions are generally identified by like reference numerals. In the drawings, elements or portions are not necessarily drawn to scale.
FIG. 1 is a schematic flow chart of a method for securing information according to embodiment 1 of the present invention;
FIG. 2 is a schematic structural diagram of an information security system according to embodiment 2 of the present invention;
fig. 3 is a schematic structural diagram of an information security device according to embodiment 3 of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and therefore are only examples, and the protection scope of the present invention is not limited thereby.
It is to be noted that, unless otherwise specified, technical or scientific terms used herein shall have the ordinary meaning as understood by those skilled in the art to which the invention pertains.
Example 1
Referring to fig. 1, fig. 1 is a method for securing information according to an embodiment of the present invention, the method including the following steps:
the method comprises the following steps: acquiring data to be encrypted sent by a target user and an encryption level corresponding to the data to be encrypted;
it should be noted that, before obtaining the data to be encrypted sent by the target user and the encryption level corresponding to the data to be encrypted, the method further includes: performing identity authentication on a target user; after the identity authentication of the target user is successful, performing grade authentication on the target user; after the target user level is successfully authenticated, determining a level key and a level key sequence corresponding to the target user from a user database according to the user level, wherein the level key sequence is used for representing a set from a lowest user level to the level key corresponding to the user level of the target user.
It should be noted that the authenticating the user identity includes: acquiring identity information of a target user, and extracting a user identifier from the identity information; and searching corresponding identity information in a user database according to the user identification, and if the query is successful, the user identity authentication is successful.
It should be noted that, performing hierarchical authentication on the target user includes: determining the user grade of the target user from a user database according to the user identification; sending a level authentication request to at least one other user with a user level higher than the target user; and other users return confirmation information according to the level authentication request, and the user level authentication is successful.
By the method, the level key of the user is bound with the user level and the user identity, so that the uniqueness and the safety of the level key are ensured.
Step two: determining an encryption strategy according to the encryption level; wherein the encryption policy comprises an encryption key and a storage key;
it should be noted that the determining an encryption policy according to the encryption level includes: determining a grade key parameter according to the encryption grade; and calculating an encryption key and a storage key according to the grade key parameter, the grade key and the grade key sequence.
It should be noted that, the formula for calculating the encryption key and the storage key according to the level key parameter, the level key, and the level key sequence is as follows:
E s =E m E m+1 …(E K ) 2
E f =E 1 E 2 …E m-1 E K
wherein, E s Representing an encryption key, E f Representing a storage key, E K And m represents a grade key corresponding to the grade of the target user.
In the embodiment of the invention, the grade key parameter is less than or equal to the grade of the user, if the user is a five-grade user, the selectable grade key parameter is 1-5, and the grade key sequence can be changed by changing the grade key parameter, so that the combination mode of the storage key and the encryption key is changed, that is, the encryption key and the storage key of the user are difficult to crack by the user at the same grade, and the security of the confidential information is further improved.
Step three: and encrypting and storing the data to be encrypted according to the encryption strategy.
It should be noted that, the encrypting and storing the data to be encrypted according to the encryption policy includes: encrypting data to be encrypted by using the encryption key to obtain secret data, and storing the secret data; and acquiring a storage address of the confidential data, encrypting the storage address by using a storage key to obtain a target access code, and realizing the access of the confidential information through the target access code.
In some embodiments, the user id may also be encrypted by an encryption key and a storage key, the data to be encrypted is encrypted by the id encrypted by the encryption key to obtain the secret information, the storage address of the secret information is encrypted by the id encrypted by the storage key to obtain the target access code, and the access to the secret information is realized by the target access code. Therefore, the identity identification code of the user is bound with the encryption key and the storage key, and the security of the confidential information is further improved.
It should be understood that when accessing the secure information through the target access code, the user is authorized to decode the target access code, thereby enabling access to the secure information.
Example 2
Referring to fig. 2, fig. 2 is a system for securing information according to an embodiment of the present invention, the system including: the device comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring data to be encrypted sent by a target user and an encryption level corresponding to the data to be encrypted; a determining module, configured to determine an encryption policy according to the encryption level; wherein the encryption policy comprises an encryption key and a storage key; and the execution module is used for encrypting and storing the data to be encrypted according to the encryption strategy.
The system provided by the embodiment of the present invention and the method provided by the above embodiment are based on the same inventive concept, and therefore, reference is made to the above embodiment for more specific working principles of each module in this embodiment, which is not described herein again.
Example 3
Referring to fig. 3, fig. 3 is a diagram of an information security device according to an embodiment of the present invention, where the electronic device includes: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method described above. Also, the electronic device may be implemented in any one or combination of hardware, software, firmware, or solid state logic circuitry, and may be implemented in connection with signal processing, control, and/or application specific circuitry.
Embodiments of the invention provide embodiments that may be implemented in any one or combination of hardware, software, firmware, or solid state logic circuitry, and may be implemented in combination with signal processing, control, and/or special purpose circuitry. Particular embodiments of the present invention provide an apparatus or device that may include one or more processors (e.g., microprocessors, controllers, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs), etc.) that process various computer-executable instructions to control the operation of the apparatus or device. Particular embodiments of the present application provide an apparatus or device that can include a system bus or data transfer system that couples the various components together. A system bus can include any of several different bus structures or combinations of different bus structures, such as a memory bus or memory controller, a peripheral bus, a universal serial bus, and/or a processor or local bus that utilizes any of a variety of bus architectures. The devices or apparatuses provided in the embodiments of the present application may be provided separately, or may be part of a system, or may be part of other devices or apparatuses.
Particular embodiments provided by embodiments of the present invention can include or be combined with computer-readable storage media, such as one or more storage devices capable of providing non-transitory data storage. The computer-readable storage medium/storage device may be configured to store data, programmers and/or instructions that, when executed by a processor of an apparatus or device provided by embodiments of the present application, cause the apparatus or device to perform operations associated therewith. The computer-readable storage medium/storage device may include one or more of the following features: volatile, non-volatile, dynamic, static, read/write, read-only, random access, sequential access, location addressability, file addressability, and content addressability. In one or more exemplary embodiments, the computer-readable storage medium/storage device may be integrated into a device or apparatus provided in the embodiments of the present application or belong to a common system. The computer-readable storage medium/memory device may include optical, semiconductor, and/or magnetic memory devices, etc., and may also include Random Access Memory (RAM), flash memory, read-only memory (ROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), registers, a hard disk, a removable disk, a recordable and/or rewriteable Compact Disc (CD), a Digital Versatile Disc (DVD), a mass storage media device, or any other form of suitable storage media.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being covered by the appended claims and their equivalents.

Claims (10)

1. An information security method, characterized in that the method comprises the following steps:
acquiring data to be encrypted sent by a target user and an encryption level corresponding to the data to be encrypted;
determining an encryption strategy according to the encryption level; wherein the encryption policy comprises an encryption key and a storage key;
and encrypting and storing the data to be encrypted according to the encryption strategy.
2. The method according to claim 1, wherein the obtaining of the data to be encrypted sent by the target user and the encryption level corresponding to the data to be encrypted further comprises:
performing identity authentication on a target user;
after the identity authentication of the target user is successful, performing level authentication on the target user;
after the target user level is successfully authenticated, determining a level key and a level key sequence corresponding to the target user from a user database according to the user level of the target user, wherein the level key sequence is used for representing a set from the lowest user level to the level key corresponding to the user level of the target user.
3. The method of claim 2, wherein authenticating the identity of the user comprises:
acquiring identity information of a target user, and extracting a user identifier from the identity information;
and searching corresponding identity information in a user database according to the user identification, and if the query is successful, the user identity authentication is successful.
4. The method of claim 2, wherein the performing a hierarchical authentication of the target user comprises:
determining the user grade of the target user from a user database according to the user identification;
sending a level authentication request to at least one other user with a user level higher than the target user;
and other users return confirmation information according to the grade authentication request, and the grade authentication of the target user is successful.
5. The method of claim 2, wherein determining an encryption policy based on the encryption level comprises:
determining a grade key parameter according to the encryption grade;
and calculating an encryption key and a storage key according to the grade key parameter, the grade key and the grade key sequence.
6. The method of claim 5, wherein the formula for calculating the encryption key and the storage key according to the rank key parameter, the rank key, and the rank key sequence is:
E s =E m E m+1 …(E K ) 2
E f =E 1 E 2 …E m-1 E K
wherein E is s Denotes an encryption key, E f Representing a storage key, E K And m represents a grade key parameter corresponding to the grade of the target user.
7. The method according to claim 6, wherein the encrypting and storing the data to be encrypted according to the encryption policy comprises:
encrypting data to be encrypted by using the encryption key to obtain secret data, and storing the secret data;
and acquiring a storage address of the confidential data, encrypting the storage address by using a storage key to obtain a target access code, and realizing the access of the confidential information through the target access code.
8. An information security system, comprising:
the device comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring data to be encrypted sent by a target user and an encryption level corresponding to the data to be encrypted;
a determining module, configured to determine an encryption policy according to the encryption level; wherein the encryption policy comprises an encryption key and a storage key;
and the execution module is used for encrypting and storing the data to be encrypted according to the encryption strategy.
9. An information security device, comprising: at least one memory and at least one processor;
the at least one memory to store a machine readable program;
the at least one processor, configured to invoke the machine readable program to perform the method of any of claims 1-7.
10. A computer readable medium having stored thereon computer instructions which, when executed by a processor, cause the processor to perform the method of any of claims 1-7.
CN202210610419.3A 2022-05-31 2022-05-31 Information security method, system, equipment and medium Active CN115001813B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210610419.3A CN115001813B (en) 2022-05-31 2022-05-31 Information security method, system, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210610419.3A CN115001813B (en) 2022-05-31 2022-05-31 Information security method, system, equipment and medium

Publications (2)

Publication Number Publication Date
CN115001813A true CN115001813A (en) 2022-09-02
CN115001813B CN115001813B (en) 2023-11-10

Family

ID=83032082

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210610419.3A Active CN115001813B (en) 2022-05-31 2022-05-31 Information security method, system, equipment and medium

Country Status (1)

Country Link
CN (1) CN115001813B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102457377A (en) * 2011-08-08 2012-05-16 中标软件有限公司 Role-based web remote authentication and authorization method and system thereof
CN104065483A (en) * 2014-06-06 2014-09-24 武汉理工大学 Identity-based cryptograph (IBC) classified using method of electronic communication identities
CN108133155A (en) * 2017-12-29 2018-06-08 北京联想核芯科技有限公司 Data encryption storage method and device
US20180374097A1 (en) * 2015-11-09 2018-12-27 Roger Hanna A distributed user profile identity verification system for e-commerce transaction security
US20190050398A1 (en) * 2016-04-18 2019-02-14 Shenzhen University File storage method, file search method and file storage system based on public-key encryption with keyword search
CN110099048A (en) * 2019-04-19 2019-08-06 中共中央办公厅电子科技学院(北京电子科技学院) A kind of cloud storage method and apparatus

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102457377A (en) * 2011-08-08 2012-05-16 中标软件有限公司 Role-based web remote authentication and authorization method and system thereof
CN104065483A (en) * 2014-06-06 2014-09-24 武汉理工大学 Identity-based cryptograph (IBC) classified using method of electronic communication identities
US20180374097A1 (en) * 2015-11-09 2018-12-27 Roger Hanna A distributed user profile identity verification system for e-commerce transaction security
US20190050398A1 (en) * 2016-04-18 2019-02-14 Shenzhen University File storage method, file search method and file storage system based on public-key encryption with keyword search
CN108133155A (en) * 2017-12-29 2018-06-08 北京联想核芯科技有限公司 Data encryption storage method and device
CN110099048A (en) * 2019-04-19 2019-08-06 中共中央办公厅电子科技学院(北京电子科技学院) A kind of cloud storage method and apparatus

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
刘贤刚;陈星;刘丽敏;: "多模多级网络身份认证框架研究", 信息技术与标准化, no. 1 *
夏晔;钱松荣;: "OpenID身份认证系统的认证等级模型研究", 微型电脑应用, no. 04 *

Also Published As

Publication number Publication date
CN115001813B (en) 2023-11-10

Similar Documents

Publication Publication Date Title
CN111723383B (en) Data storage and verification method and device
KR101507291B1 (en) Authenticator
US8984645B2 (en) Accessing memory device content using a network
US11329814B2 (en) Self-encryption drive (SED)
US20060232826A1 (en) Method, device, and system of selectively accessing data
US11783044B2 (en) Endpoint authentication based on boot-time binding of multiple components
US20220294644A1 (en) In-memory signing of messages with a personal identifier
CN109064596B (en) Password management method and device and electronic equipment
CN113261059A (en) Non-permanent unlocking for secure memory
US20240146525A1 (en) Batch Transfer of Control of Memory Devices over Computer Networks
CN111079157A (en) Secret fragmentation trusteeship platform based on block chain, equipment and medium
KR102544548B1 (en) Mitigate fraudulent memory access
CN108092937B (en) Method and system for preventing unauthorized access of Web system
CN110955904B (en) Data encryption method, data decryption method, processor and computer equipment
CN111783115A (en) Data encryption storage method and device, electronic equipment and storage medium
CN115001813B (en) Information security method, system, equipment and medium
JP2006268513A (en) Log-on management device for terminal device
US11736453B2 (en) Secure key storage devices
CN116450281A (en) Access processing method, virtual machine identifier configuration method, chip and computer equipment
US20220231858A1 (en) Control of Memory Devices over Computer Networks
CN115705438A (en) Conversational access to files in a file system installed in a secure memory device
US20220231838A1 (en) Server System to Control Memory Devices over Computer Networks
US20230370446A1 (en) Track Activities of components in Endpoints having Secure Memory Devices via Identity Validation
CN116611034A (en) Firmware starting method and system based on certificate authorization
CN112487502A (en) Equipment authentication method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant