[go: up one dir, main page]

CN102567673A - Data safety protection method and device - Google Patents

Data safety protection method and device Download PDF

Info

Publication number
CN102567673A
CN102567673A CN2012100124679A CN201210012467A CN102567673A CN 102567673 A CN102567673 A CN 102567673A CN 2012100124679 A CN2012100124679 A CN 2012100124679A CN 201210012467 A CN201210012467 A CN 201210012467A CN 102567673 A CN102567673 A CN 102567673A
Authority
CN
China
Prior art keywords
data
user
private key
pki
protection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2012100124679A
Other languages
Chinese (zh)
Inventor
刘正伟
文中领
王旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Beijing Electronic Information Industry Co Ltd
Original Assignee
Inspur Beijing Electronic Information Industry Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Beijing Electronic Information Industry Co Ltd filed Critical Inspur Beijing Electronic Information Industry Co Ltd
Priority to CN2012100124679A priority Critical patent/CN102567673A/en
Publication of CN102567673A publication Critical patent/CN102567673A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明提供了一种数据安全保护方法和装置。涉及计算机技术应用领域;解决了现有数据安全方式无法保证数据安全的问题。该方法包括:在用户创建数据保护任务时,查找所述用户所对应的公钥,将查找获得的所述公钥指定给所述数据保护任务加密使用;在所述数据保护任务中进行数据发送时,通过与所述用户对应的公钥,对数据进行加密。本发明提供的技术方案适用于大容量数据存储,实现了高安全性的数据存储及恢复机制。

Figure 201210012467

The invention provides a data security protection method and device. It involves the application field of computer technology; it solves the problem that existing data security methods cannot guarantee data security. The method includes: when a user creates a data protection task, searching for a public key corresponding to the user, and assigning the public key obtained through the search to the data protection task for encryption; and performing data transmission in the data protection task , the data is encrypted using the public key corresponding to the user. The technical scheme provided by the invention is suitable for large-capacity data storage, and realizes a high-safety data storage and recovery mechanism.

Figure 201210012467

Description

数据安全保护方法和装置Data security protection method and device

技术领域 technical field

本发明涉及计算机技术应用领域,尤其涉及一种数据安全保护方法和装置。The invention relates to the application field of computer technology, in particular to a data security protection method and device.

背景技术 Background technique

在当今这样一个信息和网络化的社会里,计算机正在我们的工作和生活中扮演着日益重要的角色。越来越多的企业、商家、政府机关和个人通过计算机来获取信息、处理信息,同时将自己最重要的信息以数据文件的形式保存在计算机中。一旦这些重要的数据发生灾难,将会导致一个企业停止运转,如果数据丢失还有可能使一个企业面临破产。由此,人们开始关注如何来确保数据的完好,而数据保护技术是唯一的解决方案。In today's information and networked society, computers are playing an increasingly important role in our work and life. More and more enterprises, merchants, government agencies and individuals use computers to obtain and process information, and at the same time save their most important information in the form of data files in the computer. Once a disaster occurs to these important data, it will cause an enterprise to stop functioning, and if the data is lost, an enterprise may face bankruptcy. As a result, people began to pay attention to how to ensure the integrity of data, and data protection technology is the only solution.

现有的数据恢复技术利用多处备份数据来达到快速恢复的目的,但并未对备份数据采取任何存储安全措施,存在数据存储安全隐患;同时,它在数据恢复的方法中需要本地与远程之间的频繁交互,因而产生了大量的网络传输,在延迟了数据恢复时间的同时还带来了传输安全的隐患。针对此种情况,可以对待保护和待恢复的数据进行加密,提高了数据保护的安全,但是这种方法对于所有的数据都是一致的。也就是说没有考虑到不同备份数据的隐私性,对于最终的备份数据在备份服务器端都可以访问,而实际上客户端备份的数据可能保护客户的敏感数据比如银行帐号相关信息,这些信息只希望自己备份和恢复,而不希望在备份服务器上被任意查看,因此目前已有的数据安全的方式,无法保证客户端数据的真正安全。The existing data recovery technology uses multiple backup data to achieve the purpose of rapid recovery, but does not take any storage security measures for the backup data, and there are hidden dangers in data storage security; at the same time, it requires a link between local and remote The frequent interaction between the two networks results in a large amount of network transmission, which not only delays the data recovery time, but also brings hidden dangers to transmission security. In this case, the data to be protected and restored can be encrypted to improve the security of data protection, but this method is consistent for all data. That is to say, the privacy of different backup data is not considered. The final backup data can be accessed on the backup server. In fact, the data backed up by the client may protect the customer’s sensitive data such as bank account information. Back up and restore by yourself, and don't want to be viewed arbitrarily on the backup server. Therefore, the existing data security methods cannot guarantee the real security of client data.

发明内容 Contents of the invention

本发明提供了一种数据安全保护方法和装置,解决了现有数据安全方式无法保证数据安全的问题。The invention provides a data security protection method and device, which solves the problem that the existing data security methods cannot guarantee data security.

一种数据安全保护方法,包括:A data security protection method, comprising:

在用户创建数据保护任务时,查找所述用户所对应的公钥,将查找获得的所述公钥指定给所述数据保护任务加密使用;When a user creates a data protection task, look up the public key corresponding to the user, and assign the public key obtained from the search to the data protection task for encryption;

在所述数据保护任务中进行数据发送时,通过与所述用户对应的公钥,对数据进行加密。When data is sent in the data protection task, the data is encrypted with the public key corresponding to the user.

优选的,上述数据安全保护方法还包括:Preferably, the above data security protection method also includes:

在所述用户第一次注册时,为所述用户生成一个公钥和一个私钥;generating a public key and a private key for the user when the user registers for the first time;

在所述公钥和所述用户之间建立关联关系,将所述私钥发送给所述用户的客户端保存。An association relationship is established between the public key and the user, and the private key is sent to the client of the user for storage.

优选的,上述数据安全保护方法还包括:Preferably, the above data security protection method also includes:

对发送的数据进行备份;Back up the sent data;

将已备份的数据记录在一可恢复数据列表之中。Record the backed up data in a recoverable data list.

优选的,上述数据安全保护方法还包括:Preferably, the above data security protection method also includes:

在用户选中恢复所述可恢复数据列表之中的数据时,获取所述用户的私钥;When the user chooses to restore the data in the recoverable data list, obtain the user's private key;

将所述用户的私钥与所述用户所对应的公钥进行匹配;matching the private key of the user with the public key corresponding to the user;

在匹配成功时,对所述用户选中的数据进行恢复。When the matching is successful, the data selected by the user is restored.

优选的,对所述用户选中的数据进行恢复具体为:Preferably, restoring the data selected by the user is specifically as follows:

通过所述私钥对所述数据进行解密,并将所述数据恢复到所述用户指定的位置。The data is decrypted by the private key, and the data is restored to the location specified by the user.

本发明还提供了一种数据安全保护装置,包括:The present invention also provides a data security protection device, comprising:

公钥管理模块,用于在用户创建数据保护任务时,查找所述用户所对应的公钥,将查找获得的所述公钥指定给所述数据保护任务加密使用;The public key management module is used to search for the public key corresponding to the user when the user creates a data protection task, and assign the public key obtained by the search to the data protection task for encryption;

数据加密模块,用于在所述数据保护任务中进行数据发送时,通过与所述用户对应的公钥,对数据进行加密。The data encryption module is used to encrypt the data by using the public key corresponding to the user when sending data in the data protection task.

优选的,上述数据安全保护装置还包括:Preferably, the above-mentioned data security protection device also includes:

密钥生成模块,用于在所述用户第一次注册时,为所述用户生成一个公钥和一个私钥,在所述公钥和所述用户之间建立关联关系,将所述私钥发送给所述用户的客户端保存。The key generation module is used to generate a public key and a private key for the user when the user registers for the first time, establish an association relationship between the public key and the user, and use the private key Sent to the user's client save.

优选的,上述数据安全保护装置还包括:Preferably, the above-mentioned data security protection device also includes:

备份模块,用于对发送的数据进行备份,将已备份的数据记录在一可恢复数据列表之中。The backup module is used to back up the sent data, and record the backed up data in a recoverable data list.

优选的,上述数据安全保护装置还包括:Preferably, the above-mentioned data security protection device also includes:

数据恢复模块,用于在用户选中恢复所述可恢复数据列表之中的数据时,获取所述用户的私钥,将所述用户的私钥与所述用户所对应的公钥进行匹配,在匹配成功时,对所述用户选中的数据进行恢复。A data recovery module, configured to obtain the user's private key when the user selects to restore the data in the recoverable data list, and match the user's private key with the corresponding public key of the user, and then When the matching is successful, the data selected by the user is restored.

本发明提供了一种数据安全保护方法和装置,在用户创建数据保护任务时,查找所述用户所对应的公钥,将查找获得的所述公钥指定给所述数据保护任务加密使用,在所述数据保护任务中进行数据发送时,通过与所述用户对应的公钥,对数据进行加密,通过与单一用户对应的公钥完成加密,增强了数据的安全性,解决了现有数据安全方式无法保证数据安全的问题。The present invention provides a method and device for data security protection. When a user creates a data protection task, the public key corresponding to the user is searched, and the public key obtained from the search is assigned to the data protection task for encryption. When sending data in the data protection task, the data is encrypted through the public key corresponding to the user, and the encryption is completed through the public key corresponding to a single user, which enhances the security of the data and solves the problem of existing data security. The problem of data security cannot be guaranteed by the method.

附图说明 Description of drawings

图1为本发明的实施例一提供的一种数据安全保护方法的流程图;FIG. 1 is a flowchart of a data security protection method provided by Embodiment 1 of the present invention;

图2为本发明的实施例二提供的一种数据安全保护装置的结构示意图;FIG. 2 is a schematic structural diagram of a data security protection device provided by Embodiment 2 of the present invention;

图3为本发明的实施例三提供的一种数据安全保护系统的结构示意图;FIG. 3 is a schematic structural diagram of a data security protection system provided by Embodiment 3 of the present invention;

图4为本发明的实施例三提供的一种数据安全保护方法的流程图。FIG. 4 is a flowchart of a data security protection method provided by Embodiment 3 of the present invention.

具体实施方式 Detailed ways

对待保护和待恢复的数据进行加密,能够提高数据保护的安全,但是这种方法对于所有的数据都是一致的。也就是说没有考虑到不同备份数据的隐私性,对于最终的备份数据在备份服务器端都可以访问,而实际上客户端备份的数据可能保护客户的敏感数据比如银行帐号相关信息,这些信息只希望自己备份和恢复,而不希望在备份服务器上被任意查看,因此目前已有的数据安全的方式,无法保证客户端数据的真正安全。Encrypting the data to be protected and restored can improve the security of data protection, but this method is consistent for all data. That is to say, the privacy of different backup data is not considered. The final backup data can be accessed on the backup server. In fact, the data backed up by the client may protect the customer’s sensitive data such as bank account information. Back up and restore by yourself, and don't want to be viewed arbitrarily on the backup server. Therefore, the existing data security methods cannot guarantee the real security of client data.

为了解决上述问题,本发明的实施例提供了一种数据安全保护方法和装置。下文中将结合附图对本发明的实施例进行详细说明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互任意组合。In order to solve the above problems, embodiments of the present invention provide a data security protection method and device. Embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings. It should be noted that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined arbitrarily with each other.

首先结合附图,对本发明的实施例一进行说明。First, Embodiment 1 of the present invention will be described with reference to the accompanying drawings.

本发明实施例提供了一种数据安全保护方法,使用该方法对数据进行加密和恢复的流程如图1所示,包括:The embodiment of the present invention provides a method for data security protection. The process of encrypting and recovering data using this method is shown in Figure 1, including:

步骤101、在所述用户第一次注册时,为所述用户生成一个公钥和一个私钥;Step 101, when the user registers for the first time, generate a public key and a private key for the user;

本步骤中,在用户第一次注册数据保护系统时,系统为用户生成一个公钥和一个私钥。In this step, when the user registers the data protection system for the first time, the system generates a public key and a private key for the user.

步骤102、在所述公钥和所述用户之间建立关联关系,将所述私钥发送给所述用户的客户端保存;Step 102, establishing an association relationship between the public key and the user, and sending the private key to the user's client for storage;

对于步骤101中生成的密钥,其中用户的公钥保存在数据保护系统服务器端,用户私钥下载到客户端由用户自己保存。For the key generated in step 101, the user's public key is stored on the data protection system server, and the user's private key is downloaded to the client and stored by the user.

步骤103、在用户创建数据保护任务时,查找所述用户所对应的公钥,将查找获得的所述公钥指定给所述数据保护任务加密使用;Step 103. When a user creates a data protection task, search for the public key corresponding to the user, and assign the obtained public key to the data protection task for encryption;

本步骤中,当用户创建数据保护任务时,系统根据用户名在为这次任务的数据加密指定采用此用户的公钥。In this step, when a user creates a data protection task, the system specifies to use the user's public key for the data encryption of this task according to the user name.

步骤104、在所述数据保护任务中进行数据发送时,通过与所述用户对应的公钥,对数据进行加密;Step 104. When sending data in the data protection task, encrypt the data with the public key corresponding to the user;

本步骤中,当保护数据的文件发送改动时,使用用户公钥对变化的数据进行加密,以达到数据存储安全。In this step, when the file of the protected data is sent for modification, the user public key is used to encrypt the changed data, so as to achieve data storage security.

步骤105、对发送的数据进行备份,将已备份的数据记录在一可恢复数据列表之中;Step 105, back up the sent data, and record the backed up data in a recoverable data list;

本步骤中,对通过网络传输保护的数据进行备份,将数据保存在数据保护系统服务器端,完成数据保护过程。同时,创建一可恢复数据列表,将已备份的数据均记录在该可恢复数据列表之中。In this step, the data protected through network transmission is backed up, and the data is saved on the server side of the data protection system to complete the data protection process. At the same time, create a list of recoverable data, and record the backed up data in the list of recoverable data.

步骤106、在用户选中恢复所述可恢复数据列表之中的数据时,获取所述用户的私钥;Step 106, when the user chooses to restore the data in the recoverable data list, obtain the user's private key;

本步骤中,用户根据自己创建的保护任务,浏览已经备份的可恢复数据列表,用户选择需要恢复的数据,同时用户需要提交与之对应的私钥。In this step, the user browses the backed-up recoverable data list according to the protection task created by the user, selects the data to be restored, and submits the corresponding private key at the same time.

步骤107、将所述用户的私钥与所述用户所对应的公钥进行匹配;Step 107, matching the private key of the user with the public key corresponding to the user;

本步骤,系统对私钥和恢复数据的加密公钥进行匹配。如果匹配成功,则进行数据恢复过程;否则不予恢复。In this step, the system matches the private key with the encrypted public key of the restored data. If the match is successful, the data recovery process is performed; otherwise, no recovery is performed.

本发明的实施例中,在进行数据恢复时,一般采用私钥进行解密并且将数据恢复到用户指定位置。In the embodiment of the present invention, when restoring data, the private key is generally used for decryption and the data is restored to a location specified by the user.

下面结合附图,对本发明的实施例二进行说明。Embodiment 2 of the present invention will be described below with reference to the accompanying drawings.

本发明实施例提供了一种数据安全保护装置,其结构如图2所示,包括:An embodiment of the present invention provides a data security protection device, the structure of which is shown in Figure 2, including:

公钥管理模块201,用于在用户创建数据保护任务时,查找所述用户所对应的公钥,将查找获得的所述公钥指定给所述数据保护任务加密使用;The public key management module 201 is configured to search for the public key corresponding to the user when the user creates a data protection task, and assign the public key obtained from the search to the data protection task for encryption;

数据加密模块202,用于在所述数据保护任务中进行数据发送时,通过与所述用户对应的公钥,对数据进行加密。The data encryption module 202 is configured to encrypt the data by using the public key corresponding to the user when sending data in the data protection task.

优选的,上述数据安全保护装置还包括:Preferably, the above-mentioned data security protection device also includes:

密钥生成模块203,用于在所述用户第一次注册时,为所述用户生成一个公钥和一个私钥,在所述公钥和所述用户之间建立关联关系,将所述私钥发送给所述用户的客户端保存。The key generation module 203 is used to generate a public key and a private key for the user when the user registers for the first time, establish an association relationship between the public key and the user, and convert the private key to the user. The key is sent to the user's client for storage.

优选的,上述数据安全保护装置还包括:Preferably, the above-mentioned data security protection device also includes:

备份模块204,用于对发送的数据进行备份,将已备份的数据记录在一可恢复数据列表之中。The backup module 204 is configured to back up the sent data, and record the backed up data in a recoverable data list.

优选的,上述数据安全保护装置还包括:Preferably, the above-mentioned data security protection device also includes:

数据恢复模块205,用于在用户选中恢复所述可恢复数据列表之中的数据时,获取所述用户的私钥,将所述用户的私钥与所述用户所对应的公钥进行匹配,在匹配成功时,对所述用户选中的数据进行恢复。The data recovery module 205 is configured to obtain the user's private key when the user selects to restore the data in the recoverable data list, and match the user's private key with the corresponding public key of the user, When the matching is successful, the data selected by the user is restored.

下面结合附图,对本发明的实施例三进行说明。Embodiment 3 of the present invention will be described below with reference to the accompanying drawings.

本发明实施例提供了一种数据安全保护系统,其结构如图3所示,一般的数据保护系统都包括数据保护客户端和数据保护服务器端,数据保护客户端主要运行在被保护的服务器上,数据保护系统通过备份保护客户端将需要保护的数据通过网络保存到数据保护服务器端。数据保护服务器端主要用于存储用户保护的数据,同时为用户生成各自的用来加密和解密数据的公钥和私钥。The embodiment of the present invention provides a data security protection system, the structure of which is shown in Figure 3. A general data protection system includes a data protection client and a data protection server, and the data protection client mainly runs on the protected server The data protection system saves the data to be protected to the data protection server through the network through the backup protection client. The data protection server is mainly used to store the data protected by users, and at the same time generate their own public and private keys for encrypting and decrypting data for users.

本发明实施例还提供了一种数据安全保护方法,基于上述数据安全保护系统,实现数据安全保护的流程如图4所示,包括:The embodiment of the present invention also provides a data security protection method. Based on the above data security protection system, the process of implementing data security protection is shown in Figure 4, including:

步骤401、用户注册时生成私钥和公钥:用户在注册数据保护系统时,系统为用户自动生成一个公钥和私钥,其公钥用于此用户的数据保护任务的数据加密,私钥用于用户保护任务的数据解密。Step 401. Generate a private key and a public key when the user registers: when the user registers the data protection system, the system automatically generates a public key and a private key for the user, the public key is used for data encryption of the user's data protection task, and the private key Data decryption for user protection tasks.

步骤402、用户创建的任务指定采用用户的公钥加密:每个用户可以创建多个不同的数据保护任务,每个任务针对每个用户采用同样的公钥加密方式。Step 402, user-created task designation is encrypted with the user's public key: each user can create multiple different data protection tasks, and each task adopts the same public key encryption method for each user.

步骤403、对备份的数据采用用户公钥加密:数据保护客户端在进行数据保护时将变化的数据采用此任务的公钥进行加密,也就是创建此任务的用户的公钥进行加密。Step 403: Encrypt the backup data with the user's public key: the data protection client encrypts the changed data with the public key of the task when performing data protection, that is, the public key of the user who created the task.

步骤404、通过网络将加密的数据进行保护:客户端将采用用户公钥加密的数据通过网络的方式传输到服务器端,并且保存。Step 404: Protect the encrypted data through the network: the client transmits the data encrypted with the user's public key to the server through the network, and saves it.

步骤405、用户浏览保护的数据:用户可以在系统中浏览已经执行完成的数据保护任务,主要保护这次数据保护任务的一些基本信息,比如开始和结束时间、数据大小、来源,但无法浏览数据的内容。Step 405. User browses the protected data: the user can browse the completed data protection tasks in the system, mainly to protect some basic information of this data protection task, such as start and end time, data size, source, but cannot browse the data Content.

步骤406、选择恢复时用户提供相应的私钥:当选择对保护的数据进行恢复时,要求Step 406, the user provides the corresponding private key when choosing to restore: when choosing to restore the protected data, require

用户提供个人的私钥,只有系统对私钥和恢复数据的加密公钥进行匹配,如果匹配成功,则进行数据恢复过程,否则不予恢复。The user provides a personal private key, and only the system matches the private key with the encrypted public key for recovering data. If the match is successful, the data recovery process will be performed, otherwise the data will not be recovered.

步骤407、通过用户私钥恢复数据:如果私钥验证无误,则系统通过用户私钥对加密的数据进行恢复。Step 407, recovering data through the user's private key: if the private key is verified to be correct, the system recovers the encrypted data through the user's private key.

本发明的实施例提供的数据安全保护方法,能够与本发明的实施例所提供的数据安全保护装置及数据安全保护系统相结合,在用户创建数据保护任务时,查找所述用户所对应的公钥,将查找获得的所述公钥指定给所述数据保护任务加密使用,在所述数据保护任务中进行数据发送时,通过与所述用户对应的公钥,对数据进行加密,通过与单一用户对应的公钥完成加密,增强了数据的安全性,解决了现有数据安全方式无法保证数据安全的问题。The data security protection method provided by the embodiment of the present invention can be combined with the data security protection device and the data security protection system provided by the embodiment of the present invention. Key, assign the public key obtained from the search to the data protection task for encryption. When sending data in the data protection task, the data is encrypted with the public key corresponding to the user. The public key corresponding to the user is encrypted, which enhances the security of the data and solves the problem that the existing data security methods cannot guarantee data security.

通过对保护数据采用不同用户的私钥和公钥的方式,实现了对数据保护系统的安全策略控制,从而保证用户数据在数据保护服务器上不为其他人所浏览,从而保证用户数据的私隐和真正的数据安全。By adopting the private key and public key of different users for the protected data, the security policy control of the data protection system is realized, so as to ensure that the user data is not browsed by others on the data protection server, thereby ensuring the privacy of the user data and real data security.

本领域普通技术人员可以理解上述实施例的全部或部分步骤可以使用计算机程序流程来实现,所述计算机程序可以存储于一计算机可读存储介质中,所述计算机程序在相应的硬件平台上(如系统、设备、装置、器件等)执行,在执行时,包括方法实施例的步骤之一或其组合。Those of ordinary skill in the art can understand that all or part of the steps of the above-mentioned embodiments can be implemented using a computer program flow, the computer program can be stored in a computer-readable storage medium, and the computer program can be run on a corresponding hardware platform (such as system, device, device, device, etc.), and when executed, includes one or a combination of the steps of the method embodiment.

可选地,上述实施例的全部或部分步骤也可以使用集成电路来实现,这些步骤可以被分别制作成一个个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。Optionally, all or part of the steps in the above embodiments can also be implemented using integrated circuits, and these steps can be fabricated into individual integrated circuit modules, or multiple modules or steps among them can be fabricated into a single integrated circuit module accomplish. As such, the present invention is not limited to any specific combination of hardware and software.

上述实施例中的各装置/功能模块/功能单元可以采用通用的计算装置来实现,它们可以集中在单个的计算装置上,也可以分布在多个计算装置所组成的网络上。The devices/functional modules/functional units in the above embodiments can be realized by general-purpose computing devices, and they can be concentrated on a single computing device, or distributed on a network composed of multiple computing devices.

上述实施例中的各装置/功能模块/功能单元以软件功能模块的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。上述提到的计算机可读取存储介质可以是只读存储器,磁盘或光盘等。When each device/functional module/functional unit in the above-mentioned embodiments is realized in the form of a software function module and sold or used as an independent product, it can be stored in a computer-readable storage medium. The computer-readable storage medium mentioned above may be a read-only memory, a magnetic disk or an optical disk, and the like.

任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应以权利要求所述的保护范围为准。Any person familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed in the present invention, and all should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be based on the protection scope described in the claims.

Claims (9)

1. a data security protection method is characterized in that, comprising:
When the user creates the data protection task, search the pairing PKI of said user, the said PKI of searching acquisition is specified to said data protection task encrypt use;
When in said data protection task, carrying out the data transmission,, data are encrypted through the PKI corresponding with said user.
2. data security protection method according to claim 1 is characterized in that, this method also comprises:
When said user registers for the first time, for said user generates a PKI and a private key;
Between said PKI and said user, set up incidence relation, said private key is sent to said user client preserve.
3. data security protection method according to claim 1 is characterized in that, this method also comprises:
Data to sending back up;
But backed up data is recorded among the restore data tabulation.
4. data security protection method according to claim 3 is characterized in that, this method also comprises:
During the data among but the user chooses the said restore data tabulation of recovery, obtain said user's private key;
Said user's private key and the pairing PKI of said user are mated;
When mating successfully, the data that said user chooses are recovered.
5. data security protection method according to claim 4 is characterized in that, the data that said user chooses are recovered to be specially:
Through said private key said data are deciphered, and said data are returned to said user's appointed positions.
6. a data security protecting device is characterized in that, comprising:
The public key management module is used for when the user creates the data protection task, searches the pairing PKI of said user, the said PKI of searching acquisition is specified to said data protection task encrypt use;
Data encryption module is used for when said data protection task is carried out the data transmission, through the PKI corresponding with said user, data being encrypted.
7. data security protecting device according to claim 6 is characterized in that, this device also comprises:
Key production module is used for when said user registers for the first time, for said user generates a PKI and a private key, between said PKI and said user, sets up incidence relation, said private key is sent to said user client preserve.
8. data security protecting device according to claim 6 is characterized in that, this device also comprises:
Backup module be used for the data of sending are backed up, but backed up data is recorded among the restore data tabulation.
9. data security protecting device according to claim 8 is characterized in that, this device also comprises:
Data recovery module; Be used for when but the user chooses the data of recovering among the said restore data tabulation, obtaining said user's private key, said user's private key and the pairing PKI of said user mated; When mating successfully, the data that said user chooses are recovered.
CN2012100124679A 2012-01-16 2012-01-16 Data safety protection method and device Pending CN102567673A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2012100124679A CN102567673A (en) 2012-01-16 2012-01-16 Data safety protection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2012100124679A CN102567673A (en) 2012-01-16 2012-01-16 Data safety protection method and device

Publications (1)

Publication Number Publication Date
CN102567673A true CN102567673A (en) 2012-07-11

Family

ID=46413056

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2012100124679A Pending CN102567673A (en) 2012-01-16 2012-01-16 Data safety protection method and device

Country Status (1)

Country Link
CN (1) CN102567673A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103425786A (en) * 2013-08-22 2013-12-04 曙光云计算技术有限公司 Method and device for storing data and device and method for accessing encrypted data
CN109934013A (en) * 2019-03-21 2019-06-25 北京深思数盾科技股份有限公司 A kind of data guard method and device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1684410A (en) * 2004-04-13 2005-10-19 株式会社日立制作所 Encrypted backup method and decryption recovery method
CN101388776A (en) * 2008-10-23 2009-03-18 武汉理工大学 Encryption and decryption method and device for printed document

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1684410A (en) * 2004-04-13 2005-10-19 株式会社日立制作所 Encrypted backup method and decryption recovery method
CN101388776A (en) * 2008-10-23 2009-03-18 武汉理工大学 Encryption and decryption method and device for printed document

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
侯丽珍: "自动安全数据备份系统", 《中国优秀硕士学位论文全文数据库(电子期刊)信息科技辑》, vol. 2007, no. 06, 30 June 2007 (2007-06-30) *
李发根: "基于双线性对的签密体制研究", 《中国优秀博士学位论文全文数据库(电子期刊)信息科技辑》, vol. 2007, no. 06, 30 June 2007 (2007-06-30) *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103425786A (en) * 2013-08-22 2013-12-04 曙光云计算技术有限公司 Method and device for storing data and device and method for accessing encrypted data
CN109934013A (en) * 2019-03-21 2019-06-25 北京深思数盾科技股份有限公司 A kind of data guard method and device

Similar Documents

Publication Publication Date Title
JP6227728B2 (en) System and method for wireless data protection
US10432397B2 (en) Master password reset in a zero-knowledge architecture
CN103455764B (en) A kind of file encryption based on file division folding and decryption system
CN103530201B (en) A kind of secure data De-weight method and system being applicable to standby system
CN111355705A (en) Data auditing and safety duplicate removal cloud storage system and method based on block chain
CN100464549C (en) Method for realizing data safety storing business
WO2017019201A2 (en) Cryptographic assurances of data integrity for data crossing trust boundaries
CN103609059A (en) Systems and methods for secure data sharing
CN104866394B (en) A kind of distributed document backup method and system
CN109547218B (en) A Consortium Chain Node Key Distribution and Backup System Based on Improved BIP Protocol
CN101924739A (en) Method for encrypting, storing and retrieving software certificate and private key
WO2020123926A1 (en) Decentralized computing systems and methods for performing actions using stored private data
US8667281B1 (en) Systems and methods for transferring authentication credentials
CN111242611B (en) Method and system for recovering digital wallet key
CN102752109A (en) Secret key management method and device for encrypting data base column
CN110445840A (en) A method of file storage and reading based on block chain technology
Belenko et al. “Secure Password Managers” and “Military-Grade Encryption” on Smartphones: Oh, Really?
CN106919348A (en) Distributed memory system and storage method that anti-violence is cracked
CN102821110B (en) A kind of password method for retrieving for audio/video storage device
CN102176227B (en) Signing testifying method and auxiliary signing testifying system
CN102567673A (en) Data safety protection method and device
CN109214921B (en) File encryption transmission method based on cloud computing
Virvilis et al. A cloud provider-agnostic secure storage protocol
CN114793237B (en) Smart city data sharing method, equipment and medium based on block chain technology
Vasanthi et al. Secure data storage using erasure-coding in cloud environment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20120711