CN117040913B - Cloud resource sharing data security transmission method and system - Google Patents
Cloud resource sharing data security transmission method and system Download PDFInfo
- Publication number
- CN117040913B CN117040913B CN202311178221.3A CN202311178221A CN117040913B CN 117040913 B CN117040913 B CN 117040913B CN 202311178221 A CN202311178221 A CN 202311178221A CN 117040913 B CN117040913 B CN 117040913B
- Authority
- CN
- China
- Prior art keywords
- data
- transmitted
- random
- sub
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 72
- 238000000034 method Methods 0.000 title claims abstract description 36
- 238000012545 processing Methods 0.000 claims abstract description 76
- 230000011218 segmentation Effects 0.000 claims abstract description 33
- 238000004422 calculation algorithm Methods 0.000 claims description 62
- 239000013598 vector Substances 0.000 claims description 45
- 238000011084 recovery Methods 0.000 claims description 44
- 238000004590 computer program Methods 0.000 claims description 21
- 238000010606 normalization Methods 0.000 claims description 15
- 238000004364 calculation method Methods 0.000 claims description 8
- 238000005192 partition Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 3
- 238000012417 linear regression Methods 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000005336 cracking Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 238000005259 measurement Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention discloses a data security transmission method and system for cloud resource sharing, which are characterized in that data to be transmitted are copied into first data to be transmitted and second data to be transmitted, the first data to be transmitted and the second data to be transmitted are respectively subjected to data segmentation and random combination processing to obtain the first random data to be transmitted and the second random data to be transmitted, the first random data to be transmitted and the second random data to be transmitted are encrypted and then transmitted to a data receiving end, so that the data receiving end carries out decryption and restoration processing on the first random encrypted data to be transmitted and the second random encrypted data to be transmitted to obtain first restored data and second restored data, and then, whether data loss exists in current data transmission is determined through calculating the similarity between the first restored data and the second restored data, so that optimal transmission data is determined.
Description
Technical Field
The invention relates to the technical field of data security transmission, in particular to a data security transmission method and system for cloud resource sharing.
Background
With the rapid development of information technology, data security becomes more and more important; secure data transmission refers to taking a series of security measures during data transmission to ensure that the confidentiality, integrity and reliability of the data are not affected by unauthorized access, tampering, damage or eavesdropping. Because the data involved in cloud resource sharing may contain sensitive information, business confidentiality, personal privacy, and other important data; if the shared data is not transmitted safely in the cloud resource sharing process, the risk of acquiring sensitive data by an eavesdropper easily exists, so that the data is leaked, and the problems of privacy disclosure, service loss and the like are further possibly caused.
In the prior art, when data are transmitted safely, the data are directly encrypted at a data transmitting end, the received encrypted data are decrypted at a data receiving end, so that the data transmission can be completed.
In the prior art, in order to improve the data security, a mode of sectionally encrypting the data and sectionally transmitting the sectionally encrypted data is adopted, but for the transmission mode, although the possibility of cracking the whole data by an eavesdropper can be reduced, in the transmission process, the condition of damaging or losing the transmitted data is easy to exist, and the integrity of the transmitted data cannot be ensured.
Disclosure of Invention
The invention aims to solve the technical problems that: the data security transmission method and system for cloud resource sharing are provided, and the integrity of data is ensured while the data transmission security is improved.
In order to solve the technical problems, the invention provides a data security transmission method for cloud resource sharing, which comprises the following steps:
responding to a shared data acquisition instruction initiated by a data receiving end, and acquiring data to be transmitted corresponding to the shared data acquisition instruction in a cloud resource database;
copying the data to be transmitted to obtain first data to be transmitted and second data to be transmitted, segmenting the first data to be transmitted so as to divide the first data to be transmitted into a plurality of first sub data to be transmitted, randomly combining the plurality of first sub data to be transmitted to obtain first random data to be transmitted, and encrypting the first random data to obtain first random encrypted data to be transmitted;
the second data to be transmitted are segmented, so that the second data to be transmitted are divided into a plurality of second sub data to be transmitted, the plurality of second sub data to be transmitted are randomly combined to obtain second random data to be transmitted, and the second random data to be transmitted are encrypted to obtain second random encrypted data to be transmitted;
The first random encryption data to be transmitted and the second random encryption data to be transmitted are respectively sent to the data receiving end, so that after the data receiving end receives the first random encryption data to be transmitted and the second random encryption data to be transmitted, the first random encryption data to be transmitted and the second random encryption data to be transmitted are respectively decrypted to obtain first random decryption data and second random decryption data, and the first random decryption data and the second random decryption data are restored to obtain first restored data and second restored data;
and calculating the similarity between the first recovery data and the second recovery data, when the similarity is larger than a preset similarity threshold value, determining that no data loss exists in the current data transmission, taking the first recovery data as optimal transmission data, and deleting the second recovery data.
In one possible implementation manner, the first data to be transmitted is subjected to segmentation processing, so that the first data to be transmitted is divided into a plurality of first sub-data to be transmitted, which specifically includes:
acquiring a preset number of sub-data segments, and carrying out segmentation processing on the first data to be transmitted based on the preset number of sub-data segments so as to divide the first data to be transmitted into a plurality of first sub-data to be transmitted;
And setting a unique corresponding first number for each first sub-data to be transmitted, simultaneously obtaining the first sub-data length of each first sub-data to be transmitted, and respectively encoding each first sub-data to be transmitted according to the first number and the first sub-data length to obtain a first code corresponding to each first sub-data to be transmitted.
In one possible implementation manner, the random combination is performed on the plurality of first sub-data to be transmitted to obtain first random data to be transmitted, which specifically includes:
acquiring the first codes corresponding to each first sub-data to be transmitted, and generating a first random sequence based on a random number generator;
and correlating the first random sequence with all the first codes so as to randomly sequence all the first codes based on the first random sequence to obtain a first random sequence, and splicing the plurality of first sub-data to be transmitted in sequence based on the first random sequence to obtain first random data to be transmitted.
In one possible implementation manner, the encrypting processing is performed on the first random data to be transmitted to obtain first random encrypted data to be transmitted, which specifically includes:
Generating a first key based on a symmetric encryption algorithm, and carrying out encryption processing on the first random data to be transmitted by adopting the symmetric encryption algorithm based on the first key to obtain first encrypted data;
simultaneously acquiring a first receiver public key sent by the data receiving end, and encrypting the first key by adopting an asymmetric encryption algorithm based on the first receiver public key to obtain a first encryption key;
and carrying out disorder processing on the first encrypted data and the first encryption key to obtain first disorder encrypted data and a first disorder encryption key, and obtaining first random encrypted data to be transmitted based on the first disorder encrypted data and the first disorder encryption key.
In one possible implementation manner, the decrypting process is performed on the first random encrypted data to be transmitted to obtain first random decrypted data, which specifically includes:
carrying out positive sequence processing on the first random encryption data to be transmitted to obtain first positive sequence encryption data and a first positive sequence encryption key;
generating a first receiver private key based on an asymmetric encryption algorithm, and decrypting the first positive sequence encryption key by adopting an asymmetric decryption algorithm based on the first receiver private key to obtain a first decryption key;
And based on the first decryption key, adopting a symmetric decryption algorithm to decrypt the first positive sequence encrypted data to obtain first random decrypted data.
In one possible implementation manner, the recovering processing is performed on the first random decrypted data to obtain first recovered data, which specifically includes:
obtaining the reverse order of the first random sequence to obtain a first random reverse order sequence, and dividing the first random decryption data based on the first random reverse order sequence to obtain a plurality of first random division sub-data;
acquiring first segmentation codes corresponding to the plurality of first random segmentation sub-data, and decoding each first segmentation code to obtain a first decoding, wherein the first decoding comprises a first decoding number;
and splicing the plurality of first random division sub-data according to the first decoding number to obtain first restored data.
In one possible implementation manner, calculating the similarity between the first restored data and the second restored data specifically includes:
converting the first recovery data into a first vector, converting the second recovery data into a second vector, and respectively carrying out normalization processing on the first vector and the second vector to obtain a first normalization vector and a second normalization vector;
And calculating the similarity between the first normalized vector and the second normalized vector.
The invention also provides a data security transmission system for cloud resource sharing, which comprises the following steps: the device comprises a data acquisition module to be transmitted, a first data processing module to be transmitted, a second data processing module to be transmitted, a data decryption recovery module and a similarity calculation module;
the data acquisition module to be transmitted is used for responding to a shared data acquisition instruction initiated by the data receiving end to acquire data to be transmitted corresponding to the shared data acquisition instruction in the cloud resource database;
the first data processing module to be transmitted is configured to copy the data to be transmitted to obtain first data to be transmitted and second data to be transmitted, segment the first data to be transmitted so as to divide the first data to be transmitted into a plurality of first sub-data to be transmitted, randomly combine the plurality of first sub-data to be transmitted to obtain first random data to be transmitted, and encrypt the first random data to obtain first random encrypted data to be transmitted;
the second data processing module to be transmitted is configured to segment the second data to be transmitted, so that the second data to be transmitted is divided into a plurality of second sub data to be transmitted, the plurality of second sub data to be transmitted are randomly combined to obtain second random data to be transmitted, and the second random data to be transmitted is encrypted to obtain second random encrypted data to be transmitted;
The data decryption restoration module is configured to send the first random encryption data to be transmitted and the second random encryption data to be transmitted to the data receiving end, so that the data receiving end receives the first random encryption data to be transmitted and the second random encryption data to be transmitted, then decrypts the first random encryption data to be transmitted and the second random encryption data to be transmitted respectively to obtain first random decryption data and second random decryption data, and restores the first random decryption data and the second random decryption data to obtain first restoration data and second restoration data;
the similarity calculation module is configured to calculate a similarity between the first recovery data and the second recovery data, determine that no data loss exists in current data transmission when the similarity is greater than a preset similarity threshold, take the first recovery data as optimal transmission data, and delete the second recovery data.
In one possible implementation manner, the first data processing module to be transmitted is configured to segment the first data to be transmitted, so as to divide the first data to be transmitted into a plurality of first sub data to be transmitted, and specifically includes:
Acquiring a preset number of sub-data segments, and carrying out segmentation processing on the first data to be transmitted based on the preset number of sub-data segments so as to divide the first data to be transmitted into a plurality of first sub-data to be transmitted;
and setting a unique corresponding first number for each first sub-data to be transmitted, simultaneously obtaining the first sub-data length of each first sub-data to be transmitted, and respectively encoding each first sub-data to be transmitted according to the first number and the first sub-data length to obtain a first code corresponding to each first sub-data to be transmitted.
In one possible implementation manner, the first data processing module to be transmitted is configured to perform random combination on the plurality of first sub data to be transmitted to obtain first random data to be transmitted, and specifically includes:
acquiring the first codes corresponding to each first sub-data to be transmitted, and generating a first random sequence based on a random number generator;
and correlating the first random sequence with all the first codes so as to randomly sequence all the first codes based on the first random sequence to obtain a first random sequence, and splicing the plurality of first sub-data to be transmitted in sequence based on the first random sequence to obtain first random data to be transmitted.
In one possible implementation manner, the first data processing module to be transmitted is configured to encrypt the first random data to be transmitted to obtain first random encrypted data to be transmitted, and specifically includes:
generating a first key based on a symmetric encryption algorithm, and carrying out encryption processing on the first random data to be transmitted by adopting the symmetric encryption algorithm based on the first key to obtain first encrypted data;
simultaneously acquiring a first receiver public key sent by the data receiving end, and encrypting the first key by adopting an asymmetric encryption algorithm based on the first receiver public key to obtain a first encryption key;
and carrying out disorder processing on the first encrypted data and the first encryption key to obtain first disorder encrypted data and a first disorder encryption key, and obtaining first random encrypted data to be transmitted based on the first disorder encrypted data and the first disorder encryption key.
In one possible implementation manner, the data decryption recovery module is configured to decrypt the first random encrypted data to be transmitted to obtain first random decrypted data, and specifically includes:
carrying out positive sequence processing on the first random encryption data to be transmitted to obtain first positive sequence encryption data and a first positive sequence encryption key;
Generating a first receiver private key based on an asymmetric encryption algorithm, and decrypting the first positive sequence encryption key by adopting an asymmetric decryption algorithm based on the first receiver private key to obtain a first decryption key;
and based on the first decryption key, adopting a symmetric decryption algorithm to decrypt the first positive sequence encrypted data to obtain first random decrypted data.
In one possible implementation manner, the data decryption restoration module is configured to perform restoration processing on the first random decrypted data to obtain first restored data, and specifically includes:
obtaining the reverse order of the first random sequence to obtain a first random reverse order sequence, and dividing the first random decryption data based on the first random reverse order sequence to obtain a plurality of first random division sub-data;
acquiring first segmentation codes corresponding to the plurality of first random segmentation sub-data, and decoding each first segmentation code to obtain a first decoding, wherein the first decoding comprises a first decoding number;
and splicing the plurality of first random division sub-data according to the first decoding number to obtain first restored data.
In one possible implementation manner, the similarity calculating module is configured to calculate a similarity between the first restored data and the second restored data, and specifically includes:
converting the first recovery data into a first vector, converting the second recovery data into a second vector, and respectively carrying out normalization processing on the first vector and the second vector to obtain a first normalization vector and a second normalization vector;
and calculating the similarity between the first normalized vector and the second normalized vector.
The invention also provides a terminal device, which comprises a processor, a memory and a computer program stored in the memory and configured to be executed by the processor, wherein the processor realizes the data security transmission method for sharing cloud resources according to any one of the above when executing the computer program.
The invention also provides a computer readable storage medium, which comprises a stored computer program, wherein the computer program is used for controlling equipment where the computer readable storage medium is located to execute the data security transmission method for sharing cloud resources according to any one of the above.
Compared with the prior art, the data security transmission method and system for cloud resource sharing have the following beneficial effects:
when cloud resource data sharing is carried out, the data to be transmitted are copied into first data to be transmitted and second data to be transmitted for transmission, when the first data to be transmitted and the second data to be transmitted are transmitted, splitting and random combination processing is carried out on the first data to be transmitted and the second data to be transmitted to obtain first random data to be transmitted and second random data to be transmitted, and encryption processing is carried out on the first random data to be transmitted and the second random data to be transmitted to obtain second random encryption data to be transmitted and second random encryption data to be transmitted; during transmission, based on the fact that the second random encryption data to be transmitted and the second random encryption data to be transmitted are sent to the data receiving end, in the process, as splitting and random combination processing are carried out on the data to be transmitted, confusion of the data to be transmitted is improved, when an eavesdropper hears the data to be transmitted, possibility of cracking the data to be transmitted is reduced, meanwhile, after the first random encryption data to be transmitted and the second random encryption data to be transmitted are received at the data receiving end, the first random encryption data to be transmitted and the second random encryption data to be transmitted are decrypted and restored, the similarity between the first restoration data and the second restoration data is calculated, whether the data are lost in the transmission process is judged, potential errors and the data loss are reduced by means of fault tolerance, and the integrity of the data is guaranteed; compared with the prior art, the technical scheme of the invention can ensure the integrity of data while improving the safety of data transmission.
Drawings
Fig. 1 is a schematic flow chart of a data security transmission method for cloud resource sharing provided by the invention;
fig. 2 is a schematic structural diagram of an embodiment of a data security transmission system for cloud resource sharing provided by the present invention.
Description of the embodiments
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, fig. 1 is a flow chart of an embodiment of a data security transmission method for cloud resource sharing, as shown in fig. 1, where the method includes steps 101 to 105, specifically includes the following steps:
step 101: and responding to a shared data acquisition instruction initiated by a data receiving end, and acquiring data to be transmitted corresponding to the shared data acquisition instruction in a cloud resource database.
In an embodiment, when the data receiving end needs to acquire data from the cloud resource database, a corresponding shared data acquisition instruction is generated based on the first data, and the shared data acquisition instruction is sent to the terminal where the cloud resource database is located, so that the terminal where the cloud resource database is located responds to the shared data acquisition instruction initiated by the data receiving end.
In an embodiment, when a shared data acquisition instruction initiated by a data receiving end is responded, the shared data acquisition instruction is analyzed to obtain first data, and the query of the first data is executed in a cloud resource database to obtain data to be transmitted.
Step 102: and copying the data to be transmitted to obtain first data to be transmitted and second data to be transmitted, segmenting the first data to be transmitted so as to divide the first data to be transmitted into a plurality of first sub data to be transmitted, randomly combining the plurality of first sub data to be transmitted to obtain first random data to be transmitted, and encrypting the first random data to obtain first random encrypted data to be transmitted.
In an embodiment, the data to be transmitted is duplicated into two identical data streams to obtain the first data to be transmitted and the second data to be transmitted.
In an embodiment, a predetermined number of sub-data segments is obtained, and the first data to be transmitted is segmented based on the predetermined number of sub-data segments, so that the first data to be transmitted is divided into a plurality of first sub-data to be transmitted.
Specifically, the first data length to be transmitted of the first data to be transmitted is obtained by presetting the number of sub-data segments to be divided, the first sub-data length of each first sub-data to be transmitted is calculated based on the number of sub-data segments and the first data length to be transmitted, and the first data to be transmitted is subjected to segmentation processing based on the first sub-data length, so that the first data to be transmitted is divided into a plurality of first sub-data to be transmitted.
In an embodiment, a unique corresponding first number is set for each first sub-data to be transmitted, and a first sub-data length of each first sub-data to be transmitted is obtained at the same time, and each first sub-data to be transmitted is encoded according to the first number and the first sub-data length, so as to obtain a first code corresponding to each first sub-data to be transmitted.
Specifically, based on the positional relationship of each first sub-data to be transmitted in the first sub-data to be transmitted, a unique corresponding first number is set for each first sub-data to be transmitted, so that the position of each first sub-data to be transmitted in the first sub-data to be transmitted can be confirmed based on the first numbers.
Specifically, a Base64 coding mode is adopted, and each first sub-data to be transmitted is coded according to the first number and the first sub-data length.
Specifically, the first number and the first sub-data length are converted into a first number character string and a first sub-data length character string, the first number character string and the second sub-data length character string are spliced to obtain a first spliced sub-data character string, the first spliced sub-data character string is subjected to byte array conversion to obtain a first sub-data byte array, and the first sub-data byte array is encoded based on a Base64 encoding algorithm to obtain a first encoding corresponding to each first sub-data to be transmitted.
Preferably, when the first numbered character string and the second sub-data length character string are spliced, the first numbered character string and the second sub-data length character string are connected based on a connection symbol.
In one embodiment, the first code corresponding to each first sub-data to be transmitted is obtained, and a first random sequence is generated based on a random number generator.
Specifically, the first code corresponding to each piece of sub-data to be transmitted is obtained, a first code sequence is generated, and a first random sequence is generated based on a random number generator, wherein the length of the first random sequence is the same as that of the first code sequence.
In an embodiment, the first random sequence is associated with all the first codes, so that all the first codes are randomly ordered based on the first random sequence to obtain a first random ordering sequence, and the plurality of first sub-data to be transmitted are spliced in turn based on the first random ordering sequence to obtain first random data to be transmitted.
Specifically, an association relation is established between each number in the first random sequence and a corresponding first code, and the association relation is stored based on a data structure such as a dictionary, a mapping table and the like, so that each number in the first random sequence is ensured to have a unique first code corresponding to the first code, and the first code is conveniently ordered subsequently.
Specifically, according to the sequence of the first random sequence and the association relation between the first random sequence and the first code, the corresponding first code is sequentially extracted from the first code sequence, and the extracted first codes are spliced together according to the sequence of the first random sequence to obtain a first random sequence.
Specifically, according to the first random ordering sequence and the corresponding relation between the first code and the plurality of first sub data to be transmitted, the corresponding first sub data to be transmitted is extracted from the plurality of first sub data to be transmitted in sequence, and the extracted first sub data to be transmitted are spliced together according to the first random ordering sequence, so that the first random data to be transmitted is obtained.
In an embodiment, a first key is generated based on a symmetric encryption algorithm, and based on the first key, the first random data to be transmitted is encrypted by adopting the symmetric encryption algorithm to obtain first encrypted data.
Specifically, a SM4 symmetric encryption algorithm is adopted to generate a first secret key, the first random data to be transmitted is used as data input, and the first random data to be transmitted is encrypted through the first secret key and the SM4 symmetric encryption algorithm, so that encrypted first encrypted data is obtained.
In an embodiment, a first receiver public key sent by the data receiving end is obtained at the same time, and based on the first receiver public key, an asymmetric encryption algorithm is adopted to encrypt the first key to obtain a first encryption key.
Specifically, the data receiving end generates a first receiving party public key and a first receiving party private key of the data receiving end, and sends the first receiving party public key to the data sending end, so that after receiving the first receiving party public key sent by the data receiving end, the first receiving party public key is used as data to be input, and encryption processing is performed on the first key based on an SM2 asymmetric encryption algorithm and the first receiving party public key, and an encrypted first encryption key is obtained.
In an embodiment, by adopting the SM4 symmetric encryption algorithm and the SM2 asymmetric encryption algorithm to perform hybrid encryption, not only the first random data to be transmitted can be encrypted, but also the first secret key can be encrypted, so that the security in the data transmission process can be further improved.
In an embodiment, the first encrypted data and the first encryption key are processed in an out-of-order manner to obtain first out-of-order encrypted data and a first out-of-order encryption key, and based on the first out-of-order encrypted data and the first out-of-order encryption key, first random encrypted data to be transmitted is obtained.
Specifically, the first encrypted data and the first encryption key are subjected to disorder processing through a disorder algorithm, wherein the disorder algorithm comprises, but is not limited to, a shuffling algorithm and a replacement algorithm; and taking the obtained first disordered encrypted data and the first disordered encryption key as first random encrypted data to be transmitted, and sending the first random encrypted data and the first disordered encryption key to a data receiving end.
Step 103: and carrying out segmentation processing on the second data to be transmitted so as to divide the second data to be transmitted into a plurality of second sub data to be transmitted, carrying out random combination on the plurality of second sub data to be transmitted to obtain second random data to be transmitted, and carrying out encryption processing on the second random data to be transmitted to obtain second random encrypted data to be transmitted.
In an embodiment, a preset number of sub-data segments is obtained, and the second data to be transmitted is segmented based on the preset number of sub-data segments, so that the second data to be transmitted is divided into a plurality of second sub-data to be transmitted.
Specifically, the second data length to be transmitted of the second data to be transmitted is obtained by presetting the number of sub-data segments to be divided, the second sub-data length of each second sub-data to be transmitted is calculated based on the number of sub-data segments and the second data length to be transmitted, and the second data to be transmitted is segmented based on the second sub-data length, so that the second data to be transmitted is divided into a plurality of second sub-data to be transmitted.
In an embodiment, a unique corresponding two numbers are set for each second sub-data to be transmitted, and a second sub-data length of each second sub-data to be transmitted is obtained at the same time, and each second sub-data to be transmitted is encoded according to the second numbers and the second sub-data length, so as to obtain a second code corresponding to each second sub-data to be transmitted.
Specifically, based on the positional relationship of each second sub-data to be transmitted in the second sub-data to be transmitted, a unique corresponding second number is set for each second sub-data to be transmitted, so that the position of each second sub-data to be transmitted in the second sub-data to be transmitted can be confirmed based on the second numbers.
Specifically, a Base64 coding mode is adopted, and each second sub-data to be transmitted is coded according to the second number and the second sub-data length.
Specifically, the second number and the second sub-data length are converted into a second number character string and a second sub-data length character string, the second number character string and the second sub-data length character string are spliced to obtain a second spliced sub-data character string, the second spliced sub-data character string is subjected to byte array conversion to obtain a second sub-data byte array, and the second sub-data byte array is encoded based on a Base64 encoding algorithm to obtain a second code corresponding to each first sub-data to be transmitted.
Preferably, when the second serial number character string and the second sub-data length character string are spliced, the second serial number character string and the second sub-data length character string are connected based on a connection symbol.
In an embodiment, the second code corresponding to each second sub-data to be transmitted is obtained, and a second random sequence is generated based on a random number generator.
Specifically, the second code corresponding to each second sub-data to be transmitted is obtained, a second code sequence is generated, and a second random sequence is generated based on a random number generator, wherein the length of the second random sequence is the same as that of the second code sequence.
In an embodiment, the second random sequence is associated with all second codes, so that all second codes are randomly ordered based on the second random sequence to obtain a second random ordering sequence, and the plurality of second sub-data to be transmitted are spliced in turn based on the second random ordering sequence to obtain second random data to be transmitted.
Specifically, an association relation is established between each number in the second random sequence and the corresponding second code, and the association relation is stored based on a data structure such as a dictionary, a mapping table and the like, so that each number in the second random sequence is ensured to have a unique second code corresponding to the unique second code, and the second code is conveniently ordered subsequently.
Specifically, according to the sequence of the second random sequence and the association relation between the second random sequence and the second code, the corresponding second code is extracted from the second code sequence in turn, and the extracted second codes are spliced together according to the sequence of the second random sequence to obtain a second random ordering sequence.
Specifically, according to the second random ordering sequence and the corresponding relation between the second code and the plurality of second sub-data to be transmitted, the corresponding second sub-data to be transmitted is extracted from the plurality of second sub-data to be transmitted in sequence, and the extracted second sub-data to be transmitted are spliced together according to the second random ordering sequence, so that the second random data to be transmitted is obtained.
In an embodiment, a second key is generated based on a symmetric encryption algorithm, and based on the second key, the second random data to be transmitted is encrypted by adopting the symmetric encryption algorithm to obtain second encrypted data.
Specifically, a second secret key is generated by adopting an SM4 symmetric encryption algorithm, the second random data to be transmitted is used as data to be input, and the second random data to be transmitted is encrypted by the second secret key and the SM4 symmetric encryption algorithm, so that encrypted second encrypted data is obtained.
In an embodiment, a first receiver public key sent by the data receiving end is obtained at the same time, and based on the first receiver public key, an asymmetric encryption algorithm is adopted to encrypt the second key to obtain a second encryption key.
Specifically, the data receiving end generates a first receiving party public key and a first receiving party private key of the data receiving end and sends the first receiving party public key to the data sending end, so that after the first receiving party public key sent by the data receiving end is received, the first receiving party public key is used as data to be input, and encryption processing is carried out on the first key based on an SM2 asymmetric encryption algorithm and the first receiving party public key to obtain an encrypted second encryption key; preferably, the first encryption key and the second encryption key are the same encryption key.
In an embodiment, by adopting the SM4 symmetric encryption algorithm and the SM2 asymmetric encryption algorithm to perform hybrid encryption, not only the second random data to be transmitted can be encrypted, but also the second secret key can be encrypted, so that the security in the data transmission process can be further improved.
In an embodiment, the second encrypted data and the second encrypted key are processed in an out-of-order manner to obtain second out-of-order encrypted data and a second out-of-order encrypted key, and the second random encrypted data to be transmitted is obtained based on the second out-of-order encrypted data and the second out-of-order encrypted key.
Specifically, the second encrypted data and the second encryption key are processed in an out-of-order manner through an out-of-order algorithm, wherein the out-of-order algorithm comprises, but is not limited to, a shuffling algorithm and a replacement algorithm; and taking the obtained second disordered encrypted data and the second disordered encryption key as second random encrypted data to be transmitted, and sending the second random encrypted data and the second disordered encryption key to a data receiving end.
Step 104: and respectively transmitting the first random encryption data to be transmitted and the second random encryption data to be transmitted to the data receiving end, so that after the data receiving end receives the first random encryption data to be transmitted and the second random encryption data to be transmitted, respectively decrypting the first random encryption data to be transmitted and the second random encryption data to be transmitted to obtain first random decryption data and second random decryption data, and recovering the first random decryption data and the second random decryption data to obtain first recovery data and second recovery data.
In an embodiment, when the data transmitting direction sends the first random encryption data to be transmitted and the second random encryption data to be transmitted to the data receiving party, the first random encryption data to be transmitted and the second random encryption data to be transmitted are processed in disorder, so that the data receiving party also needs to perform positive sequence processing on the disordered data before decrypting the received first random encryption data to be transmitted and the received second random encryption data to be transmitted.
In an embodiment, the first random encryption data to be transmitted is subjected to positive sequence processing to obtain first positive sequence encryption data and a first positive sequence encryption key.
Specifically, according to the first disordered encrypted data and the first disordered encrypted key in the first random encrypted data to be transmitted, disordered processing corresponding to the first disordered encrypted data and the first disordered encrypted key is obtained, and reverse process processing is carried out on the disordered processing, so that the first disordered encrypted data and the first disordered encrypted key are converted into first positive-order encrypted data and the first positive-order encrypted key.
In an embodiment, a first receiver private key is generated based on an asymmetric encryption algorithm, and based on the first receiver private key, the first positive sequence encryption key is decrypted by adopting an asymmetric decryption algorithm to obtain a first decryption key.
Specifically, the data receiving end generates a first receiver public key and a first receiver private key of the data receiving end, so that after the first positive sequence encryption key is obtained, the first positive sequence encryption key is further decrypted based on an SM2 asymmetric encryption algorithm and the first receiver private key to obtain a decrypted first decryption key.
In an embodiment, based on the first decryption key, a symmetric decryption algorithm is used to decrypt the first positive sequence encrypted data to obtain first random decrypted data.
Specifically, after the first positive sequence encryption key is obtained, decryption processing is further performed on the first positive sequence encryption data based on the SM4 symmetric encryption algorithm and the first positive sequence encryption key, so that decrypted first random decryption data is obtained.
In an embodiment, the second random encryption data to be transmitted is subjected to positive sequence processing to obtain second positive sequence encryption data and the second positive sequence encryption key.
Specifically, according to second disordered encrypted data and a second disordered encrypted key in the second random encrypted data to be transmitted, disordered processing corresponding to the second disordered encrypted data and the second disordered encrypted key is obtained, and reverse process processing is carried out on the disordered processing, so that the second disordered encrypted data and the second disordered encrypted key are converted into second positive encrypted data and the second positive encrypted key.
In an embodiment, a second receiver private key is generated based on an asymmetric encryption algorithm, and based on the second receiver private key, the second positive sequence encryption key is decrypted by adopting an asymmetric decryption algorithm to obtain a second decryption key.
Specifically, the data receiving end generates the first receiver public key and the first receiver private key of the data receiving end, so that after the second positive sequence encryption key is obtained, the second positive sequence encryption key is further decrypted based on the SM2 asymmetric encryption algorithm and the first receiver private key, and a decrypted second decryption key is obtained.
In an embodiment, based on the second decryption key, a symmetric decryption algorithm is used to decrypt the second positive sequence encrypted data to obtain second random decrypted data.
Specifically, after the second positive sequence encryption key is obtained, decryption processing is further performed on the second positive sequence encryption data based on the SM4 symmetric encryption algorithm and the second positive sequence encryption key, so as to obtain decrypted second random decryption data.
In an embodiment, before the data transmitting end sends data to the data receiving end, the data to be transmitted is subjected to segmentation, random combination and other processes, so that randomness of the data to be transmitted is improved, and therefore after the first random decrypted data and the second random decrypted data are obtained, the data receiving end also needs to perform recovery processing on the first random decrypted data and the second random decrypted data, so that the first random decrypted data and the second random decrypted data are converted into original data to be transmitted.
In an embodiment, the reverse order of the first random sequence is obtained to obtain a first random reverse order sequence, and the first random decryption data is segmented based on the first random reverse order sequence to obtain a plurality of first random segmentation sub-data.
Specifically, by dividing the first random data to be transmitted using the reverse order of the first random sequence, it is possible to ensure that the data receiving side divides in the order of data transmission Fang Pinjie and random ordering, and thus it is possible to ensure that the order of each recovered first random divided sub-data is accurate and consistent with the order of the data transmitting side.
In an embodiment, first partition codes corresponding to the plurality of first random partition sub-data are acquired, and decoding processing is performed on each first partition code to obtain a first decoding, where the first decoding includes a first decoding number.
Specifically, a first segmentation code corresponding to the plurality of first random segmentation sub-data is obtained, wherein the first segmentation code is a Base64 code; decoding each first segmentation code based on a Base64 decoding algorithm to obtain a first decoding corresponding to each first segmentation code; since the first number and the first sub-data length are used for encoding each first sub-data to be transmitted respectively in the earlier encoding, the obtained first decoding includes a first decoding number, and the first decoding also includes a first decoding sub-data length.
In an embodiment, the first plurality of randomly split sub-data is spliced according to the first decoding number to obtain first restored data.
Specifically, the first decoding number and the first number of the first sub data to be transmitted are subjected to association processing to obtain a first number corresponding to each first decoding number; and based on the position relation of the first serial number in the first data to be transmitted, splicing the plurality of first random division sub-data to obtain first recovery data.
In an embodiment, the reverse order of the second random sequence is obtained to obtain a second random reverse order sequence, and the second random decryption data is segmented based on the second random reverse order sequence to obtain a plurality of second random segmentation sub-data.
Specifically, by dividing the second random data to be transmitted using the reverse order of the second random sequence, it is possible to ensure that the data receiving side divides in the order of data transmission Fang Pinjie and random ordering, and thus it is possible to ensure that the order of each recovered second random divided sub-data is accurate and consistent with the order of the data transmitting side.
In an embodiment, second partition codes corresponding to the plurality of second random partition sub-data are obtained, and decoding processing is performed on each second partition code to obtain a second decoding, where the second decoding includes a second decoding number.
Specifically, second segmentation codes corresponding to the plurality of second random segmentation sub-data are obtained, wherein the second segmentation codes are Base64 codes; decoding each second partition code based on a Base64 decoding algorithm to obtain a second decoding corresponding to each second partition code; and when the first decoding is carried out, the first decoding number is adopted, and the first decoding number and the first sub-data length are adopted to encode each first sub-data to be transmitted.
In an embodiment, the second plurality of randomly split sub-data are spliced according to the second decoding number to obtain second recovery data.
Specifically, the second decoding number and a second number of the second sub-data to be transmitted are subjected to association processing to obtain a second number corresponding to each second decoding number; and based on the position relation of the second serial number in the second data to be transmitted, splicing the plurality of first random segmentation sub-data to obtain second recovery data.
Step 105: and calculating the similarity between the first recovery data and the second recovery data, when the similarity is larger than a preset similarity threshold value, determining that no data loss exists in the current data transmission, taking the first recovery data as optimal transmission data, and deleting the second recovery data.
In an embodiment, the first recovery data is converted into a first vector, the second recovery data is converted into a second vector, and normalization processing is performed on the first vector and the second vector respectively to obtain a first normalized vector and a second normalized vector.
In one embodiment, a similarity between the first normalized vector and the second normalized vector is calculated.
Specifically, all first variables of the first normalization vector are obtained, all second variables in the second normalization vector are obtained at the same time, a preset variable threshold value is obtained, the first variable quantity larger than the variable threshold value in all first variables is counted, the second variable quantity not larger than the variable threshold value in all first variables is counted, and a first histogram is generated according to the first variable quantity and the second variable quantity; counting the number of third variables which are larger than the variable threshold in all the second variables, counting the number of fourth variables which are not larger than the variable threshold in all the second variables, and generating a second histogram according to the number of third variables and the number of fourth variables.
Specifically, based on the first variable quantity and the second variable quantity, determining a first data point and a second data point in the first histogram, fitting the first data point and the second data point based on a linear regression mode to obtain a first fitting straight line, and calculating a first slope of the first fitting straight line; determining a third data point and a fourth data point in the second histogram based on the third variable quantity and the fourth variable quantity, fitting the third data point and the fourth data point based on a linear regression mode to obtain a second fitting straight line, and calculating a second slope of the second fitting straight line; and calculating a first error of the first slope and the second slope, and taking the first error as the similarity between the first normalized vector and the second normalized vector.
In an embodiment, when calculating the similarity, the distribution condition of different variables is represented by adopting two histograms, and the relationship and trend between different variables can be obtained respectively by carrying out linear regression fitting and slope calculation on each histogram, so that different aspects in the similarity measurement can be quantized, and the first error is used as an index of the similarity measurement, so that the consistency degree of two normalized vectors in fitting a straight line can be measured.
In an embodiment, when the similarity is not greater than a preset similarity threshold, determining that there is a data loss in the current data transmission, resending a new shared data request, and deleting the first restored data and the second restored data.
Embodiment 2, referring to fig. 2, fig. 2 is a schematic structural diagram of an embodiment of a cloud resource sharing data security transmission system provided by the present invention, and as shown in fig. 2, the device includes a data to be transmitted acquisition module 201, a first data to be transmitted processing module 202, a second data to be transmitted processing module 203, a data decryption recovery module 204, and a similarity calculation module 205, which are specifically as follows:
the data to be transmitted obtaining module 201 is configured to respond to a shared data obtaining instruction initiated by the data receiving end, and obtain data to be transmitted corresponding to the shared data obtaining instruction in the cloud resource database.
The first data processing module 202 is configured to copy the data to be transmitted to obtain first data to be transmitted and second data to be transmitted, segment the first data to be transmitted, divide the first data to be transmitted into a plurality of first sub-data to be transmitted, randomly combine the plurality of first sub-data to be transmitted to obtain first random data to be transmitted, and encrypt the first random data to obtain first random encrypted data to be transmitted.
The second data processing module 203 for waiting for transmission is configured to segment the second data for transmission, so as to divide the second data for transmission into a plurality of second sub-data for transmission, randomly combine the plurality of second sub-data for transmission to obtain second random data for transmission, and encrypt the second random data for transmission to obtain second random encrypted data for transmission.
The data decryption restoration module 204 is configured to send the first random encryption data to be transmitted and the second random encryption data to be transmitted to the data receiving end, so that the data receiving end performs decryption processing on the first random encryption data to be transmitted and the second random encryption data to be transmitted after receiving the first random encryption data to be transmitted and the second random encryption data to be transmitted, so as to obtain first random decryption data and second random decryption data, and performs restoration processing on the first random decryption data and the second random decryption data, so as to obtain first restoration data and second restoration data.
The similarity calculation module 205 is configured to calculate a similarity between the first recovery data and the second recovery data, determine that there is no data loss in the current data transmission when the similarity is greater than a preset similarity threshold, take the first recovery data as optimal transmission data, and delete the second recovery data.
In an embodiment, the first data processing module 202 is configured to segment the first data to be transmitted so as to divide the first data to be transmitted into a plurality of first sub-data to be transmitted, and specifically includes: acquiring a preset number of sub-data segments, and carrying out segmentation processing on the first data to be transmitted based on the preset number of sub-data segments so as to divide the first data to be transmitted into a plurality of first sub-data to be transmitted; and setting a unique corresponding first number for each first sub-data to be transmitted, simultaneously obtaining the first sub-data length of each first sub-data to be transmitted, and respectively encoding each first sub-data to be transmitted according to the first number and the first sub-data length to obtain a first code corresponding to each first sub-data to be transmitted.
In an embodiment, the first to-be-transmitted data processing module 202 is configured to perform random combination on the plurality of first to-be-transmitted sub-data to obtain first to-be-transmitted random data, and specifically includes: acquiring the first codes corresponding to each first sub-data to be transmitted, and generating a first random sequence based on a random number generator; and correlating the first random sequence with all the first codes so as to randomly sequence all the first codes based on the first random sequence to obtain a first random sequence, and splicing the plurality of first sub-data to be transmitted in sequence based on the first random sequence to obtain first random data to be transmitted.
In an embodiment, the first data processing module 202 for to-be-transmitted is configured to encrypt the first random data for to-be-transmitted to obtain first random encrypted data for to-be-transmitted, and specifically includes: generating a first key based on a symmetric encryption algorithm, and carrying out encryption processing on the first random data to be transmitted by adopting the symmetric encryption algorithm based on the first key to obtain first encrypted data; simultaneously acquiring a first receiver public key sent by the data receiving end, and encrypting the first key by adopting an asymmetric encryption algorithm based on the first receiver public key to obtain a first encryption key; and carrying out disorder processing on the first encrypted data and the first encryption key to obtain first disorder encrypted data and a first disorder encryption key, and obtaining first random encrypted data to be transmitted based on the first disorder encrypted data and the first disorder encryption key.
In an embodiment, the data decryption restoration module 204 is configured to decrypt the first random encrypted data to be transmitted to obtain first random decrypted data, and specifically includes: carrying out positive sequence processing on the first random encryption data to be transmitted to obtain first positive sequence encryption data and a first positive sequence encryption key; generating a first receiver private key based on an asymmetric encryption algorithm, and decrypting the first positive sequence encryption key by adopting an asymmetric decryption algorithm based on the first receiver private key to obtain a first decryption key; and based on the first decryption key, adopting a symmetric decryption algorithm to decrypt the first positive sequence encrypted data to obtain first random decrypted data.
In one embodiment, the data decryption restoration module 204 is configured to restore the first random decrypted data to obtain first restored data, and specifically includes: obtaining the reverse order of the first random sequence to obtain a first random reverse order sequence, and dividing the first random decryption data based on the first random reverse order sequence to obtain a plurality of first random division sub-data; acquiring first segmentation codes corresponding to the plurality of first random segmentation sub-data, and decoding each first segmentation code to obtain a first decoding, wherein the first decoding comprises a first decoding number; and splicing the plurality of first random division sub-data according to the first decoding number to obtain first restored data.
In an embodiment, the similarity calculating module 205 is configured to calculate a similarity between the first restored data and the second restored data, and specifically includes: converting the first recovery data into a first vector, converting the second recovery data into a second vector, and respectively carrying out normalization processing on the first vector and the second vector to obtain a first normalization vector and a second normalization vector; and calculating the similarity between the first normalized vector and the second normalized vector.
It will be clear to those skilled in the art that, for convenience and brevity of description, reference may be made to the corresponding process in the foregoing method embodiment for the specific working process of the above-described apparatus, which is not described in detail herein.
It should be noted that, the embodiment of the data security transmission device for cloud resource sharing is merely illustrative, where the modules described as separate components may or may not be physically separated, and components displayed as modules may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
On the basis of the embodiment of the data security transmission method for cloud resource sharing, another embodiment of the present invention provides a data security transmission terminal device for cloud resource sharing, where the data security transmission terminal device for cloud resource sharing includes a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, where the processor implements the data security transmission method for cloud resource sharing according to any one of the embodiments of the present invention when executing the computer program.
Illustratively, in this embodiment the computer program may be partitioned into one or more modules, which are stored in the memory and executed by the processor to perform the present invention. The one or more modules may be a series of computer program instruction segments capable of performing a specific function, the instruction segments describing the execution of the computer program in the cloud resource-sharing data security transmission terminal device.
The cloud resource sharing data security transmission terminal equipment can be computing equipment such as a desktop computer, a notebook computer, a palm computer and a cloud server. The cloud resource sharing data security transmission terminal equipment can comprise, but is not limited to, a processor and a memory.
The processor may be a central processing unit (Central Processing Unit, CPU), other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. The general processor may be a microprocessor or the processor may also be any conventional processor, etc., where the processor is a control center of the cloud resource sharing data security transmission terminal device, and connects various parts of the entire cloud resource sharing data security transmission terminal device by using various interfaces and lines.
The memory may be used to store the computer program and/or the module, and the processor may implement various functions of the cloud resource sharing data secure transmission terminal device by running or executing the computer program and/or the module stored in the memory and invoking data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the cellular phone, etc. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as a hard disk, memory, plug-in hard disk, smart Media Card (SMC), secure Digital (SD) Card, flash Card (Flash Card), at least one disk storage device, flash memory device, or other volatile solid-state storage device.
On the basis of the embodiment of the data security transmission method for cloud resource sharing, another embodiment of the present invention provides a storage medium, where the storage medium includes a stored computer program, and when the computer program runs, the device where the storage medium is controlled to execute the data security transmission method for cloud resource sharing according to any embodiment of the present invention.
In this embodiment, the storage medium is a computer-readable storage medium, and the computer program includes computer program code, where the computer program code may be in a source code form, an object code form, an executable file, or some intermediate form, and so on. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth. It should be noted that the computer readable medium contains content that can be appropriately scaled according to the requirements of jurisdictions in which such content is subject to legislation and patent practice, such as in certain jurisdictions in which such content is subject to legislation and patent practice, the computer readable medium does not include electrical carrier signals and telecommunication signals.
In summary, according to the data security transmission method and system for cloud resource sharing provided by the invention, data to be transmitted is copied into the first data to be transmitted and the second data to be transmitted, data segmentation and random combination processing are respectively carried out on the first data to be transmitted and the second data to be transmitted, the first random data to be transmitted and the second random data to be transmitted are obtained, encryption is carried out on the first random data to be transmitted and the second random data to be transmitted, and then the first random encrypted data to be transmitted and the second random encrypted data to be transmitted are transmitted to the data receiving end, decryption and restoration processing are carried out on the first random encrypted data to be transmitted and the second random encrypted data to be transmitted by the data receiving end, so that first restoration data and second restoration data are obtained, and then whether data loss exists in current data transmission is determined through calculation of similarity between the first restoration data and the second restoration data, so that optimal transmission data is determined.
The foregoing is merely a preferred embodiment of the present invention, and it should be noted that modifications and substitutions can be made by those skilled in the art without departing from the technical principles of the present invention, and these modifications and substitutions should also be considered as being within the scope of the present invention.
Claims (10)
1. The data security transmission method for cloud resource sharing is characterized by comprising the following steps:
responding to a shared data acquisition instruction initiated by a data receiving end, and acquiring data to be transmitted corresponding to the shared data acquisition instruction in a cloud resource database;
copying the data to be transmitted to obtain first data to be transmitted and second data to be transmitted, segmenting the first data to be transmitted so as to divide the first data to be transmitted into a plurality of first sub data to be transmitted, randomly combining the plurality of first sub data to be transmitted to obtain first random data to be transmitted, and encrypting the first random data to obtain first random encrypted data to be transmitted;
the second data to be transmitted are segmented, so that the second data to be transmitted are divided into a plurality of second sub data to be transmitted, the plurality of second sub data to be transmitted are randomly combined to obtain second random data to be transmitted, and the second random data to be transmitted are encrypted to obtain second random encrypted data to be transmitted;
The first random encryption data to be transmitted and the second random encryption data to be transmitted are respectively sent to the data receiving end, so that after the data receiving end receives the first random encryption data to be transmitted and the second random encryption data to be transmitted, the first random encryption data to be transmitted and the second random encryption data to be transmitted are respectively decrypted to obtain first random decryption data and second random decryption data, and the first random decryption data and the second random decryption data are restored to obtain first restored data and second restored data;
and calculating the similarity between the first recovery data and the second recovery data, when the similarity is larger than a preset similarity threshold value, determining that no data loss exists in the current data transmission, taking the first recovery data as optimal transmission data, and deleting the second recovery data.
2. The method for securely transmitting data of cloud resource sharing as claimed in claim 1, wherein the first data to be transmitted is segmented to divide the first data to be transmitted into a plurality of first sub-data to be transmitted, specifically comprising:
Acquiring a preset number of sub-data segments, and carrying out segmentation processing on the first data to be transmitted based on the preset number of sub-data segments so as to divide the first data to be transmitted into a plurality of first sub-data to be transmitted;
and setting a unique corresponding first number for each first sub-data to be transmitted, simultaneously obtaining the first sub-data length of each first sub-data to be transmitted, and respectively encoding each first sub-data to be transmitted according to the first number and the first sub-data length to obtain a first code corresponding to each first sub-data to be transmitted.
3. The method for securely transmitting data of cloud resource sharing as claimed in claim 2, wherein the random combination of the plurality of first sub-data to be transmitted to obtain first random data to be transmitted comprises:
acquiring the first codes corresponding to each first sub-data to be transmitted, and generating a first random sequence based on a random number generator;
and correlating the first random sequence with all the first codes so as to randomly sequence all the first codes based on the first random sequence to obtain a first random sequence, and splicing the plurality of first sub-data to be transmitted in sequence based on the first random sequence to obtain first random data to be transmitted.
4. The method for securely transmitting data of cloud resource sharing according to claim 1, wherein encrypting the first random data to be transmitted to obtain the first random encrypted data to be transmitted, specifically comprises:
generating a first key based on a symmetric encryption algorithm, and carrying out encryption processing on the first random data to be transmitted by adopting the symmetric encryption algorithm based on the first key to obtain first encrypted data;
simultaneously acquiring a first receiver public key sent by the data receiving end, and encrypting the first key by adopting an asymmetric encryption algorithm based on the first receiver public key to obtain a first encryption key;
and carrying out disorder processing on the first encrypted data and the first encryption key to obtain first disorder encrypted data and a first disorder encryption key, and obtaining first random encrypted data to be transmitted based on the first disorder encrypted data and the first disorder encryption key.
5. The method for securely transmitting cloud resource-sharing data according to claim 4, wherein decrypting the first random encrypted data to be transmitted to obtain first random decrypted data comprises:
Carrying out positive sequence processing on the first random encryption data to be transmitted to obtain first positive sequence encryption data and a first positive sequence encryption key;
generating a first receiver private key based on an asymmetric encryption algorithm, and decrypting the first positive sequence encryption key by adopting an asymmetric decryption algorithm based on the first receiver private key to obtain a first decryption key;
and based on the first decryption key, adopting a symmetric decryption algorithm to decrypt the first positive sequence encrypted data to obtain first random decrypted data.
6. The method for securely transmitting the data of the cloud resource sharing according to claim 3, wherein the recovering process is performed on the first random decrypted data to obtain first recovered data, specifically comprising:
obtaining the reverse order of the first random sequence to obtain a first random reverse order sequence, and dividing the first random decryption data based on the first random reverse order sequence to obtain a plurality of first random division sub-data;
acquiring first segmentation codes corresponding to the plurality of first random segmentation sub-data, and decoding each first segmentation code to obtain a first decoding, wherein the first decoding comprises a first decoding number;
And splicing the plurality of first random division sub-data according to the first decoding number to obtain first restored data.
7. The method for securely transmitting data of cloud resource sharing according to claim 1, wherein calculating the similarity between the first restored data and the second restored data comprises:
converting the first recovery data into a first vector, converting the second recovery data into a second vector, and respectively carrying out normalization processing on the first vector and the second vector to obtain a first normalization vector and a second normalization vector;
and calculating the similarity between the first normalized vector and the second normalized vector.
8. A data security transmission system for cloud resource sharing, comprising: the device comprises a data acquisition module to be transmitted, a first data processing module to be transmitted, a second data processing module to be transmitted, a data decryption recovery module and a similarity calculation module;
the data acquisition module to be transmitted is used for responding to a shared data acquisition instruction initiated by the data receiving end to acquire data to be transmitted corresponding to the shared data acquisition instruction in the cloud resource database;
The first data processing module to be transmitted is configured to copy the data to be transmitted to obtain first data to be transmitted and second data to be transmitted, segment the first data to be transmitted so as to divide the first data to be transmitted into a plurality of first sub-data to be transmitted, randomly combine the plurality of first sub-data to be transmitted to obtain first random data to be transmitted, and encrypt the first random data to obtain first random encrypted data to be transmitted;
the second data processing module to be transmitted is configured to segment the second data to be transmitted, so that the second data to be transmitted is divided into a plurality of second sub data to be transmitted, the plurality of second sub data to be transmitted are randomly combined to obtain second random data to be transmitted, and the second random data to be transmitted is encrypted to obtain second random encrypted data to be transmitted;
the data decryption restoration module is configured to send the first random encryption data to be transmitted and the second random encryption data to be transmitted to the data receiving end, so that the data receiving end receives the first random encryption data to be transmitted and the second random encryption data to be transmitted, then decrypts the first random encryption data to be transmitted and the second random encryption data to be transmitted respectively to obtain first random decryption data and second random decryption data, and restores the first random decryption data and the second random decryption data to obtain first restoration data and second restoration data;
The similarity calculation module is configured to calculate a similarity between the first recovery data and the second recovery data, determine that no data loss exists in current data transmission when the similarity is greater than a preset similarity threshold, take the first recovery data as optimal transmission data, and delete the second recovery data.
9. A terminal device comprising a processor, a memory and a computer program stored in the memory and configured to be executed by the processor, the processor implementing the data security transmission method of cloud resource sharing according to any one of claims 1 to 7 when executing the computer program.
10. A computer readable storage medium, characterized in that the computer readable storage medium comprises a stored computer program, wherein the computer program when run controls a device in which the computer readable storage medium is located to perform the data security transmission method for cloud resource sharing according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311178221.3A CN117040913B (en) | 2023-09-13 | 2023-09-13 | Cloud resource sharing data security transmission method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311178221.3A CN117040913B (en) | 2023-09-13 | 2023-09-13 | Cloud resource sharing data security transmission method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117040913A CN117040913A (en) | 2023-11-10 |
| CN117040913B true CN117040913B (en) | 2024-01-30 |
Family
ID=88626573
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311178221.3A Active CN117040913B (en) | 2023-09-13 | 2023-09-13 | Cloud resource sharing data security transmission method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117040913B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111726377A (en) * | 2019-03-19 | 2020-09-29 | 百度在线网络技术(北京)有限公司 | Data processing method and device based on public cloud |
| CN111917630A (en) * | 2020-07-08 | 2020-11-10 | 北京艾智侠科技有限责任公司 | Data transmission method, data transmission device, storage medium and electronic device |
| CN115801315A (en) * | 2022-10-10 | 2023-03-14 | 中国电信股份有限公司 | Data transmission method and device, electronic equipment and storage medium |
| CN116614307A (en) * | 2023-06-27 | 2023-08-18 | 贵州电网有限责任公司 | Data security transmission method and system suitable for power edge computing chip |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP5004813B2 (en) * | 2008-01-11 | 2012-08-22 | キヤノン株式会社 | Data sharing system, data sharing method, information processing apparatus, program, and storage medium |
-
2023
- 2023-09-13 CN CN202311178221.3A patent/CN117040913B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111726377A (en) * | 2019-03-19 | 2020-09-29 | 百度在线网络技术(北京)有限公司 | Data processing method and device based on public cloud |
| CN111917630A (en) * | 2020-07-08 | 2020-11-10 | 北京艾智侠科技有限责任公司 | Data transmission method, data transmission device, storage medium and electronic device |
| CN115801315A (en) * | 2022-10-10 | 2023-03-14 | 中国电信股份有限公司 | Data transmission method and device, electronic equipment and storage medium |
| CN116614307A (en) * | 2023-06-27 | 2023-08-18 | 贵州电网有限责任公司 | Data security transmission method and system suitable for power edge computing chip |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117040913A (en) | 2023-11-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110324143B (en) | Data transmission method, electronic device and storage medium | |
| US10402571B2 (en) | Community-based de-duplication for encrypted data | |
| CN112600665B (en) | Hidden communication method, device and system based on block chain and encryption technology | |
| CN112202754B (en) | Data encryption method and device, electronic equipment and storage medium | |
| US20230254129A1 (en) | Key management for multi-party computation | |
| CN112073467A (en) | Block chain-based data transmission method and device, storage medium and electronic equipment | |
| CN112437060B (en) | Data transmission method and device, computer equipment and storage medium | |
| CN111404892B (en) | Data supervision method and device and server | |
| CN112182109A (en) | Distributed data coding storage method based on block chain and electronic equipment | |
| US20240001977A1 (en) | Method for data processing in a computing environment with distributed computers and railway application | |
| CN117240625A (en) | Tamper-resistant data processing method and device and electronic equipment | |
| CN110427768B (en) | Private key management method and system | |
| CN117040913B (en) | Cloud resource sharing data security transmission method and system | |
| EP4084484B1 (en) | Method and device for encryption of video stream, communication equipment, and storage medium | |
| CN109951417B (en) | Identity authentication method, system and terminal equipment | |
| CN114205142B (en) | Data transmission method, device, electronic equipment and storage medium | |
| US11095429B2 (en) | Circuit concealing apparatus, calculation apparatus, and program | |
| CN111931204A (en) | Encryption and de-duplication storage method and terminal equipment for distributed system | |
| CN113343269B (en) | Encryption method and device | |
| CN112181308A (en) | Block chain based distributed data storage method and electronic equipment | |
| CN111324914A (en) | File transmission method, device, server, equipment and medium | |
| CN116743461B (en) | Commodity data encryption method and device based on time stamp | |
| CN114095159B (en) | Encryption communication method, device, computer equipment and storage medium | |
| CN114095157B (en) | Key management method, key management device, computer equipment and readable storage medium | |
| CN116484407B (en) | Data security protection method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |