CN113326522A - Data processing method, device, equipment and computer storage medium - Google Patents
Data processing method, device, equipment and computer storage medium Download PDFInfo
- Publication number
- CN113326522A CN113326522A CN202110671252.7A CN202110671252A CN113326522A CN 113326522 A CN113326522 A CN 113326522A CN 202110671252 A CN202110671252 A CN 202110671252A CN 113326522 A CN113326522 A CN 113326522A
- Authority
- CN
- China
- Prior art keywords
- user
- key
- data
- random number
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
本申请实施例提出了一种数据处理方法、装置、电子设备和计算机存储介质,该方法包括:接收用户的数据存储请求,根据所述数据存储请求生成所述用户的用户密钥随机数和文件密钥随机数;对所述用户的用户密钥随机数和文件密钥随机数进行拼接,得到第一字符串,加密所述第一字符串,得到第一数据密钥;根据所述第一数据密钥,对用户数据进行加密,并对加密后的数据进行存储;获取用户密码,根据所述用户密码生成目标密码,对所述目标密码与所述用户密钥随机数进行拼接,得到第二字符串,加密所述第二字符串,得到第二数据密钥;所述第二数据密钥用于在对加密后的用户数据进行操作时确定所述用户的用户密钥随机数。
The embodiments of the present application provide a data processing method, apparatus, electronic device, and computer storage medium. The method includes: receiving a data storage request from a user, and generating a user key random number and a file of the user according to the data storage request. key random number; splicing the user's user key random number and file key random number to obtain a first character string, encrypting the first character string to obtain a first data key; according to the first data key, encrypt the user data, and store the encrypted data; obtain the user password, generate a target password according to the user password, and splicing the target password and the random number of the user key to obtain the first password. Two character strings, encrypt the second character string to obtain a second data key; the second data key is used to determine the user key random number of the user when the encrypted user data is operated.
Description
技术领域technical field
本申请涉及金融科技(Fintech)的数据安全存储技术领域,尤其涉及一种数据处理方法、装置、电子设备和计算机存储介质。The present application relates to the technical field of data security storage of financial technology (Fintech), and in particular, to a data processing method, apparatus, electronic device and computer storage medium.
背景技术Background technique
随着计算机技术的发展,越来越多的技术应用在金融领域,传统金融业正在逐步向金融科技转变,但由于金融行业的安全性、实时性要求,也对技术提出了更高的要求。With the development of computer technology, more and more technologies are applied in the financial field, and the traditional financial industry is gradually transforming into financial technology. However, due to the security and real-time requirements of the financial industry, higher requirements are also placed on technology.
传统银行的保险箱用于保护用户的物理财产,如金银珠宝、流通纸币等,随着数字化进行的推进,用户的数字资料成为越来越重要的资产,如身份证、银行卡等,使得数据保险箱成为当今数字银行不可缺少的对客能力。Traditional bank safes are used to protect users' physical property, such as gold, silver, jewelry, and circulating banknotes. With the advancement of digitization, users' digital data has become an increasingly important asset, such as ID cards, bank cards, etc., making data Safe deposit boxes have become an indispensable customer-facing capability for today's digital banks.
相关技术中,在通过数据保险箱对用户的数据资料进行存储的过程中,多使用由服务提供商自身的系统后台生成的单一加密密钥加密用户数据,即,采用由单层系统密钥加密用户数据的方式,然而,这种加密方式安全性不高,一旦加密密钥泄漏后破解用户原数据的难度较低,会增加用户数据的安全风险。In the related art, in the process of storing the user's data through the data safe, the single encryption key generated by the service provider's own system background is often used to encrypt the user data, that is, the single-layer system key is used to encrypt the user's data. However, the security of this encryption method is not high. Once the encryption key is leaked, it is less difficult to crack the user's original data, which will increase the security risk of the user's data.
发明内容SUMMARY OF THE INVENTION
本申请提供一种数据处理方法、装置、电子设备和计算机存储介质,可以解决相关技术中在对用户数据进行加密时,安全风险较高的问题。The present application provides a data processing method, an apparatus, an electronic device and a computer storage medium, which can solve the problem of relatively high security risk when encrypting user data in the related art.
本申请的技术方案是这样实现的:The technical solution of the present application is realized as follows:
本申请实施例提供了一种数据处理方法,所述方法包括:The embodiment of the present application provides a data processing method, and the method includes:
接收用户的数据存储请求,根据所述数据存储请求生成所述用户的用户密钥随机数和文件密钥随机数;Receive a user's data storage request, and generate the user's user key random number and file key random number according to the data storage request;
对所述用户的用户密钥随机数和文件密钥随机数进行拼接,得到第一字符串,加密所述第一字符串,得到第一数据密钥;Splicing the user key random number and the file key random number of the user to obtain a first character string, encrypting the first character string to obtain a first data key;
根据所述第一数据密钥,对用户数据进行加密,并对加密后的用户数据进行存储;获取用户密码,根据所述用户密码生成目标密码,对所述目标密码与所述用户密钥随机数进行拼接,得到第二字符串;Encrypting user data according to the first data key, and storing the encrypted user data; obtaining a user password, generating a target password according to the user password, and randomizing the target password and the user key The numbers are spliced to obtain the second string;
加密所述第二字符串,得到第二数据密钥;所述第二数据密钥用于在对加密后的用户数据进行操作时确定所述用户的用户密钥随机数。The second character string is encrypted to obtain a second data key; the second data key is used to determine the user key random number of the user when the encrypted user data is operated.
在一些实施例中,所述方法还包括:In some embodiments, the method further includes:
在接收到针对所述加密后的用户数据的操作请求后,根据所述用户密码,对所述第二数据密钥进行解密,得到所述用户的用户密钥随机数;After receiving the operation request for the encrypted user data, decrypt the second data key according to the user password to obtain the user key random number of the user;
对所述文件密钥随机数和解密后的用户密钥随机数进行加密,重新生成所述第一数据密钥;Encrypting the file key random number and the decrypted user key random number, and regenerating the first data key;
根据重新生成的所述第一数据密钥,对所述加密后的用户数据进行解密,得到所述用户数据;根据所述操作请求,对所述用户数据进行操作。Decrypt the encrypted user data according to the regenerated first data key to obtain the user data; and operate the user data according to the operation request.
在一些实施例中,所述方法还包括:In some embodiments, the method further includes:
基于区块链数据存证方式,将针对所述用户数据的操作行为进行记录。Based on the blockchain data storage method, the operation behavior of the user data will be recorded.
在一些实施例中,所述方法还包括:In some embodiments, the method further includes:
根据所述用户的身份标识号(Identity document,ID),获取第三方可信机构分配的公钥;According to the identity document (ID) of the user, obtain the public key distributed by a third-party trusted organization;
得到加密后的用户密钥随机数,并对所述用户的用户密钥随机数进行销毁;所述加密后的用户密钥随机数是通过第三方可信机构的公钥对所述用户的用户密钥随机数进行加密得到的;Obtain the encrypted random number of the user key, and destroy the random number of the user key of the user; The key random number is encrypted;
对所述加密后的用户密钥随机数进行加密,得到第三数据密钥;Encrypting the encrypted user key random number to obtain a third data key;
存储所述第三数据密钥。The third data key is stored.
在一些实施例中,所述方法还包括:In some embodiments, the method further includes:
根据所述用户的ID,获取第三方可信机构分配的私钥;According to the user's ID, obtain the private key distributed by the third-party trusted organization;
通过身份认证方式对所述第三数据密钥进行解密,得到所述加密后的用户密钥随机数;Decrypt the third data key through identity authentication to obtain the encrypted random number of the user key;
得到所述用户的用户密钥随机数;所述用户的用户密钥随机数是通过所述第三方可信机构的私钥对所述加密后的用户密钥随机数进行解密得到的。The user key random number of the user is obtained; the user key random number of the user is obtained by decrypting the encrypted user key random number with the private key of the third-party trusted organization.
在一些实施例中,所述方法还包括:In some embodiments, the method further includes:
在得到所述用户的用户密钥随机数和重置后的用户密码的情况下,基于所述用户的用户密钥随机数和重置后的用户密码,得到更新后的第二数据密钥;所述重置后的用户密码是对所述用户进行身份认证后得到的。In the case of obtaining the user key random number of the user and the reset user password, based on the user's user key random number and the reset user password, an updated second data key is obtained; The reset user password is obtained after the user is authenticated.
在一些实施例中,所述方法还包括:In some embodiments, the method further includes:
在确定所述用户密码发生变更的情况下,根据未变更前的用户密码,对第二数据密钥进行解密,得到所述用户的用户密钥随机数;In the case of determining that the user password is changed, decrypt the second data key according to the user password before the change, and obtain the user key random number of the user;
基于所述用户的用户密钥随机数和变更后的用户密码,得到更新后的第二数据密钥。Based on the user's user key random number and the changed user password, an updated second data key is obtained.
本申请实施例还提出了一种数据处理装置,所述装置包括生成模块、加密模块和存储模块,其中,The embodiment of the present application also proposes a data processing device, the device includes a generation module, an encryption module and a storage module, wherein,
生成模块,用于接收用户的数据存储请求,根据所述数据存储请求生成所述用户的用户密钥随机数和文件密钥随机数;A generating module, configured to receive a user's data storage request, and generate the user's user key random number and file key random number according to the data storage request;
加密模块,用于对所述用户的用户密钥随机数和文件密钥随机数进行拼接,得到第一字符串,加密所述第一字符串,得到第一数据密钥,根据所述第一数据密钥,对用户数据进行加密;获取用户密码,根据所述用户密码生成目标密码,对所述目标密码与所述用户密钥随机数进行拼接,得到第二字符串,加密所述第二字符串,得到第二数据密钥;所述第二数据密钥用于在对加密后的用户数据进行操作时确定所述用户的用户密钥随机数;The encryption module is used for splicing the random number of the user key and the random number of the file key of the user to obtain a first character string, encrypting the first character string to obtain a first data key, according to the first character string data key, encrypting user data; obtaining a user password, generating a target password according to the user password, splicing the target password and the random number of the user key to obtain a second string, and encrypting the second character string to obtain a second data key; the second data key is used to determine the user key random number of the user when the encrypted user data is operated;
存储模块,用于对加密后的用户数据进行存储。The storage module is used to store encrypted user data.
本申请实施例提供一种电子设备,所述设备包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现前述一个或多个技术方案提供的数据处理方法。An embodiment of the present application provides an electronic device, the device includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements one or more of the foregoing techniques when executing the program The data processing method provided by the program.
本申请实施例提供一种计算机存储介质,所述计算机存储介质存储有计算机程序;所述计算机程序被执行后能够实现前述一个或多个技术方案提供的数据处理方法。An embodiment of the present application provides a computer storage medium, where a computer program is stored in the computer storage medium; after the computer program is executed, the data processing method provided by one or more of the foregoing technical solutions can be implemented.
本申请实施例提出了一种数据处理方法、装置、电子设备和计算机存储介质,所述方法应用于服务端系统,所述方法包括:接收用户的数据存储请求,根据所述数据存储请求生成所述用户的用户密钥随机数和文件密钥随机数;对所述用户的用户密钥随机数和文件密钥随机数进行拼接,得到第一字符串,加密所述第一字符串,得到第一数据密钥;根据所述第一数据密钥,对用户数据进行加密,并对加密后的用户数据进行存储。The embodiments of the present application provide a data processing method, apparatus, electronic device, and computer storage medium. The method is applied to a server system. The method includes: receiving a data storage request from a user, and generating a data storage request according to the data storage request. the random number of the user key and the random number of the file key of the user; splicing the random number of the user key of the user and the random number of the file key to obtain the first character string, and encrypting the first character string to obtain the first character string. a data key; according to the first data key, the user data is encrypted, and the encrypted user data is stored.
可以看出,本申请实施例中,首先基于服务端系统生成的用户密钥随机数和文件密钥随机数,进行第一层加密,得到第一数据密钥;再通过第一数据密钥对用户数据进行第二层加密;即,在对用户数据存储的过程中,采用上述两层加密方式实现加密,相比于现有技术中仅采用单层加密用户数据的方式,该加密方式的安全性较高,能够有效提高用户存储数据时的安全性,降低安全风险。It can be seen that, in the embodiment of the present application, the first layer of encryption is firstly performed based on the random number of the user key and the random number of the file key generated by the server system to obtain the first data key; The user data is encrypted at the second layer; that is, in the process of storing the user data, the above-mentioned two-layer encryption method is used to realize encryption. It has high security, which can effectively improve the security of users when storing data and reduce security risks.
附图说明Description of drawings
图1a是本申请实施例中的一种数据处理方法的流程示意图;1a is a schematic flowchart of a data processing method in an embodiment of the present application;
图1b是本申请实施例中的采用SM4算法加密第一字符串的流程示意图;Fig. 1b is the schematic flow chart of adopting SM4 algorithm to encrypt the first character string in the embodiment of the present application;
图1c是本申请实施例中的对用户数据进行加密的流程示意图;Fig. 1c is a schematic flow chart of encrypting user data in an embodiment of the present application;
图1d是本申请实施例中的根据用户操作请求对用户数据进行操作的流程示意图;FIG. 1d is a schematic flowchart of operating user data according to a user operation request in an embodiment of the present application;
图1e是本申请实施例中的用户变更或重置密码的流程示意图;1e is a schematic flowchart of a user changing or resetting a password in an embodiment of the present application;
图2为本申请实施例的一种数据加密方法的流程示意图;2 is a schematic flowchart of a data encryption method according to an embodiment of the application;
图3是本申请实施例的数据处理装置的组成结构示意图;3 is a schematic diagram of the composition and structure of a data processing apparatus according to an embodiment of the present application;
图4是本申请实施例提供的电子设备的结构示意图。FIG. 4 is a schematic structural diagram of an electronic device provided by an embodiment of the present application.
具体实施方式Detailed ways
以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处所提供的实施例仅仅用以解释本申请,并不用于限定本申请。另外,以下所提供的实施例是用于实施本申请的部分实施例,而非提供实施本申请的全部实施例,在不冲突的情况下,本申请实施例记载的技术方案可以任意组合的方式实施。The present application will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the embodiments provided herein are only used to explain the present application, and are not intended to limit the present application. In addition, the embodiments provided below are only some of the embodiments for implementing the present application, rather than all the embodiments for implementing the present application. In the case of no conflict, the technical solutions described in the embodiments of the present application can be combined arbitrarily. implement.
需要说明的是,在本申请实施例中,术语“包括”、“包含”或者其任何其它变体意在涵盖非排他性的包含,从而使得包括一系列要素的方法或者装置不仅包括所明确记载的要素,而且还包括没有明确列出的其它要素,或者是还包括为实施方法或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个......”限定的要素,并不排除在包括该要素的方法或者装置中还存在另外的相关要素(例如方法中的步骤或者装置中的单元,例如的单元可以是部分电路、部分处理器、部分程序或软件等等)。It should be noted that, in the embodiments of the present application, the terms "comprising", "comprising" or any other variants thereof are intended to cover non-exclusive inclusion, so that a method or device including a series of elements not only includes the explicitly stated elements, but also other elements not expressly listed or inherent to the practice of the method or apparatus. Without further limitation, an element defined by the phrase "comprises a..." does not preclude the presence of additional related elements (eg, steps in a method or a device) in which the element is included. A unit in an apparatus, for example, a unit may be part of a circuit, part of a processor, part of a program or software, etc.).
本文中术语“和/或”,仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,I和/或J,可以表示:单独存在I,同时存在I和J,单独存在J这三种情况。另外,本文中术语“至少一种”表示多种中的任意一种或多种中的至少两种的任意组合,例如,包括I、J、R中的至少一种,可以表示包括从I、J和R构成的集合中选择的任意一个或多个元素。The term "and/or" in this text is only an association relationship to describe the associated objects, indicating that there can be three kinds of relationships, for example, I and/or J, it can mean: I exist alone, I and J exist simultaneously, exist independently J these three cases. In addition, the term "at least one" herein refers to any combination of any one or more of at least two of the plurality, for example, including at least one of I, J, and R, can mean including from I, Any one or more elements selected from the set of J and R.
例如,本申请实施例提供的数据处理方法包含了一系列的步骤,但是本申请实施例提供的数据处理方法不限于所记载的步骤,同样地,本申请实施例提供的数据处理装置包括了一系列模块,但是本申请实施例提供的数据处理装置不限于包括所明确记载的模块,还可以包括为获取相关任务数据、或基于任务数据进行处理时所需要设置的模块。For example, the data processing method provided by the embodiment of the present application includes a series of steps, but the data processing method provided by the embodiment of the present application is not limited to the steps described. Similarly, the data processing device provided by the embodiment of the present application includes a A series of modules, but the data processing apparatus provided by the embodiments of the present application is not limited to including the modules explicitly described, and may also include modules that need to be set for acquiring relevant task data or performing processing based on the task data.
本申请实施例可以应用于用户端和服务端组成的计算机系统中,并可以与众多其它通用或专用计算系统环境或配置一起操作。这里,用户端可以是瘦客户机、厚客户机、手持或膝上设备、基于微处理器的系统、机顶盒、可编程消费电子产品、网络个人电脑、小型计算机系统,等等,服务端可以是小型计算机系统﹑大型计算机系统和包括上述任何系统的分布式云计算技术环境,等等。The embodiments of the present application can be applied to a computer system composed of a client and a server, and can operate with many other general-purpose or special-purpose computing system environments or configurations. Here, the client can be a thin client, a thick client, a handheld or laptop device, a microprocessor-based system, a set-top box, a programmable consumer electronics product, a network personal computer, a small computer system, etc., and the server can be Small computer systems, large computer systems, and distributed cloud computing technology environments including any of the above, etc.
用户端、服务端等电子设备可以通过程序模块的执行实现相应的功能。通常,程序模块可以包括例程、程序、目标程序、组件、逻辑、数据结构等等,它们执行特定的任务或者实现特定的抽象数据类型。计算机系统/服务端可以在分布式云计算环境中实施,分布式云计算环境中,任务是由通过通信网络链接的远程处理设备执行的。在分布式云计算环境中,程序模块可以位于包括存储设备的本地或远程计算系统存储介质上。Electronic devices such as the client and the server can implement corresponding functions through the execution of the program modules. Generally, program modules may include routines, programs, object programs, components, logic, data structures, etc. that perform particular tasks or implement particular abstract data types. The computer system/server may be implemented in a distributed cloud computing environment where tasks are performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located on local or remote computing system storage media including storage devices.
相关技术中,对于实体世界和数字世界中的用户资产,两者的存储方式存在区别;这里,通过表1示出了上述两种用户资产的存储方式在资产要素、存储方法和存储要求这三个方面的区别。In the related art, there are differences in the storage methods of user assets in the physical world and the digital world; here, Table 1 shows the storage methods of the above two user assets in three aspects: asset elements, storage methods and storage requirements. difference in aspects.
表1Table 1
相关技术中,用户数据存储服务提供商如云盘、微云等,在存储客户通讯录、照片、视频等数据资料时,它们所提供的存储服务多使用系统后台生成单一加密密钥,即,由单层系统密钥加密用户数据;然而,这种加密方式安全性不高,一旦加密密钥泄漏后破解用户原数据的难度较低,会增加用户数据的安全风险。In the related art, when user data storage service providers such as cloud disk, Weiyun, etc., when storing data such as customer address book, photos, videos, etc., the storage services provided by them mostly use the system background to generate a single encryption key, that is, The user data is encrypted by a single-layer system key; however, this encryption method is not very secure. Once the encryption key is leaked, it is less difficult to crack the user's original data, which will increase the security risk of the user's data.
针对上述技术问题,提出以下各实施例。In view of the above technical problems, the following embodiments are proposed.
在本申请的一些实施例中,数据处理方法可以利用数据处理装置中的处理器实现,上述处理器可以为特定用途集成电路(Application Specific Integrated Circuit,ASIC)、数字信号处理器(Digital Signal Processor,DSP)、数字信号处理装置(DigitalSignal Processing Device,DSPD)、可编程逻辑装置(Programmable Logic Device,PLD)、现场可编程逻辑门阵列(Field Programmable Gate Array,FPGA)、中央处理器(CentralProcessing Unit,CPU)、控制器、微控制器、微处理器中的至少一种。In some embodiments of the present application, the data processing method may be implemented by using a processor in a data processing apparatus, and the above-mentioned processor may be an application specific integrated circuit (ASIC), a digital signal processor (Digital Signal Processor, DSP), Digital Signal Processing Device (DSPD), Programmable Logic Device (Programmable Logic Device, PLD), Field Programmable Gate Array (Field Programmable Gate Array, FPGA), Central Processing Unit (Central Processing Unit, CPU) ), at least one of a controller, a microcontroller, and a microprocessor.
图1a是本申请实施例中的一种数据处理方法的流程示意图,该方法如图1a所示,该方法包括如下步骤:Fig. 1a is a schematic flowchart of a data processing method in an embodiment of the present application. As shown in Fig. 1a, the method includes the following steps:
步骤100:接收用户的数据存储请求,根据数据存储请求生成用户的用户密钥随机数和文件密钥随机数。Step 100: Receive a data storage request from a user, and generate a user key random number and a file key random number of the user according to the data storage request.
本申请实施例中,用户通过用户端向服务端发送数据存储请求,服务端接收该用户的数据存储请求;示例性地,服务端可以是云存储服务器;这里,对云存储服务器的来源不作限制,例如,可以是云存储服务提供商提供的,也可以是通过其它方式获取的。In the embodiment of the present application, the user sends a data storage request to the server through the client, and the server receives the user's data storage request; exemplarily, the server may be a cloud storage server; here, the source of the cloud storage server is not limited , for example, may be provided by a cloud storage service provider, or may be obtained in other ways.
示例性地,数据存储请求中的数据表示用户的数据资产,例如,可以是身份证、银行卡、通讯录等。Exemplarily, the data in the data storage request represents the data assets of the user, for example, an ID card, a bank card, an address book, and the like.
示例性地,在服务端接收到每个用户的数据存储请求后,系统后台对每个用户独立生成一对密钥随机数,分别是用户密钥随机数和文件密钥随机数;本申请实施例以一个用户为例进行说明。Exemplarily, after the server receives the data storage request of each user, the system background independently generates a pair of key random numbers for each user, which are respectively the user key random number and the file key random number; this application implements The example takes a user as an example to illustrate.
这里,文件密钥随机数表示服务端系统生成的用于加密用户数据的随机数种子,留存于服务端数据库中保管。用户密钥随机数表示服务端系统生成的用于加密用户数据的随机数种子,用于第三方可信机构加密托管,及用户密码的哈希值加密存储,全程不落地留痕。即,在生成用户密钥随机数的同时,会直接基于第三方可信机构进行密钥托管;第三方可信机构表示第三方具有权威性的、被公众认可的、具有相关技术能力的可信赖的机构。Here, the random number of the file key represents the random number seed generated by the server system for encrypting user data, and is stored in the server database for safekeeping. The random number of the user key represents the random number seed generated by the server system for encrypting user data, which is used for encrypted custody by a third-party trusted organization, and encrypted storage of the hash value of the user password, without leaving any traces in the whole process. That is, while generating the user's key random number, the key escrow will be directly based on a third-party trusted organization; the third-party trusted organization indicates that the third party is authoritative, publicly recognized, and has relevant technical capabilities. institution.
示例性地,第三方可信机构可以是中国金融认证中心(China FinancialCertification Authority,CFCA),也可以是其它第三方可信机构。Exemplarily, the third-party trusted institution may be China Financial Certification Authority (CFCA), or may be other third-party trusted institutions.
这里,通过将用户密钥随机数托管于第三方可信机构,保证服务提供方和可信机构任意单方都无法解密用户数据,密钥分开保管,保证了数据存储的安全性。Here, by entrusting the random number of the user key to a third-party trusted organization, it is guaranteed that neither the service provider nor the trusted organization can decrypt the user data, and the keys are kept separately to ensure the security of data storage.
步骤101:对用户的用户密钥随机数和文件密钥随机数进行拼接,得到第一字符串,加密第一字符串,得到第一数据密钥。Step 101: splicing the user's user key random number and the file key random number to obtain a first character string, and encrypting the first character string to obtain a first data key.
示例性地,在根据步骤100得到用户的用户密钥随机数和文件密钥随机数后,对该用户的用户密钥随机数和文件密钥随机数进行拼接,得到第一字符串。这里,对于两者的拼接顺序可以根据实际情况进行设置,本申请实施例对此不作限定。Exemplarily, after obtaining the random number of the user key and the random number of the file key of the user according to step 100, the user's random number of the user key and the random number of the file key are spliced to obtain the first character string. Here, the splicing sequence of the two may be set according to actual conditions, which is not limited in this embodiment of the present application.
在一种实施方式中,假设用户密钥随机数对应的字符串为“abc”,文件密钥随机数对应的字符串为“def”,则进行拼接后得到的第一字符串可以为“abcdef”,也可以为“defabc”。In one embodiment, assuming that the character string corresponding to the random number of the user key is "abc" and the character string corresponding to the random number of the file key is "def", the first character string obtained after splicing may be "abcdef" ", or "defabc".
本申请实施例中,在得到第一字符串后,使用第一加密算法对该第一字符串进行加密;这里,对第一加密算法的类型不作限制,例如,可以是分组对称加密算法SM4,也可以是其它标准加密算法;下面以分组对称加密算法SM4(简称SM4算法)为例进行说明。In the embodiment of the present application, after the first character string is obtained, the first character string is encrypted using the first encryption algorithm; here, the type of the first encryption algorithm is not limited, for example, it may be the block symmetric encryption algorithm SM4, It can also be other standard encryption algorithms; the following takes the packet symmetric encryption algorithm SM4 (SM4 algorithm for short) as an example for description.
SM4算法是一种分组对称密码算法,用于实现数据的加密/解密运算,以保证数据和信息的机密性。该算法的分组长度为128比特,密钥长度为128比特。(十六进制表示则为32位,明文和密钥等长)加密算法与密钥扩展算法都采用32轮非线性迭代结构。The SM4 algorithm is a block symmetric cipher algorithm used to implement data encryption/decryption operations to ensure the confidentiality of data and information. The block length of this algorithm is 128 bits, and the key length is 128 bits. (The hexadecimal representation is 32 bits, the plaintext and the key are the same length) The encryption algorithm and the key expansion algorithm both use a 32-round non-linear iterative structure.
示例性地,在采用SM4算法加密第一字符串的过程中,若第一字符串不足128位则采用0补齐位数;图1b是本申请实施例中的采用SM4算法加密第一字符串的流程示意图;这里,若用Xi(i=0,1,2,…,31)表示加密过程中列的状态,初始状态X0,X1,X2,X3,经过32轮迭代,将得到32列扩展状态X0,X1,…X31。加密时轮密钥表示为(rk0,rk1,…,rk31),轮密钥由加密密钥生成;最后,可以得到128位的密文,即,第一数据密钥。Exemplarily, in the process of encrypting the first character string by using the SM4 algorithm, if the first character string is less than 128 bits, the number of digits is filled with 0; Here, if Xi (i=0, 1, 2, ..., 31) is used to represent the state of the column in the encryption process, the initial state X0, X1, X2, X3, after 32 rounds of iterations, will get 32 column expansion Status X0, X1, ... X31. The encryption time-round key is expressed as (rk0, rk1, .
步骤102:根据第一数据密钥,对用户数据进行加密,并对加密后的用户数据进行存储。Step 102: Encrypt the user data according to the first data key, and store the encrypted user data.
示例性地,在根据步骤101得到第一数据密钥后,使用第一数据密钥对用户数据进行加密,再次使用第一加密算法加密被第一数据密钥加密的用户数据,得到加密后的用户数据,将加密后的用户数据存储于服务端数据库中;同时,销毁第一数据密钥。Exemplarily, after obtaining the first data key according to step 101, use the first data key to encrypt the user data, and use the first encryption algorithm again to encrypt the user data encrypted by the first data key to obtain the encrypted data. For user data, the encrypted user data is stored in the server database; at the same time, the first data key is destroyed.
本申请实施例中,根据用户密钥随机数和文件密钥随机数得到的第一数据密钥进行数据加密,不直接通过用户密码加密数据;由于用户密钥随机数依赖用户密码进行解密还原,使得用户可通过自己的密码访问和导出自己的数据,无独立密码的鉴权,后台无法解密用户数据,有效确保用户数据的安全性。In the embodiment of the present application, data encryption is performed according to the first data key obtained from the random number of the user key and the random number of the file key, and the data is not directly encrypted by the user password; since the random number of the user key depends on the user password for decryption and restoration, It enables users to access and export their own data through their own passwords. Without the authentication of independent passwords, the background cannot decrypt user data, effectively ensuring the security of user data.
步骤103:获取用户密码,根据用户密码生成目标密码,对目标密码与用户密钥随机数进行拼接,得到第二字符串,加密第二字符串,得到第二数据密钥;第二数据密钥用于在对加密后的用户数据进行操作时确定用户的用户密钥随机数。Step 103: Obtain a user password, generate a target password according to the user password, splicing the target password and the random number of the user key to obtain a second character string, encrypt the second character string, and obtain a second data key; the second data key The user key random number used to determine the user when operating on encrypted user data.
示例性地,在服务端接收到用户的上述数据存储请求后,首先对该用户进行身份认证;在确定通过身份认证后,用户会通过用户端的前端页面设置自己的密码,即,用户密码,此时,服务端可以获取用户密码,进而,根据用户密码,生成目标密码。Exemplarily, after the server receives the above-mentioned data storage request from the user, it first authenticates the user; after determining to pass the identity authentication, the user will set his own password through the front-end page of the client, that is, the user password, which is At the time, the server can obtain the user password, and then, according to the user password, generate the target password.
这里,对身份认证方式的类型不作限制,例如,可以是基于生物学特征的身份认证,如指纹、虹膜等,也可以是其它方式的身份认证。Here, the type of the identity authentication method is not limited, for example, it can be identity authentication based on biological features, such as fingerprints, iris, etc., or identity authentication in other ways.
示例性地,目标密码可以是用户密码,也可以是根据第二加密算法对用户密码加密后的数据;这里,第二加密算法可以是SM3算法,也可以是其它标准加密算法;其中,SM3算法是一种哈希算法,在密码体系中,主要用于数字签名及验证、消息认证码生成及验证、随机数生成等。对于用户需要加密的数据,即用户密码,在加密后会生成一个固定长度(32字节)的哈希值。Exemplarily, the target password may be the user password, or may be the data encrypted by the user password according to the second encryption algorithm; here, the second encryption algorithm may be the SM3 algorithm, or may be other standard encryption algorithms; wherein, the SM3 algorithm It is a hash algorithm. In the cryptographic system, it is mainly used for digital signature and verification, message authentication code generation and verification, and random number generation. For the data that the user needs to encrypt, that is, the user password, a hash value of a fixed length (32 bytes) will be generated after encryption.
示例性地,在根据用户密码,得到目标密码后,将目标密码与用户密钥随机数进行拼接,并使用第一加密算法对拼接得到的第二字符串进行加密,得到第二数据密钥;若得到第二数据密钥,则对用户密钥随机数进行销毁。这里,目标密码与用户密钥随机数的拼接过程与上述用户密钥随机数和文件密钥随机数的拼接过程相同,第二字符串的加密过程与上述第一字符串的加密过程相同,此处不再赘述。Exemplarily, after obtaining the target password according to the user password, splicing the target password and the user key random number, and using the first encryption algorithm to encrypt the second string obtained by the splicing to obtain the second data key; If the second data key is obtained, the random number of the user key is destroyed. Here, the splicing process of the target password and the random number of the user key is the same as the splicing process of the random number of the user key and the random number of the file key, and the encryption process of the second character string is the same as the encryption process of the first character string. It is not repeated here.
本申请实施例中,由于在生成第二数据密钥后,便对用户密钥随机数进行销毁,这样,若用户后续想要对加密后的用户数据进行操作,则通过第二数据密钥便可确定用户密钥随机数,而用户密钥随机数是基于用户密码进行加密的,因而,通过第二数据密钥可以确保用户数据仅在有用户密钥鉴权的情况下才能还原,提高用户操作数据的安全性。In the embodiment of the present application, after the second data key is generated, the random number of the user key is destroyed, so if the user wants to operate the encrypted user data later, the second data key is used to The random number of the user key can be determined, and the random number of the user key is encrypted based on the user password. Therefore, through the second data key, it can be ensured that the user data can be restored only when the user key is authenticated, and the user data can be restored. Security of operational data.
图1c是本申请实施例中的对用户数据进行加密的流程示意图,如图1c所示,在服务端接收到用户端发送的数据存储请求后,会对该用户进行身份认证;在确定通过身份认证后,用户设置密码;然后,服务端获取该用户密码,并通过SM3算法加密该用户密码,得到用户密码哈希值;在服务端接收上述数据存储请求的同时,服务端后台会生成用户密钥随机数和文件密钥随机数;通过SM4算法加密用户密钥随机数和文件密钥随机数拼接后的字符串,可以得到第一数据密钥;该第一数据密钥用于对用户数据进行加密,再次使用SM4算法加密第一数据密钥,得到加密后的用户数据,销毁第一数据密钥。将上述用户密码哈希值与用户密钥随机数进行拼接,通过SM4算法加密拼接后的字符串,得到第二数据密钥,对用户密钥随机数进行销毁;这样,用户数据仅在有用户密钥鉴权的情况下才能还原。Figure 1c is a schematic flow chart of encrypting user data in the embodiment of the present application. As shown in Figure 1c, after the server receives the data storage request sent by the user, it will perform identity authentication on the user; After authentication, the user sets a password; then, the server obtains the user password, encrypts the user password through the SM3 algorithm, and obtains the user password hash value; when the server receives the above data storage request, the server background will generate the user password. key random number and file key random number; encrypt the string concatenated by the user key random number and the file key random number through the SM4 algorithm to obtain the first data key; the first data key is used to Encryption is performed, and the SM4 algorithm is used to encrypt the first data key again to obtain encrypted user data, and the first data key is destroyed. The hash value of the user password and the random number of the user key are spliced together, and the spliced string is encrypted by the SM4 algorithm to obtain the second data key, and the random number of the user key is destroyed; It can be restored only under the condition of key authentication.
在一些实施例中,上述方法还可以包括:在接收到针对加密后的用户数据的操作请求后,根据用户密码,对第二数据密钥进行解密,得到用户的用户密钥随机数;对文件密钥随机数和解密后的用户密钥随机数进行加密,重新生成第一数据密钥;根据重新生成的第一数据密钥,对加密后的用户数据进行解密,得到用户数据;根据操作请求,对用户数据进行操作。In some embodiments, the above method may further include: after receiving the operation request for the encrypted user data, decrypting the second data key according to the user password to obtain the random number of the user key of the user; The key random number and the decrypted user key random number are encrypted, and the first data key is regenerated; according to the regenerated first data key, the encrypted user data is decrypted to obtain the user data; according to the operation request , to operate on user data.
这里,对于用户的操作请求的类型,本申请实施例对此不作限制,例如,可以是用户上传数据的操作请求、查询数据的操作请求或修改数据的操作请求等各类操作请求。Here, the type of the user's operation request is not limited in this embodiment of the present application. For example, it may be an operation request for uploading data, an operation request for querying data, or an operation request for modifying data.
图1d是本申请实施例中的根据用户操作请求对用户数据进行操作的流程示意图,如图1d所示,在服务端接收到用户端发送的操作请求后,会进行密码认证;在确定通过密码认证后,根据用户密码,使用SM4算法对第二数据密钥进行解密,得到解密后的用户密钥随机数;然后,使用SM4算法对文件密钥随机数和解密后的用户密钥随机数进行加密,重新生成第一数据密钥;使用SM4算法解密被第一数据密钥加密的用户数据,得到用户数据。进而,根据操作请求的类型,对用户数据进行对应操作;例如,查看或导出数据。Fig. 1d is a schematic flowchart of operating user data according to a user operation request in an embodiment of the present application. As shown in Fig. 1d, after the server receives the operation request sent by the user, password authentication is performed; After authentication, according to the user password, use the SM4 algorithm to decrypt the second data key to obtain the decrypted user key random number; then, use the SM4 algorithm to perform the file key random number and the decrypted user key random number. encrypt, and regenerate the first data key; use the SM4 algorithm to decrypt the user data encrypted by the first data key to obtain the user data. Further, according to the type of the operation request, corresponding operations are performed on the user data; for example, data is viewed or exported.
在一些实施例中,上述方法还可以包括:基于区块链数据存证方式,将针对用户数据的操作行为进行记录。In some embodiments, the above method may further include: recording the operation behavior of the user data based on the blockchain data storage method.
本申请实施例中,通过将针对用户数据的操作行为,例如,用户数据的上传、查询、修改等各类操作行为区块链数据存证,可以保证用户操作行为不可纂改,保证事后追溯,便于用户数据的管理。In the embodiment of this application, by storing the operation behaviors for user data, such as uploading, querying, modifying and other operation behaviors of user data, the blockchain data can ensure that the user's operation behaviors cannot be edited and can be traced back after the event. Facilitate the management of user data.
示例性地,用户数据的各类操作行为经过专业全面的法律合规评估,与用户及数据使用方签订完整全面的法律条款授权协议。明确不篡改、明确授权内容、明确授权范围及授权期限。Exemplarily, various operating behaviors of user data undergo professional and comprehensive legal compliance assessment, and complete and comprehensive legal terms authorization agreements are signed with users and data users. Clearly not tampered with, clear authorized content, clear authorized scope and authorized period.
在一些实施例中,上述方法还可以包括:根据用户的ID,获取第三方可信机构分配的公钥和私钥;得到加密后的用户密钥随机数,并对用户的用户密钥随机数进行销毁;加密后的用户密钥随机数是通过第三方可信机构的公钥对用户的用户密钥随机数进行加密得到的;对加密后的用户密钥随机数进行加密,得到第三数据密钥;存储第三数据密钥。In some embodiments, the above method may further include: obtaining a public key and a private key distributed by a third-party trusted organization according to the user's ID; obtaining an encrypted random number of the user's key, and determining the random number of the user's user key. The encrypted random number of the user key is obtained by encrypting the random number of the user's user key with the public key of a third-party trusted organization; the encrypted random number of the user key is encrypted to obtain the third data key; stores the third data key.
本申请实施例中,服务端获取用户的ID,并通过用户的ID向第三方可信机构申请证书,第三方可信机构为每个用户独立分配一对公私钥证书,即,每个用户对应分配一对公钥和私钥;这里,用户的ID由用户注册时服务端系统唯一分配。In this embodiment of the application, the server obtains the user's ID, and applies for a certificate to a third-party trusted authority through the user's ID. The third-party trusted authority independently allocates a pair of public and private key certificates for each user, that is, each user corresponds to Assign a pair of public and private keys; here, the user's ID is uniquely assigned by the server system when the user registers.
通过第三方可信机构的公钥对用户的用户密钥随机数进行加密得到加密后的用户密钥随机数,再使用第一加密算法,例如,SM4算法对加密后的用户密钥随机数进行加密,得到第三数据密钥;将第三数据密钥存储于服务器数据库中。Encrypt the user's user key random number with the public key of the third-party trusted organization to obtain the encrypted user key random number, and then use the first encryption algorithm, for example, the SM4 algorithm to encrypt the encrypted user key random number. Encrypt to obtain the third data key; store the third data key in the server database.
在一些实施例中,上述方法还可以包括:服务端通过身份认证方式对第三数据密钥进行解密,得到加密后的用户密钥随机数;得到用户的用户密钥随机数;用户的用户密钥随机数是通过第三方可信机构的私钥对加密后的用户密钥随机数进行解密得到的。In some embodiments, the above method may further include: the server decrypts the third data key by means of identity authentication, and obtains the encrypted random number of the user key; obtains the random number of the user's user key; The key random number is obtained by decrypting the encrypted user key random number with the private key of the third-party trusted organization.
示例性地,在用户忘记设置密码,即,服务端获取不到正确的用户密码的情况下,可以通过身份认证方式对上述得到的第三数据密钥进行解密,得到加密后的用户密钥随机数,再通过第三方可信机构分配给用户的私钥对加密后的用户密钥随机数进行解密,得到用户密钥随机数;然后,对文件密钥随机数和得到的用户密钥随机数进行加密,重新生成第一数据密钥;根据重新生成的第一数据密钥,对用户数据进行解密,进而,得到用户数据。Exemplarily, in the case that the user forgets to set the password, that is, the server cannot obtain the correct user password, the third data key obtained above can be decrypted by means of identity authentication, and the encrypted user key can be obtained randomly. The encrypted user key random number is decrypted through the private key assigned to the user by a third-party trusted organization to obtain the user key random number; then, the file key random number and the obtained user key random number are decrypted. Encryption is performed to regenerate the first data key; according to the regenerated first data key, the user data is decrypted, and then the user data is obtained.
可以看出,本申请实施例支持用户忘记密码的情况下,通过线上生物认证、或一次性密码(One Time Password,OTP)短信验证等身份认证方式鉴权找回用户数据,用户密钥随机数明文全程不落地留痕。It can be seen that the embodiment of the present application supports the retrieval of user data through identity authentication methods such as online biometric authentication or one-time password (One Time Password, OTP) SMS verification and other identity authentication methods when the user forgets the password, and the user key is random. The plaintext does not leave any traces on the ground.
在一些实施例中,上述方法还可以包括:在得到用户的用户密钥随机数和重置后的用户密码的情况下,基于用户的用户密钥随机数和重置后的用户密码,得到更新后的第二数据密钥;重置后的用户密码是对用户进行身份认证后得到的。In some embodiments, the above method may further include: in the case of obtaining the user's user key random number and the reset user password, obtaining an update based on the user's user key random number and the reset user password. The second data key after reset; the reset user password is obtained after the user is authenticated.
示例性地,在用户忘记设置密码时,用户需要重置密码;在服务端确定该用户通过身份认证后,用户重置密码,服务端将用户重置后的密码发送给第三方可信机构,第三方可信机构对该密码作进一步验证,在确定验证通过后,服务端获取重置后的用户密码;在得到用户密钥随机数和重置后的用户密码的情况下,可以根据用户密码,得到更新后的目标密码,再将更新后的目标密码与用户密钥随机数进行拼接,得到更新后的第二字符串,使用第一加密算法对更新后的第二字符串进行加密,得到更新后的第二数据密钥。Exemplarily, when the user forgets to set the password, the user needs to reset the password; after the server determines that the user has passed the identity authentication, the user resets the password, and the server sends the reset password of the user to a third-party trusted organization, The third-party trusted organization further verifies the password. After confirming that the verification is passed, the server obtains the reset user password; after obtaining the random number of the user key and the reset user password, the user password can be obtained according to the user password. , obtain the updated target password, and then splicing the updated target password with the random number of the user key to obtain the updated second string, and use the first encryption algorithm to encrypt the updated second string to obtain The updated second data key.
在一些实施例中,上述方法还可以包括:在确定用户密码发生变更的情况下,根据未变更前的用户密码,对第二数据密钥进行解密,得到用户的用户密钥随机数;基于用户的用户密钥随机数和变更后的用户密码,得到更新后的第二数据密钥。In some embodiments, the above method may further include: when it is determined that the user password is changed, decrypting the second data key according to the user password before the change to obtain the user's user key random number; The user key random number and the changed user password are obtained to obtain the updated second data key.
示例性,当用户变更密码时,用户需要变更密码;若确定用户密码发生变更后,根据未变更前的用户密码,对第二数据密钥进行解密,得到用户的用户密钥随机数;再将变更后的用户密码与用户密钥随机数进行拼接,得到更新后的第二字符串,使用第一加密算法对更新后的第二字符串进行加密,得到更新后的第二数据密钥。Exemplarily, when the user changes the password, the user needs to change the password; if it is determined that the user password is changed, the second data key is decrypted according to the user password before the change to obtain the random number of the user's user key; The changed user password is spliced with the random number of the user key to obtain an updated second character string, and the updated second character string is encrypted using the first encryption algorithm to obtain an updated second data key.
本申请实施例中,当用户变更密码时,不需要使用未变更前的用户密码先解密数据,再用变更后的用户密码加密数据实现保存。而是通过解密第二数据密钥得到用户密钥随机数后,再通过对变更后的用户密码和用户密钥随机数进行加密,得到更新后的第二数据密钥。可以看出,本申请实施例不会涉及到用户数据的重新加解密,这样的设计使后台处理更加轻量,提升了系统性能,并减少了因密码改动引起的数据存储错误概率。In the embodiment of the present application, when the user changes the password, it is not necessary to use the unchanged user password to first decrypt the data, and then use the changed user password to encrypt the data for saving. Instead, after the user key random number is obtained by decrypting the second data key, the updated second data key is obtained by encrypting the changed user password and the user key random number. It can be seen that the embodiment of the present application does not involve re-encryption and decryption of user data, such a design makes background processing lighter, improves system performance, and reduces the probability of data storage errors caused by password changes.
图1e是本申请实施例中的用户变更或重置密码的流程示意图,如图1e所示,在服务端接收到用户端发送的操作请求后,会对该用户进行身份认证;在确定通过身份认证后,用户重置密码;服务端将重置后的用户密码发送给第三方可信机构,第三方可信机构在接收到重置后的用户密码后,采用OTP短信验证方式向用户端发送验证码,用户在用户端回填该验证码,服务端在确定验证码通过后,对第三数据密钥进行解密,得到加密后的用户密钥随机数,上送加密后的用户密钥随机数至第三方可信机构;第三方可信机构通过分配给用户的私钥对加密后的用户密钥随机数进行解密回传,使得服务端得到用户密钥随机数;然后,服务端基于重置后的用户密码的哈希值与得到的用户密钥随机数,得到更新后的第二数据密钥,最后销毁更新前的第二数据密钥。Fig. 1e is a schematic flowchart of a user changing or resetting a password in the embodiment of the present application. As shown in Fig. 1e, after the server receives the operation request sent by the client, it will perform identity authentication on the user; After authentication, the user resets the password; the server sends the reset user password to the third-party trusted organization. After receiving the reset user password, the third-party trusted organization sends it to the user through OTP SMS verification. Verification code, the user backfills the verification code on the client side, and the server side decrypts the third data key after confirming that the verification code is passed, obtains the encrypted random number of the user key, and uploads the encrypted random number of the user key to the third-party trusted organization; the third-party trusted organization decrypts the encrypted random number of the user key through the private key assigned to the user, so that the server obtains the random number of the user key; then, the server resets the random number based on The hash value of the updated user password and the obtained random number of the user key are used to obtain the updated second data key, and finally the pre-updated second data key is destroyed.
本申请实施例提出了一种数据处理方法、装置、电子设备和计算机存储介质,该方法应用于服务端系统,该方法包括:接收用户的数据存储请求,根据数据存储请求生成用户的用户密钥随机数和文件密钥随机数;对用户的用户密钥随机数和文件密钥随机数进行拼接,得到第一字符串,加密第一字符串,得到第一数据密钥;根据第一数据密钥,对用户数据进行加密,并对加密后的用户数据进行存储。可以看出,本申请实施例中,首先基于服务端系统生成的用户密钥随机数和文件密钥随机数,进行第一层加密,得到第一数据密钥;再通过第一数据密钥对用户数据进行第二层加密;即,在对用户数据存储的过程中,采用上述两层加密方式实现加密,相比于现有技术中仅采用单层加密用户数据的方式,该加密方式的安全性较高,能够有效提高用户存储数据时的安全性,降低安全风险。The embodiments of the present application propose a data processing method, device, electronic device and computer storage medium. The method is applied to a server system. The method includes: receiving a data storage request from a user, and generating a user key of the user according to the data storage request Random number and file key random number; splicing the user's user key random number and file key random number to obtain the first character string, encrypting the first character string to obtain the first data key; according to the first data encryption key, encrypt user data, and store the encrypted user data. It can be seen that, in the embodiment of the present application, the first layer of encryption is firstly performed based on the random number of the user key and the random number of the file key generated by the server system to obtain the first data key; The user data is encrypted at the second layer; that is, in the process of storing the user data, the above-mentioned two-layer encryption method is used to realize encryption. It has high security, which can effectively improve the security of users when storing data and reduce security risks.
为了能够更加体现本申请的目的,在本申请上述实施例的基础上,进行进一步的说明。In order to better reflect the purpose of the present application, further description will be made on the basis of the above-mentioned embodiments of the present application.
图2为本申请实施例的一种数据加密方法的流程示意图,如图2所示,该流程可以包括:FIG. 2 is a schematic flowchart of a data encryption method according to an embodiment of the present application. As shown in FIG. 2 , the process may include:
步骤A1:将用户密钥随机数和文件密钥随机数进行拼接,通过SM4算法加密拼接后的字符串,得到第一数据密钥;该第一数据密钥用于对用户数据进行加密,再次使用SM4算法加密第一数据密钥,得到加密后的用户数据,销毁第一数据密钥。Step A1: splicing the random number of the user key and the random number of the file key, encrypting the spliced character string through the SM4 algorithm, and obtaining the first data key; the first data key is used to encrypt the user data, and then again The first data key is encrypted by using the SM4 algorithm, the encrypted user data is obtained, and the first data key is destroyed.
步骤A2:用户密码哈希值和用户密钥随机数进行拼接,通过SM4算法加密拼接后的字符串,得到第二数据密钥,将第二数据密钥进行存储。Step A2: splicing the hash value of the user password and the random number of the user key, encrypting the spliced string through the SM4 algorithm, obtaining a second data key, and storing the second data key.
步骤A3:将托管于第三方可信机构的用户密钥随机数进行加密,通过SM4算法对加密后的用户密钥随机数再次加密,得到第三数据密钥。Step A3: Encrypt the random number of the user key hosted by the third-party trusted organization, and encrypt the encrypted random number of the user key again through the SM4 algorithm to obtain a third data key.
示例性地,上述三个步骤可以同时执行。Exemplarily, the above three steps may be performed simultaneously.
可以看出,本申请实施例中仅用户自己能查看和导出数据,服务提供商无法独立破解用户数据,数据存储的安全性得到了保障;如有用户忘记设置密码的特殊情况,也支持第三方可信机构在身份认证后找回密钥,解密用户数据。It can be seen that in the embodiment of the present application, only the user can view and export the data, the service provider cannot independently decipher the user data, and the security of data storage is guaranteed; if the user forgets to set the password in a special case, the third party is also supported. The trusted authority retrieves the key after identity authentication and decrypts the user data.
示例性地,本申请实施例支持两种数据解密方法:一种是正常情况下用户通过密码鉴权解密数据;另一种是用户忘记密码的情况下,通过第三方可信机构找回密钥,解密数据;解密过程和加密过程中使用的算法是完全相同的,唯一不同点在于解密算法的解密密钥是由它的加密密钥进行逆序变换后得到的;例如,SM4算法解密时轮密钥的使用顺序为:(rk31,rk30,…,rk0)。Exemplarily, the embodiments of the present application support two data decryption methods: one is that the user decrypts data through password authentication under normal circumstances; the other is that when the user forgets the password, the key is retrieved through a third-party trusted organization. , decrypt the data; the algorithm used in the decryption process and the encryption process is exactly the same, the only difference is that the decryption key of the decryption algorithm is obtained by inversely transforming its encryption key; for example, when the SM4 algorithm decrypts the round encryption The keys are used in the following order: (rk31,rk30,…,rk0).
本申请实施例中,将部分密钥托管于第三方可信机构,使得服务提供方和可信机构均无法单独破解用户数据,用户存储的数据更加安全可靠;此外,还依赖于用户鉴权,用户设置独立的用户密码,用户密钥加密用户密钥存储,无用户鉴权服务提供方无法破解用户数据,有效确保用户对个人数据的掌控能力;当用户忘记密码时,还可通过线上身份认证后从第三方可信机构找回密钥;用户全程操作行为区块链存证,保证了数据存储和使用的不可篡改性及事后可追溯;有效提高了数据在加密存储及使用中的安全性,相比较于现有的云存储服务商,在安全性和个人数据隐私保护上,有明显的优化提升。In the embodiment of the present application, part of the keys are entrusted to a third-party trusted organization, so that neither the service provider nor the trusted organization can crack the user data independently, and the data stored by the user is more secure and reliable; in addition, it also relies on user authentication, The user sets an independent user password, the user key is encrypted and the user key is stored, and the user data cannot be cracked by the service provider without user authentication, which effectively ensures the user's ability to control personal data; when the user forgets the password, he can also use the online identity After authentication, the key is retrieved from a third-party trusted organization; the user's entire operation behavior is stored in the blockchain, which ensures the non-tampering and subsequent traceability of data storage and use; effectively improves the security of data in encrypted storage and use Compared with the existing cloud storage service providers, it has obvious optimization and improvement in security and personal data privacy protection.
进一步地,本申请实施例中涉及的加密存储技术,也应用于数据保险箱产品上,该产品是自主研发为用户打造的金融级安全加密存储数据的产品,支持用户保管各种证照文件,如身份证件、银行卡、驾驶证、学历证明、不动产权证书、营业执照、财务报表等,便于用户对其拥有的数据资产进行管理及使用。能够基于多重加密技术及用户鉴权实现安全存储,并采用区块链存证、生物验证等技术,确保用户在存储和使用其数据资产过程中的安全。Further, the encryption storage technology involved in the embodiments of this application is also applied to the data safe product, which is a financial-level secure encrypted storage data product independently developed for users, and supports users to keep various certificates and documents, such as identities. Documents, bank cards, driving licenses, academic certificates, real estate certificates, business licenses, financial statements, etc., are convenient for users to manage and use the data assets they own. It can realize secure storage based on multiple encryption technologies and user authentication, and adopts technologies such as blockchain storage and biometric verification to ensure the safety of users in the process of storing and using their data assets.
图3是本申请实施例的数据处理装置的组成结构示意图,如图3所示,该装置包括生成模块300、加密模块301和存储模块302,其中,FIG. 3 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present application. As shown in FIG. 3 , the apparatus includes a
生成模块300,用于接收用户的数据存储请求,根据数据存储请求生成用户的用户密钥随机数和文件密钥随机数;The
加密模块301,用于对用户的用户密钥随机数和文件密钥随机数进行拼接,得到第一字符串,加密第一字符串,得到第一数据密钥,根据第一数据密钥,对用户数据进行加密;获取用户密码,根据用户密码生成目标密码,对目标密码与用户密钥随机数进行拼接,得到第二字符串,加密第二字符串,得到第二数据密钥;第二数据密钥用于在对加密后的用户数据进行操作时确定用户的用户密钥随机数;The
存储模块302,用于对加密后的用户数据进行存储。The
在一些实施例中,上述装置还包括解密模块,解密模块,用于:In some embodiments, the above-mentioned apparatus further includes a decryption module, which is used for:
在接收到针对加密后的用户数据的操作请求后,根据用户密码,对第二数据密钥进行解密,得到用户的用户密钥随机数;After receiving the operation request for the encrypted user data, decrypt the second data key according to the user password to obtain the random number of the user's user key;
对文件密钥随机数和解密后的用户密钥随机数进行加密,重新生成第一数据密钥;Encrypting the file key random number and the decrypted user key random number, and regenerating the first data key;
根据重新生成的第一数据密钥,对加密后的用户数据进行解密,得到用户数据;根据操作请求,对用户数据进行操作。Decrypt the encrypted user data according to the regenerated first data key to obtain the user data; and operate the user data according to the operation request.
在一些实施例中,存储模块302,还用于:In some embodiments, the
基于区块链数据存证方式,将针对用户数据的操作行为进行记录。Based on the blockchain data storage method, the operation behavior of user data will be recorded.
在一些实施例中,加密模块301,还用于:In some embodiments, the
根据用户的ID,获取第三方可信机构分配的公钥;According to the user's ID, obtain the public key assigned by the third-party trusted organization;
得到加密后的用户密钥随机数,并对用户的用户密钥随机数进行销毁;加密后的用户密钥随机数是通过第三方可信机构的公钥对用户的用户密钥随机数进行加密得到的;Obtain the encrypted random number of the user key, and destroy the random number of the user's user key; the encrypted random number of the user key is encrypted by the public key of the third-party trusted organization. owned;
对加密后的用户密钥随机数进行加密,得到第三数据密钥。The encrypted random number of the user key is encrypted to obtain a third data key.
存储模块302,还用于:存储第三数据密钥。The
在一些实施例中,解密模块,还用于:In some embodiments, the decryption module is also used to:
根据用户的ID,获取第三方可信机构分配的私钥;According to the user's ID, obtain the private key assigned by the third-party trusted organization;
通过身份认证方式对第三数据密钥进行解密,得到加密后的用户密钥随机数;Decrypt the third data key through the identity authentication method to obtain the encrypted random number of the user key;
得到用户的用户密钥随机数;用户的用户密钥随机数是通过第三方可信机构的私钥对加密后的用户密钥随机数进行解密得到的。Obtain the user's user key random number; the user's user key random number is obtained by decrypting the encrypted user key random number with the private key of the third-party trusted organization.
在一些实施例中,加密模块301,还用于:In some embodiments, the
在得到用户的用户密钥随机数和重置后的用户密码的情况下,基于用户的用户密钥随机数和重置后的用户密码,得到更新后的第二数据密钥;重置后的用户密码是对用户进行身份认证后得到的。In the case of obtaining the user's user key random number and the reset user password, the updated second data key is obtained based on the user's user key random number and the reset user password; The user password is obtained after the user is authenticated.
在一些实施例中,加密模块301,还用于:In some embodiments, the
在确定用户密码发生变更的情况下,根据未变更前的用户密码,对第二数据密钥进行解密,得到用户的用户密钥随机数;When it is determined that the user password is changed, decrypt the second data key according to the user password before the change, and obtain the user's user key random number;
基于用户的用户密钥随机数和变更后的用户密码,得到更新后的第二数据密钥。Based on the user's user key random number and the changed user password, the updated second data key is obtained.
在实际应用中,上述生成模块300、加密模块301、存储模块302和解密模块均可以由位于电子设备中的处理器实现,该处理器可以为ASIC、DSP、DSPD、PLD、FPGA、CPU、控制器、微控制器、微处理器中的至少一种。In practical applications, the above-mentioned
另外,在本实施例中的各功能模块可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。In addition, each functional module in this embodiment may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit. The above-mentioned integrated units can be implemented in the form of hardware, or can be implemented in the form of software function modules.
集成的单元如果以软件功能模块的形式实现并非作为独立的产品进行销售或使用时,可以存储在一个计算机可读取存储介质中,基于这样的理解,本实施例的技术方案本质上或者说对相关技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机、服务器、或者网络设备等)或processor(处理器)执行本实施例方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(Read OnlyMemory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated unit is implemented in the form of software function modules and is not sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this embodiment is essentially or correct. Part of the contribution made by the related art or all or part of the technical solution can be embodied in the form of a software product, the computer software product is stored in a storage medium, and includes several instructions to make a computer device (which can be a personal computer). , server, or network device, etc.) or processor (processor) executes all or part of the steps of the method in this embodiment. The aforementioned storage medium includes: U disk, mobile hard disk, read only memory (Read Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk and other media that can store program codes.
具体来讲,本实施例中的一种数据处理方法对应的计算机程序指令可以被存储在光盘、硬盘、U盘等存储介质上,当存储介质中的与一种数据处理方法对应的计算机程序指令被一电子设备读取或被执行时,实现前述实施例的任意一种数据处理方法。Specifically, a computer program instruction corresponding to a data processing method in this embodiment may be stored on a storage medium such as an optical disk, a hard disk, a U disk, etc. When the computer program instruction corresponding to a data processing method in the storage medium When read or executed by an electronic device, any one of the data processing methods in the foregoing embodiments is implemented.
基于前述实施例相同的技术构思,参见图4,其示出了本申请实施例提供的电子设备400,可以包括:存储器401和处理器402;其中,Based on the same technical concept as the foregoing embodiments, see FIG. 4 , which shows an
存储器401,用于存储计算机程序和数据;
处理器402,用于执行存储器中存储的计算机程序,以实现前述实施例的任意一种数据处理方法。The
在实际应用中,上述存储器401可以是易失性存储器(volatile memory),例如RAM;或者非易失性存储器(non-volatile memory),例如ROM、快闪存储器(flash memory)、硬盘(Hard Disk Drive,HDD)或固态硬盘(Solid-State Drive,SSD);或者上述种类的存储器的组合,并向处理器402提供指令和数据。In practical applications, the above-mentioned
上述处理器402可以为ASIC、DSP、DSPD、PLD、FPGA、CPU、控制器、微控制器、微处理器中的至少一种。可以理解地,对于不同的审计管理平台,用于实现上述处理器功能的电子器件还可以为其它,本申请实施例不作具体限定。The above-mentioned
在一些实施例中,本申请实施例提供的装置具有的功能或包含的模块可以用于执行上文方法实施例描述的方法,其具体实现可以参照上文方法实施例的描述,为了简洁,这里不再赘述。In some embodiments, the functions or modules included in the apparatus provided in the embodiments of the present application may be used to execute the methods described in the above method embodiments, and the specific implementation may refer to the descriptions in the above method embodiments. No longer.
上文对各个实施例的描述倾向于强调各个实施例之间的不同之处,其相同或相似之处可以互相参考,为了简洁,本文不再赘述。The above descriptions of the various embodiments tend to emphasize the differences between the various embodiments, and the similarities or similarities can be referred to each other. For the sake of brevity, details are not repeated herein.
本申请所提供的各方法实施例中所揭露的方法,在不冲突的情况下可以任意组合,得到新的方法实施例。The methods disclosed in each method embodiment provided in this application can be combined arbitrarily without conflict to obtain a new method embodiment.
本申请所提供的各产品实施例中所揭露的特征,在不冲突的情况下可以任意组合,得到新的产品实施例。The features disclosed in each product embodiment provided in this application can be combined arbitrarily without conflict to obtain a new product embodiment.
本申请所提供的各方法或设备实施例中所揭露的特征,在不冲突的情况下可以任意组合,得到新的方法实施例或设备实施例。The features disclosed in each method or device embodiment provided in this application can be combined arbitrarily without conflict to obtain a new method embodiment or device embodiment.
本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用硬件实施例、软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器和光学存储器等)上实施的计算机程序产品的形式。As will be appreciated by those skilled in the art, the embodiments of the present application may be provided as a method, a system, or a computer program product. Accordingly, the application may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media having computer-usable program code embodied therein, including but not limited to disk storage, optical storage, and the like.
本申请是参照根据本申请实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the present application. It will be understood that each flow and/or block in the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to the processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing device to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing device produce Means for implementing the functions specified in a flow or flow of a flowchart and/or a block or blocks of a block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process such that The instructions provide steps for implementing the functions specified in the flow or blocks of the flowcharts and/or the block or blocks of the block diagrams.
以上,仅为本申请的较佳实施例而已,并非用于限定本申请的保护范围。The above are only preferred embodiments of the present application, and are not intended to limit the protection scope of the present application.
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110671252.7A CN113326522A (en) | 2021-06-17 | 2021-06-17 | Data processing method, device, equipment and computer storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110671252.7A CN113326522A (en) | 2021-06-17 | 2021-06-17 | Data processing method, device, equipment and computer storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113326522A true CN113326522A (en) | 2021-08-31 |
Family
ID=77423644
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110671252.7A Pending CN113326522A (en) | 2021-06-17 | 2021-06-17 | Data processing method, device, equipment and computer storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113326522A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113962693A (en) * | 2021-09-18 | 2022-01-21 | 中国科学院信息工程研究所 | A kind of private key custody and recovery method and system for blockchain system |
| CN114117406A (en) * | 2021-09-30 | 2022-03-01 | 深圳前海微众银行股份有限公司 | Data processing method, device, equipment and storage medium |
| CN115085983A (en) * | 2022-06-02 | 2022-09-20 | 度小满科技(北京)有限公司 | Data processing method and device, computer readable storage medium and electronic equipment |
| CN115292746A (en) * | 2022-07-28 | 2022-11-04 | 南京国电南自电网自动化有限公司 | A method for trusted compilation and operation of application programs |
| CN115333803A (en) * | 2022-07-27 | 2022-11-11 | 中国电信股份有限公司 | User password encryption processing method, device, equipment and storage medium |
| CN119227103A (en) * | 2024-09-09 | 2024-12-31 | 湖南麒麟信安科技股份有限公司 | A safe and easy-to-use file safe implementation method and system based on eCryptfs |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104917759A (en) * | 2015-05-26 | 2015-09-16 | 西安电子科技大学 | Third-party-based safety file storage and sharing system and method |
| US20180075253A1 (en) * | 2016-09-15 | 2018-03-15 | Nuts Holdings, Llc | Structured data folding with transmutations |
| CN109558340A (en) * | 2018-11-15 | 2019-04-02 | 北京计算机技术及应用研究所 | A kind of safe solid-state disk encryption system and method based on authentic authentication |
| CN110516458A (en) * | 2019-08-28 | 2019-11-29 | 腾讯科技(深圳)有限公司 | Data processing method, device and computer equipment based on block chain technology |
| CN112532379A (en) * | 2020-10-14 | 2021-03-19 | 厦门天锐科技股份有限公司 | File protection method and device |
-
2021
- 2021-06-17 CN CN202110671252.7A patent/CN113326522A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104917759A (en) * | 2015-05-26 | 2015-09-16 | 西安电子科技大学 | Third-party-based safety file storage and sharing system and method |
| US20180075253A1 (en) * | 2016-09-15 | 2018-03-15 | Nuts Holdings, Llc | Structured data folding with transmutations |
| CN109558340A (en) * | 2018-11-15 | 2019-04-02 | 北京计算机技术及应用研究所 | A kind of safe solid-state disk encryption system and method based on authentic authentication |
| CN110516458A (en) * | 2019-08-28 | 2019-11-29 | 腾讯科技(深圳)有限公司 | Data processing method, device and computer equipment based on block chain technology |
| CN112532379A (en) * | 2020-10-14 | 2021-03-19 | 厦门天锐科技股份有限公司 | File protection method and device |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113962693A (en) * | 2021-09-18 | 2022-01-21 | 中国科学院信息工程研究所 | A kind of private key custody and recovery method and system for blockchain system |
| CN114117406A (en) * | 2021-09-30 | 2022-03-01 | 深圳前海微众银行股份有限公司 | Data processing method, device, equipment and storage medium |
| CN114117406B (en) * | 2021-09-30 | 2025-01-28 | 深圳前海微众银行股份有限公司 | A data processing method, device, equipment and storage medium |
| CN115085983A (en) * | 2022-06-02 | 2022-09-20 | 度小满科技(北京)有限公司 | Data processing method and device, computer readable storage medium and electronic equipment |
| CN115085983B (en) * | 2022-06-02 | 2024-03-12 | 度小满科技(北京)有限公司 | Data processing method, data processing device, computer readable storage medium and electronic equipment |
| CN115333803A (en) * | 2022-07-27 | 2022-11-11 | 中国电信股份有限公司 | User password encryption processing method, device, equipment and storage medium |
| CN115292746A (en) * | 2022-07-28 | 2022-11-04 | 南京国电南自电网自动化有限公司 | A method for trusted compilation and operation of application programs |
| CN119227103A (en) * | 2024-09-09 | 2024-12-31 | 湖南麒麟信安科技股份有限公司 | A safe and easy-to-use file safe implementation method and system based on eCryptfs |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7312892B2 (en) | Encrypted asset encryption key parts that allow assembly of asset encryption keys using a subset of encrypted asset encryption key parts | |
| CN111367834B (en) | Self-encrypting drive | |
| CN113472521B (en) | Real-name digital identity management method, signature device and verification device based on blockchain | |
| JP6528008B2 (en) | Personal Device Security Using Elliptic Curve Cryptography for Secret Sharing | |
| CN113326522A (en) | Data processing method, device, equipment and computer storage medium | |
| US8667267B1 (en) | System and method for communicating with a key management system | |
| JP6329970B2 (en) | Policy enforcement with relevant data | |
| JP6678457B2 (en) | Data security services | |
| US9246889B2 (en) | Layered protection and validation of identity data delivered online via multiple intermediate clients | |
| JP2020009500A (en) | Data security services | |
| US20150227758A1 (en) | Method and System for Securing Documents on a Remote Shared Storage Resource | |
| US20130254536A1 (en) | Secure server side encryption for online file sharing and collaboration | |
| US12418419B2 (en) | Technologies for trust protocol with immutable chain storage and invocation tracking | |
| US9824231B2 (en) | Retention management in a facility with multiple trust zones and encryption based secure deletion | |
| CN111480172A (en) | Method and system for securely registering an encryption key on a physical medium for encryption keys, and physical medium produced thereby | |
| CN111480316B (en) | Method and apparatus for generating and verifying passwords | |
| US11861597B1 (en) | Database encryption wallet | |
| US11335109B2 (en) | Computing device for document authentication and a method to operate the same | |
| CN115221535A (en) | Manage sensitive information with the Trusted Platform Module | |
| CN110914826A (en) | System and method for distributed data mapping | |
| CN111079157A (en) | A blockchain-based secret fragmentation hosting platform, equipment and media | |
| TW202040400A (en) | Method and system for a secure transaction | |
| Ahmed et al. | Lightweight secure storage model with fault-tolerance in cloud environment | |
| Salikhov | Model of a Distributed Storage System for Crypto Wallet Private Keys | |
| JP7808001B2 (en) | Message presentation system, presentation device, and message presentation method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |

