Data security management method, device, system and storage medium

By generating a unique key through the exchange of random numbers and characteristic information between the main server and sub-servers, the problem of private data leakage in distributed computing results is solved, and efficient management and control of data security are achieved.

CN116707783BActive Publication Date: 2026-06-23CHINA UNITED NETWORK COMM GRP CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
CHINA UNITED NETWORK COMM GRP CO LTD
Filing Date
2023-06-07
Publication Date
2026-06-23

AI Technical Summary

Technical Problem

In distributed computing, how can we ensure that each server only provides the results of this distributed task when summarizing the calculation results, without excessively leaking its private data?

Method used

By exchanging random numbers and characteristic information between the main server and sub-servers, a unique key is generated to encrypt and decrypt the calculation results, ensuring that the calculation results can only be decrypted under specific conditions.

Benefits of technology

This approach protects the data privacy of sub-servers in distributed computing, thereby improving the security and integrity of computation results.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN116707783B_ABST
    Figure CN116707783B_ABST
Patent Text Reader

Abstract

The application provides a data security management and control method, device, system and storage medium, and relates to the technical field of cloud computing. The method comprises the following steps: sending a split task and a generation time of the split task to a subserver, obtaining a first message sent by the subserver, the first message being a random number or encrypted information obtained by encrypting the random number; after the subserver executes the split task to obtain a calculation result, obtaining an encrypted calculation result and an attribute value sent by the subserver; wherein the attribute value comprises feature information of the calculation result, and the encrypted calculation result is obtained by encrypting the calculation result by the subserver according to a secret key; the secret key is obtained by the subserver according to the generation time, the random number and the feature information; the secret key is obtained according to the generation time, the first message and the attribute value, and the calculation result is obtained by decrypting the encrypted calculation result according to the secret key. The application can ensure that each server only provides the calculation result of the distributed task and does not excessively disclose private data.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of cloud computing technology, and in particular to a data security management method, device, system and storage medium. Background Technology

[0002] In distributed computing, servers distributed across the network "cloud" perform calculations using their respective resources, and the results are private data for each server. However, these calculation results need to be combined to form the final result of the distributed task, which involves the aggregation of multiple private data sets.

[0003] During the data aggregation process, how to manage data security and ensure that each server only provides the calculation results of this distributed task without excessively leaking its private data is a problem that everyone is working hard to solve.

[0004] Based on the above-mentioned shortcomings, there is an urgent need for a data security management method, device, system, and storage medium that can ensure that each server only provides the calculation results of this distributed task, without excessively leaking its private data. Summary of the Invention

[0005] This application provides a data security management method, device, system, and storage medium that ensures that each server only provides the calculation results of this distributed task, without excessively leaking its private data.

[0006] Firstly, this application provides a data security management method for a central server, comprising:

[0007] Send the split task and the generation time of the split task to the sub-server, and obtain the first message sent by the sub-server. The first message is a random number or encrypted information obtained by encrypting the random number.

[0008] After the sub-server executes the splitting task and obtains the calculation result, it acquires the encrypted calculation result and attribute value sent by the sub-server; wherein, the attribute value includes the feature information of the calculation result, and the encrypted calculation result is obtained by the sub-server encrypting the calculation result according to a key; the key is obtained by the sub-server based on the generation time, the random number, and the feature information;

[0009] The key is obtained based on the generation time, the first message, and the attribute value. The encrypted calculation result is then decrypted using the key to obtain the calculation result.

[0010] In one possible design, the feature information includes the data size of the calculation result and the completion time when the calculation result is obtained; the attribute value is obtained by the sub-server encrypting the feature information according to the first public key / first private key; obtaining the key according to the generation time, the first message, and the attribute value includes:

[0011] The attribute value is decrypted using the first private key / first public key to obtain the data size and the completion time;

[0012] The computation time of the split task is obtained based on the generation time and the completion time;

[0013] The key is obtained based on the first message, the data size, and the computation time.

[0014] In one possible design, obtaining the key based on the first message, the data size, and the computation time includes:

[0015] A random number is obtained based on the first message, and a hash operation is performed on the random number to obtain a first hash value;

[0016] Obtain the product of the random number and the data size, and perform a hash operation on the ratio of the product to the computation time to obtain a second hash value;

[0017] The key is obtained by performing an XOR operation on the first hash value and the second hash value.

[0018] In one possible design, the first message is information obtained by the sub-server encrypting the random number using a second public key / second private key, and obtaining the random number based on the first message includes:

[0019] The random number is obtained by decrypting the first message using the second private key / second public key.

[0020] In one possible design, the encrypted calculation result is obtained by the sub-server through symmetric encryption of the calculation result using the key; the step of decrypting the encrypted calculation result using the key to obtain the calculation result includes:

[0021] The calculation result is obtained by symmetric decryption of the encrypted calculation result using the key.

[0022] In one possible design, after obtaining each of the calculation results, the following is also included:

[0023] After obtaining the calculation results of each split task, the calculation results of each task are summarized to obtain the calculation results of the complete task.

[0024] Secondly, this application provides a data security management method for a sub-server, comprising:

[0025] Receive the splitting task assigned by the main server and the generation time of the splitting task, generate a random number, and send a first message to the main server based on the random number;

[0026] Execute the splitting task and obtain the calculation results, the data size of the calculation results, and the completion time when obtaining the calculation results;

[0027] Based on the random number, the generation time, the completion time, and the data size, obtain the key; encrypt the calculation result using the key to obtain the encrypted calculation result;

[0028] The completion time and the data size are encrypted to obtain attribute values; the encrypted calculation result and the attribute values ​​are sent to the main server.

[0029] In one possible design, the step of sending a first message to the main server based on the random number includes:

[0030] The first message is obtained by encrypting the random number using the second public key / second private key and sending the first message to the main server.

[0031] In one possible design, obtaining the key based on the random number, the generation time, the completion time, and the data size includes:

[0032] Perform a hash operation on the random number to obtain the first hash value;

[0033] The computation time of the split task is obtained based on the generation time and the completion time; the product of the random number and the data size is obtained, and a hash operation is performed on the ratio of the product to the computation time to obtain a second hash value;

[0034] The key is obtained by performing an XOR operation on the first hash value and the second hash value.

[0035] In one possible design, encrypting the calculation result using a key to obtain an encrypted calculation result includes:

[0036] The encrypted calculation result is obtained by symmetrically encrypting the calculation result using the key.

[0037] In one possible design, the step of encrypting the completion time and the data size to obtain attribute values ​​includes:

[0038] The attribute value is obtained by encrypting the completion time and the data size using the first public key / first private key.

[0039] Thirdly, this application provides a data security management and control device for a central server, comprising:

[0040] The first acquisition module is used to send the split task and the generation time of the split task to the sub-server, and to acquire the first message sent by the sub-server, wherein the first message is a random number or encrypted information obtained by encrypting the random number;

[0041] The first processing module is used to obtain the encrypted calculation result and attribute value sent by the sub-server after the sub-server executes the splitting task and obtains the calculation result. The attribute value includes feature information of the calculation result, and the encrypted calculation result is obtained by the sub-server encrypting the calculation result according to a key. The key is obtained by the sub-server according to the generation time, the random number, and the feature information.

[0042] The second processing module is used to obtain the key based on the generation time, the first message and the attribute value, and to decrypt the encrypted calculation result based on the key to obtain the calculation result.

[0043] Fourthly, this application provides a data security management and control device for a sub-server, the device comprising:

[0044] The first sending module is used to receive the splitting task assigned by the main server and the generation time of the splitting task, generate a random number, and send a first message to the main server according to the random number;

[0045] The second acquisition module is used to execute the splitting task and acquire the calculation results, the data size of the calculation results, and the completion time when acquiring the calculation results;

[0046] The third processing module is used to obtain a key based on the random number, the generation time, the completion time, and the data size; and to encrypt the calculation result based on the key to obtain an encrypted calculation result.

[0047] The second sending module is used to encrypt the completion time and the data size to obtain attribute values; and send the encrypted calculation result and the attribute values ​​to the main server.

[0048] Fifthly, this application provides a data security management system, including a main server and at least two sub-servers, wherein the main server executes the aforementioned data security management method for the main server, and the sub-servers execute the aforementioned data security management method for the sub-servers.

[0049] Sixthly, this application provides an electronic device, including: a processor, and a memory communicatively connected to the processor;

[0050] The memory stores computer-executed instructions;

[0051] The processor executes computer execution instructions stored in the memory to implement the above-described data security management method for a main server, or to implement the above-described data security management method for a sub-server.

[0052] In a seventh aspect, this application provides a computer-readable storage medium storing computer-executable instructions, which, when executed by a processor, are used to implement a data security management method.

[0053] This application provides a data security management method, device, system, and storage medium. By obtaining a first message, attribute values, and an encrypted calculation result, and using a key corresponding to the encrypted calculation result based on the first message and attribute values, the encrypted calculation result is decrypted using the key to obtain the calculation result. This achieves the following technical effects:

[0054] The sub-server obtains a key based on the generation time, random number, and characteristic information. This key is only valid for the calculation result, protecting the privacy of other data in the sub-server and improving the confidentiality of the sub-server.

[0055] The main server receives the first message and attribute value in two parts. The first message is a message encrypted with a random number, and the attribute value is a message encrypted with characteristic information. The server obtains the key by combining the generation time of the split task and decrypts the encrypted calculation result, thereby improving the security of the key and calculation result. Attached Figure Description

[0056] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0057] Figure 1 This application scenario diagram illustrates the data security management method provided in the embodiments of this application.

[0058] Figure 2 Flowchart of the data security management method provided in the embodiments of this application Figure 1 ;

[0059] Figure 3 Flowchart of the data security management method provided in the embodiments of this application Figure 2 ;

[0060] Figure 4 Flowchart of the data security management method provided in the embodiments of this application Figure 3 ;

[0061] Figure 5 Schematic diagram of the data security management and control device provided in the embodiments of this application Figure 1 ;

[0062] Figure 6 Schematic diagram of the data security management and control device provided in the embodiments of this application Figure 2 ;

[0063] Figure 7 This is a schematic diagram of the hardware structure of the electronic device provided in the embodiments of this application. Detailed Implementation

[0064] Exemplary embodiments will now be described in detail, examples of which are illustrated in the accompanying drawings. When the following description relates to the drawings, unless otherwise indicated, the same numerals in different drawings represent the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with this application. Rather, they are merely examples of devices and methods consistent with some aspects of this application as detailed in the appended claims, and not all embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of this invention without inventive effort are within the scope of protection of this invention.

[0065] It should be noted that, in the embodiments of this application, the terms "exemplary" or "for example" are used to indicate examples, illustrations, or descriptions. Any embodiment or design scheme described as "exemplary" or "for example" in this application should not be construed as being more preferred or advantageous than other embodiments or design schemes. Specifically, the use of terms such as "exemplary" or "for example" is intended to present the relevant concepts in a specific manner.

[0066] The data security management method provided in the embodiments of this application will be described in detail below with reference to the accompanying drawings. It should be noted that "at the time when" in the embodiments of this application can refer to the instant when a certain situation occurs, or to a period of time after the occurrence of a certain situation. The embodiments of this application do not make specific limitations on this.

[0067] Figure 1 This is a schematic diagram illustrating a data security management method scenario provided in an embodiment of this application. Figure 1This method is used for split cloud computing tasks. When executing a split cloud computing task, the main server 110 splits the main task into multiple split tasks and sends them to the sub-servers 120 (at least two). After the sub-servers 120 complete the split tasks and obtain the calculation results, they send the calculation results back to the main server 110. The main server 110 summarizes all the calculation results to obtain the calculation result of the main task.

[0068] Figure 2 The data security management method flowchart provided in this application embodiment is shown below. Figure 1 .like Figure 2 As shown, for the main server, the method includes:

[0069] S201. Send the split task and the generation time of the split task to the sub-server, and obtain the first message sent by the sub-server. The first message is a random number or encrypted information obtained by encrypting the random number.

[0070] Specifically, for a total task, the main server splits the total task and sends each split task to the respective sub-servers. At the same time as sending the split tasks to the sub-servers, the main server obtains the first message. The random number in the first message is part of the information for obtaining the key.

[0071] S202. After the sub-server executes the splitting task and obtains the calculation result, it acquires the encrypted calculation result and attribute value sent by the sub-server; wherein, the attribute value includes the feature information of the calculation result, and the encrypted calculation result is obtained by the sub-server encrypting the calculation result according to the key; the key is obtained by the sub-server based on the generation time, random number and feature information;

[0072] Specifically, the attribute value, calculation result, and first message are all obtained by the sub-server. The characteristic information of the calculation result included in the attribute value is another part of the information for obtaining the key.

[0073] S203. Obtain the key based on the generation time, first message, and attribute value. Decrypt the encrypted calculation result using the key to obtain the calculation result.

[0074] Specifically, the generation time is the time when the main server obtains the splitting task, and the first message and attribute values ​​are obtained by the main server when sending the splitting task and receiving the encrypted calculation results, respectively.

[0075] The method provided in this embodiment obtains a first message, an attribute value, and an encrypted calculation result. Based on the first message and the attribute value, and using a key corresponding to the encrypted calculation result, the method decrypts the encrypted calculation result using the key to obtain the calculation result. This achieves the following technical effects:

[0076] The sub-server obtains a secret key based on the generation time, random number, and characteristic information. This secret key is specific to the calculation result only, protecting the privacy of other data in the sub-server and enhancing the privacy of the sub-server.

[0077] The main server receives the first message and the attribute value in two times. The first message is the message encrypted with a random number, and the characteristic value is the message encrypted with the characteristic information. The main server combines the generation time of the splitting task to obtain the secret key and decrypts the encrypted calculation result, improving the security of its secret key and calculation result.

[0078] The following uses specific embodiments to elaborate on the technical solutions of this application and how the technical solutions of this application solve the above technical problems. These specific embodiments can be implemented independently or in combination with each other. For the same or similar concepts or processes, they may not be repeated in some embodiments.

[0079] Figure 3 Schematic diagram of a data security control method provided by an embodiment of this application Figure 2 As shown in Figure 3 the figure, the method includes:

[0080] S301. Send the splitting task and the generation time of the splitting task to the sub-server, and obtain the first message sent by the sub-server. The first message is the information obtained by the sub-server encrypting the random number with the second public key / second private key.

[0081] Specifically, the first message can be sent after the sub-server executes the splitting task to obtain the calculation result. After obtaining the calculation result, obtain the data size of the calculation result and generate a random number.

[0082] Exemplarily, taking the main server and a certain sub-server as an example, the main server sends the splitting task and the generation time T0 of the splitting task to the sub-server, and also sends the second public key, where there is a corresponding second private key for the second public key.

[0083] As a response, the sub-server receives the splitting task, the generation time T0 of the splitting task, and the second public key. The sub-server executes the splitting task, obtains the calculation result Ri and the data size ni of the calculation result Ri, generates a random number xi, where 0 < xi < ni, encrypts ni with the second public key to obtain the first message, and sends the first message to the main server. As a response, the main server obtains the first message.

[0084] S302. After the sub-server executes the splitting task to obtain the calculation result, obtain the encrypted calculation result and the attribute value sent by the sub-server.

[0085] Specifically, the attribute values ​​include the data size and completion time of the calculation result; the encrypted calculation result is obtained by the sub-server by encrypting the calculation result using a key; the key is obtained by the sub-server based on the generation time, random number, data size, and completion time.

[0086] For example, when the sub-server obtains the calculation result Ri, it also obtains the completion time Ti of the calculation result Ri, the value of Ti-T0 is the calculation time T, and the result of the XOR operation between the hash value of xi*(Ti-T0) / ni and the hash value of the random number xi is used as the key for this cloud computing task.

[0087] For the calculation result Ri, symmetric encryption is performed using the key pair to obtain the encrypted calculation result ri;

[0088] For the completion time Ti and data size ni, the attribute value is obtained by encrypting it according to the first public key; the first public key is sent by the main server, and the main server also stores the corresponding first private key;

[0089] The sub-server sends the encrypted calculation result ri and attribute value to the main server;

[0090] In response, the main server retrieves the encrypted calculation result ri and the attribute value.

[0091] S303. Obtain a random number based on the first message, decrypt the attribute value to obtain the data size and completion time; obtain the calculation time of the split task based on the generation time and completion time;

[0092] Specifically, the first message is decrypted using the second private key / second public key to obtain a random number.

[0093] Specifically, the attribute values ​​include the data size and completion time of the calculation result. These are obtained by the sub-server by encrypting the data size and completion time using the first public key / first private key. In contrast, the main server needs to decrypt the attribute values ​​using the first private key / first public key to obtain the data size and completion time. The difference between the completion time and the generation time is the calculation time of the split task.

[0094] For example, S303 includes the following steps:

[0095] The first message is decrypted using the second private key to obtain a random number xi;

[0096] The attribute value is decrypted using the first private key to obtain the completion time Ti and data size ni;

[0097] The difference between the completion time Ti and the generation time T0 is used as the computation time T for the split task.

[0098] S304. Obtain the key based on the random number, data size, and computation time;

[0099] Specifically, perform a hash operation on the random number to obtain the first hash value; obtain the product of the random number and the data size, perform a hash operation on the ratio of the above product to the computation time to obtain the second hash value; and perform an XOR operation on the first hash value and the second hash value to obtain the key.

[0100] For example, the hash value of the random number xi is used as the first hash value; the hash value of xi*Ti / ni is used as the second hash value; and the key is obtained by performing an XOR operation on the first hash value and the second hash value.

[0101] S305. Decrypt the encrypted calculation result using the key to obtain the calculation result.

[0102] Specifically, in this embodiment, the sub-server uses symmetric encryption to encrypt the calculation result using a key to obtain the encrypted calculation result, and correspondingly, the main server uses symmetric decryption to decrypt the encrypted calculation result using a key to obtain the calculation result.

[0103] S306. After obtaining the calculation results of each split task, the calculation results of each task are summarized to obtain the calculation results of the complete task.

[0104] Specifically, after the main server obtains the calculation results of all the split tasks through the above steps, the calculation results of the total task are obtained by summarizing all the calculation results.

[0105] The method provided in this embodiment can achieve the following technical effects:

[0106] The sub-server obtains a key based on the generation time, random number, and characteristic information. This key is only valid for the calculation result, protecting the privacy of other data in the sub-server and improving the confidentiality of the sub-server.

[0107] The main server receives the first message and attribute values ​​in two parts. It then uses the first message to generate a random number and the attribute values ​​to determine the data size and completion time.

[0108] When obtaining the key, a hash operation is performed on the random number to obtain the first hash value; the product of the random number and the data size is obtained, and a hash operation is performed on the ratio of the above product to the calculation time to obtain the second hash value; the first hash value and the second hash value are XORed to obtain the key, and the encrypted calculation result is decrypted based on the key, thus improving security.

[0109] Figure 4 A flowchart illustrating data security management methods. Figure 3 ;like Figure 4 As shown, the method in this embodiment is used for a sub-server, and the method in this embodiment includes:

[0110] S401. Receive the splitting task and the generation time of the splitting task assigned by the main server, generate a random number, and send the first message to the main server based on the random number.

[0111] Specifically, the first message is obtained by either using the random number as the first message or by encrypting the random number using the second public key / second private key, and then sending the first message to the main server.

[0112] S402. Execute the splitting task and obtain the calculation results, the data size of the calculation results, and the completion time when obtaining the calculation results;

[0113] Specifically, executing the split task and obtaining the calculation result is a routine operation for the sub-server, which will not be elaborated here. The data size and the completion time when obtaining the calculation result are both used to generate the key.

[0114] S403. Obtain the key based on the random number, generation time, completion time, and data size; encrypt the calculation result using the key to obtain the encrypted calculation result;

[0115] Specifically, perform a hash operation on the random number to obtain the first hash value; obtain the computation time of the split task based on the generation time and completion time; obtain the product of the random number and the data size, perform a hash operation on the ratio of the product to the computation time to obtain the second hash value; and perform an XOR operation on the first hash value and the second hash value to obtain the key.

[0116] S404. Encrypt the completion time and data size to obtain attribute values; send the encrypted calculation results and attribute values ​​to the main server.

[0117] Specifically, the calculation result is obtained by symmetric encryption using a key. The completion time and data size are then encrypted using the first public key / first private key to obtain the attribute values.

[0118] The implementation principle and technical effects of this embodiment are similar to those of the above embodiments, and will not be repeated here.

[0119] In this embodiment of the invention, electronic devices or main control devices can be divided into functional modules according to the above method examples. For example, each function can be divided into its own functional modules, or two or more functions can be integrated into one processing unit. The integrated unit can be implemented in hardware or as a software functional module. It should be noted that the module division in this embodiment of the invention is illustrative and only represents one logical functional division; other division methods may be used in actual implementation.

[0120] Figure 5 Schematic diagram of the data security management and control device provided in the embodiments of this application Figure 1 The device is a main server device 50, which is one embodiment of a main server. The main server device 50 includes:

[0121] The first acquisition module 501 is used to send the split task and the generation time of the split task to the sub-server, and to acquire the first message sent by the sub-server. The first message is a random number or encrypted information obtained by encrypting the random number.

[0122] The first processing module 502 is used to obtain the encrypted calculation result and attribute value sent by the sub-server after the sub-server performs the splitting task and obtains the calculation result. The attribute value includes the feature information of the calculation result, and the encrypted calculation result is obtained by the sub-server encrypting the calculation result according to the key. The key is obtained by the sub-server according to the generation time, random number and feature information.

[0123] The second processing module 503 is used to obtain the key based on the generation time, the first message and the attribute value, and to decrypt the encrypted calculation result based on the key to obtain the calculation result.

[0124] Furthermore, the feature information includes the data size of the calculation result and the completion time when the calculation result is obtained. The attribute value is obtained by the sub-server encrypting the feature information using the first public key / first private key; the second processing module 503 is specifically used for:

[0125] The attribute value is decrypted using the first private key / first public key to obtain the data size and completion time;

[0126] The computation time of the split tasks is obtained based on the generation time and completion time;

[0127] Furthermore, the second processing module 503 is specifically used for:

[0128] Obtain a random number based on the first message, and perform a hash operation on the random number to obtain the first hash value;

[0129] Obtain the product of the random number and the data size, and perform a hash operation on the ratio of the product to the computation time to obtain the second hash value;

[0130] The key is obtained by performing an XOR operation on the first hash value and the second hash value.

[0131] Furthermore, the first message is information obtained by the sub-server encrypting a random number using the second public key / second private key, and the second processing module 503 is specifically used for:

[0132] The first message is decrypted using the second private key / second public key to obtain a random number.

[0133] Furthermore, the encrypted calculation result is obtained by the sub-server through symmetric encryption of the calculation result using a key. The second processing module 503 is also specifically used for:

[0134] The calculation result is obtained by symmetric decryption of the encrypted calculation result using a key.

[0135] Furthermore, the second processing module 503 is specifically used for:

[0136] After obtaining each calculation result, the calculation results of each sub-task are summarized to obtain the calculation result of the complete task.

[0137] This embodiment provides a data security management and control device that can perform the following: Figure 2 or Figure 3 The data security management method in this embodiment has a similar implementation principle and technical effect, and will not be described again here.

[0138] Figure 6 Schematic diagram of the data security management and control device provided in the embodiments of this application Figure 2 The device is a sub-server device 60, which is one embodiment of the aforementioned sub-server. The sub-server device 60 includes:

[0139] The first sending module 601 is used to receive the splitting task and the generation time of the splitting task assigned by the main server, generate a random number, and send the first message to the main server according to the random number.

[0140] The second acquisition module 602 is used to perform the splitting task and acquire the calculation results, the data size of the calculation results, and the completion time when acquiring the calculation results;

[0141] The third processing module 603 is used to obtain a key based on the random number, generation time, completion time, and data size; and to encrypt the calculation result based on the key to obtain an encrypted calculation result.

[0142] The second sending module 604 is used to encrypt the completion time and data size to obtain attribute values; and send the encrypted calculation results and attribute values ​​to the main server.

[0143] Furthermore, the first sending module 601 is specifically used for:

[0144] The first message is obtained by encrypting the random number using the second public key / second private key and sending the first message to the main server.

[0145] Furthermore, the third processing module 603 is specifically used for:

[0146] Perform a hash operation on the random number to obtain the first hash value; obtain the computation time of the split task based on the generation time and completion time; obtain the product of the random number and the data size, perform a hash operation on the ratio of the product to the computation time to obtain the second hash value; perform an XOR operation on the first hash value and the second hash value to obtain the key.

[0147] Furthermore, the third processing module 603 is specifically used for:

[0148] The encrypted calculation result is obtained by symmetric encryption of the calculation result using a key.

[0149] Furthermore, the second transmitting module 604 is specifically used for:

[0150] The completion time and data size are encrypted using the first public key / first private key to obtain the attribute values.

[0151] This embodiment provides a data security management and control device that can perform the following: Figure 4 The methods in this embodiment, which are data security management methods, have similar implementation principles and technical effects, and will not be described again here.

[0152] This application also provides a data security management system, including a main server and at least two sub-servers. The main server executes a data security management method for the main server, and the sub-servers execute a data security management method for the sub-servers.

[0153] This embodiment is similar in implementation principle and technical effect to the above embodiments, and will not be described again here.

[0154] In the specific implementation of the aforementioned data security management method, device, and system, each module can be implemented as a processor. The processor can execute computer execution instructions stored in the memory, thereby enabling the processor to execute the aforementioned data security management method.

[0155] Figure 7 This is a schematic diagram of the structure of an electronic device provided in an embodiment of this application. Figure 7 As shown, the electronic device 70 includes at least one processor 701 and a memory 702. The electronic device 70 also includes a communication component 703. The processor 701, memory 702, and communication component 703 are connected via a bus 704.

[0156] In the specific implementation process, at least one processor 701 executes computer execution instructions stored in memory 702, causing at least one processor 701 to execute the data security management method executed on the electronic device side as described above.

[0157] The specific implementation process of processor 701 can be found in the above method embodiments, and its implementation principle and technical effect are similar. It will not be repeated here.

[0158] In the above embodiments, it should be understood that the processor can be a Central Processing Unit (CPU), or other general-purpose processors, digital signal processors (DSPs), application-specific integrated circuits (ASICs), etc. The general-purpose processor can be a microprocessor or any conventional processor. The steps of the method disclosed in this invention can be directly implemented by a hardware processor, or implemented by a combination of hardware and software modules within the processor.

[0159] The memory may include high-speed RAM, and may also include non-volatile storage (NVM), such as at least one disk storage.

[0160] The bus can be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, or an Extended Industry Standard Architecture (EISA) bus, etc. Buses can be categorized as address buses, data buses, control buses, etc. For ease of illustration, the buses shown in the accompanying drawings are not limited to a single bus or a single type of bus.

[0161] The above description of the functions implemented by electronic devices and main control devices has introduced the solutions provided by the embodiments of the present invention. It is understood that, in order to implement the above functions, the electronic device or main control device includes hardware structures and / or software modules corresponding to the execution of each function. By combining the units and algorithm steps of the various examples described in the embodiments of the present invention, the embodiments of the present invention can be implemented in hardware or a combination of hardware and computer software. Whether a function is executed by hardware or by computer software driving hardware depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of the technical solutions of the embodiments of the present invention.

[0162] This application also provides a computer-readable storage medium storing computer-executable instructions, which, when executed by a processor, implement the above-mentioned data security management method.

[0163] The aforementioned computer-readable storage medium can be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic storage, flash memory, magnetic disk, or optical disk. The readable storage medium can be any available medium accessible to a general-purpose or special-purpose computer.

[0164] An exemplary readable storage medium is coupled to a processor, enabling the processor to read information from and write information to the readable storage medium. Of course, the readable storage medium can also be a component of the processor. The processor and the readable storage medium can reside in an Application Specific Integrated Circuit (ASIC). Alternatively, the processor and the readable storage medium can exist as discrete components in an electronic device or a host device.

[0165] This application also provides a computer program product, comprising: a computer program stored in a readable storage medium, wherein at least one processor of an electronic device can read the computer program from the readable storage medium, and the at least one processor executes the computer program to cause the electronic device to perform the scheme provided in any of the above embodiments.

[0166] Those skilled in the art will understand that all or part of the steps of the above-described method embodiments can be implemented by hardware related to program instructions. The aforementioned program can be stored in a computer-readable storage medium. When executed, the program performs the steps of the above-described method embodiments; and the aforementioned storage medium includes various media capable of storing program code, such as ROM, RAM, magnetic disks, or optical disks.

[0167] Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, and not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some or all of the technical features; and these modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the scope of the technical solutions of the embodiments of the present invention.

Claims

1. A data security management and control method, characterized in that, For use with a central server, the method includes: Send the split task and the generation time of the split task to the sub-server, and obtain the first message sent by the sub-server. The first message is a random number or encrypted information obtained by encrypting the random number. After the sub-server executes the splitting task and obtains the calculation result, it acquires the encrypted calculation result and attribute value sent by the sub-server; wherein, the attribute value includes the feature information of the calculation result, and the encrypted calculation result is obtained by the sub-server encrypting the calculation result according to a key; the key is obtained by the sub-server based on the generation time, the random number, and the feature information; The key is obtained based on the generation time, the first message, and the attribute value; the encryption calculation result is decrypted based on the key to obtain the calculation result. The feature information includes the data size of the calculation result and the completion time when the calculation result is obtained. The attribute value is obtained by the sub-server encrypting the feature information using the first public key / first private key. Obtaining the key based on the generation time, the first message, and the attribute value includes: The attribute value is decrypted using the first private key / first public key to obtain the data size and the completion time; The computation time of the split task is obtained based on the generation time and the completion time; A random number is obtained based on the first message, and a hash operation is performed on the random number to obtain a first hash value; Obtain the product of the random number and the data size, and perform a hash operation on the ratio of the product to the computation time to obtain a second hash value; The key is obtained by performing an XOR operation on the first hash value and the second hash value.

2. The method according to claim 1, characterized in that, The first message is information obtained by the sub-server encrypting the random number using the second public key / second private key. Obtaining the random number based on the first message includes: The random number is obtained by decrypting the first message using the second private key / second public key.

3. The method according to claim 1, characterized in that, The encrypted calculation result is obtained by the sub-server through symmetric encryption of the calculation result using the key; the step of decrypting the encrypted calculation result using the key to obtain the calculation result includes: The calculation result is obtained by symmetric decryption of the encrypted calculation result using the key.

4. The method according to any one of claims 1-3, characterized in that, After obtaining each of the calculation results, the process also includes: After obtaining the calculation results of each split task, the calculation results of each task are summarized to obtain the calculation results of the complete task.

5. A data security management and control method, characterized in that, For use with a sub-server, the method includes: Receive the splitting task assigned by the main server and the generation time of the splitting task, generate a random number, and send a first message to the main server based on the random number; Execute the splitting task and obtain the calculation results, the data size of the calculation results, and the completion time when obtaining the calculation results; Based on the random number, the generation time, the completion time, and the data size, obtain the key; encrypt the calculation result using the key to obtain the encrypted calculation result; The completion time and the data size are encrypted to obtain attribute values; the encrypted calculation result and the attribute values ​​are sent to the main server; The step of obtaining the key based on the random number, the generation time, the completion time, and the data size includes: Perform a hash operation on the random number to obtain the first hash value; The computation time of the split task is obtained based on the generation time and the completion time; the product of the random number and the data size is obtained, and a hash operation is performed on the ratio of the product to the computation time to obtain a second hash value; The key is obtained by performing an XOR operation on the first hash value and the second hash value.

6. The method according to claim 5, characterized in that, The step of sending a first message to the main server based on the random number includes: The first message is obtained by encrypting the random number using the second public key / second private key and sending the first message to the main server.

7. The method according to claim 5, characterized in that, The step of encrypting the calculation result according to the key to obtain the encrypted calculation result includes: The encrypted calculation result is obtained by symmetrically encrypting the calculation result using the key.

8. The method according to claim 5, characterized in that, The step of encrypting the completion time and the data size to obtain attribute values ​​includes: The attribute value is obtained by encrypting the completion time and the data size using the first public key / first private key.

9. A data security management and control device, characterized in that, For use as a central server, the device includes: The first acquisition module is used to send the split task and the generation time of the split task to the sub-server, and to acquire the first message sent by the sub-server, wherein the first message is a random number or encrypted information obtained by encrypting the random number; The first processing module is used to obtain the encrypted calculation result and attribute value sent by the sub-server after the sub-server executes the splitting task and obtains the calculation result. The attribute value includes feature information of the calculation result, and the encrypted calculation result is obtained by the sub-server encrypting the calculation result according to a key. The key is obtained by the sub-server according to the generation time, the random number, and the feature information. The second processing module is used to obtain the key based on the generation time, the first message and the attribute value, and to decrypt the encrypted calculation result based on the key to obtain the calculation result. The feature information includes the data size of the calculation result and the completion time when the calculation result is obtained. The attribute value is obtained by the sub-server by encrypting the feature information using the first public key / first private key. Correspondingly, the second processing module is specifically used to decrypt the attribute value using the first private key / first public key to obtain the data size and the completion time; obtain the calculation time of the split task based on the generation time and the completion time; obtain a random number based on the first message, perform a hash operation on the random number to obtain a first hash value; obtain the product of the random number and the data size, perform a hash operation on the ratio of the product to the calculation time to obtain a second hash value; and perform an XOR operation on the first hash value and the second hash value to obtain the key.

10. A data security management and control device, characterized in that, For use as a sub-server, the device includes: The first sending module is used to receive the splitting task assigned by the main server and the generation time of the splitting task, generate a random number, and send a first message to the main server according to the random number; The second acquisition module is used to execute the splitting task and acquire the calculation results, the data size of the calculation results, and the completion time when acquiring the calculation results; The third processing module is used to obtain a key based on the random number, the generation time, the completion time, and the data size; and to encrypt the calculation result based on the key to obtain an encrypted calculation result. The second sending module is used to encrypt the completion time and the data size to obtain attribute values; and send the encrypted calculation result and the attribute values ​​to the main server. The third processing module is specifically used to perform a hash operation on the random number to obtain a first hash value; obtain the calculation time of the split task based on the generation time and the completion time; obtain the product of the random number and the data size, perform a hash operation on the ratio of the product to the calculation time to obtain a second hash value; and perform an XOR operation on the first hash value and the second hash value to obtain the key.

11. A data security management and control system, characterized in that, It includes a main server and at least two sub-servers, wherein the main server performs the method as described in any one of claims 1 to 4, and the sub-servers are used to perform the method as described in any one of claims 5 to 8.

12. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores computer-executable instructions, which, when executed by a processor, are used to implement the method as described in any one of claims 1 to 4, or to implement the method as described in any one of claims 5 to 8.