CN116502251B - Data encryption storage method, device, equipment and storage medium - Google Patents

Data encryption storage method, device, equipment and storage medium Download PDF

Info

Publication number
CN116502251B
CN116502251B CN202310736393.1A CN202310736393A CN116502251B CN 116502251 B CN116502251 B CN 116502251B CN 202310736393 A CN202310736393 A CN 202310736393A CN 116502251 B CN116502251 B CN 116502251B
Authority
CN
China
Prior art keywords
data
target
security
security level
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310736393.1A
Other languages
Chinese (zh)
Other versions
CN116502251A (en
Inventor
文天乐
布向伟
彭昊旻
赵也倪
陈乐�
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dongfang Space Technology Shandong Co Ltd
Original Assignee
Dongfang Space Technology Shandong Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dongfang Space Technology Shandong Co Ltd filed Critical Dongfang Space Technology Shandong Co Ltd
Priority to CN202310736393.1A priority Critical patent/CN116502251B/en
Publication of CN116502251A publication Critical patent/CN116502251A/en
Application granted granted Critical
Publication of CN116502251B publication Critical patent/CN116502251B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Data Mining & Analysis (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Evolutionary Computation (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a data encryption storage method, a device, equipment and a storage medium, and relates to the technical field of aerospace data processing; the method comprises the following steps: obtaining data to be processed, wherein the data to be processed comprises: equipment configuration data and experimental data in rocket test and emission terminals; classifying the data to be processed to obtain at least one classified target data; processing at least one security level of target data by utilizing at least one target security level encryption algorithm to obtain a data processing result; the encryption algorithm of the target security corresponds to the security of the target data one by one; and storing the data processing result into a target storage device. According to the scheme, different types of rocket test data can be classified, encrypted and stored, the safety of data transmission is guaranteed, different storage measures are adopted for different level data, resources are reasonably allocated, and the data transmission time is shortened.

Description

Data encryption storage method, device, equipment and storage medium
Technical Field
The invention relates to the technical field of aerospace data processing, in particular to a data encryption storage method, device, equipment and storage medium.
Background
In the design of ground software in the field of aerospace technology, data transmitted by equipment in rocket launching is usually stored in a local database or a cloud platform and the like, and data generated in a test can be intuitively seen through logging in the database or the cloud platform. However, the data storage mode may have a risk of data leakage, and if critical data is leaked, the safety of the test may not be ensured. And the data cannot be classified according to different data, and data storage measures cannot be adopted according to different data grades.
Disclosure of Invention
The invention aims to solve the technical problem of providing a data encryption storage method, a device, equipment and a storage medium, which can be used for classifying, encrypting and storing rocket test data of different types, guaranteeing the safety of data transmission, adopting different storage measures for different data of different levels, reasonably distributing resources and reducing the data transmission time.
In order to solve the technical problems, the technical scheme of the invention is as follows:
a data encryption storage method, comprising:
obtaining data to be processed, wherein the data to be processed comprises: equipment configuration data and experimental data in rocket test and emission terminals;
classifying the data to be processed to obtain at least one classified target data;
processing at least one security level of target data by utilizing at least one target security level encryption algorithm to obtain a data processing result; the encryption algorithm of the target security corresponds to the security of the target data one by one;
and storing the data processing result into a target storage device.
Optionally, classifying the data to be processed to obtain at least one classified target data, including:
and classifying the data to be processed according to the operation influence degree of the data to be processed on the equipment to obtain target data of a first security level, target data of a second security level or target data of a third security level, wherein the first security level is greater than the second security level, and the second security level is greater than the third security level.
Optionally, the classifying the to-be-processed data according to the operation influence degree of the to-be-processed data on the device includes:
when the data to be processed is configuration data for controlling rocket launching, determining that the data to be processed is target data of a first security level, adding a first mark to the target data of the first security level, and adding data source information to the target data attribute information of the first security level;
when the data to be processed is state data monitored in the rocket testing process, determining that the data to be processed is target data of a second security class, adding a second mark to the target data of the second security class, and adding data source information to the target data attribute information of the second security class;
when the data to be processed is a rocket test process file, determining that the data to be processed is target data of a third security level, adding a third mark to the target data of the third security level, and adding data source information to the target data attribute information of the third security level.
Optionally, processing the target data of at least one security class by using an encryption algorithm of at least one target security class to obtain a data processing result, including:
performing secondary encryption on the target data of the first security level through a double encryption algorithm, and performing single encryption on the target data of the second security level through a layer of encryption algorithm to obtain a ciphertext data processing result;
outputting the target data of the third security level in a plaintext form to obtain a plaintext data processing result.
Optionally, the data encryption storage method further includes:
encrypting the target key through a preset root key, and storing a key encryption result through a preset device; the target key is a key generated in the process of encrypting the target data by the double encryption algorithm and the one-layer encryption algorithm.
Optionally, encrypting the target key by a preset root key, and storing the key encryption result by a preset device, including:
performing asymmetric encryption on a first key generated in the encryption process of the target data of the first security class through a preset root key pair double encryption algorithm, and storing the first key;
and symmetrically encrypting and storing a second key generated in the encryption process of the target data of the second security level through a preset root key pair one-layer encryption algorithm.
Optionally, storing the data processing result in a target storage device includes:
adding a flag bit with preset byte number for the data processing result according to the security level of the target data, wherein the flag bit marks the security level of the target data and the key storage address;
adding the data processing result to a corresponding thread pool according to the zone bit information of the data processing result;
and sending the data in the thread pool to a target storage device for storage.
The invention also provides a data encryption storage device, which comprises:
the acquisition module acquires data to be processed, wherein the data to be processed comprises: equipment configuration data and experimental data in rocket test and emission terminals;
the processing module is used for carrying out security classification on the data to be processed to obtain at least one security target data; processing at least one security level of target data by utilizing at least one target security level encryption algorithm to obtain a data processing result; the encryption algorithm of the target security corresponds to the security of the target data one by one; and storing the data processing result into a target storage device.
The present invention also provides a computing device comprising: a processor, a memory storing a computer program which, when executed by the processor, performs the method as described above.
The invention also provides a computer readable storage medium storing instructions that, when executed on a computer, cause the computer to perform a method as described above.
The scheme of the invention at least comprises the following beneficial effects:
according to the scheme, the data to be processed are obtained, and the data to be processed comprise: equipment configuration data and experimental data in rocket test and emission terminals; classifying the data to be processed to obtain at least one classified target data; processing at least one security level of target data by utilizing at least one target security level encryption algorithm to obtain a data processing result; the encryption algorithm of the target security corresponds to the security of the target data one by one; and storing the data processing result into a target storage device. The rocket test data of different types can be classified, encrypted and stored, the safety of data transmission is ensured, meanwhile, different data of different classes adopt different storage measures, resources are reasonably allocated, and the data transmission time is reduced.
Drawings
FIG. 1 is a flow chart of a data encryption storage method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of data processing of a data encryption storage method according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of key storage of a data encryption storage method according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a data encryption storage device according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
As shown in fig. 1, an embodiment of the present invention proposes a data encryption storage method, including:
step 11, obtaining data to be processed, wherein the data to be processed comprises: equipment configuration data and experimental data in rocket test and emission terminals;
step 12, classifying the data to be processed to obtain at least one classified target data;
step 13, processing the target data of at least one security class by utilizing an encryption algorithm of at least one target security class to obtain a data processing result; the encryption algorithm of the target security corresponds to the security of the target data one by one;
and step 14, storing the data processing result into a target storage device.
In this embodiment, as shown in fig. 2, a data processing module is added in the existing data storage flow, where the data processing module first classifies the data to be processed, determines the data type, and determines the data security level according to the data type. And carrying out encryption processing on the classified target data through a corresponding encryption algorithm, and storing the processing result into a corresponding device. By means of classified encryption storage, resources are reasonably utilized while safety of data transmission is guaranteed, data storage speed is guaranteed, and data transmission time is shortened.
In an alternative embodiment of the present invention, step 12 may include:
and step 121, classifying the data to be processed according to the operation influence degree of the data to be processed on the equipment to obtain target data of a first security level, target data of a second security level or target data of a third security level, wherein the first security level is greater than the second security level, and the second security level is greater than the third security level.
In this embodiment, the data to be processed is classified into three levels according to the importance and the data property of the data to be processed. Wherein the data of the first security class corresponds to the highest encryption measure to be taken.
In an alternative embodiment of the present invention, step 121 may include:
step 1211, when the data to be processed is configuration data for controlling rocket launching, determining that the data to be processed is target data of a first security class, adding a first mark to the target data of the first security class, and adding data source information to the target data attribute information of the first security class;
step 1212, when the data to be processed is status data monitored in the rocket testing process, determining that the data to be processed is target data of a second security level, adding a second mark to the target data of the second security level, and adding data source information to the target data attribute information of the second security level;
and 1213, when the data to be processed is a rocket test process file, determining that the data to be processed is target data of a third security level, adding a third mark to the target data of the third security level, and adding data source information to the target data attribute information of the third security level.
In this embodiment, data influencing the operation of the device is defined as target data of a first security class, such as configuration files, files deployed in a rocket test and launching terminal, and the rocket is launched by reading the data; the state data of the equipment transmitted by the telemetry equipment are defined as target data of a second security class, the state of the equipment is monitored in real time by the target data of the second security class, and backtracking is convenient after the test is finished; and defining other process files as target data of a third security class, wherein the target data of the third security class has no influence on experiments.
Further, after the data classification standard is defined, classifying the data to be processed by adding the flag bit and updating the data attribute information, and adding the data source information into the data attribute information. When the target data is processed, firstly judging the data attribute and the flag bit, and when the flag bit accords with the source information in the attribute, processing the data, otherwise reporting errors.
In an alternative embodiment of the present invention, step 13 may include:
step 131, performing secondary encryption on the target data of the first security level through a double encryption algorithm, and performing single encryption on the target data of the second security level through a layer of encryption algorithm to obtain a ciphertext data processing result;
and 132, outputting the target data of the third security level in a plaintext form to obtain a plaintext data processing result.
In this embodiment, due to different data sources, the data may be encrypted or directly output in plaintext by different modules. And for the target data of the first security class, a double encryption algorithm is used, and the target data is symmetrically encrypted twice through two keys, so that the safety of data transmission is ensured. For the target data of the second secret class, the data is directly processed by symmetric encryption due to large data volume, and the same secret key can be used as an encryption key and a decryption key of information simultaneously by adopting an encryption method of a single-key cryptosystem, so that the data are encrypted and decrypted. And for the target data of the third security class, the target data is directly output in a plaintext form.
In an alternative embodiment of the present invention, the method further includes:
step 15, encrypting the target key through a preset root key, and storing the key encryption result through a preset device; the target key is a key generated in the process of encrypting the target data by the double encryption algorithm and the one-layer encryption algorithm.
In this embodiment, as shown in fig. 3, the encryption protection is further performed on the key generated in the data encryption process through the hardware security module, so as to prevent the key from being revealed.
In an alternative embodiment of the present invention, step 15 may include:
step 151, performing asymmetric encryption on a first key generated in the encryption process of the target data of the first security class through a preset root key pair double encryption algorithm, and storing the first key;
and 152, symmetrically encrypting and storing a second key generated in the process of encrypting the target data of the second security level by a preset root key pair one-layer encryption algorithm.
In this embodiment, keys generated in the data encryption process are all protected by the root key. And for the first key, the first key is protected by an asymmetric encryption algorithm, and when a user reads data, the private key corresponding to the root key is used for decrypting the key, and then the data is decrypted by the key. For the second key, a symmetric encryption algorithm is used to protect the key.
In an alternative embodiment of the present invention, step 14 may include:
step 141, adding a flag bit with preset byte number for the data processing result according to the security level of the target data, wherein the flag bit marks the security level and the key storage address of the target data;
step 142, adding the data processing result to a corresponding thread pool according to the flag bit information of the data processing result;
and step 143, sending the data in the thread pool to a target storage device for storage.
In this embodiment, in the data storage process, the unique data format is formed according to the identifiers added according to the different security classes, the data is put into different threads through different flag bits, and the data is stored fast and efficiently in a thread pool manner. The marker bit marks the security level of target data and the corresponding key storage address, and the target storage device comprises a database or a cloud platform.
When the user needs to analyze the security data, the data software firstly identifies the flag bit, decrypts the corresponding key in the hardware security module according to the flag bit information and the private key, and then exports the data. The data analysis software needs to be protected in a login mode, and if an illegal user exists, any operation can not be performed on the data. When a user needs to check the first security data, a private key is loaded in analysis software according to different authorities, and the check and modification of the high-security data are performed in the analysis software.
According to the embodiment of the invention, the data is stored after being encrypted, so that the safety of the data is ensured, and the data is prevented from being stolen. Meanwhile, through data classification, data screening and classification of grades are realized, different means of data decryption are guaranteed when the data is externally called, multi-level protection is carried out on the data, and data reliability is guaranteed.
As shown in fig. 4, an embodiment of the present invention further provides a data encryption storage device 40, including:
the obtaining module 41 obtains data to be processed, where the data to be processed includes: equipment configuration data and experimental data in rocket test and emission terminals;
the processing module 42 performs security classification on the data to be processed to obtain at least one security target data; processing at least one security level of target data by utilizing at least one target security level encryption algorithm to obtain a data processing result; the encryption algorithm of the target security corresponds to the security of the target data one by one; and storing the data processing result into a target storage device.
Optionally, classifying the data to be processed to obtain at least one classified target data, including:
and classifying the data to be processed according to the operation influence degree of the data to be processed on the equipment to obtain target data of a first security level, target data of a second security level or target data of a third security level, wherein the first security level is greater than the second security level, and the second security level is greater than the third security level.
Optionally, the classifying the to-be-processed data according to the operation influence degree of the to-be-processed data on the device includes:
when the data to be processed is configuration data for controlling rocket launching, determining that the data to be processed is target data of a first security level, adding a first mark to the target data of the first security level, and adding data source information to the target data attribute information of the first security level;
when the data to be processed is state data monitored in the rocket testing process, determining that the data to be processed is target data of a second security class, adding a second mark to the target data of the second security class, and adding data source information to the target data attribute information of the second security class;
when the data to be processed is a rocket test process file, determining that the data to be processed is target data of a third security level, adding a third mark to the target data of the third security level, and adding data source information to the target data attribute information of the third security level.
Optionally, processing the target data of at least one security class by using an encryption algorithm of at least one target security class to obtain a data processing result, including:
performing secondary encryption on the target data of the first security level through a double encryption algorithm, and performing single encryption on the target data of the second security level through a layer of encryption algorithm to obtain a ciphertext data processing result;
outputting the target data of the third security level in a plaintext form to obtain a plaintext data processing result.
Optionally, the data encryption storage method further includes:
encrypting the target key through a preset root key, and storing a key encryption result through a preset device; the target key is a key generated in the process of encrypting the target data by the double encryption algorithm and the one-layer encryption algorithm.
Optionally, encrypting the target key by a preset root key, and storing the key encryption result by a preset device, including:
performing asymmetric encryption on a first key generated in the encryption process of the target data of the first security class through a preset root key pair double encryption algorithm, and storing the first key;
and symmetrically encrypting and storing a second key generated in the encryption process of the target data of the second security level through a preset root key pair one-layer encryption algorithm.
Optionally, storing the data processing result in a target storage device includes:
adding a flag bit with preset byte number for the data processing result according to the security level of the target data, wherein the flag bit marks the security level of the target data and the key storage address;
adding the data processing result to a corresponding thread pool according to the zone bit information of the data processing result;
and sending the data in the thread pool to a target storage device for storage.
It should be noted that, the device is a device corresponding to the above method, and all implementation manners in the above method embodiments are applicable to the embodiment of the device, so that the same technical effects can be achieved.
An embodiment of the invention is a computing device comprising: a processor, a memory storing a computer program which, when executed by the processor, performs the method as described above. All the implementation manners in the method embodiment are applicable to the embodiment, and the same technical effect can be achieved.
Embodiments of the present invention also provide a computer-readable storage medium storing instructions that, when executed on a computer, cause the computer to perform a method as described above. All the implementation manners in the method embodiment are applicable to the embodiment, and the same technical effect can be achieved.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk, etc.
Furthermore, it should be noted that in the apparatus and method of the present invention, it is apparent that the components or steps may be disassembled and/or assembled. Such decomposition and/or recombination should be considered as equivalent aspects of the present invention. Also, the steps of performing the series of processes described above may naturally be performed in chronological order in the order of description, but are not necessarily performed in chronological order, and some steps may be performed in parallel or independently of each other. It will be appreciated by those of ordinary skill in the art that all or any of the steps or components of the methods and apparatus of the present invention may be implemented in hardware, firmware, software, or a combination thereof in any computing device (including processors, storage media, etc.) or network of computing devices, as would be apparent to one of ordinary skill in the art after reading this description of the invention.
The object of the invention can thus also be achieved by running a program or a set of programs on any computing device. The computing device may be a well-known general purpose device. The object of the invention can thus also be achieved by merely providing a program product containing program code for implementing said method or apparatus. That is, such a program product also constitutes the present invention, and a storage medium storing such a program product also constitutes the present invention. It is apparent that the storage medium may be any known storage medium or any storage medium developed in the future. It should also be noted that in the apparatus and method of the present invention, it is apparent that the components or steps may be disassembled and/or assembled. Such decomposition and/or recombination should be considered as equivalent aspects of the present invention. The steps of executing the series of processes may naturally be executed in chronological order in the order described, but are not necessarily executed in chronological order. Some steps may be performed in parallel or independently of each other.
While the foregoing is directed to the preferred embodiments of the present invention, it will be appreciated by those skilled in the art that various modifications and adaptations can be made without departing from the principles of the present invention, and such modifications and adaptations are intended to be comprehended within the scope of the present invention.

Claims (4)

1. A data encryption storage method, comprising:
obtaining data to be processed, wherein the data to be processed comprises: equipment configuration data and experimental data in rocket test and emission terminals;
classifying the data to be processed to obtain at least one classified target data;
processing at least one security level of target data by utilizing at least one target security level encryption algorithm to obtain a data processing result; the encryption algorithm of the target security corresponds to the security of the target data one by one;
storing the data processing result into a target storage device;
the method comprises the steps of carrying out security classification on the data to be processed to obtain at least one security target data, wherein the security target data comprises the following steps:
classifying the data to be processed according to the operation influence degree of the data to be processed on the equipment to obtain target data of a first security level, target data of a second security level or target data of a third security level, wherein the first security level is greater than the second security level, and the second security level is greater than the third security level;
the method for classifying the data to be processed according to the operation influence degree of the data to be processed on the equipment comprises the following steps:
when the data to be processed is configuration data for controlling rocket launching, determining that the data to be processed is target data of a first security level, adding a first mark to the target data of the first security level, and adding data source information to the target data attribute information of the first security level; the configuration class data includes: configuration files and files;
when the data to be processed is state data monitored in the rocket testing process, determining that the data to be processed is target data of a second security class, adding a second mark to the target data of the second security class, and adding data source information to the target data attribute information of the second security class;
when the data to be processed is a rocket test process file, determining that the data to be processed is target data of a third security level, adding a third mark to the target data of the third security level, and adding data source information to the target data attribute information of the third security level;
defining data influencing the operation of equipment as target data of a first security class, wherein the target data comprises configuration files, data files and files deployed in a rocket test and emission terminal, and realizing rocket emission by reading the data; the state data of the equipment transmitted by the telemetry equipment are defined as target data of a second security class, the state of the equipment is monitored in real time by the target data of the second security class, and backtracking is convenient after the test is finished; defining other process files as target data of a third security class, wherein the target data of the third security class has no influence on experiments;
after the data classification standard is defined, classifying the data to be processed by adding a flag bit and updating data attribute information, and adding data source information into the data attribute information; when processing the target data, firstly judging the data attribute and the flag bit, and when the flag bit accords with the source information in the attribute, processing the data, otherwise reporting errors;
the data encryption storage method further comprises the following steps:
encrypting the target key through a preset root key, and storing a key encryption result through a preset device; the target key is a key generated in the process of encrypting the target data by a double encryption algorithm and a one-layer encryption algorithm;
the method for encrypting the target key through the preset root key and storing the key encryption result through the preset device comprises the following steps:
performing asymmetric encryption on a first key generated in the encryption process of the target data of the first security class through a preset root key pair double encryption algorithm, and storing the first key;
symmetrically encrypting and storing a second key generated in the process of encrypting the target data of the second security level by a layer of encryption algorithm through a preset root key;
the method comprises the steps that keys generated in the data encryption process are protected through a root key, a first key is protected through an asymmetric encryption algorithm, when a user reads data, the private key corresponding to the root key is used for decrypting the key, and then the data are decrypted through the key; for the second key, protecting the key by using a symmetric encryption algorithm;
the method for processing the target data of at least one security class by utilizing the encryption algorithm of the at least one target security class comprises the following steps of:
verifying first marking information and attribute information of the target data of the first security level, confirming that the data source information in the first marking information and the attribute information are consistent, and performing secondary encryption on the target data of the first security level through a double encryption algorithm;
verifying second marking information and attribute information of the target data of the second security level, confirming that the data source information in the second marking information and the attribute information are consistent, and carrying out single encryption on the target data of the second security level through a one-layer encryption algorithm to obtain a ciphertext data processing result;
verifying third marking information and attribute information of the target data of the third security level, confirming that the data source information in the third marking information and the attribute information are consistent, and outputting the target data of the third security level in a plaintext form to obtain a plaintext data processing result;
storing the data processing result into a target storage device, wherein the method comprises the following steps:
adding a flag bit with preset byte number for the data processing result according to the security level of the target data, wherein the flag bit marks the security level of the target data and the key storage address;
adding the data processing result to a corresponding thread pool according to the zone bit information of the data processing result;
transmitting the data in the thread pool to a target storage device for storage;
in the data storage process, a special data format is formed according to different adding identifiers of the security classes, data are put into different threads through different flag bits, and the data are stored in a thread pool mode rapidly and efficiently; the marker bit marks the security level of target data and a corresponding key storage address, and the target storage device comprises a database or a cloud platform;
when a user needs to analyze the security data, the data software firstly identifies the zone bit, decrypts the corresponding secret key in the hardware security module according to the zone bit information and the private key, and then exports the data; the data analysis software needs to be protected in a login form, and if an illegal user exists, the data cannot be subjected to any operation; when a user needs to check the first security data, a private key is loaded in analysis software according to different authorities, and the check and modification of the high-security data are performed in the analysis software.
2. A data encryption storage device, comprising:
the acquisition module is used for acquiring data to be processed, wherein the data to be processed comprises: equipment configuration data and experimental data in rocket test and emission terminals;
the processing module is used for classifying the data to be processed in a security level to obtain at least one security level target data; processing at least one security level of target data by utilizing at least one target security level encryption algorithm to obtain a data processing result; the encryption algorithm of the target security corresponds to the security of the target data one by one; storing the data processing result into a target storage device;
the method comprises the steps of carrying out security classification on the data to be processed to obtain at least one security target data, wherein the security target data comprises the following steps:
classifying the data to be processed according to the operation influence degree of the data to be processed on the equipment to obtain target data of a first security level, target data of a second security level or target data of a third security level, wherein the first security level is greater than the second security level, and the second security level is greater than the third security level;
the method for classifying the data to be processed according to the operation influence degree of the data to be processed on the equipment comprises the following steps:
when the data to be processed is configuration data for controlling rocket launching, determining that the data to be processed is target data of a first security level, adding a first mark to the target data of the first security level, and adding data source information to the target data attribute information of the first security level; the configuration class data includes: configuration files and files;
when the data to be processed is state data monitored in the rocket testing process, determining that the data to be processed is target data of a second security class, adding a second mark to the target data of the second security class, and adding data source information to the target data attribute information of the second security class;
when the data to be processed is a rocket test process file, determining that the data to be processed is target data of a third security level, adding a third mark to the target data of the third security level, and adding data source information to the target data attribute information of the third security level;
defining data influencing the operation of equipment as target data of a first security class, wherein the target data comprises configuration files, data files and files deployed in a rocket test and emission terminal, and realizing rocket emission by reading the data; the state data of the equipment transmitted by the telemetry equipment are defined as target data of a second security class, the state of the equipment is monitored in real time by the target data of the second security class, and backtracking is convenient after the test is finished; defining other process files as target data of a third security class, wherein the target data of the third security class has no influence on experiments;
after the data classification standard is defined, classifying the data to be processed by adding a flag bit and updating data attribute information, and adding data source information into the data attribute information; when processing the target data, firstly judging the data attribute and the flag bit, and when the flag bit accords with the source information in the attribute, processing the data, otherwise reporting errors;
wherein the processing module is further operable to:
encrypting the target key through a preset root key, and storing a key encryption result through a preset device; the target key is a key generated in the process of encrypting the target data by a double encryption algorithm and a one-layer encryption algorithm;
the method comprises the steps that keys generated in the data encryption process are protected through a root key, a first key is protected through an asymmetric encryption algorithm, when a user reads data, the private key corresponding to the root key is used for decrypting the key, and then the data are decrypted through the key; for the second key, protecting the key by using a symmetric encryption algorithm;
the method for encrypting the target key through the preset root key and storing the key encryption result through the preset device comprises the following steps:
performing asymmetric encryption on a first key generated in the encryption process of the target data of the first security class through a preset root key pair double encryption algorithm, and storing the first key;
symmetrically encrypting and storing a second key generated in the process of encrypting the target data of the second security level by a layer of encryption algorithm through a preset root key;
the method for processing the target data of at least one security class by utilizing the encryption algorithm of the at least one target security class comprises the following steps of:
verifying first marking information and attribute information of the target data of the first security level, confirming that the data source information in the first marking information and the attribute information are consistent, and performing secondary encryption on the target data of the first security level through a double encryption algorithm;
verifying second marking information and attribute information of the target data of the second security level, confirming that the data source information in the second marking information and the attribute information are consistent, and carrying out single encryption on the target data of the second security level through a one-layer encryption algorithm to obtain a ciphertext data processing result;
verifying third marking information and attribute information of the target data of the third security level, confirming that the data source information in the third marking information and the attribute information are consistent, and outputting the target data of the third security level in a plaintext form to obtain a plaintext data processing result;
storing the data processing result into a target storage device, wherein the method comprises the following steps:
adding a flag bit with preset byte number for the data processing result according to the security level of the target data, wherein the flag bit marks the security level of the target data and the key storage address;
adding the data processing result to a corresponding thread pool according to the zone bit information of the data processing result;
transmitting the data in the thread pool to a target storage device for storage;
in the data storage process, a special data format is formed according to different adding identifiers of the security classes, data are put into different threads through different flag bits, and the data are stored in a thread pool mode rapidly and efficiently; the marker bit marks the security level of target data and a corresponding key storage address, and the target storage device comprises a database or a cloud platform;
when a user needs to analyze the security data, the data software firstly identifies the zone bit, decrypts the corresponding secret key in the hardware security module according to the zone bit information and the private key, and then exports the data; the data analysis software needs to be protected in a login form, and if an illegal user exists, the data cannot be subjected to any operation; when a user needs to check the first security data, a private key is loaded in analysis software according to different authorities, and the check and modification of the high-security data are performed in the analysis software.
3. A computing device, comprising: a processor, a memory storing a computer program which, when executed by the processor, performs the method of claim 1.
4. A computer readable storage medium storing instructions which, when run on a computer, cause the computer to perform the method of claim 1.
CN202310736393.1A 2023-06-21 2023-06-21 Data encryption storage method, device, equipment and storage medium Active CN116502251B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310736393.1A CN116502251B (en) 2023-06-21 2023-06-21 Data encryption storage method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310736393.1A CN116502251B (en) 2023-06-21 2023-06-21 Data encryption storage method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN116502251A CN116502251A (en) 2023-07-28
CN116502251B true CN116502251B (en) 2024-04-16

Family

ID=87323346

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310736393.1A Active CN116502251B (en) 2023-06-21 2023-06-21 Data encryption storage method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116502251B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104244237A (en) * 2014-09-12 2014-12-24 宇龙计算机通信科技(深圳)有限公司 Data transmitting and receiving method, receiving and transmitting terminal and data transmitter-receiver set
CN110059488A (en) * 2018-01-19 2019-07-26 普天信息技术有限公司 Security level identification management method and device
CN112637166A (en) * 2020-12-15 2021-04-09 平安科技(深圳)有限公司 Data transmission method, device, terminal and storage medium
CN113704818A (en) * 2021-08-06 2021-11-26 中科恒运股份有限公司 Key management method and device for encrypted data storage system and terminal equipment
CN114386104A (en) * 2022-01-17 2022-04-22 零氪科技(北京)有限公司 Method for storing sensitive data, data reading method and device
CN115065524A (en) * 2022-06-10 2022-09-16 国网江苏省电力有限公司 Method for encrypting client side comprehensive energy public information transmission data
CN115274122A (en) * 2022-07-04 2022-11-01 中国信息通信研究院 Health medical data management method, system, electronic device and storage medium
CN115834694A (en) * 2022-11-14 2023-03-21 广州众诺电子技术有限公司 Data storage method, device, storage chip and computer readable storage medium
CN115982769A (en) * 2023-01-03 2023-04-18 中国联合网络通信集团有限公司 Data processing method, device, equipment and storage medium
CN116186742A (en) * 2023-04-24 2023-05-30 东方空间技术(山东)有限公司 Method, device and equipment for encrypting and storing arrow-mounted data

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10789373B2 (en) * 2011-10-31 2020-09-29 Reid Consulting Group, Inc. System and method for securely storing and sharing information

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104244237A (en) * 2014-09-12 2014-12-24 宇龙计算机通信科技(深圳)有限公司 Data transmitting and receiving method, receiving and transmitting terminal and data transmitter-receiver set
CN110059488A (en) * 2018-01-19 2019-07-26 普天信息技术有限公司 Security level identification management method and device
CN112637166A (en) * 2020-12-15 2021-04-09 平安科技(深圳)有限公司 Data transmission method, device, terminal and storage medium
CN113704818A (en) * 2021-08-06 2021-11-26 中科恒运股份有限公司 Key management method and device for encrypted data storage system and terminal equipment
CN114386104A (en) * 2022-01-17 2022-04-22 零氪科技(北京)有限公司 Method for storing sensitive data, data reading method and device
CN115065524A (en) * 2022-06-10 2022-09-16 国网江苏省电力有限公司 Method for encrypting client side comprehensive energy public information transmission data
CN115274122A (en) * 2022-07-04 2022-11-01 中国信息通信研究院 Health medical data management method, system, electronic device and storage medium
CN115834694A (en) * 2022-11-14 2023-03-21 广州众诺电子技术有限公司 Data storage method, device, storage chip and computer readable storage medium
CN115982769A (en) * 2023-01-03 2023-04-18 中国联合网络通信集团有限公司 Data processing method, device, equipment and storage medium
CN116186742A (en) * 2023-04-24 2023-05-30 东方空间技术(山东)有限公司 Method, device and equipment for encrypting and storing arrow-mounted data

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
省级电力营销数据仓库应用系统数据安全管理模块设计研究;潘华;施泉生;;现代计算机(专业版);20090425(04);全文 *

Also Published As

Publication number Publication date
CN116502251A (en) 2023-07-28

Similar Documents

Publication Publication Date Title
CN101223728B (en) System and method for remote device registration
CN101369889B (en) Method for electronic endorsement of document
CN112800450B (en) Data storage method, system, device, equipment and storage medium
US11050562B2 (en) Target device attestation using a trusted platform module
US20050154883A1 (en) Key management for content protection
CN111639306A (en) Offline software authorization method, device, equipment and storage medium
CN113010856A (en) Dynamic asymmetric encryption and decryption JavaScript code obfuscation method and system
CN111049897B (en) Method, device, equipment and medium for encrypted uploading and decrypted deployment of small program package
CN117240625B (en) Tamper-resistant data processing method and device and electronic equipment
CN113489710A (en) File sharing method, device, equipment and storage medium
CN111585995A (en) Method and device for transmitting and processing safety wind control information, computer equipment and storage medium
CN117459327B (en) Cloud data transparent encryption protection method, system and device
EP3657318A1 (en) Client-side entropy collection for server-side usage
CN113918977A (en) User information transmission device based on Internet of things and big data analysis
CN116455572B (en) Data encryption method, device and equipment
CN105404470A (en) Data storage method, data security apparatus and data storage system
CN116502251B (en) Data encryption storage method, device, equipment and storage medium
CN116633555A (en) Method and system for terminal equipment data acquisition interaction
CN112825093B (en) Security baseline checking method, host, server, electronic device and storage medium
CN112926101A (en) Disk partition encryption method, system, device and computer readable medium
CN112597453A (en) Program code encryption and decryption method and device
CN111339578A (en) Key access method, device, system, equipment and storage medium
CN105430022A (en) Data input control method and terminal equipment
Heinl et al. AntiPatterns regarding the application of cryptographic primitives by the example of ransomware
CN117252599B (en) Dual security authentication method and system for intelligent POS machine

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant