Nothing Special   »   [go: up one dir, main page]

CN114372274A - Remote data backup encryption method, system, device and storage medium - Google Patents

Remote data backup encryption method, system, device and storage medium Download PDF

Info

Publication number
CN114372274A
CN114372274A CN202111486831.0A CN202111486831A CN114372274A CN 114372274 A CN114372274 A CN 114372274A CN 202111486831 A CN202111486831 A CN 202111486831A CN 114372274 A CN114372274 A CN 114372274A
Authority
CN
China
Prior art keywords
data
key
backup
identity information
polynomial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111486831.0A
Other languages
Chinese (zh)
Inventor
朱恩强
郑美珩
江观华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou University
Original Assignee
Guangzhou University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou University filed Critical Guangzhou University
Priority to CN202111486831.0A priority Critical patent/CN114372274A/en
Publication of CN114372274A publication Critical patent/CN114372274A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1448Management of the data involved in backup or backup restore
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Quality & Reliability (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a remote data backup encryption method, a system, a device and a storage medium. The remote data backup encryption method comprises the following steps: acquiring identity information; decomposing the first key into three shares by a first polynomial and destroying the first key; encrypting the identity information through a second secret key to generate first data; converting the first data into a decimal system to obtain second data; and calculating the second data through a second polynomial to obtain third data. According to the method and the device, the first key for encrypting the backup data is decomposed into three shares corresponding to the identity information, and the first key is destroyed, so that the first key is prevented from being attacked and further being leaked in the remote data transmission process; by encrypting and processing the identity information, the identity information is required to be obtained before the backup data is decrypted, and then the first secret key is calculated through the identity information and the share, so that the safety of the backup data in the remote transmission process is improved.

Description

Remote data backup encryption method, system, device and storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method, a system, an apparatus, and a storage medium for encrypting remote data backup.
Background
The remote data backup technology facilitates data storage of users, but sensitive data of remote data backup are easily intercepted and attacked in the data transmission process, so that data leakage is caused. To address this problem, sensitive data needs to be encrypted before it is uploaded to remote storage. Therefore, an encryption key for protecting sensitive data is very important. However, conventional data backup schemes have significant security weaknesses and cannot resist offline password guessing attacks, server spoofing attacks, user spoofing attacks, and attacker update password/biometric attacks. The traditional data backup scheme adopts a symmetric encryption mode to encrypt backup data. Symmetric encryption has the advantage of fast encryption speed, but if the key exchange is not secure, the security of the key is lost, especially in the e-commerce environment, when the client is an unknown and untrusted entity, how to make the client obtain the encryption key of the backup data securely becomes a big problem.
Disclosure of Invention
The present invention aims to solve at least to some extent one of the technical problems existing in the prior art.
Therefore, an object of the embodiments of the present invention is to provide a remote data backup encryption method, which effectively avoids an offline key guessing attack by dividing the key for encrypting backup data into three shares and performing double encryption.
Another object of the embodiments of the present invention is to provide a remote data backup encryption system.
In order to achieve the technical purpose, the technical scheme adopted by the embodiment of the invention comprises the following steps:
in a first aspect, an embodiment of the present invention provides a remote data backup encryption method, including the following steps:
acquiring identity information, wherein the identity information comprises parameter information of an intelligent card, parameter information of a user side and parameter information of a server;
decomposing a first key into three shares corresponding to the identity information through a first polynomial, and destroying the first key, wherein the first key is a key for encrypting backup data;
encrypting the identity information through a second secret key to generate first data;
converting the first data into a decimal system to obtain second data;
and calculating the second data through a second polynomial to obtain third data, wherein the second polynomial comprises the second key.
According to the remote data backup encryption method, the first secret key for encrypting the backup data is decomposed into three shares corresponding to the three identity information, and the first secret key is destroyed, so that the first secret key is effectively prevented from being attacked and further being leaked in the remote data transmission process; by encrypting and processing the identity information, the identity information is required to be obtained before the backup data is decrypted, and then the first key is calculated through the identity information and the share, so that the double encryption of the backup data is realized, and the safety of the backup data in the remote transmission process is improved.
In addition, the encryption method for remote data backup according to the above embodiment of the present invention may further have the following additional technical features:
further, in the remote data backup encryption method according to the embodiment of the present invention, decomposing the first key into three shares corresponding to the identity information by using a first polynomial, and destroying the first key includes:
generating a first random number, the first random number being a slope of the first polynomial;
and according to the first polynomial and the identity information, decomposing the first key into three shares respectively corresponding to the smart card, the user side and the server, and destroying the first key.
Further, in an embodiment of the present invention, the encrypting the identity information by using a second key to generate first data further includes:
acquiring the second key and a third key, wherein the second key is a public key, and the third key is a private key corresponding to the second key;
the third key is stored to the offline device.
Further, in an embodiment of the present invention, the calculating the second data by the second polynomial to obtain third data includes:
generating a second random number, the second random number being a slope of the second polynomial;
and calculating the second data through the second polynomial according to the second random number and the second secret key to obtain third data.
Further, the remote data backup encryption method in the embodiment of the present invention further includes the following steps:
acquiring a password and biological characteristics of a user side;
and generating identity verification information according to the third data, the password and the biological characteristics, wherein the identity verification information is used for identity authentication among the smart card, the user side and the server before decryption.
Further, the remote data backup encryption method in the embodiment of the present invention further includes the following steps:
and judging whether the backup data is attacked, and if so, reminding a user to update the password and the biological characteristics.
Further, in an embodiment of the present invention, the determining whether the backup data is attacked includes:
acquiring the value of a counter, wherein the initial value of the counter is zero, and the counter is used for adding one when the decryption of the backup data fails;
judging whether the value of the counter is greater than six, if so, judging that the backup data is attacked;
if not, judging whether the second secret key is used for decrypting the backup data, and if so, judging that the backup data is attacked.
In a second aspect, an embodiment of the present invention provides a remote data backup encryption system, including:
the identity information acquisition module is used for acquiring identity information;
the first key processing module is used for decomposing a first key into three shares corresponding to the identity information through a first polynomial and destroying the first key;
the first data generation module is used for encrypting the identity information through a second secret key to generate first data;
the second data conversion module is used for converting the first data into a decimal system to obtain second data;
and the third data calculation module is used for calculating the second data through a second polynomial to obtain third data.
In a third aspect, an embodiment of the present invention provides a remote data backup encryption apparatus, including:
at least one processor;
at least one memory for storing at least one program;
the at least one program, when executed by the at least one processor, causes the at least one processor to implement the remote data backup encryption method.
In a fourth aspect, an embodiment of the present invention provides a storage medium, in which a program executable by a processor is stored, and the program executable by the processor is used for implementing the remote data backup encryption method.
Advantages and benefits of the present invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the present application:
according to the embodiment of the invention, the first key for encrypting the backup data is decomposed into three shares corresponding to the three identity information, and the first key is destroyed, so that the first key is effectively prevented from being attacked and further leaked in the remote data transmission process; by encrypting and processing the identity information, the identity information is required to be obtained before the backup data is decrypted, and then the first key is calculated through the identity information and the share, so that the double encryption of the backup data is realized, and the safety of the backup data in the remote transmission process is improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the following description is made on the drawings of the embodiments of the present application or the related technical solutions in the prior art, and it should be understood that the drawings in the following description are only for convenience and clarity of describing some embodiments in the technical solutions of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a schematic flow chart illustrating a remote data backup encryption method according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of an embodiment of a remote data backup encryption system according to the present invention;
fig. 3 is a schematic structural diagram of an embodiment of a remote data backup encryption device according to the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application. The step numbers in the following embodiments are provided only for convenience of illustration, the order between the steps is not limited at all, and the execution order of each step in the embodiments can be adapted according to the understanding of those skilled in the art.
The terms "first," "second," "third," and "fourth," etc. in the description and claims of the invention and in the accompanying drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the invention. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
The remote data backup technology facilitates data storage of users, but sensitive data of remote data backup are easily intercepted and attacked in the data transmission process, so that data leakage is caused. To address this problem, sensitive data needs to be encrypted before it is uploaded to remote storage. Therefore, an encryption key for protecting sensitive data is very important. However, conventional data backup schemes have significant security weaknesses and cannot resist offline password guessing attacks, server spoofing attacks, user spoofing attacks, and attacker update password/biometric attacks. The traditional data backup scheme adopts a symmetric encryption mode to encrypt backup data. Symmetric encryption has the advantage of fast encryption speed, but if the key exchange is not secure, the security of the key is lost, especially in the e-commerce environment, when the client is an unknown and untrusted entity, how to make the client obtain the encryption key of the backup data securely becomes a big problem.
Therefore, the invention provides a remote data backup encryption method and system, which effectively avoid the first secret key from being attacked and further being leaked in the remote data transmission process by decomposing the first secret key for encrypting backup data into three shares corresponding to three identity information and destroying the first secret key; by encrypting and processing the identity information, the identity information is required to be obtained before the backup data is decrypted, and then the first key is calculated through the identity information and the share, so that the double encryption of the backup data is realized, and the safety of the backup data in the remote transmission process is improved.
A remote data backup encryption method and system according to an embodiment of the present invention will be described in detail below with reference to the accompanying drawings, and first, a remote data backup encryption method according to an embodiment of the present invention will be described with reference to the accompanying drawings.
Referring to fig. 1, an embodiment of the present invention provides a remote data backup encryption method, where the remote data backup encryption method in the embodiment of the present invention may be applied to a terminal, a server, or software running in the terminal or the server. The terminal may be, but is not limited to, a tablet computer, a notebook computer, a desktop computer, and the like. The server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a network service, cloud communication, middleware service, a domain name service, a security service, a Content Delivery Network (CDN), a big data and artificial intelligence platform, and the like. The remote data backup encryption method in the embodiment of the invention mainly comprises the following steps:
s101, acquiring identity information;
wherein the identity information comprises parameter information ID of the smart cardscParameter information ID of user terminalusrAnd parameter information ID of serverser
Specifically, the obtaining of the identity information facilitates the subsequent decomposition of the first key into three shares corresponding to the smart card, the user side and the server, respectively, and the corresponding storage of the three shares into the smart card, the user side and the server.
S102, decomposing a first key into three shares corresponding to the identity information through a first polynomial, and destroying the first key;
wherein the first key is a key for encrypting backup data.
Specifically, first, the first secret key K is passed2For preparingAES symmetric encryption is carried out on the data, and then the data are encrypted according to a first polynomial f (x) ax + K2And identity information, parameter information ID of the smart cardscParameter information ID of user terminalusrAnd parameter information ID of serverser are respectively substituted into the first polynomial to be calculated, and the first secret key is decomposed into three shares respectively corresponding to the smart card, the user side and the server in combination with Shamir secret sharing. Wherein a is a first random number. The three portions are respectively:
gsc=f(IDsc)=aIDsc+K2
gusr=f(IDusr)=aIDusr+K2
gser=f(IDser)=aIDser+K2
s102 may be further divided into the following steps S1021-S1022:
step S1021, generating a first random number;
wherein the first random number a is a slope of the first polynomial.
In particular, the first random number a is generated by the server, ensuring that the first key K is restored by the first polynomial when decrypting the backup data2The safety of (2).
Step S1022, according to the first polynomial and the identity information, decomposing the first key into three shares corresponding to the smart card, the user side, and the server, respectively, and destroying the first key.
S103, encrypting the identity information through a second secret key to generate first data;
in particular by means of the second key K0Parameter information ID for smart cardsscParameter information ID of user terminalusrAnd parameter information ID of serverserPerforming RSA asymmetric encryption to obtain Csc、CusrAnd CserThree sections of ciphertext (first data). Wherein the second key K0Is a public key.
In an embodiment of the present invention, step S103 further includes:
(1) acquiring a second key and a third key which are asymmetrically encrypted by RSA;
wherein the second key K0For the public key, for encrypting data, a third key K1Is the second key K0Corresponding private key for the second key K0The encrypted data is decrypted.
(2) The third key is stored to the offline device.
In particular, the third key K is used1And storing the data on the off-line equipment for obtaining and using the data during decryption.
S104, converting the first data into a decimal system to obtain second data;
specifically, C generated by RSA asymmetric encryption in step S103sc、CusrAnd CserThree sections of ciphertext (first data) are character type data, and S is obtained by converting the first data into decimal datasc、SusrAnd Sser(second data) for facilitating subsequent calculation by a hash function to obtain encrypted authentication information.
And S105, calculating the second data through a second polynomial to obtain third data.
Wherein the second polynomial includes the second key.
Specifically, the second polynomial h (x) ═ bx + K is used0In combination with a second key K0To Ssc、SusrAnd Sser(second data) is subjected to RSA asymmetric encryption to obtain third data. The third data is:
Asc=h(Ssc)=bSsc+K0
Ausr=h(Susr)=bSusr+K0
Aser=h(Sser)=bSser+K0
wherein b is a second random number.
Asymmetric encryption of second data S by RSAsc、Susr、SserEncrypting to generate third data Asc、Ausr、AserOn one hand, the identity authentication information among the intelligent card, the user side and the server is convenient to calculate through further encryption; on the other hand, to confuse an attacker who wants to intercept the backup data if the attacker tries to use the second key K0To restore the backup data, the server directly determines that the object performing the operation is an attacker.
S105 may be further divided into the following steps S1051-S1052:
step S1051, generating a second random number;
wherein the second random number b is a slope of the second polynomial.
In particular, the second random number b is generated by the server, ensuring that step S1052 passes the second polynomial, the second key K0And third data Asc、Ausr、AserCalculating the second data Ssc、Susr、SserSafety in time.
Step S1052, calculating the second data by the second polynomial according to the second random number and the second key to obtain the third data.
The remote data backup encryption method of the embodiment of the invention also comprises the following steps:
(1) acquiring a password PW and biological characteristics Bio of a user side;
specifically, the password PW is a personal password set by the user, and the biometric characteristic Bio is determined by a biometric device that can be entered by the user end device.
(2) According to the third data Asc、Ausr、AserAnd generating identity verification information by the password PW and the biological feature Bio, wherein the identity verification information is used for identity authentication among the smart card, the user side and the server before decryption.
Specifically, the authentication information of the user side is calculated as follows:
V=h(Asc||PW||Ausr)
C=h(Asc||PW||Bio||Ausr)
m1=h(gusr,Ausr,C)
user side will m1And sending the data to a server for identity authentication of the server before decryption.
Server store AusrAnd gserAnd calculating:
Y=h(Aser||N||PW||Ausr)
Figure BDA0003396928480000071
m2=Z
where N is a private parameter of the server. The server sends m2And sending the data to the user side for identity authentication of the user side before decryption. User side storage gusrAnd Z.
User side will (A)sc,gscV, Z) is sent to the smart card for authentication of the smart card by the user side and the server before decryption.
User side will (g)usrZ) and (A)sc,gscV, Z) is stored on another offline device for handling device loss conditions.
The remote data backup encryption method of the embodiment of the invention also comprises the following steps:
and judging whether the backup data is attacked, and if so, reminding a user to update the password and the biological characteristics.
Specifically, the judgment of whether the backup data is attacked is as follows:
(1) acquiring the value of a counter;
the initial value of the counter is zero, and the counter is used for adding one when the backup data fails to be decrypted.
Specifically, when a malicious attacker decrypts the backup data by the wrong key, the value of the counter is increased by one bit.
(2) Judging whether the value of the counter is greater than six, if so, judging that the backup data is attacked;
specifically, if the value of the counter is largeSixth, it indicates that the attacker tries to break the first key K by guessing the attack2And acquiring backup data to remind the user to update the password PW and the biological feature Bio.
(3) If not, judging whether the second secret key is used for decrypting the backup data, and if so, judging that the backup data is attacked.
Specifically, in conjunction with step S105, the second key K0The second key K, which is not the key for encrypting the backup data0Is used for carrying out RSA asymmetric encryption on the identity information and carrying out AES symmetric encryption on the second data again to generate third data Asc、Ausr、AserAn attacker who wants to intercept the backup data is confused. If the attacker tries to use the second key K0To restore the backup data, the server directly determines that the object performing the operation is an attacker and reminds the user to update the password PW and the biometric Bio.
When the first key K needs to be recovered2And passes through the first key K2When the backup data is obtained through decryption, the following operations are executed:
by means of the third data Asc、Ausr、AserAnd a second polynomial h (x) ═ bx + K0Calculating the second data Ssc、Susr、SserAnd S in the second datasc、SserC reduced to character type datascAnd Cser(ii) a Obtaining a third key K from an offline device1To CscAnd CserDecrypting to obtain the parameter information ID of the smart cardscAnd parameter information ID of serverser(ii) a According to the parameter information ID of the smart cardscAnd parameter information ID of serverserAnd a first polynomial f (x) ax + K2Calculating a first key K2The following are:
K2=(gscIDser)/(IDser-IDsc)-(gserIDsc)/(IDser-IDsc)
next, a remote data backup encryption system proposed according to an embodiment of the present application is described with reference to the drawings.
Fig. 2 is a schematic structural diagram of a remote data backup encryption system according to an embodiment of the present application.
The system specifically comprises:
an identity information obtaining module 201, configured to obtain identity information;
a first key processing module 202, configured to decompose a first key into three shares corresponding to the identity information through a first polynomial, and destroy the first key;
the first data generation module 203 is configured to encrypt the identity information through a second key to generate first data;
a second data conversion module 204, configured to convert the first data into a decimal system to obtain second data;
and a third data calculating module 205, configured to calculate the second data by using a second polynomial, so as to obtain third data.
It can be seen that the contents in the foregoing method embodiments are all applicable to this system embodiment, the functions specifically implemented by this system embodiment are the same as those in the foregoing method embodiment, and the advantageous effects achieved by this system embodiment are also the same as those achieved by the foregoing method embodiment.
Referring to fig. 3, an embodiment of the present application provides a remote data backup encryption apparatus, including:
at least one processor 301;
at least one memory 302 for storing at least one program;
the at least one program, when executed by the at least one processor 301, causes the at least one processor 301 to implement the one remote data backup encryption method.
Similarly, the contents of the method embodiments are all applicable to the apparatus embodiments, the functions specifically implemented by the apparatus embodiments are the same as the method embodiments, and the beneficial effects achieved by the apparatus embodiments are also the same as the beneficial effects achieved by the method embodiments.
In alternative embodiments, the functions/acts noted in the block diagrams may occur out of the order noted in the operational illustrations. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved. Furthermore, the embodiments presented and described in the flowcharts of the present application are provided by way of example in order to provide a more thorough understanding of the technology. The disclosed methods are not limited to the operations and logic flows presented herein. Alternative embodiments are contemplated in which the order of various operations is changed and in which sub-operations described as part of larger operations are performed independently.
Furthermore, although the present application is described in the context of functional modules, it should be understood that, unless otherwise stated to the contrary, one or more of the functions and/or features may be integrated in a single physical device and/or software module, or one or more functions and/or features may be implemented in separate physical devices or software modules. It will also be appreciated that a detailed discussion regarding the actual implementation of each module is not necessary for an understanding of the present application. Rather, the actual implementation of the various functional modules in the apparatus disclosed herein will be understood within the ordinary skill of an engineer, given the nature, function, and internal relationship of the modules. Accordingly, those skilled in the art can, using ordinary skill, practice the present application as set forth in the claims without undue experimentation. It is also to be understood that the specific concepts disclosed are merely illustrative of and not intended to limit the scope of the application, which is defined by the appended claims and their full scope of equivalents.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium, which includes programs for enabling a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The logic and/or steps represented in the flowcharts or otherwise described herein, such as an ordered listing of executable programs that can be considered for implementing logical functions, can be embodied in any computer-readable medium for use by or in connection with a program execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the programs from the program execution system, apparatus, or device and execute the programs. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the program execution system, apparatus, or device.
More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable program execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
In the foregoing description of the specification, reference to the description of "one embodiment/example," "another embodiment/example," or "certain embodiments/examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
While embodiments of the present application have been shown and described, it will be understood by those of ordinary skill in the art that: numerous changes, modifications, substitutions and alterations can be made to the embodiments without departing from the principles and spirit of the application, the scope of which is defined by the claims and their equivalents.
While the present application has been described with reference to the preferred embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (10)

1. A remote data backup encryption method is characterized by comprising the following steps:
acquiring identity information, wherein the identity information comprises parameter information of an intelligent card, parameter information of a user side and parameter information of a server;
decomposing a first key into three shares corresponding to the identity information through a first polynomial, and destroying the first key, wherein the first key is a key for encrypting backup data;
encrypting the identity information through a second secret key to generate first data;
converting the first data into a decimal system to obtain second data;
and calculating the second data through a second polynomial to obtain third data, wherein the second polynomial comprises the second key.
2. The method of claim 1, wherein decomposing a first key into three shares corresponding to the identity information by a first polynomial and destroying the first key comprises:
generating a first random number, the first random number being a slope of the first polynomial;
and according to the first polynomial and the identity information, decomposing the first key into three shares respectively corresponding to the smart card, the user side and the server, and destroying the first key.
3. The method of claim 1, wherein the encrypting the identity information with a second key to generate first data further comprises:
acquiring the second key and a third key, wherein the second key is a public key, and the third key is a private key corresponding to the second key;
the third key is stored to the offline device.
4. The method of claim 1, wherein the calculating the second data by the second polynomial to obtain third data comprises:
generating a second random number, the second random number being a slope of the second polynomial;
and calculating the second data through the second polynomial according to the second random number and the second secret key to obtain third data.
5. The remote data backup encryption method according to claim 1, further comprising the steps of:
acquiring a password and biological characteristics of a user side;
and generating identity verification information according to the third data, the password and the biological characteristics, wherein the identity verification information is used for identity authentication among the smart card, the user side and the server before decryption.
6. The remote data backup encryption method according to claim 5, further comprising the steps of:
and judging whether the backup data is attacked, and if so, reminding a user to update the password and the biological characteristics.
7. The method of claim 6, wherein the determining whether the backup data is attacked comprises:
acquiring the value of a counter, wherein the initial value of the counter is zero, and the counter is used for adding one when the decryption of the backup data fails;
judging whether the value of the counter is greater than six, if so, judging that the backup data is attacked;
if not, judging whether the second secret key is used for decrypting the backup data, and if so, judging that the backup data is attacked.
8. A remote data backup encryption system, comprising:
the identity information acquisition module is used for acquiring identity information;
the first key processing module is used for decomposing a first key into three shares corresponding to the identity information through a first polynomial and destroying the first key;
the first data generation module is used for encrypting the identity information through a second secret key to generate first data;
the second data conversion module is used for converting the first data into a decimal system to obtain second data;
and the third data calculation module is used for calculating the second data through a second polynomial to obtain third data.
9. A remote data backup encryption apparatus, comprising:
at least one processor;
at least one memory for storing at least one program;
when executed by the at least one processor, cause the at least one processor to implement a remote data backup encryption method as recited in any of claims 1-7.
10. A storage medium having stored therein a program executable by a processor, characterized in that: the processor-executable program when executed by a processor is for implementing a remote data backup encryption method as claimed in any one of claims 1 to 7.
CN202111486831.0A 2021-12-07 2021-12-07 Remote data backup encryption method, system, device and storage medium Pending CN114372274A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111486831.0A CN114372274A (en) 2021-12-07 2021-12-07 Remote data backup encryption method, system, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111486831.0A CN114372274A (en) 2021-12-07 2021-12-07 Remote data backup encryption method, system, device and storage medium

Publications (1)

Publication Number Publication Date
CN114372274A true CN114372274A (en) 2022-04-19

Family

ID=81140508

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111486831.0A Pending CN114372274A (en) 2021-12-07 2021-12-07 Remote data backup encryption method, system, device and storage medium

Country Status (1)

Country Link
CN (1) CN114372274A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114584328A (en) * 2022-05-09 2022-06-03 武汉四通信息服务有限公司 API interface access method, computer device and computer storage medium
CN116432199A (en) * 2023-03-03 2023-07-14 安超云软件有限公司 Cloud platform remote data backup method, cloud platform remote data recovery method and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101945114A (en) * 2010-09-20 2011-01-12 西安电子科技大学 Identity authentication method based on fuzzy vault and digital certificate
CN103748832A (en) * 2011-08-29 2014-04-23 索尼公司 Signature verification device, signature verification method, program, and recording medium
CN106709716A (en) * 2015-11-13 2017-05-24 航天信息股份有限公司 Method, device and system for PBOC transaction based on biometric encryption
US20210234678A1 (en) * 2020-01-29 2021-07-29 Sebastien ARMLEDER Storing and determining a data element

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101945114A (en) * 2010-09-20 2011-01-12 西安电子科技大学 Identity authentication method based on fuzzy vault and digital certificate
CN103748832A (en) * 2011-08-29 2014-04-23 索尼公司 Signature verification device, signature verification method, program, and recording medium
CN106709716A (en) * 2015-11-13 2017-05-24 航天信息股份有限公司 Method, device and system for PBOC transaction based on biometric encryption
US20210234678A1 (en) * 2020-01-29 2021-07-29 Sebastien ARMLEDER Storing and determining a data element

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘忆宁: ""A secure data backup scheme using multi-factor authentication"", IET INFORMATION SECURITY, vol. 11, no. 5, 1 September 2017 (2017-09-01), pages 250 - 255 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114584328A (en) * 2022-05-09 2022-06-03 武汉四通信息服务有限公司 API interface access method, computer device and computer storage medium
CN114584328B (en) * 2022-05-09 2022-08-02 武汉四通信息服务有限公司 API interface access method, computer device and computer storage medium
CN116432199A (en) * 2023-03-03 2023-07-14 安超云软件有限公司 Cloud platform remote data backup method, cloud platform remote data recovery method and electronic equipment

Similar Documents

Publication Publication Date Title
Bhardwaj et al. Security algorithms for cloud computing
US8806200B2 (en) Method and system for securing electronic data
US20090097657A1 (en) Constructive Channel Key
US9531540B2 (en) Secure token-based signature schemes using look-up tables
US20130028419A1 (en) System and a method for use in a symmetric key cryptographic communications
CN111245597A (en) Key management method, system and equipment
Agarwal et al. A survey on cloud computing security issues and cryptographic techniques
CN112740615A (en) Multi-party computed key management
CN114372274A (en) Remote data backup encryption method, system, device and storage medium
CN112084525A (en) Distributed key encryption method and device, electronic equipment and storage medium
Khelifi et al. Enhancing protection techniques of e-banking security services using open source cryptographic algorithms
Khatarkar et al. A survey and performance analysis of various RSA based encryption techniques
CN111490874B (en) Distribution network safety protection method, system, device and storage medium
Lehto et al. Cryptovault-a secure hardware wallet for decentralized key management
Pavani et al. Data Security and Privacy Issues in Cloud Environment
CN110708155B (en) Copyright information protection method, copyright information protection system, copyright confirming method, copyright confirming device, copyright confirming equipment and copyright confirming medium
CN114422114B (en) Time-controlled encryption method and system based on multi-time server
CN115809459A (en) Data protection and decryption method, system, device and medium for software cryptographic module
CN111431846B (en) Data transmission method, device and system
Kulkarni et al. A Study on Data Security in Cloud Computing: Traditional Cryptography to the Quantum Age Cryptography
Neela et al. A Hybrid Cryptography Technique with Blockchain for Data Integrity and Confidentiality in Cloud Computing
Shakor et al. Hybrid security model for medical image protection in cloud
Abdalla et al. Anonymous Pairing-Free and Certificateless Key Exchange Protocol for DRM System.
Mohd Salleh et al. A review on structured scheme representation on data security application
ZHANG Cryptographic Techniques in Digital Media Security: Current Practices and Future Directions.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination