CN115118416B - Distributed database system based on privacy protection and confidentiality method - Google Patents

Distributed database system based on privacy protection and confidentiality method Download PDF

Info

Publication number
CN115118416B
CN115118416B CN202210660132.1A CN202210660132A CN115118416B CN 115118416 B CN115118416 B CN 115118416B CN 202210660132 A CN202210660132 A CN 202210660132A CN 115118416 B CN115118416 B CN 115118416B
Authority
CN
China
Prior art keywords
data
module
key
signature
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210660132.1A
Other languages
Chinese (zh)
Other versions
CN115118416A (en
Inventor
宋纯贺
李沅键
于诗矛
孙勇
胡游君
曾鹏
于海斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenyang Institute of Automation of CAS
Nari Information and Communication Technology Co
Original Assignee
Shenyang Institute of Automation of CAS
Nari Information and Communication Technology Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenyang Institute of Automation of CAS, Nari Information and Communication Technology Co filed Critical Shenyang Institute of Automation of CAS
Priority to CN202210660132.1A priority Critical patent/CN115118416B/en
Publication of CN115118416A publication Critical patent/CN115118416A/en
Application granted granted Critical
Publication of CN115118416B publication Critical patent/CN115118416B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to the technical field of databases and data security, and particularly relates to a distributed database system based on privacy protection and a confidentiality method. The method comprises the following steps: 1) User input data is sent to a data standardization module through a data transmission module; 2) The key management module generates a key and a key ID and sends the key and the key ID to the data encryption module; 3) Transmitting the data with standardized format to a data encryption module, and encrypting the data according to a secret key to obtain a data ciphertext; after the data ciphertext is subjected to signature processing through a data signature authentication module, packaging a data ciphertext packet and transmitting the data ciphertext packet to a local database node; 4) The local database node performs signature authentication through a signature authentication module; after passing the authentication, storing the data in a local database node; the invention proposes to place all modules for encrypting and decrypting data on a management node. And the hidden danger of data leakage caused by data encryption and decryption among the nodes is reduced.

Description

Distributed database system based on privacy protection and confidentiality method
Technical Field
The invention belongs to the technical field of databases and data security, and particularly relates to a distributed database system based on privacy protection and a confidentiality method.
Background
With the high-speed development of the internet, big data becomes an important factor of the development of society and economy in China, the development of the big data is raised to a strategic height in the national level, and information security such as secret data leakage and sensitive information theft of the big data is more challenging.
In various industries, with rapid business development, many systems face multiple scenes such as high concurrency and large data volume. For example, in the financial industry, due to the high-speed development of the internet, users can pay various fees such as electricity fees, water fees, etc. on line. Leakage of these data can cause serious security problems. Some malicious persons can judge whether the user has a person at home according to the water and electricity fee paid by the user. Seriously threatening the security of the user.
At present, the processing capability of the traditional single-machine database has difficulty in supporting the development of the services, and a common method for solving the problem is that an application system divides the database into tables. But this solution requires extensive modifications to the application system and requires awareness of the data storage locations. While increasing the complexity of the operation and maintenance. The design of the distributed database can solve the problems of these conventional databases. The distributed database has the characteristics of logic unification and physical dispersion.
Meanwhile, the data security of private data in a distributed database in the process of transmitting data is an urgent problem. Many of the existing distributed databases encrypt data from data node to data node, from data node to management node, and from user to management node. For some keys randomly generated in different time periods, the keys are generally stored in a database along with encrypted data, so that the keys are easy to leak in the transmission process. Causing serious harm to the data security of users.
Disclosure of Invention
In view of the above problems, it is an object of the present invention to provide a distributed database system based on privacy protection. The system proposes to place all modules encrypting and decrypting data on the management node. And the hidden danger of data leakage caused by data encryption and decryption among the nodes is reduced. Meanwhile, the system provides a key module, all keys are stored in a key table of the key module, data encryption and decryption are carried out at the management node, and the keys are only transmitted in the management node. The serious problem of key leakage caused by key transmission in each node of the distributed database is avoided.
The technical scheme adopted by the invention for achieving the purpose is as follows: a privacy protection-based security method for a distributed database system, comprising the steps of:
1) The data transmission module is used for transmitting the data to the data standardization module through the data transmission module and carrying out format standardization processing to obtain data after format standardization;
2) The key management module generates a secret key and a secret key ID, stores the secret key and the secret key ID into a secret key table, and sends the secret key and the secret key ID to the data encryption module of the data privacy protection module;
3) The data after format standardization is sent to a data encryption module of a data privacy protection module, and data encryption is carried out according to a secret key to obtain a data ciphertext; after the data ciphertext is subjected to signature processing through a data signature authentication module, the data ciphertext package is packaged and is transmitted to a local database node through a data transmission module;
4) After a transmission module of the local database node receives the transmitted data ciphertext packet, the local database node performs signature authentication through a signature authentication module; after passing the authentication, transmitting the data to a data storage module to store the data in a local database node;
5) When the local database node m performs data interaction with the local database node n, the local database node m realizes interaction with the local database node n through the management node;
6) The data transmission module of the management node receives the inquiry information sent by the user, sends the inquiry information to the data signature authentication module for signature, and outputs the inquiry information to each local database node through the data transmission module;
7) The local database node receives the signed inquiry message, the transmission module sends the signed inquiry message to the signature authentication module to carry out signature authentication on the data, and after the authentication is passed, the inquiry message is sent to the data inquiry module;
8) The local database node inquires the locally stored data through the data inquiry module, sends the inquired data to the signature authentication module for signature, sends the signature data to the transmission module, and sends the signature data to the data transmission module of the management node through the transmission module.
The step 2) is specifically as follows:
the key management module generates an ID within a fixed t period t And a random Key Key t
ID to be generated t And Key t Storing the key table; the key and the key ID are sent to the data privacy protection module as a key to encrypt the data in the t period.
The step 3) comprises the following steps:
3-1) the data normalization module uses data format normalization criteria, namely:
ID+Time+DBId+Data=NewData
wherein ID is the number of the current input Data, time is the current Time, DBId is the number of the local database node, data is the current input Data, and NewData is the standardized Data, which is used as a plaintext;
3-2) sending the standardized data NewData to a data encryption module;
3-3) after the data encryption module receives the transmitted data, key is used in the t time period t Encrypting the data, wherein an encryption formula is as follows:
CipherData=Key t (NewData)
wherein CipherData represents ciphertext obtained after encryption, newData represents standardized data as original encrypted data, key t A key indicating time t;
3-4) signing the obtained ciphertext data, and performing digital signature by using a fixed signature private key;
ciphertext CipherData, signed ciphertext, management node's signature public key, hash function, and key ID t And packaging the data ciphertext packets and sending the data ciphertext packets to the local database node through the data transmission module.
The step 3-3) is specifically as follows:
a. initial vector IV, length of vector IV (Key t ) And is a character string of which the length is equal to the random key length;
b. grouping the NewData of the plaintext to obtain a groupThe packet has a Length (Key t ) I.e. Key during time t t Is a length of (2); n is the number of packets;
c. for the last packet NewData in A padding operation is performed, i.e. a number Num is added to the last packet, i.e.:
Num=Length(Key t )-Length(NewData in )
at the last packetAdding Num Nums; if the last plaintext packet Length and the Key Length are the same, the refill Length is Length (Key t ) The values are all Length (Key t ) The last plaintext packet is kept consistent in length;
d. performing exclusive-or operation on the first block plaintext and the initial vector IV, and performing encryption operation on the exclusive-or result, namely:
wherein CipherData is n Representing the nth ciphertext block and,an nth plaintext packet;
e. ciphertexts cipherer data obtained after encryption n And E, performing exclusive OR operation with the next block plaintext, performing encryption operation on the obtained exclusive OR result, and cycling the step E until the last block encryption is completed to obtain the final ciphertext.
In step 4), the local database node performs signature authentication through a signature authentication module, specifically:
4-1) the transmission module of the local database node receives the data ciphertext packet transmitted by the management node and sends the data ciphertext packet to the signature authentication module;
4-2) the signature authentication module carries out hash calculation on the unsigned ciphertext CipherData by the received hash function to obtain a new hash value A;
4-3) the signature authentication module uses the signature public key to decrypt the encrypted ciphertext after the signature is completed, and a hash value B is obtained;
4-4) comparing the hash value A with the hash value B, if the hash values are the same, the signature result is True, the data is indicated to be sent by the management node and the data is lost, and the data is sent to a data storage module in the local database node; otherwise, if False, the data is maliciously sent or is missing in the transmission process, and the data is discarded;
4-5) the data storage module stores the transmitted data in a local database.
The step 5) is specifically as follows:
5-1) generating interaction information by a data query module of the local data node m; the interactive information is sent to a signature authentication module, and the interactive information is signed;
5-2) the transmission module of the local data node m packages the signed interactive message, the unsigned interactive message and the local data node signature public key as an interactive data packet and sends the interactive data packet to the management node;
5-3) the data signature authentication module of the management node performs signature authentication on the received interactive data packet; re-signing the original interactive message of the interactive message with the signature verification result being True;
5-4) the data transmission module of the management node packages the re-signed interaction message, the unsigned interaction message and the public signature key of the management node into a new interaction data packet and sends the new interaction data packet to the local data node n.
5-5) the signature authentication module of the local data node n performs signature authentication on the new interactive data packet record; sending the interaction message with the signature verification result being True to a data query module, and taking out data from a data storage module;
5-6) sending the extracted data to a signature authentication module for signature to obtain signed data;
5-7) the local data node n sends the signed data, the unsigned data, the signature public key of the local data node n and the hash function to the management node, and the signature authentication is performed again through the data signature authentication module of the management node.
5-8) the data signature authentication module of the management node signs the verified original data again, and sends the signed data, the unsigned data, the signature public key of the management node n and the hash function back to the local data node m;
5-9) the signature authentication module of the local data node m performs signature authentication on the new data packet; and storing the data with the signature verification result of True into a storage module.
The management node performs signature authentication on the data sent by the local data node, specifically:
the data sent by the management node to the local data node comprises: interaction information data packet, data ciphertext packet or inquiry information;
(1) The management node transmits the transmitted data containing the signature to a data signature authentication module for signature authentication;
(2) The management node carries out hash calculation on unsigned data through a hash function to obtain a new hash value C;
(3) Decrypting the interaction message after the signature is completed according to the public signature key of the local database node to obtain a hash value D;
(4) Comparing the hash value C with the hash value D, and if the hash values are the same, the signature result is True, which indicates that the data is sent by the local database node; otherwise, false; indicating that the data is maliciously transmitted by an intruder, and discarding the data at the moment;
(5) Re-signing the signed data with the signing result being True; the re-signed data, the unsigned data, the public signature key of the management node, and the hash function are sent to the local database node.
In step 8), the data transmission module of the management node performs signature verification on the data, decrypts the data to generate plaintext, and transmits the decrypted plaintext to a user, specifically:
8-1) the management node sends the signature data transmitted from the local database node to the data signature authentication module;
8-2) the data signature authentication module uses the signature public key of the local database node to decrypt the sent signature data to obtain a calculated hash value E of the local database node;
8-3) the data signature authentication module performs hash calculation on unsigned data by using the received hash function to obtain a new hash value F;
8-4) comparing the hash value E with the hash value F, if the two hash values are equal, the signature result is True, otherwise, the signature result is False;
8-5) if the signature verification result is True, indicating that the data is sent by the local database and is not lost in the transmission process; transmitting the data to a data decryption module for decryption operation; if the signature verification result is False, the data is shown to be maliciously sent by an intruder or is missing in the transmission process, and the data is discarded;
8-6) ID will be t Transmitting to a Key module, inquiring in a Key table to obtain a corresponding Key Key t Key Key t Transmitting the data to a decryption module in the data privacy protection module;
8-7) data decryption Module uses the transmitted Key t Decrypting the encrypted ciphertext to obtain plaintext, namely:
NewData=Key t (CipherData)
and sending the obtained plaintext to a user for visual display.
In the step 8-5), if the signature verification result is True, the data is indicated to be sent by the local database; transmitting the data to a data decryption module for decryption operation, comprising the following steps:
obtaining an initial vector IV and a Key Key t
The ciphertext is grouped, and the grouping Length is Length (Key t ) Obtaining ciphertext group
The first ciphertext group is decrypted, and then the decryption result and the initial vector IV are subjected to exclusive OR operation to obtain a plaintext groupNamely:
grouping ciphertextDecryption is performed on the decrypted packet and ciphertext packet>Performing an exclusive-or operation to obtain a plaintext block->
Traversing all ciphertext blocks until all ciphertext blocks are decrypted completely, and combining all plaintext blocks to obtain combined plaintext NewData;
and deleting the filling Data according to the value Y of the last plaintext NewData of the combined plaintext NewData, and deleting Y bits if the last value is Y to obtain the final plaintext Data.
A privacy protection-based distributed database system, comprising: a management node and N local database nodes;
the management node comprises: the device comprises a data transmission module, a data standardization module, a data privacy protection module and a key management module;
the data transmission module is used for sending the data input by the user to the data standardization module, outputting the interaction information data packet, the data ciphertext packet or the query information after signature authentication of the data privacy protection module to the local database node, and receiving the interaction information data packet, the data ciphertext packet or the query information after signature authentication of the local database node;
the data normalization module is used for receiving the data received by the data transmission module, performing data format normalization processing, and sending the data with the standardized format to the data privacy protection module;
the key management module is used for generating a key and a key ID, storing the key and the key ID into a key table, and sending the key and the key ID to the data privacy protection module;
the data privacy protection module comprises: the device comprises a data signature authentication module, a data encryption module and a data decryption module;
the data signature authentication module is used for carrying out signature authentication processing on the interactive information data packet, the data ciphertext packet or the query information received by the local database node and sending the data after the signature authentication processing to the local database node;
The data encryption module is used for encrypting the standardized data input by the user according to the secret key sent by the secret key management module to obtain a data ciphertext;
the data decryption module is used for decrypting the encrypted ciphertext to obtain a plaintext and transmitting the plaintext to a user through the data transmission module;
the local database node comprises: the device comprises a transmission module, a signature authentication module, a data storage module and a data query module;
the transmission module is used for data interaction with the management node;
the signature authentication module is used for carrying out signature authentication on the interaction information data packet, the data ciphertext packet or the query information sent to the local data node library by the management node and signing the data of the local data node library;
the data storage module is used for storing the data ciphertext packet sent by the management node;
the data query module is used for generating interaction information and querying the data in the local data storage module according to the query message sent by the management node.
The invention has the following beneficial effects and advantages:
1. the invention proposes to place all modules for encrypting and decrypting data on a management node. And the hidden danger of data leakage caused by data encryption and decryption among the nodes is reduced.
2. The invention provides that a key module is arranged at a management node, all keys are stored in a key table of the key module, data encryption and decryption are carried out at the management node, and the keys are only transmitted in the management node. The serious problem of key leakage caused by key transmission in each node of the distributed database is avoided.
Drawings
FIG. 1 is a flow chart of the data storage of the present invention;
FIG. 2 is a flow chart of local data node interactions of the present invention;
FIG. 3 is a flow chart of user query data according to the present invention;
FIG. 4 is a flow chart of data encryption of the data privacy module of the present invention;
FIG. 5 is a flow chart of data decryption of the data privacy module of the present invention;
FIG. 6 is a flow chart of the key module of the present invention generating a key;
fig. 7 is a schematic diagram of a system structure according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. The advantages and features of the present invention will become more apparent. It should be noted that the drawings are in a very simplified form and are all to a non-precise scale, merely for the purpose of facilitating a clear and helpful description of embodiments of the present invention. For a better understanding of the invention with objects, features and advantages, refer to the drawings. It should be understood that the structures, proportions, sizes, etc. shown in the drawings and described in the specification are for understanding and reading only in conjunction with the disclosure, and are not intended to limit the scope of the invention, which is defined by the appended claims.
Referring to fig. 1, which is a flowchart of data storage according to the present invention, the present invention provides a distributed database system based on privacy protection, which specifically includes the following steps:
1) And the user transmits the data to the data standardization module through the data transmission module to carry out data format standardization.
2) The key module generates a random key to join the key table and transmits the key and the key ID to the data privacy protection module.
Wherein the encryption process of the key management module is embodied as shown in FIG. 6, the key management module generates an ID within a fixed t period of time t And a random Key Key t
ID to be generated t And Key t Storing the key table; the key and the key ID are sent to the data privacy protection module as a key to encrypt the data in the t period.
3) And the data with standardized format is transmitted into a data encryption module in the data privacy protection module. And encrypting the data by using the random key at the moment, and performing signature authentication on the encrypted data ciphertext after obtaining the data ciphertext. And finally, packaging the data and transmitting the data to a local data node.
The step 3) is specifically as follows: the method comprises the following steps:
3-1) the data normalization module uses data format normalization criteria, namely:
ID+Time+DBId+Data=NewData
Wherein ID is the number of the current input Data, time is the current Time, DBId is the number of the local database node, data is the current input Data, and NewData is the standardized Data, which is used as a plaintext;
3-2) sending the standardized data NewData to a data encryption module;
3-3) after the data encryption module receives the transmitted data, key is used in the t time period t Encrypting the data, wherein an encryption formula is as follows:
CipherData=Key t (NewData)
wherein CipherData represents ciphertext obtained after encryption, newData represents standardized data as original encrypted data, key t A key indicating time t;
the specific decryption method for step 3-3) is as follows:
a. an initial vector IV is set, and the Length of the vector IV is Length (Key t ) And is a character string of which the length is equal to the random key length;
b. grouping the NewData of the plaintext to obtain a groupThe packet has a Length (Key t ) I.e. Key during time t t Is a length of (2); n is the number of packets;
c. for the last packetA padding operation is performed, i.e. a number Num is added to the last packet, i.e.:
at the last packetAdding Num Nums; if the last plaintext packet Length and the Key Length are the same, the refill Length is Length (Key t ) The values are all Length (Key t ) The last plaintext packet is kept consistent in length;
d. performing exclusive-or operation on the first block plaintext and the initial vector IV, and performing encryption operation on the exclusive-or result, namely:
wherein CipherData is n Representing the nth ciphertext block and,an nth plaintext packet;
e. ciphertexts cipherer data obtained after encryption n And E, performing exclusive OR operation with the next block plaintext, performing encryption operation on the obtained exclusive OR result, and cycling the step E until the last block encryption is completed to obtain the final ciphertext.
3-4) signing the obtained ciphertext data, and performing digital signature by using a fixed signature private key;
ciphertext CipherData, signed ciphertext, management node's signature public key, hash function, and key ID t Packaging the data into a data ciphertext packet,and the data is sent to the local database node through the data transmission module.
4) And after receiving the transmitted data, the transmission module of the local data node performs signature authentication. After passing the authentication, the data is transmitted to a data storage module, and the data is stored in a local database node.
The method comprises the following specific steps of:
The management node signs the data by using the generated key pair and the private key, and hashes the data by using a hash function to obtain a hash value. The hash value is signed using a function in a signature algorithm. And sending the obtained signed data, the public key of the key pair and the original data to the local data node. The local data node carries out hash operation on the original message to obtain a hash value of the original data. The hash value of the original data is signed using a function in a signing algorithm and a public signature key. Comparing the transmitted signature data, if the results of the two signature data are the same, proving that the data are the data transmitted by the management node, and performing other operations on the data. If the two results are different, the data is sent by a malicious attacker, and the data is discarded.
Signature verification is divided into three steps. The first step is that the sender uses a built-in function to perform hash calculation to obtain a hash value, and uses a signature private key to encrypt the hash value. The management node here is the sender.
The second step is to send the unsigned data, the signed data, and the sender's public signature key (including the hash function that performs the hash calculation) to the recipient.
The third step is that the receiver receives the data and decrypts the encrypted signature using the public key of the sender to obtain the hash value calculated at the sender. And calculating the unsigned ciphertext by using the hash function sent by the sender to obtain a hash value.
The receiving party compares the hash value calculated by itself with the hash value calculated by the transmitting party and if correct indicates that this data was sent by the transmitting party and has not been altered in the middle.
In the signature authentication process, data is sent to a local database node for a management node, and the local database node performs signature authentication, wherein the step of the step 4) specifically comprises the following signature authentication method:
4-1) the transmission module of the local database node receives the data ciphertext packet transmitted by the management node and sends the data ciphertext packet to the signature authentication module;
4-2) the signature authentication module carries out hash calculation on the unsigned ciphertext CipherData by the received hash function to obtain a new hash value A;
4-3) the signature authentication module uses the signature public key to decrypt the encrypted ciphertext after the signature is completed, and a hash value B is obtained;
4-4) comparing the hash value A with the hash value B, if the hash values are the same, the signature result is True, the data is indicated to be sent by the management node and the data is lost, and the data is sent to a data storage module in the local database node; otherwise, if False, the data is maliciously sent or is missing in the transmission process, and the data is discarded;
4-5) the data storage module stores the transmitted data in a local database.
Fig. 2 is a local data node interaction flow chart of the present invention, and the present invention provides a distributed database system based on privacy protection, specifically comprising the following steps:
5) When the local data node m performs data interaction with the local data node n, the local data node m sends interaction information to the management node.
6) The management node receives the interaction message of the local data node m and then sends the interaction message to the local data node n.
7) The local data node n processes the transmitted interactive message. And transmitting the acquired data to the management node.
8) And the data transmission module of the management node of the distributed database system performs signature authentication on the received data, and re-signs the data after the signature authentication is passed. The signature data or the like is transmitted to the local data node m.
9) After receiving the data, the transmission module of the local data node m transmits the data to the signature authentication module, and after passing the verification, the transmission module transmits the data to the data storage module to process the data.
In the invention, the steps 5) to 9) specifically comprise the following steps:
5-1) generating interaction information by a data query module of the local data node m; the interactive information is sent to a signature authentication module, and the interactive information is signed;
5-2) the transmission module of the local data node m packages the signed interactive message, the unsigned interactive message and the local data node signature public key as an interactive data packet and sends the interactive data packet to the management node;
5-3) the data signature authentication module of the management node performs signature authentication on the received interactive data packet; re-signing the original interactive message of the interactive message with the signature verification result being True;
5-4) the data transmission module of the management node packages the re-signed interaction message, the unsigned interaction message and the public signature key of the management node into a new interaction data packet and sends the new interaction data packet to the local data node n.
5-5) the signature authentication module of the local data node n performs signature authentication on the new interactive data packet record; sending the interaction message with the signature verification result being True to a data query module, and taking out data from a data storage module;
5-6) sending the extracted data to a signature authentication module for signature to obtain signed data;
5-7) the local data node n sends the signed data, the unsigned data, the signature public key of the local data node n and the hash function to the management node, and the signature authentication is performed again through the data signature authentication module of the management node.
5-8) the data signature authentication module of the management node signs the verified original data again, and sends the signed data, the unsigned data, the signature public key of the management node n and the hash function back to the local data node m;
5-9) the signature authentication module of the local data node m performs signature authentication on the new data packet; and storing the data with the signature verification result of True into a storage module.
The management node performs signature authentication on the data sent by the local database node, and all the signature authentication methods on the received data by the management node are the same, and the specific methods are as follows:
the data sent by the management node to the local data node comprises: interaction information data packet, data ciphertext packet or inquiry information;
(1) The management node transmits the transmitted data containing the signature to a data signature authentication module for signature authentication;
(2) The management node carries out hash calculation on unsigned data through a hash function to obtain a new hash value C;
(3) Decrypting the interaction message after the signature is completed according to the public signature key of the local database node to obtain a hash value D;
(4) Comparing the hash value C with the hash value D, and if the hash values are the same, the signature result is True, which indicates that the data is sent by the local database node; otherwise, false; indicating that the data is maliciously transmitted by an intruder, and discarding the data at the moment;
(5) Re-signing the signed data with the signing result being True; the re-signed data, the unsigned data, the public signature key of the management node, and the hash function are sent to the local database node.
Referring to fig. 3, the present invention provides a distributed database system based on privacy protection, which specifically includes the following steps:
10 The data transmission module of the management node of the distributed database system receives the inquiry information sent by the user and sends the inquiry information to the data privacy protection module for signature. And then transmitted to each local data node by the data transmission module.
11 After the local data node receives the inquiry message, the transmission module sends the inquiry message to the signature authentication module to perform signature authentication on the data. After the authentication is passed, the query message is sent to the data query module.
12 The data query module queries the locally stored data, the local data node sends the queried data to the signature authentication module, the signed data is sent to the transmission module, and the transmission module sends the signed data to the management node of the distributed database.
13 The data transmission module of the management node of the distributed database sends the data to the data signature authentication module for signature verification, the data are decrypted to generate plaintext, and the decrypted plaintext is transmitted to the user.
In step 13), the specific implementation manner is as follows:
13-1) the management node sends the signature data transmitted from the local database node to the data signature authentication module;
13-2) the data signature authentication module uses the signature public key of the local database node to decrypt the sent signature data to obtain a calculated hash value E of the local database node;
13-3) the data signature authentication module performs hash calculation on unsigned data by using the received hash function to obtain a new hash value F;
13-4) comparing the hash value E with the hash value F, if the two hash values are equal, the signature result is True, otherwise, the signature result is False;
13-5) if the signature verification result is True, indicating that the data is sent by the local database and is not missing in the transmission process; transmitting the data to a data decryption module for decryption operation; if the signature verification result is False, the data is shown to be maliciously sent by an intruder or is missing in the transmission process, and the data is discarded;
13-6) ID will be t Transmitting to a Key module, inquiring in a Key table to obtain a corresponding Key Key t Key Key t Transmitting the data to a decryption module in the data privacy protection module;
13-7) data decryption Module Using the transmitted Key t Decrypting the encrypted ciphertext to obtain plaintext, namely:
NewData=Key t (CipherData)
and sending the obtained plaintext to a user for visual display.
Fig. 4 is a flowchart of data encryption of a data privacy module according to the present invention, and the present invention provides a distributed database system based on privacy protection, which specifically includes the following steps:
after the data privacy protection module receives the transmitted data, key is used in the t time period t The data is encrypted, and the encryption formula is as follows:
CipherData=Key t (NewDate)
first, an initial vector IV is set, and the Length of the vector IV is Length (Key t )。
Secondly, grouping the plaintext NewData to obtain a groupThe Length of the packet is Length (Key t ) I.e. Key during time t t Is a length of (c).
Again, the padding operation is performed on the last packet, i.e. the number Num added in the last packet is shown by the following formula:
at the last packetTo which Num are added. So that the last plaintext packet remains of consistent length.
Then, the first block plaintext and the initial vector IV are exclusive-ored and the result of the exclusive-ored is encrypted, the formula is as follows:
finally, encrypting the obtained ciphertext n And performing an exclusive-or operation with the next block plaintext, and performing encryption operation on the obtained exclusive-or result as in the encryption operation of the previous step. This operation is looped until the last block encryption is completed to obtain the last ciphertext.
Fig. 5 is a flowchart of data decryption of a data privacy module according to the present invention, and the present invention provides a distributed database system based on privacy protection, which specifically includes the following steps:
first, an initial vector IV and a Key Key are acquired t
Secondly, the ciphertext is grouped, and the grouping Length is Length (Key t ) Obtaining ciphertext group
Thirdly, the first ciphertext group is decrypted, and then the decryption result and the initial vector IV are subjected to exclusive OR operation to obtain a plaintext groupThe formula is as follows: />
Then, the ciphertext is groupedPerforming decryption operation on the decrypted packet and the ciphertext packetPerforming an exclusive-or operation to obtain a plaintext block->According to the last step in sequenceThe line is decrypted in a loop. Until all ciphertext packets are decrypted.
And finally, combining all the plaintext packets to obtain combined plaintext NewData. And deleting Y numbers filled in encryption according to the value Y of the last number of the combined plaintext NewData. And obtaining the final plaintext Data.
FIG. 5 is a flow chart of the key generation by the key module of the present invention, which provides a procedure for encryption or decryption;
wherein the encryption process is embodied in the step 2), and comprises the following steps:
first, the key module generates Id at time t t And Key t . At a set fixed time period, a new key is randomly generated.
Second, id to be generated t And Key t Stored in a key table in the key module.
Again, id generated at time t is taken into account t And Key t And transmitting the data to a data privacy protection module. The data encryption module provided to the data privacy protection module performs an encryption operation on the data.
When the data privacy protection module needs to decrypt the data, the data privacy protection module will be according to Id t The method comprises the steps of entering a key table of a key module to inquire, sending the inquired key to a data privacy protection module, and enabling the data privacy protection module to decrypt encrypted data by using the key to obtain a plaintext and returning the plaintext to a user.
As shown in fig. 7, a schematic system structure of the present invention is shown, and the present invention includes: a management node and N local database nodes;
a management node, comprising: the device comprises a data transmission module, a data standardization module, a data privacy protection module and a key management module;
The data transmission module is used for transmitting the data input by the user to the data standardization module, outputting the interaction information data packet, the data ciphertext packet or the query information after signature authentication of the data privacy protection module to the local database node, and receiving the interaction information data packet, the data ciphertext packet or the query information after signature authentication of the local database node;
the data normalization module is used for receiving the data received by the data transmission module, performing data format normalization processing, and sending the data with the standardized format to the data privacy protection module;
the key management module is used for generating a key and a key ID, storing the key and the key ID into the key table, and sending the key and the key ID to the data privacy protection module;
a data privacy protection module comprising: the device comprises a data signature authentication module, a data encryption module and a data decryption module;
the data signature authentication module is used for carrying out signature authentication processing on the interactive information data packet, the data ciphertext packet or the query information received by the local database node and sending the data after the signature authentication processing to the local database node;
the data encryption module is used for encrypting the standardized data input by the user according to the secret key sent by the secret key management module to obtain a data ciphertext;
The data decryption module is used for decrypting the encrypted ciphertext to obtain a plaintext and transmitting the plaintext to a user through the data transmission module;
a local database node comprising: the device comprises a transmission module, a signature authentication module, a data storage module and a data query module;
the transmission module is used for data interaction with the management node;
the signature authentication module is used for carrying out signature authentication on the interactive information data packet, the data ciphertext packet or the query information sent to the local data node library by the management node and signing the data of the local data node library;
the data storage module is used for storing the data ciphertext packet sent by the management node;
and the data query module is used for generating interaction information and querying the data in the local data storage module according to the query message sent by the management node.
Referring to fig. 1 to 3 and fig. 6 to 7, it can be shown that the encryption and decryption module is transferred from the middle of the node to the management node, so that the security of the data is more reliable. And a key module in the management node avoids transmission of the encryption key among the nodes to prevent key leakage.
The invention proposes to place all modules for encrypting and decrypting data on a management node. And the hidden danger of data leakage caused by data encryption and decryption among the nodes is reduced.
The invention provides that a key module is arranged at a management node, all keys are stored in a key table of the key module, data encryption and decryption are carried out at the management node, and the keys are only transmitted in the management node. The serious problem of key leakage caused by key transmission in individual nodes of the distributed database is avoided.
The foregoing is merely an embodiment of the present invention and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, or expansion made within the spirit and principle of the present invention is included in the protection scope of the present invention.

Claims (10)

1. A privacy protection-based security method for a distributed database system, comprising the steps of:
1) The data transmission module is used for transmitting the data to the data standardization module through the data transmission module and carrying out format standardization processing to obtain data after format standardization;
2) The key management module generates a secret key and a secret key ID, stores the secret key and the secret key ID into a secret key table, and sends the secret key and the secret key ID to the data encryption module of the data privacy protection module;
3) The data after format standardization is sent to a data encryption module of a data privacy protection module, and data encryption is carried out according to a secret key to obtain a data ciphertext; after the data ciphertext is subjected to signature processing through a data signature authentication module, the data ciphertext package is packaged and is transmitted to a local database node through a data transmission module;
4) After a transmission module of the local database node receives the transmitted data ciphertext packet, the local database node performs signature authentication through a signature authentication module; after passing the authentication, transmitting the data to a data storage module to store the data in a local database node;
5) When the local database node m performs data interaction with the local database node n, the local database node m realizes interaction with the local database node n through the management node;
6) The data transmission module of the management node receives the inquiry information sent by the user, sends the inquiry information to the data signature authentication module for signature, and outputs the inquiry information to each local database node through the data transmission module;
7) The local database node receives the signed inquiry message, the transmission module sends the signed inquiry message to the signature authentication module to carry out signature authentication on the data, and after the authentication is passed, the inquiry message is sent to the data inquiry module;
8) The local database node inquires the locally stored data through the data inquiry module, sends the inquired data to the signature authentication module for signature, sends the signature data to the transmission module, and sends the signature data to the data transmission module of the management node through the transmission module.
2. The privacy protection-based security method of a distributed database system according to claim 1, wherein the step 2) is specifically:
the key management module generates an ID within a fixed t period t And a random Key Key t
ID to be generated t And Key t Storing the key table; the key and the key ID are sent to the data privacy protection module as a key to encrypt the data in the t period.
3. A privacy preserving method of distributed database system as claimed in claim 1, wherein said step 3) comprises the steps of:
3-1) the data normalization module uses data format normalization criteria, namely:
ID+Time+DBId+Data=NewData
wherein ID is the number of the current input Data, time is the current Time, DBId is the number of the local database node, data is the current input Data, and NewData is the standardized Data, which is used as a plaintext;
3-2) sending the standardized data NewData to a data encryption module;
3-3) after the data encryption module receives the transmitted data, key is used in the t time period t Encrypting the data, wherein an encryption formula is as follows:
CipherData=Key t (NewData)
wherein CipherData represents ciphertext obtained after encryption, newData represents standardized data as original encrypted data, key t A key indicating time t;
3-4) signing the obtained ciphertext data, and performing digital signature by using a fixed signature private key;
ciphertext CipherData, signed ciphertext, management node's signature public key, hash function, and key ID t And packaging the data ciphertext packets and sending the data ciphertext packets to the local database node through the data transmission module.
4. A privacy protection based distributed database system privacy protection method according to claim 3, wherein the step 3-3) specifically comprises:
a. an initial vector IV is set, and the Length of the vector IV is Length (Key t ) And is a character string of which the length is equal to the random key length;
b. grouping the NewData of the plaintext to obtain a groupThe packet has a Length (Key t ) I.e. Key during time t t Is a length of (2); n is the number of packets;
c. for the last packetA padding operation is performed, i.e. a number Num is added to the last packet, i.e.:
at the last packetAdding Num Nums; if the last plaintext packet Length and the Key Length are the same, the refill Length is Length (Key t ) The values are all Length (Key t ) The last plaintext packet is kept consistent in length;
d. performing exclusive-or operation on the first block plaintext and the initial vector IV, and performing encryption operation on the exclusive-or result, namely:
Wherein CipherData is n Representing the nth ciphertext block and,an nth plaintext packet;
e. ciphertexts cipherer data obtained after encryption n And E, performing exclusive OR operation with the next block plaintext, performing encryption operation on the obtained exclusive OR result, and cycling the step E until the last block encryption is completed to obtain the final ciphertext.
5. The privacy protection-based security method of a distributed database system according to claim 1, wherein in step 4), the local database node performs signature authentication through a signature authentication module, specifically:
4-1) the transmission module of the local database node receives the data ciphertext packet transmitted by the management node and sends the data ciphertext packet to the signature authentication module;
4-2) the signature authentication module carries out hash calculation on the unsigned ciphertext CipherData by the received hash function to obtain a new hash value A;
4-3) the signature authentication module uses the signature public key to decrypt the encrypted ciphertext after the signature is completed, and a hash value B is obtained;
4-4) comparing the hash value A with the hash value B, if the hash values are the same, the signature result is True, the data is indicated to be sent by the management node and the data is lost, and the data is sent to a data storage module in the local database node; otherwise, if False, the data is maliciously sent or is missing in the transmission process, and the data is discarded;
4-5) the data storage module stores the transmitted data in a local database.
6. The privacy protection-based security method of a distributed database system according to claim 1, wherein the step 5) specifically comprises:
5-1) generating interaction information by a data query module of the local data node m; the interactive information is sent to a signature authentication module, and the interactive information is signed;
5-2) the transmission module of the local data node m packages the signed interactive message, the unsigned interactive message and the local data node signature public key as an interactive data packet and sends the interactive data packet to the management node;
5-3) the data signature authentication module of the management node performs signature authentication on the received interactive data packet; re-signing the original interactive message of the interactive message with the signature verification result being True;
5-4) the data transmission module of the management node packages the re-signed interaction message, the unsigned interaction message and the public signature key of the management node into a new interaction data packet and sends the new interaction data packet to the local data node n;
5-5) the signature authentication module of the local data node n performs signature authentication on the new interactive data packet record; sending the interaction message with the signature verification result being True to a data query module, and taking out data from a data storage module;
5-6) sending the extracted data to a signature authentication module for signature to obtain signed data;
5-7) the local data node n sends the signed data, the unsigned data, the signature public key of the local data node n and the hash function to the management node, and signature authentication is performed again through a data signature authentication module of the management node;
5-8) the data signature authentication module of the management node signs the verified original data again, and sends the signed data, the unsigned data, the signature public key of the management node n and the hash function back to the local data node m;
5-9) the signature authentication module of the local data node m performs signature authentication on the new data packet; and storing the data with the signature verification result of True into a storage module.
7. The privacy protection-based security method of a distributed database system according to claim 6, wherein the management node performs signature authentication on data sent by the local data node, specifically:
the data sent by the management node to the local data node comprises: interaction information data packet, data ciphertext packet or inquiry information;
(1) The management node transmits the transmitted data containing the signature to a data signature authentication module for signature authentication;
(2) The management node carries out hash calculation on unsigned data through a hash function to obtain a new hash value C;
(3) Decrypting the interaction message after the signature is completed according to the public signature key of the local database node to obtain a hash value D;
(4) Comparing the hash value C with the hash value D, and if the hash values are the same, the signature result is True, which indicates that the data is sent by the local database node; otherwise, false; indicating that the data is maliciously transmitted by an intruder, and discarding the data at the moment;
(5) Re-signing the signed data with the signing result being True; the re-signed data, the unsigned data, the public signature key of the management node, and the hash function are sent to the local database node.
8. The privacy protection-based security method of a distributed database system according to claim 1, wherein in step 8), the data transmission module of the management node performs signature verification on the data, decrypts the data to generate plaintext, and transmits the decrypted plaintext to the user, specifically:
8-1) the management node sends the signature data transmitted from the local database node to the data signature authentication module;
8-2) the data signature authentication module uses the signature public key of the local database node to decrypt the sent signature data to obtain a calculated hash value E of the local database node;
8-3) the data signature authentication module performs hash calculation on unsigned data by using the received hash function to obtain a new hash value F;
8-4) comparing the hash value E with the hash value F, if the two hash values are equal, the signature result is True, otherwise, the signature result is False;
8-5) if the signature verification result is True, indicating that the data is sent by the local database and is not lost in the transmission process; transmitting the data to a data decryption module for decryption operation; if the signature verification result is False, the data is shown to be maliciously sent by an intruder or is missing in the transmission process, and the data is discarded;
8-6) ID will be t Transmitting to a Key module, inquiring in a Key table to obtain a corresponding Key Key t Key Key t Sending to data privacy protectionA decryption module in the module;
8-7) data decryption Module uses the transmitted Key t Decrypting the encrypted ciphertext to obtain plaintext, namely:
NewData=Key t (CipherData)
and sending the obtained plaintext to a user for visual display.
9. The privacy-preserving distributed database system confidentiality method of claim 8, wherein in step 8-5), if the signature verification result is True, it indicates that the data is transmitted from the local database; transmitting the data to a data decryption module for decryption operation, comprising the following steps:
Obtaining an initial vector IV and a Key Key t
The ciphertext is grouped, and the grouping Length is Length (Key t ) Obtaining ciphertext group
The first ciphertext group is decrypted, and then the decryption result and the initial vector IV are subjected to exclusive OR operation to obtain a plaintext groupNamely:
grouping ciphertextDecryption is performed on the decrypted packet and ciphertext packet>Performing an exclusive-or operation to obtain a plaintext block->
Traversing all ciphertext blocks until all ciphertext blocks are decrypted completely, and combining all plaintext blocks to obtain combined plaintext NewData;
and deleting the filling Data according to the value Y of the last plaintext NewData of the combined plaintext NewData, and deleting Y bits if the last value is Y to obtain the final plaintext Data.
10. A privacy protection based security method of a distributed database system according to claims 1-9, implemented based on the distributed database system, characterized in that the distributed database system comprises: a management node and N local database nodes;
the management node comprises: the device comprises a data transmission module, a data standardization module, a data privacy protection module and a key management module;
The data transmission module is used for sending the data input by the user to the data standardization module, outputting the interaction information data packet, the data ciphertext packet or the query information after signature authentication of the data privacy protection module to the local database node, and receiving the interaction information data packet, the data ciphertext packet or the query information after signature authentication of the local database node;
the data normalization module is used for receiving the data received by the data transmission module, performing data format normalization processing, and sending the data with the standardized format to the data privacy protection module;
the key management module is used for generating a key and a key ID, storing the key and the key ID into a key table, and sending the key and the key ID to the data privacy protection module;
the data privacy protection module comprises: the device comprises a data signature authentication module, a data encryption module and a data decryption module;
the data signature authentication module is used for carrying out signature authentication processing on the interactive information data packet, the data ciphertext packet or the query information received by the local database node and sending the data after the signature authentication processing to the local database node;
the data encryption module is used for encrypting the standardized data input by the user according to the secret key sent by the secret key management module to obtain a data ciphertext;
The data decryption module is used for decrypting the encrypted ciphertext to obtain a plaintext and transmitting the plaintext to a user through the data transmission module;
the local database node comprises: the device comprises a transmission module, a signature authentication module, a data storage module and a data query module;
the transmission module is used for data interaction with the management node;
the signature authentication module is used for carrying out signature authentication on the interaction information data packet, the data ciphertext packet or the query information sent to the local data node library by the management node and signing the data of the local data node library;
the data storage module is used for storing the data ciphertext packet sent by the management node;
the data query module is used for generating interaction information and querying the data in the local data storage module according to the query message sent by the management node.
CN202210660132.1A 2022-06-13 2022-06-13 Distributed database system based on privacy protection and confidentiality method Active CN115118416B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210660132.1A CN115118416B (en) 2022-06-13 2022-06-13 Distributed database system based on privacy protection and confidentiality method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210660132.1A CN115118416B (en) 2022-06-13 2022-06-13 Distributed database system based on privacy protection and confidentiality method

Publications (2)

Publication Number Publication Date
CN115118416A CN115118416A (en) 2022-09-27
CN115118416B true CN115118416B (en) 2024-04-16

Family

ID=83325503

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210660132.1A Active CN115118416B (en) 2022-06-13 2022-06-13 Distributed database system based on privacy protection and confidentiality method

Country Status (1)

Country Link
CN (1) CN115118416B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115544498B (en) * 2022-11-24 2023-05-23 华控清交信息科技(北京)有限公司 Ciphertext data visual monitoring method and device and electronic equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102946602A (en) * 2012-12-04 2013-02-27 镇江江大科茂信息系统有限责任公司 Mobile information system based privacy protection and encryption method
CN114024710A (en) * 2021-09-27 2022-02-08 中诚信征信有限公司 Data transmission method, device, system and equipment
CN114567431A (en) * 2022-02-28 2022-05-31 中国人民解放军空军预警学院 Security authentication method for unidirectional transmission

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102946602A (en) * 2012-12-04 2013-02-27 镇江江大科茂信息系统有限责任公司 Mobile information system based privacy protection and encryption method
CN114024710A (en) * 2021-09-27 2022-02-08 中诚信征信有限公司 Data transmission method, device, system and equipment
CN114567431A (en) * 2022-02-28 2022-05-31 中国人民解放军空军预警学院 Security authentication method for unidirectional transmission

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
基于混合加密的无线医疗传感网数据安全与隐私保护;丁邢涛;钟伯成;朱淑文;黄勃;;医疗卫生装备;20171215(第12期) *
基于身份的分级加密算法在医疗平台中的应用;贾王晶;;计算机产品与流通;20180215(第02期);全文 *
工业互联网智能制造边缘计算 模型与验证方法;宋纯贺,武婷婷,徐文想,于诗矛;《边缘计算》;20200131;全文 *

Also Published As

Publication number Publication date
CN115118416A (en) 2022-09-27

Similar Documents

Publication Publication Date Title
US5937066A (en) Two-phase cryptographic key recovery system
CA2197915C (en) Cryptographic key recovery system
US5796830A (en) Interoperable cryptographic key recovery system
CN105610793B (en) A kind of outsourcing data encryption storage and cryptogram search system and its application process
US6535607B1 (en) Method and apparatus for providing interoperability between key recovery and non-key recovery systems
CN110061957A (en) Data encryption, decryption method, user terminal, server and data management system
CN109840425A (en) A kind of method and apparatus of file encryption
CN104836657B (en) A kind of identity-based anonymity broadcast encryption method with efficient decryption features
CA2819211C (en) Data encryption
CN107181584A (en) Asymmetric complete homomorphic cryptography and its replacement of keys and ciphertext complete a business transaction method
CN115118416B (en) Distributed database system based on privacy protection and confidentiality method
JPH04347949A (en) Cipher communicating method and cipher communicating system
Indrayani et al. Effectiveness comparison of the AES and 3DES cryptography methods on email text messages
CN111835766B (en) Re-random public key encryption and decryption method
Carpent et al. Private set projections & variants
CN114036541A (en) Application method for compositely encrypting and storing user private content
CN109120589B (en) Terminal information protection method and device based on encryption password
Mohamad et al. Verifiable structured encryption
Siva et al. Hybrid cryptography security in public cloud using TwoFish and ECC algorithm
Chelladurai et al. Intelligent Digital Envelope for Distributed Cloud-Based Big Data Security.
US20210126906A1 (en) Communication device, server device, concealed communication system, methods for the same, and program
Narula et al. A novel review on healthcare data encryption techniques
Al-Attab et al. Hybrid data encryption technique for data security in cloud computing
Gennaro et al. Secure key recovery
CN115829754B (en) Transaction supervision method and device for privacy protection blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant