CN111814166B - Data encryption method and device and electronic equipment - Google Patents
Data encryption method and device and electronic equipment Download PDFInfo
- Publication number
- CN111814166B CN111814166B CN202010660624.1A CN202010660624A CN111814166B CN 111814166 B CN111814166 B CN 111814166B CN 202010660624 A CN202010660624 A CN 202010660624A CN 111814166 B CN111814166 B CN 111814166B
- Authority
- CN
- China
- Prior art keywords
- information
- key
- mapping
- key name
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000013507 mapping Methods 0.000 claims abstract description 205
- 238000012545 processing Methods 0.000 claims description 23
- 238000010586 diagram Methods 0.000 description 10
- 230000003993 interaction Effects 0.000 description 7
- 238000004590 computer program Methods 0.000 description 4
- 238000004422 calculation algorithm Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Power Engineering (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the specification provides a data encryption method, which is characterized in that first information is generated according to a login request of a terminal, key name mapping information of mapping a key name with a virtual key name is encrypted by using the first information, the key name mapping encryption information and a mapping script are provided for the terminal, the terminal obtains key value pair information of data, the key value pair information is not directly stored during storage, virtual key value pair information is generated and stored by using the mapping script on the basis of the first information, the key name mapping encryption information and the key value pair information, and the mapping script is used for assigning values for memory variables on the basis of the first information, the key name mapping encryption information and the virtual key value pair information during subsequent use. Because the stored key value corresponds to the virtual key name of the data in the information, even if the data is leaked, a pirate can only obtain the virtual key name without practical meaning and cannot know the specific meaning of the data, thereby improving the safety.
Description
Technical Field
The present application relates to the field of the internet, and in particular, to a data encryption method, apparatus and electronic device.
Background
In order to improve the security of data, in a scenario where data interaction exists, the prior art often causes a sender of the data to encrypt the data, and sends a decryption rule and the encrypted data to a request side for storage.
However, in a data interaction method, variable information is sent to a requested party by a request direction, the requested party returns data corresponding to the variable information to the requested party in the form of key value pairs, the data is stored on the request side for later use, and for an encryption scheme of the interaction process, the security of the data is improved by encrypting the data corresponding to the variable.
However, although this method can improve the security of data to some extent, there is still room for improvement.
Analysis of the prior art shows that even if data corresponding to variables are encrypted, if the data are leaked, a pirate can still know the meaning of the encrypted data, but does not know specific values, and therefore, the data security still has a certain risk.
The above information disclosed in the background section is only for enhancement of understanding of the background of the disclosure and therefore it may include information that does not form the prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
The embodiment of the specification provides a data encryption method, a data encryption device and electronic equipment, which are used for improving the security of stored data.
The embodiment of the specification provides a data encryption method, which comprises the following steps:
generating first information according to a login request of a terminal;
encrypting the key name mapping information by using the first information to generate key name mapping encryption information, and providing the first information, the key name mapping encryption information and a mapping script for a terminal, wherein the key names of variables in the key name mapping information are mapped with virtual key names;
acquiring key value pair information of data, generating virtual key value pair information based on the first information, key name mapping encryption information and the key value pair information by using the mapping script, and storing the virtual key value pair information;
and utilizing the mapping script to assign information to the memory variable based on the first information, the key name mapping encryption information and the virtual key value.
Optionally, the generating virtual key value pair information based on the first information, key name mapping encryption information and the key value pair information by using the mapping script, and storing the virtual key value pair information includes:
determining a corresponding key value of the key name of the memory variable in the key value pair information;
decrypting the key name mapping encryption information using the first information;
executing the mapping script, and determining virtual key names mapped by the key names of the memory variables in the key name mapping information;
and generating virtual key value pair information according to the virtual key name and the key value of the memory variable.
Optionally, the generating virtual key value pair information according to the virtual key name and the key value of the memory variable further includes:
encrypting the key value of the memory variable by using the first information;
and generating virtual key value pair information according to the virtual key name and the encryption key value of the memory variable.
Optionally, the assigning information to the memory variable based on the first information, the key name mapping encryption information and the virtual key value by using the mapping script includes:
decrypting the key name mapping encryption information using the first information;
executing the mapping script, and determining an encrypted key name mapped by the key name of the memory variable in the key name mapping file;
and assigning the key value corresponding to the encryption key name in the encryption key value pair information to the memory variable.
Optionally, the obtaining key value pair information of the data includes:
and sending a data request to a server, wherein the data request carries the key name of the variable data to be acquired.
Optionally, the generating the first information according to the login request of the terminal includes:
acquiring a login request carrying user information and equipment information sent by a terminal;
and generating authentication information according to the user information and the equipment information.
Optionally, encrypting the key name mapping information by using the first information includes:
the proxy server acquires authentication information generated by the service server;
carrying out hash processing and encryption processing on key names of variables to generate encrypted hash key names, associating the key names with the encrypted hash key names to generate key name mapping information, wherein the virtual key names are the encrypted hash key names;
and encrypting the key name mapping information by using the authentication information.
Optionally, the providing the first information, the key name mapping encryption information and the mapping script includes:
sending a mapping file with first information and key name mapping encryption information to a terminal;
the method further comprises the steps of:
and the terminal locally stores the mapping file, and deletes the virtual key name in the key name mapping file after the first information fails.
The embodiment of the specification also provides a data encryption device, which comprises:
the login request module generates first information according to a login request of the terminal;
the key name encryption module is used for encrypting the key name mapping information by utilizing the first information, generating key name mapping encryption information, and providing the first information, the key name mapping encryption information and a mapping script for a terminal, wherein the key names of variables in the key name mapping information are mapped with virtual key names;
the key value pair module is used for acquiring key value pair information of data, generating virtual key value pair information based on the first information, the key name mapping encryption information and the key value pair information by utilizing the mapping script, and storing the virtual key value pair information;
and the mapping assignment module is used for assigning the information to the memory variable based on the first information, the key name mapping encryption information and the virtual key value by using the mapping script.
Optionally, the generating virtual key value pair information based on the first information, key name mapping encryption information and the key value pair information by using the mapping script, and storing the virtual key value pair information includes:
determining a corresponding key value of the key name of the memory variable in the key value pair information;
decrypting the key name mapping encryption information using the first information;
executing the mapping script, and determining virtual key names mapped by the key names of the memory variables in the key name mapping information;
and generating virtual key value pair information according to the virtual key name and the key value of the memory variable.
Optionally, the key value pair module is further configured to:
encrypting the key value of the memory variable by using the first information;
and generating virtual key value pair information according to the virtual key name and the encryption key value of the memory variable.
Optionally, the assigning information to the memory variable based on the first information, the key name mapping encryption information and the virtual key value by using the mapping script includes:
decrypting the key name mapping encryption information using the first information;
executing the mapping script, and determining an encrypted key name mapped by the key name of the memory variable in the key name mapping file;
and assigning the key value corresponding to the encryption key name in the encryption key value pair information to the memory variable.
Optionally, the obtaining key value pair information of the data includes:
and sending a data request to a server, wherein the data request carries the key name of the variable data to be acquired.
Optionally, the generating the first information according to the login request of the terminal includes:
acquiring a login request carrying user information and equipment information sent by a terminal;
and generating authentication information according to the user information and the equipment information.
Optionally, encrypting the key name mapping information by using the first information includes:
the proxy server acquires authentication information generated by the service server;
carrying out hash processing and encryption processing on key names of variables to generate encrypted hash key names, associating the key names with the encrypted hash key names to generate key name mapping information, wherein the virtual key names are the encrypted hash key names;
and encrypting the key name mapping information by using the authentication information.
Optionally, the providing the first information, the key name mapping encryption information and the mapping script includes:
sending a mapping file with first information and key name mapping encryption information to a terminal;
the key value pair module is further configured to:
and the terminal locally stores the mapping file, and deletes the virtual key name in the key name mapping file after the first information fails.
The embodiment of the specification also provides an electronic device, wherein the electronic device comprises:
a processor; the method comprises the steps of,
a memory storing computer executable instructions that, when executed, cause the processor to perform any of the methods described above.
The present description also provides a computer-readable storage medium storing one or more programs that, when executed by a processor, implement any of the methods described above.
Various technical schemes provided in the embodiments of the present disclosure generate first information according to a login request of a terminal, encrypt key name mapping information mapped by a key name and a virtual key name by using the first information, provide the first information, the key name mapping encryption information and a mapping script for the terminal, obtain key value pair information of data by the terminal, and when the key value pair information is stored, generate and store virtual key value pair information by using the mapping script based on the first information, the key name mapping encryption information and the key value pair information, and when the virtual key value pair information is used later, assign a value to a memory variable by using the mapping script based on the first information, the key name mapping encryption information and the virtual key value pair information. Because the stored key value corresponds to the virtual key name of the data in the information, even if the data is leaked, a pirate can only obtain the virtual key name without practical meaning and cannot know the specific meaning of the data, thereby improving the safety.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:
fig. 1 is a schematic diagram of a data encryption method according to an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of a data encryption device according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure;
fig. 4 is a schematic diagram of a computer readable medium according to an embodiment of the present disclosure.
Detailed Description
Exemplary embodiments of the present application will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments can be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these exemplary embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the application to those skilled in the art. The same reference numerals in the drawings denote the same or similar elements, components or portions, and thus a repetitive description thereof will be omitted.
The features, structures, characteristics or other details described in a particular embodiment do not exclude that may be combined in one or more other embodiments in a suitable manner, without departing from the technical idea of the application.
In the description of specific embodiments, features, structures, characteristics, or other details described in the present application are provided to enable one skilled in the art to fully understand the embodiments. However, it is not excluded that one skilled in the art may practice the present application without one or more of the specific features, structures, characteristics, or other details.
The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The term "and/or" and/or "includes all combinations of any one or more of the associated listed items.
Fig. 1 is a schematic diagram of a data encryption method according to an embodiment of the present disclosure, where the method may include:
s101: and generating first information according to the login request of the terminal.
Wherein the first information may be authentication information, such as an authentication code.
Because the authentication code is the information returned by the server to the terminal for subsequent login verification, only one variable which is executed internally is not exposed, if the authentication information is used as a secret key, the secret key can be hidden, and when a stealer searches the secret key from redundant data, the authentication code is always missed, so that the security can be further improved.
In the embodiment of the present disclosure, the generating the first information according to the login request of the terminal may include:
acquiring a login request carrying user information and equipment information sent by a terminal;
and generating authentication information according to the user information and the equipment information.
In practical application, the service server may generate the first information according to the login request of the terminal.
Specifically, the method may further include:
the terminal sends a login request to a proxy server, and the proxy server requests to acquire authentication information for checking the terminal from a service server;
the service server responds to the request of the proxy server, generates authentication information and returns the authentication information to the proxy server;
the proxy server transmits authentication information to the terminal.
Thus, the terminal can directly log in to perform data interaction by using the authentication information.
The login request can carry a device identifier and a user identifier of the terminal, and can also carry a user password.
The first information may be updated first information generated by the service server when the terminal logs in each time. So that dynamic first information can be formed.
S102: and encrypting the key name mapping information by using the first information to generate key name mapping encryption information, and providing the first information, the key name mapping encryption information and a mapping script for a terminal, wherein the key names of variables in the key name mapping information are mapped with virtual key names.
The mapping script may be a mapping execution rule for mapping under a preset condition.
After the terminal logs in newly, the first information, the key name mapping encryption information and the mapping script can be stored locally in the terminal, so that the processing can be carried out when the interaction of the service data is carried out later.
The service data includes a key name and a key value for representing a variable of the service and a value of the variable.
And encrypting the key name mapping information by using the first information. It may be that the service server encrypts it.
Specifically, the proxy server may acquire the key name mapping information, and encrypt the key name mapping information by using the first information after receiving the first information returned by the service server.
The method may further comprise:
and processing the key name information of each variable in the service to generate an encrypted key name, and generating key name mapping information by using the key name and the virtual key name corresponding to the key name.
Wherein, each variable in the service can be a variable of the data interface.
In particular, the virtual key name may be generated using at least one of a hash process and an encryption algorithm.
In an embodiment of the present disclosure, encrypting the key name mapping information using the first information may include:
the proxy server acquires authentication information generated by the service server;
carrying out hash processing and encryption processing on key names of variables to generate encrypted hash key names, associating the key names with the encrypted hash key names to generate key name mapping information, wherein the virtual key names are the encrypted hash key names;
and encrypting the key name mapping information by using the authentication information.
Of course, encryption can be performed by combining a hexadecimal escape replacement algorithm, specifically, a transcoding mode of converting data into character strings to perform hexadecimal escape on non-ASCII letters or numbers can be adopted, and then the front 9-bit authentication codes are spliced in front of the transcoding for algorithm transcoding compiling.
In an embodiment of the present disclosure, the providing the first information, the key name mapping encryption information, and the mapping script may include:
sending a mapping file with first information and key name mapping encryption information to a terminal;
the method may further comprise:
and the terminal locally stores the mapping file, and deletes the virtual key name in the key name mapping file after the first information fails.
This can avoid the program from repeatedly occupying the cache.
S103: and acquiring key value pair information of the data, generating virtual key value pair information based on the first information, the key name mapping encryption information and the key value pair information by using the mapping script, and storing the virtual key value pair information.
When the terminal performs interaction of service data, the terminal can send a data request carrying a key name and first information to the service server, the service server directly checks the first information, and after the verification is passed, the service data is returned to the terminal by using a data interface corresponding to the key name.
Therefore, in the embodiment of the present specification, the obtaining key pair information of data may include:
and sending a data request to a server, wherein the data request carries the key name of the variable data to be acquired.
By using the mapping script, virtual key value pair information is generated based on the first information, key name mapping encryption information, and the key value pair information, and the virtual key value pair information is stored such that the key value pair stored in the terminal is a key value (key value) pair having virtually no meaning, and thus data cracking is performed using the stored data.
The virtual key value pair information is stored, and the virtual key value pair information can be cached.
Specifically, the generating virtual key value pair information based on the first information, key name mapping encryption information, and key value pair information using the mapping script, and storing the virtual key value pair information may include:
determining a corresponding key value of the key name of the memory variable in the key value pair information;
decrypting the key name mapping encryption information using the first information;
executing the mapping script, and determining virtual key names mapped by the key names of the memory variables in the key name mapping information;
and generating virtual key value pair information according to the virtual key name and the key value of the memory variable.
In addition, in order to further improve the security of data, a key value corresponding to the key name may be encrypted.
In this embodiment of the present disclosure, the generating virtual key pair information according to the virtual key name and the key value of the memory variable may further include:
encrypting the key value of the memory variable by using the first information;
and generating virtual key value pair information according to the virtual key name and the encryption key value of the memory variable.
Thus, when the execution script is generated later, decryption and assignment to the memory variable are performed.
S104: and utilizing the mapping script to assign information to the memory variable based on the first information, the key name mapping encryption information and the virtual key value.
And generating first information according to a login request of the terminal, encrypting key name mapping information mapped by the key name and the virtual key name by using the first information, providing the first information, the key name mapping encryption information and a mapping script for the terminal, acquiring key value pair information of data by the terminal, and generating and storing virtual key value pair information by using the mapping script instead of directly storing the key value pair information when storing the key value pair information, and using the mapping script when using the memory variable based on the first information, the key name mapping encryption information and the virtual key value pair information. Because the stored key value corresponds to the virtual key name of the data in the information, even if the data is leaked, a pirate can only obtain the virtual key name without practical meaning and cannot know the specific meaning of the data, thereby improving the safety.
In an embodiment of the present disclosure, the assigning, by using the mapping script, information to a memory variable based on the first information, key name mapping encryption information, and the virtual key value may include:
decrypting the key name mapping encryption information using the first information;
executing the mapping script, and determining an encrypted key name mapped by the key name of the memory variable in the key name mapping file;
and assigning the key value corresponding to the encryption key name in the encryption key value pair information to the memory variable.
In an application scenario, service data stored in a terminal is data with virtual key names, specific meanings of the service data cannot be known, and corresponding relations between key values and key names with actual meanings can be reflected only in a process of assigning values to memory variables, so that safety is improved.
To facilitate understanding of its effects, we provide an example:
firstly, a client initiates a login request, and a proxy server obtains variable key names required to be used in interaction: bizData generates its corresponding virtual key name: zpD7r954qMTLH generates key name mapping encryption information "bizData" with a key name corresponding to the virtual key name: zpD7r954 qMTLH).
The terminal sends a request of service data to the server, wherein the request carries a key name 'bizData', and the service server returns key value pair information 'bizData' to the terminal: 378". "378" represents the value of the service data requested back.
The terminal pair encrypts 378 to "pg9MqiML".
Determining a virtual key name (ZpD r954 qMTLH) corresponding to the bizData by using a mapping relation in key name mapping encryption information, and generating a virtual key value pair 'ZpD r954 qMTLH' by combining an encrypted key value (pg 9 MqiML): pg9 MqiML.
Wherein the virtual key pair information may be in the form of a map file.
When the execution script needs to be generated, the authentication code is firstly utilized to decrypt the 'pg 9 MqiML' to obtain '378', and the 'ZpD r954 qMTLH' is decrypted and mapped to obtain the real key name 'bizData', so that '378' can be assigned to the variable represented in the memory.
Fig. 2 is a schematic structural diagram of a data encryption device according to an embodiment of the present disclosure, where the device may include:
a login request module 201, which generates first information according to a login request of a terminal;
the key name encryption module 202 encrypts key name mapping information by using the first information, generates key name mapping encryption information, and provides the first information, the key name mapping encryption information and a mapping script for a terminal, wherein a key name of a variable in the key name mapping information is mapped with a virtual key name;
a key value pair module 203 acquires key value pair information of data, generates virtual key value pair information based on the first information, key name mapping encryption information and the key value pair information by using the mapping script, and stores the virtual key value pair information;
and the mapping assignment module 204 assigns information to the memory variable based on the first information, the key name mapping encryption information and the virtual key value by using the mapping script.
In an embodiment of the present disclosure, the generating virtual key pair information based on the first information, key name mapping encryption information, and key pair information by using the mapping script, and storing the virtual key pair information may include:
determining a corresponding key value of the key name of the memory variable in the key value pair information;
decrypting the key name mapping encryption information using the first information;
executing the mapping script, and determining virtual key names mapped by the key names of the memory variables in the key name mapping information;
and generating virtual key value pair information according to the virtual key name and the key value of the memory variable.
In the embodiment of the present specification, the key value pair module may be further configured to:
encrypting the key value of the memory variable by using the first information;
and generating virtual key value pair information according to the virtual key name and the encryption key value of the memory variable.
In an embodiment of the present disclosure, the assigning, by using the mapping script, information to a memory variable based on the first information, key name mapping encryption information, and the virtual key value may include:
decrypting the key name mapping encryption information using the first information;
executing the mapping script, and determining an encrypted key name mapped by the key name of the memory variable in the key name mapping file;
and assigning the key value corresponding to the encryption key name in the encryption key value pair information to the memory variable.
In an embodiment of the present disclosure, the obtaining key pair information of data may include:
and sending a data request to a server, wherein the data request carries the key name of the variable data to be acquired.
In the embodiment of the present disclosure, the generating the first information according to the login request of the terminal may include:
acquiring a login request carrying user information and equipment information sent by a terminal;
and generating authentication information according to the user information and the equipment information.
In an embodiment of the present disclosure, encrypting the key name mapping information using the first information may include:
the proxy server acquires authentication information generated by the service server;
carrying out hash processing and encryption processing on key names of variables to generate encrypted hash key names, associating the key names with the encrypted hash key names to generate key name mapping information, wherein the virtual key names are the encrypted hash key names;
and encrypting the key name mapping information by using the authentication information.
In an embodiment of the present disclosure, the providing the first information, the key name mapping encryption information, and the mapping script may include:
sending a mapping file with first information and key name mapping encryption information to a terminal;
the key pair module may also be used to:
and the terminal locally stores the mapping file, and deletes the virtual key name in the key name mapping file after the first information fails.
The device generates first information according to a login request of a terminal, encrypts key name mapping information mapped by key names and virtual key names by using the first information, provides the first information, the key name mapping encryption information and a mapping script for the terminal, acquires key value pair information of data, does not directly store the key value pair information when storing, generates and stores virtual key value pair information by using the mapping script based on the first information, the key name mapping encryption information and the key value pair information, and assigns a value to a memory variable by using the mapping script based on the first information, the key name mapping encryption information and the virtual key value pair information when being used subsequently. Because the stored key value corresponds to the virtual key name of the data in the information, even if the data is leaked, a pirate can only obtain the virtual key name without practical meaning and cannot know the specific meaning of the data, thereby improving the safety.
Based on the same inventive concept, the embodiments of the present specification also provide an electronic device.
The following describes an embodiment of an electronic device according to the present application, which may be regarded as a specific physical implementation of the above-described embodiment of the method and apparatus according to the present application. Details described in relation to the embodiments of the electronic device of the present application should be considered as additions to the embodiments of the method or apparatus described above; for details not disclosed in the embodiments of the electronic device of the present application, reference may be made to the above-described method or apparatus embodiments.
Fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure. An electronic device 300 according to this embodiment of the present application is described below with reference to fig. 3. The electronic device 300 shown in fig. 3 is merely an example and should not be construed as limiting the functionality and scope of use of embodiments of the present application.
As shown in fig. 3, the electronic device 300 is embodied in the form of a general purpose computing device. Components of electronic device 300 may include, but are not limited to: at least one processing unit 310, at least one memory unit 320, a bus 330 connecting the different system components (including the memory unit 320 and the processing unit 310), a display unit 340, and the like.
Wherein the storage unit stores program code that is executable by the processing unit 310 such that the processing unit 310 performs the steps according to various exemplary embodiments of the application described in the above processing method section of the present specification. For example, the processing unit 310 may perform the steps shown in fig. 1.
The memory unit 320 may include readable media in the form of volatile memory units, such as Random Access Memory (RAM) 3201 and/or cache memory 3202, and may further include Read Only Memory (ROM) 3203.
The storage unit 320 may also include a program/utility 3204 having a set (at least one) of program modules 3205, such program modules 3205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 330 may be one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 300 may also communicate with one or more external devices 400 (e.g., keyboard, pointing device, bluetooth device, etc.), one or more devices that enable a user to interact with the electronic device 300, and/or any device (e.g., router, modem, etc.) that enables the electronic device 300 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 350. Also, electronic device 300 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through network adapter 360. The network adapter 360 may communicate with other modules of the electronic device 300 via the bus 330. It should be appreciated that although not shown in fig. 3, other hardware and/or software modules may be used in connection with electronic device 300, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
From the above description of embodiments, those skilled in the art will readily appreciate that the exemplary embodiments described herein may be implemented in software, or may be implemented in software in combination with necessary hardware. Thus, the technical solution according to the embodiments of the present application may be embodied in the form of a software product, which may be stored in a computer readable storage medium (may be a CD-ROM, a usb disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, or a network device, etc.) to perform the above-mentioned method according to the present application. The computer program, when executed by a data processing device, enables the computer readable medium to carry out the above-described method of the present application, namely: such as the method shown in fig. 1.
Fig. 4 is a schematic diagram of a computer readable medium according to an embodiment of the present disclosure.
A computer program implementing the method shown in fig. 1 may be stored on one or more computer readable media. The computer readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a data signal propagated in baseband or as part of a carrier wave, with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable storage medium may also be any readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
In summary, the application may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that some or all of the functionality of some or all of the components in accordance with embodiments of the present application may be implemented in practice using a general purpose data processing device such as a microprocessor or Digital Signal Processor (DSP). The present application can also be implemented as an apparatus or device program (e.g., a computer program and a computer program product) for performing a portion or all of the methods described herein. Such a program embodying the present application may be stored on a computer readable medium, or may have the form of one or more signals. Such signals may be downloaded from an internet website, provided on a carrier signal, or provided in any other form.
The above-described specific embodiments further describe the objects, technical solutions and advantageous effects of the present application in detail, and it should be understood that the present application is not inherently related to any particular computer, virtual device or electronic apparatus, and various general-purpose devices may also implement the present application. The foregoing description of the embodiments of the application is not intended to be limiting, but rather is intended to cover all modifications, equivalents, alternatives, and improvements that fall within the spirit and scope of the application.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and variations of the present application will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. which come within the spirit and principles of the application are to be included in the scope of the claims of the present application.
Claims (16)
1. A data encryption method, comprising:
generating first information according to a login request of a terminal;
encrypting the key name mapping information by using the first information to generate key name mapping encryption information, and providing the first information, the key name mapping encryption information and a mapping script for a terminal, wherein the key names of variables in the key name mapping information are mapped with virtual key names;
acquiring key value pair information of data, generating virtual key value pair information based on the first information, key name mapping encryption information and the key value pair information by using the mapping script, and storing the virtual key value pair information;
decrypting the key name mapping encryption information using the first information;
executing the mapping script, and determining an encrypted key name mapped by the key name of the memory variable in the key name mapping file;
and assigning the key value corresponding to the encryption key name in the encryption key value pair information to the memory variable.
2. The method of claim 1, wherein the generating virtual key pair information based on the first information, key name mapping encryption information, and key pair information using the mapping script, and storing the virtual key pair information, comprises:
determining a corresponding key value of the key name of the memory variable in the key value pair information;
decrypting the key name mapping encryption information using the first information;
executing the mapping script, and determining virtual key names mapped by the key names of the memory variables in the key name mapping information;
and generating virtual key value pair information according to the virtual key name and the key value of the memory variable.
3. The method of claim 2, wherein generating virtual key pair information from the virtual key name and key value of the memory variable further comprises:
encrypting the key value of the memory variable by using the first information;
and generating virtual key value pair information according to the virtual key name and the encryption key value of the memory variable.
4. The method of claim 1, wherein the obtaining key pair information of the data comprises:
and sending a data request to a server, wherein the data request carries the key name of the variable data to be acquired.
5. The method of claim 1, wherein the generating the first information according to the login request of the terminal comprises:
acquiring a login request carrying user information and equipment information sent by a terminal;
and generating authentication information according to the user information and the equipment information.
6. The method of claim 1, wherein encrypting key name mapping information using the first information comprises:
the proxy server acquires authentication information generated by the service server;
carrying out hash processing and encryption processing on key names of variables to generate encrypted hash key names, associating the key names with the encrypted hash key names to generate key name mapping information, wherein the virtual key names are the encrypted hash key names;
and encrypting the key name mapping information by using the authentication information.
7. The method of claim 1, wherein said providing said first information, said key name mapping encryption information, and a mapping script comprises:
sending a mapping file with first information and key name mapping encryption information to a terminal;
the method further comprises the steps of:
and the terminal locally stores the mapping file, and deletes the virtual key name in the key name mapping file after the first information fails.
8. A data encryption apparatus, comprising:
the login request module generates first information according to a login request of the terminal;
the key name encryption module is used for encrypting the key name mapping information by utilizing the first information, generating key name mapping encryption information, and providing the first information, the key name mapping encryption information and a mapping script for a terminal, wherein the key names of variables in the key name mapping information are mapped with virtual key names;
the key value pair module is used for acquiring key value pair information of data, generating virtual key value pair information based on the first information, the key name mapping encryption information and the key value pair information by utilizing the mapping script, and storing the virtual key value pair information;
the mapping assignment module decrypts the key name mapping encryption information by using the first information; executing the mapping script, and determining an encrypted key name mapped by the key name of the memory variable in the key name mapping file; and assigning the key value corresponding to the encryption key name in the encryption key value pair information to the memory variable.
9. The apparatus of claim 8, wherein the generating virtual key pair information based on the first information, key name mapping encryption information, and the key pair information using the mapping script, and storing the virtual key pair information, comprises:
determining a corresponding key value of the key name of the memory variable in the key value pair information;
decrypting the key name mapping encryption information using the first information;
executing the mapping script, and determining virtual key names mapped by the key names of the memory variables in the key name mapping information;
and generating virtual key value pair information according to the virtual key name and the key value of the memory variable.
10. The apparatus of claim 9, wherein the key-value pair module is further configured to:
encrypting the key value of the memory variable by using the first information;
and generating virtual key value pair information according to the virtual key name and the encryption key value of the memory variable.
11. The apparatus of claim 8, wherein the obtaining key pair information of the data comprises:
and sending a data request to a server, wherein the data request carries the key name of the variable data to be acquired.
12. The apparatus of claim 8, wherein the generating the first information according to the login request of the terminal comprises:
acquiring a login request carrying user information and equipment information sent by a terminal;
and generating authentication information according to the user information and the equipment information.
13. The apparatus of claim 8, wherein encrypting key name mapping information using the first information comprises:
the proxy server acquires authentication information generated by the service server;
carrying out hash processing and encryption processing on key names of variables to generate encrypted hash key names, associating the key names with the encrypted hash key names to generate key name mapping information, wherein the virtual key names are the encrypted hash key names;
and encrypting the key name mapping information by using the authentication information.
14. The apparatus of claim 8, wherein said providing said first information, said key name mapping encryption information, and a mapping script comprises:
sending a mapping file with first information and key name mapping encryption information to a terminal;
the key value pair module is further configured to:
and the terminal locally stores the mapping file, and deletes the virtual key name in the key name mapping file after the first information fails.
15. An electronic device, wherein the electronic device comprises:
a processor; the method comprises the steps of,
a memory storing computer executable instructions that, when executed, cause the processor to perform the method of any of claims 1-7.
16. A computer readable storage medium, wherein the computer readable storage medium stores one or more programs which, when executed by a processor, implement the method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010660624.1A CN111814166B (en) | 2020-07-10 | 2020-07-10 | Data encryption method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010660624.1A CN111814166B (en) | 2020-07-10 | 2020-07-10 | Data encryption method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111814166A CN111814166A (en) | 2020-10-23 |
| CN111814166B true CN111814166B (en) | 2023-09-12 |
Family
ID=72841696
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010660624.1A Active CN111814166B (en) | 2020-07-10 | 2020-07-10 | Data encryption method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111814166B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112749412B (en) * | 2021-01-18 | 2024-01-23 | 中国民航信息网络股份有限公司 | Processing method, system, equipment and storage medium for passenger identity information |
| CN115001799A (en) * | 2022-05-30 | 2022-09-02 | 上海华客信息科技有限公司 | Page interaction method, system, equipment and storage medium based on check-in information |
| CN116684083B (en) * | 2023-06-02 | 2024-05-28 | 西南财经大学 | Inadvertent key value storage method based on two hash functions and one-way step thereof |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102236766A (en) * | 2011-05-10 | 2011-11-09 | 桂林电子科技大学 | Security data item level database encryption system |
| CN103186668A (en) * | 2013-03-11 | 2013-07-03 | 北京京东世纪贸易有限公司 | Method and device for processing data as well as data storage system based on key value data base |
| CN104463040A (en) * | 2014-12-18 | 2015-03-25 | 恒宝股份有限公司 | Secure input method and system for password |
| CN106951797A (en) * | 2016-01-07 | 2017-07-14 | 上海思立微电子科技有限公司 | file locking method, device and terminal |
| CN106997439A (en) * | 2017-04-01 | 2017-08-01 | 北京元心科技有限公司 | TrustZone-based data encryption and decryption method and device and terminal equipment |
| KR20170115470A (en) * | 2017-09-20 | 2017-10-17 | 주식회사 비즈모델라인 | Method for Processing Security Input by using Virtual Key |
| CN107632927A (en) * | 2017-07-28 | 2018-01-26 | 北京北信源软件股份有限公司 | A kind of method for testing pressure and device of the encryption of the analogue data in C/S frameworks |
| CN108880784A (en) * | 2018-05-28 | 2018-11-23 | 江苏众享金联科技有限公司 | User privacy information shared system under a kind of different trust domain of solution based on block chain |
| CN109474838A (en) * | 2018-11-01 | 2019-03-15 | 腾讯科技(深圳)有限公司 | A kind of data processing method, equipment, system and storage medium |
| CN110502602A (en) * | 2019-08-14 | 2019-11-26 | 平安科技(深圳)有限公司 | Date storage method, device, equipment and computer storage medium |
| CN111083108A (en) * | 2019-11-14 | 2020-04-28 | 北京字节跳动网络技术有限公司 | Data processing method, device, medium and electronic equipment |
| CN111935092A (en) * | 2020-07-10 | 2020-11-13 | 上海淇毓信息科技有限公司 | Information interaction method and device based on third-party application and electronic equipment |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9602280B2 (en) * | 2013-03-13 | 2017-03-21 | Futurewei Technologies, Inc. | System and method for content encryption in a key/value store |
| US10068097B2 (en) * | 2015-08-12 | 2018-09-04 | Microsoft Technology Licensing, Llc | Data center privacy |
-
2020
- 2020-07-10 CN CN202010660624.1A patent/CN111814166B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102236766A (en) * | 2011-05-10 | 2011-11-09 | 桂林电子科技大学 | Security data item level database encryption system |
| CN103186668A (en) * | 2013-03-11 | 2013-07-03 | 北京京东世纪贸易有限公司 | Method and device for processing data as well as data storage system based on key value data base |
| CN104463040A (en) * | 2014-12-18 | 2015-03-25 | 恒宝股份有限公司 | Secure input method and system for password |
| CN106951797A (en) * | 2016-01-07 | 2017-07-14 | 上海思立微电子科技有限公司 | file locking method, device and terminal |
| CN106997439A (en) * | 2017-04-01 | 2017-08-01 | 北京元心科技有限公司 | TrustZone-based data encryption and decryption method and device and terminal equipment |
| CN107632927A (en) * | 2017-07-28 | 2018-01-26 | 北京北信源软件股份有限公司 | A kind of method for testing pressure and device of the encryption of the analogue data in C/S frameworks |
| KR20170115470A (en) * | 2017-09-20 | 2017-10-17 | 주식회사 비즈모델라인 | Method for Processing Security Input by using Virtual Key |
| CN108880784A (en) * | 2018-05-28 | 2018-11-23 | 江苏众享金联科技有限公司 | User privacy information shared system under a kind of different trust domain of solution based on block chain |
| CN109474838A (en) * | 2018-11-01 | 2019-03-15 | 腾讯科技(深圳)有限公司 | A kind of data processing method, equipment, system and storage medium |
| CN110502602A (en) * | 2019-08-14 | 2019-11-26 | 平安科技(深圳)有限公司 | Date storage method, device, equipment and computer storage medium |
| CN111083108A (en) * | 2019-11-14 | 2020-04-28 | 北京字节跳动网络技术有限公司 | Data processing method, device, medium and electronic equipment |
| CN111935092A (en) * | 2020-07-10 | 2020-11-13 | 上海淇毓信息科技有限公司 | Information interaction method and device based on third-party application and electronic equipment |
Non-Patent Citations (1)
| Title |
|---|
| 基于保序加密的MongoDB数据加密技术研究与实现;宋志毅等;第十届中国通信学会学术年会论文集;285-291 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111814166A (en) | 2020-10-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11520912B2 (en) | Methods, media, apparatuses and computing devices of user data authorization based on blockchain | |
| CN108540459B (en) | Data storage method, device, system, electronic equipment and computer readable medium | |
| US8694467B2 (en) | Random number based data integrity verification method and system for distributed cloud storage | |
| CN111814166B (en) | Data encryption method and device and electronic equipment | |
| US20140059341A1 (en) | Creating and accessing encrypted web based content in hybrid applications | |
| CN110177099B (en) | Data exchange method, transmitting terminal and medium based on asymmetric encryption technology | |
| CN111200593A (en) | Application login method and device and electronic equipment | |
| CN111538977A (en) | Cloud API key management method, cloud platform access method, cloud API key management device, cloud platform access device and server | |
| CN114207615A (en) | System and method for maintaining an immutable data access log with privacy | |
| CN111865869B (en) | Registration and authentication method and device based on random mapping, medium and electronic equipment | |
| CN112182635A (en) | Method, device, equipment and medium for realizing joint modeling | |
| CN113946863A (en) | Data encryption storage method, system, equipment and storage medium | |
| CN116383867A (en) | Data query method, device, electronic equipment and computer readable medium | |
| CN109711178B (en) | Key value pair storage method, device, equipment and storage medium | |
| CN112016104A (en) | Encryption method, device and system for financial sensitive data | |
| CN113438210B (en) | Data transmission processing method and device and electronic equipment | |
| CN112560003A (en) | User authority management method and device | |
| CN113032833B (en) | User query method and device, storage medium and electronic equipment | |
| CN114329535A (en) | File encryption method and device, electronic equipment and computer readable medium | |
| US10621319B2 (en) | Digital certificate containing multimedia content | |
| CN111831978A (en) | Method and device for protecting configuration file | |
| CN113158247B (en) | User query method and device, storage medium and electronic equipment | |
| CN116383775A (en) | Plug-in development authorization method | |
| CN116132041A (en) | Key processing method and device, storage medium and electronic equipment | |
| CN115987591A (en) | Device access method and device, computer readable storage medium and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |