WO2019233259A1 - Procédé et dispositif de traitement d'informations - Google Patents

Procédé et dispositif de traitement d'informations Download PDF

Info

Publication number
WO2019233259A1
WO2019233259A1 PCT/CN2019/087330 CN2019087330W WO2019233259A1 WO 2019233259 A1 WO2019233259 A1 WO 2019233259A1 CN 2019087330 W CN2019087330 W CN 2019087330W WO 2019233259 A1 WO2019233259 A1 WO 2019233259A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
encrypted information
content
encrypted
determining
Prior art date
Application number
PCT/CN2019/087330
Other languages
English (en)
Chinese (zh)
Inventor
宿伟光
Original Assignee
京东数字科技控股有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 京东数字科技控股有限公司 filed Critical 京东数字科技控股有限公司
Publication of WO2019233259A1 publication Critical patent/WO2019233259A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Definitions

  • Embodiments of the present application relate to the field of computer technology, and in particular, to a method and an apparatus for processing information.
  • information needs to be encrypted and protected.
  • information is usually directly stored in the file system, and then information is directly read from the file system.
  • the information is encrypted using an encryption algorithm and then stored directly to the file system.
  • the embodiments of the present application provide a method and an apparatus for processing information.
  • an embodiment of the present application provides a method for processing information.
  • the method includes: encrypting original information to be stored to generate encrypted information; and creating a target file for storing the encrypted information, wherein
  • the corresponding storage space is composed of data blocks of a fixed size; the content of the encrypted information is sequentially read in a fixed size, and the read content is stored in the data block in the storage space corresponding to the target file, to obtain a
  • the index of the data block; the indexes obtained in turn are summarized into an index sequence, and the index sequence is stored.
  • summarizing the sequentially acquired indexes into an index sequence and storing the index sequence includes: extracting feature information from the original information and the encrypted information respectively; and using the extracted feature information and the index sequence as the encrypted information. Descriptive information is stored.
  • storing the extracted feature information and index sequence as description information of the encrypted information includes: using the extracted feature information and index sequence as description information of the encrypted information, and encrypting the description information; encrypting The following description information is stored.
  • the method further includes: in response to receiving the original information acquisition instruction, reading the description information of the encrypted information, and sequentially reading the content stored in the data block indicated by the index in the index sequence; based on the sequence The content stored in the read data block determines whether the encrypted information has been modified; in response to determining that the encrypted information has not been modified, the encrypted information is decrypted to obtain the original information.
  • the method further comprises: in response to determining that the encrypted information is modified, deleting the content stored in the data block indicated by the descriptive information and the index in the index sequence.
  • sequentially reading the content stored in the data block indicated by the index in the index sequence includes: determining whether the size of the encrypted information is smaller than a preset value; and in response to determining that the size is smaller than the preset value, creating a random stream, Use a random stream to sequentially read the content stored in the data block indicated by the index in the index sequence.
  • sequentially reading the content stored in the data block indicated by the index in the index sequence further includes: in response to determining that the size of the encrypted information is not less than a preset value, creating an input stream and a plurality of random streams; Use the input stream to obtain a random stream among multiple random streams, and use the obtained random stream to read the content stored in the data block indicated by the index in the index sequence.
  • the characteristic information of the encrypted information includes a hash value of the encrypted information; and determining whether the encrypted information is modified based on the content stored in the sequentially read data block includes: sequentially reading the data The content stored in the block is merged to determine the hash value of the merged content; the hash value of the merged content is matched with the hash value of the encrypted information included in the feature information, and in response to the determination, the determination is determined, The encrypted information has not been modified; in response to determining that the hash value of the merged content does not match the hash value of the encrypted information contained in the encrypted information, it is determined that the encrypted information is modified.
  • the characteristic information of the encrypted information includes a hash value of the content of the encrypted information sequentially read in a fixed size; and determining whether the encrypted information is modified based on the content stored in the sequentially read data block. , Including: determining the hash value of the content stored in the sequentially read data block; comparing the hash value of the content stored in the sequentially read data block with the encrypted information sequentially read at a fixed size The hash values of the content are sequentially matched; it is determined that the encrypted information has not been modified in response to determining that they are sequentially matched; and it is determined that the encrypted information has been modified in response to determining that there is at least one mismatch.
  • sequentially reading the content of the encrypted information in a fixed size and storing the read content into a data block in a storage space corresponding to the target file includes: sequentially reading the content of the encrypted information in a fixed size, randomly A data block having no stored content among data blocks constituting the storage space corresponding to the target file is selected, and the read content is stored in the selected data block.
  • an embodiment of the present application provides an apparatus for processing information.
  • the apparatus includes: an encryption unit configured to encrypt original information to be stored to generate encrypted information; and a creating unit configured to create A target file storing encrypted information, wherein a storage space corresponding to the target file is composed of a fixed-size data block;
  • the obtaining unit is configured to sequentially read the content of the encrypted information in a fixed size, store the read content into a data block in a storage space corresponding to the target file, and obtain an index indicating the stored data block; storage The unit is configured to summarize the sequentially acquired indexes into an index sequence, and store the index sequence.
  • the storage unit includes: an extraction module configured to extract feature information from the original information and the encrypted information respectively; and a storage module configured to perform the extracted feature information and the index sequence as description information of the encrypted information storage.
  • the storage module is further configured to: use the extracted feature information and the index sequence as description information of the encrypted information to encrypt the description information; and store the encrypted description information.
  • the apparatus further comprises: a reading unit configured to read the description information of the encrypted information in response to receiving the original information acquisition instruction, and sequentially read the data in the data block indicated by the index in the index sequence. Stored content; a determining unit configured to determine whether the encrypted information has been modified based on the content stored in the sequentially read data blocks; a decryption unit configured to perform a response to the encrypted information in response to determining that the encrypted information has not been modified Decrypt to get the original information.
  • the apparatus further includes a deleting unit configured to delete content stored in the data block indicated by the descriptive information and the index in the index sequence in response to determining that the encrypted information is modified.
  • the determining unit includes: a first determining module configured to determine whether the size of the encrypted information is smaller than a preset value; a first reading module configured to create a random stream in response to determining that the encrypted information is smaller than the preset value; Use a random stream to sequentially read the content stored in the data block indicated by the index in the index sequence.
  • the determining unit further includes: a creating module configured to create an input stream and a plurality of random streams in response to determining that the size of the encrypted information is not less than a preset value; and a second reading module configured to use the input
  • the stream obtains a random stream among multiple random streams, and uses the obtained random stream to read the content stored in the data block indicated by the index in the index sequence.
  • the characteristic information of the encrypted information includes a hash value of the encrypted information; and the determining unit includes: a merging module configured to merge the contents stored in the sequentially read data blocks to determine the merged information A hash value of the content; a first matching module configured to match the hash value of the merged content with the hash value of the encrypted information included in the feature information, and in response to determining a match, determining that the encrypted information has not been modified A second determination module configured to determine that the encrypted information is modified in response to determining that the hash value of the merged content does not match the hash value of the encrypted information contained in the encrypted information.
  • the characteristic information of the encrypted information includes a hash value of the content of the encrypted information sequentially read in a fixed size; and the determination unit includes a third determination module configured to determine the data blocks sequentially read A hash value of the content stored in the memory; a second matching module configured to compare the hash value of the content stored in the sequentially read data block with the hash of the content of the encrypted information sequentially read in a fixed size The column values are sequentially matched; a fourth determination module is configured to determine that the encrypted information has not been modified in response to the determination of a sequential match; a fifth determination module is configured to determine that the encrypted information is modified in response to determining that there is at least one mismatch .
  • the obtaining unit is further configured to sequentially read the content of the encrypted information in a fixed size, randomly select a data block of unstored content among the data blocks constituting the storage space corresponding to the target file, and read the The content is stored in the selected data block.
  • embodiments of the present application provide one or more processors; a storage device storing one or more programs thereon, and when one or more programs are executed by one or more processors, one or more A plurality of processors implement the method as in any one of the methods for processing information.
  • an embodiment of the present application provides a computer-readable medium having stored thereon a computer program that, when executed by a processor, implements the method as in any one of the methods for processing information.
  • the method and device for processing information provided in the embodiments of the present application, by encrypting the original information to be stored, so as to generate encrypted information; and then creating an object file for storing the encrypted information, wherein a storage space corresponding to the object file It is composed of data blocks of a fixed size; thereafter, the content of the encrypted information is sequentially read in a fixed size, and the read content is stored in the data block in the storage space corresponding to the target file, and the data indicating the stored data is obtained.
  • the index of the block; finally, the indexes obtained in turn are summarized into an index sequence, and the index sequence is stored.
  • the data block storing the data is not easy to determine, which can effectively prevent the information from being tampered with and strengthen the information. Protection enhances the security of information.
  • FIG. 1 is an exemplary system architecture diagram to which an embodiment of the present application can be applied;
  • FIG. 1 is an exemplary system architecture diagram to which an embodiment of the present application can be applied;
  • FIG. 2 is a flowchart of an embodiment of a method for processing information according to the present application
  • FIG. 3 is a schematic diagram of an application scenario of a method for processing information according to the present application.
  • FIG. 4 is a flowchart of still another embodiment of a method for processing information according to the present application.
  • FIG. 5 is a schematic structural diagram of an embodiment of an apparatus for processing information according to the present application.
  • FIG. 6 is a schematic structural diagram of a computer system suitable for implementing a server according to an embodiment of the present application.
  • FIG. 1 illustrates an exemplary system architecture 100 to which the method for processing information or the apparatus for processing information of the present application can be applied.
  • the system architecture 100 may include terminal devices 101, 102, and 103, a network 104, and a server 105.
  • the network 104 is a medium for providing a communication link between the terminal devices 101, 102, 103 and the server 105.
  • the network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
  • the user can use the terminal devices 101, 102, 103 to interact with the server 105 through the network 104 to receive or send messages (such as information storage requests, information acquisition instructions) and the like.
  • Various communication client applications can be installed on the terminal devices 101, 102, 103, such as voice interaction applications, shopping applications, search applications, instant communication tools, email clients, social platform software, and so on.
  • the terminal devices 101, 102, and 103 may be hardware or software.
  • the terminal devices 101, 102, and 103 can be various electronic devices with a display screen and data transmission, including but not limited to smart phones, tablet computers, laptop computers, and desktop computers.
  • the terminal devices 101, 102, and 103 are software, they can be installed in the electronic devices listed above. It can be implemented as multiple software or software modules (for example, to provide distributed services), or it can be implemented as a single software or software module. It is not specifically limited here.
  • the server 105 may be a server that provides various services, such as a storage server for storing information.
  • the storage server can perform operations such as information encryption and information storage.
  • the server may be hardware or software.
  • the server can be implemented as a distributed server cluster consisting of multiple servers or as a single server.
  • the server can be implemented as multiple software or software modules (for example, to provide distributed services), or it can be implemented as a single software or software module. It is not specifically limited here.
  • the method for processing information provided by the embodiments of the present application is generally executed by the server 105, and accordingly, the apparatus for processing information is generally set in the server 105.
  • terminal devices, networks, and servers in FIG. 1 are merely exemplary. Depending on the implementation needs, there can be any number of terminal devices, networks, and servers.
  • the method for processing information includes the following steps:
  • Step 201 The original information to be stored is encrypted to generate encrypted information.
  • the execution subject of the method for processing information may use various encryption algorithms to encrypt the original information to be stored to generate encrypted information (ie, encrypted original information).
  • the above encryption algorithm may be MD5 (Message Digest Algorithm 5, Fifth Edition of Message Digest Algorithm), SHA (Secure Hash Algorithm), DES (Data Encryption Standard), AES (Advanced Encryption Standard) , Advanced encryption standard, also known as Rijndael encryption method).
  • MD5 Message Digest Algorithm 5, Fifth Edition of Message Digest Algorithm
  • SHA Secure Hash Algorithm
  • DES Data Encryption Standard
  • AES Advanced Encryption Standard
  • the original information may also be encrypted by using other existing encryption methods, which is not limited to the above list.
  • the original information can be recorded in a file.
  • This file can be encrypted to encrypt the original information.
  • Step 202 Create a target file for storing encrypted information.
  • the execution body may create a target file for storing the encrypted information.
  • you can call an existing statement or instruction for creating a file for example, call the createNewFile () method to create an object file.
  • the storage space corresponding to the object file may be composed of a data block (logical storage unit) of a fixed size (for example, 4 KB).
  • data block division at the logical layer may be performed in advance so that the size of each data block is the above-mentioned fixed size.
  • each data block has a sequence value. Sequence values can be used to characterize and uniquely identify data blocks.
  • the number of data blocks contained in the storage space occupied by the target file may be any number determined randomly, such as one or more.
  • the data block may be automatically expanded.
  • step 203 the content of the encrypted information is sequentially read in a fixed size, the read content is stored in a data block in a storage space corresponding to the target file, and an index indicating the stored data block is obtained.
  • the execution subject may sequentially read the content of the encrypted information in the fixed size (for example, 4KB), and after each time the content is read, the read content is stored to the storage corresponding to the target file.
  • a block of data in space and get an index indicating the block of data. Until all the encrypted information is stored.
  • the index may be information used to indicate a correspondence between a data block and content stored in the data block. For example, it can include information such as the sequence value of the data block and the location or reading order of the encrypted information in the content stored in the data block.
  • the execution body may sequentially read the content of the encrypted information in the fixed size, and sequentially select the corresponding target file from small to large according to the sequence value of the data block. Among the data blocks in the storage space of the non-stored data block, the read content is stored in the selected data block. Until the encrypted information is all stored.
  • the execution subject may sequentially read the content of the encrypted information in the fixed size, and then randomly select unstored content in the data blocks that constitute the storage space corresponding to the target file.
  • the data block is stored in the selected data block. Therefore, each time a fixed-size content is read, a data block is randomly selected to store the content until all encrypted information is stored. Each time the data block is selected randomly, it can increase the difficulty of stealing and changing the stored information, strengthen the protection of the information, and enhance the security of the information.
  • step 204 the sequentially acquired indexes are summarized into an index sequence, and the index sequence is stored.
  • the execution theme described above may summarize the indexes obtained in turn into an index sequence, and store the index sequence.
  • the above-mentioned index sequence may be stored in any place other than the above-mentioned target file, so as to realize the isolation of the encrypted information from the index sequence and enhance the security of the information.
  • the execution subject may further extract feature information from the original information and the encrypted information, respectively.
  • the feature information extracted from the original information may include, but is not limited to, information such as the length, name, role, and hash value (eg, MD5 value) of the original information.
  • the feature information extracted from the encrypted information may include, but is not limited to, information such as the length, name, role, and hash value (eg, MD5 value) of the encrypted information.
  • the extracted feature information and the index sequence may be stored as description information of the encrypted information.
  • the above description information can be stored in any location other than the above target file.
  • the extracted feature information and the index sequence are used as the description information of the encrypted information, and the above description is described.
  • the information is encrypted; then, the encrypted description information is stored.
  • the encrypted description information can be stored in any location other than the above-mentioned target file. Because the encrypted data and the original data can be obtained through the description information, storing the description information after encryption can further strengthen the protection of the information and further enhance the security of the information.
  • an encryption algorithm used to encrypt the foregoing description information may be different from an encryption algorithm used to encrypt the original information, to further enhance the security of the information.
  • FIG. 3 is a schematic diagram of an application scenario of a method for processing information according to this embodiment.
  • the server encrypts the original information 301 to be stored to generate encrypted information 302.
  • the server creates a target file 303 for storing the encrypted information, sequentially reads the content of the encrypted information 302 in the fixed size, and stores the read content into a data block in a storage space corresponding to the target file 303. Gets the index indicating the data block to which it is stored.
  • the sequentially acquired indexes are summarized into an index sequence 304, and the above-mentioned index sequence 304 is stored.
  • the method provided by the above embodiments of the present application encrypts the original information to be stored in order to generate encrypted information; and then creates an object file for storing the encrypted information, where the storage space corresponding to the object file is a fixed size And then read the content of the encrypted information in the above-mentioned fixed size in order, and store the read content into the data block in the storage space corresponding to the target file, and obtain the data block for indicating the stored data. Finally, the indexes obtained in turn are summarized into an index sequence, and the above index sequence is stored.
  • the data block storing the data is not easy to determine, which can effectively prevent the information from being tampered with and strengthen the information. Protection enhances the security of information.
  • the process 400 of the method for processing information includes the following steps:
  • step 401 the original information to be stored is encrypted to generate encrypted information.
  • the execution subject of the method for processing information may use various encryption algorithms to encrypt the original information to be stored to generate encrypted information (ie, encrypted original information).
  • the original information can be recorded in a file. This file can be encrypted to encrypt the original information.
  • Step 402 Create a target file for storing encrypted information.
  • the execution body may create a target file for storing the encrypted information.
  • the storage space corresponding to the object file may be composed of data blocks of a fixed size (for example, 4 KB).
  • data block division at the logical layer may be performed in advance so that the size of each data block is the above-mentioned fixed size.
  • each data block has a sequence value. Sequence values can be used to characterize and uniquely identify data blocks.
  • the number of data blocks contained in the storage space occupied by the target file may be any number determined randomly, such as one or more.
  • steps 401 to 402 are basically the same as the specific operations of steps 201 to 202, and are not repeated here.
  • Step 403 sequentially reading the content of the encrypted information in a fixed size, randomly selecting the data block of the unstored content among the data blocks constituting the storage space corresponding to the target file, and storing the read content into the selected data block, Gets the index indicating the data block to which it is stored.
  • the execution body may sequentially read the content of the encrypted information in the fixed size, and then randomly select data blocks of unstored content among the data blocks constituting the storage space corresponding to the target file, and read the read data.
  • the fetched content is stored in the selected data block. Therefore, each time a fixed-size content is read, a data block is randomly selected to store the content until all encrypted information is stored. Because each time the data block is selected, it is difficult to steal and change the stored information, strengthen the protection of the information, and enhance the security of the information.
  • the index may be information used to indicate a correspondence between a data block and content stored in the data block.
  • it can include information such as the sequence value of the data block and the location or reading order of the encrypted information in the content stored in the data block.
  • Step 404 Extract feature information from the original information and the encrypted information, respectively.
  • the execution subject may further extract feature information from the original information and the encrypted information, respectively.
  • the feature information extracted from the original information may include, but is not limited to, information such as the length, name, role, and hash value (eg, MD5 value) of the original information.
  • the feature information extracted from the encrypted information may include, but is not limited to, information such as the length, name, role, and hash value (eg, MD5 value) of the encrypted information.
  • Step 405 The extracted feature information and the index sequence are stored as the description information of the encrypted information.
  • the above-mentioned execution subject may store the extracted feature information and index sequence as description information of the encrypted information.
  • the above description information can be stored in any location other than the above target file to isolate the encrypted information from the index sequence and enhance the security of the information.
  • Step 406 In response to receiving the original information acquisition instruction, read the description information of the encrypted information, and sequentially read the content stored in the data block indicated by the index in the index sequence.
  • the execution subject in response to receiving the original information acquisition instruction, the execution subject may read the stored description information of the encrypted information. That is, the above-mentioned characteristic information and index sequence in the description information are read. Then, the content stored in the data block indicated by the index in the index sequence is sequentially read.
  • the read description information and the content stored in the read data block can be stored in the memory.
  • the content stored in the data block can be read according to the following steps: First, it can be determined whether the size of the encrypted information is smaller than a preset value (for example, 10 MB). Then, in response to determining that it is smaller than the preset value, a random stream (RandomAccessFile) may be created, and the content stored in the data block indicated by the index in the index sequence is sequentially read using the random stream.
  • a random stream RandomAccessFile
  • random streams can support read and write random access to files. The random stream can directly and randomly operate the content of the file itself, and can read and write the content at the specified position of the file. Therefore, the random stream can be used to read the content stored in the data block.
  • the random stream can be cached.
  • Such a reading method can make the reading operation be performed in the content and improve the reading efficiency.
  • a cached random stream is used to read the content to avoid the performance overhead caused by repeated reading and releasing of files.
  • the reading task does not exclusively occupy the target file, it can support highly concurrent information reading, which effectively improves the throughput performance of the device.
  • the content stored in the data block can be read according to the following steps: first, You can create an input stream (InputStream) and multiple random streams.
  • an input stream can be an object that can read a sequence of bytes.
  • the above-mentioned multiple random streams can be cached to provide the ability of the random stream to be multiplexed multiple times, avoiding operations such as reading and releasing the target file multiple times.
  • the random stream among the plurality of random streams may be obtained by using the input stream, and the content stored in the data block indicated by the index in the index sequence may be read by using the obtained random stream.
  • a random stream can be obtained from the cache, and the content in the data block is read once through the random stream.
  • the number of reads may be determined in advance based on a numerical relationship between the size of the encrypted information and a fixed size.
  • the number of reads is equal to the number of data blocks used by the encrypted information to the destination file. Therefore, a cached random stream is used to read the content to avoid the performance overhead caused by repeated reading and releasing of files.
  • the reading task does not exclusively occupy the target file, it can support highly concurrent information reading, which effectively improves the throughput performance of the device.
  • Step 407 Determine whether the encrypted information is modified based on the content stored in the sequentially read data blocks.
  • the execution subject may determine whether the encrypted information is modified based on the content stored in the sequentially read data blocks.
  • various methods can be used to determine whether the encrypted information has been modified.
  • the characteristic information of the encrypted information may include a hash value (for example, an MD5 value) of the encrypted information.
  • the above-mentioned execution body can determine whether the encrypted information is modified according to the following steps: first, merge the contents stored in the sequentially read data blocks (in the reading order, that is, the order indicated by the index sequence), and determine The hash value of the merged content. After that, the hash value of the merged content is matched with the hash value of the encrypted information included in the feature information, and in response to determining a match, it is determined that the encrypted information has not been modified. In response to determining that the hash value of the merged content does not match the hash value of the encrypted information included in the encrypted information, it is determined that the encrypted information is modified.
  • a hash value for example, an MD5 value
  • the characteristic information of the encrypted information may include a hash value of the content of the encrypted information read in sequence with the fixed size (that is, each fixed-size content corresponds to one hash). Column value).
  • the execution body can determine whether the encrypted information is modified according to the following steps:
  • the first step is to determine the hash value of the content stored in the sequentially read data blocks.
  • the content in each data block read corresponds to a hash value.
  • the hash value of the content stored in the sequentially read data block is sequentially matched with the hash value of the content of the encrypted information read in the fixed size in order. Specifically, first, the hash value of the content stored in the data block read for the first time is matched with the hash value of the first part of the encrypted information read at the fixed size, and then the second The hash value of the content stored in the data block read twice matches the hash value of the content of the second part of the encrypted information read at the above-mentioned fixed size; and so on. In response to determining that there is a matching in sequence, it may be determined that the encrypted information is not modified; in response to determining that there is at least one mismatch, it may be determined that the encrypted information is modified.
  • Step 408 In response to determining that the encrypted information has not been modified, decrypt the encrypted information to obtain the original information.
  • the encrypted information in response to determining that the encrypted information has not been modified, the encrypted information may be decrypted to obtain the original information.
  • the encrypted information is obtained by encrypting the original information to be stored by using an existing encryption algorithm, the existing corresponding decryption method can be used to decrypt the encrypted information.
  • the method of information encryption and decryption is a well-known technology that is widely studied and applied at present, and will not be repeated here.
  • the size of the encrypted information when the size of the encrypted information is less than a preset value (for example, 10MB), the content stored in the data block can be read using a random stream (for details, see step 406) .
  • the encrypted information obtained by combining the contents read by the random stream can be directly decrypted.
  • an input stream can be used to obtain a random stream, and the obtained random stream can be used to read the content stored in the data block Take (for specific operations, see step 406).
  • the content can be decrypted. The decrypted contents are combined to obtain the original information.
  • Step 409 In response to determining that the encrypted information is modified, delete the content stored in the data block indicated by the description information and the index in the index sequence.
  • the content stored in the data block indicated by the description information and the index in the index sequence may be deleted.
  • the process 400 of the method for processing information in this embodiment highlights the steps of obtaining the original information and the determination of whether the encrypted information is modified. step. Therefore, the solution described in this embodiment can effectively identify whether the stored information has been tampered with, ensure that the read information is complete and unmodified, and improve the security and accuracy of the read information.
  • this application provides an embodiment of a device for processing information.
  • the device embodiment corresponds to the method embodiment shown in FIG. 2.
  • the device can be specifically applied to various electronic devices.
  • the apparatus 500 for processing information includes: an encryption unit 501 configured to encrypt original information to be stored to generate encrypted information; and a creation unit 502 configured to create An object file storing the encrypted information, wherein the storage space corresponding to the object file is composed of a fixed-size data block; the obtaining unit 503 is configured to sequentially read the content of the encrypted information according to the fixed size, and read the content The content is stored in the data block in the storage space corresponding to the target file, and an index indicating the stored data block is obtained.
  • the storage unit 504 is configured to summarize the sequentially acquired indexes into an index sequence, and the above index. The sequence is stored.
  • the foregoing storage unit 504 may include an extraction module and a storage module (not shown in the figure).
  • the extraction module may be configured to extract feature information from the original information and the encrypted information, respectively.
  • the storage module may be configured to store the extracted feature information and the index sequence as description information of the encrypted information.
  • the storage module may be further configured to use the extracted feature information and the index sequence as description information of the encryption information to encrypt the description information; and to encrypt the description Information is stored.
  • the device may further include a reading unit, a determining unit, and a decrypting unit (not shown in the figure).
  • the reading unit may be configured to read the description information of the encrypted information in response to receiving the original information acquisition instruction, and sequentially read the content stored in the data block indicated by the index in the index sequence.
  • the determination unit may be configured to determine whether the encrypted information is modified based on the content stored in the sequentially read data blocks.
  • the decryption unit may be configured to, in response to determining that the encrypted information has not been modified, decrypt the encrypted information to obtain the original information.
  • the device may further include a deleting unit (not shown in the figure).
  • the deleting unit may be configured to delete the content stored in the data block indicated by the description information and the index in the index sequence in response to determining that the encrypted information is modified.
  • the foregoing determining unit may include a first determining module and a first reading module (not shown in the figure).
  • the first determining module may be configured to determine whether the size of the encrypted information is smaller than a preset value.
  • the first reading module may be configured to create a random stream in response to a determination that the value is less than a preset value, and sequentially read content stored in a data block indicated by an index in the index sequence by using the random stream.
  • the foregoing determining unit may further include a creating module and a second reading module (not shown in the figure).
  • the creation module may be configured to create an input stream and a plurality of random streams in response to determining that the size of the encrypted information is not less than the preset value.
  • the second reading module may be configured to use the input stream to obtain a random stream among the plurality of random streams, and use the obtained random stream to read content stored in a data block indicated by an index in the index sequence.
  • the characteristic information of the encrypted information may include a hash value of the encrypted information.
  • the above determining unit may include a merging module, a first matching module, and a second determining module (not shown in the figure).
  • the merging module may be configured to merge the content stored in the sequentially read data blocks to determine a hash value of the merged content.
  • the first matching module may be configured to match a hash value of the merged content with a hash value of the encrypted information included in the feature information, and determine that the encrypted information has not been modified in response to determining a match.
  • the second determining module may be configured to determine that the encrypted information is modified in response to determining that the hash value of the merged content does not match the hash value of the encrypted information included in the encrypted information.
  • the characteristic information of the encrypted information may include a hash value of the content of the encrypted information read sequentially in the fixed size.
  • the above determination unit may include a third determination module, a second matching module, a fourth determination module, and a fifth determination module (not shown in the figure).
  • the third determination module may be configured to determine a hash value of the content stored in the data blocks that are sequentially read.
  • the second matching module may be configured to sequentially match the hash value of the content stored in the sequentially read data block and the hash value of the content of the encrypted information sequentially read at the fixed size.
  • the fourth determination module may be configured to determine that the encrypted information has not been modified in response to the determination that they are sequentially matched.
  • the fifth determining module may be configured to determine that the encrypted information is modified in response to determining that there is at least one mismatch.
  • the obtaining unit 503 may be further configured to sequentially read the content of the encrypted information according to the fixed size, and randomly select data blocks that constitute the storage space corresponding to the target file. 2. A data block that does not store content, and stores the read content to the selected data block.
  • the device provided by the foregoing embodiment of the present application encrypts the original information to be stored by the encryption unit 501 to generate encrypted information; and then the creation unit 502 creates an object file for storing the encrypted information, where the object file corresponds to the object file.
  • the storage space is composed of data blocks of a fixed size; after that, the obtaining unit 503 sequentially reads the contents of the encrypted information according to the fixed size, and stores the read contents into data blocks in the storage space corresponding to the target file. An index indicating a stored data block is acquired; finally, the storage unit 504 summarizes the sequentially acquired indexes into an index sequence, and stores the above index sequence.
  • the data block storing the data is not easy to determine, which can effectively prevent the information from being tampered with and strengthen the Protection enhances the security of information.
  • FIG. 6 shows a schematic structural diagram of a computer system 600 suitable for implementing a server according to an embodiment of the present application.
  • the server shown in FIG. 6 is only an example, and should not impose any limitation on the functions and scope of use of the embodiments of the present application.
  • the computer system 600 includes a central processing unit (CPU) 601, which can be loaded into a random access memory (RAM) 603 from a program stored in a read-only memory (ROM) 602 or from a storage portion 608 Instead, perform various appropriate actions and processes.
  • RAM random access memory
  • ROM read-only memory
  • various programs and data required for the operation of the system 600 are also stored.
  • the CPU 601, the ROM 602, and the RAM 603 are connected to each other through a bus 604.
  • An input / output (I / O) interface 605 is also connected to the bus 604.
  • the following components are connected to the I / O interface 605: an input portion 606 including a keyboard, a mouse, and the like; an output portion 607 including a cathode ray tube (CRT), a liquid crystal display (LCD), and a speaker; a storage portion 608 including a hard disk and the like; a communication section 609 including a network interface card such as a LAN card, a modem, and the like.
  • the communication section 609 performs communication processing via a network such as the Internet.
  • the driver 610 is also connected to the I / O interface 605 as necessary.
  • a removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, etc., is installed on the drive 610 as needed, so that a computer program read therefrom is installed into the storage section 608 as needed.
  • the process described above with reference to the flowchart may be implemented as a computer software program.
  • embodiments of the present disclosure include a computer program product including a computer program carried on a computer-readable medium, the computer program containing program code for performing a method shown in a flowchart.
  • the computer program may be downloaded and installed from a network through the communication section 609, and / or installed from a removable medium 611.
  • CPU central processing unit
  • the computer-readable medium described in this application may be a computer-readable signal medium or a computer-readable storage medium or any combination of the two.
  • the computer-readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples of computer-readable storage media may include, but are not limited to: electrical connections with one or more wires, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable Programming read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the foregoing.
  • a computer-readable storage medium may be any tangible medium that contains or stores a program that can be used by or in combination with an instruction execution system, apparatus, or device.
  • a computer-readable signal medium may include a data signal that is included in baseband or propagated as part of a carrier wave, and which carries computer-readable program code. Such a propagated data signal may take many forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the foregoing.
  • the computer-readable signal medium may also be any computer-readable medium other than a computer-readable storage medium, and the computer-readable medium may send, propagate, or transmit a program for use by or in connection with an instruction execution system, apparatus, or device.
  • Program code embodied on a computer-readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
  • each block in the flowchart or block diagram may represent a module, a program segment, or a part of code, which contains one or more functions to implement a specified logical function Executable instructions.
  • the functions labeled in the blocks may also occur in a different order than those labeled in the drawings. For example, two blocks represented one after the other may actually be executed substantially in parallel, and they may sometimes be executed in the reverse order, depending on the functions involved.
  • each block in the block diagrams and / or flowcharts, and combinations of blocks in the block diagrams and / or flowcharts can be implemented by a dedicated hardware-based system that performs the specified function or operation , Or it can be implemented with a combination of dedicated hardware and computer instructions.
  • the units described in the embodiments of the present application may be implemented by software or hardware.
  • the described unit may also be provided in a processor, for example, it may be described as: a processor includes an encryption unit, a creation unit, an acquisition unit, and a storage unit. Among them, the names of these units do not constitute a limitation on the unit itself in some cases.
  • the encryption unit can also be described as "a unit that encrypts original information to be stored and generates encrypted information".
  • the present application further provides a computer-readable medium, which may be included in the device described in the foregoing embodiments; or may exist alone without being assembled into the device.
  • the computer-readable medium described above carries one or more programs.
  • the device causes the device to: encrypt the original information to be stored to generate encrypted information; and create an encrypted information for storing the encrypted information.
  • An object file wherein the storage space corresponding to the object file is composed of data blocks of a fixed size; the content of the encrypted information is sequentially read in accordance with the fixed size, and the read content is stored in the storage space corresponding to the object file
  • To obtain the index of the data block to which the data block is stored summarize the indexes obtained in turn into an index sequence, and store the index sequence.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé et un dispositif de traitement d'informations. Un mode de réalisation spécifique du procédé comprend les étapes consistant à : chiffrer des informations originales devant être stockées et générer des informations chiffrées ; créer un fichier cible destiné à stocker les informations chiffrées, un espace de stockage correspondant au fichier cible étant constitué de blocs de données de taille fixe ; lire séquentiellement le contenu des informations chiffrées en fonction de la taille fixe, stocker le contenu lu dans les blocs de données dans l'espace de stockage correspondant au fichier cible et obtenir des indices destinés à indiquer les blocs de données dans lesquels le contenu est stocké ; puis rassembler les indices obtenus séquentiellement sous la forme d'une séquence d'indices et stocker la séquence d'indices. Le mode de réalisation peut empêcher efficacement la falsification d'informations, ce qui accroît la sécurité des informations.
PCT/CN2019/087330 2018-06-05 2019-05-17 Procédé et dispositif de traitement d'informations WO2019233259A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810567046.X 2018-06-05
CN201810567046.XA CN108777685B (zh) 2018-06-05 2018-06-05 用于处理信息的方法和装置

Publications (1)

Publication Number Publication Date
WO2019233259A1 true WO2019233259A1 (fr) 2019-12-12

Family

ID=64024749

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/087330 WO2019233259A1 (fr) 2018-06-05 2019-05-17 Procédé et dispositif de traitement d'informations

Country Status (2)

Country Link
CN (1) CN108777685B (fr)
WO (1) WO2019233259A1 (fr)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108777685B (zh) * 2018-06-05 2020-06-23 京东数字科技控股有限公司 用于处理信息的方法和装置
CN110881033B (zh) * 2019-11-07 2022-06-21 腾讯科技(深圳)有限公司 一种数据加密方法、装置、设备以及可读存储介质
CN112966796B (zh) * 2021-03-04 2022-03-15 南通苏博办公服务有限公司 基于大数据的企业信息档案存储管理方法及系统
CN113553300B (zh) * 2021-07-27 2024-05-24 北京字跳网络技术有限公司 文件的处理方法、装置、可读介质和电子设备
CN115291812B (zh) * 2022-09-30 2023-01-13 北京紫光青藤微系统有限公司 一种通信芯片的数据存储方法及装置

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103793666A (zh) * 2014-01-24 2014-05-14 中经云数据存储科技(北京)有限公司 一种数据文件的保护方法及系统
CN104239234A (zh) * 2014-10-13 2014-12-24 合一网络技术(北京)有限公司 一种高效的本地缓存管理及读写方法
US20150261783A1 (en) * 2013-01-07 2015-09-17 Tencent Technology (Shenzhen) Company Limited Method and apparatus for storing and reading files
CN107204986A (zh) * 2017-06-27 2017-09-26 四川捷云信通信息技术有限公司 云端存储加密方法、解密方法及云端存储加密装置
CN107995299A (zh) * 2017-12-08 2018-05-04 东北大学 一种云环境下抗访问模式泄露的盲存储方法
CN108777685A (zh) * 2018-06-05 2018-11-09 北京京东金融科技控股有限公司 用于处理信息的方法和装置

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2014115851A (ja) * 2012-12-10 2014-06-26 Canon Inc データ処理装置及びその制御方法
CN103279694B (zh) * 2013-05-31 2016-05-25 华为技术有限公司 一种文件系统的加载、保护方法及装置
CN104166823A (zh) * 2014-09-12 2014-11-26 罗满清 一种智慧医疗数据安全保障系统
CN106203128B (zh) * 2015-04-30 2020-01-14 宋青见 网页数据加解密方法、装置和系统
CN104820717B (zh) * 2015-05-22 2019-05-21 全球能源互联网研究院 一种海量小文件存储及管理方法和系统
CN105516110B (zh) * 2015-12-01 2019-12-20 趣增信息科技(上海)有限公司 移动设备安全数据传送方法
CN105975877B (zh) * 2016-07-01 2019-06-21 中国联合网络通信有限公司重庆市分公司 一种敏感文件安全存储办法
CN106375834B (zh) * 2016-08-31 2019-08-02 广州易方信息科技股份有限公司 一种基于iOS操作系统的在线加密切片视频离线播放方法及装置

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150261783A1 (en) * 2013-01-07 2015-09-17 Tencent Technology (Shenzhen) Company Limited Method and apparatus for storing and reading files
CN103793666A (zh) * 2014-01-24 2014-05-14 中经云数据存储科技(北京)有限公司 一种数据文件的保护方法及系统
CN104239234A (zh) * 2014-10-13 2014-12-24 合一网络技术(北京)有限公司 一种高效的本地缓存管理及读写方法
CN107204986A (zh) * 2017-06-27 2017-09-26 四川捷云信通信息技术有限公司 云端存储加密方法、解密方法及云端存储加密装置
CN107995299A (zh) * 2017-12-08 2018-05-04 东北大学 一种云环境下抗访问模式泄露的盲存储方法
CN108777685A (zh) * 2018-06-05 2018-11-09 北京京东金融科技控股有限公司 用于处理信息的方法和装置

Also Published As

Publication number Publication date
CN108777685A (zh) 2018-11-09
CN108777685B (zh) 2020-06-23

Similar Documents

Publication Publication Date Title
WO2019233259A1 (fr) Procédé et dispositif de traitement d'informations
WO2022252632A1 (fr) Procédé et appareil de traitement de chiffrement de données, dispositif informatique et support de stockage
US10140370B1 (en) Systems and methods for maintaining encrypted search indexes on third-party storage systems
US9979542B2 (en) Shared data encryption and confidentiality
US9735962B1 (en) Three layer key wrapping for securing encryption keys in a data storage system
US20180212751A1 (en) End-To-End Secure Operations Using a Query Matrix
US11283778B2 (en) Data exchange system, method and device
CN106971121B (zh) 数据处理方法、装置、服务器及存储介质
US9397833B2 (en) Receipt, data reduction, and storage of encrypted data
CN110689349B (zh) 一种区块链中的交易哈希值存储和搜索方法及装置
CN107612683B (zh) 一种加解密方法、装置、系统、设备和存储介质
US8751789B2 (en) General purpose distributed encrypted file system
US10025811B2 (en) Method and apparatus for deduplicating encrypted data
CN112685753B (zh) 一种用于加密数据存储的方法及设备
CA3028091C (fr) Protection des donnees au repos a l`aide d`une transportabilite de donnees chiffrees independantes du fournisseur de services infonuagiques
CN109711178B (zh) 一种键值对的存储方法、装置、设备及存储介质
CN114615031A (zh) 文件存储方法、装置、电子设备及存储介质
WO2020044095A1 (fr) Procédé et appareil de chiffrement de fichiers, dispositif, terminal, serveur et support d'informations lisible par ordinateur
CN107707528B (zh) 一种用户信息隔离的方法和装置
US11455404B2 (en) Deduplication in a trusted execution environment
CN111030930B (zh) 基于去中心化网络数据分片传输方法、装置、设备及介质
CN110543772A (zh) 离线解密方法和装置
CN112565156A (zh) 信息注册方法、装置和系统
CN113626873B (zh) 鉴权方法、装置、电子设备和计算机可读介质
US20220318438A1 (en) Systems and methods for data security on a mobile device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19814230

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19814230

Country of ref document: EP

Kind code of ref document: A1