CN117424757B - Data encryption method and device based on cloud database storage - Google Patents

Data encryption method and device based on cloud database storage Download PDF

Info

Publication number
CN117424757B
CN117424757B CN202311736688.5A CN202311736688A CN117424757B CN 117424757 B CN117424757 B CN 117424757B CN 202311736688 A CN202311736688 A CN 202311736688A CN 117424757 B CN117424757 B CN 117424757B
Authority
CN
China
Prior art keywords
data
data segment
cloud database
encryption
segment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311736688.5A
Other languages
Chinese (zh)
Other versions
CN117424757A (en
Inventor
杨胜
曾海波
袁平
唐必成
黄瑛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiaying Technology Co ltd
Original Assignee
Jiaying Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiaying Technology Co ltd filed Critical Jiaying Technology Co ltd
Priority to CN202311736688.5A priority Critical patent/CN117424757B/en
Publication of CN117424757A publication Critical patent/CN117424757A/en
Application granted granted Critical
Publication of CN117424757B publication Critical patent/CN117424757B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys

Abstract

The invention discloses a data encryption method and device based on cloud database storage, which relate to the technical field of data encryption and comprise the following steps: dividing the scrambled plaintext data into a first data segment, a second data segment and a third data segment; performing architecture reconstruction on the first data segment based on an RSA algorithm to obtain a first encrypted data segment; performing cyclic encryption on the second data segment based on an AES algorithm to obtain a second encrypted data segment; uploading the first encrypted data segment and the second encrypted data segment to a cloud database; acquiring transmission target information of the first encrypted data segment and the second encrypted data segment, and generating a signal code based on the transmission target information; and mapping in the cloud database to generate a transmission trigger signal of the third data segment, and acquiring ciphertext data. The encrypted data segments are stored in the cloud database, and the safety and reliability of data transmission and storage in the cloud database are improved in a segmented transmission and storage mode.

Description

Data encryption method and device based on cloud database storage
Technical Field
The invention mainly relates to the technical field of data encryption, in particular to a data encryption method and device based on cloud database storage.
Background
With the rapid development of the information age, in order to reduce the data storage pressure of the local storage unit of the device, the existing data storage technology generally performs data storage through a cloud database, and the data storage and data transportation security of the cloud database are one of important research fields of the current cloud data technology.
The existing cloud data has large data transmission throughput, and is easy to be hijacked and acquired in the data storage and transmission process, so that a high-reliability and high-safety data encryption method is required to meet the data storage and transmission requirements of a cloud database.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, and provides a data encryption method and device based on cloud database storage.
The invention provides a data encryption method based on cloud database storage, which comprises the following steps:
s11: changing character arrangement of plaintext data at a local end of the mobile device based on a scrambling algorithm, and dividing the scrambled plaintext data into a first data segment, a second data segment and a third data segment;
s12: performing architecture reconstruction on the first data segment based on an RSA algorithm to obtain a first encrypted data segment;
generating an encryption public key and a decryption private key through a CPU module of the mobile device, encrypting the first data segment based on the encryption public key, and obtaining a first encrypted data segment;
inputting the decryption private key into the third data segment;
s13: performing cyclic encryption on the second data segment based on an AES algorithm to obtain a second encrypted data segment;
s14: constructing a data transmission channel of a local end of the mobile device and a cloud database, and uploading the first encrypted data segment and the second encrypted data segment to the cloud database through the data transmission channel;
s15: acquiring transmission target information of the first encrypted data segment and the second encrypted data segment, and generating a signal code based on the transmission target information;
s16: and mapping in a cloud database to generate a transmission trigger signal of a third data segment, and generating ciphertext data by combining the transmission trigger signal, the first encrypted data segment, the second encrypted data segment and the signal code.
Further, the modifying the character arrangement of the plaintext data at the local end of the mobile device based on the scrambling algorithm, and dividing the scrambled plaintext data into a first data segment, a second data segment and a third data segment includes:
arranging characters of plaintext data to form a character array, and scrambling the character array based on a Hilbert curve to obtain scrambled data;
and uniformly dividing the scrambled data into a first data segment, a second data segment and a third data segment.
Further, the step of arranging characters of the plaintext data to form a character array, the step of scrambling the character array based on a Hilbert curve, and the step of obtaining scrambled data includes:
acquiring the total number of characters of the plaintext data, detecting whether the total number of characters is a multiple of 4, and if not, supplementing blank data in the plaintext data so that the total number of characters of the plaintext data is a multiple of 4;
and arranging characters of the plaintext data into a square array, and sequentially traversing the square array according to the directions of lower left, upper right and lower right based on a Hilbert curve to obtain scrambling data.
Further, the performing architecture reconstruction on the first data segment based on the RSA algorithm, and obtaining the first encrypted data segment includes:
setting an encryption public key as (n, p), and a decryption private key as (n, q), wherein the derivation formulas of the encryption public key and the decryption private key are as follows:
wherein e and d are prime numbers, m is an Euler function of n, p and m are interpixes, and q is an inverse element of p in a modulo m domain.
Further, encrypting the first data segment based on the encryption public key, and obtaining the first encrypted data segment includes:
the calculation formula for encrypting the first data segment by the encryption public key (n, p) is:
wherein,for the first encrypted data segment,in order to be a first data segment of the data,is a modulo arithmetic symbol.
Further, the performing the round robin encryption on the second data segment based on the AES algorithm to obtain a second encrypted data segment includes:
setting a round function, and setting the encryption round number of the second data segment according to the round function;
and circularly encrypting the second data segment through the round function based on the encryption round number to obtain the second encrypted data segment.
Further, circularly encrypting the second data segment by the round function based on the encryption round number includes:
and in each round of encryption processing, performing byte transformation, row displacement and column confusion processing on the second data segment, and obtaining corresponding round of encryption data based on each round of encryption processing.
Further, the obtaining the transmission target information of the first encrypted data segment and the second encrypted data segment, and generating the signal code based on the transmission target information includes:
when uploading the first encrypted data segment and the second encrypted data segment, transmitting transmission target information of the plaintext data to a cloud database;
and inquiring signal base station information of a destination based on the target information, and generating the signal code based on the signal base station information.
Further, the mapping in the cloud database to generate the transmission trigger signal of the third data segment, and generating ciphertext data by combining the transmission trigger signal, the first encrypted data segment, the second encrypted data segment and the signal code includes:
generating mapping data of the third data segment in the cloud database, and setting the mapping data as a transmission trigger signal;
and interrupting the data transmission channels of the cloud database and the mobile equipment based on the transmission trigger signal.
The invention also provides a data encryption device based on cloud database storage, which comprises:
and a data dividing module: changing character arrangement of plaintext data at a local end of the mobile device based on a scrambling algorithm, and dividing the scrambled plaintext data into a first data segment, a second data segment and a third data segment;
a first encryption module: performing architecture reconstruction on the first data segment based on an RSA algorithm to obtain a first encrypted data segment;
generating an encryption public key and a decryption private key through a CPU module of the mobile device, encrypting the first data segment based on the encryption public key, and obtaining a first encrypted data segment;
inputting the decryption private key into the third data segment;
and a second encryption module: performing cyclic encryption on the second data segment based on an AES algorithm to obtain a second encrypted data segment;
an encrypted data transmission module: constructing a data transmission channel of a local end of the mobile device and a cloud database, and uploading the first encrypted data segment and the second encrypted data segment to the cloud database through the data transmission channel;
and a positioning and marking module: acquiring transmission target information of the first encrypted data segment and the second encrypted data segment, and generating a signal code based on the transmission target information;
ciphertext generating module: and mapping in a cloud database to generate a transmission trigger signal of a third data segment, and generating ciphertext data by combining the transmission trigger signal, the first encrypted data segment, the second encrypted data segment and the signal code.
The invention provides a data encryption method and device based on cloud database storage, which are characterized in that data are scrambled and segmented through a local end of a mobile device, different data segments are encrypted based on various encryption algorithms, partial data are reserved to be temporarily stored in the local end of the mobile device, the encrypted data segments are stored based on the cloud database, and the safety and reliability of data transportation and storage in the cloud database are improved in a segmented transportation and storage mode.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings which are required in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the description below are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a data encryption method based on cloud database storage in an embodiment of the invention;
fig. 2 is a schematic diagram of a data encryption system based on cloud database storage in an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Fig. 1 shows a flowchart of a data encryption method based on cloud database storage in an embodiment of the present invention, where the encryption method is applied in an encryption system, and the encryption system includes: the mobile device comprises a cloud database and mobile equipment in signal connection with the cloud database, wherein a CPU module, a signal connection module and a temporary storage module are arranged in the mobile equipment.
The temporary storage module is used for temporarily storing plaintext data and ciphertext data, and the CPU module is used for encrypting the plaintext data to obtain ciphertext data;
the signal connection module is used for constructing a transmission channel between the mobile equipment and the motion database.
The data encryption method comprises the following steps:
s11: and changing the character arrangement of the plaintext data at the local end of the mobile device based on a scrambling algorithm, and dividing the scrambled plaintext data into a first data segment, a second data segment and a third data segment.
Specifically, the modifying the character arrangement of the plaintext data at the local end of the mobile device based on the scrambling algorithm, and dividing the scrambled plaintext data into a first data segment, a second data segment and a third data segment includes:
arranging characters of plaintext data to form a character array, and scrambling the character array based on a Hilbert curve to obtain scrambled data;
and uniformly dividing the scrambled data into a first data segment, a second data segment and a third data segment.
Further, the total number of characters of the plaintext data is obtained, a square array of the plaintext data is constructed according to the total number of characters of the plaintext data, and the square array of the plaintext data is generated through automatic sequencing by combining with the total number of characters of the plaintext data.
Further, the main control system detects whether a square array constructed based on characters of the plaintext data is of a complete square structure, and if the square array is incomplete, blank data characters are filled in character bits of the plaintext data, so that the total number of characters of the plaintext data can meet the construction requirement of the square array.
And arranging characters of the plaintext data into a square array, and sequentially traversing the square array according to the directions of lower left, upper right and lower right based on a Hilbert curve to obtain scrambling data.
Further, the Hilbert transform (Hilbert transform) is a common scrambling algorithm, and the scrambling data is obtained by setting a Hilbert curve, sequentially traversing data based on the Hilbert curve, sequentially performing position replacement on character data of a square array of plaintext data, and performing ortho replacement according to the sequence of lower left, upper right and lower right.
S12: and carrying out architecture reconstruction on the first data segment based on an RSA algorithm to obtain a first encrypted data segment.
The method comprises the following steps: generating an encryption public key and a decryption private key through a CPU module of the mobile device, encrypting the first data segment based on the encryption public key, and obtaining a first encrypted data segment;
and inputting the decryption private key into the third data segment, adding the decryption private key at the tail end of the third data segment, and merging the decryption private key into the third data segment, so that the decryption private key can be temporarily stored in a local end of the mobile device along with the third data segment.
Setting an encryption public key as (n, p), and a decryption private key as (n, q), wherein the derivation formulas of the encryption public key and the decryption private key are as follows:
wherein e and d are prime numbers, m is an Euler function of n, p and m are interpixes, and q is an inverse element of p in a modulo m domain.
Further, encrypting the first data segment based on the encryption public key, and obtaining the first encrypted data segment includes:
the calculation formula for encrypting the first data segment by the encryption public key (n, p) is:
wherein,for the first encrypted data segment,in order to be a first data segment of the data,is a modulo arithmetic symbol.
Further, the decryption calculation formula of the first data segment is as follows:
wherein,for the first encrypted data segment,in order to be a first data segment of the data,is a modulo arithmetic symbol.
The first data segment is encrypted by adopting an RSA algorithm, the n-based factorization is complicated, the risk of violent decryption can be effectively resisted, and the frequency of network transmission between different devices by the decryption private key can be reduced by setting the decryption private key in the third data segment and temporarily storing the decryption private key in the local end of the mobile device, so that the risk of losing or exposing the decryption private key in the transmission process is reduced.
S13: and carrying out cyclic encryption on the second data segment based on the AES algorithm to obtain a second encrypted data segment.
Specifically, the performing the cyclic encryption on the second data segment based on the AES algorithm, to obtain a second encrypted data segment includes:
setting a round function, setting the encryption round number of a second data segment according to the round function, determining the encryption round number of the second data segment according to the byte number of the round function, and obtaining the second encrypted data segment through circularly encrypting the second data segment.
And circularly encrypting the second data segment through the round function based on the encryption round number to obtain the second encrypted data segment.
Further, circularly encrypting the second data segment by the round function based on the encryption round number includes:
and in each round of encryption processing, performing round key addition, byte transformation, row displacement and column confusion processing on the second data segment, and obtaining corresponding round of encryption data based on each round of encryption processing.
Specifically, the second data segment is converted into hexadecimal data, the second data segment is encrypted through the round function to obtain initial encrypted data, and byte transformation is carried out on the initial encrypted data;
the operation method of the byte transformation comprises the following steps: based on the AES algorithm, inquiring an S box with byte conversion, wherein the S box is a preset 16 x 16 two-dimensional array in the AES algorithm, character data of the initial encrypted data are sequentially extracted, the corresponding line number of the S box is inquired according to the high four bits of the character data, the corresponding column number of the S box is inquired according to the low four bits of the character data, and therefore replacement data are extracted from the S box, and all the character data in the initial encrypted data are replaced through the byte conversion operation, so that the replacement data are obtained.
Performing row displacement and column confusion operation on the replacement data, wherein the specific operation of the row displacement is as follows: constructing the replacement data into a 4*4 data matrix, keeping the data of the first row unchanged, moving the data of the second row leftwards by one byte, moving the data of the third row leftwards by two bytes, and moving the data of the fourth row leftwards by three bytes, so as to finish the row displacement operation;
the column obfuscation operation includes: setting a mixed data matrix, multiplying the mixed data matrix by a replacement data matrix with line displacement completed to obtain encrypted data, carrying out the encryption of the AES algorithm of the next round based on the encrypted data, and obtaining the second encrypted data segment after multiple rounds of encryption.
Specifically, the confusion data matrix is obtained based on the third data segment extraction, namely, the confusion data matrix is constructed by extracting the high four-bit data of each character data in the third data segment, and the encryption data is obtained by multiplying the confusion data matrix with the replacement data matrix after the line displacement, namely, performing exclusive-or operation on the character data at the corresponding position.
Specifically, by extracting the confusion data matrix from the third data segment, the encryption reliability of the second data segment is improved, and the risk that the second encrypted data segment is violently disassembled is reduced.
S14: and constructing data transmission channels of a local end of the mobile device and a cloud database, and uploading the first encrypted data segment and the second encrypted data segment to the cloud database through the data transmission channels.
The method comprises the steps that a wireless communication module based on a local end of a mobile device accesses a data port of a cloud database, and a data transmission channel is formed between the local end of the mobile device and the cloud database based on a wireless communication protocol.
Specifically, after the local end of the mobile device completes encryption processing on the first data segment and the second data segment, a signal connection request is sent to a cloud database through a wireless communication protocol, the cloud database detects the data change state of a data port in real time, and a signal transmission channel between the data port and the local end of the mobile device is constructed based on the data change state of the data port.
Furthermore, the cloud database constructs a signal transmission path with the local end of the mobile device based on a DDS (Data Distribution Service data distribution service) protocol, and a subscription system architecture is adopted to ensure real-time, efficient and flexible data distribution, so that various distributed real-time communication application requirements can be met, and the safety requirements of data transmission are met.
S15: and acquiring transmission target information of the first encrypted data segment and the second encrypted data segment, and generating signal codes based on the transmission target information.
Specifically, the obtaining the transmission target information of the first encrypted data segment and the second encrypted data segment, and generating the signal code based on the transmission target information includes:
and when the first encrypted data segment and the second encrypted data segment are uploaded, transmitting transmission target information of the plaintext data to a cloud database, and transmitting the transmission target information of the plaintext data to the cloud database based on the data transmission channel, wherein the transmission target information comprises receiving end equipment verification information.
And generating the signal code based on the signal base station information of the target information query destination, combining the signal code into the first encrypted data section and the second encrypted data section, and performing verification identification on the first encrypted data section and the second encrypted data section based on the signal code.
When a receiving end user accesses the cloud database and inquires the first encrypted data segment and the second encrypted data segment, the cloud database can inquire the equipment information of the receiving end user and the signal address information of the receiving end user, compare with the receiving end equipment verification information based on the equipment information, and when the equipment information is matched with the receiving end equipment verification information, the cloud database can respond to an information transmission request of the receiving end equipment, construct a data transmission channel and send the first encrypted data segment and the second encrypted data segment to the receiving end equipment.
S16: and mapping in a cloud database to generate a transmission trigger signal of a third data segment, and generating ciphertext data by combining the transmission trigger signal, the first encrypted data segment, the second encrypted data segment and the signal code.
Specifically, the mapping in the cloud database to generate the transmission trigger signal of the third data segment, and generating ciphertext data by combining the transmission trigger signal, the first encrypted data segment, the second encrypted data segment and the signal code includes:
generating mapping data of the third data segment in the cloud database, and setting the mapping data as a transmission trigger signal;
copying character data of the first three character bits of the head end position of the third data segment, defining the character data as mobile data, transmitting the mobile data to the cloud database based on the data transmission channel, converting the mobile data into mapping data through a preset code conversion formula, inserting an abort symbol into the mapping data to generate the transmission trigger signal, and inserting the transmission trigger signal into program codes of the data transmission channel to realize the interrupt operation of the transmission channel.
Further, the preset transcoding formula may be set according to a coding rule built in the data mapping tool, which is not limited herein.
Further, the program code of the data transmission channel is provided with an interrupt segment and an idle segment adjacent to the interrupt segment, and the idle segment is set to be in a query state when the program runs, namely, when the program code of the data transmission channel is run, the data loaded by the idle segment can be queried and obtained, but the data in the idle segment does not directly influence the function implementation of the program code. When the transmission trigger signal is triggered, the transmission trigger signal can move right into the idle section, so that a data transmission channel of the cloud database and the mobile equipment can be reconstructed, data transmission of the cloud database and the mobile equipment is realized, and the transmission trigger signal is reacquired.
Further, the data information of the third data segment in the local device can be queried based on the transmission trigger signal, and the transmission of the third data segment is realized based on the data transmission channel.
The cloud database and the data transmission channel of the mobile device are interrupted based on the transmission trigger signal, so that the cloud database is disconnected with the mobile device, the ciphertext data is temporarily stored in the cloud database, at this time, the ciphertext data in the cloud database comprises a first encrypted data segment and a second encrypted data segment, namely, the cloud database stores partial data in the plaintext data, and the risk of leakage of the plaintext data in the cloud database can be reduced.
Further, partial character data of the third data segment are converted into mapping data through a data mapping tool, and on-off control is performed on a data transmission channel between a cloud database and mobile equipment based on the mapping data, so that reliability of cloud data transmission encryption can be improved, and identification and search are performed on the third data segment based on the mapping data, and accuracy of data transmission of the cloud database is improved.
Specifically, when the receiving end device is connected to the cloud end database, the cloud end database may query signal address information of the receiving end device, compare and match the signal address information with the signal code based on the signal address information, and after the signal address information is correspondingly matched with the signal code, the cloud end database may construct a temporary data channel with the mobile device based on the transmission trigger signal, and communicate the temporary data channel with a data transmission channel of the receiving end device, so that the mobile device may perform temporary data transmission with the receiving end device based on the cloud end database, and send the third data segment to the receiving end device.
Further, the receiving end device may obtain the decryption private key based on the third data segment, decrypt the first encrypted data segment based on the decryption private key, and extract the confusion data matrix from the third data segment, and decrypt the second encrypted data segment based on the confusion data matrix, thereby obtaining the plaintext data.
Further, by verifying the device information and the signal position information of the receiving end device, the safety of fixed-point transmission of the plaintext data is ensured.
The embodiment of the invention provides a data encryption method based on cloud database storage, which is characterized in that data are scrambled and segmented through a local end of mobile equipment, different data segments are encrypted based on various encryption algorithms, partial data are reserved to be temporarily stored in the local end of the mobile equipment, the data segments after partial encryption are stored based on the cloud database, and the safety and reliability of data transportation and storage in the cloud database are improved in a segmented transportation and storage mode.
Embodiment two:
fig. 2 is a schematic diagram of a data encryption device based on cloud database storage in an embodiment of the present invention, where the encryption device includes:
the data dividing module 10: and changing the character arrangement of the plaintext data at the local end of the mobile device based on a scrambling algorithm, and dividing the scrambled plaintext data into a first data segment, a second data segment and a third data segment.
Arranging characters of plaintext data to form a character array, and scrambling the character array based on a Hilbert curve to obtain scrambled data;
and uniformly dividing the scrambled data into a first data segment, a second data segment and a third data segment.
The first encryption module 20: performing architecture reconstruction on the first data segment based on an RSA algorithm to obtain a first encrypted data segment;
the method comprises the following steps: and generating an encryption public key and a decryption private key through a CPU module of the mobile device, and encrypting the first data segment based on the encryption public key to obtain a first encrypted data segment.
And inputting the decryption private key into the third data segment, adding the decryption private key at the tail end of the third data segment, and merging the decryption private key into the third data segment, so that the decryption private key can be temporarily stored in a local end of the mobile device along with the third data segment.
The second encryption module 30: and carrying out cyclic encryption on the second data segment based on the AES algorithm to obtain a second encrypted data segment.
Setting a round function, setting the encryption round number of a second data segment according to the round function, determining the encryption round number of the second data segment according to the byte number of the round function, and obtaining the second encrypted data segment through circularly encrypting the second data segment.
And circularly encrypting the second data segment through the round function based on the encryption round number to obtain the second encrypted data segment.
The encrypted data transmission module 40: and constructing data transmission channels of a local end of the mobile device and a cloud database, and uploading the first encrypted data segment and the second encrypted data segment to the cloud database through the data transmission channels.
The method comprises the steps that a wireless communication module based on a local end of a mobile device accesses a data port of a cloud database, and a data transmission channel is formed between the local end of the mobile device and the cloud database based on a wireless communication protocol.
Specifically, after the local end of the mobile device completes encryption processing on the first data segment and the second data segment, a signal connection request is sent to a cloud database through a wireless communication protocol, the cloud database detects the data change state of a data port in real time, and a signal transmission channel between the data port and the local end of the mobile device is constructed based on the data change state of the data port.
The positioning mark module 50: and acquiring transmission target information of the first encrypted data segment and the second encrypted data segment, and generating signal codes based on the transmission target information.
When uploading the first encrypted data segment and the second encrypted data segment, transmitting transmission target information of the plaintext data to a cloud database, transmitting the transmission target information of the plaintext data to the cloud database based on the data transmission channel,
and inquiring signal base station information of a destination based on the target information, and generating the signal code based on the signal base station information.
Ciphertext generating module 60: and mapping in a cloud database to generate a transmission trigger signal of a third data segment, and generating ciphertext data by combining the transmission trigger signal, the first encrypted data segment, the second encrypted data segment and the signal code.
And generating mapping data of the third data segment in the cloud database, setting the mapping data as a transmission trigger signal, interrupting a data transmission channel of the cloud database and the mobile device based on the transmission trigger signal, and reconstructing the data transmission channels of the cloud database and the mobile device based on the transmission trigger signal when the receiving terminal device acquires the first encrypted data segment and the second encrypted data segment, so that the receiving terminal device acquires the third data segment through the data transmission channel.
Those of ordinary skill in the art will appreciate that all or part of the steps in the various methods of the above embodiments may be implemented by a program to instruct related hardware, the program may be stored in a computer readable storage medium, and the storage medium may include: read Only Memory (ROM), random access Memory (RAM, random Access Memory), magnetic or optical disk, and the like.
In addition, the data encryption method and the encryption device based on the cloud database provided by the embodiment of the invention are described in detail, and specific examples are adopted to explain the principle and the implementation mode of the invention, and the description of the above embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.

Claims (9)

1. The data encryption method based on cloud database storage is characterized by comprising the following steps:
s11: changing character arrangement of plaintext data at a local end of the mobile device based on a scrambling algorithm, and dividing the scrambled plaintext data into a first data segment, a second data segment and a third data segment;
s12: performing architecture reconstruction on the first data segment based on an RSA algorithm to obtain a first encrypted data segment;
generating an encryption public key and a decryption private key through a CPU module of the mobile device, encrypting the first data segment based on the encryption public key, and obtaining a first encrypted data segment;
inputting the decryption private key into the third data segment;
s13: performing cyclic encryption on the second data segment based on an AES algorithm to obtain a second encrypted data segment;
s14: constructing a data transmission channel of a local end of the mobile device and a cloud database, and uploading the first encrypted data segment and the second encrypted data segment to the cloud database through the data transmission channel;
s15: acquiring transmission target information of the first encrypted data segment and the second encrypted data segment, and generating a signal code based on the transmission target information;
combining the first encrypted data segment, the second encrypted data segment and the signal code to generate ciphertext data;
s16: mapping in the cloud database to generate a transmission trigger signal of a third data segment, and implementing on-off control of data transmission channels of the mobile device, the cloud database and the receiving terminal device based on the transmission trigger signal, wherein the method comprises the following steps:
generating mapping data of the third data segment in the cloud database, and setting the mapping data as a transmission trigger signal;
interrupting a data transmission channel of the cloud database and the mobile equipment based on the transmission trigger signal, and temporarily storing the ciphertext data based on the cloud database;
when receiving end equipment is connected with the cloud database, constructing a temporary data channel between the cloud database and the mobile equipment based on the transmission trigger signal, and communicating the temporary data channel with a data transmission channel of the receiving end equipment;
and conveying the third data segment to a cloud database based on the temporary data channel, and conveying the third data segment to the receiving end equipment through a data transmission channel between the cloud database and the receiving end equipment.
2. The method for encrypting data stored in a cloud database according to claim 1, wherein the modifying the character arrangement of the plaintext data at the local side of the mobile device based on the scrambling algorithm, and dividing the scrambled plaintext data into a first data segment, a second data segment and a third data segment comprises:
arranging characters of plaintext data to form a character array, and scrambling the character array based on a Hilbert curve to obtain scrambled data;
and uniformly dividing the scrambled data into a first data segment, a second data segment and a third data segment.
3. The method for encrypting data stored in a cloud database according to claim 2, wherein the step of arranging characters of plaintext data to form a character array, and performing scrambling processing on the character array based on a Hilbert curve to obtain scrambled data comprises:
acquiring the total number of characters of the plaintext data, detecting whether the total number of characters is a multiple of 4, and if not, supplementing blank data in the plaintext data so that the total number of characters of the plaintext data is a multiple of 4;
and arranging characters of the plaintext data into a square array, and sequentially traversing the square array according to the directions of lower left, upper right and lower right based on a Hilbert curve to obtain scrambling data.
4. The method for encrypting data stored in a cloud database according to claim 1, wherein the performing the architecture reconstruction on the first data segment based on the RSA algorithm to obtain the first encrypted data segment comprises:
setting an encryption public key as (n, p), and a decryption private key as (n, q), wherein the derivation formulas of the encryption public key and the decryption private key are as follows:
wherein e and d are prime numbers, m is an Euler function of n, p and m are interpixes, and q is an inverse element of p in a modulo m domain.
5. The cloud database storage-based data encryption method according to claim 4, wherein the encrypting the first data segment based on the encryption public key, obtaining a first encrypted data segment includes:
the calculation formula for encrypting the first data segment by the encryption public key (n, p) is:
wherein,for the first encrypted data section,/a>For the first data section->Is a modulo arithmetic symbol.
6. The method for encrypting data stored in a cloud database according to claim 1, wherein the performing the round robin encryption on the second data segment based on the AES algorithm to obtain the second encrypted data segment includes:
setting a round function, and setting the encryption round number of the second data segment according to the round function;
and circularly encrypting the second data segment through the round function based on the encryption round number to obtain the second encrypted data segment.
7. The cloud database storage based data encryption method of claim 6, wherein cyclically encrypting the second data segment by the round function based on the encryption round number comprises:
and in each round of encryption processing, performing byte transformation, row displacement and column confusion processing on the second data segment, and obtaining corresponding round of encryption data based on each round of encryption processing.
8. The cloud database storage-based data encryption method according to claim 1, wherein the obtaining the transmission target information of the first encrypted data segment and the second encrypted data segment, generating a signal code based on the transmission target information includes:
when uploading the first encrypted data segment and the second encrypted data segment, transmitting transmission target information of the plaintext data to a cloud database;
and inquiring signal base station information of a destination based on the target information, and generating the signal code based on the signal base station information.
9. A data encryption device based on cloud database storage, the encryption device comprising:
and a data dividing module: changing character arrangement of plaintext data at a local end of the mobile device based on a scrambling algorithm, and dividing the scrambled plaintext data into a first data segment, a second data segment and a third data segment;
a first encryption module: performing architecture reconstruction on the first data segment based on an RSA algorithm to obtain a first encrypted data segment;
generating an encryption public key and a decryption private key through a CPU module of the mobile device, encrypting the first data segment based on the encryption public key, and obtaining a first encrypted data segment;
inputting the decryption private key into the third data segment;
and a second encryption module: performing cyclic encryption on the second data segment based on an AES algorithm to obtain a second encrypted data segment;
an encrypted data transmission module: constructing a data transmission channel of a local end of the mobile device and a cloud database, and uploading the first encrypted data segment and the second encrypted data segment to the cloud database through the data transmission channel;
and a positioning and marking module: acquiring transmission target information of the first encrypted data segment and the second encrypted data segment, and generating a signal code based on the transmission target information;
ciphertext generating module: combining the first encrypted data segment, the second encrypted data segment and the signal code to generate ciphertext data;
mapping and generating a transmission trigger signal of a third data segment in the cloud database, and controlling the opening and closing of data transmission channels of the mobile equipment, the cloud database and the receiving end equipment based on the transmission trigger signal;
comprising the following steps: generating mapping data of the third data segment in the cloud database, and setting the mapping data as a transmission trigger signal;
interrupting a data transmission channel of the cloud database and the mobile equipment based on the transmission trigger signal, and temporarily storing the ciphertext data based on the cloud database;
when receiving end equipment is connected with the cloud database, constructing a temporary data channel between the cloud database and the mobile equipment based on the transmission trigger signal, and communicating the temporary data channel with a data transmission channel of the receiving end equipment;
and conveying the third data segment to a cloud database based on the temporary data channel, and conveying the third data segment to the receiving end equipment through a data transmission channel between the cloud database and the receiving end equipment.
CN202311736688.5A 2023-12-18 2023-12-18 Data encryption method and device based on cloud database storage Active CN117424757B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311736688.5A CN117424757B (en) 2023-12-18 2023-12-18 Data encryption method and device based on cloud database storage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311736688.5A CN117424757B (en) 2023-12-18 2023-12-18 Data encryption method and device based on cloud database storage

Publications (2)

Publication Number Publication Date
CN117424757A CN117424757A (en) 2024-01-19
CN117424757B true CN117424757B (en) 2024-03-12

Family

ID=89530544

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311736688.5A Active CN117424757B (en) 2023-12-18 2023-12-18 Data encryption method and device based on cloud database storage

Country Status (1)

Country Link
CN (1) CN117424757B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104023085A (en) * 2014-06-25 2014-09-03 武汉大学 Security cloud storage system based on increment synchronization
US9031229B1 (en) * 2012-03-26 2015-05-12 Newline Software, Inc. Computer-implemented system and method for providing data privacy in a cloud using discrete homomorphic encryption
CN105162765A (en) * 2015-07-30 2015-12-16 国家电网公司 Cloud data security realizing method based on tail-cutoff survival
CN106612169A (en) * 2016-05-25 2017-05-03 四川用联信息技术有限公司 Safe data sharing method in cloud environment
US9678981B1 (en) * 2010-05-03 2017-06-13 Panzura, Inc. Customizing data management for a distributed filesystem
CN114567447A (en) * 2022-04-26 2022-05-31 佳瑛科技有限公司 Data sharing management method and device based on cloud server
CN116743504A (en) * 2023-08-14 2023-09-12 佳瑛科技有限公司 Safe transmission method and system for digital data in network cable
CN117034318A (en) * 2023-08-16 2023-11-10 同智伟业软件股份有限公司 Encryption and decryption method for solving reserved format of multi-segment characteristic data

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10320761B2 (en) * 2015-11-02 2019-06-11 Servicenow, Inc. Selective encryption configuration

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9678981B1 (en) * 2010-05-03 2017-06-13 Panzura, Inc. Customizing data management for a distributed filesystem
US9031229B1 (en) * 2012-03-26 2015-05-12 Newline Software, Inc. Computer-implemented system and method for providing data privacy in a cloud using discrete homomorphic encryption
CN104023085A (en) * 2014-06-25 2014-09-03 武汉大学 Security cloud storage system based on increment synchronization
CN105162765A (en) * 2015-07-30 2015-12-16 国家电网公司 Cloud data security realizing method based on tail-cutoff survival
CN106612169A (en) * 2016-05-25 2017-05-03 四川用联信息技术有限公司 Safe data sharing method in cloud environment
CN114567447A (en) * 2022-04-26 2022-05-31 佳瑛科技有限公司 Data sharing management method and device based on cloud server
CN116743504A (en) * 2023-08-14 2023-09-12 佳瑛科技有限公司 Safe transmission method and system for digital data in network cable
CN117034318A (en) * 2023-08-16 2023-11-10 同智伟业软件股份有限公司 Encryption and decryption method for solving reserved format of multi-segment characteristic data

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
高效的基于代理重加密的云存储访问控制方案;郑志恒;张敏情;戴晓明;王绪安;;电子技术应用;20161106(第11期);全文 *

Also Published As

Publication number Publication date
CN117424757A (en) 2024-01-19

Similar Documents

Publication Publication Date Title
KR101891288B1 (en) System and method for hierarchical encryption key generation using biometric data
CN107801165B (en) Business short message pushing method and device, computer equipment and storage medium
CN114036565B (en) Private information retrieval system and private information retrieval method
AU2008327506B2 (en) Method and system for encryption of data
CN108471404B (en) File sharing method and device, computer equipment and storage medium
RU2683853C1 (en) Method for improving gprs key, sgsn device, user device, hlr / hss and gprs system
CN109040090A (en) A kind of data ciphering method and device
US11310727B2 (en) Methods, devices and media for obtaining and for providing access information of wireless access points
CN104010297B (en) Wireless terminal configuration method and device and wireless terminal
CN112511514A (en) HTTP encrypted transmission method and device, computer equipment and storage medium
CN105208028A (en) Data transmission method and related device and equipment
US20210288946A1 (en) Methods and apparatuses for oblivious transfer using trusted environment
CN113572743B (en) Data encryption and decryption methods and devices, computer equipment and storage medium
CN114244507B (en) Quantum direct communication method, device, equipment and system based on single-path transmission
CN115225409B (en) Cloud data safety duplicate removal method based on multi-backup joint verification
CN101153910A (en) Method and system for safe transmission of GPS locating information and GPS receiver
CN105848145A (en) WIFI intelligent configuration method and device
CN111277605B (en) Data sharing method and device, computer equipment and storage medium
CN105718978B (en) QR code generation method and device, and decoding method and device
KR20140078917A (en) Apparatas and method for security message transmission and reception of vehicle network
CN117424757B (en) Data encryption method and device based on cloud database storage
CN111416702B (en) Data transmission method, data transmission system and computer readable storage medium
CN111988133B (en) System SM4 encryption and decryption verification method, device, equipment and storage medium
CN114286131A (en) Transmission method and device for anchor image model file in live broadcast wheat
CN114285575A (en) Image encryption and decryption method and device, storage medium and electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant