CN106570410B - Data encryption method, data decryption method, device and system - Google Patents

Data encryption method, data decryption method, device and system Download PDF

Info

Publication number
CN106570410B
CN106570410B CN201510648132.XA CN201510648132A CN106570410B CN 106570410 B CN106570410 B CN 106570410B CN 201510648132 A CN201510648132 A CN 201510648132A CN 106570410 B CN106570410 B CN 106570410B
Authority
CN
China
Prior art keywords
data
encrypted
algorithm
attribute
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510648132.XA
Other languages
Chinese (zh)
Other versions
CN106570410A (en
Inventor
李�真
赵子轩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201510648132.XA priority Critical patent/CN106570410B/en
Publication of CN106570410A publication Critical patent/CN106570410A/en
Application granted granted Critical
Publication of CN106570410B publication Critical patent/CN106570410B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a data encryption method, a data decryption method, a device and a system; the method comprises the steps of serializing the attribute to be encrypted in original relational data by adopting a serialization algorithm, then encrypting the obtained serialized data by adopting a preset encryption algorithm, and storing the encrypted data as one attribute of the original relational data so as to obtain the encrypted relational data; in addition, the embodiment of the invention also provides a corresponding decryption scheme; the scheme provided by the embodiment of the invention can reduce the operation of the CPU, greatly improve the processing efficiency and the data storage speed.

Description

Data encryption method, data decryption method, device and system
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method, an apparatus, and a system for encrypting and decrypting data.
Background
With the development of internet technology, information on the internet is more and more, and some information related to the privacy of users are not less, and once the information is revealed, the information may cause troubles and risks to the users, so that how to protect the information security becomes more and more important.
In order to prevent the information from being illegally acquired, the stored information is usually stored in an encrypted manner, wherein the information of the user is usually relational data, that is, a record composed of a plurality of attributes is stored in a database. In order to encrypt and store the information, it is usually necessary to encrypt each attribute of a record and store the record in the database, that is, for record a ═ (a1, a2, a 3.., an), an encryption function E is first used to convert the record a ═ into a (E (a1), E (a2), E (a 3., E (an)), and then a' is stored in the database.
In the course of research and practice on the prior art, the inventors of the present invention found that, in the prior art, for encrypting each record, an encryption algorithm needs to be called once for each attribute, so that the encryption algorithm needs to be called repeatedly many times, and the encryption algorithm is usually a computation-intensive operation and needs to consume a large amount of Central Processing Unit (CPU) operations, so that the processing efficiency and the data storage speed are greatly affected.
Disclosure of Invention
The embodiment of the invention provides a data encryption method, a data decryption method, a device and a system, which only need to call an encryption algorithm once, and can improve the processing efficiency and the data storage speed.
The embodiment of the invention provides a data encryption method, which comprises the following steps:
acquiring original relational data needing to be encrypted;
determining the attribute needing to be encrypted in the original relational data;
serializing the attribute to be encrypted by adopting a serialization algorithm to obtain serialized data;
encrypting the serialized data by adopting a preset encryption algorithm to obtain encrypted data;
and storing the encrypted data as an attribute of the original relational data to obtain the encrypted relational data.
Correspondingly, an embodiment of the present invention further provides a data decryption method, including:
acquiring encrypted relational data needing to be decrypted;
determining encrypted data in the encrypted relational data;
decrypting the encrypted data by adopting a preset decryption algorithm to obtain decrypted data;
deserializing the decrypted data by a serialization algorithm to obtain deserialized data;
and storing the deserialized data respectively as attributes of the relational data to obtain the original relational data.
Correspondingly, an embodiment of the present invention further provides a data encryption apparatus, including:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring original relational data needing to be encrypted;
the determining unit is used for determining the attribute needing to be encrypted in the original relational data;
the serialization unit is used for serializing the attribute to be encrypted by adopting a serialization algorithm to obtain serialized data;
the encryption unit is used for encrypting the serialized data by adopting a preset encryption algorithm to obtain encrypted data;
and the storage unit is used for storing the encrypted data as one attribute of the original relational data to obtain the encrypted relational data.
Correspondingly, an embodiment of the present invention further provides a data decryption apparatus, including:
the acquiring unit is used for acquiring the encrypted relational data needing to be decrypted;
a determination unit configured to determine encrypted data in the encrypted relational data;
the decryption unit is used for decrypting the encrypted data by adopting a preset decryption algorithm to obtain decrypted data;
the deserializing unit is used for deserializing the decrypted data by adopting a serialization algorithm to obtain deserialized data;
and the storage unit is used for storing the deserialized data respectively as the attributes of the relational data to obtain the original relational data.
In addition, an embodiment of the present invention further provides a data processing system, including any one of the data encryption apparatuses and any one of the data decryption apparatuses provided in the embodiment of the present invention.
The method comprises the steps of serializing the attribute to be encrypted in original relational data by adopting a serialization algorithm, then encrypting the obtained serialized data by adopting a preset encryption algorithm, and storing the encrypted data as one attribute of the original relational data, so that the encrypted relational data is obtained, and the purpose of encrypting the relational data is achieved; in the scheme, the serialization algorithm can be used for serializing a plurality of attributes of the relational data and then calling the encryption algorithm, so that the encryption algorithm is called only once, and compared with the scheme that the encryption algorithm needs to be called respectively for each attribute of the relational data in the prior art, the calling frequency of the encryption algorithm is greatly reduced, the operation of a CPU (central processing unit) can be reduced, the processing efficiency is greatly improved, and the data storage speed is increased.
Correspondingly, the embodiment of the invention can also decrypt the encrypted data in the encrypted relational data by adopting a preset decryption algorithm, then deserialize the decrypted data by adopting a serialization algorithm, and respectively store the obtained deserialized data as the attributes of the relational data to obtain the original relational data, thereby achieving the purpose of decryption. In the scheme, the decryption algorithm is only needed to be called once to decrypt the encrypted data, and then the serialization algorithm is used for deserializing the decrypted data, so that compared with the prior art that the decryption algorithm needs to be called respectively according to each attribute of the relational data, the calling times of the decryption algorithm are greatly reduced, the operation of a CPU (central processing unit) can be reduced, and the processing efficiency and the data storage speed are greatly improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1a is a schematic diagram of a data processing system according to an embodiment of the present invention;
fig. 1b is a schematic flow chart of a data encryption method according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a method for decrypting data according to an embodiment of the present invention;
fig. 3a is another schematic flow chart of a method for encrypting data according to an embodiment of the present invention;
FIG. 3b is a schematic flow chart of a method for decrypting data according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a data encryption device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a data decryption apparatus according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention provides a data encryption method, a data decryption method, a data encryption device, a data decryption device and a data encryption system.
As shown in fig. 1a, the data processing system may include a data encryption device and a data decryption device, where the data encryption device may use a serialization algorithm to serialize an attribute that needs to be encrypted in original relational data, then use a preset encryption algorithm to encrypt the obtained serialized data, and store the encrypted data as an attribute of the original relational data, so as to obtain encrypted relational data, thereby achieving the purpose of encrypting the relational data. The data decryption device can decrypt the encrypted data in the encrypted relational data by adopting a preset decryption algorithm, then deserialize the decrypted data by adopting a serialization algorithm, and respectively store the obtained deserialized data as the attributes of the relational data to obtain the original relational data, thereby achieving the purpose of decryption.
The data encryption device and the data decryption device are matched with each other, that is, the adopted encryption algorithm and the adopted decryption algorithm are matched with each other, and the adopted serialization algorithm is consistent.
The details will be described below separately.
The first embodiment,
The present embodiment describes the perspective of a data encryption apparatus, which may be specifically integrated in a terminal, a server, or a storage device.
A method of encrypting data, comprising: acquiring original relational data needing to be encrypted; determining the attribute to be encrypted in the original relational data; serializing the attribute to be encrypted by adopting a serialization algorithm to obtain serialized data; encrypting the serialized data by adopting a preset encryption algorithm to obtain encrypted data; and storing the encrypted data as an attribute of the original relational data to obtain the encrypted relational data.
As shown in fig. 1b, the specific flow of the data encryption method may be as follows:
101. original relational data to be encrypted is acquired.
The original relational data refers to relational data before encryption, and the relational data refers to data expressed by a relational mathematical model, which is usually stored in a database by composing a record with a plurality of attributes.
102. The attributes of the original relational data that need to be encrypted are determined.
For example, if the original relational data is a ═ a (a1, a2, a 3.., an), then at this time, the attributes that need to be encrypted may be determined to be a1, a2, a 3.., and an.
Optionally, besides all the attributes may be used as the attributes to be encrypted, a plurality of the attributes may also be selected as the attributes to be encrypted according to a preset policy, and the preset policy may be specifically set according to the requirements of the actual application.
For example, for a certain user information, the attributes may include "name", "age", "position", "location", and "contact address", and at this time, besides all the attributes may be set to be encrypted, only some of the attributes, such as "age", "position", and "contact address", may also be encrypted, and details are not repeated here.
103. And serializing the attribute to be encrypted by adopting a serialization algorithm to obtain serialized data. For example, the following may be specifically mentioned:
(1) and defining a data exchange format file corresponding to the serialization algorithm aiming at the attribute needing to be encrypted.
The data exchange format file defines each data field type and the like to be encrypted, that is, the step "defining a data exchange format file corresponding to the serialization algorithm for the attribute to be encrypted" may specifically be as follows:
determining the field type of the attribute to be encrypted, defining the data exchange format file corresponding to the serialization algorithm according to the field type, and the like.
For example, taking the serialization algorithm as a Protocol Buffer (Protocol Buffer) algorithm as an example, at this time, a source file corresponding to the Protocol Buffer algorithm, such as a ". proto file", may be defined specifically for the attribute that needs to be encrypted.
For example, the field type of the attribute to be encrypted may be determined, and then, a ". proto file" may be defined according to the field type, such as defining a message type in the ". proto file, specifying a field type, assigning an identification number, and specifying field rules, etc.
It should be noted that the serialization algorithm may include any algorithm that can perform overall packing serialization on a plurality of fields, such as a protobuf algorithm, and for convenience of description, in the embodiment of the present invention, the serialization algorithm is specifically described as a protobuf algorithm.
(2) And serializing the attribute to be encrypted according to the data exchange format file to obtain serialized data. For example, the following may be specifically mentioned:
and acquiring a serialization function library corresponding to the serialization algorithm, and serializing the attribute to be encrypted according to the data exchange format file by using the serialization function library to obtain serialized data.
For example, taking the serialization algorithm as a protobuf algorithm as an example, at this time, a serialization function library corresponding to the protobuf algorithm may be obtained specifically, and the serialization function library is used to serialize the attribute to be encrypted according to the source file, such as a proto file, so as to obtain serialization data, such as buf (code converted from any number).
104. And encrypting the serialized data by adopting a preset encryption algorithm to obtain encrypted data.
For example, a preset encryption algorithm may be specifically adopted to convert the serialized data from a plaintext to a password, so as to obtain encrypted data, and so on.
The encryption algorithm may be set according to the requirements of the actual application, and is not described herein again.
105. And storing the encrypted data as one attribute of the original relational data to obtain encrypted relational data, namely storing the encrypted data as a whole.
As can be seen from the above, in the embodiment, the attribute to be encrypted in the original relational data is serialized by using the serialization algorithm, then, the obtained serialized data is encrypted by using the preset encryption algorithm, and the encrypted data is stored as an attribute of the original relational data, so that the encrypted relational data is obtained, and the purpose of encrypting the relational data is achieved; in the scheme, the serialization algorithm can be used for serializing a plurality of attributes of the relational data and then calling the encryption algorithm, so that the encryption algorithm is called only once, and compared with the scheme that the encryption algorithm needs to be called respectively for each attribute of the relational data in the prior art, the calling frequency of the encryption algorithm is greatly reduced, the operation of a CPU (central processing unit) can be reduced, the processing efficiency is greatly improved, and the data storage speed is increased.
Example II,
In this embodiment, description will be made from the perspective of a data decryption apparatus, which may be specifically integrated in a device such as a terminal, a server, or a storage device.
A method of decrypting data, comprising: acquiring encrypted relational data needing to be decrypted; determining encrypted data in the encrypted relational data; decrypting the encrypted data by adopting a preset decryption algorithm to obtain decrypted data; deserializing the decrypted data by a serialization algorithm to obtain deserialized data; and storing the deserialized data respectively as the attributes of the relational data to obtain the original relational data.
As shown in fig. 2, the specific flow of the data decryption method may be as follows:
201. and acquiring the encrypted relational data needing to be decrypted.
The encrypted relational data is obtained by encrypting the original relational data, and a specific encryption method can be referred to in embodiment one, which is not described herein again.
The original relational data refers to relational data before encryption, and the relational data refers to data expressed by a relational mathematical model, which is usually stored in a database by composing a record with a plurality of attributes.
202. Encrypted data in the encrypted relational data is determined.
The encrypted data is serialized data obtained by encrypting according to a preset encryption algorithm, and the serialized data is obtained by serializing the attribute to be encrypted in the original relational data by using the serialization algorithm.
For example, if the encrypted relational data is: and a', where E is an encryption function, and Ea is the encrypted data.
203. And decrypting the encrypted data by adopting a preset decryption algorithm to obtain decrypted data.
For example, a preset decryption algorithm may be specifically adopted to convert a ciphertext of the encrypted data into a plaintext, so as to obtain decrypted data, and the like.
The decryption algorithm should be matched with the encryption algorithm, the specific encryption algorithm can be determined according to the encryption algorithm, and the encryption algorithm can be set according to the requirements of practical application, which is not described herein again.
204. And performing deserialization on the decrypted data by adopting a serialization algorithm to obtain deserialized data. For example, the following may be specifically mentioned:
(1) and acquiring a data exchange format file adopted during encryption.
The data exchange format file is obtained by defining the attribute to be encrypted in the original relational data when encrypting, which can be specifically referred to in the first embodiment, and is not described herein again.
(2) And deserializing the decrypted data according to the data exchange format file to obtain deserialized data. For example, the following may be specifically mentioned:
and acquiring an deserialization function library corresponding to the serialization algorithm, and deserializing the decrypted data according to the data exchange format file by using the deserialization function library to obtain deserialized data.
It should be noted that the serialization algorithm may include any algorithm that can pack and serialize a plurality of fields as a whole, such as a protobuf algorithm, and the serialization algorithm should be consistent with the serialization algorithm used in encryption.
For example, taking the serialization algorithm as the protobuf algorithm, and the data exchange format file as the proto file as an example, at this time, an deserialization function library corresponding to the protobuf algorithm may be obtained, and the deserialization function library is utilized to deserialize the decrypted data according to the proto file, so as to obtain deserialized data.
205. And storing the deserialized data respectively as the attributes of the relational data to obtain the original relational data.
Namely, the deserialized data is restored into each attribute of the relational data, so that the original relational data is obtained.
As can be seen from the above, the embodiment may also decrypt the encrypted data in the encrypted relational data by using a preset decryption algorithm, perform deserialization on the decrypted data by using a serialization algorithm, and store the obtained deserialized data as the attributes of the relational data, respectively, to obtain the original relational data, thereby achieving the purpose of decryption. In the scheme, the decryption algorithm is only needed to be called once to decrypt the encrypted data, and then the serialization algorithm is used for deserializing the decrypted data, so that compared with the prior art that the decryption algorithm needs to be called respectively according to each attribute of the relational data, the calling times of the decryption algorithm are greatly reduced, the operation of a CPU (central processing unit) can be reduced, and the processing efficiency and the data storage speed are greatly improved.
Example III,
The method according to the embodiments one and two will be described in further detail below by way of example.
In this embodiment, the serialization algorithm is specifically described as a protobuf algorithm, which may specifically be as follows:
encryption;
as shown in fig. 3a, a specific flow of a data encryption method may be as follows:
a301, the data encryption device acquires original relational data which needs to be encrypted.
For example, after receiving the encryption request, the original relational data that needs to be encrypted is obtained according to the indication in the encryption request, for example, the original relational data that needs to be encrypted may be obtained from a local or other storage device, and so on.
The original relational data refers to relational data before encryption, and the relational data refers to data expressed by a relational mathematical model, which is usually stored in a database by composing a record with a plurality of attributes.
A302, the data encryption device determines the attribute needing to be encrypted in the original relational data.
For example, if the original relational data is a ═ a (a1, a2, a 3.., an), then at this time, the attributes that need to be encrypted may be determined to be a1, a2, a 3.., and an.
Optionally, besides all the attributes may be used as the attributes to be encrypted, a plurality of the attributes may also be selected as the attributes to be encrypted according to a preset policy, and the preset policy may be specifically set according to the requirements of the actual application.
For example, for a certain user information, the attributes may include "name", "age", "position", "location", and "contact address", and at this time, besides all the attributes may be set to be encrypted, only some of the attributes, such as "age", "position", and "contact address", may also be encrypted, and details are not repeated here.
A303, the data encryption device determines the field type of the attribute to be encrypted, and defines ". proto file" according to the field type.
For example, a message type, a specified field type, an assigned identification number, and specified field rules may be defined in the proto document.
A304, the data encryption device obtains a serialization function library corresponding to the protobuf algorithm.
A305, the data encryption device utilizes the serialization function library to serialize the attribute needing to be encrypted according to the proto file to obtain serialized data, such as buf, wherein the buf can be binary data.
And A306, encrypting the serialized data, such as buf, by the data encryption device by using a preset encryption algorithm to obtain encrypted data, such as enc _ buf.
For example, a preset encryption algorithm may be specifically used to convert the serialized data, such as buf, from plaintext to cipher, to obtain encrypted data, such as enc _ buf, and so on.
The encryption algorithm may be set according to the requirements of the actual application, and is not described herein again.
And A307, the data encryption device stores the encrypted data, such as enc _ buf, as an attribute of the original relational data to obtain the encrypted relational data.
That is, the encrypted data is stored as a whole, for example, it may be stored in a preset database, and so on.
(II) decrypting;
corresponding to the encryption method (a), an embodiment of the present invention further provides a data decryption method, as shown in fig. 3b, the specific process may be as follows:
b301, the data decryption device acquires the encrypted relational data needing to be decrypted.
For example, after receiving the decryption request, the encrypted relational data that needs to be decrypted is obtained according to the indication in the decryption request, for example, the encrypted relational data that needs to be decrypted may be obtained from a local or other storage device, and the like.
The encrypted relational data is obtained by encrypting the original relational data, and the specific encryption method can be referred to in the first embodiment, which is not described herein again.
The original relational data refers to relational data before encryption, and the relational data refers to data expressed by a relational mathematical model, which is usually stored in a database by composing a record with a plurality of attributes.
B302, the data decryption device determines the encrypted data in the encrypted relational data.
The encrypted data is serialized data obtained by encrypting according to a preset encryption algorithm, and the serialized data is obtained by serializing an attribute to be encrypted in the original relational data by using protobuf, which can be specifically referred to in embodiment (a), and is not described herein again.
For example, if the encrypted relational data is: and a', where E is an encryption function, and Ea is the encrypted data.
B303, the data decryption device decrypts the encrypted data by adopting a preset decryption algorithm to obtain decrypted data.
For example, a preset decryption algorithm may be specifically adopted to convert a ciphertext of the encrypted data into a plaintext, so as to obtain decrypted data, and the like.
The decryption algorithm should be matched with the encryption algorithm, the specific encryption algorithm can be determined according to the encryption algorithm, and the encryption algorithm can be set according to the requirements of practical application, which is not described herein again.
B304, the data decryption device obtains the proto file used in the encryption.
And B305, the data decryption device acquires an deserialization function library corresponding to the protobuf algorithm.
B306, the data decryption device performs deserialization on the decrypted data according to the proto file by utilizing the deserialization function library to obtain deserialized data.
And B307, the data decryption device stores the deserialized data as the attributes of the relational data respectively to obtain the original relational data.
Namely, the deserialized data is restored into each attribute of the relational data, so that the original relational data is obtained.
As can be seen from the above, in the embodiment, the protobuf algorithm is adopted to serialize the attribute to be encrypted in the original relational data, then, the preset encryption algorithm is adopted to encrypt the obtained serialized data, and the encrypted data is stored as an attribute of the original relational data, so that the encrypted relational data is obtained, and the purpose of encrypting the relational data is achieved; correspondingly, during decryption, a preset decryption algorithm can be adopted to decrypt encrypted data in the encrypted relational data, then a protobuf algorithm is adopted to deserialize the decrypted data, and the obtained deserialized data are respectively used as attributes of the relational data to be stored to obtain original relational data, so that the purpose of decryption is achieved; in the schemes, the serialization algorithms such as protobuf can be used for serializing a plurality of attributes of the relational data and then calling the encryption algorithm, or the serialization algorithms such as protobuf are used for deserializing the decrypted data after the encrypted data is decrypted by the decryption algorithm, so that the encryption algorithm or the decryption algorithm only needs to be called once, and compared with the scheme in the prior art that the encryption algorithm or the decryption algorithm needs to be called respectively according to each attribute of the relational data, the calling times of the encryption algorithm or the decryption algorithm are greatly reduced, so that the scheme can reduce the operation of a CPU, greatly improve the processing efficiency and the data storage speed.
Example four,
In order to better implement the above method, an embodiment of the present invention further provides a data encryption apparatus, as shown in fig. 4, the data encryption apparatus includes an obtaining unit 401, a determining unit 402, a serializing unit 403, an encrypting unit 404, and a storing unit 405, as follows:
an obtaining unit 401 is configured to obtain original relational data that needs to be encrypted.
The original relational data refers to relational data before encryption, and the relational data refers to data expressed by a relational mathematical model, which is usually stored in a database by composing a record with a plurality of attributes.
A determining unit 402, configured to determine an attribute that needs to be encrypted in the original relational data.
Optionally, besides all the attributes may be used as the attributes to be encrypted, a plurality of the attributes may also be selected as the attributes to be encrypted according to a preset policy, and the preset policy may be specifically set according to the requirements of the actual application.
A serialization unit 403, configured to serialize the attribute that needs to be encrypted by using a serialization algorithm, so as to obtain serialized data.
The encrypting unit 404 is configured to encrypt the serialized data by using a preset encryption algorithm to obtain encrypted data.
For example, the encryption unit 404 may specifically use a preset encryption algorithm to convert the serialized data from a plaintext to a password, obtain encrypted data, and so on.
The encryption algorithm may be set according to the requirements of the actual application, and is not described herein again.
The storage unit 405 is configured to store the encrypted data as an attribute of the original relational data, so as to obtain encrypted relational data.
For example, the serialization unit 403 may include a definition subunit and a processing subunit, as follows:
the definition subunit is configured to define, for the attribute that needs to be encrypted, a data exchange format file corresponding to the serialization algorithm. For example, the following may be specifically mentioned:
(1) defining a subunit;
the defining subunit may be specifically configured to determine a field type of the attribute that needs to be encrypted, and define, according to the field type, a data exchange format file corresponding to the serialization algorithm.
The serialization algorithm may include any algorithm that can pack and serialize a plurality of fields as a whole, such as a protobuf algorithm. Taking the example that the serialization algorithm is specifically a protobuf algorithm, then:
the defining subunit may be specifically configured to define, for the attribute that needs to be encrypted, a source file, such as a proto file, corresponding to the protobuf algorithm.
(2) A processing subunit;
the processing subunit is configured to serialize the attribute to be encrypted according to the data exchange format file to obtain serialized data. For example, the following may be specifically mentioned:
the processing subunit may be specifically configured to obtain a serialization function library corresponding to the serialization algorithm, and serialize, by using the serialization function library, the attribute to be encrypted according to the data exchange format file to obtain serialized data.
For example, taking the serialization algorithm specifically being the protobuf algorithm as an example, then:
the processing subunit may be specifically configured to obtain a serialization function library corresponding to a protobuf algorithm, and serialize, by using the serialization function library, the attribute to be encrypted according to the source file, for example, a proto file, to obtain serialized data, for example, buf.
In a specific implementation, the above units may be implemented as independent entities, or may be combined arbitrarily to be implemented as the same or several entities, and the specific implementation of the above units may refer to the foregoing method embodiments, which are not described herein again.
The data encryption device can be integrated in a terminal, a server or a storage device.
As can be seen from the above, the serialization unit 403 of the data encryption apparatus in this embodiment may use a serialization algorithm to serialize the attribute that needs to be encrypted in the original relational data, then the encryption unit 404 uses a preset encryption algorithm to encrypt the obtained serialized data, and the storage unit 405 stores the encrypted data as an attribute of the original relational data, so as to obtain the encrypted relational data, thereby achieving the purpose of encrypting the relational data; in the scheme, the serialization algorithm can be used for serializing a plurality of attributes of the relational data and then calling the encryption algorithm, so that the encryption algorithm is called only once, and compared with the scheme that the encryption algorithm needs to be called respectively for each attribute of the relational data in the prior art, the calling frequency of the encryption algorithm is greatly reduced, the operation of a CPU (central processing unit) can be reduced, the processing efficiency is greatly improved, and the data storage speed is increased.
Example V,
Correspondingly, an embodiment of the present invention further provides a data decryption apparatus, as shown in fig. 5, the data decryption apparatus includes an obtaining unit 501, a determining unit 502, a decryption unit 503, an deserialization unit 504 and a storage unit 505, as follows:
an obtaining unit 501, configured to obtain the encrypted relational data that needs to be decrypted.
The encrypted relational data is obtained by encrypting the original relational data, and the specific encryption method can be referred to the foregoing embodiment, which is not described herein again.
The original relational data refers to relational data before encryption, and the relational data refers to data expressed by a relational mathematical model, which is usually stored in a database by composing a record with a plurality of attributes.
A determining unit 502, configured to determine encrypted data in the encrypted relational data.
The encrypted data is serialized data obtained by encrypting according to a preset encryption algorithm, and the serialized data is obtained by serializing the attribute to be encrypted in the original relational data by using the serialization algorithm.
The decryption unit 503 is configured to decrypt the encrypted data by using a preset decryption algorithm to obtain decrypted data.
For example, the decryption unit 503 may specifically use a preset decryption algorithm to convert a ciphertext of the encrypted data into a plaintext, so as to obtain decrypted data, and so on.
The decryption algorithm should be matched with the encryption algorithm, the specific encryption algorithm can be determined according to the encryption algorithm, and the encryption algorithm can be set according to the requirements of practical application, which is not described herein again.
The deserializing unit 504 is configured to deserialize the decrypted data by using a serialization algorithm to obtain deserialized data.
The storage unit 505 is configured to store the deserialized data as attributes of the relational data, respectively, to obtain original relational data.
For example, the deserializing unit 504 may include a file acquiring sub-unit and a processing sub-unit, as follows:
and the file acquisition subunit is used for acquiring the data exchange format file adopted during encryption.
The data exchange format file is obtained by defining the attribute to be encrypted in the original relational data when encrypting, which may be referred to the foregoing embodiments specifically, and is not described herein again.
And the processing subunit is used for performing deserialization on the decrypted data according to the data exchange format file to obtain deserialized data. For example, the following may be specifically mentioned:
the processing subunit may be specifically configured to obtain an deserialization function library corresponding to the serialization algorithm, and perform deserialization on the decrypted data according to the data exchange format file by using the deserialization function library to obtain deserialized data.
It should be noted that the serialization algorithm may include any algorithm that can pack and serialize a plurality of fields as a whole, such as a protobuf algorithm, and the serialization algorithm should be consistent with the serialization algorithm used in encryption.
For example, taking the serialization algorithm as the protobuf algorithm, and the data exchange format file as the proto file, then:
the processing subunit may be specifically configured to obtain an deserialization function library corresponding to the protobuf algorithm, and perform deserialization on the decrypted data according to the proto file by using the deserialization function library to obtain deserialized data.
In a specific implementation, the above units may be implemented as independent entities, or may be combined arbitrarily to be implemented as the same or several entities, and the specific implementation of the above units may refer to the foregoing method embodiments, which are not described herein again.
The data decryption apparatus may be integrated in a device such as a terminal, a server, or a storage device.
As can be seen from the above, the embodiment may also decrypt the encrypted data in the encrypted relational data by using a preset decryption algorithm, perform deserialization on the decrypted data by using a serialization algorithm, and store the obtained deserialized data as the attributes of the relational data, respectively, to obtain the original relational data, thereby achieving the purpose of decryption. In the scheme, the decryption algorithm is only needed to be called once to decrypt the encrypted data, and then the serialization algorithm is used for deserializing the decrypted data, so that compared with the prior art that the decryption algorithm needs to be called respectively according to each attribute of the relational data, the calling times of the decryption algorithm are greatly reduced, the operation of a CPU (central processing unit) can be reduced, and the processing efficiency and the data storage speed are greatly improved.
Example six,
In addition, an embodiment of the present invention further provides a data processing system, including any one of the data encryption devices and any one of the data decryption devices provided in the embodiment of the present invention, where the data encryption device may specifically refer to embodiment four, and the data decryption device may specifically refer to embodiment five, for example, as follows:
the data encryption device is used for acquiring original relational data needing to be encrypted; determining the attribute to be encrypted in the original relational data; serializing the attribute to be encrypted by adopting a serialization algorithm to obtain serialized data; encrypting the serialized data by adopting a preset encryption algorithm to obtain encrypted data; and storing the encrypted data as an attribute of the original relational data to obtain the encrypted relational data.
The data decryption device is used for acquiring the encrypted relational data needing to be decrypted; determining encrypted data in the encrypted relational data; decrypting the encrypted data by adopting a preset decryption algorithm to obtain decrypted data; deserializing the decrypted data by a serialization algorithm to obtain deserialized data; and storing the deserialized data respectively as the attributes of the relational data to obtain the original relational data.
The serialization algorithm may include any algorithm that can pack and serialize a plurality of fields as a whole, such as a protobuf algorithm. For example, taking protobuf as an example, then:
the data encryption device is specifically configured to define a source file, such as a proto file, corresponding to the protobuf algorithm for the attribute to be encrypted, then obtain a serialization function library corresponding to the protobuf algorithm, and serialize the attribute to be encrypted according to the proto file by using the serialization function library to obtain serialized data, such as buf.
The data decryption device may be specifically configured to obtain an deserialization function library corresponding to the protobuf algorithm, and perform deserialization on the decrypted data according to the proto file by using the deserialization function library to obtain deserialized data.
The data processing system may also include other devices, such as storage devices and the like, which may be used to store the original relational data as well as the encrypted relational data.
It should be noted that, in the implementation, the data encryption apparatus, the data decryption apparatus and the storage device may be located in the same entity, or may be located in different entities. The entity may specifically be a terminal, a server, or a storage device, and will not be described herein again.
The specific implementation of each device can be referred to the previous embodiment, and is not described herein again.
Since the data processing system may include any data encryption device and data decryption device provided in the embodiment of the present invention, the beneficial effects that can be achieved by any data encryption device and data decryption device provided in the embodiment of the present invention can be achieved.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by associated hardware instructed by a program, which may be stored in a computer-readable storage medium, and the storage medium may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.
The above detailed description is provided for the encryption method, decryption method, device and system of data provided by the embodiment of the present invention, and a specific example is applied in this document to explain the principle and implementation manner of the present invention, and the description of the above embodiment is only used to help understanding the method and core idea of the present invention; meanwhile, for those skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (9)

1. A method for encrypting data, comprising:
acquiring original relational data needing to be encrypted;
determining the attribute needing to be encrypted in the original relational data;
defining a source file corresponding to a protocol buffer protobuf algorithm aiming at the attribute to be encrypted;
acquiring a serialization function library corresponding to a protobuf algorithm, and serializing the attribute to be encrypted according to the source file by using the serialization function library to obtain serialized data;
encrypting the serialized data by adopting a preset encryption algorithm to obtain encrypted data;
and storing the encrypted data as an attribute of the original relational data to obtain the encrypted relational data.
2. The method according to claim 1, characterized in that it comprises:
determining the field type of the attribute needing to be encrypted;
and defining a data exchange format file corresponding to the serialization algorithm according to the field type.
3. A method for decrypting data, comprising:
acquiring encrypted relational data needing to be decrypted;
determining encrypted data in the encrypted relational data;
decrypting the encrypted data by adopting a preset decryption algorithm to obtain decrypted data;
acquiring a data exchange format file adopted during encryption, wherein the data exchange format file is obtained by defining the attribute to be encrypted in the original relational data during encryption;
acquiring an deserialization function library corresponding to the protobuf algorithm, and deserializing the decrypted data according to the source file by using the deserialization function library to obtain deserialized data;
and storing the deserialized data respectively as attributes of the relational data to obtain the original relational data.
4. A data encryption apparatus, comprising:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring original relational data needing to be encrypted;
the determining unit is used for determining the attribute needing to be encrypted in the original relational data;
the serialization unit is used for serializing the attribute to be encrypted by adopting a serialization algorithm to obtain serialized data;
the encryption unit is used for encrypting the serialized data by adopting a preset encryption algorithm to obtain encrypted data;
the storage unit is used for storing the encrypted data as one attribute of the original relational data to obtain encrypted relational data;
the serialization unit comprises a definition subunit and a processing subunit;
the definition subunit is configured to define, for the attribute that needs to be encrypted, a source file corresponding to a protocol buffer protobuf algorithm;
the processing subunit is configured to obtain a serialization function library corresponding to the protobuf algorithm, and serialize the attribute to be encrypted according to the source file by using the serialization function library to obtain serialized data.
5. The data encryption device of claim 4,
the defining subunit is specifically configured to determine a field type of the attribute to be encrypted, and define, according to the field type, a data exchange format file corresponding to the serialization algorithm.
6. A data decryption apparatus, comprising:
the acquiring unit is used for acquiring the encrypted relational data needing to be decrypted;
a determination unit configured to determine encrypted data in the encrypted relational data;
the decryption unit is used for decrypting the encrypted data by adopting a preset decryption algorithm to obtain decrypted data;
the deserializing unit is used for deserializing the decrypted data by adopting a serialization algorithm to obtain deserialized data;
the storage unit is used for storing the deserialized data respectively as attributes of the relational data to obtain original relational data;
the deserializing unit comprises a file acquiring subunit and a processing subunit;
the file acquiring subunit is configured to acquire a data exchange format file used in encryption, where the data exchange format file is obtained by defining an attribute to be encrypted in original relational data during encryption;
the processing subunit is configured to obtain an deserialization function library corresponding to the protobuf algorithm, and perform deserialization on the decrypted data according to the source file by using the deserialization function library to obtain deserialized data.
7. A data processing system comprising a data encryption apparatus as claimed in any one of claims 4 to 5 and a data decryption apparatus as claimed in claim 6.
8. A storage medium having stored therein processor-executable instructions, the instructions being loaded by one or more processors to perform a method of encrypting data according to any one of claims 1 to 2.
9. A storage medium having stored therein processor-executable instructions, the instructions being loaded by one or more processors to perform a method of decrypting data as claimed in claim 3.
CN201510648132.XA 2015-10-09 2015-10-09 Data encryption method, data decryption method, device and system Active CN106570410B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510648132.XA CN106570410B (en) 2015-10-09 2015-10-09 Data encryption method, data decryption method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510648132.XA CN106570410B (en) 2015-10-09 2015-10-09 Data encryption method, data decryption method, device and system

Publications (2)

Publication Number Publication Date
CN106570410A CN106570410A (en) 2017-04-19
CN106570410B true CN106570410B (en) 2020-05-12

Family

ID=58507283

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510648132.XA Active CN106570410B (en) 2015-10-09 2015-10-09 Data encryption method, data decryption method, device and system

Country Status (1)

Country Link
CN (1) CN106570410B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110019553A (en) * 2017-12-21 2019-07-16 北京奇虎科技有限公司 Processing method, device and the computer readable storage medium of Recommendations data

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103413099A (en) * 2013-08-22 2013-11-27 曙光云计算技术有限公司 Data storage method and device and enciphered data accessing method and device
CN103605741A (en) * 2013-11-19 2014-02-26 北京国双科技有限公司 Object encryption storage method, device and system
CN104077335A (en) * 2013-05-07 2014-10-01 腾讯科技(深圳)有限公司 Methods, devices and system for serializing and deserializing structured data
CN104580158A (en) * 2014-12-12 2015-04-29 集时通(福建)信息科技有限公司 Distributed platform file and content distribution method and distributed platform file and content distribution system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104077335A (en) * 2013-05-07 2014-10-01 腾讯科技(深圳)有限公司 Methods, devices and system for serializing and deserializing structured data
CN103413099A (en) * 2013-08-22 2013-11-27 曙光云计算技术有限公司 Data storage method and device and enciphered data accessing method and device
CN103605741A (en) * 2013-11-19 2014-02-26 北京国双科技有限公司 Object encryption storage method, device and system
CN104580158A (en) * 2014-12-12 2015-04-29 集时通(福建)信息科技有限公司 Distributed platform file and content distribution method and distributed platform file and content distribution system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于Protobuf的数据传输协议;聂晓旭等;《基于Protobuf的数据传输协议》;20150815;第113-115页 *

Also Published As

Publication number Publication date
CN106570410A (en) 2017-04-19

Similar Documents

Publication Publication Date Title
CN107038383B (en) Data processing method and device
US8458494B1 (en) Systems and methods for secure third-party data storage
CN106452770B (en) Data encryption method, data decryption method, device and system
US20170163413A1 (en) System and Method for Content Encryption in a Key/Value Store
CN107786331B (en) Data processing method, device, system and computer readable storage medium
CN110266682B (en) Data encryption method and device, mobile terminal and decryption method
CN110661748B (en) Log encryption method, log decryption method and log encryption device
CN109672521B (en) Security storage system and method based on national encryption engine
CN109495252A (en) Data ciphering method, device, computer equipment and storage medium
CN111124616B (en) Virtual machine migration method, processor and electronic equipment
CN110795747A (en) Data encryption storage method, device, equipment and readable storage medium
CN112631772A (en) Cryptographic operation method, processor, device and storage medium
KR101697868B1 (en) Method for encrypting data for sharing or searching the data and apparatus for performing the method
US8751819B1 (en) Systems and methods for encoding data
CN110611568B (en) Dynamic encryption and decryption method, device and equipment based on multiple encryption and decryption algorithms
CN106570410B (en) Data encryption method, data decryption method, device and system
CN108985109A (en) A kind of date storage method and device
CN115757535A (en) Data query method, data storage method and device and electronic equipment
CN113672954A (en) Feature extraction method and device and electronic equipment
CN108701195B (en) Data security protection method and device
CN113839773A (en) LUKS key offline extraction method, terminal equipment and storage medium
CN114329504A (en) Model encryption method and related equipment
CN107302542B (en) Biological feature-based communication method and device
WO2019184741A1 (en) Application program information storing method and apparatus, and application program information processing method and apparatus
CN113591140B (en) Resource data tamper-proof method, system, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant