CN117807614A - Robot data security protection method, system and medium based on CP-ABE - Google Patents
Robot data security protection method, system and medium based on CP-ABE Download PDFInfo
- Publication number
- CN117807614A CN117807614A CN202311855822.3A CN202311855822A CN117807614A CN 117807614 A CN117807614 A CN 117807614A CN 202311855822 A CN202311855822 A CN 202311855822A CN 117807614 A CN117807614 A CN 117807614A
- Authority
- CN
- China
- Prior art keywords
- data
- decryption
- encryption
- different
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the application provides a robot data security protection method, a system and a medium based on CP-ABE, wherein the method comprises the following steps: acquiring plaintext data, extracting characteristics of the plaintext data, generating corresponding encryption rules according to the characteristics of the plaintext data, and encrypting the plaintext data according to the encryption rules to obtain ciphertext data; classifying the ciphertext data, generating a plurality of keys, and encrypting the ciphertext data of different types with different authorities according to the keys to obtain encryption authorities; obtaining a decryption instruction, and obtaining corresponding decryption rights according to the decryption instruction; matching the decryption authority with the encryption authority; if the matching is successful, the decryption is successful, and decrypted plaintext data is generated; if the matching fails, the safety warning data is transmitted to the terminal for data safety warning; by encrypting the ciphertext data, different decryption authorities can decrypt the ciphertext data to different degrees in the process of data acquisition, so that the decryption security of the data is realized.
Description
Technical Field
The application relates to the field of data protection, in particular to a robot data security protection method, system and medium based on CP-ABE.
Background
Currently, outdoor patrol robots mostly work in places with severe environments. Because the environment is bad, the network state is generally not good, so the data cannot be well synchronized to the cloud in time, and most of robots have the strategy of storing the data locally without uploading. If the user has a requirement on the security of the data, the user needs to encrypt the data by using software, and generally adopts the software of the dongle to encrypt the data, but when the client needs to access the file data, the client needs to carry equipment corresponding to the dongle to the site to obtain the data file, and aiming at the problems, an effective technical solution is needed.
Disclosure of Invention
The embodiment of the application aims to provide a robot data security protection method, a system and a medium based on CP-ABE, which are used for encrypting ciphertext data, so that the ciphertext data can be decrypted to different degrees by different decryption authorities in the process of data acquisition, and the decryption security of the data is realized.
The embodiment of the application also provides a robot data security protection method based on the CP-ABE, which comprises the following steps:
acquiring plaintext data, extracting characteristics of the plaintext data, generating corresponding encryption rules according to the characteristics of the plaintext data, and encrypting the plaintext data according to the encryption rules to obtain ciphertext data;
classifying the ciphertext data, generating a plurality of keys, and encrypting the ciphertext data of different types with different authorities according to the keys to obtain encryption authorities;
obtaining a decryption instruction, and obtaining corresponding decryption rights according to the decryption instruction;
matching the decryption authority with the encryption authority;
if the matching is successful, the decryption is successful, and decrypted plaintext data is generated;
if the matching fails, generating data safety warning data, and transmitting the safety warning data to the terminal for data safety warning.
Optionally, in the CP-ABE-based robot data security protection method according to the embodiment of the present application, plaintext data is obtained, plaintext data features are extracted, corresponding encryption rules are generated according to the plaintext data features, and the plaintext data is encrypted according to the encryption rules to obtain ciphertext data, which specifically includes:
acquiring plaintext data, and processing the plaintext data according to encryption rules;
encryption rules include initial transformation, byte substitution, row shifting, column mixing, and round key addition;
combining the encryption rules in different modes to generate a plurality of encryption coordination relations;
and encrypting the plaintext data in different modes according to different encryption coordination relations to obtain ciphertext data with different encryption rules.
Optionally, in the method for protecting robot data security based on CP-ABE according to the embodiment of the present application, the initial transformation includes key expansion and initial round operation, the key expansion expands the initial key into a plurality of round keys for subsequent encryption round function operation, the initial round operation performs bitwise exclusive or operation on plaintext data and the first round key, and provides an initial state for subsequent encryption round function;
the byte substitution comprises mapping each input byte to a corresponding output byte by using a fixed substitution box, and realizing the substitution of the bytes by a table look-up mode;
the row shift operation performs a cyclic left shift operation on each row, such that bytes of each column are dispersed before the column mixing operation by the row shift operation;
the column mix performs a linear transformation on each column,
round key addition includes exclusive-or-ing the round key of the current round with a corresponding portion of the data block.
Optionally, in the method for protecting robot data security based on CP-ABE according to the embodiment of the present application, ciphertext data is classified, a plurality of keys are generated, and different types of ciphertext data are encrypted according to the keys to obtain encryption rights, where the encryption rights specifically include:
acquiring ciphertext data, extracting ciphertext data characteristics, and generating ciphertext keywords according to the ciphertext data characteristics;
word sense analysis is carried out according to the ciphertext keywords, and analysis information is obtained;
analyzing different word senses of the ciphertext data according to the analysis information to obtain different types of ciphertext data;
and generating different authority information according to different word senses, and matching the different authority information with different types of ciphertext data to obtain different encryption authorities.
Optionally, in the method for protecting robot data security based on CP-ABE according to the embodiment of the present application, a decryption instruction is obtained, and a corresponding decryption right is obtained according to the decryption instruction, which specifically includes:
obtaining a decryption instruction, and grading the decryption instruction;
generating decryption keys of different grades according to grade division;
different decryption rights are generated according to different levels of decryption keys.
Optionally, in the method for protecting robot data security based on CP-ABE according to the embodiment of the present application, if matching is successful, decryption is successful, and decrypted plaintext data is generated, specifically:
obtaining a decryption instruction, generating a decryption key by the decryption instruction, and generating a round key by expanding the decryption key;
firstly, performing round key addition operation once, and then performing reverse operation of reverse shift, reverse byte substitution and round key addition and reverse column mixing on the ciphertext;
repeatedly executing reverse operation for multiple times, and performing reverse shift, reverse byte substitution and round key addition operation once to obtain decrypted plaintext data.
In a second aspect, embodiments of the present application provide a CP-ABE based robot data security protection system, the system comprising: the system comprises a memory and a processor, wherein the memory comprises a program of a robot data safety protection method based on CP-ABE, and the program of the robot data safety protection method based on CP-ABE realizes the following steps when being executed by the processor:
acquiring plaintext data, extracting characteristics of the plaintext data, generating corresponding encryption rules according to the characteristics of the plaintext data, and encrypting the plaintext data according to the encryption rules to obtain ciphertext data;
classifying the ciphertext data, generating a plurality of keys, and encrypting the ciphertext data of different types with different authorities according to the keys to obtain encryption authorities;
obtaining a decryption instruction, and obtaining corresponding decryption rights according to the decryption instruction;
matching the decryption authority with the encryption authority;
if the matching is successful, the decryption is successful, and decrypted plaintext data is generated;
if the matching fails, generating data safety warning data, and transmitting the safety warning data to the terminal for data safety warning.
Optionally, in the CP-ABE-based robot data security protection system according to the embodiment of the present application, plaintext data is obtained, plaintext data features are extracted, corresponding encryption rules are generated according to the plaintext data features, and the plaintext data is encrypted according to the encryption rules to obtain ciphertext data, which specifically includes:
acquiring plaintext data, and processing the plaintext data according to encryption rules;
encryption rules include initial transformation, byte substitution, row shifting, column mixing, and round key addition;
combining the encryption rules in different modes to generate a plurality of encryption coordination relations;
and encrypting the plaintext data in different modes according to different encryption coordination relations to obtain ciphertext data with different encryption rules.
Optionally, in the CP-ABE-based robot data security protection system according to the embodiments of the present application, the initial transformation includes a key expansion and an initial round operation, the key expansion expands the initial key into a plurality of round keys for a subsequent encryption round function operation, the initial round operation performs a bitwise exclusive or operation on plaintext data and the first round key, and provides an initial state for the subsequent encryption round function;
the byte substitution comprises mapping each input byte to a corresponding output byte by using a fixed substitution box, and realizing the substitution of the bytes by a table look-up mode;
the row shift operation performs a cyclic left shift operation on each row, such that bytes of each column are dispersed before the column mixing operation by the row shift operation;
the column mix performs a linear transformation on each column,
round key addition includes exclusive-or-ing the round key of the current round with a corresponding portion of the data block.
In a third aspect, an embodiment of the present application further provides a computer readable storage medium, where the computer readable storage medium includes a CP-ABE-based robot data security protection method program, where the CP-ABE-based robot data security protection method program, when executed by a processor, implements the steps of the CP-ABE-based robot data security protection method according to any one of the foregoing embodiments.
As can be seen from the above, according to the method, the system and the medium for protecting the robot data security based on the CP-ABE provided in the embodiments of the present application, plaintext data is obtained, plaintext data features are extracted, corresponding encryption rules are generated according to the plaintext data features, and the plaintext data is encrypted according to the encryption rules, so as to obtain ciphertext data; classifying the ciphertext data, generating a plurality of keys, and encrypting the ciphertext data of different types with different authorities according to the keys to obtain encryption authorities; obtaining a decryption instruction, and obtaining corresponding decryption rights according to the decryption instruction; matching the decryption authority with the encryption authority; if the matching is successful, the decryption is successful, and decrypted plaintext data is generated; if the matching fails, generating data safety warning data, and transmitting the safety warning data to the terminal for data safety warning; by encrypting the ciphertext data, different decryption authorities can decrypt the ciphertext data to different degrees in the process of data acquisition, so that the decryption security of the data is realized.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, the claims, and the drawings, as well as the objects and advantages of the application may be realized and obtained by means of the instrumentalities particularly pointed out in the written description, claims, and drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of a robot data security protection method based on CP-ABE provided in an embodiment of the present application;
fig. 2 is a ciphertext data acquisition flow chart of a robot data security protection method based on CP-ABE provided in an embodiment of the present application;
fig. 3 is a flowchart of obtaining different encryption rights of a CP-ABE-based robot data security protection method according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a CP-ABE based robot data security protection system according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. The components of the embodiments of the present application, which are generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present application, as provided in the accompanying drawings, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, are intended to be within the scope of the present application.
It should be noted that like reference numerals and letters refer to like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only to distinguish the description, and are not to be construed as indicating or implying relative importance.
Referring to fig. 1, fig. 1 is a flowchart of a method for protecting robot data security based on CP-ABE according to some embodiments of the present application. The robot data security protection method based on the CP-ABE is used in terminal equipment and comprises the following steps:
s101, acquiring plaintext data, extracting characteristics of the plaintext data, generating corresponding encryption rules according to the characteristics of the plaintext data, and encrypting the plaintext data according to the encryption rules to obtain ciphertext data;
s102, classifying ciphertext data, generating a plurality of keys, and encrypting different types of ciphertext data according to the keys to obtain encryption authorities;
s103, obtaining a decryption instruction, and obtaining corresponding decryption rights according to the decryption instruction;
s104, matching the decryption permission with the encryption permission;
s105, if the matching is successful, the decryption is successful, and decrypted plaintext data is generated; if the matching fails, generating data safety warning data, and transmitting the safety warning data to the terminal for data safety warning.
It should be noted that, by analyzing the decryption rights to decrypt the corresponding encrypted data, decryption of different rights of the data can be realized, and the data security protection function is improved.
Referring to fig. 2, fig. 2 is a ciphertext data acquisition flow chart of a robot data security protection method based on CP-ABE according to some embodiments of the present application. According to the embodiment of the invention, plaintext data is obtained, plaintext data characteristics are extracted, corresponding encryption rules are generated according to the plaintext data characteristics, and the plaintext data is encrypted according to the encryption rules to obtain ciphertext data, which is specifically as follows:
s201, acquiring plaintext data, and processing the plaintext data according to encryption rules;
s202, encryption rules comprise initial transformation, byte substitution, row shift, column mixing and round key addition;
s203, combining the encryption rules in different modes to generate a plurality of encryption coordination relations;
s204, encrypting the plaintext data in different modes according to different encryption coordination relations to obtain ciphertext data with different encryption rules.
It should be noted that, encryption processing is performed on the plaintext data in different manners according to different encryption rules, so as to improve encryption security of the plaintext data.
According to the embodiment of the invention, the initial transformation comprises key expansion and initial round operation, wherein the key expansion expands an initial key into a plurality of round keys for subsequent encryption round function operation, and the initial round operation carries out bitwise exclusive OR operation on plaintext data and a first round key to provide an initial state for subsequent encryption round function;
byte substitution includes mapping each input byte to a corresponding output byte using a fixed substitution box, and realizing byte substitution by means of table look-up;
the row shift operation performs a cyclic left shift operation on each row, such that bytes of each column are dispersed before the column mixing operation by the row shift operation;
the column mix performs a linear transformation on each column,
round key addition includes exclusive-or-ing the round key of the current round with a corresponding portion of the data block.
Referring to fig. 3, fig. 3 is a flowchart of different encryption rights acquisition of a CP-ABE-based robot data security protection method according to some embodiments of the present application. According to the embodiment of the invention, the ciphertext data is classified, a plurality of secret keys are generated, and different types of ciphertext data are encrypted according to the secret keys to obtain the encryption rights, specifically:
s301, ciphertext data is obtained, ciphertext data characteristics are extracted, and ciphertext keywords are generated according to the ciphertext data characteristics;
s302, performing word sense analysis according to the ciphertext keywords to obtain analysis information;
s303, analyzing different word senses of the ciphertext data according to the analysis information to obtain different types of ciphertext data;
s304, different authority information is generated according to different word senses, and the different authority information is matched with different types of ciphertext data to obtain different encryption authorities.
It should be noted that, keyword extraction is performed on ciphertext data, word sense analysis is performed, different word senses represent different meanings, so that ciphertext data can be classified, different authority encryption can be performed on different word senses, and the encryption effect of the data is improved.
According to the embodiment of the invention, a decryption instruction is acquired, and corresponding decryption rights are acquired according to the decryption instruction, specifically:
obtaining a decryption instruction, and grading the decryption instruction;
generating decryption keys of different grades according to grade division;
different decryption rights are generated according to different levels of decryption keys.
It should be noted that, by analyzing the decryption instruction, the decryption instruction is analyzed, so as to obtain different decryption keys, and different decryption rights are obtained by the different decryption keys.
According to the embodiment of the invention, if the matching is successful, the decryption is successful, and decrypted plaintext data is generated, specifically:
obtaining a decryption instruction, generating a decryption key by the decryption instruction, and generating a round key by expanding the decryption key;
firstly, performing round key addition operation once, and then performing reverse operation of reverse shift, reverse byte substitution and round key addition and reverse column mixing on the ciphertext;
repeatedly executing reverse operation for multiple times, and performing reverse shift, reverse byte substitution and round key addition operation once to obtain decrypted plaintext data.
It should be noted that, when different modes of processing are performed on ciphertext data, different data processing results are obtained, the plaintext data is decrypted by comprehensively analyzing the different data processing results, the decryption precision is improved, after the ciphertext is obtained, the ciphertext is required to be decrypted, and the decryption is completed by adopting the encryption reverse process to obtain the plaintext: the decryption process firstly generates round keys through key expansion, and firstly carries out round key adding operation once. And then performing reverse shift, reverse byte substitution and reverse operation of round key addition and reverse column mixing on the ciphertext, and repeatedly executing 9 rounds of reverse operation. In the 10 th round of decryption, reverse column mixing is not needed, and only one reverse shift, reverse byte substitution and round key addition operation are needed. Finally, the obtained result is the decrypted plaintext; in the process, the reverse operation sequence is opposite to the encryption operation steps, and the data before encryption can be correctly restored through the reverse operation.
According to an embodiment of the present invention, further comprising:
obtaining decryption instructions, and accessing the encrypted data in different modes according to the decryption instructions to obtain a plurality of access levels;
comparing the access level with the decryption level to obtain access matching degree;
acquiring the calling degree of the data according to the access matching degree;
and accessing the data according to the calling degree of the data.
It should be noted that different encryption levels and decryption levels may perform different encryption processing on different data, so as to protect different data, and distinguish between the different data during the access process, so as to improve the access security of the data.
According to an embodiment of the present invention, further comprising: defining authority users in advance to enable the authority users to have the capability of accessing data; then generating a main public key and a main private key, storing the main public key and the main private key in a key management center, and enabling a user to go to reading, wherein the public key is used for encrypting local data, and the private key is used for defining an access strategy;
the robot locally encrypts local data by using a public key, and adds an access strategy into a ciphertext at the same time, so that only users with correct access rights can access the data, and the encrypted file is stored locally;
when a user needs to access local encrypted data, the user only needs to generate a private key of the user through the authority, and the ciphertext is decrypted through the private key, so that the original local data is obtained.
Referring to fig. 4, fig. 4 is a schematic structural diagram of a CP-ABE based robot data security protection system according to some embodiments of the present application. In a second aspect, an embodiment of the present application provides a CP-ABE based robot data security protection system 4, the system comprising: the memory 41 and the processor 42, the memory 41 includes a program of the robot data security protection method based on CP-ABE, and the program of the robot data security protection method based on CP-ABE realizes the following steps when executed by the processor:
acquiring plaintext data, extracting characteristics of the plaintext data, generating corresponding encryption rules according to the characteristics of the plaintext data, and encrypting the plaintext data according to the encryption rules to obtain ciphertext data;
classifying the ciphertext data, generating a plurality of keys, and encrypting the ciphertext data of different types with different authorities according to the keys to obtain encryption authorities;
obtaining a decryption instruction, and obtaining corresponding decryption rights according to the decryption instruction;
matching the decryption authority with the encryption authority;
if the matching is successful, the decryption is successful, and decrypted plaintext data is generated;
if the matching fails, generating data safety warning data, and transmitting the safety warning data to the terminal for data safety warning.
It should be noted that, by analyzing the decryption rights to decrypt the corresponding encrypted data, decryption of different rights of the data can be realized, and the data security protection function is improved.
According to the embodiment of the invention, plaintext data is obtained, plaintext data characteristics are extracted, corresponding encryption rules are generated according to the plaintext data characteristics, and the plaintext data is encrypted according to the encryption rules to obtain ciphertext data, which is specifically as follows:
acquiring plaintext data, and processing the plaintext data according to encryption rules;
encryption rules include initial transformation, byte substitution, row shifting, column mixing, and round key addition;
combining the encryption rules in different modes to generate a plurality of encryption coordination relations;
and encrypting the plaintext data in different modes according to different encryption coordination relations to obtain ciphertext data with different encryption rules.
It should be noted that, encryption processing is performed on the plaintext data in different manners according to different encryption rules, so as to improve encryption security of the plaintext data.
According to the embodiment of the invention, the initial transformation comprises key expansion and initial round operation, wherein the key expansion expands an initial key into a plurality of round keys for subsequent encryption round function operation, and the initial round operation carries out bitwise exclusive OR operation on plaintext data and a first round key to provide an initial state for subsequent encryption round function;
byte substitution includes mapping each input byte to a corresponding output byte using a fixed substitution box, and realizing byte substitution by means of table look-up;
the row shift operation performs a cyclic left shift operation on each row, such that bytes of each column are dispersed before the column mixing operation by the row shift operation;
the column mix performs a linear transformation on each column,
round key addition includes exclusive-or-ing the round key of the current round with a corresponding portion of the data block.
According to the embodiment of the invention, the ciphertext data is classified, a plurality of secret keys are generated, and different types of ciphertext data are encrypted according to the secret keys to obtain the encryption rights, specifically:
acquiring ciphertext data, extracting ciphertext data characteristics, and generating ciphertext keywords according to the ciphertext data characteristics;
word sense analysis is carried out according to the ciphertext keywords, and analysis information is obtained;
analyzing different word senses of the ciphertext data according to the analysis information to obtain different types of ciphertext data;
and generating different authority information according to different word senses, and matching the different authority information with different types of ciphertext data to obtain different encryption authorities.
It should be noted that, keyword extraction is performed on ciphertext data, word sense analysis is performed, different word senses represent different meanings, so that ciphertext data can be classified, different authority encryption can be performed on different word senses, and the encryption effect of the data is improved.
According to the embodiment of the invention, a decryption instruction is acquired, and corresponding decryption rights are acquired according to the decryption instruction, specifically:
obtaining a decryption instruction, and grading the decryption instruction;
generating decryption keys of different grades according to grade division;
different decryption rights are generated according to different levels of decryption keys.
It should be noted that, by analyzing the decryption instruction, the decryption instruction is analyzed, so as to obtain different decryption keys, and different decryption rights are obtained by the different decryption keys.
According to the embodiment of the invention, if the matching is successful, the decryption is successful, and decrypted plaintext data is generated, specifically:
obtaining a decryption instruction, generating a decryption key by the decryption instruction, and generating a round key by expanding the decryption key;
firstly, performing round key addition operation once, and then performing reverse operation of reverse shift, reverse byte substitution and round key addition and reverse column mixing on the ciphertext;
repeatedly executing reverse operation for multiple times, and performing reverse shift, reverse byte substitution and round key addition operation once to obtain decrypted plaintext data.
It should be noted that, when different modes of processing are performed on ciphertext data, different data processing results are obtained, the plaintext data is decrypted by comprehensively analyzing the different data processing results, the decryption precision is improved, after the ciphertext is obtained, the ciphertext is required to be decrypted, and the decryption is completed by adopting the encryption reverse process to obtain the plaintext: the decryption process firstly generates round keys through key expansion, and firstly carries out round key adding operation once. And then performing reverse shift, reverse byte substitution and reverse operation of round key addition and reverse column mixing on the ciphertext, and repeatedly executing 9 rounds of reverse operation. In the 10 th round of decryption, reverse column mixing is not needed, and only one reverse shift, reverse byte substitution and round key addition operation are needed. Finally, the result obtained after decryption is plaintext. In the process, the reverse operation sequence is opposite to the encryption operation steps, and the data before encryption can be correctly restored through the reverse operation.
According to an embodiment of the present invention, further comprising:
obtaining decryption instructions, and accessing the encrypted data in different modes according to the decryption instructions to obtain a plurality of access levels;
comparing the access level with the decryption level to obtain access matching degree;
acquiring the calling degree of the data according to the access matching degree;
and accessing the data according to the calling degree of the data.
It should be noted that different encryption levels and decryption levels may perform different encryption processing on different data, so as to protect different data, and distinguish between the different data during the access process, so as to improve the access security of the data.
According to an embodiment of the present invention, further comprising: defining authority users in advance to enable the authority users to have the capability of accessing data; then generating a main public key and a main private key, storing the main public key and the main private key in a key management center, and enabling a user to go to reading, wherein the public key is used for encrypting local data, and the private key is used for defining an access strategy;
the robot locally encrypts local data by using a public key, and adds an access strategy into a ciphertext at the same time, so that only users with correct access rights can access the data, and the encrypted file is stored locally;
when a user needs to access local encrypted data, the user only needs to generate a private key of the user through the authority, and the ciphertext is decrypted through the private key, so that the original local data is obtained.
A third aspect of the present invention provides a computer-readable storage medium, in which a CP-ABE based robot data security protection method program is included, which when executed by a processor, implements the steps of the CP-ABE based robot data security protection method according to any one of the above.
The invention discloses a robot data security protection method, a system and a medium based on CP-ABE, which are characterized in that plaintext data is obtained, plaintext data characteristics are extracted, corresponding encryption rules are generated according to the plaintext data characteristics, and the plaintext data is encrypted according to the encryption rules to obtain ciphertext data; classifying the ciphertext data, generating a plurality of keys, and encrypting the ciphertext data of different types with different authorities according to the keys to obtain encryption authorities; obtaining a decryption instruction, and obtaining corresponding decryption rights according to the decryption instruction; matching the decryption authority with the encryption authority; if the matching is successful, the decryption is successful, and decrypted plaintext data is generated; if the matching fails, generating data safety warning data, and transmitting the safety warning data to the terminal for data safety warning; by encrypting the ciphertext data, different decryption authorities can decrypt the ciphertext data to different degrees in the process of data acquisition, so that the decryption security of the data is realized.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above described device embodiments are only illustrative, e.g. the division of units is only one logical function division, and there may be other divisions in actual implementation, such as: multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. In addition, the various components shown or discussed may be coupled or directly coupled or communicatively coupled to each other via some interface, whether indirectly coupled or communicatively coupled to devices or units, whether electrically, mechanically, or otherwise.
The units described above as separate components may or may not be physically separate, and components shown as units may or may not be physical units; can be located in one place or distributed to a plurality of network units; some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present invention may be integrated in one processing unit, or each unit may be separately used as one unit, or two or more units may be integrated in one unit; the integrated units may be implemented in hardware or in hardware plus software functional units.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware related to program instructions, and the foregoing program may be stored in a readable storage medium, where the program, when executed, performs steps including the above method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk or an optical disk, or the like, which can store program codes.
Alternatively, the above-described integrated units of the present invention may be stored in a readable storage medium if implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solution of the embodiments of the present invention may be embodied in essence or a part contributing to the prior art in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a removable storage device, ROM, RAM, magnetic or optical disk, or other medium capable of storing program code.
Claims (10)
1. The robot data safety protection method based on the CP-ABE is characterized by comprising the following steps of:
acquiring plaintext data, extracting characteristics of the plaintext data, generating corresponding encryption rules according to the characteristics of the plaintext data, and encrypting the plaintext data according to the encryption rules to obtain ciphertext data;
classifying the ciphertext data, generating a plurality of keys, and encrypting the ciphertext data of different types with different authorities according to the keys to obtain encryption authorities;
obtaining a decryption instruction, and obtaining corresponding decryption rights according to the decryption instruction;
matching the decryption authority with the encryption authority;
if the matching is successful, the decryption is successful, and decrypted plaintext data is generated;
if the matching fails, generating data safety warning data, and transmitting the safety warning data to the terminal for data safety warning.
2. The CP-ABE based robot data security protection method of claim 1, wherein the method comprises the steps of obtaining plaintext data, extracting characteristics of the plaintext data, generating corresponding encryption rules according to the characteristics of the plaintext data, encrypting the plaintext data according to the encryption rules, and obtaining ciphertext data, and is specifically:
acquiring plaintext data, and processing the plaintext data according to encryption rules;
encryption rules include initial transformation, byte substitution, row shifting, column mixing, and round key addition;
combining the encryption rules in different modes to generate a plurality of encryption coordination relations;
and encrypting the plaintext data in different modes according to different encryption coordination relations to obtain ciphertext data with different encryption rules.
3. The CP-ABE based robot data security protection method of claim 2, wherein the initial transformation includes a key expansion and an initial round operation, the key expansion expanding the initial key into a plurality of round keys for a subsequent encryption round function operation, the initial round operation bitwise xoring plaintext data with the first round key to provide an initial state for the subsequent encryption round function;
the byte substitution comprises mapping each input byte to a corresponding output byte by using a fixed substitution box, and realizing the substitution of the bytes by a table look-up mode;
the row shift operation performs a cyclic left shift operation on each row, such that bytes of each column are dispersed before the column mixing operation by the row shift operation;
the column mix performs a linear transformation on each column,
round key addition includes exclusive-or-ing the round key of the current round with a corresponding portion of the data block.
4. The robot data security protection method based on CP-ABE according to claim 3, wherein ciphertext data is classified, a plurality of keys are generated, different types of ciphertext data are encrypted according to the keys to obtain encrypted rights, specifically:
acquiring ciphertext data, extracting ciphertext data characteristics, and generating ciphertext keywords according to the ciphertext data characteristics;
word sense analysis is carried out according to the ciphertext keywords, and analysis information is obtained;
analyzing different word senses of the ciphertext data according to the analysis information to obtain different types of ciphertext data;
and generating different authority information according to different word senses, and matching the different authority information with different types of ciphertext data to obtain different encryption authorities.
5. The CP-ABE based robot data security protection method of claim 4, wherein the obtaining a decryption instruction, and obtaining a corresponding decryption right according to the decryption instruction, comprises:
obtaining a decryption instruction, and grading the decryption instruction;
generating decryption keys of different grades according to grade division;
different decryption rights are generated according to different levels of decryption keys.
6. The method for protecting the safety of the robot data based on the CP-ABE according to claim 5, wherein if the matching is successful, the decryption is successful, and decrypted plaintext data is generated, specifically:
obtaining a decryption instruction, generating a decryption key by the decryption instruction, and generating a round key by expanding the decryption key;
firstly, performing round key addition operation once, and then performing reverse operation of reverse shift, reverse byte substitution and round key addition and reverse column mixing on the ciphertext;
repeatedly executing reverse operation for multiple times, and performing reverse shift, reverse byte substitution and round key addition operation once to obtain decrypted plaintext data.
7. A CP-ABE based robot data security protection system, the system comprising: the system comprises a memory and a processor, wherein the memory comprises a program of a robot data safety protection method based on CP-ABE, and the program of the robot data safety protection method based on CP-ABE realizes the following steps when being executed by the processor:
acquiring plaintext data, extracting characteristics of the plaintext data, generating corresponding encryption rules according to the characteristics of the plaintext data, and encrypting the plaintext data according to the encryption rules to obtain ciphertext data;
classifying the ciphertext data, generating a plurality of keys, and encrypting the ciphertext data of different types with different authorities according to the keys to obtain encryption authorities;
obtaining a decryption instruction, and obtaining corresponding decryption rights according to the decryption instruction;
matching the decryption authority with the encryption authority;
if the matching is successful, the decryption is successful, and decrypted plaintext data is generated;
if the matching fails, generating data safety warning data, and transmitting the safety warning data to the terminal for data safety warning.
8. The CP-ABE based robot data security system of claim 7, wherein the CP-ABE based robot data security system is characterized by obtaining plaintext data, extracting characteristics of the plaintext data, generating corresponding encryption rules according to the characteristics of the plaintext data, encrypting the plaintext data according to the encryption rules to obtain ciphertext data, and specifically comprising:
acquiring plaintext data, and processing the plaintext data according to encryption rules;
encryption rules include initial transformation, byte substitution, row shifting, column mixing, and round key addition;
combining the encryption rules in different modes to generate a plurality of encryption coordination relations;
and encrypting the plaintext data in different modes according to different encryption coordination relations to obtain ciphertext data with different encryption rules.
9. The CP-ABE based robot data security protection system of claim 8, wherein the initial transformation includes a key expansion and an initial round operation, the key expansion expanding the initial key into a plurality of round keys for subsequent encryption round function operations, the initial round operation bitwise xoring plaintext data with the first round key to provide an initial state for subsequent encryption round functions;
the byte substitution comprises mapping each input byte to a corresponding output byte by using a fixed substitution box, and realizing the substitution of the bytes by a table look-up mode;
the row shift operation performs a cyclic left shift operation on each row, such that bytes of each column are dispersed before the column mixing operation by the row shift operation;
column blending performs linear transformation on each column;
round key addition includes exclusive-or-ing the round key of the current round with a corresponding portion of the data block.
10. A computer-readable storage medium, wherein a CP-ABE based robot data security protection method program is included in the computer-readable storage medium, and when the CP-ABE based robot data security protection method program is executed by a processor, the steps of the CP-ABE based robot data security protection method according to any one of claims 1 to 6 are implemented.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311855822.3A CN117807614A (en) | 2023-12-29 | 2023-12-29 | Robot data security protection method, system and medium based on CP-ABE |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311855822.3A CN117807614A (en) | 2023-12-29 | 2023-12-29 | Robot data security protection method, system and medium based on CP-ABE |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117807614A true CN117807614A (en) | 2024-04-02 |
Family
ID=90423069
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311855822.3A Pending CN117807614A (en) | 2023-12-29 | 2023-12-29 | Robot data security protection method, system and medium based on CP-ABE |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117807614A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119109717A (en) * | 2024-11-08 | 2024-12-10 | 国网浙江省电力有限公司金华供电公司 | Substation intelligent inspection method and system based on information encryption |
-
2023
- 2023-12-29 CN CN202311855822.3A patent/CN117807614A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119109717A (en) * | 2024-11-08 | 2024-12-10 | 国网浙江省电力有限公司金华供电公司 | Substation intelligent inspection method and system based on information encryption |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110457945B (en) | List query method, query party device, service party device and storage medium | |
| EP3174238A1 (en) | Protecting white-box feistel network implementation against fault attack | |
| EP2290871A2 (en) | Encryption method and apparatus using composition of ciphers | |
| CN105635144A (en) | Cloud-platform-server-based data processing method and system | |
| US20150172044A1 (en) | Order-preserving encryption system, encryption device, decryption device, encryption method, decryption method, and programs thereof | |
| CN111475690B (en) | Character string matching method and device, data detection method and server | |
| CN113489710B (en) | File sharing method, device, equipment and storage medium | |
| US20180013551A1 (en) | Apparatus for obfuscating and restoring program execution code and method thereof | |
| CN110505054B (en) | Data processing method, device and equipment based on dynamic white box | |
| CN112199730A (en) | Method and device for processing application data on terminal and electronic equipment | |
| US20180123789A1 (en) | Apparatus and method for generating a key in a programmable hardware module | |
| CN111585998B (en) | Audit data secure transmission method and system | |
| CN117807614A (en) | Robot data security protection method, system and medium based on CP-ABE | |
| EP3704617A1 (en) | Privacy-preserving log analysis | |
| CN113946862A (en) | A data processing method, apparatus, device and readable storage medium | |
| CN115225329B (en) | File verification data generation method and device, electronic equipment and readable storage medium | |
| US20210143978A1 (en) | Method to secure a software code performing accesses to look-up tables | |
| CN106341227A (en) | Protective password resetting method, device and system based on decryption cryptograph of server | |
| CN113656810B (en) | Application encryption method and device, electronic equipment and storage medium | |
| Ugwunna et al. | ADVANCED ENCRYPTION STANDARD (AES) IMPLEMENTATION EFFICIENCY USING JAVA AND NODE. JS PLATFORMS | |
| CN114531236B (en) | Key processing method and device and electronic equipment | |
| CN118827165B (en) | Data encryption and decryption method and device | |
| CN118250099B (en) | USB flash disk data exchange method and device based on key distribution and computer equipment | |
| CN115563638B (en) | Data processing method, system, device and storage medium | |
| Bevinakoppa et al. | Secured Private Network Cyber-Security Application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |