CN107590396B - Data processing method and device, storage medium and electronic equipment - Google Patents

Data processing method and device, storage medium and electronic equipment Download PDF

Info

Publication number
CN107590396B
CN107590396B CN201710781136.4A CN201710781136A CN107590396B CN 107590396 B CN107590396 B CN 107590396B CN 201710781136 A CN201710781136 A CN 201710781136A CN 107590396 B CN107590396 B CN 107590396B
Authority
CN
China
Prior art keywords
ciphertext
server
key
environment
decryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710781136.4A
Other languages
Chinese (zh)
Other versions
CN107590396A (en
Inventor
程战战
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Taikang Insurance Group Co Ltd
Taikang Online Property Insurance Co Ltd
Original Assignee
Taikang Insurance Group Co Ltd
Taikang Online Property Insurance Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Taikang Insurance Group Co Ltd, Taikang Online Property Insurance Co Ltd filed Critical Taikang Insurance Group Co Ltd
Priority to CN201710781136.4A priority Critical patent/CN107590396B/en
Publication of CN107590396A publication Critical patent/CN107590396A/en
Application granted granted Critical
Publication of CN107590396B publication Critical patent/CN107590396B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The embodiment of the invention relates to a data processing method and a device, which are applied to one or more encryption and decryption servers, and the method comprises the following steps: acquiring data to be encrypted and judging whether the current operating environment is a production environment; when the current operation environment is judged to be the production environment, encrypting the data to be encrypted to obtain a first ciphertext; when the current operating environment is judged to be the test environment, encrypting the data to be encrypted to obtain a second ciphertext; and sending the first ciphertext and the second ciphertext to an application server so that the application server stores the first ciphertext or the second ciphertext into a database. The method can prevent data leakage and improve data security.

Description

Data processing method and device, storage medium and electronic equipment
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a data processing method and a data processing apparatus.
Background
With the continuous development of internet technology, network data resources are more and more valuable. In some internet companies, it is common to store data directly in a database; however, this easily causes data leakage and thus serious loss to the company.
The potential risk points of data leakage are many, and may include, for example: developers, operation and maintenance personnel, DBA (Database Administrator), department executives, peripheral BI (Business Intelligence) system developers, peripheral BI system operation and maintenance personnel, potential system intruders, and the like may obtain data information.
It is to be noted that the information invented in the above background section is only for enhancing the understanding of the background of the present invention, and therefore, may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
An object of embodiments of the present invention is to provide a data processing method and apparatus, a storage medium, and an electronic device, which overcome one or more of the problems due to the limitations and disadvantages of the related art, at least to some extent.
According to an aspect of the embodiments of the present invention, there is provided a data processing method applied to one or more encryption/decryption servers, the data processing method including:
acquiring data to be encrypted and judging whether the current operating environment is a production environment;
when the current operation environment is judged to be the production environment, encrypting the data to be encrypted to obtain a first ciphertext;
when the current operating environment is judged to be the test environment, encrypting the data to be encrypted to obtain a second ciphertext;
and sending the first ciphertext and the second ciphertext to an application server so that the application server stores the first ciphertext or the second ciphertext into a database.
In an exemplary embodiment of the present invention, encrypting the data to be encrypted includes:
and encrypting the data to be encrypted by using an AES symmetric encryption algorithm to form the first ciphertext or the second ciphertext.
In an exemplary embodiment of the invention, the AES symmetric encryption algorithm is stored in the encryption and decryption server.
In an exemplary embodiment of the invention, the AES symmetric encryption algorithm is embedded in the encryption and decryption server in the form of an Ngnix plug-in.
In an exemplary embodiment of the present invention, the AES symmetric encryption algorithm is written in C language.
In an exemplary embodiment of the present invention, the encryption and decryption server further includes an AES symmetric decryption algorithm corresponding to the AES symmetric encryption algorithm.
In an exemplary embodiment of the present invention, the data processing method further includes:
receiving a first key and storing the first key in the encryption and decryption server; and
receiving a calling request comprising a second secret key and calling the AES symmetric decryption algorithm, and judging whether the second secret key is the same as the first secret key or not;
and responding to the calling request when the second key is judged to be the same as the first key.
According to an aspect of the present invention, there is provided a data processing method applied to one or more application servers, the data processing method including:
receiving a first ciphertext or a second ciphertext sent by an encryption and decryption server and storing the first ciphertext or the second ciphertext into a database; and
receiving a key application including a server IP and a decryption purpose and judging whether the current running environment of an initiator of the key application is a production environment or not;
when the current operation environment of the initiator of the key application is judged to be a production environment, a first ciphertext is sent to the initiator of the key application through the server IP;
and when the current running environment of the initiator of the key application is judged to be a test environment, sending a second ciphertext to the initiator of the key application through the server IP.
In an exemplary embodiment of the present invention, before determining whether a current running environment of an initiator of the key application is a production environment, the method further includes:
judging whether the decryption purpose exists in a preset purpose range or not;
and when the decryption purpose is judged to exist in the preset purpose range, sending a key to an initiator of the key application through the server IP so that the server utilizes the key to call an AES symmetric decryption algorithm stored in an encryption and decryption server to decrypt the first ciphertext or the second ciphertext.
According to an aspect of an embodiment of the present invention, there is provided a data processing method including:
receiving a key and judging whether the current operation environment is a production environment;
when the current environment is judged to be the production environment, sending a calling request comprising the secret key and calling an AES symmetric decryption algorithm to an encryption and decryption server;
and when it is monitored that the encryption and decryption server responds to the calling request, downloading a calling interface and calling a decryption algorithm stored in the encryption and decryption server through the calling interface to decrypt a first ciphertext sent by an application server.
In an exemplary embodiment of the present invention, the call interface is implemented in a form of a JAR package.
According to an aspect of the embodiments of the present invention, there is provided a data processing apparatus applied to one or more encryption/decryption servers, the data processing apparatus including:
the operation environment judgment module is used for acquiring data to be encrypted and judging whether the current operation environment is a production environment;
the first encryption module is used for encrypting the data to be encrypted to obtain a first ciphertext when the current operation environment is judged to be the production environment;
the second encryption module is used for encrypting the data to be encrypted to obtain a second ciphertext when the current operation environment is judged to be the test environment;
and the ciphertext sending module is used for sending the first ciphertext and the second ciphertext to an application server so that the application server stores the first ciphertext or the second ciphertext into a database.
According to an aspect of the embodiments of the present invention, there is provided a data processing apparatus, applied to one or more application servers, including:
the storage module is used for receiving a first ciphertext or a second ciphertext sent by an encryption and decryption server and storing the first ciphertext or the second ciphertext into a database;
the system comprises a production environment judging module, a key application processing module and a key application processing module, wherein the production environment judging module is used for receiving a key application comprising a server IP and a decryption purpose and judging whether the current running environment of an initiator of the key application is a production environment;
the first sending module is used for sending a first ciphertext to the initiator of the key application through the server IP when the current operating environment of the initiator of the key application is judged to be a production environment;
and the second sending module is used for sending a second ciphertext to the initiator of the key application through the server IP when the current operating environment of the initiator of the key application is judged to be a test environment.
According to an aspect of an embodiment of the present invention, there is provided a data processing apparatus including:
the receiving module is used for receiving a secret key and judging whether the current operating environment is a production environment;
the request sending module is used for sending a calling request comprising the secret key and calling an AES symmetric decryption algorithm to the encryption and decryption server when the current environment is judged to be the production environment;
and the decryption module is used for downloading a calling interface and calling a decryption algorithm stored in the encryption and decryption server through the calling interface to decrypt the first ciphertext sent by the application server after monitoring that the encryption and decryption server responds to the calling request.
According to an aspect of an embodiment of the present invention, there is provided a computer-readable storage medium, wherein the computer program is configured to implement the data processing method according to any one of the above when executed by a processor.
According to an aspect of an embodiment of the present invention, there is provided an electronic apparatus including:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform any of the data processing methods described above via execution of the executable instructions.
The invention relates to a data processing method and a data processing device, which are characterized in that data to be encrypted is obtained and a current operating environment is judged to encrypt the data to be encrypted; when the current operation environment is judged to be the production environment, encrypting data to be encrypted into a first ciphertext; when the current operating environment is judged to be the test environment, encrypting the data to be encrypted into a second ciphertext; then storing the first ciphertext and the second ciphertext into a database; on one hand, the data to be encrypted is encrypted and then stored in the database, so that the safety of the data is improved compared with the situation that the data is directly stored in the database; on the other hand, the data to be encrypted is encrypted into different ciphertexts under different operating environments, so that the data leakage in the test process is prevented, the data security is further improved, and the economic loss caused by the data leakage is reduced; on the other hand, the ciphertext is stored in the database in the application server, so that the pressure of the Nginx server is reduced, and the data encryption speed is increased.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention. It is obvious that the drawings in the following description are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
Fig. 1 schematically shows a flow chart of a data processing method.
Fig. 2 schematically shows an example of an S-box.
Fig. 3 schematically shows an example of a row shifting process.
Fig. 4 schematically shows an example diagram of a column obfuscation process.
Fig. 5 schematically shows an example of an AES symmetric encryption process.
Fig. 6 schematically shows a flow chart of another data processing method.
Fig. 7 schematically shows a structural example diagram of a data processing method.
Fig. 8 schematically shows a block diagram of a data processing device.
Fig. 9 schematically shows an electronic device for implementing the above-described data processing method.
Fig. 10 is a diagram schematically illustrating a computer-readable storage medium for implementing the above-described data processing method.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to provide a thorough understanding of embodiments of the invention. One skilled in the relevant art will recognize, however, that the invention may be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known technical solutions have not been shown or described in detail to avoid obscuring aspects of the invention.
Furthermore, the drawings are merely schematic illustrations of the invention and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repetitive description will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The present exemplary embodiment first provides a data processing method, which is applied to one or more encryption and decryption servers, where the encryption and decryption servers may include an Nginx server, and may also be other servers, for example, an HTTP server, and the like, and the disclosure is not limited thereto. Referring to fig. 1, the data processing method may include the steps of:
and S110, acquiring data to be encrypted and judging whether the current operating environment is a production environment.
And S120, encrypting the data to be encrypted to obtain a first ciphertext when the current operation environment is judged to be the production environment.
And S130, encrypting the data to be encrypted to obtain a second ciphertext when the current operating environment is judged to be the test environment.
Step S140, the first ciphertext and the second ciphertext are sent to an application server, so that the application server stores the first ciphertext or the second ciphertext into a database.
In the data processing method, on one hand, the data to be encrypted is encrypted and then stored in the database, so that the data security is improved compared with the method of directly storing the data in the database; on the other hand, the data to be encrypted is encrypted into different ciphertexts under different operating environments, so that the data leakage in the test process is prevented, the data security is further improved, and the economic loss caused by the data leakage is reduced; on the other hand, the ciphertext is stored in the database in the application server, so that the pressure of the Nginx server is reduced, and the data encryption speed is increased.
Next, the above-described data processing method in the present exemplary embodiment will be explained and explained in detail.
In step S110, data to be encrypted is acquired and it is determined whether the current operating environment is a production environment.
In this exemplary embodiment, the data to be encrypted may include personal contact information such as a phone call, a mail, a social account number, and the like of the user, and may also include private information such as an identification number, a bank card number, and the like, which is not limited in this exemplary embodiment; the operating environment can comprise a development environment, a test environment, a production environment and the like; wherein the development environment, the test environment, and the production environment may be three phases of system development. In this example, when the user fills in and submits the data such as the personal contact information and the private information through the front-end page, the application server receives the data sent by the front-end and sends the data to the encryption and decryption server cluster (which may include a plurality of Nginx servers, as shown in fig. 7), and then the encryption and decryption server cluster encrypts the data accordingly according to the current operating environment. In addition, in other exemplary embodiments of the present invention, the data to be encrypted may also be encrypted according to other conditions, for example, according to a level of the data to be encrypted, which is not limited in this exemplary embodiment.
In step S120, when the current operating environment is determined to be the production environment, the data to be encrypted is encrypted to obtain a first ciphertext. In detail:
when the current operating environment is a production environment, encrypting data to be encrypted by using an AES symmetric encryption algorithm to obtain a first ciphertext; the AES symmetric encryption algorithm can be stored in the encryption and decryption server cluster (which can comprise a plurality of Nginx servers), and by the mode, the risk of user information leakage caused by algorithm leakage caused by developers and further illegal decryption of ciphertext is avoided; furthermore, the AES symmetric encryption algorithm can be embedded into the Nginx server in the form of an Ngnix plug-in, and by the method, the encryption speed of a single Ngnix server is improved, so that the encryption and decryption server cluster can fully meet the performance requirements of the whole system; it should be noted here that, because the decryption process is the inverse operation of the encryption process, correspondingly, the AES decryption algorithm corresponding to the AES symmetric encryption algorithm may also be embedded in the Ngnix server in the form of an Ngnix plug-in; furthermore, the AES symmetric encryption algorithm can be written through C language, and through the mode, the common concept of Java application development is broken away, so that decompilation in the prior art is difficult to realize, and the risk that the user information is leaked due to the fact that managers of the encryption and decryption server cluster obtain the algorithm and crack the algorithm is avoided.
Next, the AES encryption algorithm described above will be explained in detail.
First, the AES encryption algorithm process may include four operations: byte substitution (Sub Bytes), row shift (ShiftRows), column obfuscation (MixColumns), and round key Add (Add round key); wherein, the main function of byte substitution may include completing mapping from one byte to another through an S-box (as may be seen with reference to fig. 2); the main function of row shifting may include implementing permutations between bytes inside one matrix (which may be a 4 x 4 matrix) (the process may be as shown with reference to fig. 3); the primary function of column obfuscation may include utilizing GF (2)8) An alternative to the on-domain algorithmic property (the process can be seen with reference to fig. 4); round key addition can be performed by using the principle that the XOR result of any number and the round key addition is 0, so that the input of each round can be XOR-ed with the round key once in the encryption process; then, when decrypting, the key of the round can be decrypted by XOR.
Next, a flowchart of the AES encryption algorithm may be referred to as shown in fig. 5. For example:
for example, a word is 32-bit data, so 128-bit data information can be divided into 4 words, and a 128-bit key can also be 4 words; defining Nb as a data information list (for example, may be 4), Nk as a key word number (for example, may also be 4), and Nr as a cycle number (for example, may be 10); the relationship of Nb, Nk, and Nr may be referred to as shown in table 1 below:
TABLE 1
Figure BDA0001397022270000081
Therefore, for the step S120, the data is encrypted by using the AES symmetric encryption algorithm through multiple byte substitution, line shifting, column obfuscation, and round key addition to form a first ciphertext; the data are encrypted by an AES symmetric encryption algorithm, so that a weak key and a semi-weak key of a DES algorithm are eliminated, and the AES symmetric encryption algorithm has no any limit on the selection of the keys; it should be noted that, in the encryption and decryption server cluster, detailed specifications are made for specific encryption processes in different operating environments, for example, in a test environment, forward row shifting and forward column obfuscation are adopted; in a production environment, reverse row shifting and reverse column aliasing are adopted; therefore, different ciphertexts can be generated according to different running environments. In addition, in other exemplary embodiments of the present invention, the data may also be encrypted by using an AES asymmetric encryption algorithm, which is not limited in this exemplary embodiment.
In step S130, when the current operating environment is determined to be the test environment, the data to be encrypted is encrypted to obtain a second ciphertext.
In this exemplary embodiment, the process of obtaining the second ciphertext is substantially similar to the process of obtaining the first ciphertext, and therefore, the detailed description is omitted here because the detailed description is already provided above.
In step S140, the first ciphertext and the second ciphertext are sent to an application server, so that the application server stores the first ciphertext or the second ciphertext in a database.
In this exemplary embodiment, the application server may be a Tomcat server or other web servers, and this exemplary embodiment is not limited to this. In this example, after the data is encrypted, the first ciphertext or the second ciphertext obtained by encrypting the data is sent to the application server, and then the application server stores the first ciphertext or the second ciphertext in the database. By storing the ciphertext in the database, the pressure of the encryption and decryption server cluster is greatly reduced, so that when the ciphertext needs to be decrypted at a later stage, the corresponding ciphertext can be directly obtained from the database, and the decryption speed is improved.
The invention also provides another data processing method. Referring to fig. 6, the data processing method may include step S610, step S620, and step S630. Wherein:
in step S610, a first key is received and stored in the encryption and decryption server.
In this exemplary embodiment, the first key may be configured manually or may be generated automatically, and this exemplary embodiment does not specially limit this; further, in order to prevent the risk of algorithm disclosure caused by key disclosure, a preset time (for example, 5min or 10min, which is not specifically limited in this example) may be set for the first key, and the first key automatically fails after the preset time; in addition, the first key can be used only once, and the key can automatically lose efficacy after the first key is used for more than one time. In this example, a first key sent by the application server is received, and then the first key is stored in the Nginx server, and the usage of the first key is defined according to the preset time and the number of times of usage.
In step S620, a call request including a second key and calling the AES symmetric decryption algorithm is received, and it is determined whether the second key is the same as the first key.
In this exemplary embodiment, the second key may be configured manually or may be generated automatically, and this exemplary embodiment does not specially limit this; further, in order to prevent the risk of algorithm disclosure caused by key disclosure, a preset time (for example, 5min or 10min, which is not specifically limited in this example) may be set for the second key, and the first key automatically fails after the preset time; in addition, the second key can be used only once, and the key can automatically lose efficacy after the use times. In this example, when the Nginx server receives the call request, it first determines whether the first key is the same as the second key; by the method, the risk of leakage of the home decryption algorithm is further avoided, and the overall safety of the data is improved.
In step S630, when it is determined that the second key is the same as the first key, the call request is responded.
In this exemplary embodiment, when the first key is judged to be the same as the second key, the call request is responded, so that the initiator of the call request can call the AES symmetric decryption algorithm stored in the Nginx server according to the call interface to decrypt the first or second ciphertext.
The invention also provides another data processing method, which is applied to one or more application servers (for example, Tomcat). Wherein, the data processing method may further include steps S710 to S740, in which:
in step S710, a first ciphertext or a second ciphertext sent by an encryption/decryption server is received and stored in a database.
In step S720, a key application including the server IP and decryption purpose is received and it is determined whether the current operating environment of the originator of the key application is a production environment.
In step S730, when the current operating environment of the initiator of the key application is determined to be the production environment, the server IP sends the first ciphertext to the initiator of the key application.
In step S740, when the current operating environment of the originator of the key application is determined to be the test environment, the server IP sends a second ciphertext to the originator of the key application.
In another exemplary embodiment of the present example, the data processing method may further include: judging whether the decryption purpose exists in a preset purpose range or not; and when the decryption purpose is judged to exist in the preset purpose range, sending a key to an initiator of the key application through the server IP so that the server utilizes the key to call an AES symmetric decryption algorithm stored in the Nginx server to decrypt the first ciphertext or the second ciphertext. In detail:
referring to fig. 7, when the originator of the key application needs to request the application server to distribute a key, the originator needs to fill in the own server IP and the decryption purpose (for example, it may be used to mail a mail to the user) and then submit the key to the application server; when the application server receives the request, firstly, judging whether the key purpose exists in a preset purpose range (for example, the key purpose range can comprise mail mailing for the user and return visit for the user) according to the key purpose filled by the initiator of the key application; when the decryption purpose is judged to exist in the preset purpose range, a secret key is sent to an initiator of the secret key application through a server IP, and the secret key is sent to the Nginx server; when an initiator of the key request receives the key, sending a calling request for calling an AES symmetric decryption algorithm to the Nginx server according to the key; further, the application server may also bind the server IP and the key, and then send them together to the nginnx server, so that the nginnx server may determine whether to respond to the invocation request according to the server IP and the key at the same time.
The invention also provides another data processing method, which can further comprise the following steps: receiving a key and judging whether the current operation environment is a production environment; when the current environment is judged to be the production environment, sending a calling request comprising the secret key and calling an AES symmetric decryption algorithm to an encryption and decryption server; and when it is monitored that the encryption and decryption server responds to the calling request, downloading a calling interface and calling a decryption algorithm stored in the encryption and decryption server through the calling interface to decrypt a first ciphertext sent by an application server. In detail:
after receiving a key sent by an application server through the server IP, judging whether the current operating environment is a production environment, and sending a calling request comprising the key and calling the AES symmetric decryption algorithm to an Nginx server when judging that the current operating environment is the production environment; when the Nginx server receives the calling request, firstly judging whether the key is the same as the key stored in the Nginx server, and responding to the calling request when the key is judged to be the same; further, the server IP and the key may be sent to the Nginx server together, and when the Nginx server receives the call request, it is first determined whether the server IP and the key are the same as the server IP and the key stored in the Nginx server, and when it is determined that the server IP and the key are the same, the call request is responded; when it is monitored that the Nginx server responds to the call request, a call interface is downloaded first (the call interface is realized in a JAR file package mode, or in other modes, which is not particularly limited in this example), and then the AES symmetric decryption algorithm stored in the Nginx server is called through the call interface to decrypt the first ciphertext.
Moreover, although the steps of the methods of the present invention are depicted in the drawings in a particular order, this does not require or imply that the steps must be performed in this particular order, or that all of the depicted steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc.
The present invention also provides a data processing apparatus, which is applied to one or more encryption and decryption servers, wherein the encryption and decryption servers may include a Nginx server, or may be other servers, for example, an HTTP server, and the like, and the disclosure is not limited thereto. Referring to fig. 8, the data processing apparatus may include an execution environment determination module 810, a first encryption module 820, a second encryption module 830, and a ciphertext transmission module 840. Wherein:
the operating environment determining module 810 may be configured to obtain data to be encrypted and determine whether a current operating environment is a production environment.
The first encryption module 820 may be configured to encrypt the data to be encrypted to obtain a first ciphertext when the current operating environment is determined to be the production environment.
The second encryption module 830 may be configured to encrypt the data to be encrypted to obtain a second ciphertext when the current operating environment is determined to be the test environment.
The ciphertext sending module 840 may be configured to send the first ciphertext and the second ciphertext to an application server, so that the application server stores the first ciphertext or the second ciphertext in a database.
The present invention also provides another data processing apparatus, applied to one or more application servers, the data processing apparatus may further include: the device comprises a storage module, a production environment judgment module, a first sending module and a second sending module. Wherein:
the storage module may be configured to receive a first ciphertext or a second ciphertext sent by an encryption/decryption server and store the first ciphertext or the second ciphertext in a database.
The production environment determination module may be configured to receive a key application including a server IP and a decryption purpose and determine whether a current operating environment of an initiator of the key application is a production environment.
The first sending module may be configured to send the first ciphertext to the originator of the key application through the server IP when it is determined that the current operating environment of the originator of the key application is a production environment.
The second sending module may be configured to send a second ciphertext to the originator of the key application through the server IP when it is determined that the current operating environment of the originator of the key application is the test environment.
The invention also provides another data processing device. The data processing device can also comprise a receiving module, a request sending module and a decryption module. Wherein:
the receiving module may be configured to receive a key and determine whether the current operating environment is a production environment.
The request sending module may be configured to send, to the encryption and decryption server, a call request including the key and calling the AES symmetric decryption algorithm when it is determined that the current environment is the production environment.
The decryption module may be configured to, after it is monitored that the encryption and decryption server responds to the call request, download a call interface and decrypt a first ciphertext sent by the application server by calling a decryption algorithm stored in the encryption and decryption server through the call interface.
The specific details of each module in the data processing apparatus have been described in detail in the corresponding data processing method, and therefore are not described herein again.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the invention. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiment of the present invention can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to make a computing device (which can be a personal computer, a server, a mobile terminal, or a network device, etc.) execute the method according to the embodiment of the present invention.
In an exemplary embodiment of the present invention, there is also provided an electronic device capable of implementing the above method.
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or program product. Thus, various aspects of the invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
An electronic device 600 according to this embodiment of the invention is described below with reference to fig. 9. The electronic device 600 shown in fig. 9 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 9, the electronic device 600 is embodied in the form of a general purpose computing device. The components of the electronic device 600 may include, but are not limited to: the at least one processing unit 610, the at least one memory unit 620, a bus 630 connecting different system components (including the memory unit 620 and the processing unit 610), and a display unit 640.
Wherein the storage unit stores program code that is executable by the processing unit 610 to cause the processing unit 610 to perform steps according to various exemplary embodiments of the present invention as described in the above section "exemplary methods" of the present specification. For example, the processing unit 610 may perform step S110 as shown in fig. 1: acquiring data to be encrypted and judging whether the current operating environment is a production environment; s120: when the current operation environment is judged to be the production environment, encrypting the data to be encrypted to obtain a first ciphertext; step S130: when the current operating environment is judged to be the test environment, encrypting the data to be encrypted to obtain a second ciphertext; step S140: and sending the first ciphertext and the second ciphertext to an application server so that the application server stores the first ciphertext or the second ciphertext into a database.
The storage unit 620 may include readable media in the form of volatile memory units, such as a random access memory unit (RAM)6201 and/or a cache memory unit 6202, and may further include a read-only memory unit (ROM) 6203.
The memory unit 620 may also include a program/utility 6204 having a set (at least one) of program modules 6205, such program modules 6205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
Bus 630 may be one or more of several types of bus structures, including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 600 may also communicate with one or more external devices 700 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 600, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 600 to communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 650. Also, the electronic device 600 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via the network adapter 660. As shown, the network adapter 660 communicates with the other modules of the electronic device 600 over the bus 630. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 600, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiment of the present invention can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to make a computing device (which can be a personal computer, a server, a terminal device, or a network device, etc.) execute the method according to the embodiment of the present invention.
In an exemplary embodiment of the present invention, there is also provided a computer-readable storage medium having stored thereon a program product capable of implementing the above-described method of the present specification. In some possible embodiments, aspects of the invention may also be implemented in the form of a program product comprising program code means for causing a terminal device to carry out the steps according to various exemplary embodiments of the invention described in the above section "exemplary methods" of the present description, when said program product is run on the terminal device.
Referring to fig. 10, a program product 800 for implementing the above method according to an embodiment of the present invention is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
Furthermore, the above-described figures are merely schematic illustrations of processes involved in methods according to exemplary embodiments of the invention, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is only limited by the appended claims.

Claims (12)

1. A data processing method applied to one or more encryption/decryption servers, the data processing method comprising:
acquiring data to be encrypted and judging whether the current operating environment is a production environment;
when the current operation environment is judged to be a production environment, encrypting the data to be encrypted by utilizing forward row shift and forward column confusion in an AES (advanced encryption Standard) symmetric encryption algorithm to obtain a first ciphertext;
when the current operating environment is judged to be the test environment, encrypting the data to be encrypted by using reverse row shift and reverse column confusion in an AES symmetric encryption algorithm to obtain a second ciphertext;
sending the first ciphertext and the second ciphertext to an application server to enable the application server to store the first ciphertext or the second ciphertext in a database;
wherein the production environment and the test environment are stages included in a system development process.
2. The data processing method of claim 1, wherein the AES symmetric encryption algorithm is stored in the encryption and decryption server.
3. The data processing method of claim 1, wherein the AES symmetric encryption algorithm is embedded in the encryption and decryption server in the form of an Ngnix plug-in.
4. A data processing method according to any of claims 1 to 3, wherein said AES symmetric encryption algorithm is written in the C language.
5. The data processing method according to any one of claims 1 to 3, wherein the encryption and decryption server further comprises an AES symmetric decryption algorithm corresponding to the AES symmetric encryption algorithm.
6. The data processing method of claim 5, further comprising:
receiving a first key and storing the first key in the encryption and decryption server; and
receiving a calling request comprising a second secret key and calling the AES symmetric decryption algorithm, and judging whether the second secret key is the same as the first secret key or not;
and responding to the calling request when the second key is judged to be the same as the first key.
7. A data processing method applied to one or more application servers, the data processing method comprising:
receiving a first ciphertext or a second ciphertext sent by an encryption and decryption server and storing the first ciphertext or the second ciphertext into a database; and
receiving a key application including a server IP address and a decryption purpose and judging whether the current running environment of an initiator of the key application is a production environment;
when the current operation environment of the initiator of the key application is judged to be a production environment, a first ciphertext is sent to the initiator of the key application through the server IP;
and when the current running environment of the initiator of the key application is judged to be a test environment, sending a second ciphertext to the initiator of the key application through the server IP.
8. The data processing method according to claim 7, further comprising, before determining whether the current operating environment of the initiator of the key application is a production environment:
judging whether the decryption purpose exists in a preset purpose range or not;
and when the decryption purpose is judged to exist in the preset purpose range, sending a key to an initiator of the key application through the server IP so that the server utilizes the key to call an AES symmetric decryption algorithm stored in an encryption and decryption server to decrypt the first ciphertext or the second ciphertext.
9. A data processing apparatus, applied to one or more encryption/decryption servers, comprising:
the operation environment judgment module is used for acquiring data to be encrypted and judging whether the current operation environment is a production environment;
the first encryption module is used for encrypting the data to be encrypted by utilizing forward row shift and forward column confusion in an AES (advanced encryption Standard) symmetric encryption algorithm to obtain a first ciphertext when the current operation environment is judged to be a production environment;
the second encryption module is used for encrypting the data to be encrypted by using reverse row shift and reverse column confusion in an AES symmetric encryption algorithm to obtain a second ciphertext when the current operating environment is judged to be the test environment;
the ciphertext sending module is used for sending the first ciphertext and the second ciphertext to an application server so that the application server stores the first ciphertext or the second ciphertext into a database;
wherein the production environment and the test environment are stages included in a system development process.
10. A data processing apparatus, applied to one or more application servers, comprising:
the storage module is used for receiving a first ciphertext or a second ciphertext sent by an encryption and decryption server and storing the first ciphertext or the second ciphertext into a database;
the system comprises a production environment judging module, a key application processing module and a key application processing module, wherein the production environment judging module is used for receiving a key application comprising a server IP and a decryption purpose and judging whether the current running environment of an initiator of the key application is a production environment;
the first sending module is used for sending a first ciphertext to the initiator of the key application through the server IP when the current operating environment of the initiator of the key application is judged to be a production environment;
and the second sending module is used for sending a second ciphertext to the initiator of the key application through the server IP when the current operating environment of the initiator of the key application is judged to be a test environment.
11. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the data processing method of any one of claims 1 to 8.
12. An electronic device, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the data processing method of any one of claims 1-8 via execution of the executable instructions.
CN201710781136.4A 2017-09-01 2017-09-01 Data processing method and device, storage medium and electronic equipment Active CN107590396B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710781136.4A CN107590396B (en) 2017-09-01 2017-09-01 Data processing method and device, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710781136.4A CN107590396B (en) 2017-09-01 2017-09-01 Data processing method and device, storage medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN107590396A CN107590396A (en) 2018-01-16
CN107590396B true CN107590396B (en) 2020-03-17

Family

ID=61050880

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710781136.4A Active CN107590396B (en) 2017-09-01 2017-09-01 Data processing method and device, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN107590396B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108280356B (en) * 2018-01-17 2020-07-14 吉浦斯信息咨询(深圳)有限公司 File decryption method and device, processing terminal and computer readable storage medium
CN109446784A (en) * 2018-09-28 2019-03-08 深圳市英威腾电源有限公司 A kind of hardware decryption method, apparatus, system and decryption device
CN110378128A (en) * 2019-06-17 2019-10-25 深圳壹账通智能科技有限公司 Data ciphering method, device and terminal device
CN111565103B (en) * 2020-04-29 2022-10-21 中国银行股份有限公司 Production data processing method and device
CN111797416B (en) * 2020-07-02 2023-08-18 中国工商银行股份有限公司 Method and device for processing encrypted data
CN113542224B (en) * 2021-06-16 2023-12-29 深圳市中金岭南有色金属股份有限公司凡口铅锌矿 Training data processing method, device, server and medium
CN113596027B (en) * 2021-07-29 2023-09-12 上海淇玥信息技术有限公司 Data encryption transmission method and device and electronic equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102999729A (en) * 2011-09-13 2013-03-27 联想(北京)有限公司 File management method and file management system
CN106250773A (en) * 2016-08-15 2016-12-21 捷开通讯(深圳)有限公司 The operational approach of a kind of terminal, system and terminal
CN106845256A (en) * 2017-01-24 2017-06-13 腾讯科技(深圳)有限公司 A kind of method and terminal of encryption and decryption data in the application

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110154455A1 (en) * 2005-02-22 2011-06-23 Nanjangudu Shiva R Security management framework
US20090271858A1 (en) * 2008-04-25 2009-10-29 Lockheed Martin Corporation Method For Connecting Unclassified And Classified Information Systems

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102999729A (en) * 2011-09-13 2013-03-27 联想(北京)有限公司 File management method and file management system
CN106250773A (en) * 2016-08-15 2016-12-21 捷开通讯(深圳)有限公司 The operational approach of a kind of terminal, system and terminal
CN106845256A (en) * 2017-01-24 2017-06-13 腾讯科技(深圳)有限公司 A kind of method and terminal of encryption and decryption data in the application

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
《基于动态加密算法的数据处理技术开发》;谢春思,李军玲;《工业仪表与自动化装置》;20130215(第1期);105-107 *

Also Published As

Publication number Publication date
CN107590396A (en) 2018-01-16

Similar Documents

Publication Publication Date Title
CN107590396B (en) Data processing method and device, storage medium and electronic equipment
CN108681853B (en) Logistics information transmission method, system and device based on block chain
CN111448779B (en) System, device and method for hybrid secret sharing
CN109150499B (en) Method and device for dynamically encrypting data, computer equipment and storage medium
US10951595B2 (en) Method, system and apparatus for storing website private key plaintext
CN111245802B (en) Data transmission security control method, server and terminal
CN109840436A (en) The application method and device of data processing method, trusted user interface resource data
CA2965445A1 (en) Transaction messaging
CN110177099B (en) Data exchange method, transmitting terminal and medium based on asymmetric encryption technology
CN111274611A (en) Data desensitization method, device and computer readable storage medium
CN110708291B (en) Data authorization access method, device, medium and electronic equipment in distributed network
CN110312054B (en) Image encryption and decryption method, related device and storage medium
CN114826733B (en) File transmission method, device, system, equipment, medium and program product
CN115529130B (en) Data processing method, terminal, server, system, device, medium and product
CN107872315B (en) Data processing method and intelligent terminal
CN113094190B (en) Micro-service calling method, micro-service calling device, electronic equipment and storage medium
CN112600836A (en) Form data processing method, equipment and storage medium
US9203607B2 (en) Keyless challenge and response system
CN114584299A (en) Data processing method and device, electronic equipment and storage medium
CN109450899B (en) Key management method and device, electronic equipment and storage medium
CN113794706A (en) Data processing method and device, electronic equipment and readable storage medium
CN113411347B (en) Transaction message processing method and processing device
CN114826616B (en) Data processing method, device, electronic equipment and medium
CN114615087B (en) Data sharing method, device, equipment and medium
US11201856B2 (en) Message security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant