[go: up one dir, main page]

CN114218592A - Encryption and decryption method, device, computer equipment and storage medium for sensitive data - Google Patents

Encryption and decryption method, device, computer equipment and storage medium for sensitive data Download PDF

Info

Publication number
CN114218592A
CN114218592A CN202111559131.XA CN202111559131A CN114218592A CN 114218592 A CN114218592 A CN 114218592A CN 202111559131 A CN202111559131 A CN 202111559131A CN 114218592 A CN114218592 A CN 114218592A
Authority
CN
China
Prior art keywords
key
target
ciphertext
field
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111559131.XA
Other languages
Chinese (zh)
Inventor
黄强
陈杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An E Wallet Electronic Commerce Co Ltd
Original Assignee
Ping An E Wallet Electronic Commerce Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An E Wallet Electronic Commerce Co Ltd filed Critical Ping An E Wallet Electronic Commerce Co Ltd
Priority to CN202111559131.XA priority Critical patent/CN114218592A/en
Publication of CN114218592A publication Critical patent/CN114218592A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/901Indexing; Data structures therefor; Storage structures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The application relates to the technical field of data security, and discloses an encryption and decryption method, device, computer equipment and storage medium for sensitive data, wherein the method comprises the steps of acquiring a field to be encrypted and the encryption level of the sensitive field; acquiring the corresponding relation between the sensitive field level and the key index queue, and acquiring a key corresponding to a field to be encrypted from a local cache as a target key; encrypting the field to be encrypted based on the preset ciphertext identification prefix and the identification information to obtain ciphertext data, and storing the ciphertext data; encrypting the target key to obtain a key ciphertext; and if the target ciphertext data decryption command is received, decrypting the target key data to obtain the decrypted target ciphertext data. The application also relates to a block chain technology, and the ciphertext data is stored in the block chain. The encryption and decryption method and the device perform corresponding encryption and decryption on different sensitive fields, do not need to process full data, and are favorable for improving the encryption and decryption efficiency of the data.

Description

Sensitive data encryption and decryption method and device, computer equipment and storage medium
Technical Field
The present application relates to the field of data security technologies, and in particular, to an encryption and decryption method and apparatus for sensitive data, a computer device, and a storage medium.
Background
The database is usually stored in plaintext, and the existing database management system basically adopts user authentication, authorization management, security audit and other technologies to perform security management. However, such as a database administrator or a hacker who invades the database server can access all data of the database without hindrance, and confidentiality of sensitive information data or important business data therein cannot be effectively guaranteed. Meanwhile, with the increasing importance of the country on the protection of personal sensitive information, the storage encryption and decryption of sensitive data gradually become the problem that the IT system has to face;
in order to solve the problem of coexistence and compatibility of plaintext and ciphertext new and old data, a scheme of newly increasing ciphertext sensitive fields in a data table is commonly adopted at present, encryption, decryption and modification are required to be finally completed through a series of implementation steps, and the method mainly comprises the following steps: and (3) writing plaintext and ciphertext fields simultaneously by applying transformation, cleaning and writing the whole plaintext historical data into the ciphertext fields, reading only the ciphertext fields by using switch switching application, writing only the ciphertext fields by using the switch switching application, deleting the whole plaintext field data and the like. Although the scheme is quite safe and reliable for the encryption, decryption and storage rectification of some critical service data, for other sensitive data of some more general non-critical services, the step is too tedious and tedious, so that the whole rectification implementation process is quite long, time and labor are wasted, and the encryption and decryption efficiency of the sensitive data is low. There is a need for a method for improving the encryption and decryption efficiency of sensitive data of non-critical services.
Disclosure of Invention
The embodiment of the application aims to provide an encryption and decryption method and device for sensitive data, computer equipment and a storage medium, so as to improve the efficiency of encryption and decryption of sensitive data of non-critical services.
In order to solve the above technical problem, an embodiment of the present application provides an encryption and decryption method for sensitive data, including:
acquiring a field to be encrypted, and comparing the field to be encrypted with a preset sensitive field to acquire the encryption level of the sensitive field corresponding to the field to be encrypted;
acquiring the corresponding relation between the sensitive field level and a key index queue, and acquiring a key corresponding to the field to be encrypted from a local cache as a target key based on the corresponding relation;
acquiring identification information of the field to be encrypted, encrypting the field to be encrypted based on a preset ciphertext identification prefix and the identification information to obtain ciphertext data, and storing the ciphertext data in a target database;
encrypting the target key by adopting a preset encryption algorithm to obtain a key ciphertext, storing the key ciphertext and the target key index in the target database, and storing the target key in the local cache;
and if a target ciphertext data decryption command is received, acquiring a target key ciphertext corresponding to the target ciphertext data, and decrypting the target ciphertext data based on the target key ciphertext to obtain decrypted target ciphertext data.
In order to solve the above technical problem, an embodiment of the present application provides an encryption and decryption apparatus for sensitive data, including:
the field to be encrypted acquiring module is used for acquiring a field to be encrypted and comparing the field to be encrypted with a preset sensitive field to acquire the encryption level of the sensitive field corresponding to the field to be encrypted;
the target key generation module is used for acquiring the corresponding relation between the sensitive field level and a key index queue, and acquiring a key corresponding to the field to be encrypted from a local cache as a target key based on the corresponding relation;
the ciphertext data storage module is used for acquiring the identification information of the field to be encrypted, encrypting the field to be encrypted based on a preset ciphertext identification prefix and the identification information to obtain ciphertext data, and storing the ciphertext data in a target database;
a key ciphertext generating module, configured to encrypt the target key by using a preset encryption algorithm to obtain a key ciphertext, store the key ciphertext and the target key index in the target database, and store the target key in the local cache;
and the ciphertext data decryption module is used for acquiring a target key ciphertext corresponding to the target ciphertext data if a target ciphertext data decryption command is received, and decrypting the target ciphertext data based on the target key ciphertext to obtain decrypted target ciphertext data.
In order to solve the technical problems, the invention adopts a technical scheme that: a computer device is provided that includes, one or more processors; a memory for storing one or more programs to cause one or more processors to implement the method for encrypting and decrypting sensitive data as described in any one of the above.
In order to solve the technical problems, the invention adopts a technical scheme that: a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method of encrypting and decrypting sensitive data as described in any one of the above.
The embodiment of the invention provides an encryption and decryption method and device for sensitive data, computer equipment and a storage medium, wherein the encryption level of a sensitive field corresponding to a field to be encrypted is obtained by obtaining the field to be encrypted and comparing the field to be encrypted with a preset sensitive field; acquiring a corresponding relation between the sensitive field level and a key index queue, and acquiring a key corresponding to a field to be encrypted from a local cache as a target key based on the corresponding relation; acquiring identification information of a field to be encrypted, encrypting the field to be encrypted based on a preset ciphertext identification prefix and the identification information to obtain ciphertext data, and storing the ciphertext data in a target database; encrypting the target key by adopting a preset encryption algorithm to obtain a key ciphertext, storing the key ciphertext and the target key index in a target database, and storing the target key in a local cache; and if a target ciphertext data decryption command is received, acquiring a target ciphertext key corresponding to the target ciphertext data, and decrypting the target ciphertext key based on the target ciphertext key to obtain the decrypted target ciphertext data. The encryption is carried out according to the sensitive fields of different levels, the key is further encrypted, the security of the sensitive data is improved, meanwhile, the encryption and decryption are correspondingly carried out on the different sensitive fields, the processing of the full amount of data is not needed, and the encryption and decryption efficiency of the data is improved.
Drawings
In order to more clearly illustrate the solution of the present application, the drawings needed for describing the embodiments of the present application will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and that other drawings can be obtained by those skilled in the art without inventive effort.
FIG. 1 is a flowchart of an implementation of a method for encrypting and decrypting sensitive data according to an embodiment of the present application;
FIG. 2 is a flowchart of an implementation of a sub-process in a method for encrypting and decrypting sensitive data according to an embodiment of the present application;
FIG. 3 is a flowchart of another implementation of a sub-process in a method for encrypting and decrypting sensitive data according to an embodiment of the present application;
FIG. 4 is a flowchart of another implementation of a sub-process in a method for encrypting and decrypting sensitive data according to an embodiment of the present application;
FIG. 5 is a flowchart of another implementation of a sub-process in a method for encrypting and decrypting sensitive data according to an embodiment of the present application;
FIG. 6 is a flowchart of another implementation of a sub-process in a method for encrypting and decrypting sensitive data according to an embodiment of the present application;
FIG. 7 is a flowchart of another implementation of a sub-process in a method for encrypting and decrypting sensitive data according to an embodiment of the present application;
FIG. 8 is a schematic diagram of an apparatus for encrypting and decrypting sensitive data according to an embodiment of the present application;
fig. 9 is a schematic diagram of a computer device provided in an embodiment of the present application.
Detailed Description
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the terminology used in the description of the application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application; the terms "including" and "having," and any variations thereof, in the description and claims of this application and the description of the above figures are intended to cover non-exclusive inclusions. The terms "first," "second," and the like in the description and claims of this application or in the above-described drawings are used for distinguishing between different objects and not for describing a particular order.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings.
The present invention will be described in detail below with reference to the accompanying drawings and embodiments.
It should be noted that, the encryption and decryption method for sensitive data provided in the embodiments of the present application is generally executed by a server, and accordingly, the encryption and decryption apparatus for sensitive data is generally configured in the server.
Referring to fig. 1, fig. 1 shows an embodiment of an encryption and decryption method for sensitive data.
It should be noted that, if the result is substantially the same, the method of the present invention is not limited to the flow sequence shown in fig. 1, and the method includes the following steps:
s1: and acquiring a field to be encrypted, and comparing the field to be encrypted with a preset sensitive field to acquire the encryption level of the sensitive field corresponding to the field to be encrypted.
In the embodiments of the present application, in order to more clearly understand the technical solution, the following detailed description is made on the terminal related to the present application.
The server can receive data such as a field to be encrypted and a storage field sent by a user side, judge the data to obtain the encryption level of the data, encrypt the data and obtain ciphertext data and a corresponding key; and when receiving a data decryption command sent from the user side, decrypting the encrypted data and returning the decrypted data to the user side.
The user side can send data to the server for encryption and storage; the user side can also send a data decryption command to the server to obtain the corresponding decoded data returned by the server.
Specifically, different levels are set for different sensitive fields in advance, and the set sensitive field levels are stored in a local cache. When a new field to be encrypted is obtained, comparing the field to be encrypted with a preset sensitive field, and thus obtaining the encryption level of the sensitive field corresponding to the field to be encrypted. In one embodiment, the encryption levels of the sensitive fields are classified into negligibly decrypted data, normally encrypted data, and strongly encrypted data.
Referring to fig. 2, fig. 2 shows an embodiment before step S1, which is described in detail as follows:
s11: and storing the preset sensitive field encryption level, the corresponding relation between the key and the key index queue and the corresponding relation between the sensitive field level and the key index queue in a target database.
S12: and acquiring the updating period of the local cache key as the synchronization period.
S13: and taking the synchronous period as the updating period of the key.
Specifically, before encrypting the field to be encrypted, the encryption level of the sensitive field, the corresponding relationship between the key and the key index queue, and the corresponding relationship between the sensitive field level and the key index queue need to be configured. The encryption level of the configured sensitive field can be obtained according to the sensitive field level and based on the corresponding relation between the configured sensitive field level and the key index queue; and then acquiring a corresponding key based on the corresponding relation between the key and the key index queue, so that the key generated by the corresponding sensitive field can be acquired. Meanwhile, in order to better manage the key, the updating period of the local cache is firstly obtained, and the updating period of the key is set to be the same as the updating period of the local cache.
In the embodiment, the preset corresponding relation among the encryption level of the sensitive field, the key and the key index queue and the corresponding relation among the encryption level of the sensitive field and the key index queue are stored in the target database, the updating period of the local cache key is obtained and used as the synchronization period, and then the updating period of the key is established based on the synchronization period, so that the encryption level of the sensitive field, the key and the key index queue are configured, the sensitive field is encrypted and the corresponding key is obtained subsequently, the updating period of the key is established simultaneously, and the key index information are maintained.
S2: and acquiring the corresponding relation between the sensitive field level and the key index queue, and acquiring the key corresponding to the field to be encrypted from the local cache as a target key based on the corresponding relation.
Specifically, since the encryption level of the sensitive field, the corresponding relationship between the key and the key index queue, and the corresponding relationship between the sensitive field level and the key index queue are pre-configured in the local cache, after the encryption level of the field to be encrypted is obtained, the latest key index is obtained by comparing the encryption levels one by one, and the corresponding key is obtained from the local cache based on the latest key index and is used as the target key of the field to be encrypted. Further, when the sensitive field needs to be encrypted currently, a new key is generated, and the new key generates a new record in the key index queue, so that the latest key index is obtained, and the corresponding key can be obtained.
Referring to fig. 3, fig. 3 shows an embodiment of step S2, which is described in detail as follows:
s21: and acquiring the corresponding relation between the sensitive field level and the key index queue based on the sensitive field encryption level.
S22: and acquiring the key index queue corresponding to the encryption level of the sensitive field from the local database according to the corresponding relation between the sensitive field level and the key index queue.
S23: and acquiring the latest key index from the key index queue.
S24: and acquiring the corresponding key from the local cache by using the latest key index as a target key.
Specifically, when a new sensitive field needs to be encrypted for storage, a corresponding key is generated, and a new key index is correspondingly generated in the key index queue. Therefore, when the key index queue corresponding to the sensitive field is obtained, the latest key index in the key index queue is obtained, the latest key index is the index generated by the sensitive field, and then the corresponding key is obtained from the local cache according to the latest key index, so that the target key is obtained.
In this embodiment, by obtaining the corresponding relationship between the sensitive field level and the key index queue, and according to the corresponding relationship between the sensitive field level and the key index queue, the key index queue corresponding to the sensitive field encryption level is obtained from the local database, the latest key index is obtained from the key index queue, and then the corresponding key is obtained from the local cache and is used as the target key, so that the key of the sensitive field is obtained, which is beneficial to encrypting the sensitive field and improving the data encryption efficiency.
S3: and acquiring identification information of the field to be encrypted, encrypting the field to be encrypted based on the preset ciphertext identification prefix and the identification information to obtain ciphertext data, and storing the ciphertext data in a target database.
Specifically, the ciphertext data structure is composed of a preset ciphertext identifier prefix, a target key index and ciphertext valid data (sensitive fields), wherein the key index is composed of a service identifier, an algorithm identifier and a number (or other service identifiers). The preset ciphertext identifier prefix is a preset fixed identifier, is generated in the prefix part of the ciphertext data and is used for distinguishing the sensitive field from the non-sensitive field. The service identifier is set according to the service type corresponding to the sensitive field, such as a vehicle insurance service corresponding identifier, a personal insurance corresponding identifier and the like; the algorithm identifier is set by an identifier corresponding to an encryption algorithm, such as triple data encryption algorithm 3DES, AES128, AES256, SM4 block cipher algorithm, and the like.
Referring to fig. 4, fig. 4 shows an embodiment of step S3, which is described in detail as follows:
s31: and acquiring identification information of the field to be encrypted, wherein the identification information comprises a service identifier, an algorithm identifier and a number.
S32: and combining the service identifier, the algorithm identifier and the number according to a preset combination mode to obtain a target key index corresponding to the target key.
S33: and acquiring a preset ciphertext tag prefix, encrypting the field to be encrypted based on the preset ciphertext tag prefix and the target key index to obtain ciphertext data, and storing the ciphertext data in a target database.
Specifically, the fields to be encrypted are from different service data, so that the fields to be encrypted are distinguished according to the types of the service data, and meanwhile, the identification of the encryption algorithm is also used as identification information when the encryption algorithm is adopted for the fields to be encrypted, and meanwhile, the fields to be encrypted can be numbered and distinguished, so that the identification information is obtained by further distinguishing according to other service types of the fields. Combining the service identifier, the algorithm identifier and the number of the identification information to obtain a key index; and then acquiring a preset ciphertext marker prefix, encrypting the field to be encrypted based on the preset ciphertext marker prefix and the target key index to obtain ciphertext data, and storing the ciphertext data in a target database, so that the field is re-encrypted according to the service type of the field to be encrypted, the encryption algorithm identifier, the ciphertext marker prefix and the like, the encryption security of the field to be encrypted is improved, the key index is constructed at the same time, the subsequent decryption of the encrypted field is facilitated, and the data encryption and decryption efficiency is improved. The preset combination mode may be that the service identifier, the algorithm identifier, and the number are combined in sequence, or the algorithm identifier, the number, and the service identifier are combined in sequence, and the preset combination mode is set according to an actual situation, and is not limited herein.
Referring to fig. 5, fig. 5 shows an embodiment after step S3, which is described in detail as follows:
s34: and if the sensitive field is detected to exist in the conditional statement of the database operation, acquiring a conditional key corresponding to the sensitive field.
S35: and encrypting the sensitive field based on the condition secret key and the preset ciphertext marker prefix to obtain condition ciphertext data.
S36: and splicing the conditional ciphertext data according to the conditional statements to obtain target conditional ciphertext data.
Specifically, if the sensitive field exists in a conditional statement (where) of the database operation, all keys of the sensitive field, that is, conditional keys, need to be obtained, the sensitive field is encrypted based on the above encryption to obtain encrypted conditional ciphertext data, and then the conditional ciphertext data is spliced according to the conditional statement to satisfy the execution of the conditional statement, so as to obtain target conditional ciphertext data. Further, in order not to significantly affect the performance of executing similar database statements, on one hand, the total amount of keys needs to be controlled (the key update period is extended), and on the other hand, the assigned key index value and the index value in the dynamic cyclic use key index queue need to be provided.
In the embodiment, the condition ciphertext data is obtained by encrypting the sensitive fields in the condition sentences operated in the database, and then the condition ciphertext data is spliced according to the condition sentences to obtain the target condition ciphertext data, so that the problem that the sensitive fields in the condition sentences operated in the database are difficult to encrypt is solved, various sensitive fields are encrypted, and the data encryption efficiency is facilitated.
S4: and encrypting the target key by adopting a preset encryption algorithm to obtain a key ciphertext, storing the key ciphertext and the target key index in a target database, and storing the target key in a local cache.
Specifically, in order to further enhance the security and confidentiality of the sensitive field, the target key corresponding to the sensitive field is further encrypted. And encrypting the target key through a preset encryption algorithm to obtain a key ciphertext. Meanwhile, in order to strengthen the association of the key ciphertext, the key ciphertext and the target key index are stored in a target database, and the target key is stored in a local cache. The preset encryption algorithm may be an RSA algorithm, an elliptic curve cryptography algorithm, a key exchange algorithm Diffe Hellman, and the like.
Referring to fig. 6, fig. 6 shows a specific embodiment after step S4, which is described in detail as follows:
s41: and executing a preset configuration neglect encryption command, and configuring the database to obtain a neglect encryption database.
S42: when the warehousing field is acquired, judging whether the warehousing field needs to be stored in a negligible encryption database;
if the binned field needs to be stored in the negligible encryption database, the binned field is stored in the negligible encryption database, S43.
Specifically, in the data storage process, a situation that new and old application of a production line coexist during version online may exist, the new application newly adds or updates a sensitive field as a ciphertext, and the old application cannot decrypt ciphertext data in the query result due to lack of a data decryption function. Therefore, a database with negligible encryption sensitive fields is configured in advance, when the data in the database is not needed to be encrypted temporarily, the data in the database is stored in the negligible encryption database in a plaintext mode by judging whether the fields in the database need to be stored in the negligible encryption database, and if so, the data in the sensitive database is not encrypted. And deleting the configuration after the version is on-line and all the services of the production line run normally, and starting the data encryption function of the table.
In the embodiment, the encryption database can be ignored through configuration, so that the possible compatibility problem of new and old applications during online coexistence is solved, the risk of rectification switching is further reduced, and the data storage efficiency is improved.
S5: and if a target ciphertext data decryption command is received, acquiring a target key ciphertext corresponding to the target ciphertext data, and decrypting the target ciphertext data based on the target key ciphertext to obtain decrypted target ciphertext data.
Specifically, when a target ciphertext data decryption command is received, a target ciphertext key corresponding to the target ciphertext data is obtained; and then, the target ciphertext key is decrypted by combining the target ciphertext key and a corresponding decryption algorithm to obtain decrypted target ciphertext data.
In the embodiment, the encryption level of the sensitive field corresponding to the field to be encrypted is obtained by obtaining the field to be encrypted and comparing the field to be encrypted with the preset sensitive field; acquiring a corresponding relation between the sensitive field level and a key index queue based on the sensitive field encryption level, and acquiring a key corresponding to a field to be encrypted from a local cache as a target key based on the corresponding relation; acquiring identification information of a field to be encrypted, encrypting the field to be encrypted based on a preset ciphertext identification prefix and the identification information to obtain ciphertext data, and storing the ciphertext data in a target database; encrypting the target key by adopting a preset encryption algorithm to obtain a key ciphertext, storing the key ciphertext and the target key index in a target database, and storing the target key in a local cache; and if a target ciphertext data decryption command is received, acquiring a target ciphertext key corresponding to the target ciphertext data, and decrypting the target ciphertext key based on the target ciphertext key to obtain the decrypted target ciphertext data. The encryption is carried out according to the sensitive fields of different levels, the key is further encrypted, the security of the sensitive data is improved, meanwhile, the encryption and decryption are correspondingly carried out on the different sensitive fields, the processing of the full amount of data is not needed, and the encryption and decryption efficiency of the data is improved.
Referring to fig. 7, fig. 7 shows an embodiment of step S5, which is described in detail as follows:
s51: and if the target ciphertext data decryption command is received, analyzing the target ciphertext data decryption command to acquire the key index value corresponding to the sensitive field.
S52: and judging whether a target key plaintext corresponding to the target ciphertext data can be acquired from the local cache or not based on the key index value.
S53: and if the target key plaintext corresponding to the target ciphertext data cannot be obtained from the local cache, obtaining the target ciphertext key from the target database based on the key index value.
S54: and decrypting the ciphertext key in a preset decryption mode to obtain a target key plaintext.
S55: and decrypting the target ciphertext data from the target database based on the target key plaintext to obtain decrypted ciphertext data.
Specifically, since the sensitive field is encrypted and the key is also encrypted in the above steps, after the decryption command is obtained, the command is decrypted for the target ciphertext data to obtain the key index value corresponding to the sensitive field. And as the ciphertext plaintext may be stored in a local cache or encrypted and stored in a target database, whether the target key plaintext corresponding to the target ciphertext data can be acquired from the local cache is judged, and if the target key plaintext cannot be acquired, the target ciphertext key is acquired from the target database based on the key index value. At this time, the target ciphertext key is still in an encrypted state and needs to be decrypted to obtain a target ciphertext plaintext; then, a decryption algorithm corresponding to the data encryption algorithm is obtained, for example, the decryption algorithm may be an RSA algorithm, an elliptic curve cryptography algorithm, a secret key exchange algorithm Diffe Hellman, or the like; and then, based on the target key plaintext and the decryption algorithm, decrypting the target ciphertext data from the target database to obtain decrypted ciphertext data.
In this embodiment, when a target ciphertext data decryption command is received, the corresponding target ciphertext key and the target key plaintext are obtained, and the target ciphertext data is decrypted by combining the corresponding decryption algorithm to obtain decrypted ciphertext data, so that decryption of the data is realized, and the data decryption efficiency is improved.
It is emphasized that, in order to further ensure the privacy and security of the ciphertext data, the ciphertext data may also be stored in a node of a blockchain.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the computer program is executed. The storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disk, a Read-Only Memory (ROM), or a Random Access Memory (RAM).
Referring to fig. 8, as an implementation of the method shown in fig. 1, the present application provides an embodiment of an apparatus for encrypting and decrypting sensitive data, where the embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 1, and the apparatus may be applied to various electronic devices.
As shown in fig. 8, the encryption and decryption apparatus for sensitive data of the present embodiment includes: a field to be encrypted obtaining module 61, a target key generating module 62, a ciphertext data storage module 63, a key ciphertext generating module 64, and a ciphertext data decryption module 65, wherein:
the field to be encrypted acquiring module 61 is used for acquiring a field to be encrypted and comparing the field to be encrypted with a preset sensitive field to acquire a sensitive field encryption level corresponding to the field to be encrypted;
a target key generation module 62, configured to obtain a corresponding relationship between the sensitive field level and the key index queue, and obtain, based on the corresponding relationship, a key corresponding to the field to be encrypted from the local cache, where the key is used as a target key;
the ciphertext data storage module 63 is configured to obtain identification information of a field to be encrypted, encrypt the field to be encrypted based on a preset ciphertext identification prefix and the identification information to obtain ciphertext data, and store the ciphertext data in a target database;
a key ciphertext generating module 64, configured to encrypt the target key by using a preset encryption algorithm to obtain a key ciphertext, store the key ciphertext and the target key index in a target database, and store the target key in a local cache;
the ciphertext data decryption module 65 is configured to, if a target ciphertext data decryption command is received, obtain a target key ciphertext corresponding to the target ciphertext data, and decrypt the target ciphertext data based on the target key ciphertext to obtain decrypted target ciphertext data.
Further, before the field to be encrypted obtaining module 61, the method further includes:
the corresponding relation storage module is used for storing the preset sensitive field encryption level, the corresponding relation between the key and the key index queue and the corresponding relation between the sensitive field level and the key index queue in a target database;
a synchronization cycle acquisition module, configured to acquire an update cycle of the local cache key as a synchronization cycle;
and the updating period creating module is used for taking the synchronous period as the updating period of the key.
Further, the target key generation module 62 includes:
the corresponding relation obtaining unit is used for obtaining the corresponding relation between the sensitive field level and the key index queue based on the sensitive field encryption level;
the key index queue obtaining unit is used for obtaining a key index queue corresponding to the encryption level of the sensitive field from the local database according to the corresponding relation between the level of the sensitive field and the key index queue;
a latest key index obtaining unit, configured to obtain a latest key index from the key index queue;
and the target key confirmation unit is used for acquiring the corresponding key from the local cache by using the latest key index as the target key.
Further, the ciphertext data storage module 63 includes:
the device comprises an identification information acquisition unit, a field encryption unit and a field encryption unit, wherein the identification information acquisition unit is used for acquiring identification information of a field to be encrypted, and the identification information comprises a service identifier, an algorithm identifier and a number;
the target key index construction unit is used for combining the service identifier, the algorithm identifier and the number according to a preset combination mode to obtain a target key index corresponding to the target key;
and the ciphertext data generation unit is used for acquiring a preset ciphertext tag prefix, encrypting the field to be encrypted based on the preset ciphertext tag prefix and the target key index to obtain ciphertext data, and storing the ciphertext data in the target database.
Further, after the ciphertext data storage module 63, the method further includes:
the conditional key acquisition module is used for acquiring a conditional key corresponding to the sensitive field if the sensitive field is detected to exist in a conditional statement of the database operation;
the conditional key data acquisition module is used for encrypting the sensitive field based on the conditional key and a preset ciphertext marker prefix to obtain conditional ciphertext data;
and the target ciphertext data acquisition module is used for splicing the conditional ciphertext data according to the conditional statements to obtain the target conditional ciphertext data.
Further, after the key ciphertext generating module 64, the method further includes:
the database configuration module is used for executing a preset configuration neglect encryption command and configuring the database to obtain a neglect encryption database;
the storage field judging module is used for judging whether the storage field needs to be stored in the negligible encryption database when the storage field is obtained;
and the warehousing field storage module is used for storing the warehousing field in the negligible encryption database if the warehousing field needs to be stored in the negligible encryption database.
Further, the ciphertext data decryption module 65 includes:
the target ciphertext data decryption command acquiring unit is used for analyzing the target ciphertext data decryption command to acquire a key index value corresponding to the sensitive field if the target ciphertext data decryption command is received;
the target key plaintext judgment unit is used for judging whether the target key plaintext corresponding to the target ciphertext data can be acquired from the local cache or not based on the key index value;
the target key plaintext acquisition unit is used for acquiring a target cipher text key from a target database based on the key index value if the target key plaintext corresponding to the target cipher text data cannot be acquired from the local cache;
the target key plaintext decryption unit is used for decrypting the ciphertext key in a preset decryption mode to obtain a target key plaintext;
and the ciphertext data decryption unit is used for decrypting the target ciphertext data from the target database based on the target key plaintext to obtain decrypted ciphertext data.
It is emphasized that, in order to further ensure the privacy and security of the ciphertext data, the ciphertext data may also be stored in a node of a blockchain.
In order to solve the technical problem, an embodiment of the present application further provides a computer device. Referring to fig. 9, fig. 9 is a block diagram of a basic structure of a computer device according to the present embodiment.
The computer device 7 comprises a memory 71, a processor 72, a network interface 73, communicatively connected to each other by a system bus. It is noted that only a computer device 7 having three components memory 71, processor 72, network interface 73 is shown, but it is understood that not all of the shown components are required to be implemented, and that more or fewer components may be implemented instead. As will be understood by those skilled in the art, the computer device is a device capable of automatically performing numerical calculation and/or information processing according to a preset or stored instruction, and the hardware includes, but is not limited to, a microprocessor, an Application Specific Integrated Circuit (ASIC), a Programmable Gate Array (FPGA), a Digital Signal Processor (DSP), an embedded device, and the like.
The computer device may be a desktop computer, a notebook, a palm computer, a cloud server, or other computing devices. The computer equipment can carry out man-machine interaction with a user through a keyboard, a mouse, a remote controller, a touch panel or voice control equipment and the like.
The memory 71 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, etc. In some embodiments, the storage 71 may be an internal storage unit of the computer device 7, such as a hard disk or a memory of the computer device 7. In other embodiments, the memory 71 may also be an external storage device of the computer device 7, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like provided on the computer device 7. Of course, the memory 71 may also comprise both an internal storage unit of the computer device 7 and an external storage device thereof. In this embodiment, the memory 71 is generally used for storing an operating system installed in the computer device 7 and various types of application software, such as program codes of encryption and decryption methods for sensitive data. Further, the memory 71 may also be used to temporarily store various types of data that have been output or are to be output.
Processor 72 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 72 is typically used to control the overall operation of the computer device 7. In this embodiment, the processor 72 is configured to execute the program code stored in the memory 71 or process data, for example, execute the program code of the encryption and decryption method for sensitive data, so as to implement various embodiments of the encryption and decryption method for sensitive data.
The network interface 73 may comprise a wireless network interface or a wired network interface, and the network interface 73 is typically used to establish a communication connection between the computer device 7 and other electronic devices.
The present application further provides another embodiment, which is to provide a computer-readable storage medium, which stores a computer program, where the computer program is executable by at least one processor to cause the at least one processor to execute the steps of the encryption and decryption method for sensitive data as described above.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method of the embodiments of the present application.
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
It is to be understood that the above-described embodiments are merely illustrative of some, but not restrictive, of the broad invention, and that the appended drawings illustrate preferred embodiments of the invention and do not limit the scope of the invention. This application is capable of embodiments in many different forms and is provided for the purpose of enabling a thorough understanding of the disclosure of the application. Although the present application has been described in detail with reference to the foregoing embodiments, it will be apparent to one skilled in the art that the present application may be practiced without modification or with equivalents of some of the features described in the foregoing embodiments. All equivalent structures made by using the contents of the specification and the drawings of the present application are directly or indirectly applied to other related technical fields and are within the protection scope of the present application.

Claims (10)

1.一种敏感数据的加解密方法,其特征在于,包括:1. a kind of encryption and decryption method of sensitive data, is characterized in that, comprises: 获取待加密字段,并将所述待加密字段与预设敏感字段进行对比,以获取所述待加密字段对应的敏感字段加密级别;Obtain the field to be encrypted, and compare the field to be encrypted with a preset sensitive field to obtain the encryption level of the sensitive field corresponding to the field to be encrypted; 获取所述敏感字段级别与密钥索引队列的对应关系,并基于所述对应关系,从本地缓存中获取所述待加密字段对应的密钥,作为目标密钥;Obtain the corresponding relationship between the sensitive field level and the key index queue, and based on the corresponding relationship, obtain the key corresponding to the to-be-encrypted field from the local cache as the target key; 获取所述待加密字段的标识信息,并基于预设的密文标识前缀与所述标识信息对所述待加密字段进行加密,得到密文数据,并将所述密文数据存储于目标数据库中;Obtain the identification information of the field to be encrypted, and encrypt the field to be encrypted based on the preset ciphertext identification prefix and the identification information to obtain ciphertext data, and store the ciphertext data in the target database ; 采用预设的加密算法,对所述目标密钥进行加密处理,得到密钥密文,并将所述密钥密文与所述目标密钥索引存储于所述目标数据库中,以及将所述目标密钥存储于所述本地缓存中;Using a preset encryption algorithm, encrypt the target key to obtain a key ciphertext, store the key ciphertext and the target key index in the target database, and store the key ciphertext and the target key index in the target database. the target key is stored in the local cache; 若接收到目标密文数据解密命令,则获取所述目标密文数据对应的目标密钥密文,并基于所述目标密钥密文对所述目标密文数据进行解密,得到解密后的目标密文数据。If the target ciphertext data decryption command is received, the target key ciphertext corresponding to the target ciphertext data is obtained, and the target ciphertext data is decrypted based on the target key ciphertext to obtain the decrypted target ciphertext data. Encrypted data. 2.根据权利要求1所述的敏感数据的加解密方法,其特征在于,所述获取待加密字段,并将所述待加密字段与预设敏感字段进行对比,以获取所述待加密字段对应的敏感字段加密级别之前,所述方法还包括:2. The encryption and decryption method for sensitive data according to claim 1, wherein the acquisition of the to-be-encrypted field is performed, and the to-be-encrypted field is compared with a preset sensitive field to obtain the corresponding to-be-encrypted field. Before the encryption level of the sensitive field, the method further includes: 将预先配置的敏感字段加密级别、密钥与密钥索引队列的对应关系以及所述敏感字段级别与密钥索引队列对应关系存储于所述目标数据库中;storing the preconfigured sensitive field encryption level, the corresponding relationship between the key and the key index queue, and the corresponding relationship between the sensitive field level and the key index queue in the target database; 获取本地缓存密钥的更新周期,作为同步周期;Obtain the update cycle of the local cache key as the synchronization cycle; 将所述同步周期作为所述密钥的更新周期。The synchronization period is used as the update period of the key. 3.根据权利要求1所述的敏感数据的加解密方法,其特征在于,所述获取所述敏感字段级别与密钥索引队列的对应关系,并基于所述对应关系,从本地缓存中获取所述待加密字段对应的密钥,作为目标密钥,包括:3. the encryption and decryption method of sensitive data according to claim 1, is characterized in that, described obtains the correspondence relation between described sensitive field level and key index queue, and based on described correspondence, obtains all from local cache. The key corresponding to the field to be encrypted is described as the target key, including: 基于所述敏感字段加密级别,获取所述敏感字段级别与密钥索引队列的对应关系;Based on the encryption level of the sensitive field, obtain the corresponding relationship between the level of the sensitive field and the key index queue; 根据所述敏感字段级别与密钥索引队列的对应关系,从本地数据库中获取所述敏感字段加密级别对应的密钥索引队列;According to the corresponding relationship between the sensitive field level and the key index queue, obtain the key index queue corresponding to the encryption level of the sensitive field from the local database; 从所述密钥索引队列中获取最新的密钥索引;Obtain the latest key index from the key index queue; 将所述最新的密钥索引从所述本地缓存中获取对应的密钥,作为所述目标密钥。The latest key index is obtained from the local cache and the corresponding key is used as the target key. 4.根据权利要求1所述的敏感数据的加解密方法,其特征在于,所述获取所述待加密字段的标识信息,并基于预设的密文标识前缀与所述标识信息对所述待加密字段进行加密,得到密文数据,并将所述密文数据存储于目标数据库中,包括:4. The encryption/decryption method for sensitive data according to claim 1, wherein the acquisition of the identification information of the to-be-encrypted field is performed based on a preset ciphertext identification prefix and the identification information to the to-be-encrypted field. The encrypted field is encrypted to obtain ciphertext data, and the ciphertext data is stored in the target database, including: 获取所述待加密字段的标识信息,其中,所述标识信息包括业务标识符、算法标识符以及编号;Obtain the identification information of the to-be-encrypted field, wherein the identification information includes a service identifier, an algorithm identifier, and a serial number; 按照预设的组合方式,将所述业务标识符、所述算法标识符以及所述编号进行组合,得到所述目标密钥对应的目标密钥索引;Combine the service identifier, the algorithm identifier and the serial number according to a preset combination mode to obtain a target key index corresponding to the target key; 获取预设的密文标注符前缀,并基于所述预设的密文标注符前缀和所述目标密钥索引对所述待加密字段进行加密,得到所述密文数据,并将所述密文数据存储于所述目标数据库中。Obtain a preset ciphertext tag prefix, and encrypt the to-be-encrypted field based on the preset ciphertext tag prefix and the target key index to obtain the ciphertext data, and encrypt the ciphertext data. The text data is stored in the target database. 5.根据权利要求1所述的敏感数据的加解密方法,其特征在于,所述获取所述待加密字段的标识信息,并基于预设的密文标识前缀与所述标识信息对所述待加密字段进行加密,得到密文数据,并将所述密文数据存储于目标数据库中之后,所述方法还包括:5. The encryption/decryption method for sensitive data according to claim 1, wherein the acquisition of the identification information of the to-be-encrypted field is performed based on a preset ciphertext identification prefix and the identification information to the to-be-encrypted field. The encrypted field is encrypted to obtain ciphertext data, and after the ciphertext data is stored in the target database, the method further includes: 若检测到所述敏感字段存在于数据库操作的条件语句中,则获取所述敏感字段对应的条件密钥;If it is detected that the sensitive field exists in the conditional statement of the database operation, obtain the condition key corresponding to the sensitive field; 基于所述条件密钥和所述预设的密文标注符前缀对所述敏感字段进行加密,得到条件密文数据;Encrypting the sensitive field based on the condition key and the preset ciphertext tag prefix to obtain conditional ciphertext data; 将所述条件密文数据按照所述条件语句进行拼接,得到目标条件密文数据。The conditional ciphertext data is spliced according to the conditional statement to obtain target conditional ciphertext data. 6.根据权利要求1所述的敏感数据的加解密方法,其特征在于,所述采用预设的加密算法,对所述目标密钥进行加密处理,得到密钥密文,并将所述密钥密文与所述目标密钥索引存储于所述目标数据库中,以及将所述目标密钥存储于所述本地缓存中之后,所述方法还包括:6. The encryption/decryption method of sensitive data according to claim 1, wherein the said target key is encrypted by using a preset encryption algorithm to obtain a key ciphertext, and the encrypted The key ciphertext and the target key index are stored in the target database, and after the target key is stored in the local cache, the method further includes: 执行预置的配置忽略加密命令,对数据库进行配置,得到可忽略加密数据库;Execute the preset configuration ignore encryption command, configure the database, and get the ignorable encryption database; 在获取到入库字段时,判断所述入库字段是否需要存储于所述可忽略加密数据库中;When the inbound field is acquired, determine whether the inbound field needs to be stored in the negligible encrypted database; 若所述入库字段需要存储于所述可忽略加密数据库中,则将所述入库字段存储于所述可忽略加密数据库中。If the inbound field needs to be stored in the negligible encryption database, the inbound field is stored in the negligible encryption database. 7.根据权利要求1至6任一项所述的敏感数据的加解密方法,其特征在于,所述若接收到目标密文数据解密命令,则获取所述目标密文数据对应的目标密钥密文,并基于所述目标密钥密文对所述目标密文数据进行解密,得到解密后的目标密文数据,包括:7. The encryption/decryption method of sensitive data according to any one of claims 1 to 6, wherein, if the target ciphertext data decryption command is received, the target key corresponding to the target ciphertext data is obtained ciphertext, and decrypt the target ciphertext data based on the target key ciphertext to obtain the decrypted target ciphertext data, including: 若接收到目标密文数据解密命令,则解析所述目标密文数据解密命令,以获取敏感字段对应的密钥索引值;If receiving the target ciphertext data decryption command, then parse the target ciphertext data decryption command to obtain the key index value corresponding to the sensitive field; 基于所述密钥索引值,判断能否从所述本地缓存中获取所述目标密文数据对应的目标密钥明文;Based on the key index value, determine whether the target key plaintext corresponding to the target ciphertext data can be obtained from the local cache; 若未能从所述本地缓存中获取所述目标密文数据对应的目标密钥明文,则基于所述密钥索引值从所述目标数据库中获取目标密文密钥;If the target key plaintext corresponding to the target ciphertext data cannot be obtained from the local cache, then the target ciphertext key is obtained from the target database based on the key index value; 通过预设的解密方式,对所述密文密钥进行解密,以获取所述目标密钥明文;Decrypt the ciphertext key by a preset decryption method to obtain the plaintext of the target key; 基于所述目标密钥明文,从所述目标数据库中对所述目标密文数据进行解密,得到解密后的密文数据。Based on the plaintext of the target key, decrypt the target ciphertext data from the target database to obtain decrypted ciphertext data. 8.一种敏感数据的加解密装置,其特征在于,包括:8. A device for encrypting and decrypting sensitive data, comprising: 待加密字段获取模块,用于获取待加密字段,并将所述待加密字段与预设敏感字段进行对比,以获取所述待加密字段对应的敏感字段加密级别;A to-be-encrypted field acquisition module, configured to acquire a to-be-encrypted field, and compare the to-be-encrypted field with a preset sensitive field to acquire a sensitive field encryption level corresponding to the to-be-encrypted field; 目标密钥生成模块,用于获取所述敏感字段级别与密钥索引队列的对应关系,并基于所述对应关系,从本地缓存中获取所述待加密字段对应的密钥,作为目标密钥;A target key generation module, configured to obtain the corresponding relationship between the sensitive field level and the key index queue, and based on the corresponding relationship, obtain the key corresponding to the to-be-encrypted field from the local cache as a target key; 密文数据存储模块,用于获取所述待加密字段的标识信息,并基于预设的密文标识前缀与所述标识信息对所述待加密字段进行加密,得到密文数据,并将所述密文数据存储于目标数据库中;The ciphertext data storage module is used to obtain the identification information of the to-be-encrypted field, and encrypt the to-be-encrypted field based on the preset ciphertext identification prefix and the identification information to obtain ciphertext data, and store the The ciphertext data is stored in the target database; 密钥密文生成模块,用于采用预设的加密算法,对所述目标密钥进行加密处理,得到密钥密文,并将所述密钥密文与所述目标密钥索引存储于所述目标数据库中,以及将所述目标密钥存储于所述本地缓存中;A key ciphertext generation module is used to encrypt the target key by using a preset encryption algorithm to obtain a key ciphertext, and store the key ciphertext and the target key index in the in the target database, and store the target key in the local cache; 密文数据解密模块,用于若接收到目标密文数据解密命令,则获取所述目标密文数据对应的目标密钥密文,并基于所述目标密钥密文对所述目标密文数据进行解密,得到解密后的目标密文数据。The ciphertext data decryption module is configured to obtain a target key ciphertext corresponding to the target ciphertext data if a target ciphertext data decryption command is received, and perform a decryption on the target ciphertext data based on the target key ciphertext Decryption is performed to obtain the decrypted target ciphertext data. 9.一种计算机设备,其特征在于,包括存储器和处理器,所述存储器中存储有计算机程序,所述处理器执行所述计算机程序时实现如权利要求1至7中任一项所述的敏感数据的加解密方法。9. A computer device, characterized in that it comprises a memory and a processor, wherein a computer program is stored in the memory, and the processor implements the computer program according to any one of claims 1 to 7 when the processor executes the computer program. Encryption and decryption methods for sensitive data. 10.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如权利要求1至7中任一项所述的敏感数据的加解密方法。10. A computer-readable storage medium, wherein a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program according to any one of claims 1 to 7 is implemented. Encryption and decryption methods for sensitive data.
CN202111559131.XA 2021-12-20 2021-12-20 Encryption and decryption method, device, computer equipment and storage medium for sensitive data Pending CN114218592A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111559131.XA CN114218592A (en) 2021-12-20 2021-12-20 Encryption and decryption method, device, computer equipment and storage medium for sensitive data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111559131.XA CN114218592A (en) 2021-12-20 2021-12-20 Encryption and decryption method, device, computer equipment and storage medium for sensitive data

Publications (1)

Publication Number Publication Date
CN114218592A true CN114218592A (en) 2022-03-22

Family

ID=80704098

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111559131.XA Pending CN114218592A (en) 2021-12-20 2021-12-20 Encryption and decryption method, device, computer equipment and storage medium for sensitive data

Country Status (1)

Country Link
CN (1) CN114218592A (en)

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114862860A (en) * 2022-07-11 2022-08-05 成都秦川物联网科技股份有限公司 Industrial Internet of things based on platform linkage and control method
CN114884697A (en) * 2022-04-12 2022-08-09 平安国际智慧城市科技股份有限公司 Data encryption and decryption method based on state cryptographic algorithm and related equipment
CN114915455A (en) * 2022-04-24 2022-08-16 华控清交信息科技(北京)有限公司 Ciphertext data transmission method and device for ciphertext data transmission
CN114978509A (en) * 2022-06-02 2022-08-30 深圳云创数安科技有限公司 Data security encryption and decryption method, device, equipment and computer readable medium
CN115225258A (en) * 2022-09-19 2022-10-21 中电科新型智慧城市研究院有限公司 A security management method and system for cross-domain trusted data based on blockchain
CN115333834A (en) * 2022-08-12 2022-11-11 中国平安财产保险股份有限公司 Encryption and decryption method, encryption and decryption device, equipment and storage medium
CN115442090A (en) * 2022-08-22 2022-12-06 中国银联股份有限公司 Sensitive information acquisition method and device applied to script
CN115758403A (en) * 2022-11-09 2023-03-07 上海哔哩哔哩科技有限公司 Data encryption and decryption method and device, storage medium and electronic equipment
CN115811393A (en) * 2022-11-09 2023-03-17 平安壹钱包电子商务有限公司 Data decryption method and device
CN115842818A (en) * 2022-11-08 2023-03-24 平安壹钱包电子商务有限公司 Big data transmission method and device, computer equipment and storage medium
CN115982735A (en) * 2022-12-12 2023-04-18 东信和平科技股份有限公司 Method, device and storage medium for automatically processing production data
CN116074826A (en) * 2023-03-07 2023-05-05 深圳市好盈科技股份有限公司 Communication data encryption and decryption method and device applied to electric scooter
CN116112228A (en) * 2022-12-28 2023-05-12 北京明朝万达科技股份有限公司 HTTPS data packet sending method and device, electronic equipment and readable medium
CN116132079A (en) * 2022-08-09 2023-05-16 马上消费金融股份有限公司 Data processing method and device
CN116132979A (en) * 2022-12-29 2023-05-16 北京万集科技股份有限公司 Data transmission method and system in Internet of vehicles, storage medium and electronic device
CN116232574A (en) * 2022-12-31 2023-06-06 深圳大普微电子科技有限公司 Data stream key generation method, encryption device, and storage medium
CN116232593A (en) * 2023-05-05 2023-06-06 杭州海康威视数字技术股份有限公司 Multi-password module sensitive data classification and protection method, equipment and system
CN116257862A (en) * 2022-12-21 2023-06-13 上海云砺信息科技有限公司 Data storage system based on data hierarchical classification and database transparent encryption and decryption method
CN116455572A (en) * 2023-06-16 2023-07-18 北京华安天成智能技术有限公司 Data encryption method, device and equipment
CN117390657A (en) * 2023-12-12 2024-01-12 深圳竹云科技股份有限公司 Data encryption methods, devices, computer equipment and storage media
CN117857032A (en) * 2024-01-09 2024-04-09 南方电网科学研究院有限责任公司 Data encryption method for virtual power plant terminal equipment
CN118643522A (en) * 2024-08-15 2024-09-13 深圳市智慧城市科技发展集团有限公司 Sensitive data management method, device and computer readable storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110427779A (en) * 2019-08-13 2019-11-08 威富通科技有限公司 A kind of the Encrypt and Decrypt method and data server of database table field
CN111143870A (en) * 2019-12-30 2020-05-12 兴唐通信科技有限公司 Distributed encryption storage device, system and encryption and decryption method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110427779A (en) * 2019-08-13 2019-11-08 威富通科技有限公司 A kind of the Encrypt and Decrypt method and data server of database table field
CN111143870A (en) * 2019-12-30 2020-05-12 兴唐通信科技有限公司 Distributed encryption storage device, system and encryption and decryption method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
国家密码管理局: "《GM/T 0053—2016 密码设备管理 远程监控与合规性检验接口数据规范》", 23 December 2016, pages: 1 - 24 *

Cited By (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114884697B (en) * 2022-04-12 2023-12-26 平安国际智慧城市科技股份有限公司 Data encryption and decryption method and related equipment based on cryptographic algorithm
CN114884697A (en) * 2022-04-12 2022-08-09 平安国际智慧城市科技股份有限公司 Data encryption and decryption method based on state cryptographic algorithm and related equipment
CN114915455A (en) * 2022-04-24 2022-08-16 华控清交信息科技(北京)有限公司 Ciphertext data transmission method and device for ciphertext data transmission
CN114978509A (en) * 2022-06-02 2022-08-30 深圳云创数安科技有限公司 Data security encryption and decryption method, device, equipment and computer readable medium
CN114862860B (en) * 2022-07-11 2022-10-11 成都秦川物联网科技股份有限公司 Industrial Internet of things based on platform linkage and control method
US11842527B1 (en) 2022-07-11 2023-12-12 Chengdu Qinchuan Iot Technology Co., Ltd. Industrial internet of things based on platform linkage, control method, and storage medium thereof
CN114862860A (en) * 2022-07-11 2022-08-05 成都秦川物联网科技股份有限公司 Industrial Internet of things based on platform linkage and control method
CN116132079A (en) * 2022-08-09 2023-05-16 马上消费金融股份有限公司 Data processing method and device
CN115333834A (en) * 2022-08-12 2022-11-11 中国平安财产保险股份有限公司 Encryption and decryption method, encryption and decryption device, equipment and storage medium
CN115442090A (en) * 2022-08-22 2022-12-06 中国银联股份有限公司 Sensitive information acquisition method and device applied to script
CN115225258B (en) * 2022-09-19 2023-01-06 中电科新型智慧城市研究院有限公司 A security management method and system for cross-domain trusted data based on blockchain
CN115225258A (en) * 2022-09-19 2022-10-21 中电科新型智慧城市研究院有限公司 A security management method and system for cross-domain trusted data based on blockchain
CN115842818A (en) * 2022-11-08 2023-03-24 平安壹钱包电子商务有限公司 Big data transmission method and device, computer equipment and storage medium
CN115811393A (en) * 2022-11-09 2023-03-17 平安壹钱包电子商务有限公司 Data decryption method and device
CN115758403A (en) * 2022-11-09 2023-03-07 上海哔哩哔哩科技有限公司 Data encryption and decryption method and device, storage medium and electronic equipment
CN115982735A (en) * 2022-12-12 2023-04-18 东信和平科技股份有限公司 Method, device and storage medium for automatically processing production data
CN116257862A (en) * 2022-12-21 2023-06-13 上海云砺信息科技有限公司 Data storage system based on data hierarchical classification and database transparent encryption and decryption method
CN116257862B (en) * 2022-12-21 2023-10-20 上海云砺信息科技有限公司 Data storage system based on data hierarchical classification and database transparent encryption and decryption method
CN116112228A (en) * 2022-12-28 2023-05-12 北京明朝万达科技股份有限公司 HTTPS data packet sending method and device, electronic equipment and readable medium
CN116132979A (en) * 2022-12-29 2023-05-16 北京万集科技股份有限公司 Data transmission method and system in Internet of vehicles, storage medium and electronic device
CN116232574A (en) * 2022-12-31 2023-06-06 深圳大普微电子科技有限公司 Data stream key generation method, encryption device, and storage medium
CN116074826B (en) * 2023-03-07 2023-06-23 深圳市好盈科技股份有限公司 Communication data encryption and decryption method and device applied to electric scooter
CN116074826A (en) * 2023-03-07 2023-05-05 深圳市好盈科技股份有限公司 Communication data encryption and decryption method and device applied to electric scooter
CN116232593A (en) * 2023-05-05 2023-06-06 杭州海康威视数字技术股份有限公司 Multi-password module sensitive data classification and protection method, equipment and system
CN116232593B (en) * 2023-05-05 2023-08-25 杭州海康威视数字技术股份有限公司 Multi-password module sensitive data classification and protection method, equipment and system
CN116455572A (en) * 2023-06-16 2023-07-18 北京华安天成智能技术有限公司 Data encryption method, device and equipment
CN116455572B (en) * 2023-06-16 2023-08-29 北京华安天成智能技术有限公司 Data encryption method, device and equipment
CN117390657A (en) * 2023-12-12 2024-01-12 深圳竹云科技股份有限公司 Data encryption methods, devices, computer equipment and storage media
CN117857032A (en) * 2024-01-09 2024-04-09 南方电网科学研究院有限责任公司 Data encryption method for virtual power plant terminal equipment
CN118643522A (en) * 2024-08-15 2024-09-13 深圳市智慧城市科技发展集团有限公司 Sensitive data management method, device and computer readable storage medium

Similar Documents

Publication Publication Date Title
CN114218592A (en) Encryption and decryption method, device, computer equipment and storage medium for sensitive data
JP6404336B2 (en) Mobile payment device, method and apparatus based on biometric identification technology
KR101712784B1 (en) System and method for key management for issuer security domain using global platform specifications
US8495383B2 (en) Method for the secure storing of program state data in an electronic device
CN110326266B (en) A method and device for data processing
JP2019508763A (en) Local device authentication
CN111401901B (en) Authentication method and device of biological payment device, computer device and storage medium
WO2006109307A2 (en) Method, device, and system of selectively accessing data
US10949537B2 (en) Secure firmware provisioning and device binding mechanism
CN112507365B (en) Data matching method, terminal and storage medium
CN111274611A (en) Data desensitization method, device and computer readable storage medium
JP2017505048A (en) Electronic signature method, system and apparatus
CN113434882A (en) Communication protection method and device of application program, computer equipment and storage medium
CN100596058C (en) Trusted computing platform key authorization data management system and method
CN111628863B (en) Data signature method and device, electronic equipment and storage medium
CN111949996B (en) Method for generating secure private key, encryption method, system, device and medium
CN110266641B (en) Information reading method, system, device, and computer-readable storage medium
CN113366461B (en) Accessing firmware settings using asymmetric cryptography
CN111901304A (en) Registration method and device of mobile security equipment, storage medium and electronic device
CN115600215A (en) System startup method, system information processing method, device, equipment and medium thereof
CN113489723B (en) Data transmission method, system, computer device and storage medium
CN112866987A (en) Networking verification method, equipment and computer readable storage medium
EP4447379A1 (en) Information processing device and information processing system
US11972002B2 (en) Method of logging in to operating system, electronic device and readable storage medium
CN114817957B (en) Encrypted partition access control method, system and computing device based on domain management platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination