CN115033907A - Data interaction method, system, device and storage medium - Google Patents
Data interaction method, system, device and storage medium Download PDFInfo
- Publication number
- CN115033907A CN115033907A CN202210845297.6A CN202210845297A CN115033907A CN 115033907 A CN115033907 A CN 115033907A CN 202210845297 A CN202210845297 A CN 202210845297A CN 115033907 A CN115033907 A CN 115033907A
- Authority
- CN
- China
- Prior art keywords
- data
- target data
- target
- configuration
- receiving end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/0671—In-line storage system
- G06F3/0673—Single storage device
- G06F3/0674—Disk device
- G06F3/0676—Magnetic disk device
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Human Computer Interaction (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a data interaction method, a data interaction system, data interaction equipment and a storage medium, and belongs to the technical field of data security. The method comprises the following steps: carrying out corresponding configuration on target data to be transmitted according to a preset configuration strategy; encrypting the configured target data to obtain encrypted data; and writing the encrypted data into a disk file, and sending the disk file to a corresponding data receiving end. That is to say, even if the encrypted data is cracked in the transmission process, the configured target data cannot be tampered due to the limitation of the operation authority of the configured target data, so that the target data is ensured to be still complete and correct when being transmitted to the data receiving end, and the safety of the data is further improved.
Description
Technical Field
The present application relates to the field of data security technologies, and in particular, to a data interaction method, system, device, and storage medium.
Background
With the rapid development of computer technology, data is gradually electronized, and data flow interaction between multiple ends can be performed through an internal network, a public network and a mobile storage medium. However, people must also face the security problems of data transmission caused by the openness of networks, computer software bugs, and the like while enjoying the convenience and quickness brought by data electronization. At present, the measures taken for the data transmission safety problem are to encrypt data when sending the data, and decrypt the data after the receiver receives the data. In the existing encryption method, a 'permutation table' algorithm or an improved version of the 'permutation table' algorithm is generally adopted, the encryption algorithm is too simple, and encrypted data is easy to be cracked in the data transmission process, so that data leakage or data tampering is caused, and the data security in the data interaction process is low.
Disclosure of Invention
The present application mainly aims to provide a data interaction method, system, device and storage medium, and aims to solve the technical problem of low data security in the existing data interaction process.
In order to achieve the above object, the present application provides a data interaction method, which is applied to a data sending end, and the data interaction method includes the following steps:
carrying out corresponding configuration on target data to be transmitted according to a preset configuration strategy;
encrypting the configured target data to obtain encrypted data;
and writing the encrypted data into a disk file, and sending the disk file to a corresponding data receiving end.
Optionally, before the step of performing corresponding configuration on the target data to be transmitted according to the preset configuration policy, the method further includes:
judging a storage directory corresponding to target data to be transmitted and an application process corresponding to the target data to be transmitted;
if the storage directory corresponding to the target data and one of the application processes corresponding to the target data are located in a restricted list, directly sending the target data to a corresponding data receiving end;
and if the storage directory corresponding to the target data and the application process corresponding to the target data are both outside the restricted list, executing a step of carrying out corresponding configuration on the target data to be sent according to a preset configuration strategy.
Optionally, the step of performing corresponding configuration on the target data to be sent according to a preset configuration policy includes:
determining authority configuration corresponding to the target data according to the target data and a data receiving end corresponding to the target data;
wherein the permission configuration at least comprises any one of the following items: authorizing a readable time, disabling a clipboard, read-only mode, disabling save-as, and disabling modify-save.
Optionally, when the right is configured to authorize a readable time, the step of determining the right configuration corresponding to the target data according to the target data and a data receiving end corresponding to the target data includes:
acquiring a data size and reading time range mapping relation corresponding to the target data from a preset mapping relation of a plurality of data sizes and reading time ranges according to the data type of the target data;
determining a reading duration range corresponding to the target data according to the data size of the target data and the mapping relation between the data size corresponding to the target data and the reading time range;
and determining the authorized readable time of the target data according to the reading duration range corresponding to the target data and the user level of the data receiving end corresponding to the target data in the interaction set.
Optionally, when the right is configured to disable a clipboard, a read-only mode, or disable another storage as or disable modified storage, the step of determining the right configuration corresponding to the target data according to the target data and the data receiving end corresponding to the target data includes:
determining the safety requirement level of the target data according to the data content of the target data;
and determining whether the target data is forbidden to be stored in a clipboard, a read-only mode, another memory or modified memory according to the security requirement level of the target data.
Optionally, the step of encrypting the configured target data to obtain encrypted data includes:
and encrypting the configured target data by adopting a symmetric encryption algorithm to obtain encrypted data.
In addition, to achieve the above object, the present application further provides a data interaction method applied to a data receiving end, where the data interaction method includes the following steps:
receiving a disk file sent by a data sending end;
decrypting the encrypted data in the disk file in the virtual optical drive to obtain target data;
and calling back the target data to an application process corresponding to the target data so that the application process runs the target data based on the configuration corresponding to the target data.
In addition, to achieve the above object, the present application further provides a data interaction system, including:
a data sender, the data sender configured to: carrying out corresponding configuration on target data to be transmitted according to a preset configuration strategy; encrypting the configured target data to obtain encrypted data; the data processing device is also used for writing the encrypted data into a disk file and sending the disk file to a corresponding data receiving end;
a data receiving end configured to: receiving a disk file sent by a data sending end; decrypting the encrypted data in the disk file in the virtual optical drive to obtain target data; and the target data is called back to the application process corresponding to the target data, so that the application process runs the target data based on the configuration corresponding to the target data.
In addition, to achieve the above object, the present application further provides a data interaction device, including: the data interaction program is configured to implement the steps of the data interaction method applied to the data sending end as described above, or the data interaction program is configured to implement the steps of the data interaction method applied to the data receiving end as described above.
In addition, to achieve the above object, the present application further provides a storage medium having a data interaction program stored thereon, where the data interaction program, when executed by a processor, implements the steps of the data interaction method applied to the data sending end, or the data interaction program, when executed by the processor, implements the steps of the data interaction method applied to the data receiving end, as described above
Compared with the prior art that the data security is low in the data interaction process, the data interaction method, the data interaction system, the data interaction equipment and the storage medium carry out corresponding configuration on target data to be sent according to a preset configuration strategy; encrypting the configured target data to obtain encrypted data; the encrypted data are written into the disk file, and the disk file is sent to the corresponding data receiving end, so that even if the encrypted data are cracked in the transmission process, the configured target data cannot be tampered due to the limitation of the operation authority of the configured target data, the target data are ensured to be complete and correct when being transmitted to the data receiving end, and the data security is further improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious for those skilled in the art to obtain other drawings without inventive exercise.
FIG. 1 is a schematic structural diagram of a data interaction device of a hardware operating environment according to an embodiment of the present application;
FIG. 2 is a schematic flowchart illustrating a first embodiment of a data interaction method according to the present application;
FIG. 3 is a flowchart illustrating a data interaction method according to a second embodiment of the present application;
FIG. 4 is a flowchart illustrating a data interaction method according to a third embodiment of the present application;
fig. 5 is a schematic structural diagram of a data interaction system according to a first embodiment of the present application.
The implementation, functional features and advantages of the objectives of the present application will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a data interaction device in a hardware operating environment according to an embodiment of the present application.
As shown in fig. 1, the data interaction device is applied to a data transmitting end, and may include: a processor 1001, such as a Central Processing Unit (CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a WIreless interface (e.g., a WIreless-FIdelity (WI-FI) interface). The Memory 1005 may be a Random Access Memory (RAM) Memory, or may be a Non-Volatile Memory (NVM), such as a disk Memory. The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the architecture shown in FIG. 1 does not constitute a limitation of data interaction devices, and may include more or fewer components than those shown, or some components in combination, or a different arrangement of components.
As shown in fig. 1, the memory 1005, which is a storage medium, may include therein an operating system, a data storage module, a network communication module, a user interface module, and a data interaction program.
In the data interaction device shown in fig. 1, the network interface 1004 is mainly used for data communication with other devices; the user interface 1003 is mainly used for data interaction with a user; the processor 1001 and the memory 1005 of the data interaction device may be disposed in the data interaction device, and the data interaction device invokes the data interaction program stored in the memory 1005 through the processor 1001 and executes the data interaction method applied to the data sending end provided by the embodiment of the present application.
In addition, the embodiment of the application also provides data interaction equipment which is applied to a data receiving end. The structure of the data interaction device applied to the data receiving end is the same as that of the data interaction device applied to the data sending end, and is not described herein again. The data interaction device applied to the data receiving end calls the data interaction program stored in the memory through the processor and executes the data interaction method applied to the data receiving end provided by the embodiment of the application.
An embodiment of the present application provides a data interaction method, which is applied to a data sending end, and referring to fig. 2, fig. 2 is a flowchart illustrating a first embodiment of the data interaction method according to the present application.
In this embodiment, the data interaction method includes the following steps:
and step S10, carrying out corresponding configuration on the target data to be sent according to a preset configuration strategy.
It should be noted that the target data to be transmitted may be analog data or digital data. Wherein, the analog data comprises sound, image, etc.; digital data includes documents, codes, and the like.
Specifically, the step of performing corresponding configuration on the target data to be transmitted according to a preset configuration policy includes:
and determining authority configuration corresponding to the target data according to the target data and a data receiving end corresponding to the target data.
It should be noted that the permission configuration at least includes any one of the following items: authorizing a readable time, disabling a clipboard, read-only mode, disabling save-as, and disabling modify-save.
The authorized readable time represents the time authorized by the data sending end to the data receiving end to read the target data through the corresponding application process. The authorized readable time may be started to time when the disk file sent by the data sending end is received from the data receiving end, or may be started to time when the application process corresponding to the target data in the data receiving end runs and displays the target data. When the timing time exceeds the authorized readable time, the data receiving end cannot run the display target data, or the display target data is run while messy codes are displayed.
Wherein disabling the clipboard means that the target data is copy-never copied.
The read-only mode indicates that the data receiving end can only read the target data and is prohibited from performing any operation on the target data.
Wherein, the forbidden save is the local disk which indicates that the target data is forbidden to save as the data receiving end.
Wherein, the modification-forbidden storage means that the target data is forbidden to be modified and stored as a local disk of the data receiving end.
When the authority configuration is authorized readable time, determining the authority configuration corresponding to the target data according to the target data and the data receiving end corresponding to the target data, including:
acquiring a data size and reading time range mapping relation corresponding to the target data from a preset mapping relation of a plurality of data sizes and reading time ranges according to the data type of the target data;
determining a reading duration range corresponding to the target data according to the data size of the target data and the mapping relation between the data size corresponding to the target data and the reading time range;
and determining the authorized readable time of the target data according to the reading duration range corresponding to the target data and the user level of the data receiving end corresponding to the target data in the interaction set.
In this embodiment, the preset mapping relationships between the data sizes and the reading duration ranges are all mapping relationship tables between the data sizes and the reading duration ranges, and each data type corresponds to a mapping relationship table between the data sizes and the reading duration ranges. The mapping relationship between the data size and the reading time range can be determined according to the historical parameters of multiple groups of users, for example, the historical reading time ranges of multiple groups of users corresponding to the target data with the data size of a byte are obtained, the average value and the median value of the historical reading time ranges of the multiple groups of users are calculated, the difference value between the average value and the median value is used as the upper and lower amplitude values of the reading time range, and when the data size is a byte, the reading time range corresponding to the mapping relationship is' average value ±. | average value-median value |).
In this embodiment, the interaction set refers to a collection of data receiving terminals that have performed identity authentication with the data receiving terminals and can perform data interaction with the data receiving terminals. Each data sender has its corresponding interaction set. All data receiving ends in the interaction set have corresponding user levels, and the user levels are all relative to the data sending ends corresponding to the interaction set. That is, one data receiving end may exist in multiple interaction sets, and the user level of the same data receiving end is different in different interaction sets. Therefore, the interaction set in the step of determining the authorized readable time of the target data is the interaction set corresponding to the data sending end sending the target data according to the reading duration range corresponding to the target data and the user level of the data receiving end corresponding to the target data in the interaction set. It should be noted that, the user rank at the data receiving end is related to the following factors: the data interaction times between the data receiving end and the data sending end, and the duration of establishing a data interaction channel between the data receiving end and the data sending end through identity authentication. The user level of the data receiving end can be upgraded along with the increase of the data interaction times between the data receiving end and the data sending end, or along with the increase of the duration of passing through the identity authentication and establishing the data interaction channel between the data receiving end and the data sending end, or along with the increase of the data interaction times between the data receiving end and the data sending end and the duration of passing through the identity authentication and establishing the data interaction channel between the data receiving end and the data sending end.
Further, in an embodiment, the step of determining the authorized readable time of the target data according to the reading duration range corresponding to the target data and the user level of the data receiving end corresponding to the target data in the interaction set includes:
according to the total grade number of the user grade, equally dividing the reading time range corresponding to the target data to obtain a plurality of reading time segments, wherein the number of the segments of the reading time segments is equal to the total grade number;
coding each reading time length segment according to a coding rule from large to small on the basis of the reading time length corresponding to each reading time length segment;
determining reading time length segments corresponding to the target data according to user levels of data receiving ends corresponding to the target data in an interaction set, wherein the sum of codes of the user levels and the reading time length segments corresponding to the target data is equal to the total level number of the user levels;
and taking the middle value or the two end values of the reading time section corresponding to the target data as the authorized readable time of the target data.
When the authority configuration is that the clipboard is forbidden, the read-only mode is used, and the alternative storage is forbidden or the modification storage is forbidden, determining the authority configuration corresponding to the target data according to the target data and the data receiving end corresponding to the target data, wherein the authority configuration comprises the following steps:
determining the safety requirement level of the target data according to the data content of the target data;
and determining whether the target data is forbidden to be stored in a clipboard, a read-only mode, another memory or modified memory according to the security requirement level of the target data.
Further, in an embodiment, the step of determining the security requirement level of the target data according to the data content of the target data includes:
identifying keywords in the data content of the target data, and counting the occurrence times of the keywords;
if the keywords are low-safety-requirement keywords and the occurrence frequency of the keywords is less than or equal to a first time threshold value, determining that the safety requirement level of the target data is a low-safety requirement level;
if the keywords are low-security-requirement keywords and the occurrence frequency of the keywords is greater than a first time threshold value, determining that the security requirement level of the target data is a medium security requirement level;
if the key words contain the middle security requirement key words and the occurrence frequency of the middle security requirement key words is smaller than or equal to a second frequency threshold value, determining that the security requirement level of the target data is the middle security requirement level;
if the key words contain the middle security requirement key words and the occurrence frequency of the middle security requirement key words is larger than a second time threshold value, determining that the security requirement level of the target data is a high security requirement level;
and if the keywords have the high-safety-requirement keywords, determining that the safety requirement level of the target data is the high-safety requirement level.
In this embodiment, the keywords are classified into the low security requirement keywords, the medium security requirement keywords, and the high security requirement keywords, and the users are classified according to actual requirements, and the users in different industries can be classified according to their own industry characteristics, which is not specifically limited herein.
Similarly, in this embodiment, there is no relationship between the first time threshold and the second time threshold, and the first time threshold and the second time threshold are also set by the user according to actual needs, and users in different industries may set according to their own industry characteristics, which is not limited herein.
Further, in an embodiment, the step of determining whether the clipboard of the target data is disabled, the clipboard is in a read-only mode, the clipboard is disabled, or the clipboard is disabled, and the step of modifying the clipboard comprises:
when the security requirement level of the target data is a low security requirement level, determining that the target data disables a clipboard and a read-only mode, or determining that the target data disables the clipboard and disables additional storage, or determining that the target data disables the clipboard and disables modification storage, or determining that the target data enables the read-only mode and disables additional storage, or determining that the target data enables the read-only mode and disables modification storage, or determining that the target data disables additional storage and disables modification storage;
when the security requirement level of the target data is a middle security requirement level, determining that the target data forbids a clipboard, a read-only mode and forbids another storage, or determining that the target data forbids the clipboard, the read-only mode and forbids modification storage;
and when the security requirement level of the target data is a high security requirement level, determining that the target data is forbidden to be stored in a clipboard, in a read-only mode, and is forbidden to be stored in another mode and is forbidden to be stored in a modification mode.
And step S20, encrypting the configured target data to obtain encrypted data.
Further, in one embodiment, the encryption of the configured target data may employ a symmetric encryption algorithm, such as an AES256 encryption algorithm.
Further, in another embodiment, the step of encrypting the target data with configuration completed to obtain encrypted data includes:
step a), carrying out binary conversion on the identity code of the data receiving end to obtain an identity code represented by a binary form, and converting the identity code represented by the binary form according to a Base64 encoding rule to obtain a first initial key;
step b), carrying out binary conversion on the type code of the application process corresponding to the target data to obtain the type code represented by a binary form, and converting the type code represented by the binary form according to a Base64 encoding rule to obtain a second initial key;
step c), when the number of characters in the first initial key is larger than that of characters in the second initial key, mixing the first initial key and the second initial key to obtain a first key based on a parity interleaving rule, so that the characters in the first initial key are located in odd-numbered bits of the first key, and the characters in the second initial key are located in even-numbered bits of the first key;
when the number of characters in the first initial key is less than or equal to the number of characters in the second initial key, mixing the first initial key and the second initial key to obtain a first key based on a rule of odd-even interleaving, so that the characters in the first initial key are located at even bits of the first key, and the characters in the second initial key are located at odd bits of the first key;
step d), taking the data interaction times of the data sending end and the data receiving end as expansion parameters, and expanding the first key based on the expansion parameters to obtain an encryption key;
and e), symmetrically encrypting the configured target data based on the encryption key to obtain encrypted data.
Wherein, expanding the first key based on the expansion parameter to obtain an encryption key comprises:
repeating the first key for N times to obtain an encryption key, wherein N is equal to the expansion parameter;
or repeating the first key k times by N times to obtain an encryption key, wherein N is equal to the expansion parameter, and k is the number of characters of the first key.
And step S30, writing the encrypted data into a disk file, and sending the disk file to a corresponding data receiving terminal.
In this embodiment, the configuration and encryption of the target data are both completed in the kernel layer of the operating system, the encrypted data are written into the disk file, and the disk file is sent to the corresponding data receiving end, so that the data receiving end can decrypt the encrypted data carried in the disk file in the virtual optical disk after receiving the disk file, that is, the decryption of the encrypted data is completed in the kernel layer of the operating system, thereby implementing the non-inductive encryption and decryption of the target data without affecting other operations of the user.
Compared with the prior art that the data security is low in the data interaction process, the data sending end in the embodiment configures the target data to be sent first, then encrypts the target data to obtain encrypted data, and transmits the encrypted data to the data receiving end, even if the encrypted data is cracked in the transmission process, the configured target data cannot be tampered due to the limitation of the operation authority of the configured target data, so that the target data is guaranteed to be complete and correct when being transmitted to the data receiving end, and the data security is further improved.
On the basis of the first embodiment of the data interaction method, the present application also provides a second embodiment of the data interaction method, and referring to fig. 3, fig. 3 is a schematic flow diagram of the second embodiment of the data interaction method.
In this embodiment, before the step of performing corresponding configuration on the target data to be transmitted according to the preset configuration policy, the method further includes:
step S01, judging a storage directory corresponding to target data to be transmitted and an application process corresponding to the target data to be transmitted;
step S02, if the storage directory corresponding to the target data and one of the application processes corresponding to the target data are located in a restricted list, directly sending the target data to a corresponding data receiving terminal;
step S03, if the storage directory corresponding to the target data and the application process corresponding to the target data are both located outside the restricted list, executing a step of performing corresponding configuration on the target data to be sent according to a preset configuration policy.
In this embodiment, the storage directory corresponding to the target data has a storage directory restriction list corresponding thereto, and the application process corresponding to the target data has an application process restriction list corresponding thereto. The restricted list is equivalent to a "black list" as opposed to a "white list". Generally speaking, the number of the blacklists in the "blacklist" is often less than the number of the white lists in the "white list", and therefore, the storage directory corresponding to the target data is compared with the storage directory limit list corresponding to the target data, and the application process corresponding to the target data is compared with the application process limit list corresponding to the target data, so that the comparison efficiency is improved, and the configuration of the target data to be sent can be completed more quickly. On the other hand, when one of the storage directory corresponding to the target data and the application process corresponding to the target data is located in the restricted list, the target data is directly sent to the corresponding data receiving end, data configuration and encryption are not needed for part of common sense data, and waste of resources is reduced.
An embodiment of the present application provides a data interaction method, which is applied to a data receiving end, and referring to fig. 4, fig. 4 is a schematic flowchart of a third embodiment of the data interaction method according to the present application.
In this embodiment, the data interaction method includes the following steps:
step A10, receiving the disk file sent by the data sending terminal;
step A20, decrypting the encrypted data in the disk file in the virtual drive to obtain target data;
step A30, calling back the target data to the application process corresponding to the target data, so that the application process runs the target data based on the configuration corresponding to the target data.
In this embodiment, after receiving the disk file, the data receiving end may decrypt the encrypted data carried in the disk file in the virtual optical disk, that is, complete decryption of the encrypted data in the kernel layer of the operating system, so as to implement non-inductive encryption and decryption of the target data, and not affect other operations of the user.
It should be noted that, since the data sending end encrypts the target data by using the symmetric encryption algorithm, the encryption key and the decryption key of the symmetric encryption algorithm are the same. Therefore, the encrypted data in the disk file can be decrypted by the encrypted key corresponding to the encrypted key in the virtual optical drive, so as to obtain the target data.
An embodiment of the present application further provides a data interaction system, and referring to fig. 5, fig. 5 is a schematic structural diagram of a first embodiment of a data interaction system according to the present application.
In this embodiment, the data interaction system includes:
a data sender, configured to: carrying out corresponding configuration on target data to be transmitted according to a preset configuration strategy; encrypting the configured target data to obtain encrypted data; the data processing device is also used for writing the encrypted data into a disk file and sending the disk file to a corresponding data receiving end;
a data receiving end configured to: receiving a disk file sent by a data sending end; decrypting the encrypted data in the disk file in the virtual drive to obtain target data; and the target data is called back to the application process corresponding to the target data, so that the application process runs the target data based on the configuration corresponding to the target data.
Optionally, the data sending end includes:
the configuration module 10 is configured to perform corresponding configuration on target data to be transmitted according to a preset configuration policy;
the encryption module 11 is configured to encrypt the configured target data to obtain encrypted data;
a data writing module 12, configured to write the encrypted data into a disk file;
and the data sending module 13 is configured to send the disk file to a corresponding data receiving end.
Optionally, the data sending end further includes:
a judging module 15, configured to implement:
judging a storage directory corresponding to target data to be transmitted and an application process corresponding to the target data to be transmitted;
if one of the storage directory corresponding to the target data and the application process corresponding to the target data is located in a restricted list, directly sending the target data to a corresponding data receiving end;
and if the storage directory corresponding to the target data and the application process corresponding to the target data are both located outside the restricted list, executing a step of carrying out corresponding configuration on the target data to be sent according to a preset configuration strategy.
Optionally, the configuration module is configured to implement:
determining authority configuration corresponding to the target data according to the target data and a data receiving end corresponding to the target data;
wherein the permission configuration at least comprises any one of the following items: authorizing a readable time, disabling a clipboard, read-only mode, disabling save-as, and disabling modify-save.
Optionally, when the right is configured to authorize the readable time, the configuration module is configured to implement:
acquiring a data size and reading time range mapping relation corresponding to the target data from a preset mapping relation of a plurality of data sizes and reading time ranges according to the data type of the target data;
determining a reading duration range corresponding to the target data according to the data size of the target data and the mapping relation between the data size corresponding to the target data and the reading time range;
and determining the authorized readable time of the target data according to the reading duration range corresponding to the target data and the user level of the data receiving end corresponding to the target data in the interaction set.
Optionally, when the right is configured to disable the clipboard, the read-only mode, disable the save as, or disable the modified save, the configuration module is configured to implement:
determining the safety requirement level of the target data according to the data content of the target data;
and determining whether the target data is forbidden to be stored in a clipboard, a read-only mode, another memory or modified memory according to the security requirement level of the target data.
Optionally, the encryption module is configured to implement:
and encrypting the configured target data by adopting a symmetric encryption algorithm to obtain encrypted data.
Optionally, the data receiving end includes:
a data receiving module 20, configured to receive a disk file sent by a data sending end;
a decryption module 21, configured to decrypt the encrypted data in the disk file in the virtual optical drive to obtain target data;
and the callback module 22 is configured to call back the target data to the application process corresponding to the target data, so that the application process runs the target data based on the configuration corresponding to the target data.
In addition, an embodiment of the present application further provides a storage medium, where the storage medium is applied to a data sending end, and a data interaction program is stored on the storage medium, and when executed by a processor, the data interaction program implements the steps of the data interaction method applied to the data sending end.
The specific implementation of the storage medium in the embodiment of the present application is substantially the same as that in the embodiments of the data interaction method applied to the data sending end, and is not described herein again.
In addition, a storage medium is provided in an embodiment of the present application, where the storage medium is applied to a data receiving end, and a data interaction program is stored on the storage medium, and when being executed by a processor, the data interaction program implements the steps of the data interaction method applied to the data receiving end as described above.
The specific implementation of the storage medium in the embodiment of the present application is substantially the same as that of the embodiments of the data interaction method applied to the data receiving end, and is not described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present application are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present application may be substantially or partially embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present application.
The above description is only a preferred embodiment of the present application, and not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the specification and the drawings of the present application, or which are directly or indirectly applied to other related technical fields, are included in the scope of the present application.
Claims (10)
1. A data interaction method is applied to a data sending end, and the data interaction method comprises the following steps:
carrying out corresponding configuration on target data to be transmitted according to a preset configuration strategy;
encrypting the configured target data to obtain encrypted data;
and writing the encrypted data into a disk file, and sending the disk file to a corresponding data receiving end.
2. The data interaction method of claim 1, wherein before the step of performing corresponding configuration on the target data to be transmitted according to a preset configuration policy, the method further comprises:
judging a storage directory corresponding to target data to be transmitted and an application process corresponding to the target data to be transmitted;
if the storage directory corresponding to the target data and one of the application processes corresponding to the target data are located in a restricted list, directly sending the target data to a corresponding data receiving end;
and if the storage directory corresponding to the target data and the application process corresponding to the target data are both located outside the restricted list, executing a step of carrying out corresponding configuration on the target data to be sent according to a preset configuration strategy.
3. The data interaction method according to claim 1 or 2, wherein the step of performing corresponding configuration on the target data to be transmitted according to a preset configuration policy comprises:
determining authority configuration corresponding to the target data according to the target data and a data receiving end corresponding to the target data;
wherein the permission configuration at least comprises any one of the following items: authorizing a readable time, disabling a clipboard, read-only mode, disabling save-as, and disabling modify-save.
4. The data interaction method as claimed in claim 3, wherein when the right is configured as an authorized readable time, the step of determining the right configuration corresponding to the target data according to the target data and the data receiving end corresponding to the target data includes:
acquiring a data size and reading time range mapping relation corresponding to the target data from a preset mapping relation of a plurality of data sizes and reading time ranges according to the data type of the target data;
determining a reading duration range corresponding to the target data according to the data size of the target data and the mapping relation between the data size corresponding to the target data and the reading time range;
and determining the authorized readable time of the target data according to the reading duration range corresponding to the target data and the user level of the data receiving end corresponding to the target data in the interaction set.
5. The data interaction method of claim 3, wherein when the right configuration is to disable a clipboard, a read-only mode, or disable another storage as or disable a modified storage, the step of determining the right configuration corresponding to the target data according to the target data and the data receiving end corresponding to the target data comprises:
determining the security requirement level of the target data according to the data content of the target data;
and determining whether the target data is forbidden to be stored in a clipboard, a read-only mode, another memory or modified memory according to the security requirement level of the target data.
6. The data interaction method of claim 1, wherein the step of encrypting the target data with configuration completed to obtain the encrypted data comprises:
and encrypting the configured target data by adopting a symmetric encryption algorithm to obtain encrypted data.
7. A data interaction method is applied to a data receiving end, and the data interaction method comprises the following steps:
receiving a disk file sent by a data sending end;
decrypting the encrypted data in the disk file in the virtual optical drive to obtain target data;
and calling back the target data to an application process corresponding to the target data so that the application process runs the target data based on the configuration corresponding to the target data.
8. A data interaction system, the system comprising:
a data sender, the data sender configured to: carrying out corresponding configuration on target data to be transmitted according to a preset configuration strategy; encrypting the configured target data to obtain encrypted data; the data processing device is also used for writing the encrypted data into a disk file and sending the disk file to a corresponding data receiving end;
a data receiving end configured to: receiving a disk file sent by a data sending end; decrypting the encrypted data in the disk file in the virtual optical drive to obtain target data; and the target data is called back to the application process corresponding to the target data, so that the application process runs the target data based on the configuration corresponding to the target data.
9. A data interaction device, characterized in that the device comprises: a memory, a processor and a data interaction program stored on the memory and executable on the processor, the data interaction program being configured to implement the steps of the data interaction method as claimed in any one of claims 1 to 6, or the data interaction program being configured to implement the steps of the data interaction method as claimed in claim 7.
10. A storage medium, characterized in that the storage medium has stored thereon a data interaction program, which when executed by a processor implements the steps of the data interaction method as claimed in any one of claims 1 to 6, or which when executed by a processor implements the steps of the data interaction method as claimed in claim 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210845297.6A CN115033907B (en) | 2022-07-19 | 2022-07-19 | Data interaction method, system, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210845297.6A CN115033907B (en) | 2022-07-19 | 2022-07-19 | Data interaction method, system, device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115033907A true CN115033907A (en) | 2022-09-09 |
| CN115033907B CN115033907B (en) | 2022-11-01 |
Family
ID=83129347
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210845297.6A Active CN115033907B (en) | 2022-07-19 | 2022-07-19 | Data interaction method, system, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115033907B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102214283A (en) * | 2011-07-27 | 2011-10-12 | 厦门天锐科技有限公司 | Virtual disk-based file protection system and method |
| US9552491B1 (en) * | 2007-12-04 | 2017-01-24 | Crimson Corporation | Systems and methods for securing data |
| CN113660156A (en) * | 2021-08-09 | 2021-11-16 | 覃飞 | Processing method and device for transmission file, electronic equipment and storage medium |
| CN114116822A (en) * | 2021-11-29 | 2022-03-01 | 北京得间科技有限公司 | Information push method, terminal and storage medium |
| CN114707147A (en) * | 2022-06-05 | 2022-07-05 | 荣耀终端有限公司 | Service request processing method and electronic equipment |
-
2022
- 2022-07-19 CN CN202210845297.6A patent/CN115033907B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9552491B1 (en) * | 2007-12-04 | 2017-01-24 | Crimson Corporation | Systems and methods for securing data |
| CN102214283A (en) * | 2011-07-27 | 2011-10-12 | 厦门天锐科技有限公司 | Virtual disk-based file protection system and method |
| CN113660156A (en) * | 2021-08-09 | 2021-11-16 | 覃飞 | Processing method and device for transmission file, electronic equipment and storage medium |
| CN114116822A (en) * | 2021-11-29 | 2022-03-01 | 北京得间科技有限公司 | Information push method, terminal and storage medium |
| CN114707147A (en) * | 2022-06-05 | 2022-07-05 | 荣耀终端有限公司 | Service request processing method and electronic equipment |
Non-Patent Citations (1)
| Title |
|---|
| 乔琪等: ""环境感知应用系统的数据传输与安全"", 《南京信息工程大学学报》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115033907B (en) | 2022-11-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9838198B2 (en) | Splitting S-boxes in a white-box implementation to resist attacks | |
| CN102164034A (en) | Device and method for establishing secure trust key | |
| CN111448779A (en) | System, device and method for hybrid secret sharing | |
| US9380033B2 (en) | Implementing use-dependent security settings in a single white-box implementation | |
| US9363244B2 (en) | Realizing authorization via incorrect functional behavior of a white-box implementation | |
| CN110598429B (en) | Data encryption storage and reading method, terminal equipment and storage medium | |
| US9641337B2 (en) | Interface compatible approach for gluing white-box implementation to surrounding program | |
| KR20200135157A (en) | Network security symmetric quantum cryptography key based encryption device | |
| CN107465504A (en) | A kind of method and device for improving key safety | |
| EP2960891B1 (en) | Method for introducing dependence of white-box implementationon a set of strings | |
| CN112152802B (en) | Data encryption method, electronic device and computer storage medium | |
| CN109120576B (en) | Data sharing method and device, computer equipment and storage medium | |
| CN115033907B (en) | Data interaction method, system, device and storage medium | |
| CN111683061A (en) | Block chain-based Internet of things equipment access control method and device | |
| CN109302442B (en) | Data storage proving method and related equipment | |
| US9203607B2 (en) | Keyless challenge and response system | |
| EP2940917A1 (en) | Behavioral fingerprint in a white-box implementation | |
| CN115913660A (en) | Data encryption method and device, electronic equipment and readable storage medium | |
| EP2940925B1 (en) | Implementing use-dependent security settings in a single white-box implementation | |
| EP2940920B1 (en) | Security patch without changing the key | |
| CN111783117B (en) | Plaintext data processing method, device and system | |
| KR102380107B1 (en) | Encryption system | |
| EP2940919A1 (en) | Realizing authorization via incorrect functional behavior of a white-box implementation | |
| CN112765592A (en) | Database access control method and device | |
| CN113971292A (en) | Authorization method and related device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |