[go: up one dir, main page]

CN115001813A - Information security method, system, equipment and medium - Google Patents

Information security method, system, equipment and medium Download PDF

Info

Publication number
CN115001813A
CN115001813A CN202210610419.3A CN202210610419A CN115001813A CN 115001813 A CN115001813 A CN 115001813A CN 202210610419 A CN202210610419 A CN 202210610419A CN 115001813 A CN115001813 A CN 115001813A
Authority
CN
China
Prior art keywords
encryption
key
level
user
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210610419.3A
Other languages
Chinese (zh)
Other versions
CN115001813B (en
Inventor
陈轩毅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanxi Lianrong Technology Co.,Ltd.
Original Assignee
Shanxi Xidian Information Technology Research Institute Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanxi Xidian Information Technology Research Institute Co ltd filed Critical Shanxi Xidian Information Technology Research Institute Co ltd
Priority to CN202210610419.3A priority Critical patent/CN115001813B/en
Publication of CN115001813A publication Critical patent/CN115001813A/en
Application granted granted Critical
Publication of CN115001813B publication Critical patent/CN115001813B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an information security method, equipment, a system and a medium, wherein the method comprises the following steps: acquiring data to be encrypted sent by a target user and an encryption level corresponding to the data to be encrypted; determining an encryption strategy according to the encryption level; wherein the encryption policy comprises an encryption key and a storage key; and encrypting and storing the data to be encrypted according to the encryption strategy. The information security confidentiality method provided by the embodiment of the invention provides different levels of keys for users in different levels, provides different encryption keys and storage keys for the users in the same level by setting different levels of key parameters, realizes the encryption of confidential information through the encryption keys, and realizes the encryption of confidential information addresses through the storage keys, thereby ensuring the security of data.

Description

一种信息安全保密方法、系统、设备及介质An information security and confidentiality method, system, device and medium

技术领域technical field

本发明涉及信息安全技术领域,具体涉及一种信息安全保密方法、系统、设备及介质。The invention relates to the technical field of information security, in particular to an information security and confidentiality method, system, device and medium.

背景技术Background technique

目前,现有的数据由于其加密方式相对简单,且解密所用的密钥一般是由用户自己设置的,其安全性相对较低;再加上,其存储地址一般是固定的,用户可通过固定的存储路径找到保密信息存储的位置,使得非法分子在云端找到对应保密信息后通过非法解密处理依然可对保密信息进行解密,以获得保密信息的内容,导致保密信息容易被窃取。At present, the existing data has relatively low security because its encryption method is relatively simple, and the key used for decryption is generally set by the user himself. The storage path can be used to find the location where the confidential information is stored, so that illegal elements can still decrypt the confidential information through illegal decryption processing after finding the corresponding confidential information in the cloud to obtain the content of the confidential information, which makes the confidential information easy to be stolen.

发明内容SUMMARY OF THE INVENTION

针对现有技术中的缺陷,本发明提供一种信息安全保密方法、系统、设备及介质。In view of the defects in the prior art, the present invention provides an information security and confidentiality method, system, device and medium.

第一方面,一种信息安全保密方法,所述方法包括以下内容:In a first aspect, a method for information security and confidentiality, the method includes the following:

获取目标用户发送的待加密数据、与所述待加密数据对应的加密级别;Obtain the data to be encrypted sent by the target user and the encryption level corresponding to the data to be encrypted;

根据所述加密级别确定加密策略;其中,所述加密策略包括加密密钥和存储密钥;Determine an encryption strategy according to the encryption level; wherein, the encryption strategy includes an encryption key and a storage key;

根据所述加密策略对所述待加密数据进行加密并存储。The data to be encrypted is encrypted and stored according to the encryption policy.

优选地,所述获取目标用户发送的待加密数据、与所述待加密数据对应的加密级别之前还包括:Preferably, before obtaining the data to be encrypted sent by the target user and the encryption level corresponding to the data to be encrypted, the method further includes:

对目标用户进行身份认证;Authenticate the target user;

在目标用户身份认证成功后,对目标用户进行等级认证;After the target user's identity authentication is successful, perform level authentication on the target user;

在目标用户等级认证成功后,根据所述用户等级,从用户数据库中确定出所述目标用户对应的等级密钥和等级密钥序列,其中,所述等级密钥序列用于表示最低用户等级至所述目标用户的用户等级所对应的等级密钥的集合。After the target user level authentication is successful, the level key and level key sequence corresponding to the target user are determined from the user database according to the user level, wherein the level key sequence is used to indicate the lowest user level to The set of level keys corresponding to the user level of the target user.

优选地,所述对用户身份进行认证包括:Preferably, the authentication of the user identity includes:

获取目标用户的身份信息,并从所述身份信息中提取到用户标识;Obtain the identity information of the target user, and extract the user identity from the identity information;

根据所述用户标识在用户数据库中查找对应的身份信息,若查询成功,则用户身份认证成功。The corresponding identity information is searched in the user database according to the user identifier, and if the query is successful, the user identity authentication is successful.

优选地,所述对目标用户进行等级认证包括:Preferably, the performing level authentication on the target user includes:

根据所述用户标识,从用户数据库中确定出所述目标用户的用户等级;According to the user identification, determine the user level of the target user from the user database;

向至少一个用户等级高于目标用户的其他用户发送等级认证请求;Send a level authentication request to at least one other user whose level is higher than the target user;

其他用户根据所述等级认证请求,返回确认信息,则用户等级认证成功。If other users return confirmation information according to the level authentication request, the user level authentication is successful.

优选地,所述根据所述加密级别确定加密策略包括:Preferably, the determining an encryption policy according to the encryption level includes:

根据加密级别确定等级密钥参数;Determine the level key parameters according to the encryption level;

根据所述等级密钥参数、等级密钥以及等级密钥序列,计算加密密钥和存储密钥。Based on the level key parameters, level key and level key sequence, an encryption key and a storage key are calculated.

优选地,所述根据所述等级密钥参数、等级密钥以及等级密钥序列,计算加密密钥和存储密钥的公式为:Preferably, the formula for calculating the encryption key and the storage key according to the grade key parameter, grade key and grade key sequence is:

Es=EmEm+1…(EK)2 E s =E m E m+1 …(E K ) 2

Ef=E1E2…Em-1EK E f = E 1 E 2 ...E m-1 E K

其中,Es表示加密密钥,Ef表示存储密钥,EK表示目标用户等级对应的等级密钥,m表示等级密钥参数。Among them, Es represents the encryption key, E f represents the storage key, E K represents the level key corresponding to the target user level, and m represents the level key parameter.

优选地,所述根据所述加密策略对所述待加密数据进行加密并存储包括:Preferably, the encrypting and storing the data to be encrypted according to the encryption policy includes:

利用所述加密密钥对待加密数据进行加密,得到保密数据,并对所述保密数据进行存储;Encrypt the data to be encrypted by using the encryption key to obtain confidential data, and store the confidential data;

获取保密数据的存储地址,利用存储密钥对所述存储地址进行加密,得到目标访问码,通过目标访问码实现保密信息的访问。The storage address of the confidential data is obtained, the storage address is encrypted with a storage key to obtain a target access code, and the access to the confidential information is realized through the target access code.

第二方面,一种信息安全保密系统,包括:A second aspect provides an information security and confidentiality system, comprising:

获取模块,用于获取目标用户发送的待加密数据、与所述待加密数据对应的加密级别;an acquisition module, configured to acquire the data to be encrypted sent by the target user and the encryption level corresponding to the data to be encrypted;

确定模块,用于根据所述加密级别确定加密策略;其中,所述加密策略包括加密密钥和存储密钥;a determining module, configured to determine an encryption strategy according to the encryption level; wherein, the encryption strategy includes an encryption key and a storage key;

执行模块,用于根据所述加密策略对所述待加密数据进行加密并存储。An execution module, configured to encrypt and store the data to be encrypted according to the encryption policy.

第三方面,一种信息安全保密设备,包括:至少一个存储器和至少一个处理器;In a third aspect, an information security security device includes: at least one memory and at least one processor;

所述至少一个存储器,用于存储机器可读程序;the at least one memory for storing a machine-readable program;

所述至少一个处理器,用于调用所述机器可读程序,执行权利要求1-7任一所述的方法。The at least one processor is configured to invoke the machine-readable program to execute the method of any one of claims 1-7.

第四方面,一种计算机可读介质,所述计算机可读介质上存储有计算机指令,所述计算机指令在被处理器执行时,使所述处理器执行上述的方法。In a fourth aspect, a computer-readable medium is provided with computer instructions stored thereon, and when executed by a processor, the computer instructions cause the processor to perform the above method.

本发明的有益效果体现在:本发明实施例通过的信息安全保密方法,针对不同等级的用户提供了不同等级密钥,针对同一等级的用户通过设置不同的等级密钥参数,为其提供了不同的加密密钥和存储密钥,通过加密密钥实现了保密信息的加密,保密信息地址的加密,从而保证了数据的安全性。本发明的其它特征和优点将在随后的说明书中阐述,并且,部分地从说明书中变得显而易见,或者通过实施本发明而了解。本发明的目的和其他优点可通过在说明书、权利要求书以及附图中所特别指出的结构来实现和获得。The beneficial effects of the present invention are embodied in: the information security and confidentiality method adopted in the embodiment of the present invention provides different levels of keys for users of different levels, and provides different level keys for users of the same level by setting different level key parameters. The encryption key and storage key are realized through the encryption key to realize the encryption of confidential information and the encryption of the address of confidential information, thus ensuring the security of data. Other features and advantages of the present invention will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention may be realized and attained by the structure particularly pointed out in the description, claims and drawings.

附图说明Description of drawings

为了更清楚地说明本发明具体实施方式或现有技术中的技术方案,下面将对具体实施方式或现有技术描述中所需要使用的附图作简单地介绍。在所有附图中,类似的元件或部分一般由类似的附图标记标识。附图中,各元件或部分并不一定按照实际的比例绘制。In order to illustrate the specific embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that are required to be used in the description of the specific embodiments or the prior art. Similar elements or parts are generally identified by similar reference numerals throughout the drawings. In the drawings, each element or section is not necessarily drawn to actual scale.

图1为本发明实施例1所提供的一种信息安全保密方法的流程示意图;1 is a schematic flowchart of a method for information security and confidentiality provided in Embodiment 1 of the present invention;

图2为本发明实施例2所提供的一种信息安全保密系统的结构示意图;2 is a schematic structural diagram of an information security and confidentiality system provided in Embodiment 2 of the present invention;

图3为本发明实施例3所提供的一种信息安全保密设备的结构示意图。FIG. 3 is a schematic structural diagram of an information security device according to Embodiment 3 of the present invention.

具体实施方式Detailed ways

下面将结合附图对本发明技术方案的实施例进行详细的描述。以下实施例仅用于更加清楚地说明本发明的技术方案,因此只作为示例,而不能以此来限制本发明的保护范围。Embodiments of the technical solutions of the present invention will be described in detail below with reference to the accompanying drawings. The following examples are only used to more clearly illustrate the technical solutions of the present invention, and are therefore only used as examples, and cannot be used to limit the protection scope of the present invention.

需要注意的是,除非另有说明,本申请使用的技术术语或者科学术语应当为本发明所属领域技术人员所理解的通常意义。It should be noted that, unless otherwise specified, the technical or scientific terms used in this application should have the usual meanings understood by those skilled in the art to which the present invention belongs.

实施例1Example 1

参见图1,图1为本发明实施例所提供的一种信息安全保密方法,所述方法包括以下步骤:Referring to FIG. 1, FIG. 1 is an information security and confidentiality method provided by an embodiment of the present invention, and the method includes the following steps:

步骤一:获取目标用户发送的待加密数据、与所述待加密数据对应的加密级别;Step 1: obtaining the data to be encrypted sent by the target user and the encryption level corresponding to the data to be encrypted;

需要说明的,所述获取目标用户发送的待加密数据、与所述待加密数据对应的加密级别之前还包括:对目标用户进行身份认证;在目标用户身份认证成功后,对目标用户进行等级认证;在目标用户等级认证成功后,根据所述用户等级,从用户数据库中确定出所述目标用户对应的等级密钥和等级密钥序列,其中,所述等级密钥序列用于表示最低用户等级至所述目标用户的用户等级所对应的等级密钥的集合。It should be noted that before acquiring the data to be encrypted sent by the target user and the encryption level corresponding to the data to be encrypted, the method further includes: performing identity authentication on the target user; after the identity authentication of the target user is successful, performing level authentication on the target user After the target user level authentication is successful, according to the user level, determine the level key and level key sequence corresponding to the target user from the user database, wherein the level key sequence is used to represent the lowest user level The set of level keys corresponding to the user level of the target user.

需要说明的,所述对用户身份进行认证包括:获取目标用户的身份信息,并从所述身份信息中提取到用户标识;根据所述用户标识在用户数据库中查找对应的身份信息,若查询成功,则用户身份认证成功。It should be noted that the authentication of the user identity includes: acquiring the identity information of the target user, and extracting the user identifier from the identity information; searching for the corresponding identity information in the user database according to the user identifier, if the query is successful , the user authentication is successful.

需要说明的,所述对目标用户进行等级认证包括:根据所述用户标识,从用户数据库中确定出所述目标用户的用户等级;向至少一个用户等级高于目标用户的其他用户发送等级认证请求;其他用户根据所述等级认证请求,返回确认信息,则用户等级认证成功。It should be noted that the performing level authentication on the target user includes: determining the user level of the target user from the user database according to the user identifier; sending a level authentication request to at least one other user whose level is higher than the target user ; Other users return confirmation information according to the level authentication request, and the user level authentication is successful.

通过上述方法,将用户的等级密钥与用户等级和用户身份进行绑定,保证了等级密钥的唯一性与安全性。Through the above method, the user's level key is bound with the user level and user identity, thereby ensuring the uniqueness and security of the level key.

步骤二:根据所述加密级别确定加密策略;其中,所述加密策略包括加密密钥和存储密钥;Step 2: Determine an encryption strategy according to the encryption level; wherein, the encryption strategy includes an encryption key and a storage key;

需要说明的,所述根据所述加密级别确定加密策略包括:根据加密级别确定等级密钥参数;根据所述等级密钥参数、等级密钥以及等级密钥序列,计算加密密钥和存储密钥。It should be noted that the determining the encryption policy according to the encryption level includes: determining the level key parameter according to the encryption level; calculating the encryption key and the storage key according to the level key parameter, level key and level key sequence .

需要说明的,所述根据所述等级密钥参数、等级密钥以及等级密钥序列,计算加密密钥和存储密钥的公式为:It should be noted that the formula for calculating the encryption key and the storage key according to the grade key parameter, grade key and grade key sequence is:

Es=EmEm+1…(EK)2 E s =E m E m+1 …(E K ) 2

Ef=E1E2…Em-1EK E f = E 1 E 2 ...E m-1 E K

其中,Es表示加密密钥,Ef表示存储密钥,EK表示目标用户等级对应的等级密钥,m表示等级密钥参数。Among them, Es represents the encryption key, E f represents the storage key, E K represents the level key corresponding to the target user level, and m represents the level key parameter.

在本发明实施例中,等级密钥参数小于或者等于用户等级,如,用户为五级用户,那么他可选择的等级密钥参数为1-5,通过改变等级密钥参数,能够改变等级密钥序列,从而改变存储密钥和加密密钥的组合方式,就是同一等级的用户也难以破解用户的加密密钥和存储密钥,进而提高了保密信息的安全性。In this embodiment of the present invention, the level key parameter is less than or equal to the user level. For example, if the user is a level five user, the level key parameter that he can select is 1-5. By changing the level key parameter, the level key parameter can be changed. The key sequence is changed, and the combination of the storage key and the encryption key is changed. Even users of the same level are difficult to decipher the user's encryption key and storage key, thereby improving the security of confidential information.

步骤三:根据所述加密策略对所述待加密数据进行加密并存储。Step 3: Encrypt and store the data to be encrypted according to the encryption policy.

需要说明的,所述根据所述加密策略对所述待加密数据进行加密并存储包括:利用所述加密密钥对待加密数据进行加密,得到保密数据,并对所述保密数据进行存储;获取保密数据的存储地址,利用存储密钥对所述存储地址进行加密,得到目标访问码,通过目标访问码实现保密信息的访问。It should be noted that the encrypting and storing the to-be-encrypted data according to the encryption policy includes: encrypting the to-be-encrypted data by using the encryption key, obtaining confidential data, and storing the confidential data; obtaining confidential data The storage address of the data is encrypted by using the storage key to obtain the target access code, and the access to the confidential information is realized through the target access code.

在一些实施例中,还可以通过加密密钥和存储密钥对用户的身份标识码进行加密,通过加密密钥加密后的身份标识码对待加密数据进行加密,得到保密信息,通过存储密钥加密后的身份标识码对保密信息的存储地址进行加密,得到目标访问码,通过目标访问码实现保密信息的访问。这样将用户的身份标识码与加密密钥和存储密钥进行绑定,进一步提高了保密信息的安全性。In some embodiments, the user's identity code can also be encrypted by the encryption key and the storage key, and the data to be encrypted can be encrypted by the identity code encrypted by the encryption key to obtain confidential information, and encrypted by the storage key. The identity code after encrypting the storage address of the confidential information to obtain the target access code, and realizing the access to the confidential information through the target access code. In this way, the user's identification code is bound with the encryption key and the storage key, which further improves the security of the confidential information.

应当理解的是,通过目标访问码访问保密信息时,需要获得用户的授权,经过授权对目标访问码进行解码,从能够实现保密信息的访问。It should be understood that when accessing confidential information through the target access code, the user's authorization needs to be obtained, and the target access code is decoded after authorization, so that the confidential information can be accessed.

实施例2Example 2

参见图2,图2为本发明实施例所提供的一种信息安全保密系统,所述系统包括:获取模块,用于获取目标用户发送的待加密数据、与所述待加密数据对应的加密级别;确定模块,用于根据所述加密级别确定加密策略;其中,所述加密策略包括加密密钥和存储密钥;执行模块,用于根据所述加密策略对所述待加密数据进行加密并存储。Referring to FIG. 2, FIG. 2 is an information security and confidentiality system provided by an embodiment of the present invention. The system includes: an acquisition module for acquiring data to be encrypted sent by a target user and an encryption level corresponding to the data to be encrypted. a determining module for determining an encryption strategy according to the encryption level; wherein, the encryption strategy includes an encryption key and a storage key; an execution module is used for encrypting and storing the data to be encrypted according to the encryption strategy .

本发明实施例所提供的系统与上述实施例提供的方法出于相同的发明构思,因此关于本实施例中各个模块更加具体的工作原理参考上述实施例,在此不作赘述。The system provided by the embodiment of the present invention and the method provided by the foregoing embodiment are based on the same inventive concept. Therefore, for more specific working principles of each module in this embodiment, refer to the foregoing embodiment, which will not be repeated here.

实施例3Example 3

参见图3,图3为本发明实施例提供的一种信息安全保密设备,所述电子设备包括:至少一个处理器;以及,与所述至少一个处理器通信连接的存储器;其中,所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够执行上述的方法。并且,所述电子设备可以用硬件,软件,固件或固态逻辑电路中的任何一种或组合来实现,并且可以结合信号处理,控制和/或专用电路来实现。Referring to FIG. 3, FIG. 3 is an information security and security device according to an embodiment of the present invention, the electronic device includes: at least one processor; and a memory communicatively connected to the at least one processor; wherein, the memory Stored are instructions executable by the at least one processor, the instructions being executed by the at least one processor to enable the at least one processor to perform the above-described method. Also, the electronics may be implemented in any one or combination of hardware, software, firmware or solid state logic circuits, and may be implemented in conjunction with signal processing, control and/or special purpose circuits.

本发明实施例提供的具体实施例可以用硬件,软件,固件或固态逻辑电路中的任何一种或组合来实现,并且可以结合信号处理,控制和/或专用电路来实现。本发明具体实施例提供的设备或装置可以包括一个或多个处理器(例如,微处理器,控制器,数字信号处理器(DSP),专用集成电路(ASIC),现场可编程门阵列(FPGA)等),这些处理器处理各种计算机可执行指令从而控制设备或装置的操作。本申请具体实施例提供的设备或装置可以包括将各个组件耦合在一起的系统总线或数据传输系统。系统总线可以包括不同总线结构中的任何一种或不同总线结构的组合,例如存储器总线或存储器控制器,外围总线,通用串行总线和/或利用多种总线体系结构中的任何一种的处理器或本地总线。本申请具体实施例提供的设备或装置可以是单独提供,也可以是系统的一部分,也可以是其它设备或装置的一部分。The specific embodiments provided by the embodiments of the present invention may be implemented by any one or combination of hardware, software, firmware or solid-state logic circuits, and may be implemented in combination with signal processing, control and/or dedicated circuits. The apparatus or apparatus provided by the specific embodiments of the present invention may include one or more processors (eg, microprocessor, controller, digital signal processor (DSP), application specific integrated circuit (ASIC), field programmable gate array (FPGA) ), etc.), these processors process various computer-executable instructions to control the operation of a device or apparatus. The device or apparatus provided by the specific embodiments of the present application may include a system bus or a data transmission system that couples various components together. A system bus may include any one or a combination of different bus structures, such as a memory bus or memory controller, a peripheral bus, a universal serial bus, and/or processing utilizing any of a variety of bus architectures device or local bus. The equipment or apparatus provided by the specific embodiments of the present application may be provided independently, may be a part of a system, or may be a part of other equipment or apparatus.

本发明实施例提供的具体实施例可以包括计算机可读存储介质或与计算机可读存储介质相结合,例如能够提供非暂时性数据存储的一个或多个存储设备。计算机可读存储介质/存储设备可以被配置为保存数据,程序器和/或指令,这些数据,程序器和/或指令在由本申请具体实施例提供的设备或装置的处理器执行时使这些设备或装置实现有关操作。计算机可读存储介质/存储设备可以包括以下一个或多个特征:易失性,非易失性,动态,静态,可读/写,只读,随机访问,顺序访问,位置可寻址性,文件可寻址性和内容可寻址性。在一个或多个示例性实施例中,计算机可读存储介质/存储设备可以被集成到本申请具体实施例提供的设备或装置中或属于公共系统。计算机可读存储介质/存储设备可以包括光存储设备,半导体存储设备和/或磁存储设备等等,也可以包括随机存取存储器(RAM),闪存,只读存储器(ROM),可擦可编程只读存储器(EPROM),电可擦可编程只读存储器(EEPROM),寄存器,硬盘,可移动磁盘,可记录和/或可重写光盘(CD),数字多功能光盘(DVD),大容量存储介质设备或任何其他形式的合适存储介质。The specific embodiments provided by the embodiments of the present invention may include or be combined with a computer-readable storage medium, such as one or more storage devices capable of providing non-transitory data storage. The computer-readable storage medium/storage device may be configured to hold data, programmers and/or instructions that, when executed by the processors of the apparatuses or apparatuses provided by the specific embodiments of the present application, cause these apparatuses Or the device realizes the relevant operation. Computer-readable storage media/storage devices may include one or more of the following characteristics: volatile, non-volatile, dynamic, static, read/write, read-only, random access, sequential access, location addressability, File addressability and content addressability. In one or more exemplary embodiments, the computer-readable storage medium/storage device may be integrated into the device or apparatus provided by the specific embodiments of the present application or belong to a public system. Computer readable storage media/storage devices may include optical storage devices, semiconductor storage devices and/or magnetic storage devices, etc., and may also include random access memory (RAM), flash memory, read only memory (ROM), erasable and programmable Read Only Memory (EPROM), Electrically Erasable Programmable Read Only Memory (EEPROM), Registers, Hard Disk, Removable Disk, Recordable and/or Rewritable Compact Disc (CD), Digital Versatile Disc (DVD), Mass storage media device or any other form of suitable storage media.

最后应说明的是:以上各实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述各实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围,其均应涵盖在本发明的权利要求和说明书的范围当中。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, but not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: The technical solutions described in the foregoing embodiments can still be modified, or some or all of the technical features thereof can be equivalently replaced; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the technical solutions of the embodiments of the present invention. The scope of the invention should be included in the scope of the claims and description of the present invention.

Claims (10)

1. An information security method, characterized in that the method comprises the following steps:
acquiring data to be encrypted sent by a target user and an encryption level corresponding to the data to be encrypted;
determining an encryption strategy according to the encryption level; wherein the encryption policy comprises an encryption key and a storage key;
and encrypting and storing the data to be encrypted according to the encryption strategy.
2. The method according to claim 1, wherein the obtaining of the data to be encrypted sent by the target user and the encryption level corresponding to the data to be encrypted further comprises:
performing identity authentication on a target user;
after the identity authentication of the target user is successful, performing level authentication on the target user;
after the target user level is successfully authenticated, determining a level key and a level key sequence corresponding to the target user from a user database according to the user level of the target user, wherein the level key sequence is used for representing a set from the lowest user level to the level key corresponding to the user level of the target user.
3. The method of claim 2, wherein authenticating the identity of the user comprises:
acquiring identity information of a target user, and extracting a user identifier from the identity information;
and searching corresponding identity information in a user database according to the user identification, and if the query is successful, the user identity authentication is successful.
4. The method of claim 2, wherein the performing a hierarchical authentication of the target user comprises:
determining the user grade of the target user from a user database according to the user identification;
sending a level authentication request to at least one other user with a user level higher than the target user;
and other users return confirmation information according to the grade authentication request, and the grade authentication of the target user is successful.
5. The method of claim 2, wherein determining an encryption policy based on the encryption level comprises:
determining a grade key parameter according to the encryption grade;
and calculating an encryption key and a storage key according to the grade key parameter, the grade key and the grade key sequence.
6. The method of claim 5, wherein the formula for calculating the encryption key and the storage key according to the rank key parameter, the rank key, and the rank key sequence is:
E s =E m E m+1 …(E K ) 2
E f =E 1 E 2 …E m-1 E K
wherein E is s Denotes an encryption key, E f Representing a storage key, E K And m represents a grade key parameter corresponding to the grade of the target user.
7. The method according to claim 6, wherein the encrypting and storing the data to be encrypted according to the encryption policy comprises:
encrypting data to be encrypted by using the encryption key to obtain secret data, and storing the secret data;
and acquiring a storage address of the confidential data, encrypting the storage address by using a storage key to obtain a target access code, and realizing the access of the confidential information through the target access code.
8. An information security system, comprising:
the device comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring data to be encrypted sent by a target user and an encryption level corresponding to the data to be encrypted;
a determining module, configured to determine an encryption policy according to the encryption level; wherein the encryption policy comprises an encryption key and a storage key;
and the execution module is used for encrypting and storing the data to be encrypted according to the encryption strategy.
9. An information security device, comprising: at least one memory and at least one processor;
the at least one memory to store a machine readable program;
the at least one processor, configured to invoke the machine readable program to perform the method of any of claims 1-7.
10. A computer readable medium having stored thereon computer instructions which, when executed by a processor, cause the processor to perform the method of any of claims 1-7.
CN202210610419.3A 2022-05-31 2022-05-31 An information security and confidentiality method, system, equipment and medium Active CN115001813B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210610419.3A CN115001813B (en) 2022-05-31 2022-05-31 An information security and confidentiality method, system, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210610419.3A CN115001813B (en) 2022-05-31 2022-05-31 An information security and confidentiality method, system, equipment and medium

Publications (2)

Publication Number Publication Date
CN115001813A true CN115001813A (en) 2022-09-02
CN115001813B CN115001813B (en) 2023-11-10

Family

ID=83032082

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210610419.3A Active CN115001813B (en) 2022-05-31 2022-05-31 An information security and confidentiality method, system, equipment and medium

Country Status (1)

Country Link
CN (1) CN115001813B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116684478A (en) * 2023-06-07 2023-09-01 中国银行股份有限公司 Data subscription method, device, equipment and storage medium
CN118536135A (en) * 2024-05-16 2024-08-23 重庆工程学院 Agricultural data safe storage method and system based on block chain

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102457377A (en) * 2011-08-08 2012-05-16 中标软件有限公司 Role-Based Web Remote Authentication and Authorization Method and System
CN104065483A (en) * 2014-06-06 2014-09-24 武汉理工大学 Identity-based cryptograph (IBC) classified using method of electronic communication identities
CN108133155A (en) * 2017-12-29 2018-06-08 北京联想核芯科技有限公司 Data encryption storage method and device
US20180374097A1 (en) * 2015-11-09 2018-12-27 Roger Hanna A distributed user profile identity verification system for e-commerce transaction security
US20190050398A1 (en) * 2016-04-18 2019-02-14 Shenzhen University File storage method, file search method and file storage system based on public-key encryption with keyword search
CN110099048A (en) * 2019-04-19 2019-08-06 中共中央办公厅电子科技学院(北京电子科技学院) A kind of cloud storage method and apparatus

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102457377A (en) * 2011-08-08 2012-05-16 中标软件有限公司 Role-Based Web Remote Authentication and Authorization Method and System
CN104065483A (en) * 2014-06-06 2014-09-24 武汉理工大学 Identity-based cryptograph (IBC) classified using method of electronic communication identities
US20180374097A1 (en) * 2015-11-09 2018-12-27 Roger Hanna A distributed user profile identity verification system for e-commerce transaction security
US20190050398A1 (en) * 2016-04-18 2019-02-14 Shenzhen University File storage method, file search method and file storage system based on public-key encryption with keyword search
CN108133155A (en) * 2017-12-29 2018-06-08 北京联想核芯科技有限公司 Data encryption storage method and device
CN110099048A (en) * 2019-04-19 2019-08-06 中共中央办公厅电子科技学院(北京电子科技学院) A kind of cloud storage method and apparatus

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
刘贤刚;陈星;刘丽敏;: "多模多级网络身份认证框架研究", 信息技术与标准化, no. 1 *
夏晔;钱松荣;: "OpenID身份认证系统的认证等级模型研究", 微型电脑应用, no. 04 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116684478A (en) * 2023-06-07 2023-09-01 中国银行股份有限公司 Data subscription method, device, equipment and storage medium
CN118536135A (en) * 2024-05-16 2024-08-23 重庆工程学院 Agricultural data safe storage method and system based on block chain
CN118536135B (en) * 2024-05-16 2025-06-13 重庆工程学院 A blockchain-based agricultural data security storage method and system

Also Published As

Publication number Publication date
CN115001813B (en) 2023-11-10

Similar Documents

Publication Publication Date Title
US11783044B2 (en) Endpoint authentication based on boot-time binding of multiple components
JP5214782B2 (en) Memory device, storage medium, host device, and system
US20100050241A1 (en) Accessing memory device content using a network
US9021603B2 (en) Non-volatile memory for anti-cloning and authentication method for the same
US11917059B2 (en) Batch transfer of control of memory devices over computer networks
US12294652B2 (en) Storage controller and method of operating electronic system
CN107563207B (en) Encryption method, device and decryption method, device
US12256016B2 (en) Control of memory devices over computer networks using digital signatures generated by a server system for commands to be executed in the memory devices
US11423182B2 (en) Storage device providing function of securely discarding data and operating method thereof
CN115001813B (en) An information security and confidentiality method, system, equipment and medium
US8954757B2 (en) Method, host, storage, and machine-readable storage medium for protecting content
CN109064596B (en) Password management method and device and electronic equipment
TW202234273A (en) Server system to control memory devices over computer networks
TW201843616A (en) Data center with data encryption and operating method thererfor
CN113728582B (en) Secure communication between middleware and network
CN111079157A (en) A blockchain-based secret fragmentation hosting platform, equipment and media
JP2015104020A (en) Communication terminal device, communication terminal association system, communication terminal association method and computer program
CN114329511A (en) Virtual machine encryption method, system, equipment and medium based on identity authentication
JP5591964B2 (en) Authentication method, device to be authenticated, and authentication device
CN114003336B (en) A virtual machine encryption method, device, equipment and medium in a cloud platform
US12088581B2 (en) Track activities of components in endpoints having secure memory devices via identity validation
CN117294449A (en) Identity authentication method and related equipment
CN114401117B (en) Blockchain-based account login verification system
US20240249002A1 (en) Storage system including storage device and host provisioning certificate into the storage device, system including the storage system, and method of operating the system
CN105069377A (en) Security hard disk

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20250606

Address after: 030000 Taiyuan City, Jin Yuan District, West Section of Nanzhonghuang Street, No. 66, Building 1, 10th Floor, Room 1018

Patentee after: Shanxi Lianrong Technology Co.,Ltd.

Country or region after: China

Address before: 030000 Shanxi Province Taiyuan City Comprehensive Reform Demonstration Area Taiyuan Xuefu Park South Zhonghuan Street No. 529 Qingkun Innovation Base Building C 24th Floor 2401 Room

Patentee before: Shanxi Xidian Information Technology Research Institute Co.,Ltd.

Country or region before: China

TR01 Transfer of patent right