CN115022042A - Compliance code verification method for protecting data privacy and computer readable medium - Google Patents
Compliance code verification method for protecting data privacy and computer readable medium Download PDFInfo
- Publication number
- CN115022042A CN115022042A CN202210621746.9A CN202210621746A CN115022042A CN 115022042 A CN115022042 A CN 115022042A CN 202210621746 A CN202210621746 A CN 202210621746A CN 115022042 A CN115022042 A CN 115022042A
- Authority
- CN
- China
- Prior art keywords
- data
- code
- verification
- compliance
- label
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012795 verification Methods 0.000 title claims abstract description 156
- 238000000034 method Methods 0.000 title claims abstract description 57
- 238000013507 mapping Methods 0.000 claims description 18
- 230000006399 behavior Effects 0.000 claims description 11
- 230000008569 process Effects 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000007689 inspection Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a compliance code verification method and a computer readable medium for protecting data privacy, wherein the verification method comprises the following steps: a data receiver acquires an identification code for verification, and the data receiver stores a compliance code serving as a verification standard; the compliance code is a multi-factor compliance code and comprises a plurality of data label codes and a message authentication code which are spliced as verification factors; SB: calling a data compliance verification algorithm to decrypt and verify the compliance code and the identification code; SC: judging whether the data pass the compliance verification, and if the compliance verification fails, indicating that the data have illegal operation; if the verification is passed, the tampering verification can be selected to be continuously carried out, and if the tampering does not exist, the verification is successful. The method and the device are used for further verification, and the confidentiality, the integrity and the compliance of the data are guaranteed.
Description
Technical Field
The application relates to the technical field of computers, in particular to a high-efficiency compliance code verification method for protecting data privacy and a computer readable medium.
Background
In the prior art, in the data transmission process, in order to ensure the security and integrity of data, data is generally required to be encrypted and message digest processed. Wherein SM4 is a block cipher standard adopted by the government of the people's republic of China. In a commercial cryptosystem, the SM4 is mainly used for data encryption, the algorithm is public, the packet length and the key length are both 128 bits, both the encryption algorithm and the key expansion algorithm adopt 32-round nonlinear iterative structures, and an S-box used for encryption is a fixed 8-bit input 8-bit output. SM3 is a cryptographic hash function standard adopted by the government of the people's republic of china, and in a commercial cryptosystem, SM3 is mainly used for digital signature and verification, message authentication code generation and verification, random number generation, and the like, and the algorithm thereof is disclosed. According to the representation of the national cipher administration, the security and the efficiency are superior to those of the SHA-256 algorithm.
When no compliance code verification method aiming at the transaction with the private data exists in the prior art, how to effectively verify whether the data is in compliance circulation to the enterprise and correctly applied through the network api or the access compliance verification address. Therefore, how to perform data compliance verification and tamper verification is a problem that needs to be solved urgently by those skilled in the art.
Disclosure of Invention
The object of the present invention is to overcome the above-mentioned drawbacks of the prior art, and to provide a method and a computer readable medium for verifying a compliance code, which includes a data flow compliance verification and a data tampering verification, and has a fast verification and a high confidentiality.
In order to achieve the above object, the present invention has the following configurations:
the application comprises a compliance code verification method for protecting data privacy, which comprises the following steps:
and SA: a data receiving party acquires an identification code for verification, and the data receiving party stores a compliance code serving as a verification standard; the compliance code is a multi-factor compliance code and comprises a plurality of data label codes and a message authentication code which are spliced as verification factors;
SB: calling a data compliance verification algorithm to decrypt and verify the compliance code and the identification code;
SC: judging whether the data pass the compliance verification, and if the compliance verification fails, indicating that the data have illegal operation; if the verification is passed, the tampering verification can be selected to be continuously carried out, and if no tampering exists, the verification is successful.
In a preferred method for verifying compliance codes, the step SC specifically includes:
SC: calling a data compliance verification algorithm, decrypting and respectively verifying each data label code, and if the verification fails, judging that the data has an illegal behavior corresponding to the data label code; if all the data label codes pass the verification, the step SD can be selected to be continuously executed;
and SD, performing tampering check, checking the message verification code, if the message verification code is the same, judging that no tampering exists, and if the message verification code is different, judging that tampering exists.
In a preferred compliance code verification method, the compliance code is generated by adding a plurality of labels to original data in advance, performing joint coding on label data and data source identity identification information, and generating the compliance code by using HMAC to obtain coding and summary information of the data and splicing and encrypting the coding and the summary information.
In a preferred compliance code verification method, the generating step of the compliance code includes:
s1, collecting original data by a data source;
s2, establishing a data dictionary mapping and encoding rule table;
s3, dividing the data into batches to generate batch data labels;
s4, selecting a data label, and splicing the data dictionary mapping code and the HMAC value corresponding to the data label to form data to be encrypted;
s5, encrypting the data to be encrypted by using the state secret SM4 to obtain a ciphertext;
and S6, calling a two-dimensional code generation algorithm to process the ciphertext to generate a compliance code.
In a preferred compliance code verification method, the step S4 specifically includes the steps of,
s4-1, splicing the data to obtain a label code, and splicing the data to obtain an HMAC value after the data is bound by a data source identity and a user identity;
s4-2, splicing data cache label codes, and splicing the data to use deadline information;
s4-3, splicing data, namely encoding the spliced data by using labels, and splicing values obtained after data dictionary mapping is carried out on the spliced data by using category information labels;
s4-4, splicing data transaction label codes, and splicing values obtained after data dictionary mapping is carried out on the data transaction information labels;
s4-5, splicing data stream label codes, and splicing HMAC values obtained after performing data dictionary mapping on the batch labels and adding batch transaction total amount;
and S4-6, splicing the HMAC values of the data cleartext.
In a preferred compliance code verification method, the step SC specifically includes: calling a data compliance verification algorithm, decrypting and respectively verifying each data label code, and if the verification fails, judging that the data has an illegal behavior corresponding to the data label code, wherein the method specifically comprises the following steps of
SC-1, judge whether the label code of data acquisition passes the check, if the check fails, prove that the data has violation to obtain;
SC-2, judge whether the data cache label code passes the check, if the check fails, show that the data has the cache of violation;
SC-3, judge whether the label code of using of the data passes the check, if the check fails, show that the data has violation of using;
SC-4, judge whether the label code of data transaction passes the verification, if fail to verify, show the data has illegal transactions;
SC-5, judge whether the label code of data flow passes the verification, if the verification fails, show that the data has flow violating;
if all the data label codes pass the verification, the step SD can be selected to be continuously executed;
and SD, performing tampering check, checking the message verification code, if the message verification code is the same, judging that no tampering exists, and if the message verification code is different, judging that tampering exists.
In a preferred compliance code verification method, the HMAC is specifically:
the opad and the ipad are constants, M is data to be processed, Key1 is a first initial Key, and Key2 is a second Key.
In an optimized compliance code verification method, the first initial Key 1 =SM3(S 1 ) Said S 1 According to the current time T 1 And is generated using a random number tool,
the second Key 2 =SM3(S 2 | Key1), S 2 According to the current time T 2 And generated using a random number tool.
In a preferred compliance code verification method, the raw data comprises: the data transaction method comprises the following steps of data belonging time, data generation time, data source number, data belonging industry number, data content validity period, data field number, data content, transaction platform code, transaction provider ID code, data transaction validity period, selling customer ID code, permitted application industry, permitted application scene, data transaction time, data transaction mode, charging type and data field number.
The present application also includes a computer readable medium having stored thereon computer readable instructions executable by a processor to implement the method for verifying compliance codes for protecting data privacy.
The compliance code verification method and the computer readable medium for protecting data privacy of the application are adopted, and the verification method comprises the following steps: a data receiver acquires an identification code for verification, and the data receiver stores a compliance code serving as a verification standard; the compliance code is a multi-factor compliance code and comprises a plurality of data label codes and a message authentication code which are spliced as verification factors; SB: calling a data compliance verification algorithm to decrypt and verify the compliance code and the identification code; SC: judging whether the data pass the compliance verification, and if the compliance verification fails, indicating that the data have illegal operation; if the verification is passed, the tampering verification can be selected to be continuously carried out, and if the tampering does not exist, the verification is successful. The method and the device are used for further verification, and the confidentiality, the integrity and the compliance of the data are guaranteed.
Drawings
FIG. 1 is a diagram of preferred steps of a compliance code verification method for protecting data privacy;
FIG. 2 is a diagram of the steps of compliance code verification tampering to protect data privacy
FIG. 3 is a diagram of the preferred steps of the preferred HMAC technique;
FIG. 4 shows a compliance code generation step of a first preferred embodiment for protecting data privacy;
fig. 5 shows a compliance code generation procedure of a second preferred embodiment for protecting data privacy.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings, and it is to be understood that the described embodiments are only some embodiments of the present disclosure, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the disclosed embodiments without making any creative effort, also belong to the protection scope of the present invention.
The application comprises a compliance code verification method for protecting data privacy, which comprises the following steps:
and SA: a data receiver acquires an identification code for verification, and the data receiver stores a compliance code serving as a verification standard; the compliance code is a multi-factor compliance code and comprises a plurality of data label codes and a message authentication code which are spliced as verification factors;
SB: calling a data compliance verification algorithm to decrypt and verify the compliance code and the identification code;
SC: judging whether the data pass the compliance verification, and if the compliance verification fails, indicating that the data have illegal operation; if the verification is passed, the tampering verification can be selected to be continuously carried out, and if the tampering does not exist, the verification is successful.
In the data transmission process in the prior art, a national secret SM4 is generally used for encrypting data, an SM4 encryption algorithm is disclosed, the packet length and the secret key length are both 128 bits, both the encryption algorithm and the secret key expansion algorithm adopt 32-round nonlinear iterative structures, an S box used for encryption is a fixed 8-bit input 8-bit output, an exemplary technical scheme can refer to an information security technology SM4 block cipher algorithm (GB/T32907-2016) issued by the State administration of quality supervision and inspection and quarantine of the people' S republic of China and the Committee of the State standardization administration, and it should be understood that the technical scheme described in the information security technology SM4 block cipher algorithm is the prior art of the present application and can be directly applied to the technical scheme of the present application.
On the basis of a ciphertext generated by encrypting message data through an SM4 encryption algorithm, the technical scheme that a message verification code generated by further adopting an SM3 hash algorithm to the message data is used for judging whether the ciphertext has violation behaviors or is tampered is added.
Reference may be made to the information security technology SM3 cryptographic hash algorithm (GB/T32905 and 2016) issued by the general administration of quality supervision, inspection and quarantine of the people's republic of china and the national standards administration of china, and it should be understood that the technical solution described in the information security technology SM3 cryptographic hash algorithm is the prior art of the present application and can be directly applied to the technical solution of the present application.
In a preferred embodiment of the present application, the data owner (compliance code generator) generates a compliance code, and sends the compliance code to the data receiver and stores the compliance code in the data receiver storage unit as a standard for verification. For the sake of distinction, the code acquired by the data receiver for verification is called an identification code. It should be understood that the compliance code is the same as the identification code when the identification code can be verified by the verification method of the present application.
When data transmission is needed and cipher text verification is needed, the data receiving party submits verification information to a credible third verification mechanism, and the compliance codes stored in the data receiving party are decrypted and verified by calling a data compliance verification algorithm.
The generation mode of the compliance code is generated by splicing and encrypting the data label coding information and the plaintext data message authentication code and calling a two-dimensional code generation algorithm.
In a preferred compliance code verification method, the compliance code is generated by adding a plurality of labels to original data in advance, performing joint coding on label data and data source identity identification information, and generating the compliance code by using HMAC to obtain coding and summary information of the data and splicing and encrypting the coding and the summary information.
In a preferred method for verifying compliance codes, the step SC specifically includes:
SC: calling a data compliance verification algorithm, decrypting and respectively verifying each data label code, and if the verification fails, judging that the data has violation behaviors corresponding to the data label codes, wherein the violation behaviors comprise violation acquisition, violation cache, violation use, violation transaction and violation circulation; if all the data label codes pass the verification, the step SD can be selected to be continuously executed;
and SD, performing tampering check, checking the message verification code, if the message verification code is the same, judging that no tampering exists, and if the message verification code is different, judging that tampering exists.
In a preferred embodiment, the data compliance code verification algorithm is used for verifying the encoded information in the compliance code and the message authentication code ciphertext part, and in a preferred embodiment, the ciphertext part is generated by encoding the original data label through data dictionary mapping, splicing the message authentication code of the original data after the message authentication code is taken, and encrypting the original data by using the SM4, wherein the generation mode of the specific ciphertext part will be described in detail below. According to the method, the rule codes are decoded, the information parts of the code information and the information authentication code are compared, if the comparison is the same, tampering verification is continuously executed, and if the comparison is different, the data are directly judged to have violation behaviors.
In other preferred embodiments, the data receiver stores the original data, and the content of the original data is the same as the original data used by the data sender to generate the compliance code. In this embodiment, after acquiring the compliance code (identification code) for verification, the data receiving side generates the same compliance code from the stored original data, and invokes the data compliance verification algorithm to verify whether the newly generated compliance code and the acquired compliance code (identification code) are the same.
In a preferred embodiment, an HMAC function is stored in the data receiver, and the HMAC function is used to form the processed private data information into a message authentication code. The authentication code is stored at the data receiving party.
In a preferred embodiment, the HMAC function is specifically:
the opad and the ipad are constants, M is data to be processed, Key1 is a first initial Key, and Key2 is a second Key.
The first initial Key1 ═ SM3 (S) 1 ) Said S 1 According to the current time T 1 And generated using a random number tool. The second Key 2 =SM3(S 2 | Key1), S 2 According to the current time T 2 And generated using a random number tool.
As shown in fig. 2, tamper verification is performed on the acquired message verification code, the third verifier first decrypts the cipher compliance code and splits the cipher compliance code to obtain the message verification code, extracts the message authentication code of the original data, compares the message authentication code with the message authentication code provided by the data receiver for verification, and if verification is successful, indicates that the data is not tampered; if the verification fails, the data is indicated to be tampered.
As shown in fig. 3, in order to implement the HMAC processing flow chart of the present application, the value Key1 of the first secret Key1 is obtained as SM3 (S) 1 ) Said S 1 According to the presentTime T 1 And generated using a random number tool. XOR the generated Key1 with the opad to obtain the first S1 (the S1 and S) 1 Different), splicing the S1 with the data label coding information and the information authentication code, carrying out exclusive or on the spliced content with a Key2 and an ipad, wherein the second Key2 is SM3 (S) 2 | Key1), S 2 According to the current time T 2 And generated using a random number tool.
The present application further includes a method for generating the compliance code, as shown in fig. 4, the method includes the steps of:
s1, collecting original data by a data source;
s2, establishing a data dictionary mapping and encoding rule table;
s3, dividing the data into batches to generate batch data labels;
s4, selecting a data label, and splicing the data dictionary mapping code and the HMAC value corresponding to the data label to form data to be encrypted;
s4-1, splicing data to obtain a label code, and splicing HMAC values obtained after data source identity identification and user identity identification of the data are bound;
s4-2, splicing data cache label codes, and splicing the data using deadline information;
s4-3, splicing data, namely encoding the spliced data by using labels, and splicing values obtained after data dictionary mapping is carried out on the spliced data by using category information labels;
s4-4, splicing data transaction label codes, and splicing values obtained after data dictionary mapping is carried out on the data transaction information labels;
s4-5, splicing data flow label codes, and splicing HMAC values obtained after performing data dictionary mapping on the batch labels and adding batch transaction total amount;
and S4-6, splicing the HMAC values of the data cleartext.
S5, encrypting the data to be encrypted by using the state secret SM4 to obtain a ciphertext;
and S6, calling a two-dimensional code generation algorithm to process the ciphertext to generate a compliance code.
In a preferred compliance code verification method, the step SC specifically includes: calling a data compliance verification algorithm, decrypting and respectively verifying each data label code, and if the verification fails, judging that the data has an illegal behavior corresponding to the data label code, wherein the method specifically comprises the following steps of
SC-1, judge whether the label code of data acquisition passes the check, if the check fails, prove that the data has violation to obtain;
SC-2, judge whether the data cache label code passes the check, if the check fails, show that the data has the cache of violation;
SC-3, judge whether the data uses the label code to pass the check, if the check fails, show that the data has illegal use;
SC-4, judge whether the label code of data transaction passes the verification, if the verification fails, show that the data has illegal transaction;
SC-5, judge whether the label code of data flow passes the verification, if the verification fails, show that the data has flow violating;
preferably, the steps SC-1 to SC-5, S4-1 to S4-6 do not represent a specific order, and the steps SC-1 to SC-5, S4-1 to S4-6 may be performed simultaneously or in a set order.
If all the data label codes pass the verification, the step SD can be selected to be continuously executed;
and SD, performing tampering check, checking the message verification code, if the message verification code is the same, judging that no tampering exists, and if the message verification code is different, judging that tampering exists.
In a preferred embodiment, raw data is obtained from the data source.
The raw data comprises: the data transaction method comprises the following steps of data belonging time, data generation time, data source number, data belonging industry number, data content validity period, data field number, data content, transaction platform code, transaction provider ID code, data transaction validity period, selling customer ID code, permitted application industry, permitted application scene, data transaction time, data transaction mode, charging type and data field number.
Preferably, the original data tag is obtained by reading an original file, a worksheet is selected as required, and the whole document is traversed to read the data therein (the first row is a column name, so that the selection is skipped);
in a preferred embodiment, each of the transaction data is accompanied by a unique compliance code. That is, the original data is obtained for the data source of each piece of data, and the corresponding compliance code is generated for the original data according to the compliance code generation method.
In practical applications, the data owner (data sender) provides each generated compliance code to the data receiver, and the data receiver stores the compliance code. In other preferred embodiments, the data owner (data sender) provides each generated compliance code and its corresponding original data ciphertext to the data receiver, and the data receiver stores the compliance code and its corresponding original data ciphertext.
As shown in FIG. 5, the other preferred compliance code generation method is a flowchart, which includes the steps of A1 obtaining original data from a data source, A2 adding a batch division identifier T, and obtaining a message authentication code H of a data source identity information identifier and a data receiver identity information identifier splicing identifier I through an HMAC function I Data usage deadline tag T s Data use identification U, data transaction identification P, and message authentication code H for acquiring data flow batch and batch number integrity identification C through HMAC function C A3 data dictionary mapping coding the above identifiers, A4 generating message authentication code H of data content D And concatenating the coding information and the message authentication code information, A5 generating a compliance code ciphertext by using SM4 encryption, and A6 calling a two-dimensional code generation algorithm to generate a compliance code.
The present application also includes a computer readable medium having stored thereon computer readable instructions executable by a processor to perform the method for verifying compliance codes for protecting data privacy.
The processor may perform compliance code violation and tamper verification by performing the following steps:
and SA: a data receiver acquires a multi-factor ciphertext compliance code for verification, and the data receiver stores a multi-factor addition compliance code which is formed by splicing a plurality of data label data dictionary mapping codes and message authentication codes and contains a first compliance code, a second compliance code, a third compliance code, a fourth compliance code, a fifth compliance code and a sixth compliance code as verification standards;
SB: calling a data compliance verification algorithm to decrypt and verify the first compliance code, the second compliance code, the third compliance code, the fourth compliance code, the fifth compliance code and the sixth compliance code;
SC: calling a data compliance verification algorithm, decrypting and respectively verifying each data label code, and if the verification fails, judging that the data has violation behaviors corresponding to the data label codes, wherein the violation behaviors comprise violation acquisition, violation cache, violation use, violation transaction and violation circulation; if all the data label codes pass the verification, the step SD can be selected to be continuously executed;
and SD, performing tampering check, checking the message verification code, if the message verification code is the same, judging that no tampering exists, and if the message verification code is different, judging that tampering exists.
As used in this application and the appended claims, the terms "a," "an," "the," and/or "the" are not intended to be inclusive in the singular, but rather are intended to be inclusive in the plural unless the context clearly dictates otherwise. The terms "first" and "second" are not limiting words, and are used for explanation only and understanding of the technical solutions of the present invention, and the terms "first" and "second" may be substituted for each other. In general, the terms "comprises" and "comprising" merely indicate that steps and elements are included which are explicitly identified, that the steps and elements do not form an exclusive list, and that a method or apparatus may include other steps or elements.
The components, relative arrangements, functions, and numerical values set forth in these embodiments do not limit the scope of the present invention unless specifically stated otherwise. Also, it is apparent that the dimensions of the various parts shown in the drawings are not drawn to scale in practice for ease of description. Techniques, methods and apparatus that are known to those of ordinary skill in the relevant art have not been described in detail for the time being, but are intended to be part of the specification as appropriate. In all examples shown and discussed herein, any particular value should be construed as exemplary only and not as a limitation. Thus, other examples of step-wise embodiments may have a different order of precedence.
The foregoing is illustrative of the present invention and is not to be construed as limiting thereof. Although a few exemplary embodiments of the present invention have been described, those skilled in the art will readily appreciate that many modifications are possible in the exemplary embodiments without materially departing from the novel teachings and advantages of this invention. Accordingly, all such modifications are intended to be included within the scope of this invention as defined in the claims. It is to be understood that the foregoing is illustrative of the present invention and is not to be construed as limited to the specific embodiments disclosed, and that modifications to the disclosed embodiments, as well as other embodiments, are intended to be included within the scope of the appended claims. The invention is defined by the claims and their equivalents.
Claims (10)
1. A compliance code verification method for protecting data privacy is characterized by comprising the following steps:
and SA: a data receiver acquires an identification code for verification, and the data receiver stores a compliance code serving as a verification standard; the compliance code is a multi-factor compliance code and comprises a plurality of data label codes and a message authentication code which are spliced as verification factors;
SB: calling a data compliance verification algorithm to decrypt and verify the compliance code and the identification code;
and (3) SC: judging whether the data pass the compliance verification, and if the compliance verification fails, indicating that the data have illegal operation; if the verification is passed, the tampering verification can be selected to be continuously carried out, and if the tampering does not exist, the verification is successful.
2. The compliance code verification method according to claim 1, wherein the step SC specifically comprises:
SC: calling a data compliance verification algorithm, decrypting and respectively verifying each data label code, and if the verification fails, judging that the data has an illegal behavior corresponding to the data label code; if all the data label codes pass the verification, the step SD can be selected to be continuously executed;
and SD, performing tampering check, checking the message verification code, if the message verification code is the same, judging that no tampering exists, and if the message verification code is different, judging that tampering exists.
3. The method for verifying the compliance code for protecting the data privacy of claim 1, wherein the compliance code is generated by adding a plurality of tags to original data in advance, performing joint encoding on tag data and data source identification information, and generating the compliance code by using HMAC to obtain the encoding and the digest information of the data and splicing and encrypting the encoding and the digest information.
4. The compliance code verification method of claim 3, wherein the compliance code generation step comprises:
s1, collecting original data by a data source;
s2, establishing a data dictionary mapping and encoding rule table;
s3, dividing the data into batches to generate batch data labels;
s4, selecting a data label, and splicing the data dictionary mapping code and the HMAC value corresponding to the data label to form data to be encrypted;
s5, encrypting the data to be encrypted by using the state secret SM4 to obtain a ciphertext;
and S6, calling a two-dimensional code generation algorithm to process the ciphertext to generate a compliance code.
5. The compliance code verification method according to claim 4, wherein the step S4 specifically comprises the steps of,
s4-1, splicing the data to obtain a label code, and splicing the data to obtain an HMAC value after the data is bound by a data source identity and a user identity;
s4-2, splicing data cache label codes, and splicing the data to use deadline information;
s4-3, splicing data, namely encoding the spliced data by using labels, and splicing values obtained after data dictionary mapping is carried out on the spliced data by using category information labels;
s4-4, splicing data transaction label codes, and splicing values obtained after data dictionary mapping is carried out on the data transaction information labels;
s4-5, splicing data flow label codes, and splicing HMAC values obtained after performing data dictionary mapping on the batch labels and adding batch transaction total amount;
and S4-6, splicing the HMAC values of the data cleartext.
6. The method for generating compliance codes for protecting data privacy according to claim 2, 4 or 5, wherein the step SC specifically comprises: calling a data compliance verification algorithm, decrypting and respectively verifying each data label code, and if the verification fails, judging that the data has violation behaviors corresponding to the data label codes, wherein the method specifically comprises the following steps
SC-1, judge whether the label code of data acquisition passes the check, if the check fails, prove that the data has violation to obtain;
SC-2, judge whether the data cache label code passes the check, if the check fails, show that the data has the cache of violation;
SC-3, judge whether the data uses the label code to pass the check, if the check fails, show that the data has illegal use;
SC-4, judge whether the label code of data transaction passes the verification, if the verification fails, show that the data has illegal transaction;
SC-5, judge whether the label code of data flow passes the verification, if the verification fails, show that the data has flow violating;
if all the data label codes pass the verification, the step SD can be selected to be continuously executed;
and SD, performing tampering check, checking the message verification code, if the message verification code is the same, judging that no tampering exists, and if the message verification code is different, judging that tampering exists.
8. The method of generating compliance codes for protecting data privacy of claim 5 wherein the first primary Key Key is 1 =SM3(S 1 ) Said S 1 According to the current time T 1 And is generated using a random number tool,
the second Key Key 2 =SM3(S 2 | Key1), S 2 According to the current time T 2 And generated using a random number tool.
9. The method of claim 4, wherein the raw data comprises: the data transaction method comprises the following steps of data belonging time, data generation time, data source number, data belonging industry number, data content validity period, data field number, data content, transaction platform code, transaction provider ID code, data transaction validity period, selling customer ID code, permitted application industry, permitted application scene, data transaction time, data transaction mode, charging type and data field number.
10. A computer readable medium having stored thereon computer readable instructions executable by a processor to implement a method of verifying compliance codes for protecting data privacy of any one of claims 1 to 9.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210621746.9A CN115022042A (en) | 2022-06-02 | 2022-06-02 | Compliance code verification method for protecting data privacy and computer readable medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210621746.9A CN115022042A (en) | 2022-06-02 | 2022-06-02 | Compliance code verification method for protecting data privacy and computer readable medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115022042A true CN115022042A (en) | 2022-09-06 |
Family
ID=83072490
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210621746.9A Pending CN115022042A (en) | 2022-06-02 | 2022-06-02 | Compliance code verification method for protecting data privacy and computer readable medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115022042A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117633900A (en) * | 2024-01-24 | 2024-03-01 | 中国信息通信研究院 | File path verification method and device based on distributed network, equipment and medium |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106100850A (en) * | 2016-06-17 | 2016-11-09 | 公安部第三研究所 | Intelligent and safe chip signing messages transmission method based on Quick Response Code and system |
CN106612267A (en) * | 2015-10-27 | 2017-05-03 | 中国移动通信集团公司 | Verification method and verification device |
CN107743132A (en) * | 2017-11-28 | 2018-02-27 | 江苏信源久安信息科技有限公司 | The identification of Internet of Things trusted identity and control method based on id password |
CN108449607A (en) * | 2018-01-18 | 2018-08-24 | 上海宝信软件股份有限公司 | File compliance inspection method and system |
CN109274480A (en) * | 2017-07-17 | 2019-01-25 | 科大国盾量子技术股份有限公司 | Data authentication method and quantum key distribution system based on HMAC-SM3 algorithm |
CN109302425A (en) * | 2018-11-28 | 2019-02-01 | 河北省科学院应用数学研究所 | Identity identifying method and terminal device |
CN111106928A (en) * | 2019-11-14 | 2020-05-05 | 西安电子科技大学 | NTP protocol enhanced information processing system and method based on cryptographic algorithm |
CN111831974A (en) * | 2020-06-30 | 2020-10-27 | 深圳数字电视国家工程实验室股份有限公司 | Interface protection method and device, electronic equipment and storage medium |
-
2022
- 2022-06-02 CN CN202210621746.9A patent/CN115022042A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106612267A (en) * | 2015-10-27 | 2017-05-03 | 中国移动通信集团公司 | Verification method and verification device |
CN106100850A (en) * | 2016-06-17 | 2016-11-09 | 公安部第三研究所 | Intelligent and safe chip signing messages transmission method based on Quick Response Code and system |
CN109274480A (en) * | 2017-07-17 | 2019-01-25 | 科大国盾量子技术股份有限公司 | Data authentication method and quantum key distribution system based on HMAC-SM3 algorithm |
CN107743132A (en) * | 2017-11-28 | 2018-02-27 | 江苏信源久安信息科技有限公司 | The identification of Internet of Things trusted identity and control method based on id password |
CN108449607A (en) * | 2018-01-18 | 2018-08-24 | 上海宝信软件股份有限公司 | File compliance inspection method and system |
CN109302425A (en) * | 2018-11-28 | 2019-02-01 | 河北省科学院应用数学研究所 | Identity identifying method and terminal device |
CN111106928A (en) * | 2019-11-14 | 2020-05-05 | 西安电子科技大学 | NTP protocol enhanced information processing system and method based on cryptographic algorithm |
CN111831974A (en) * | 2020-06-30 | 2020-10-27 | 深圳数字电视国家工程实验室股份有限公司 | Interface protection method and device, electronic equipment and storage medium |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117633900A (en) * | 2024-01-24 | 2024-03-01 | 中国信息通信研究院 | File path verification method and device based on distributed network, equipment and medium |
CN117633900B (en) * | 2024-01-24 | 2024-05-31 | 中国信息通信研究院 | File path verification method and device based on distributed network, equipment and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109583217B (en) | Internet e-commerce platform user privacy data encryption and decryption method | |
JP4240297B2 (en) | Terminal device, authentication terminal program, device authentication server, device authentication program | |
US20080172562A1 (en) | Encryption and authentication of data and for decryption and verification of authenticity of data | |
CN112953707A (en) | Key encryption method, decryption method, data encryption method and decryption method | |
CN1439207A (en) | A platform and method for establishing provable identities while maintaining privacy | |
CN110611670A (en) | API request encryption method and device | |
CN111917535A (en) | Data encryption storage method and device and server | |
US20220216999A1 (en) | Blockchain system for supporting change of plain text data included in transaction | |
CN112564906A (en) | Block chain-based data security interaction method and system | |
US7913089B2 (en) | Identification information creating apparatus, identification information resolving apparatus, information system utilizing the apparatuses, controlling method and program thereof | |
CN114244508B (en) | Data encryption method, device, equipment and storage medium | |
CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
Kumar et al. | TPA auditing to enhance the privacy and security in cloud systems | |
CN117155549A (en) | Key distribution method, key distribution device, computer equipment and storage medium | |
CN115603907A (en) | Method, device, equipment and storage medium for encrypting storage data | |
CN111859435B (en) | Data security processing method and device | |
CN115022042A (en) | Compliance code verification method for protecting data privacy and computer readable medium | |
CN111770081A (en) | Role authentication-based big data confidential file access method | |
CN117744116A (en) | Installation package protection method, decryption method, device, electronic equipment and storage medium | |
CN107404476B (en) | Method and device for protecting data security in big data cloud environment | |
CN101043334B (en) | Method and device of encryption and data certification and decryption and data authenticity validating | |
CN114553557A (en) | Key calling method, key calling device, computer equipment and storage medium | |
CN114091072A (en) | Data processing method and device | |
Bojanova et al. | Cryptography classes in bugs framework (BF): Encryption bugs (ENC), verification bugs (VRF), and key management bugs (KMN) | |
CN114760111B (en) | File confidentiality method and file confidentiality device based on block chain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |