CN118337388A - Data security protection method, system, equipment and product based on Internet of things - Google Patents
Data security protection method, system, equipment and product based on Internet of things Download PDFInfo
- Publication number
- CN118337388A CN118337388A CN202410764035.6A CN202410764035A CN118337388A CN 118337388 A CN118337388 A CN 118337388A CN 202410764035 A CN202410764035 A CN 202410764035A CN 118337388 A CN118337388 A CN 118337388A
- Authority
- CN
- China
- Prior art keywords
- user data
- sub
- data blocks
- encrypted
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000012545 processing Methods 0.000 claims abstract description 29
- 230000005540 biological transmission Effects 0.000 claims abstract description 19
- 238000004891 communication Methods 0.000 claims description 18
- 238000004590 computer program Methods 0.000 claims description 13
- 230000006855 networking Effects 0.000 claims 1
- 238000013461 design Methods 0.000 description 6
- 230000009286 beneficial effect Effects 0.000 description 4
- 230000002093 peripheral effect Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 239000000969 carrier Substances 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention belongs to the technical field of computers, and aims to provide a data security protection method, system, equipment and product based on the Internet of things. According to the invention, the initial user data with the privacy level larger than or equal to the level threshold is split into a plurality of sub-user data blocks, and each sub-user data block is respectively encrypted through a plurality of edge servers, namely the encryption operation is distributed on the plurality of edge servers, any single node is broken, the loss is limited to the sub-user data block processed by the node, the data processing pressure of the server is reduced, the single point failure is reduced, and simultaneously the plurality of edge servers process encryption tasks in parallel, so that the data processing efficiency is improved, the transmission path is reduced, the delay is reduced, and the transmission safety is improved.
Description
Technical Field
The invention belongs to the technical field of computers, and particularly relates to a data security protection method, system, equipment and product based on the Internet of things.
Background
The internet of things (Internet of Things, ioT) is a network that enables all common physical objects that can be addressed independently to be interconnected and interworked based on information carriers such as the internet, traditional telecommunications networks, and the like. At present, the Internet of things equipment is widely applied to the fields of intelligent home, industrial control, medical health and the like. However, the rapid development of the internet of things also brings about serious data security problems. At present, a common data security protection technology of the internet of things generally adopts a method of unified encryption of a server, after data is uploaded to the server from a user terminal, the server uniformly uses the same encryption algorithm and a secret key to encrypt the received data, and then the encrypted data is output. However, in using the prior art, the inventors found that there are at least the following problems in the prior art:
In the prior art, a server needs to process all data encryption tasks, so that the load of the server is overlarge, the system performance is influenced, meanwhile, the data processing efficiency is too low, the data transmission time is longer, the risk that intermediate node data is intercepted exists, and the data transmission safety is required to be improved.
Disclosure of Invention
The invention aims to solve the technical problems at least to a certain extent, and provides a data security protection method, system, equipment and product based on the Internet of things.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
in a first aspect, the present invention provides a data security protection method based on the internet of things, including:
Receiving initial user data sent by a designated user terminal, and acquiring the privacy class of the initial user data;
judging whether the privacy level is smaller than a preset level threshold, if so, directly sending the initial user data to a target terminal; if not, entering the next step;
requesting a preset key management system to obtain an encryption key matched with the privacy class, and dividing the initial user data into a plurality of sub-user data blocks;
The method comprises the steps of respectively sending a plurality of sub-user data blocks to different plurality of edge servers, wherein the plurality of sub-user data blocks are all bound with the encryption key, so that the plurality of edge servers respectively encrypt the sub-user data blocks corresponding to the plurality of sub-user data blocks according to the encryption key to obtain a plurality of encrypted sub-user data blocks corresponding to the plurality of sub-user data blocks one by one;
And combining the plurality of encrypted sub-user data blocks to obtain encrypted user data of the initial user data, and sending the encrypted user data and an encryption key identifier matched with the encryption key to the target terminal so that the target terminal can request to obtain a decryption key from the key management system according to the encryption key identifier, and performing decryption processing on the encrypted user data according to the decryption key.
In one possible design, the number of sub-user data blocks is proportional to the privacy level.
In one possible design, different transport protocols are used when sending multiple sub-user data blocks to different edge servers, respectively.
In one possible design, after the plurality of sub-user data blocks are respectively sent to different plurality of edge servers, the plurality of edge servers respectively encrypt the sub-user data blocks corresponding to the plurality of sub-user data blocks by adopting an encryption algorithm matched with the privacy class according to the encryption key.
In one possible design, the sub-user data blocks corresponding to the initial user data with a high privacy level correspond to a stronger encryption algorithm and a longer encryption key and decryption key; the privacy level is set to be four, the level threshold is set to be two, when the privacy level of the initial user data is two, the encryption algorithm matched with the privacy level is an AES-128 algorithm, and the lengths of the encryption key and the decryption key are 128 bits; when the privacy class of the initial user data is three-level, an encryption algorithm matched with the privacy class is an AES-192 algorithm, and the lengths of the encryption key and the decryption key are 192 bits; when the privacy level of the initial user data is four, the encryption algorithm matched with the privacy level is an AES-256 algorithm, and the lengths of the encryption key and the decryption key are 256 bits.
In one possible design, the merging processing is performed on the plurality of encrypted sub-user data blocks to obtain encrypted user data of the initial user data, including:
combining the plurality of encrypted sub-user data blocks to obtain combined data;
and carrying out encryption processing on the combined data to obtain encrypted user data of the initial user data.
In one possible design, the target terminal performs decryption processing on the encrypted user data according to the decryption key, including:
Extracting each encrypted sub-user data block from the encrypted user data;
decrypting each encrypted sub-user data block by using the decryption key to obtain a plurality of sub-user data blocks;
And combining the plurality of sub-user data blocks according to the original sequence to obtain the initial user data.
In a second aspect, the present invention provides a data security protection system based on the internet of things, which is configured to implement the data security protection method based on the internet of things according to any one of the above; the data security protection system based on the Internet of things comprises:
the privacy class acquisition module is used for receiving initial user data sent by a designated user terminal and acquiring the privacy class of the initial user data;
the grade judging module is in communication connection with the privacy grade acquiring module and is used for judging whether the privacy grade is smaller than a preset grade threshold value or not, if so, the initial user data is directly sent to a target terminal; if not, requesting a preset key management system to obtain an encryption key matched with the privacy class, and dividing the initial user data into a plurality of sub-user data blocks;
The parallel encryption module is in communication connection with the grade judging module and is used for respectively sending a plurality of sub-user data blocks to different edge servers, wherein the encryption keys are bound to the plurality of sub-user data blocks, so that the plurality of edge servers respectively encrypt the sub-user data blocks corresponding to the plurality of sub-user data blocks according to the encryption keys to obtain a plurality of encrypted sub-user data blocks corresponding to the plurality of sub-user data blocks one by one;
And the encrypted data merging module is in communication connection with the parallel encryption module and is used for merging a plurality of encrypted sub-user data blocks to obtain encrypted user data of the initial user data, and sending the encrypted user data and an encryption key identifier matched with the encryption key to the target terminal so that the target terminal can request to obtain a decryption key from the key management system according to the encryption key identifier and decrypt the encrypted user data according to the decryption key.
In a third aspect, the present invention provides an electronic device, comprising:
A memory for storing computer program instructions; and
And the processor is used for executing the computer program instructions so as to finish the operation of the data security protection method based on the Internet of things.
In a fourth aspect, the present invention provides a computer program product comprising a computer program or instructions which, when executed by a computer, implement a data security protection method based on the internet of things as described in any one of the above.
The beneficial effects of the invention are as follows:
The invention discloses a data security protection method, a system, equipment and a product based on the Internet of things, which can improve the data transmission security, reduce the data processing pressure of a server and have higher data processing efficiency. Specifically, in the implementation process, after receiving initial user data sent by a designated user terminal, acquiring the privacy class of the initial user data, and then requesting a preset key management system to obtain an encryption key matched with the privacy class when judging that the privacy class is not smaller than a preset class threshold value, and dividing the initial user data into a plurality of sub-user data blocks; then, respectively sending the plurality of sub-user data blocks to different plurality of edge servers, wherein the plurality of sub-user data blocks are all bound with the encryption key, so that the plurality of edge servers respectively encrypt the sub-user data blocks corresponding to the plurality of sub-user data blocks according to the encryption key to obtain a plurality of encrypted sub-user data blocks corresponding to the plurality of sub-user data blocks one by one; and finally, merging the plurality of encrypted sub-user data blocks to obtain encrypted user data of the initial user data, and sending the encrypted user data and an encryption key identifier matched with the encryption key to the target terminal so that the target terminal can request to obtain a decryption key from the key management system according to the encryption key identifier, and performing decryption processing on the encrypted user data according to the decryption key. In the process, the invention divides the initial user data with the privacy level larger than or equal to the level threshold into a plurality of sub-user data blocks, and encrypts each sub-user data block through a plurality of edge servers, namely the encryption operation is distributed on the plurality of edge servers, any single node is broken, the loss is limited to the sub-user data block processed by the node, the data processing pressure of the server is reduced, single-point faults are reduced, and simultaneously the plurality of edge servers process encryption tasks in parallel, the data processing efficiency is improved, the transmission path is reduced, the delay is reduced, and the transmission safety is improved.
Other advantageous effects of the present invention will be further described in the detailed description.
Drawings
FIG. 1 is a flow chart of a data security protection method based on the Internet of things in an embodiment;
FIG. 2 is a block diagram of a data security protection system based on the Internet of things in an embodiment;
Fig. 3 is a block diagram of an electronic device in an embodiment.
Detailed Description
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the present invention will be briefly described below with reference to the accompanying drawings and the description of the embodiments or the prior art, and it is obvious that the following description of the structure of the drawings is only some embodiments of the present invention, and other drawings can be obtained according to these drawings without inventive effort to a person skilled in the art. It should be noted that the description of these examples is for aiding in understanding the present invention, but is not intended to limit the present invention.
Example 1:
the embodiment discloses a data security protection method based on the internet of things, which can be executed by computer equipment or virtual machines with certain computing resources, such as personal computers, smart phones, personal digital assistants or electronic equipment such as wearable equipment, or virtual machines.
As shown in fig. 1, a data security protection method based on the internet of things may, but is not limited to, include the following steps:
S1, receiving initial user data sent by a designated user terminal, and acquiring the privacy class of the initial user data; in this embodiment, the initial user data is classified and transmitted according to different privacy classes, for example, the privacy classes of the initial user data may be classified into three classes, i.e., high, medium and low, and the higher the privacy class is, the higher the encryption transmission requirement for the initial user data is.
In step S1 of this embodiment, the privacy level of the initial user data may be determined according to the data content characteristics, the privacy level identifier provided by the user, or a preset rule. Specifically, the privacy classes may be classified in advance according to the data content characteristics (such as personal information, sensitive information, etc.) in the initial user data, and then the privacy classes of the initial user data may be determined according to the data content characteristics; in addition, when the appointed user terminal transmits the initial user data, the initial user data can carry the privacy class identification, so that the privacy class identification can be directly identified; when the privacy class of the initial user data is determined according to the preset rule, the privacy class can be classified in advance according to the preset rule such as the type, the source, the use scene and the like of the initial user data.
S2, judging whether the privacy class is smaller than a preset class threshold, if so, directly sending the initial user data to a target terminal, thereby realizing quick transmission of the user data; if not, the next step is entered.
S3, requesting a preset key management system to obtain an encryption key matched with the privacy class, and dividing the initial user data into a plurality of sub-user data blocks; in particular, in this embodiment, the division of the initial user data may be implemented by a fixed-size block division, a data content feature division, or other division policy, so as to divide the initial user data into a plurality of sub-user data blocks.
In this embodiment, the encryption key and the decryption key are uniformly managed and distributed by the key management system, so as to ensure the security of the key, facilitate efficient management, and improve the system performance. Specifically, in the key management system of this embodiment, all key pairs corresponding to privacy classes greater than or equal to a class threshold are prestored, and a pair of key pairs includes an encryption key and a decryption key; when each sub-user data block is required to be encrypted by adopting a symmetric encryption algorithm, the encryption key and the decryption key are the same, and when each sub-user data block is required to be encrypted by adopting an asymmetric encryption algorithm, the encryption key (public key) and the decryption key (private key) are different and are mutually paired.
In step S3 of this embodiment, the number of sub-user data blocks is proportional to the privacy level.
It should be noted that in this embodiment, the initial user data is split into different numbers of sub-user data blocks according to the different privacy classes, and the higher the privacy class of the initial user data, the greater the number of the split sub-user data blocks is, so as to encrypt the plurality of sub-user data blocks on different edge servers, thereby increasing the difficulty of an attacker to obtain complete data, that is, even if the attacker can intercept some of the sub-user data blocks, the original data cannot be easily spliced according to the obtained sub-user data blocks, thereby being beneficial to further improving the security of user data transmission and guaranteeing the privacy protection requirement of high-sensitivity initial user data; furthermore, in a distributed environment, if some edge servers fail or are attacked, the fault tolerance of the overall system is enhanced since each sub-user data block only occupies a portion of the total data.
Further, in order to improve the network bandwidth and the availability of the computing resources, in this embodiment, the number of sub-user data blocks corresponding to each privacy class is dynamically determined according to the current system load condition, for example, when a high risk or a high load is detected, the number of sub-user data blocks corresponding to each privacy class is appropriately reduced, so as to ensure that the system performance is not significantly affected.
S4, respectively transmitting the plurality of sub-user data blocks to different plurality of edge servers, wherein the plurality of sub-user data blocks are all bound with the encryption key, so that the plurality of edge servers respectively encrypt the sub-user data blocks corresponding to the plurality of sub-user data blocks according to the encryption key to obtain a plurality of encrypted sub-user data blocks corresponding to the plurality of sub-user data blocks one by one; in this embodiment, a secure key management system may be preset to generate, distribute, and store the keys, so that each edge server can securely obtain the encryption key and perform encryption processing on the sub-user data block corresponding to the encryption key. In this embodiment, to further ensure the security of the communication between the server and the edge server, TLS/SSL (a specification of an encryption channel) protocol may be used to protect the security during the data transmission process.
In step S4, when the plurality of sub-user data blocks are respectively sent to different plurality of edge servers, different transmission protocols are adopted. In this embodiment, the plurality of sub-user data blocks are sent to different plurality of edge servers respectively, and different transmission protocols are adopted when the sub-user data blocks are transmitted to different edge servers, so that diversification of transmission paths is realized, and the risk that a single path is intercepted is reduced.
In the prior art, the server uses the same encryption algorithm and key for all data, if the encryption algorithm is cracked or the key is revealed, all data are at risk, and meanwhile, the prior art cannot adopt different encryption intensities and algorithms for the privacy levels of different data, so that differential protection cannot be realized. In order to further solve the technical problem, in step S4 of this embodiment, after a plurality of sub-user data blocks are sent to a plurality of different edge servers, the plurality of edge servers respectively encrypt the sub-user data blocks corresponding to the plurality of sub-user data blocks by adopting an encryption algorithm matched with the privacy class according to the encryption key. It should be noted that, in this embodiment, when the privacy level is greater than or equal to the preset level threshold, encryption algorithms with different intensities are set based on the size of the privacy level, so as to implement encryption processing on the initial user data with different privacy levels.
Specifically, the encryption algorithms for matching different privacy classes in the present embodiment include, but are not limited to, AES-128 algorithm, AES-192 algorithm, AES-256 algorithm, RSA algorithm, chaCha20 algorithm, and the like, which are not limited herein.
It should be noted that, by adopting the above scheme, in the data transmission process of this embodiment, even if a part of the sub-user data block is cracked, an attacker cannot reconstruct the complete data. Meanwhile, the embodiment can dynamically select an encryption algorithm according to the data privacy level, and can provide targeted protection measures for different initial user data.
It should be noted that, the high privacy level of the data means that the sensitivity of the data is strong, the risk and influence of leakage are large, and in order to ensure the security of the initial user data with different privacy levels, in this embodiment, the sub-user data block corresponding to the initial user data with high privacy level corresponds to a stronger encryption algorithm and a longer encryption key and decryption key; specifically, in this embodiment, the privacy level is set to four levels, the level threshold is set to two levels, and when the privacy level of the initial user data is set to two levels, the encryption algorithm matched with the privacy level is AES (wherein, the total spelling of AES is Advanced Encryption Standard, i.e. advanced encryption standard) -128 algorithm, that is, the sub-user data block of the initial user data is encrypted by using AES-128 algorithm, and the lengths of the encryption key and the decryption key are both 128 bits; when the privacy class of the initial user data is three-level, the encryption algorithm matched with the privacy class is an AES-192 algorithm, namely, the AES-192 algorithm is used for encrypting the sub-user data blocks of the initial user data, and the lengths of the encryption key and the decryption key are 192 bits; when the privacy level of the initial user data is four, the encryption algorithm matched with the privacy level is an AES-256 algorithm, namely, the sub-user data block of the initial user data is encrypted by using the AES-256 algorithm, and the lengths of the encryption key and the decryption key are 256 bits.
S5, combining the plurality of encrypted sub-user data blocks to obtain encrypted user data of the initial user data, and sending the encrypted user data and an encryption key identification matched with the encryption key to the target terminal, so that the target terminal requests to obtain a decryption key from the key management system according to the encryption key identification, and decrypts the encrypted user data according to the decryption key. In this embodiment, the target terminal is, for example, the specified user terminal, the server or other terminals, which is not limited herein.
In step S5, merging the plurality of encrypted sub-user data blocks to obtain encrypted user data of the initial user data, including:
combining the plurality of encrypted sub-user data blocks to obtain combined data;
and carrying out encryption processing on the combined data to obtain encrypted user data of the initial user data.
Specifically, in step S5 of this embodiment, the target terminal performs decryption processing on the encrypted user data according to the decryption key, including:
Extracting each encrypted sub-user data block from the encrypted user data;
Decrypting each encrypted sub-user data block by using the decryption key, and recovering the original sub-data blocks to obtain a plurality of sub-user data blocks;
And combining the plurality of sub-user data blocks according to the original sequence to obtain the initial user data.
According to the embodiment, the data transmission safety can be improved, meanwhile, the data processing pressure of the server is reduced, and the data processing efficiency is higher. Specifically, in the implementation process, after receiving initial user data sent by a designated user terminal, acquiring a privacy class of the initial user data, and then requesting a preset key management system to obtain an encryption key matched with the privacy class when judging that the privacy class is not less than a preset class threshold, and dividing the initial user data into a plurality of sub-user data blocks; then, respectively sending the plurality of sub-user data blocks to different plurality of edge servers, wherein the plurality of sub-user data blocks are all bound with the encryption key, so that the plurality of edge servers respectively encrypt the sub-user data blocks corresponding to the plurality of sub-user data blocks according to the encryption key to obtain a plurality of encrypted sub-user data blocks corresponding to the plurality of sub-user data blocks one by one; and finally, merging the plurality of encrypted sub-user data blocks to obtain encrypted user data of the initial user data, and sending the encrypted user data and an encryption key identifier matched with the encryption key to the target terminal so that the target terminal can request to obtain a decryption key from the key management system according to the encryption key identifier, and performing decryption processing on the encrypted user data according to the decryption key. In this process, the embodiment splits the initial user data with the privacy level greater than or equal to the level threshold into a plurality of sub-user data blocks, and encrypts each sub-user data block respectively through a plurality of edge servers, that is, the encryption operation is distributed on the plurality of edge servers, any single node is broken, loss is limited to the sub-user data block processed by the node, which is beneficial to reducing the data processing pressure of the server, reducing single-point faults, simultaneously, the plurality of edge servers process encryption tasks in parallel, which is beneficial to improving the data processing efficiency, reducing the transmission path, reducing delay and improving the transmission security.
Example 2:
The embodiment discloses a data security protection system based on the Internet of things, which is used for realizing the data security protection method based on the Internet of things in the embodiment 1; as shown in fig. 2, the data security protection system based on the internet of things includes:
the privacy class acquisition module is used for receiving initial user data sent by a designated user terminal and acquiring the privacy class of the initial user data;
the grade judging module is in communication connection with the privacy grade acquiring module and is used for judging whether the privacy grade is smaller than a preset grade threshold value or not, if so, the initial user data is directly sent to a target terminal; if not, requesting a preset key management system to obtain an encryption key matched with the privacy class, and dividing the initial user data into a plurality of sub-user data blocks;
The parallel encryption module is in communication connection with the grade judging module and is used for respectively sending a plurality of sub-user data blocks to different edge servers, wherein the encryption keys are bound to the plurality of sub-user data blocks, so that the plurality of edge servers respectively encrypt the sub-user data blocks corresponding to the plurality of sub-user data blocks according to the encryption keys to obtain a plurality of encrypted sub-user data blocks corresponding to the plurality of sub-user data blocks one by one;
And the encrypted data merging module is in communication connection with the parallel encryption module and is used for merging a plurality of encrypted sub-user data blocks to obtain encrypted user data of the initial user data, and sending the encrypted user data and an encryption key identifier matched with the encryption key to the target terminal so that the target terminal can request to obtain a decryption key from the key management system according to the encryption key identifier and decrypt the encrypted user data according to the decryption key.
It should be noted that, in the working process, working details and technical effects of the data security protection system based on the internet of things provided in embodiment 2, reference may be made to embodiment 1, and no further description is given here.
Example 3:
On the basis of embodiment 1 or 2, this embodiment discloses an electronic device, which may be a smart phone, a tablet computer, a notebook computer, a desktop computer, or the like. The electronic device may be referred to as a user terminal, a portable terminal, a desktop terminal, etc., as shown in fig. 3, the electronic device includes:
A memory for storing computer program instructions; and
A processor configured to execute the computer program instructions to perform the operations of the data security protection method based on the internet of things according to any one of embodiment 1.
In particular, processor 301 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and the like. The processor 301 may be implemented in at least one hardware form of DSP (DIGITAL SIGNAL Processing), FPGA (Field-Programmable gate array), PLA (Programmable Logic Array ). Processor 301 may also include a main processor, which is a processor for processing data in an awake state, also referred to as a CPU (Central Processing Unit ), and a coprocessor; a coprocessor is a low-power processor for processing data in a standby state. In some embodiments, the processor 301 may be integrated with a GPU (Graphics Processing Unit, image processor) for rendering and drawing of content required to be displayed by the display screen.
Memory 302 may include one or more computer-readable storage media, which may be non-transitory. Memory 302 may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In some embodiments, a non-transitory computer readable storage medium in memory 302 is used to store at least one instruction for execution by processor 301 to implement the internet of things-based data security protection method provided in embodiment 1 of the present application.
In some embodiments, the terminal may further optionally include: a communication interface 303, and at least one peripheral device. The processor 301, the memory 302 and the communication interface 303 may be connected by a bus or signal lines. The respective peripheral devices may be connected to the communication interface 303 through a bus, signal line, or circuit board. Specifically, the peripheral device includes: at least one of radio frequency circuitry 304, a display screen 305, and a power supply 306.
The communication interface 303 may be used to connect at least one peripheral device associated with an I/O (Input/Output) to the processor 301 and the memory 302. In some embodiments, processor 301, memory 302, and communication interface 303 are integrated on the same chip or circuit board; in some other embodiments, either or both of the processor 301, the memory 302, and the communication interface 303 may be implemented on separate chips or circuit boards, which is not limited in this embodiment.
The Radio Frequency circuit 304 is configured to receive and transmit RF (Radio Frequency) signals, also known as electromagnetic signals. The radio frequency circuitry 304 communicates with a communication network and other communication devices via electromagnetic signals.
The display screen 305 is used to display a UI (User Interface). The UI may include graphics, text, icons, video, and any combination thereof.
The power supply 306 is used to power the various components in the electronic device.
Example 4:
On the basis of any one of embodiments 1 to 3, this embodiment discloses a computer program product comprising a computer program or instructions which, when executed by a computer, implement the data security protection method based on the internet of things as described in any one of embodiment 1.
It will be apparent to those skilled in the art that the modules or steps of the invention described above may be implemented in a general purpose computing device, they may be concentrated on a single computing device, or distributed across a network of computing devices, or they may alternatively be implemented in program code executable by computing devices, such that they may be stored in a memory device for execution by the computing devices, or they may be separately fabricated into individual integrated circuit modules, or multiple modules or steps within them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solution of the present invention, and not limiting thereof; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some of the technical features thereof can be replaced by equivalents. Such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. The data security protection method based on the Internet of things is characterized by comprising the following steps of: comprising the following steps:
Receiving initial user data sent by a designated user terminal, and acquiring the privacy class of the initial user data;
judging whether the privacy level is smaller than a preset level threshold, if so, directly sending the initial user data to a target terminal; if not, entering the next step;
requesting a preset key management system to obtain an encryption key matched with the privacy class, and dividing the initial user data into a plurality of sub-user data blocks;
The method comprises the steps of respectively sending a plurality of sub-user data blocks to different plurality of edge servers, wherein the plurality of sub-user data blocks are all bound with the encryption key, so that the plurality of edge servers respectively encrypt the sub-user data blocks corresponding to the plurality of sub-user data blocks according to the encryption key to obtain a plurality of encrypted sub-user data blocks corresponding to the plurality of sub-user data blocks one by one;
And combining the plurality of encrypted sub-user data blocks to obtain encrypted user data of the initial user data, and sending the encrypted user data and an encryption key identifier matched with the encryption key to the target terminal so that the target terminal can request to obtain a decryption key from the key management system according to the encryption key identifier, and performing decryption processing on the encrypted user data according to the decryption key.
2. The data security protection method based on the internet of things according to claim 1, wherein the method comprises the following steps: the number of sub-user data blocks is proportional to the privacy level.
3. The data security protection method based on the internet of things according to claim 1, wherein the method comprises the following steps: when the plurality of sub-user data blocks are respectively sent to different plurality of edge servers, different transmission protocols are adopted.
4. The data security protection method based on the internet of things according to claim 1, wherein the method comprises the following steps: and after the plurality of sub-user data blocks are respectively sent to different plurality of edge servers, the plurality of edge servers respectively encrypt the sub-user data blocks corresponding to the plurality of sub-user data blocks by adopting an encryption algorithm matched with the privacy class according to the encryption key.
5. The data security protection method based on the internet of things according to claim 4, wherein the method comprises the following steps: the sub-user data blocks corresponding to the initial user data with high privacy level correspond to stronger encryption algorithm and longer encryption key and decryption key; the privacy level is set to be four, the level threshold is set to be two, when the privacy level of the initial user data is two, the encryption algorithm matched with the privacy level is an AES-128 algorithm, and the lengths of the encryption key and the decryption key are 128 bits; when the privacy class of the initial user data is three-level, an encryption algorithm matched with the privacy class is an AES-192 algorithm, and the lengths of the encryption key and the decryption key are 192 bits; when the privacy level of the initial user data is four, the encryption algorithm matched with the privacy level is an AES-256 algorithm, and the lengths of the encryption key and the decryption key are 256 bits.
6. The data security protection method based on the internet of things according to claim 1, wherein the method comprises the following steps: combining the plurality of encrypted sub-user data blocks to obtain encrypted user data of the initial user data, wherein the method comprises the following steps:
combining the plurality of encrypted sub-user data blocks to obtain combined data;
and carrying out encryption processing on the combined data to obtain encrypted user data of the initial user data.
7. The data security protection method based on the internet of things according to claim 1, wherein the method comprises the following steps: the target terminal decrypts the encrypted user data according to the decryption key, and the method comprises the following steps:
Extracting each encrypted sub-user data block from the encrypted user data;
decrypting each encrypted sub-user data block by using the decryption key to obtain a plurality of sub-user data blocks;
And combining the plurality of sub-user data blocks according to the original sequence to obtain the initial user data.
8. The utility model provides a data security protection system based on thing networking which characterized in that: the method for realizing the data security protection method based on the internet of things according to any one of claims 1 to 7; the data security protection system based on the Internet of things comprises:
the privacy class acquisition module is used for receiving initial user data sent by a designated user terminal and acquiring the privacy class of the initial user data;
the grade judging module is in communication connection with the privacy grade acquiring module and is used for judging whether the privacy grade is smaller than a preset grade threshold value or not, if so, the initial user data is directly sent to a target terminal; if not, requesting a preset key management system to obtain an encryption key matched with the privacy class, and dividing the initial user data into a plurality of sub-user data blocks;
The parallel encryption module is in communication connection with the grade judging module and is used for respectively sending a plurality of sub-user data blocks to different edge servers, wherein the encryption keys are bound to the plurality of sub-user data blocks, so that the plurality of edge servers respectively encrypt the sub-user data blocks corresponding to the plurality of sub-user data blocks according to the encryption keys to obtain a plurality of encrypted sub-user data blocks corresponding to the plurality of sub-user data blocks one by one;
And the encrypted data merging module is in communication connection with the parallel encryption module and is used for merging a plurality of encrypted sub-user data blocks to obtain encrypted user data of the initial user data, and sending the encrypted user data and an encryption key identifier matched with the encryption key to the target terminal so that the target terminal can request to obtain a decryption key from the key management system according to the encryption key identifier and decrypt the encrypted user data according to the decryption key.
9. An electronic device, characterized in that: comprising the following steps:
A memory for storing computer program instructions; and
A processor for executing the computer program instructions to perform the operations of the internet of things-based data security protection method of any one of claims 1 to 7.
10. A computer program product comprising a computer program or instructions characterized by: the computer program or the instructions, when executed by a computer, implement the internet of things-based data security protection method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410764035.6A CN118337388A (en) | 2024-06-14 | 2024-06-14 | Data security protection method, system, equipment and product based on Internet of things |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410764035.6A CN118337388A (en) | 2024-06-14 | 2024-06-14 | Data security protection method, system, equipment and product based on Internet of things |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118337388A true CN118337388A (en) | 2024-07-12 |
Family
ID=91768620
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410764035.6A Pending CN118337388A (en) | 2024-06-14 | 2024-06-14 | Data security protection method, system, equipment and product based on Internet of things |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118337388A (en) |
-
2024
- 2024-06-14 CN CN202410764035.6A patent/CN118337388A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3633913B1 (en) | Provisioning a secure connection using a pre-shared key | |
| US10341094B2 (en) | Multiple encrypting method and system for encrypting a file and/or a protocol | |
| JP2021522595A (en) | Cryptographic cards, electronic devices, and cryptographic service methods | |
| CN110971398A (en) | Data processing method, device and system | |
| US20230071723A1 (en) | Technologies for establishing secure channel between i/o subsystem and trusted application for secure i/o data transfer | |
| CN111555880B (en) | Data collision method and device, storage medium and electronic equipment | |
| CN114499913A (en) | Encrypted message detection method and protection equipment | |
| CN113992427B (en) | Data encryption sending method and device based on adjacent nodes | |
| CN113794706B (en) | Data processing method and device, electronic equipment and readable storage medium | |
| CN113987600A (en) | Computer system, data processing method and computer readable storage medium | |
| CN112261015B (en) | Information sharing method, platform, system and electronic equipment based on block chain | |
| CN116781425B (en) | Service data acquisition method, device, equipment and storage medium | |
| CN112580056B (en) | Terminal device, data encryption method, decryption method and electronic device | |
| US11838411B2 (en) | Permutation cipher encryption for processor-accelerator memory mapped input/output communication | |
| CN116208332A (en) | Blockchain method based on quantum key distribution and quantum key privacy enhancement | |
| EP3054620A1 (en) | System and method for performing block cipher cryptography by implementing a mixer function that includes a substitution-box and a linear transformation using a lookup-table | |
| CN118337388A (en) | Data security protection method, system, equipment and product based on Internet of things | |
| CN115021919A (en) | SSL negotiation method, device, equipment and computer readable storage medium | |
| CN111209544B (en) | Web application security protection method and device, electronic equipment and storage medium | |
| US11539679B1 (en) | Systems and methods for providing a quantum-proof key exchange | |
| CN113411347B (en) | Transaction message processing method and processing device | |
| US10749899B1 (en) | Securely sharing a transport layer security session with one or more trusted devices | |
| US20190012469A1 (en) | Data processing method and data processing system | |
| US20230388791A1 (en) | Power saving method for lower power devices, electronic device and computer readable storage medium | |
| CN103780377B (en) | A kind of method and system that data are carried out with secrecy processing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication |