CN115118416A - Distributed database system based on privacy protection and confidentiality method - Google Patents
Distributed database system based on privacy protection and confidentiality method Download PDFInfo
- Publication number
- CN115118416A CN115118416A CN202210660132.1A CN202210660132A CN115118416A CN 115118416 A CN115118416 A CN 115118416A CN 202210660132 A CN202210660132 A CN 202210660132A CN 115118416 A CN115118416 A CN 115118416A
- Authority
- CN
- China
- Prior art keywords
- data
- module
- signature
- key
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 230000005540 biological transmission Effects 0.000 claims abstract description 78
- 238000007726 management method Methods 0.000 claims description 123
- 230000002452 interceptive effect Effects 0.000 claims description 67
- 238000013500 data storage Methods 0.000 claims description 25
- 238000012795 verification Methods 0.000 claims description 24
- 230000003993 interaction Effects 0.000 claims description 16
- 238000004364 calculation method Methods 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 12
- 238000010606 normalization Methods 0.000 claims description 6
- 235000017351 Carissa bispinosa Nutrition 0.000 claims description 4
- 240000002199 Carissa bispinosa Species 0.000 claims description 4
- 238000004806 packaging method and process Methods 0.000 claims description 4
- 230000000007 visual effect Effects 0.000 claims description 3
- 230000006870 function Effects 0.000 description 24
- 238000011161 development Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000005611 electricity Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000006185 dispersion Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to the technical field of database and data security, and particularly relates to a distributed database system based on privacy protection and a confidentiality method. The method comprises the following steps: 1) the user input data is transmitted to the data standardization module through the data transmission module; 2) the key management module generates a secret key and a secret key ID and sends the secret key and the secret key ID to the data encryption module; 3) sending the data with the standardized format to a data encryption module, and encrypting the data according to the secret key to obtain a data ciphertext; after the data ciphertext is signed by the data signature authentication module, a data ciphertext packet is packaged and transmitted to a local database node; 4) the local database node carries out signature authentication through a signature authentication module; after the authentication is passed, storing the data in a local database node; the invention proposes to place all modules for encrypting and decrypting data on the management node. The hidden danger of data leakage caused by data encryption and decryption among nodes is reduced.
Description
Technical Field
The invention belongs to the technical field of database and data security, and particularly relates to a distributed database system based on privacy protection and a confidentiality method.
Background
With the rapid development of the internet, big data is becoming an important factor for the social and economic development of China, the development of the big data has been raised to the strategic level at the national level, and information security such as private data leakage and sensitive information stealing of the big data poses a greater challenge.
In various industries, with rapid business development, many systems face various scenes such as high concurrency, large data volume and the like. For example, in the financial industry, due to the rapid development of the internet, users can pay various fees such as electricity fee, water fee and the like on line. The leakage of such data can pose a serious security problem. Some malicious persons can judge whether the user is at home or not according to the water and electricity fee paid by the user. Seriously threatening the safety of the user.
At present, the processing capacity of the traditional stand-alone database is difficult to support the business development, and a common method for solving the problem is that the application system divides the database into the tables. However, this solution requires a large amount of modification of the application system and requires a perception of the data storage location. And meanwhile, the complexity of operation and maintenance is increased. The design of distributed databases can solve the problems of these conventional databases. The distributed database has the characteristics of logical unification and physical dispersion.
Meanwhile, the data security of the private data in the distributed database in the process of transmitting the data is an urgent problem. Many existing distributed databases encrypt data between data nodes, between data nodes and management nodes, and between users and management nodes. Some keys randomly generated at different time periods are generally stored in a database along with encrypted data, so that the keys are easily leaked in the transmission process. Causing serious harm to the data security of the user.
Disclosure of Invention
In view of the above problems, it is an object of the present invention to provide a distributed database system based on privacy protection. The system proposes to place all the modules that encrypt and decrypt the data on the management node. The hidden danger of data leakage caused by data encryption and decryption among nodes is reduced. Meanwhile, the system provides a key module, all keys are stored in a key table of the key module, data encryption and decryption are carried out in a management node, and the keys are only transmitted in the management node. The serious problem of key leakage caused by the transmission of keys in each node of the distributed database is avoided.
The technical scheme adopted by the invention for realizing the purpose is as follows: a privacy protection-based security method for a distributed database system comprises the following steps:
1) the method comprises the steps that a user inputs data to a data transmission module of a management node, the data are sent to a data standardization module through the data transmission module, and format standardization processing is carried out to obtain data with standardized formats;
2) the key management module generates a secret key and a secret key ID, stores the secret key and the secret key ID into a secret key table, and sends the secret key and the secret key ID to a data encryption module of the data privacy protection module;
3) sending the data with the standardized format to a data encryption module of the data privacy protection module, and encrypting the data according to a secret key to obtain a data ciphertext; after the data ciphertext is signed by the data signature authentication module, the data ciphertext packet is packaged and transmitted to the local database node by the data transmission module;
4) after a transmission module of the local database node receives the transmitted data ciphertext package, the local database node performs signature authentication through a signature authentication module; after the authentication is passed, sending the data to a data storage module so as to store the data in a local database node;
5) when the local database node m and the local database node n carry out data interaction, the local database node m realizes the interaction with the local database node n through the management node;
6) a data transmission module of the management node receives a query message sent by a user, sends the query message to a data signature authentication module for signature, and outputs the signature to each local database node through the data transmission module;
7) the local database node receives the signed query message, the transmission module sends the signed query message to the signature authentication module to perform signature authentication on the data, and after the authentication is passed, the query message is sent to the data query module;
8) the local database node inquires the locally stored data through the data inquiry module, sends the inquired data to the signature authentication module for signature, sends the signature data to the transmission module, and sends the signature data to the data transmission module of the management node through the transmission module, the data signature authentication module of the management node verifies the signature of the data, after the verification is passed, the data is sent to the decryption module, the data is decrypted through the data decryption module to generate a plaintext, and the decrypted plaintext is sent to a user.
The step 2) is specifically as follows:
the key management module generates an ID within a fixed time period t t And a random Key Key t ;
ID to be generated t And Key t Storing the key table; and sending the key and the key ID to a data privacy protection module as a key for encrypting data in the time period t.
The step 3) comprises the following steps:
3-1) the data normalization module uses data format normalization criteria, namely:
ID+Time+DBId+Data=NewData
wherein, ID is the number of the current input Data, Time is the current Time, DBId is the number of the local database node, Data is the current input Data, and NewData is the standardized Data as the plaintext;
3-2) sending the standardized data NewData to a data encryption module;
3-3) after the data encryption module receives the transmitted data, the Key is used in the time period t t Data is encrypted by an encryption formula, namely:
CipherData=Key t (NewData)
wherein CipherData represents encrypted ciphertext as original encrypted data, NewData represents normalized data, and Key t A key representing time t;
3-4) signing the obtained ciphertext CipherData, and digitally signing by using a fixed signature private key;
the cipher text CipherData, the cipher text after signature, the signature public key of the management node, the hash function and the ID of the key t And packaging the data into a data ciphertext packet, and sending the data ciphertext packet to a local database node through a data transmission module.
The step 3-3) is specifically as follows:
a. initializing a vector IV, the Length of the vector IV being Length (Key) t ) And is a character string with the length equal to the length of the random key;
b. grouping the plaintext NewData to obtain a group
Length of packet t ) I.e. Key in t time period t Length of (d); n is the number of groups;
c. for the last packet
A padding operation is performed, i.e. a number Num is added to the last packet, i.e.:
in the last packet
Adding Num Num; if the Length of the last plaintext block is the same as the Length of the Key, then the Length is added t ) All values are Length (Key) t ) So that the last plaintext packet keeps consistent length;
d. and performing exclusive-or operation on the first block of plaintext and the initialization vector IV, and performing encryption operation on the result of the exclusive-or operation, namely:
wherein CipherData n Which represents the nth ciphertext block of the ciphertext,
an nth plaintext block;
e. ciphertext CipherData obtained after encryption n And e, carrying out XOR operation with the plaintext of the next block to obtain an XOR result, carrying out encryption operation, and circulating the step e until the last block is encrypted to obtain the final ciphertext CipherData.
In step 4), the local database node performs signature authentication through a signature authentication module, specifically:
4-1) the transmission module of the local database node receives the data ciphertext packet transmitted by the management node and sends the data ciphertext packet to the signature authentication module;
4-2) the signature authentication module carries out hash calculation on the unsigned ciphertext CipherData by the received hash function to obtain a new hash value A;
4-3) the signature authentication module uses the signature public key to decrypt the encrypted signature completed ciphertext to obtain a hash value B;
4-4) comparing the hash value A with the hash value B, if the signature result is the True, indicating that the data is sent by the management node and the data is lost, and sending the data to a data storage module in the local database node; otherwise, False indicates that the data is maliciously sent data or the data is lost in the transmission process, and discards the data;
4-5) the data storage module stores the transmitted data in a local database.
The step 5) is specifically as follows:
5-1) generating interactive information by a data query module of the local data node m; sending the interactive information to a signature authentication module to sign the interactive information;
5-2) the transmission module of the local data node m packs the signed interactive message, the unsigned interactive message, the local data node signature public key and the hash function into an interactive data packet and sends the interactive data packet to the management node;
5-3) the data signature authentication module of the management node performs signature authentication on the received interactive data packet; re-signing the original interactive message of the interactive message with the signature verification result of True;
and 5-4) the data transmission module of the management node packs the re-signed interactive message, the unsigned interactive message, the signature public key of the management node and the hash function into a new interactive data packet and sends the new interactive data packet to the local data node n.
5-5) the signature authentication module of the local data node n performs signature authentication on the new interactive data packet token; sending the interactive message with the signature verification result of True to a data query module, and taking out data from a data storage module;
5-6) sending the taken data to a signature authentication module for signature to obtain signed data;
and 5-7) sending the signed data, the unsigned data, the signature public key of the local data node n and the hash function to the management node by the local data node n, and carrying out signature authentication again by a data signature authentication module of the management node.
5-8) the data signature authentication module of the management node signs the original data after passing the authentication again, and sends the signed data, the unsigned data, the signature public key of the management node n and the hash function back to the local data node m;
5-9) the signature authentication module of the local data node m performs signature authentication on the new data packet; and storing the data with the signature verification result of True into a storage module.
The management node performs signature authentication on data sent by the local data node, and the signature authentication specifically comprises the following steps:
the data sent by the management node to the local data node comprises: an interactive information data packet, a data ciphertext packet or query information;
(1) the management node transmits the transmitted data containing the signature to a data signature authentication module for signature authentication;
(2) the management node performs hash calculation on the unsigned data through a hash function to obtain a new hash value C;
(3) decrypting the signed interactive message according to the local database node signature public key to obtain a hash value D;
(4) comparing the hash value C with the hash value D, if the hash values are the same, the signature result is True, and the data is sent by the local database node; otherwise, False; indicating that the data is data sent maliciously by an intruder, and discarding the data at the moment;
(5) re-signing the signed data of which the signature result is True; and sending the re-signed data, the unsigned data, the public signature key of the management node and the hash function to the local database node.
In step 8), the data transmission module of the management node performs signature verification on the data, decrypts the data to generate a plaintext, and transmits the decrypted plaintext to the user, specifically:
8-1) the management node sends the signature data transmitted from the local database node to a data signature authentication module;
8-2) the data signature authentication module uses the signature public key of the local database node to decrypt the sent signature data to obtain a calculated hash value E of the local database node;
8-3) the data signature authentication module uses the received hash function to perform hash calculation on the unsigned data to obtain a new hash value F;
8-4) comparing the hash value E with the hash value F, wherein if the two hash values are equal, the signature result is True, otherwise, the signature result is False;
8-5) if the signature verification result is True, indicating that the data is sent by a local database and is not lost in the transmission process; transmitting the data to a data decryption module for decryption; if the signature verification result is False, the data is the data sent maliciously by the intruder or the data is lost in the transmission process, and then the data is discarded;
8-6) will ID t Transmitting to a Key module, inquiring in a Key table to obtain a corresponding Key Key t Key of secret Key t Sending the data to a decryption module in the data privacy protection module;
8-7) Key for data decryption Module Using Transmission t And decrypting the encrypted ciphertext to obtain plaintext, namely:
NewData=Key t (CipherData)
and sending the obtained plaintext to a user for visual display.
In step 8-5), if the signature verification result is True, indicating that the data is sent by a local database; transmitting the data to a data decryption module for decryption operation, comprising the following steps:
obtaining an initial vector IV and a Key Key t ;
Grouping the cipher text, the Length of the grouping is the Length t ) To obtain ciphertext blocks
...,
Carrying out decryption operation on the first ciphertext block, and carrying out exclusive OR operation on the decryption result and the initial vector IV to obtain a plaintext block
Namely:
grouping ciphertext
Performing decryption operation to the decrypted packet and ciphertext packet
Performing XOR operation to obtain plaintext block
Traversing all the ciphertext blocks until all the ciphertext blocks are completely decrypted, and combining all the plaintext blocks to obtain combined plaintext NewData;
and deleting the filling Data according to the value Y of the last plaintext NewData of the combined plaintext NewData, and deleting Y bits if the last value is Y to obtain the last plaintext Data.
A privacy protection based distributed database system comprising: a management node and N local database nodes;
the management node comprises: the system comprises a data transmission module, a data standardization module, a data privacy protection module and a secret key management module;
the data transmission module is used for transmitting data input by a user to the data standardization module, outputting an interactive information data packet, a data ciphertext packet or query information which is signed and authenticated by the data privacy protection module to the local database node, and receiving the interactive information data packet, the data ciphertext packet or the query information which is signed and authenticated by the local database node;
the data standardization module is used for receiving the data received by the data transmission module, carrying out data format standardization processing and sending the data with the standardized format to the data privacy protection module;
the secret key management module is used for generating a secret key and a secret key ID, storing the secret key and the secret key ID into a secret key table, and sending the secret key and the secret key ID to the data privacy protection module;
the data privacy protection module comprises: the system comprises a data signature authentication module, a data encryption module and a data decryption module;
the data signature authentication module is used for carrying out signature authentication processing on the interaction information data packet, the data ciphertext packet or the query information received from the local database node and sending the data after the signature authentication processing to the local database node;
the data encryption module is used for encrypting the data input by the user after standardization according to the secret key sent by the secret key management module to obtain a data ciphertext;
the data decryption module is used for decrypting the encrypted ciphertext to obtain a plaintext and sending the plaintext to the user through the data transmission module;
the local database node, comprising: the system comprises a transmission module, a signature authentication module, a data storage module and a data query module;
the transmission module is used for data interaction with the management node;
the signature authentication module is used for performing signature authentication on an interactive information data packet, a data ciphertext packet or query information sent to the local data node library by the management node and signing data of the local data node library;
the data storage module is used for storing the data ciphertext packet sent by the management node;
and the data query module is used for generating interactive information and querying data in the local data storage module according to the query message sent by the management node.
The invention has the following beneficial effects and advantages:
1. the invention provides that all modules for encrypting and decrypting data are placed on a management node. The hidden danger of data leakage caused by data encryption and decryption among nodes is reduced.
2. The invention provides a method for setting a key module at a management node, storing all keys in a key table of the key module, encrypting and decrypting data at the management node, and transmitting the keys only in the management node. The serious problem of key leakage caused by the transmission of keys in each node of the distributed database is avoided.
Drawings
FIG. 1 is a flow chart of data storage of the present invention;
FIG. 2 is a flow chart of local data node interaction in accordance with the present invention;
FIG. 3 is a flow chart of a user query data process of the present invention;
FIG. 4 is a flow diagram of data encryption by the data privacy module of the present invention;
FIG. 5 is a flow diagram of data decryption by the data privacy module of the present invention;
FIG. 6 is a flow chart of a key module generating a key according to the present invention;
FIG. 7 is a schematic diagram of the system of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples. The advantages and features of the present invention will be more apparent. It is to be noted, however, that the drawings are designed in a simplified form and are not to scale, this being done for the purpose of facilitating the clear description of embodiments of the invention. To make the objects, features and advantages of the present invention comprehensible, reference is made to the accompanying drawings. It should be understood that the structures, proportions, and dimensions shown in the drawings and described in the specification are for illustrative purposes only and are not intended to limit the scope of the present invention, which is defined by the following claims.
As shown in fig. 1, which is a flowchart of data storage according to the present invention, the present invention provides a privacy protection-based distributed database system, which specifically includes the following steps:
1) and the user transmits the data to the data standardization module through the data transmission module to standardize the data format.
2) The key module generates a random key to be added to the key table, and transmits the key and the key ID to the data privacy protection module.
The encryption process of the key management module is shown in fig. 6, and the key management module generates an ID within a fixed time period t t And a random Key Key t ;
ID to be generated t And Key t Storing the key table; and sending the key and the key ID to a data privacy protection module to serve as a key for encrypting data in the time period t.
3) And the data in the standardized format is transmitted to a data encryption module in the data privacy protection module. And encrypting data by using the random key at the moment to obtain a data ciphertext, and then performing signature authentication on the encrypted data ciphertext. And finally, packaging the data and transmitting the data to the local data node.
The step 3) is specifically as follows: the method comprises the following steps:
3-1) the data normalization module uses data format normalization criteria, namely:
ID+Time+DBId+Data=NewData
wherein, ID is the number of the current input Data, Time is the current Time, DBId is the number of the local database node, Data is the current input Data, and NewData is the standardized Data as the plaintext;
3-2) sending the standardized data NewData to a data encryption module;
3-3) after the data encryption module receives the transmitted data, the Key is used in the time period t t Data is encrypted by an encryption formula, namely:
CipherData=Key t (NewData)
wherein CipherData represents encrypted ciphertext obtained after encryption as original encrypted data, NewData represents standardized data, and Key t A key representing time t;
the specific decryption method for step 3-3) is as follows:
a. initializing a vector IV, the Length of the vector IV being Length (Key) t ) And is a character string with the length equal to the length of the random key;
b. grouping the plaintext NewData to obtain a group
...,
Length of packet t ) I.e. Key in t time period t Length of (d); n is the number of groups;
c. for the last packet
A padding operation is performed, i.e. a number Num is added to the last packet, i.e.:
in the last packet
Adding Num Num; if the Length of the last plaintext block is the same as the Length of the Key, then the Length is added t ) All values are Length (Key) t ) So that the last plaintext packet keeps consistent length;
d. and performing exclusive-or operation on the first block of plaintext and the initialization vector IV, and performing encryption operation on the result of the exclusive-or operation, namely:
wherein CipherData n Representing the nth ciphertext block of the ciphertext,
an nth plaintext block;
e. ciphertext CipherData obtained after encryption n And e, carrying out XOR operation with the plaintext of the next block to obtain an XOR result, carrying out encryption operation, and circulating the step e until the last block is encrypted to obtain the final ciphertext CipherData.
3-4) signing the obtained ciphertext CipherData, and digitally signing by using a fixed signature private key;
the ID of the ciphertext CipherData, the ciphertext finished with the signature, the public signature key of the management node, the hash function and the secret key t And packaging the data into a data ciphertext packet, and sending the data ciphertext packet to a local database node through a data transmission module.
4) And after receiving the transmitted data, the transmission module of the local data node performs signature authentication. And after the authentication is passed, transmitting the data to a data storage module, and storing the data in a local database node.
The data is signed in the step 3) and signed and authenticated in the step 4), and the specific steps are as follows:
the management node uses the generated key pair, uses a private key to sign data, and uses a hash function to perform hash calculation on the data to obtain a hash value. The hash value is signed using a function in a signature algorithm. And sending the obtained signed data, the public key of the key pair and the original data to a local data node. And the local data node performs hash operation on the original message to obtain a hash value of the original data. And signing the hash value of the original data by using a function in a signature algorithm and a public signature key. And comparing the sent signature data, and if the two signature data have the same result, proving that the data is the data sent by the management node, and performing other operations on the data. If the two results are different, the data is the data sent by the malicious attacker, and the data is discarded.
Signature verification is divided into three steps. The first step is that the sender uses the built-in function to carry out hash calculation to obtain a hash value, and the hash value is encrypted by using a signature private key. The management node here is the sender.
The second step is to send the unsigned data, the signed data and the sender's public signature key (containing the hash function that performs the hash calculation) to the recipient.
The third step is that the receiver receives the data, and the public key of the sender is used for carrying out decryption operation on the encrypted signature to obtain the hash value calculated at the sender. And then calculating the cipher text which is not signed by using the hash function sent by the sender to obtain a hash value.
The receiver compares the hash value calculated by the receiver with the hash value calculated by the sender, and if the hash value is correct, the receiver indicates that the data is sent by the sender and is not changed in the middle.
In the process of signature authentication, data is sent to the management node and the local database node, and then signature authentication is performed on the local database node, wherein the step of step 4) specifically comprises the following signature authentication method:
4-1) the transmission module of the local database node receives the data ciphertext packet transmitted by the management node and sends the data ciphertext packet to the signature authentication module;
4-2) the signature authentication module carries out hash calculation on the unsigned ciphertext CipherData by the received hash function to obtain a new hash value A;
4-3) the signature authentication module uses the signature public key to decrypt the encrypted signature completed ciphertext to obtain a hash value B;
4-4) comparing the hash value A with the hash value B, if the signature result is the True, indicating that the data is sent by the management node and the data is lost, and sending the data to a data storage module in the local database node; otherwise, False indicates that the data is maliciously sent data or the data is lost in the transmission process, and discards the data;
4-5) the data storage module stores the transmitted data in a local database.
As shown in fig. 2, which is a flow chart of local data node interaction according to the present invention, the present invention provides a privacy protection-based distributed database system, which specifically includes the following steps:
5) when the local data node m and the local data node n carry out data interaction, the local data node m sends interaction information to the management node.
6) And the management node receives the interactive message of the local data node m and then sends the interactive message to the local data node n.
7) The local data node n processes the transmitted interactive message. And transmitting the acquired data to a management node.
8) And the data transmission module of the management node of the distributed database system performs signature authentication on the received data, and re-signs the data after the signature authentication is passed. And sending the signature data and the like to the local data node m.
9) And after the data is received by the transmission module of the local data node m, the data is transmitted to the signature authentication module, and after the data passes the verification, the data is transmitted to the data storage module to be processed.
With regard to steps 5) to 9) of the present invention, the present invention specifically includes the following steps:
5-1) a data query module of the local data node m generates interactive information; sending the interactive information to a signature authentication module to sign the interactive information;
5-2) the transmission module of the local data node m packs the signed interactive message, the unsigned interactive message, the local data node signature public key and the hash function into an interactive data packet and sends the interactive data packet to the management node;
5-3) the data signature authentication module of the management node performs signature authentication on the received interactive data packet; re-signing the original interactive message of the interactive message of which the signature verification result is True;
and 5-4) the data transmission module of the management node packs the re-signed interactive message, the unsigned interactive message, the signature public key of the management node and the hash function into a new interactive data packet and sends the new interactive data packet to the local data node n.
5-5) a signature authentication module of the local data node n performs signature authentication on the new interactive data packet token; sending the interactive message with the signature verification result of True to a data query module, and taking out data from a data storage module;
5-6) sending the taken data to a signature authentication module for signature to obtain signed data;
and 5-7) sending the signed data, the unsigned data, the signature public key of the local data node n and the hash function to the management node by the local data node n, and carrying out signature authentication again by a data signature authentication module of the management node.
5-8) the data signature authentication module of the management node signs the original data after passing the authentication again, and sends the signed data, the unsigned data, the signature public key of the management node n and the hash function back to the local data node m;
5-9) the signature authentication module of the local data node m performs signature authentication on the new data packet; and storing the data with the signature verification result of True into a storage module.
Regarding the above mentioned management node to perform signature authentication on data sent by the local database node, all signature authentication methods regarding the management node to receive data are the same, and the specific method is as follows:
the data sent by the management node to the local data node comprises: an interactive information data packet, a data ciphertext packet or query information;
(1) the management node transmits the transmitted data containing the signature to a data signature authentication module for signature authentication;
(2) the management node performs hash calculation on the unsigned data through a hash function to obtain a new hash value C;
(3) decrypting the signed interactive message according to the local database node signature public key to obtain a hash value D;
(4) comparing the hash value C with the hash value D, if the hash values are the same, the signature result is True, and the data is sent by the local database node; otherwise, False; indicating that the data is data sent maliciously by an intruder, and discarding the data at the moment;
(5) re-signing the signed data of which the signature result is True; and sending the re-signed data, the unsigned data, the public signature key of the management node and the hash function to the local database node.
Fig. 3 is a flow chart of user query data according to the present invention, which provides a distributed database system based on privacy protection, and specifically includes the following steps:
10) and a data transmission module of a management node of the distributed database system receives a query message sent by a user and sends the query message to a data privacy protection module for signature. And then transmitted to each local data node by the data transmission module.
11) After the local data node receives the query message, the transmission module sends the query message to the signature authentication module to perform signature authentication on the data. After the authentication is passed, the query message is sent to the data query module.
12) The data query module queries locally stored data, the local data node sends the queried data to the signature authentication module, the signed data is sent to the transmission module, and the transmission module sends the signed data to the management node of the distributed database.
13) And the data transmission module of the management node of the distributed database sends the data to the data signature authentication module for signature verification, decrypts to generate a plaintext, and transmits the decrypted plaintext to the user.
In step 13), the specific implementation manner is as follows:
13-1) the management node sends the signature data transmitted from the local database node to a data signature authentication module;
13-2) the data signature authentication module uses the signature public key of the local database node to decrypt the sent signature data to obtain a calculated hash value E of the local database node;
13-3) the data signature authentication module performs hash calculation on the unsigned data by using the received hash function to obtain a new hash value F;
13-4) comparing the hash value E with the hash value F, wherein if the two hash values are equal, the signature result is True, otherwise, the signature result is False;
13-5) if the signature verification result is True, indicating that the data is sent by a local database and is not lost in the transmission process; transmitting the data to a data decryption module for decryption; if the signature verification result is False, the data is the data sent maliciously by the intruder or the data is lost in the transmission process, and then the data is discarded;
13-6) will ID t Transmitting to a Key module, inquiring in a Key table and inquiring out a corresponding Key Key t Key of secret Key t Sending the data to a decryption module in the data privacy protection module;
13-7) data decryption Module Using the transmitted Key t And decrypting the encrypted ciphertext to obtain plaintext, namely:
NewData=Key t (CipherData)
and sending the obtained plaintext to a user for visual display.
Fig. 4 is a flowchart of data encryption of a data privacy module according to the present invention, and the present invention provides a distributed database system based on privacy protection, which specifically includes the following steps:
after the data privacy protection module receives the transmitted data, the Key is used in the time period t t Data is encrypted, and the encryption formula is as follows:
CipherData=Key t (NewData)
first, a vector IV is initialized, the Length of the vector IV is Length (Key) t )。
Secondly, grouping the plaintext NewData to obtain a group
...,
The Length of the packet is Length (Key) t ) I.e. Key in t time period t Of the length of (c).
Again, the padding operation is performed on the last packet, i.e. the number Num added in the last packet is shown by the following formula:
in the last packet
Adding Num Num. So that the last plaintext block remains of consistent length.
Then, the first block of plaintext and the initialization vector IV are xor-ed and the result of the xor is encrypted, as shown in the following formula:
finally, the ciphertext CipherData obtained by encryption n And performing exclusive-or operation on the plaintext of the first next packet, and performing encryption operation on the obtained exclusive-or result as the encryption operation of the previous step. This operation is cycled through until the last block encryption is completed to get the final ciphertext data.
Fig. 5 is a flowchart of data decryption of a data privacy module according to the present invention, and the present invention provides a distributed database system based on privacy protection, which specifically includes the following steps:
firstly, an initial vector IV and a Key Key are obtained t 。
Secondly, the ciphertext is grouped, and the Length of the grouping is the Length (Key) t ) To obtain ciphertext blocks
...,
Thirdly, carrying out decryption operation on the first ciphertext block, and carrying out exclusive OR operation on the decryption result and the initial vector IV to obtain a plaintext block
The formula is as follows:
thereafter, the ciphertext is grouped
Performing decryption operation to the decrypted packet and ciphertext packet
Performing XOR operation to obtain plaintext block
And circularly decrypting according to the previous step in sequence. Until all the ciphertext blocks are completely decrypted.
Finally, all the plaintext blocks are combined to obtain combined plaintext NewData. And according to the numerical value Y of the last digit of the combined plaintext NewData, deleting the Y digits filled in the encryption. Resulting in the final plaintext Data.
FIG. 5 is a flow chart of the key module generating the key according to the present invention, which provides a procedure of encrypting or decrypting;
wherein, the encryption process is embodied in the step 2), and comprises the following steps:
first, the key module generates Id within time t t And Key t . And randomly generating a new key at the set fixed time length.
Next, the Id to be generated t And Key t Logging inIn a key table in the key module.
Thirdly, the Id generated in the time t t And Key t And transmitting the data to a data privacy protection module. And the data encryption module provided for the data privacy protection module performs encryption operation on the data.
And when the data privacy protection module needs to decrypt the data, the data privacy protection module can decrypt the data according to the Id t And entering a key table of the key module for inquiry, sending the inquired key to the data privacy protection module, and using the key to decrypt the encrypted data by the data privacy protection module to obtain a plaintext and returning the plaintext to the user.
As shown in fig. 7, which is a schematic diagram of the system structure of the present invention, the present invention includes: a management node and N local database nodes;
a management node, comprising: the system comprises a data transmission module, a data standardization module, a data privacy protection module and a secret key management module;
the data transmission module is used for transmitting data input by a user to the data standardization module, outputting an interactive information data packet, a data ciphertext packet or query information which is signed and authenticated by the data privacy protection module to the local database node, and receiving the interactive information data packet, the data ciphertext packet or the query information which is signed and authenticated by the local database node;
the data standardization module is used for receiving the data received by the data transmission module, carrying out data format standardization processing and sending the data with the standardized format to the data privacy protection module;
the secret key management module is used for generating a secret key and a secret key ID, storing the secret key and the secret key ID into a secret key table, and sending the secret key and the secret key ID to the data privacy protection module;
a data privacy protection module comprising: the system comprises a data signature authentication module, a data encryption module and a data decryption module;
the data signature authentication module is used for carrying out signature authentication processing on the interaction information data packet, the data ciphertext packet or the query information received from the local database node and sending the data after the signature authentication processing to the local database node;
the data encryption module is used for encrypting the data input by the user after standardization according to the secret key sent by the secret key management module to obtain a data ciphertext;
the data decryption module is used for decrypting the encrypted ciphertext to obtain a plaintext and sending the plaintext to the user through the data transmission module;
a local database node comprising: the system comprises a transmission module, a signature authentication module, a data storage module and a data query module;
the transmission module is used for data interaction with the management node;
the signature authentication module is used for performing signature authentication on an interaction information data packet, a data ciphertext packet or query information sent to the local data node library by the management node and signing data of the local data node library;
the data storage module is used for storing the data ciphertext packet sent by the management node;
and the data query module is used for generating the interactive information and querying the data in the local data storage module according to the query message sent by the management node.
Referring to fig. 1 to 3 and fig. 6 to 7, it can be shown that the encryption and decryption module is transferred from the middle of the node to the management node, which is more reliable for data security. And the key module in the management node avoids the transmission of the encryption key among the nodes so as to prevent the key from being leaked.
The invention proposes to place all modules for encrypting and decrypting data on the management node. The hidden danger of data leakage caused by data encryption and decryption among nodes is reduced.
The invention provides a method for setting a key module at a management node, storing all keys in a key table of the key module, encrypting and decrypting data at the management node, and transmitting the keys only in the management node. The serious problem of key leakage caused by the transmission of keys in the nodes of the distributed database is avoided.
The above description is only an embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement or extension made within the spirit and principle of the present invention is included in the protection scope of the present invention.
Claims (10)
1. A privacy protection-based security method for a distributed database system is characterized by comprising the following steps:
1) the method comprises the steps that a user inputs data to a data transmission module of a management node, the data are sent to a data standardization module through the data transmission module, format standardization processing is carried out, and data with standardized formats are obtained;
2) the key management module generates a secret key and a secret key ID, stores the secret key and the secret key ID into a secret key table, and sends the secret key and the secret key ID to a data encryption module of the data privacy protection module;
3) sending the data with the standardized format to a data encryption module of the data privacy protection module, and encrypting the data according to a secret key to obtain a data ciphertext; after the data ciphertext is signed by the data signature authentication module, the data ciphertext packet is packaged and transmitted to the local database node by the data transmission module;
4) after a transmission module of the local database node receives the transmitted data ciphertext packet, the local database node performs signature authentication through a signature authentication module; after the authentication is passed, sending the data to a data storage module so as to store the data in a local database node;
5) when the local database node m and the local database node n carry out data interaction, the local database node m realizes the interaction with the local database node n through the management node;
6) the data transmission module of the management node receives a query message sent by a user, sends the query message to the data signature authentication module for signature, and outputs the signature to each local database node through the data transmission module;
7) the local database node receives the signed query message, the transmission module sends the signed query message to the signature authentication module to perform signature authentication on the data, and after the authentication is passed, the query message is sent to the data query module;
8) the local database node inquires the locally stored data through the data inquiry module, sends the inquired data to the signature authentication module for signature, sends the signature data to the transmission module, and sends the signature data to the data transmission module of the management node, the data signature authentication module of the management node verifies the signature of the data, after the verification is passed, the data is sent to the decryption module, the data is decrypted through the data decryption module to generate a plaintext, and the decrypted plaintext is sent to a user.
2. The privacy protection-based security method for the distributed database system according to claim 1, wherein the step 2) specifically comprises:
the Key management module generates an IDt and a random Key Key in a fixed time period t t ;
IDt and Key to be generated t Storing the key table; and sending the key and the key ID to a data privacy protection module as a key for encrypting data in the time period t.
3. The privacy protection based security method for the distributed database system according to claim 1, wherein the step 3) comprises the following steps:
3-1) the data normalization module uses data format normalization criteria, namely:
ID+Time+DBId+Data=NewData
wherein, ID is the number of the current input Data, Time is the current Time, DBId is the number of the local database node, Data is the current input Data, and NewData is the standardized Data as the plaintext;
3-2) sending the standardized data NewData to a data encryption module;
3-3) after the data encryption module receives the transmitted data, the Key is used in the time period t t Data is encrypted by an encryption formula, namely:
CipherData=Key t (NewData)
wherein CipherData represents encrypted ciphertext as original encrypted data, NewData represents normalized data, and Key t A key representing time t;
3-4) signing the obtained ciphertext CipherData, and digitally signing by using a fixed signature private key;
and packaging the ciphertext CipherData, the ciphertext subjected to signature, the signature public key of the management node, the hash function and the IDt of the key into a data ciphertext packet, and sending the data ciphertext packet to the local database node through the data transmission module.
4. The privacy protection-based security method for the distributed database system according to claim 3, wherein the step 3-3) is specifically:
a. initializing a vector IV, the Length of the vector IV being Length (Key) t ) And is a character string with the length equal to the length of the random key;
b. grouping the plaintext NewData to obtain a group
Length of packet t ) I.e. Key in t time period t Length of (d); n is the number of groups;
c. for the last packet
A padding operation is performed, i.e. a number Num is added to the last packet, i.e.:
in the last packet
Adding Num Num; if the last plaintext block length and the key length are the same,then the Length is added t ) All values are Length (Key) t ) So that the last plaintext packet keeps consistent length;
d. and performing exclusive-or operation on the first block of plaintext and the initialization vector IV, and performing encryption operation on the result of the exclusive-or operation, namely:
where CipherDatan denotes the nth ciphertext block,
an nth plaintext block;
e. and e, carrying out XOR operation on the ciphertext CipherDatan obtained after encryption and the plaintext of the next block, carrying out encryption operation on the obtained XOR result, and circulating the step e until the last block is encrypted to obtain the final ciphertext CipherData.
5. The privacy protection-based confidentiality method for the distributed database system according to claim 1, wherein in step 4), the local database node performs signature authentication through a signature authentication module, specifically:
4-1) the transmission module of the local database node receives the data ciphertext packet transmitted by the management node and sends the data ciphertext packet to the signature authentication module;
4-2) the signature authentication module carries out hash calculation on the unsigned ciphertext CipherData by the received hash function to obtain a new hash value A;
4-3) the signature authentication module uses the signature public key to decrypt the encrypted ciphertext subjected to signature to obtain a hash value B;
4-4) comparing the hash value A with the hash value B, if the two hash values are the same, the signature result is True, the data is indicated to be sent by the management node and is lost, and the data is sent to a data storage module in the local database node; otherwise, False indicates that the data is maliciously sent data or the data is lost in the transmission process, and discards the data;
4-5) the data storage module stores the transmitted data in a local database.
6. The privacy protection-based security method for the distributed database system according to claim 1, wherein the step 5) specifically comprises:
5-1) generating interactive information by a data query module of the local data node m; sending the interactive information to a signature authentication module to sign the interactive information;
5-2) a transmission module of the local data node m packs the signed interactive message, the unsigned interactive message, the local data node signature public key and the hash function into an interactive data packet and sends the interactive data packet to the management node;
5-3) a data signature authentication module of the management node performs signature authentication on the received interactive data packet; re-signing the original interactive message of the interactive message of which the signature verification result is True;
and 5-4) the data transmission module of the management node packs the re-signed interactive message, the unsigned interactive message, the signature public key of the management node and the hash function into a new interactive data packet and sends the new interactive data packet to the local data node n.
5-5) the signature authentication module of the local data node n performs signature authentication on the new interactive data packet token; sending the interactive message with the signature verification result of True to a data query module, and taking out data from a data storage module;
5-6) sending the taken data to a signature authentication module for signature to obtain signed data;
and 5-7) sending the signed data, the unsigned data, the signature public key of the local data node n and the hash function to the management node by the local data node n, and carrying out signature authentication again by a data signature authentication module of the management node.
5-8) the data signature authentication module of the management node signs the original data after passing the authentication again, and sends the signed data, the unsigned data, the signature public key of the management node n and the hash function back to the local data node m;
5-9) the signature authentication module of the local data node m performs signature authentication on the new data packet; and storing the data with the signature verification result of True into a storage module.
7. The privacy protection-based confidentiality method of the distributed database system, as claimed in claim 6, wherein the management node performs signature authentication on data sent by the local data node, specifically:
the data sent by the management node to the local data node comprises: an interactive information data packet, a data ciphertext packet or query information;
(1) the management node transmits the transmitted data containing the signature to a data signature authentication module for signature authentication;
(2) the management node performs hash calculation on the unsigned data through a hash function to obtain a new hash value C;
(3) decrypting the signed interactive message according to the local database node signature public key to obtain a hash value D;
(4) comparing the hash value C with the hash value D, if the hash values are the same, the signature result is True, and the data is sent by the local database node; otherwise, False; indicating that the data is data sent maliciously by an intruder, and discarding the data at the moment;
(5) re-signing the signed data of which the signature result is True; and sending the re-signed data, the unsigned data, the public signature key of the management node and the hash function to the local database node.
8. The privacy protection-based confidentiality method of the distributed database system according to claim 1, wherein in step 8), the data transmission module of the management node performs signature verification on the data, decrypts the data to generate a plaintext, and transmits the decrypted plaintext to the user, specifically:
8-1) the management node sends the signature data transmitted from the local database node to a data signature authentication module;
8-2) the data signature authentication module uses the signature public key of the local database node to decrypt the sent signature data to obtain a calculated hash value E of the local database node;
8-3) the data signature authentication module uses the received hash function to perform hash calculation on the unsigned data to obtain a new hash value F;
8-4) comparing the hash value E with the hash value F, wherein if the two hash values are equal, the signature result is True, otherwise, the signature result is False;
8-5) if the signature verification result is True, indicating that the data is sent by a local database and is not lost in the transmission process; transmitting the data to a data decryption module for decryption; if the signature verification result is False, the data is the data sent maliciously by the intruder or the data is lost in the transmission process, and then the data is discarded;
8-6) transmitting the IDt to a Key module, inquiring in a Key table and inquiring out a corresponding Key Key t Key of secret Key t Sending the data to a decryption module in the data privacy protection module;
8-7) Key for data decryption Module Using Transmission t And decrypting the encrypted ciphertext to obtain plaintext, namely:
NewData=Key t (CipherData)
and sending the obtained plaintext to a user for visual display.
9. The privacy protection based security method for the distributed database system according to claim 8, wherein in step 8-5), if the signature verification result is True, it indicates that the data is sent by the local database; transmitting the data to a data decryption module for decryption operation, comprising the following steps:
obtaining an initial vector IV and a Key Key t ;
Grouping the cipher text, the Length of the grouping is the Length t ) To obtain a secretText packet
Carrying out decryption operation on the first ciphertext block, and carrying out exclusive OR operation on the decryption result and the initial vector IV to obtain a plaintext block
Namely:
grouping ciphertext
Performing decryption operation to the decrypted packet and ciphertext packet
Performing XOR operation to obtain plaintext packet
Traversing all the ciphertext blocks until all the ciphertext blocks are completely decrypted, and combining all the plaintext blocks to obtain combined plaintext NewData;
and deleting the filling Data according to the value Y of the last plaintext NewData of the combined plaintext NewData, and deleting Y bits if the last value is Y to obtain the last plaintext Data.
10. The distributed database system based on privacy protection according to claims 1-9, comprising: a management node and N local database nodes;
the management node comprises: the system comprises a data transmission module, a data standardization module, a data privacy protection module and a secret key management module;
the data transmission module is used for transmitting data input by a user to the data standardization module, outputting an interactive information data packet, a data ciphertext packet or query information which is signed and authenticated by the data privacy protection module to the local database node, and receiving the interactive information data packet, the data ciphertext packet or the query information which is signed and authenticated by the local database node;
the data standardization module is used for receiving the data received by the data transmission module, carrying out data format standardization processing and sending the data with the standardized format to the data privacy protection module;
the secret key management module is used for generating a secret key and a secret key ID, storing the secret key and the secret key ID into a secret key table, and sending the secret key and the secret key ID to the data privacy protection module;
the data privacy protection module comprises: the system comprises a data signature authentication module, a data encryption module and a data decryption module;
the data signature authentication module is used for carrying out signature authentication processing on the interaction information data packet, the data ciphertext packet or the query information received from the local database node and sending the data after the signature authentication processing to the local database node;
the data encryption module is used for encrypting the data input by the user after standardization according to the secret key sent by the secret key management module to obtain a data ciphertext;
the data decryption module is used for decrypting the encrypted ciphertext to obtain a plaintext and sending the plaintext to the user through the data transmission module;
the local database node, comprising: the system comprises a transmission module, a signature authentication module, a data storage module and a data query module;
the transmission module is used for data interaction with the management node;
the signature authentication module is used for performing signature authentication on an interaction information data packet, a data ciphertext packet or query information which is sent to a local data node library by a management node and performing signature on data of the local data node library;
the data storage module is used for storing the data ciphertext packet sent by the management node;
and the data query module is used for generating interactive information and querying data in the local data storage module according to the query message sent by the management node.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210660132.1A CN115118416B (en) | 2022-06-13 | 2022-06-13 | Distributed database system based on privacy protection and confidentiality method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210660132.1A CN115118416B (en) | 2022-06-13 | 2022-06-13 | Distributed database system based on privacy protection and confidentiality method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115118416A true CN115118416A (en) | 2022-09-27 |
| CN115118416B CN115118416B (en) | 2024-04-16 |
Family
ID=83325503
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210660132.1A Active CN115118416B (en) | 2022-06-13 | 2022-06-13 | Distributed database system based on privacy protection and confidentiality method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115118416B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115544498A (en) * | 2022-11-24 | 2022-12-30 | 华控清交信息科技(北京)有限公司 | Ciphertext data visual monitoring method and device and electronic equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102946602A (en) * | 2012-12-04 | 2013-02-27 | 镇江江大科茂信息系统有限责任公司 | Mobile information system based privacy protection and encryption method |
| CN114024710A (en) * | 2021-09-27 | 2022-02-08 | 中诚信征信有限公司 | Data transmission method, device, system and equipment |
| CN114567431A (en) * | 2022-02-28 | 2022-05-31 | 中国人民解放军空军预警学院 | Security authentication method for unidirectional transmission |
-
2022
- 2022-06-13 CN CN202210660132.1A patent/CN115118416B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102946602A (en) * | 2012-12-04 | 2013-02-27 | 镇江江大科茂信息系统有限责任公司 | Mobile information system based privacy protection and encryption method |
| CN114024710A (en) * | 2021-09-27 | 2022-02-08 | 中诚信征信有限公司 | Data transmission method, device, system and equipment |
| CN114567431A (en) * | 2022-02-28 | 2022-05-31 | 中国人民解放军空军预警学院 | Security authentication method for unidirectional transmission |
Non-Patent Citations (3)
| Title |
|---|
| 丁邢涛;钟伯成;朱淑文;黄勃;: "基于混合加密的无线医疗传感网数据安全与隐私保护", 医疗卫生装备, no. 12, 15 December 2017 (2017-12-15) * |
| 宋纯贺,武婷婷,徐文想,于诗矛: "工业互联网智能制造边缘计算 模型与验证方法", 《边缘计算》, 31 January 2020 (2020-01-31) * |
| 贾王晶;: "基于身份的分级加密算法在医疗平台中的应用", 计算机产品与流通, no. 02, 15 February 2018 (2018-02-15) * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115544498A (en) * | 2022-11-24 | 2022-12-30 | 华控清交信息科技(北京)有限公司 | Ciphertext data visual monitoring method and device and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115118416B (en) | 2024-04-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2197915C (en) | Cryptographic key recovery system | |
| EP0916209B1 (en) | Cryptographic key recovery system | |
| US20060056623A1 (en) | Block encryption method and schemes for data confidentiality and integrity protection | |
| CN112738051B (en) | Data information encryption method, system and computer readable storage medium | |
| CN104836657B (en) | A kind of identity-based anonymity broadcast encryption method with efficient decryption features | |
| CN110061957A (en) | Data encryption, decryption method, user terminal, server and data management system | |
| CN110502918A (en) | A kind of electronic document access control method and system based on classification safety encryption | |
| CA2819211C (en) | Data encryption | |
| CN103607273B (en) | A kind of data file encipher-decipher method controlled based on time limit | |
| CN107104788B (en) | Terminal and non-repudiation encryption signature method and device thereof | |
| WO2014030706A1 (en) | Encrypted database system, client device and server, method and program for adding encrypted data | |
| CN115118416A (en) | Distributed database system based on privacy protection and confidentiality method | |
| CN111835766B (en) | Re-random public key encryption and decryption method | |
| CN101582170B (en) | Remote sensing image encryption method based on elliptic curve cryptosystem | |
| CN107317667B (en) | Early warning method and early warning device for identity document loss | |
| US20040039918A1 (en) | Secure approach to send data from one system to another | |
| CN102136911A (en) | Method for encrypting electronic document | |
| US20130058483A1 (en) | Public key cryptosystem and technique | |
| CN112565206A (en) | Charging pile information safety protection method and protection system | |
| Siva et al. | Hybrid cryptography security in public cloud using TwoFish and ECC algorithm | |
| Kashyap et al. | Security techniques using Enhancement of AES Encryption | |
| Hossen et al. | Join Public Key and Private Key for Encrypting Data | |
| CN110113331B (en) | Distributed ciphertext policy attribute-based encryption method for hidden access structure | |
| Dubinsky | Cryptography for Payment Professionals | |
| CN115829754B (en) | Transaction supervision method and device for privacy protection blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |