The Research Of Client Data Security Based On Private Key

Data create value,and data security is related to the interests of the state,enterprises and individuals.With the rapid development of mobile Internet and cloud computing,networking and other technologies,the amount of data showing explosive growth.According to IDC monitoring,in 2010,the global total data volume has reached the ZB level,the era of big data quietly coming.The era of big data,in order to maximize the value of the data,the environment is open,resource sharing has become inevitable.People through the use of cloud storage so that the terminal equipment of their own to get rid of the shackles of the limited storage space,multiple heterogeneous data storage Yu Yunduan mass,the user access to the data they need from the cloud to the local use.The open sharing of such environment resources for people to bring great convenience,but at the same time is also convenient for hackers,they can easily obtain many valuable data before you need to break the barriers to access to all kinds of firewall,which makes the open environment data is facing a huge security risk.How to ensure the security of data stored in the open cloud environment is one of the major challenges in the era of big data.In 2015,Professor Miao put forward a data oriented security architecture(DOSA)based on DOA(data oriented architecture).From the point of view of data security protection mechanism to construct a set of data throughout the life cycle,through the implementation of "natural data encryption,authorization and access" strategy for data security protection equipment makes its armor does not depend on the external environment,in order to solve the problem of data security in open environment.Open Cloud Storage era,massive data is generated and used by a large number of terminal equipment,the terminal device has become the origin and destination of data life.Therefore,we ensure that the terminal equipment to ensure the safety of data have important significance in the open environment of data security.This paper is based on DOSA's "natural encryption,data security thought authorized access",research on the problem of data security of terminal equipment design,and proposes a security solution based on the private key data terminal equipment,to achieve a safe access and data terminal equipment storage and transmission.The main research of this article is as follows:(i)Have researched and studied of a data oriented security architecture(DOSA).Research on the core thought data of DOSA "inherent encryption,authorized access";Each module in the security mechanism built for DOSA is studied.(ii)Have researched the encryption algorithm and the certificate authority(CA),which are used in the security realm.For the study of symmetric encryption algorithm DES,AES,asymmetric encryption algorithm RSA,the message digest algorithm MD5,sha-2 is studied;Research on the digital envelope technology,digital certificate,etc.(ii)A terminal data security solution based on private key is proposed.Research and design of data security storage and access methods for the guaranteed end devices;To study and design the data secure transmission method of the terminal equipment.(iv)Have primary implemented preliminary data security solutions based on private keys.Research and study on the development language,database,development framework,graphical interface development techniques used in the implementation plan;Detailed design and implementation of data flow for each module of the solution.The innovation point of this article is as follows:(i)An client data security solution based on the private key is proposedPlan will be generated for each user belongs only to the user's own public and private key pair,public key to a trusted third party in the form of a certificate of authorization management center closed to the public,the private key is given by the users themselves properly,only the users themselves.The characteristics of using the private key is not made public,use the local data for safe and efficient symmetric encryption storage,ensure the safety and effectiveness of data in storage access;Use the authority of a trusted third party to use the digital certificate issued in the data transaction(i.e.upload/download)to guarantee the security of the data transaction.The results of this study are as follows:(i)A preliminary research and study of a data oriented security architecture(DOSA)was completed.DOSA at the architecture level effectively solved the data security problem under open environment,the construction of its system architecture based on data "natural encryption,grant access to" the core idea.The DOSA makes data security independent of the security of the environment and puts the data itself in armor,giving it a certain amount of self-protection.(ii)The research of symmetric and asymmetric key systems and certificate authority centers was completed.System of symmetric key encryption speed but share the encryption key,asymmetric key system of private but the decryption key encryption speed,combined with the characteristics of the two key systems get better encryption strategies: digital envelopes technology that is symmetric key system for data encryption and asymmetric key system for key encryption.(iii)The research and design of the end data security solution based on the private key is completed.Take advantage of user private key security is not open and symmetric encryption efficiency high characteristic,solution in data storage using user private key encrypted key generation storage,the data transmission using digital envelopes technology processing and use of user private key to encrypt data signature.(iv)The proposed terminal data security solution was initially implemented.This scheme USES mature Java language development,plan according to the design concept into the client and the server,in this paper,the development based on the DSF(a RPC framework)on the server and client implementations.The server USES the MySQL database for user information management,and the client USES the JavaFX technology to develop the graphical user interface for the client.Data storage,access,uploading,and downloading basic functions have been implemented and tested.