CN118138340A - Data processing method and device and electronic equipment - Google Patents

Data processing method and device and electronic equipment Download PDF

Info

Publication number
CN118138340A
CN118138340A CN202410362918.4A CN202410362918A CN118138340A CN 118138340 A CN118138340 A CN 118138340A CN 202410362918 A CN202410362918 A CN 202410362918A CN 118138340 A CN118138340 A CN 118138340A
Authority
CN
China
Prior art keywords
data
target
target file
file
equipment end
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410362918.4A
Other languages
Chinese (zh)
Inventor
胡斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN202410362918.4A priority Critical patent/CN118138340A/en
Publication of CN118138340A publication Critical patent/CN118138340A/en
Pending legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The present disclosure provides a data processing method. The method comprises the following steps: and responding to the first data generated at the first equipment end, processing the first data and the target file according to the target strategy, wherein the first data is used for verifying the integrity of the target file and the identity of a target object for generating the first data. And sending the processed target file with the target characteristics to a second equipment end, so that the second equipment end recovers the first data from the target file based on the target characteristics, the target characteristics characterize the position of the first data in the target file, and the target characteristics are visible only to the second equipment end.

Description

Data processing method and device and electronic equipment
Technical Field
The disclosure relates to the technical field of data processing, and in particular relates to a data processing method, a data processing device and electronic equipment.
Background
Asymmetric encryption is an algorithm of cryptography that uses a pair of unique keys, namely a public key (public key) and a private key (private key), for encryption and decryption operations. Because the public key can be disclosed, the sender can encrypt the message by using the public key, and the receiver can decrypt by using the private key, so that the secret key is not required to be intercepted in the transmission process. Asymmetric encryption provides a safe and efficient encryption mode, and is widely applied to various scenes needing to ensure information security, such as network communication, digital signature, electronic commerce and the like.
However, with the advent of quantum computing technology, existing asymmetric encryption algorithms become very fragile, such as quantum computers using the Shor integer decomposition algorithm, possess millions of times faster operation speed, can greatly shorten the cracking time of traditional algorithms, and can quickly crack private keys through public keys and digital signatures.
Disclosure of Invention
One aspect of the present disclosure provides a data processing method, including: and responding to the first data generated at the first equipment end, processing the first data and the target file according to the target strategy, wherein the first data is used for verifying the integrity of the target file and the identity of a target object for generating the first data. And sending the processed target file with the target characteristics to a second equipment end, so that the second equipment end recovers the first data from the target file based on the target characteristics, the target characteristics characterize the position of the first data in the target file, and the target characteristics are visible only to the second equipment end.
Optionally, processing the first data and the target file according to the target policy includes: a first location is randomly generated within the target file. And setting the first data at a first position to obtain a target file with target characteristics, wherein the target characteristics at least comprise randomly generated first positions.
Optionally, processing the first data and the target file according to the target policy includes: a plurality of second locations is randomly generated within the target file. And decomposing the first data to obtain data fragments corresponding to the plurality of second positions. And setting the data fragments at the corresponding second positions respectively to obtain a target file with target characteristics, wherein the target characteristics at least comprise a plurality of randomly generated second positions.
Optionally, the number of data fragments is the same as or different from the number of second locations.
Another aspect of the present disclosure provides a data processing method, including: the method comprises the steps of obtaining a target file with target characteristics sent by a first equipment end, wherein the target file with the target characteristics is obtained by the first equipment end through responding to generate first data and processing the first data and the target file according to a target strategy, and the target characteristics represent the position of the first data in the target file. And recovering the first data from the target file at the second device end based on the target feature, wherein the target feature is only visible to the second device end.
Optionally, recovering, at the second device side, the first data from the target file based on the target feature includes: the target feature is read from the internal memory of the device at the second device side. And recovering the first data according to the target characteristics.
Optionally, recovering the first data according to the target feature includes: and recovering the first data according to the first position of the first data in the target file. Or obtaining a plurality of data fragments according to a plurality of second positions of the first data in the target file. And splicing a plurality of data fragments to obtain first data.
Optionally, after recovering the first data from the target file, the method further comprises: the first data is validated. And under the condition that the first data passes the verification, upgrading the firmware system of the second equipment by using the first data.
Another aspect of the present disclosure provides a data processing apparatus comprising: and the processing module is used for responding to the first data generated at the first equipment end, processing the first data and the target file according to the target strategy, wherein the first data is used for verifying the integrity of the target file and generating the identity of the target object of the first data. The sending module is used for sending the processed target file with the target characteristics to the second equipment end, so that the second equipment end recovers the first data from the target file based on the target characteristics, the target characteristics represent the position of the first data in the target file, and the target characteristics are visible only to the second equipment end.
Another aspect of the present disclosure provides an electronic device, comprising: one or more processors. A memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the data processing method of any of the preceding claims.
Another aspect of the present disclosure provides a non-volatile storage medium storing computer executable instructions which, when executed, are adapted to implement a data processing method as claimed in any one of the preceding claims.
Another aspect of the present disclosure provides a computer program comprising computer executable instructions which, when executed, are for implementing a data processing method as claimed in any one of the preceding claims.
Drawings
For a more complete understanding of the present disclosure and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which:
Fig. 1 schematically illustrates an application scenario of a data processing method according to an embodiment of the present disclosure;
FIG. 2 schematically illustrates a flow chart of a data processing method according to an embodiment of the disclosure;
FIG. 3A schematically illustrates a method flow diagram for enforcing a target policy in accordance with an embodiment of the disclosure; FIG. 3B schematically illustrates a processing result diagram of a target file according to an embodiment of the present disclosure;
FIG. 4A schematically illustrates a flow chart of a method of enforcing a target policy in accordance with another embodiment of the disclosure; FIG. 4B schematically illustrates a processing result diagram of a target file according to another embodiment of the present disclosure;
FIG. 5 schematically illustrates a flow chart of a data processing method according to another embodiment of the present disclosure;
FIG. 6 schematically illustrates a flow chart of a method of recovering first data in accordance with an embodiment of the present disclosure;
FIG. 7 schematically illustrates a flow chart of a method of recovering first data according to another embodiment of the present disclosure;
FIG. 8 schematically illustrates a flow chart of a data processing method according to yet another embodiment of the present disclosure;
FIG. 9 schematically illustrates a block diagram of a data processing apparatus according to an embodiment of the present disclosure; and
Fig. 10 schematically illustrates a block diagram of an electronic device adapted to implement a data processing method according to an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Some of the block diagrams and/or flowchart illustrations are shown in the figures. It will be understood that some blocks of the block diagrams and/or flowchart illustrations, or combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the instructions, when executed by the processor, create means for implementing the functions/acts specified in the block diagrams and/or flowchart.
Thus, the techniques of this disclosure may be implemented in hardware and/or software (including firmware, microcode, etc.). Additionally, the techniques of this disclosure may take the form of a computer program product on a computer-readable medium having instructions stored thereon, the computer program product being usable by or in connection with an instruction execution system. In the context of this disclosure, a computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the instructions. For example, a computer-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. Specific examples of the computer readable medium include: magnetic storage devices such as magnetic tape or hard disk (HDD); optical storage devices such as compact discs (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and/or a wired/wireless communication link.
The embodiment of the disclosure provides a data processing method for improving asymmetric encryption security and electronic equipment capable of applying the method. The method comprises an encryption process of data and a decryption process of data. In the encryption process of the data, the first data and the target file which play a role in verification are processed according to the target strategy, and the processed target file with the target characteristics is sent to the second equipment end. In the process of decrypting the data, the second equipment end recovers the first data from the target file according to the target characteristic, namely the position of the first data in the target file, and the target characteristic is visible only to the second equipment end, so that the safe transmission of the first data at the first equipment end and the second equipment end is realized.
It may be appreciated that the data processing method of the embodiments of the present disclosure may be used to encrypt and decrypt data, that is, the first device side may be an encryption device side, and the second device side may be a decryption device side.
Fig. 1 schematically illustrates an application scenario of a data processing method according to an embodiment of the present disclosure.
As shown in fig. 1, the application scenario 100 according to this embodiment may include a first device side 110 and a second device side 120. The first device side 110 may include a terminal device 111, a network 112, and a server 113. The network 112 is a medium used to provide a communication link between the terminal device 111 and the server 113. The second device side 120 may include a terminal device 111, a network 122, and a server 123. Network 122 is the medium used to provide communication links between terminal device 111 and server 123. The networks 112, 122 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The staff member may interact with the server 113 via the network 112 using the terminal device 111 for the entry of first data etc. to the terminal device 111. A user may interact with server 123 via network 122 using terminal device 111 to receive or send messages, etc. Various communication client applications may be installed on the terminal device 111, such as firmware upgrade tools, smart interactive class applications, shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, and the like (just examples). For example, the terminal device 111 that entered the first data is transferred from the first device side 110 to the second device side 120 through a process such as sales. And realizes firmware upgrade of the terminal device 111 through interaction with the server 123.
Terminal device 111 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 113 may be an in-plant server that provides an encrypted information processing service for the terminal device 111. The server 123 may be a server providing various services, such as a background management server (for example only) providing support for websites browsed by the user using the terminal device 111. The background management server may analyze and process the received data such as the user request, and feed back the processing result (e.g., a web page, information, or data acquired or generated according to the user request) to the terminal device 111.
It should be noted that, the data processing method provided by the embodiment of the present disclosure may be generally executed by the servers 112, 113 or the terminal device, or may be executed by the data processing apparatus provided by the embodiment of the present disclosure. Accordingly, the data processing apparatus provided by the embodiments of the present disclosure may be generally disposed in the respective servers 112, 113. The data processing method provided by the embodiments of the present disclosure may also be performed by a server or a server cluster that is different from the servers 112, 113 and is capable of communicating with the terminal device 111 and/or the servers 112, 113. Accordingly, the data processing apparatus provided by the embodiments of the present disclosure may also be provided in a server or a server cluster different from the servers 112, 113 and capable of communicating with the terminal device 111 and/or the servers 112, 113.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The data processing method of the disclosed embodiment will be described in detail below with reference to fig. 2 to 8 based on the scenario described in fig. 1.
Fig. 2 schematically illustrates a flow chart of a data processing method according to an embodiment of the present disclosure.
According to an embodiment of the present disclosure, as shown in fig. 2, the data processing method includes, for example, operations S210 to S220.
In operation S210, in response to generating the first data at the first device side, the first data and the target file are processed according to the target policy, where the first data is used to verify the integrity of the target file and the identity of the target object that generated the first data.
In operation S220, the processed target file with the target feature is sent to the second device side, so that the second device side recovers the first data from the target file based on the target feature, the target feature characterizes the position of the first data in the target file, and the target feature is only visible to the second device side.
In some embodiments, for example, the first device side (encryption device side) is a secure data processing server that receives a file (e.g., a contract) submitted by a first user and generates a hash value (e.g., SHA-256 hash value) associated with the file as first data.
The encryption device side adopts a target policy, such as embedding the first data (hash value) into a certain or certain positions of a target file (contract file). Meanwhile, the decryption equipment side can use the hash value to verify the integrity of the target file so as to verify that the file is not tampered in the transmission process.
In addition, the encryption device side may further embed the target object (for example, the first user ID or the digital signature) for generating the first data into the file together with the hash value, for verifying the identity of the target object.
The encryption device side sends the processed target file (containing the embedded hash value and possibly the first user information) to the decryption device side (the second device side). The encryption device may also need to encrypt the target file before sending, so as to improve the security of the file in the transmission process.
The decryption device side (which may be a client device or another server) receives the target file sent by the encryption device side. The decryption device side parses the target feature, i.e. the location of the first data (hash value) in the target file, from the target file according to a predefined protocol or algorithm. Since the target feature is only visible to the decryption device side, the decryption device side can accurately find and extract the first data.
The decryption device side uses the target feature to recover the first data (hash value) from the target file. And verifying the integrity of the target file by using the restored hash value to verify that the file is not tampered in the transmission process. The decryption device side may also check the embedded first user information to verify the identity of the target object generating the first data if the hash value verification passes.
It will be appreciated that the target policy may be adjusted according to specific requirements, such as the location of the embedded hash value, the choice of encryption algorithm, etc. At the decryption device side, other integrity checking methods, such as digital signature, can be combined in addition to hash value verification.
And performing mixed insertion processing on the first data for verifying the integrity of the target file and the identity of the encryptor according to the target strategy and the target file to obtain the target file with the target characteristics. In addition, as the position information of the first data in the target file is visible only at the decryption equipment end and the insertion position of the first data in the target file is not fixed, even if a quantum computer is adopted by a third party, the first data is difficult to crack and tamper through intercepting the target file, and the safety of transmitting the target file is greatly improved.
The data processing method shown in fig. 2 is further described with reference to fig. 3 to 4B in conjunction with the embodiment.
Fig. 3A schematically illustrates a method flow diagram for enforcing a target policy in accordance with an embodiment of the disclosure. Fig. 3B schematically illustrates a processing result diagram of a target file according to an embodiment of the present disclosure. In this embodiment, operations S311 to S312 are included in addition to operations S210 to S220 described above with reference to fig. 2. For brevity of description, descriptions of operations S210 to S220 are omitted herein, and the following related method embodiments are analogized and are not repeated here.
According to an embodiment of the present disclosure, as shown in fig. 3A, the first data and the target file are processed according to the target policy, for example, by operations S3 to S312.
In operation S3, a first location is randomly generated within the target file.
In operation S312, the first data is set at the first location, and a target file having target features is obtained, where the target features at least include randomly generated first locations.
In some embodiments, for example, the encryption device side reads a target file (e.g., a document or picture file). First, a secure random number generator is used to randomly select a location within the object file as the first location. This location may be a byte location, a pixel location, or any other identifiable location in the file. And such that the selected random location does not overwrite or corrupt the critical data of the target file.
Then, as shown in fig. 3B, the encryption device side converts the first data (e.g., hash value or digital signature) into a format suitable for embedding in the target file, and places the converted first data 300 in a first position that was randomly generated before.
After setting the first data, the object file has object features that contain at least randomly generated first locations. The encryption device side may record these target characteristics, for example, to store the first location information in a secure place for future retrieval and verification if desired.
After the decryption device side receives the processed target file from the encryption device side, the target feature information recorded on the decryption device side by the encryption device side is accessed, for example, obtained or pre-shared through a secure channel. Using this information, the location (i.e., the first location) of the first data in the target file can then be determined. Or besides recording the target characteristic information on the decryption device side, the encryption device side and the decryption device side can share the method for generating the random number in other modes, and the insertion and extraction of the first data in the target file can be realized based on the sharing. For example, the target policy is synchronously stored at the decryption device side, after the file sent by the first device side is obtained, the target feature is parsed according to the target policy, the first data is restored based on the parsed target feature, and the target policy is only visible to the second device side, i.e. the target feature is visible to the second device side.
And the decryption equipment end locates to the first position in the target file according to the target characteristics. And extracts the first data from the location.
The decrypting device side uses the recovered first data (e.g., hash value) to verify the integrity of the target file. The decryption device side may further verify the source or integrity of the file, if desired, with other information contained in the first data, such as a digital signature or user identification.
It should be noted that the randomly generated first locations should be random enough to prevent an attacker from statistically guessing the locations of the data. The original content or format of the target file should not be destroyed during embedding of the first data. The entire process should use secure algorithms and protocols to improve the security of the data during transmission and storage.
By combining a method of randomly generating positions, the security and concealment of data can be increased. In practical applications, performance optimization, error handling, and integration with other security measures may also need to be considered.
Fig. 4A schematically illustrates a flow chart of a method of enforcing a target policy according to another embodiment of the disclosure. Fig. 4B schematically illustrates a processing result diagram of a target file according to another embodiment of the present disclosure.
According to an embodiment of the present disclosure, as shown in fig. 4A, the first data and the target file are processed in accordance with the target policy, for example, by operations S411 to S413.
In operation S411, a plurality of second locations are randomly generated within the target file.
In operation S412, the first data is decomposed to obtain data fragments corresponding to the plurality of second locations. And
In operation S413, the data fragments are respectively set at the corresponding second positions, so as to obtain a target file with target features, where the target features at least include a plurality of second positions generated randomly.
In some embodiments, if the length of the first data is greater than the size that can be accommodated by a single location in the target file, the encryption device may split and distribute the first data across multiple locations in the target file.
For example, the encryption device side reads the target file, which may be a document, picture, video, or any other type of data file. First, a secure random number generator is used to randomly select a plurality of locations within the object file as second locations. These locations may be byte indices in a file, pixel coordinates, or other identification. And the selected random positions can not cover the key data of the target file, and the key data are scattered as much as possible to increase the security.
The encryption device side then breaks up or splits the first data (e.g., hash value, digital signature, or other verification information) to generate a plurality of data fragments. The number and size of the data fragments may be determined based on the size of the target file and the number of second locations such that one data fragment can be placed at each second location. The decomposition algorithm should ensure the integrity and recoverability of the data fragments so that they can be recombined into the original first data at the decryption device side.
As shown in fig. 4B, the encryption device side then places each data fragment 301, 302, etc. in a corresponding second location that was previously randomly generated. If the format of the target file allows, the data fragments may be embedded into the metadata of the file or hidden by modifying some non-critical portions of the file. It should be noted that the embedding process of the data fragments does not destroy the integrity and usability of the target file.
After all the data fragments have been properly embedded, the target file has target features that contain at least a plurality of randomly generated second locations. The encryption device side may record these target features, including the information of the second location and the arrangement of the data fragments, for future use in decryption.
After receiving the processed target file from the encryption equipment, the decryption equipment accesses target characteristic information recorded by the encryption equipment, including a plurality of second positions and an arrangement mode of data fragments. Using this information, the decryption device side can determine the exact location of each data fragment in the target file.
And the decryption equipment side extracts corresponding data fragments from each second position of the target file according to the target characteristics. And combines the extracted data fragments in the correct order and manner to recover the original first data.
The decrypting device side uses the recovered first data to verify the integrity of the target file or to verify other relevant information. The decryption device side may further verify the source of the file or perform other security operations using other information contained in the first data (such as a digital signature or user identification), if desired.
It should be noted that the data fragments should be dispersed in multiple locations of the target file as much as possible to increase the difficulty of detection and extraction by an attacker. In breaking up and embedding the data fragments, attention should be paid to the integrity and recoverability of the data fragments to avoid errors or data loss during decryption. The entire process should use secure algorithms and protocols to improve the security of the data during transmission and storage and to prevent unauthorized access and tampering.
By dispersing the data fragments in multiple locations of the target file, the security and concealment of the data is increased. It is suitable for the fields of file encryption, digital copyright protection or secure communication, etc. which need high security.
According to an embodiment of the present disclosure, the number of data fragments is the same as or different from the number of second locations.
In some embodiments, the number of data fragments may be the same as or different from the number of second locations when decomposing the first data, depending on the particular implementation policy and security requirements. The following is a detailed description of two cases:
Case one: the number of data fragments is the same as the number of second locations.
In this case, each second location corresponds to one data patch, there is no overlap between the data patches, and each data patch is completely embedded in the corresponding location.
The processing mode has the advantages that:
simple and easy to realize: since the data fragments are in one-to-one correspondence with the second locations, the embedding and extraction process is relatively simple.
The safety is higher: because the data fragments are scattered in multiple locations, it is difficult for an attacker to locate and extract all.
However, it places certain demands on the size and structure of the target file, requiring enough suitable locations in the target file to embed the data fragments.
And a second case: the number of data fragments is different from the number of second locations.
For example, where there are fewer data fragments than second locations, some of the second locations may not embed data fragments, or one data fragment may be split into smaller portions and embedded in a scattered manner into multiple second locations.
The processing mode has the advantages that: the method can adapt to structures of different sizes and target files, and has higher flexibility. And the difficulty of attacker detection and extraction is increased by further segmentation and dispersion of the data fragments, so that the safety is further improved.
But this approach increases in implementation complexity and requires more complex algorithms to be designed to handle the segmentation, embedding and extraction of the data fragments. And the segmentation and reassembly of the data fragments may increase processing time.
For example, in the case where there are more data fragments than there are second locations, multiple data fragments may occupy one second location.
The processing mode has the advantages that: the interruption to the content of the target file itself can be reduced, helping to preserve the original structure or format of the file.
Thus, when selecting the number relationship between the data fragments and the second location, trade-offs need to be made according to the specific application scenario and security requirements. If the goal is to maximize security and performance overhead is of less concern, then a policy may be selected in which more data fragments are available than in the second location. If the goal is to preserve the original structure or format of the file and the security requirements are not particularly high, then a policy may be chosen that has fewer data fragments than the second location. In most cases, the same number of data fragments as the second location may be selected in order to balance security and implementation complexity.
Fig. 5 schematically illustrates a flow chart of a data processing method according to another embodiment of the present disclosure.
According to an embodiment of the present disclosure, as shown in fig. 5, the data processing method includes operations S510 to S520, for example.
In operation S510, a target file with target features sent by the first device side is obtained, by the first device side, by generating first data in response to the response, and processing the first data and the target file according to a target policy, where the target features characterize a location of the first data in the target file.
In operation S520, the first data is restored from the target file at the second device side based on the target feature, which is visible only to the second device side.
In some embodiments, a decryption device side (second device side) receives a target file having target characteristics from a first device side. And parsing the object file, analyzing its format and content in preparation for extracting the object features.
The decryption equipment end identifies the target feature characterizing the first data position in the target file according to a known protocol or convention. These target features may include special tags, metadata fields, specific locations in the file structure, etc. Since the target features are only visible to the second device side, the decryption device side can use these features to locate and extract the first data.
And positioning the decryption equipment end to the position of the first data in the target file according to the position indicated by the target characteristic. And extracting the first data from the corresponding location of the target file. If the first data is scattered at a plurality of positions, the decryption equipment end needs to extract corresponding data fragments from each position according to the indication of the target characteristics and recombine the data fragments into complete first data.
The decryption equipment end verifies the extracted first data so as to verify the integrity and the correctness of the first data. If the first data is encrypted, the decryption device side also needs to use the corresponding key to perform decryption operation.
After the verification and decryption are successful, the decryption device side can use the first data to perform subsequent operations, such as verifying the integrity of the target file, performing specific tasks or performing association analysis with other data, and the like.
It should be noted that the overall data processing process should remain highly secure to verify that the target feature is not acquired or tampered with by an unauthorized third party. In extracting and verifying the first data, attention should be paid to the integrity and consistency of the data, preventing corruption or loss of the data. The decryption equipment end has error processing capability and can process abnormal situations such as failure of target feature identification, data extraction errors and the like.
After receiving the target file with the target characteristics, the decryption equipment end can recover the first data by identifying and utilizing the target characteristics. The method is suitable for the fields of encryption communication, digital copyright protection or secure file exchange and the like which need secure transmission and verification of data.
Fig. 6 schematically illustrates a flow chart of a method of recovering first data according to an embodiment of the disclosure.
According to an embodiment of the present disclosure, as shown in fig. 6, the first data is restored from the target file at the second device side based on the target characteristics, for example, through operations S621 to S622.
In operation S621, a target feature is read from an internal memory of a device of the second device side.
In operation S622, the first data is restored according to the target feature.
In some embodiments, for example, at the second device side (decryption device side), the program first reads pre-stored target features from the internal memory of the device (e.g., the internal memory of EC (Embedded Controller, embedded controller), TPM chip, etc.). These target features may be received and stored when previously communicating with the first device side (the encryption device side) or the device may have pre-stored pre-factory data at the first device side or may be obtained through other secure channels. The target feature may include a series of marks, location indices, encryption algorithm parameters, etc. for indicating how to find and recover the first data in the target file.
The decryption equipment end program analyzes the read target characteristics and understands the meaning and indicated operation. This may involve parsing a particular data structure, decoding encrypted metadata, or identifying a particular file structure pattern.
According to the indication of the target characteristic, the decryption device side program locates a specific position of the first data in the target file. These locations may be one or more byte indices, file blocks, or specific data areas.
After locating the position of the first data, the decryption device side program can extract the corresponding data from the target file. If the first data is stored in a scattered manner, the decryption device side also needs to extract the data fragments from a plurality of positions according to the indication of the target characteristics and reassemble them into a complete data block.
After the first data is extracted, the decryption equipment end program is verified to verify the integrity and the correctness of the first data. This may involve calculating a hash value of the data or applying other verification mechanisms. If the first data is encrypted, the decryption device side also needs to use the corresponding key to decrypt the first data so as to acquire the original data. After verification and decryption are successful, the decryption device side may use the first data to perform subsequent operations, such as performing a specific task, performing association analysis with other data, or storing it locally for subsequent use.
It should be noted that the security of the target feature should be improved to prevent unauthorized access and tampering throughout the recovery process. The target feature should be stored in a protected internal memory area and protected by appropriate encryption and access control mechanisms. The decryption equipment end should have a perfect error processing mechanism, and can process abnormal conditions such as target feature reading failure, first data extraction error or verification failure. When errors occur, corresponding prompts or logs can be given so as to conduct fault troubleshooting and repairing.
Through the steps, the second equipment end (decryption equipment end) can successfully recover the first data from the target file based on the target characteristics, and verify the safety and the integrity of the first data.
Fig. 7 schematically illustrates a flow chart of a method of recovering first data according to another embodiment of the present disclosure.
According to an embodiment of the present disclosure, as shown in fig. 7, first data is restored according to target characteristics, for example, by operations S721 to S723.
In operation S721, the first data is restored according to the first location of the first data in the target file. Or alternatively
In operation S722, a plurality of data fragments are obtained according to a plurality of second locations of the first data in the target file.
In operation S723, a plurality of data fragments are spliced to obtain first data.
In some embodiments, the operation of setting the first location corresponds to the first device side, e.g., restoring the data according to the first location of the first data in the target file.
The second device side reads target features from the internal memory, the features including the exact location of the first data in the target file.
And according to the position information given in the target characteristics, the second equipment end locates the initial byte or area where the first data is located in the target file.
Starting from the located first position, the second equipment end continuously reads the data according to the data length indicated in the target feature until the complete first data is extracted.
The extracted first data can be used for subsequent operation by the second equipment after necessary verification (such as hash verification).
Corresponding to the operation of setting a plurality of second positions of the first equipment end, the data can be restored according to the plurality of second positions of the first data in the target file.
The second device side reads target features from the internal memory, the features including a plurality of second locations, each location corresponding to one or more data fragments.
And according to the plurality of position information given in the target characteristics, the second equipment end positions the position of each data fragment in the target file.
And starting from each positioned second position, the second equipment end extracts corresponding data fragments according to the data length or the mode indicated in the target characteristics.
And splicing all the extracted data fragments according to the sequence or mode indicated in the target characteristics to obtain complete first data.
After the first data after the splicing is verified, the first data can be used for subsequent operation by the second equipment end.
It should be noted that, whether a single location or multiple locations, the location information provided in the target feature should be accurate so that the first data can be extracted correctly. When extracting a plurality of data fragments, the integrity and correctness of each fragment can be verified so as to avoid errors or data loss in the splicing process.
By the two methods, the second equipment side can effectively recover the first data from the target file according to the target characteristics, whether the data is stored in a single position or scattered in a plurality of positions. The method has important significance in the aspects of data security and privacy protection, and can be applied to various scenes such as encrypted communication, digital copyright protection, secure storage and the like.
Fig. 8 schematically shows a flow chart of a data processing method according to a further embodiment of the present disclosure.
According to an embodiment of the present disclosure, as shown in fig. 8, after recovering the first data from the target file, the data processing method further includes operations S810 to S820, for example.
In operation S810, the first data is verified.
In operation S820, in the case that the first data verification is passed, the firmware system of the second device side is upgraded with the first data.
In some embodiments, for example, the method of the present disclosure may be applied to upgrade a firmware system for a device acquired by a user from a first device side.
The second device performs integrity check on the recovered first data, for example, through verification of a digital signature. If the recovered digital signature matches the public key, the first data verification is passed; otherwise, the verification fails, and it may be necessary to recover the data from the target file again or to check whether the data has been tampered with during transmission.
For example, the first device side signs unsigned firmware (unsigned firmware) using a private key to obtain a digital signature. And the digital signature is fragmented and placed into a plurality of random positions of the upgrade package.
When the digital signature needs to be verified by the (sender) public key, for example, firmware upgrade is performed by using the digital signature, the digital signature is loaded into the memory first, and verification is started by transferring the digital signature to firmware (such as BIOS or EC) on the motherboard.
Firmware on the motherboard first reads all N random numbers from a secure memory (e.g., the internal memory of the EC). And then acquiring all digital signature parts at corresponding positions of the file according to the random number to form a complete digital signature, and then completing signature verification by using a public key.
After the first data verification is passed, the second device side confirms that the data is for firmware upgrade. The second device side may check compatibility between the current firmware version and the updated firmware version, so that the upgrading process does not cause abnormal or damaged functions of the device. If there is an incompatibility, the second device side may stop the upgrade process and give a prompt.
Before the firmware is upgraded, the second device may prompt the user to backup important data in order to avoid data loss. If the device supports automatic backup, it may save critical configuration and user data to an internal memory or external storage device.
The second device side begins performing a firmware upgrade process, which typically includes writing a target file (i.e., upgrade firmware) to a specific memory area of the device. During an upgrade, the device may restart multiple times and certain functions may be temporarily unavailable. The second equipment end can display the upgrading progress and give a corresponding prompt after the upgrading is finished.
After the firmware upgrade is completed, the second device side performs a series of self-tests and tests, so that the new firmware works normally. The user may also verify that the firmware upgrade was successful by checking the functionality and performance of the device.
It should be noted that, during the whole firmware upgrade process, the security and integrity of the target file should be verified to prevent the data from being tampered or damaged. The compatibility of the new firmware with the hardware and software environment of the second device side may also be verified prior to the upgrade.
Through the steps, the second equipment end can safely and effectively utilize the first data recovered from the target file to upgrade the firmware, and the performance and the functions of the equipment are improved. The method has wide application value in the fields of intelligent equipment, embedded systems and the like.
Based on the data processing method, the disclosure also provides a data processing device. The data processing apparatus will be described in detail below with reference to fig. 9.
Fig. 9 schematically shows a block diagram of a data processing apparatus according to an embodiment of the present disclosure.
As shown in fig. 9, the data processing apparatus 900 of this embodiment includes, for example: a processing module 910 and a transmitting module 920. The data processing apparatus 900 may perform the methods described above with reference to fig. 2-8 to achieve secure transfer of the target file.
Specifically, the processing module 910 is configured to process, in response to generating the first data at the first device side, the first data and the target file according to the target policy, where the first data is used to verify the integrity of the target file and the identity of the target object that generates the first data. In an embodiment, the processing module 910 may be configured to perform the operation S210 described above, which is not described herein.
The sending module 920 is configured to send the processed target file with the target feature to the second device side, so that the second device side recovers the first data from the target file based on the target feature, the target feature characterizes a position of the first data in the target file, and the target feature is only visible to the second device side. In an embodiment, the sending module 920 may be configured to perform the operation S220 described above, which is not described herein.
It is understood that the processing module 910 and the transmitting module 920 may be combined and implemented in one module, or any one of the modules may be split into a plurality of modules. Or at least some of the functionality of one or more of the modules may be combined with, and implemented in, at least some of the functionality of other modules. According to embodiments of the present disclosure, at least one of processing module 910 and transmitting module 920 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or any other reasonable manner in which circuitry is integrated or packaged, or in hardware or firmware, or in a suitable combination of three implementations of software, hardware, and firmware. Or at least one of the processing module 910 and the transmitting module 920 may be at least partially implemented as computer program modules, which when executed by a computer, may perform the functions of the respective modules.
Fig. 10 schematically illustrates a block diagram of an electronic device adapted to implement a data processing method according to an embodiment of the disclosure.
As shown in fig. 10, an electronic device 1000 according to an embodiment of the present disclosure includes a processor 1001 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 1002 or a program loaded from a storage section 1008 into a Random Access Memory (RAM) 1003. The processor 1001 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 1001 may also include on-board memory for caching purposes. The processor 1001 may include a single processing unit or multiple processing units for performing different actions of the method flows according to embodiments of the present disclosure.
In the RAM 1003, various programs and data necessary for the operation of the electronic apparatus 1000 are stored. The processor 1001, the ROM 1002, and the RAM 1003 are connected to each other by a bus 1004. The processor 1001 performs various operations of the method flow according to the embodiment of the present disclosure by executing programs in the ROM 1002 and/or the RAM 1003. Note that the program may be stored in one or more memories other than the ROM 1002 and the RAM 1003. The processor 1001 may also perform various operations of the method flow according to the embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the disclosure, the electronic device 1000 may also include an input/output (I/O) interface 1005, the input/output (I/O) interface 1005 also being connected to the bus 1004. The electronic device 1000 may also include one or more of the following components connected to the I/O interface 1005: an input section 1006 including a keyboard, a mouse, and the like; an output portion 1007 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), etc., and a speaker, etc.; a storage portion 1008 including a hard disk or the like; and a communication section 1009 including a network interface card such as a LAN card, a modem, or the like. The communication section 1009 performs communication processing via a network such as the internet. The drive 1010 is also connected to the I/O interface 1005 as needed. A removable medium 1011, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like, is installed as needed in the drive 1010, so that a computer program read out therefrom is installed as needed in the storage section 1008.
The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium described above carries one or more programs, which when executed, implement a data processing method according to an embodiment of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 1002 and/or RAM 1003 and/or one or more memories other than ROM 1002 and RAM 1003 described above.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the methods shown in the flowcharts. The program code means for causing a computer system to carry out the data processing methods provided by the embodiments of the present disclosure when the computer program product is run on the computer system.
The above-described functions defined in the system/apparatus of the embodiments of the present disclosure are performed when the computer program is executed by the processor 1001. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted in the form of signals on a network medium, distributed, and downloaded and installed via the communication section 1009, and/or installed from the removable medium 1011. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 1009, and/or installed from the removable medium 1011. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 1001. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
According to embodiments of the present disclosure, program code for performing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be provided in a variety of combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.
The embodiments of the present disclosure are described above. These examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.

Claims (10)

1.A data processing method, comprising:
Responding to first data generated at a first equipment end, and processing the first data and a target file according to a target strategy, wherein the first data is used for verifying the integrity of the target file and generating the identity of a target object of the first data;
And sending the processed target file with the target characteristics to a second equipment end, so that the second equipment end recovers the first data from the target file based on the target characteristics, wherein the target characteristics characterize the position of the first data in the target file, and the target characteristics are visible only to the second equipment end.
2. The method of claim 1, wherein the processing the first data and target file according to a target policy comprises:
randomly generating a first location within the target file;
And setting the first data at the first position to obtain the target file with target characteristics, wherein the target characteristics at least comprise the first position which is randomly generated.
3. The method of claim 1, wherein the processing the first data and target file according to a target policy comprises:
randomly generating a plurality of second locations within the target file;
Decomposing the first data to obtain data fragments corresponding to the plurality of second positions; and
And respectively setting the data fragments at the corresponding second positions to obtain the target file with target characteristics, wherein the target characteristics at least comprise the plurality of randomly generated second positions.
4. A method according to claim 3, wherein the number of data fragments is the same as or different from the number of second locations.
5. A data processing method, comprising:
Obtaining a target file with target characteristics sent by a first equipment end, wherein the target file with the target characteristics is obtained by the first equipment end through responding to generate first data and processing the first data and the target file according to a target strategy, and the target characteristics represent the position of the first data in the target file;
And recovering the first data from the target file at a second equipment end based on the target characteristics, wherein the target characteristics are visible only to the second equipment end.
6. The method of claim 5, wherein the restoring the first data from the target file at the second device based on the target feature comprises:
reading the target characteristics from an internal memory of the equipment of the second equipment end;
And recovering the first data according to the target characteristics.
7. The method of claim 6, wherein the recovering the first data from the target feature comprises:
restoring the first data according to the first position of the first data in the target file; or alternatively
Obtaining a plurality of data fragments according to a plurality of second positions of the first data in the target file;
and splicing the plurality of data fragments to obtain the first data.
8. The method of claim 5, wherein after recovering the first data from the target file, the method further comprises:
verifying the first data;
And under the condition that the first data passes the verification, upgrading the firmware system of the second equipment by using the first data.
9. A data processing apparatus comprising:
The processing module is used for responding to the generation of first data at a first equipment end, processing the first data and a target file according to a target strategy, wherein the first data is used for verifying the integrity of the target file and generating the identity of a target object of the first data;
The sending module is used for sending the processed target file with the target characteristics to a second equipment end, so that the second equipment end recovers the first data from the target file based on the target characteristics, the target characteristics characterize the position of the first data in the target file, and the target characteristics are visible only to the second equipment end.
10. An electronic device, comprising:
One or more processors;
Storage means for storing one or more programs,
Wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-8.
CN202410362918.4A 2024-03-27 2024-03-27 Data processing method and device and electronic equipment Pending CN118138340A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410362918.4A CN118138340A (en) 2024-03-27 2024-03-27 Data processing method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410362918.4A CN118138340A (en) 2024-03-27 2024-03-27 Data processing method and device and electronic equipment

Publications (1)

Publication Number Publication Date
CN118138340A true CN118138340A (en) 2024-06-04

Family

ID=91246979

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410362918.4A Pending CN118138340A (en) 2024-03-27 2024-03-27 Data processing method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN118138340A (en)

Similar Documents

Publication Publication Date Title
US10050982B1 (en) Systems and methods for reverse-engineering malware protocols
US8874922B2 (en) Systems and methods for multi-layered authentication/verification of trusted platform updates
US8230222B2 (en) Method, system and computer program for deploying software packages with increased security
CN111143869B (en) Application package processing method and device, electronic equipment and storage medium
JP2005012732A (en) Device authentication system, terminal device, authentication server, service server, terminal device method, authentication method, terminal device program, authentication program, service server program, and storage medium
CN111698312B (en) Service processing method, device, equipment and storage medium based on open platform
US10645073B1 (en) Systems and methods for authenticating applications installed on computing devices
CN115952552B (en) Remote data destruction method, system and equipment
CN115580413B (en) Zero-trust multi-party data fusion calculation method and device
CN110941845A (en) File acquisition method and device, computer equipment and storage medium
CN111585995A (en) Method and device for transmitting and processing safety wind control information, computer equipment and storage medium
CN114745373A (en) File transmission method, device, equipment and storage medium
US20110225634A1 (en) CAPTCHA (Completely Automated Public Test to Tell Computers and Humans Apart) Data Generation Methods and Related Data Management Systems and Computer Program Products Thereof
CN114553532A (en) Data secure transmission method and device, electronic equipment and storage medium
CN114615031A (en) File storage method and device, electronic equipment and storage medium
CN112131041A (en) Method, apparatus and computer program product for managing data placement
CN111858094B (en) Data copying and pasting method and system and electronic equipment
CN111783119B (en) Form data security control method, form data security control device, electronic equipment and storage medium
US10275604B2 (en) Security record transfer in a computing system
CN118138340A (en) Data processing method and device and electronic equipment
CN112825093B (en) Security baseline checking method, host, server, electronic device and storage medium
US9647846B1 (en) Systems and methods for verifying the authenticity of graphical images
CN113824693B (en) Multimedia data sharing method, device and system, electronic equipment and storage medium
CN112883397B (en) Data storage method, data reading method, device, equipment and storage medium
CN110874225A (en) Data verification method and device, embedded equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination