CN107707528A - A kind of method and apparatus of user profile isolation - Google Patents
A kind of method and apparatus of user profile isolation Download PDFInfo
- Publication number
- CN107707528A CN107707528A CN201710784930.4A CN201710784930A CN107707528A CN 107707528 A CN107707528 A CN 107707528A CN 201710784930 A CN201710784930 A CN 201710784930A CN 107707528 A CN107707528 A CN 107707528A
- Authority
- CN
- China
- Prior art keywords
- user
- external system
- key
- built
- external
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4547—Network directories; Name-to-address mapping for personal communications, i.e. using a personal identifier
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of method and apparatus of user profile isolation, it is related to field of computer technology.One embodiment of this method includes:Built-in system determines that the external system in the solicited message identifies corresponding key in the case where receiving the solicited message that external system is sent;Solicited message is used for the outer logo corresponding to the external system that external system obtains the user in built-in system;Specified information is encrypted based on key for built-in system, to generate outer logo of the user in the external system;The outer logo of user is returned to external system by built-in system.The embodiment is by the way that the internal information of user and external information are isolated so that the business side of external system can not be cracked by the external information of user, while effectively user profile is isolated, improve the security reliability of encryption.
Description
Technical field
The present invention relates to field of computer technology, more particularly to the method and apparatus of a pair of user profile isolation.
Background technology
In internet product, each user can have a unique ID to be used for identity, and each ID can have sex,
The information such as age, work.Such as the ID of many products is cell-phone number, each ID corresponds to the sex of user, the age,
The information such as commodity are bought, if some external business Fang Xiang and some products cooperating use some user data of product, such as A
Business side wants the information such as occupation, age of user, and B business sides want sex, the information such as commodity is often bought, in order to protect use
The safety and privacy at family, it is impossible to directly the ID of user is opened to external business side, it is necessary to the ID of user be encrypted, by
Portion's ID and external user ID are isolated.Simultaneously in order to which external business root can not be made according to ID completion user profile, equally
Need to isolating without the ID of business side.
The existing method for being isolated the inside ID of user and exterior I D, mainly there are simple Hash mapping and encryption ID
Mode:
1st, simple Hash mapping:The ID of inside is mapped as externally by hash function, such as MD2, MD4, MD5 scheduling algorithm
ID, for external callers use;
2nd, ID is encrypted using AES:Internal ID is encrypted first using AES, then supplies outside industry again
Business side uses.
In process of the present invention is realized, inventor has found that at least there are the following problems in the prior art:
Although simple Hash mapping realizes that simply confidentiality is too poor, when there are enough data external business side
Hash algorithm can easily be cracked so as to obtain the real information of user;Although the ID of user is encrypted to a certain degree by AES
On can improve the confidentiality of ID, once but AES leak, it is easy to cause the id information of all users to leak, and
In order to isolate different business sides, it is necessary to which ID is encrypted using different algorithms, implementation process is complex, cost
It is higher.Therefore, in the prior art when the information to user is isolated, have that encryption is not strong, process is complicated and easily
The problem of security reliability difference such as divulge a secret.
The content of the invention
In view of this, the embodiment of the present invention provides a kind of method and apparatus of user profile isolation, can solve the problem that existing skill
In art when the information to user is isolated the problem of existing security reliability difference.
To achieve the above object, a kind of one side according to embodiments of the present invention, there is provided side of user profile isolation
Method.
A kind of method isolated to user profile of the embodiment of the present invention includes:Built-in system is preserved and multiple outsides
The corresponding key of system banner, built-in system determine the request in the case where receiving the solicited message that external system is sent
External system in information identifies corresponding key;Solicited message is used for the correspondence that external system obtains the user in built-in system
In the outer logo of the external system;Specified information is encrypted based on key for built-in system, outer at this to generate user
Outer logo in portion's system;The outer logo of user is returned to external system by built-in system.
Alternatively, user's mark in user internally system is included in the information specified of the embodiment of the present invention.
Alternatively, containment mapping identifier is gone back in the information specified of the embodiment of the present invention;Map in identifier comprising clothes
The one or more being engaged in device network address, server processes number and server time stamp;Internally system is by outside user
After the step of portion's mark returns to external system, in addition to:Identified according to the external system of external system and determine key, according to
The key and being identified corresponding to the outer logo of the external system and the external system for user are decrypted to obtain mapping mark
Know symbol.
Alternatively, random string is also included in the mapping identifier of the embodiment of the present invention;And the method for the present invention is also
Including:Preserve the mapping table between the user's mark of random string and user internally in system;And solved
After close the step of obtaining mapping identifier, in addition to:According to the random string in mapping identifier, in mapping table
Inquire user mark of the user internally in system.
Alternatively, specified information is encrypted based on key for the built-in system of the embodiment of the present invention, to generate user
The step of outer logo in the external system, includes:Based on key, specified information is entered using DEA DES
Row one-time pad encryption, the data then obtained using coded system Base64 to the one-time pad encryption carry out secondary encryption to generate outside
Mark.
To achieve the above object, a kind of another aspect according to embodiments of the present invention, there is provided dress of user profile isolation
Put.
A kind of device isolated to user profile of the embodiment of the present invention includes:Determining module, for built-in system
In the case where receiving the solicited message that external system is sent, determine that the external system mark in the solicited message is corresponding close
Key;Solicited message is used for the outer logo corresponding to the external system that external system obtains the user in built-in system;Processing
Module, specified information is encrypted based on key for built-in system, to generate outside of the user in the external system
Mark;Module is returned, the outer logo of user is returned into external system for built-in system.
Alternatively, user's mark in user internally system is included in the information specified of the embodiment of the present invention.
Alternatively, containment mapping identifier is gone back in the information specified of the embodiment of the present invention;Map in identifier comprising clothes
The one or more being engaged in device network address, server processes number and server time stamp;Processing module is additionally operable to:According to
External system external system mark determine key, according to the key and the outer logo corresponding to the external system of user with
And external system mark is decrypted to obtain mapping identifier.
Alternatively, random string is also included in the mapping identifier of the embodiment of the present invention;And device also includes preserving
Module, it is used for:Preserve the mapping table between the user's mark of random string and user internally in system;And handle
Module, it is additionally operable to:According to the random string in mapping identifier, user is inquired in mapping table internally in system
User mark.
Alternatively, the processing module of the embodiment of the present invention is used for:Based on key, will be specified using DEA DES
Information carry out one-time pad encryption, the data then obtained to the one-time pad encryption using coded system Base64 carry out secondary encryption with
Generate outer logo.
To achieve the above object, a kind of another further aspect according to embodiments of the present invention, there is provided side of user profile isolation
The electronic equipment of method.
The a kind of electronic equipment of the embodiment of the present invention includes:One or more processors;Storage device, for storing one
Or multiple programs, when one or more of programs are by one or more of computing devices so that one or more of
The method that processor realizes the user profile isolation of the embodiment of the present invention.
To achieve the above object, a kind of another aspect according to embodiments of the present invention, there is provided computer-readable medium.
A kind of computer-readable medium of the embodiment of the present invention, is stored thereon with computer program, and described program is processed
Device realizes the user profile isolation of embodiment of the present invention method when performing.
One embodiment in foregoing invention has the following advantages that or beneficial effect:Because use utilizes and outer logo phase
Specified information is encrypted the key answered, and then generates the technological means of the outer logo of user, so overcoming
The technical problem of existing security reliability difference when isolating to the information of user, and then improve its security reliability
Technique effect;By the way that the internal information of user and external information are isolated so that the business side of external system can not pass through
The external information of user is cracked, and while effectively user profile is isolated, improves the safe and reliable of encryption
Property.
Further effect adds hereinafter in conjunction with embodiment possessed by above-mentioned non-usual optional mode
With explanation.
Brief description of the drawings
Accompanying drawing is used to more fully understand the present invention, does not form inappropriate limitation of the present invention.Wherein:
Fig. 1 is a kind of schematic diagram of the main flow of the method for user profile isolation according to embodiments of the present invention;
Fig. 2 is the method schematic diagram isolated according to the user profile of a specific embodiment of the invention;
Fig. 3 is the schematic flow sheet for the method isolated according to the user profile of a specific embodiment of the invention;
Fig. 4 is the schematic flow sheet for the method inquired about according to the user profile of another specific embodiment of the present invention;
Fig. 5 is the schematic diagram of the main modular of the device of user profile isolation according to embodiments of the present invention;
Fig. 6 is that the embodiment of the present invention can apply to exemplary system architecture figure therein;
Fig. 7 is adapted for the structural representation for realizing the terminal device of the embodiment of the present invention or the computer system of server
Figure.
Embodiment
The one exemplary embodiment of the present invention is explained below in conjunction with accompanying drawing, including the various of the embodiment of the present invention
Details should think them only exemplary to help understanding.Therefore, those of ordinary skill in the art should recognize
Arrive, various changes and modifications can be made to the embodiments described herein, without departing from scope and spirit of the present invention.Together
Sample, for clarity and conciseness, the description to known function and structure is eliminated in following description.
Fig. 1 is a kind of schematic diagram of the main flow of the method for user profile isolation according to embodiments of the present invention, such as Fig. 1
Shown, a kind of method of user profile isolation of the embodiment of the present invention mainly comprises the following steps:
Step S101:Built-in system determines that the request is believed in the case where receiving the solicited message that external system is sent
External system in breath identifies corresponding key;The user's that solicited message is used in external system acquisition built-in system corresponds to
The outer logo of the external system.Internally pre-saved in system corresponding with multiple external systems of external system mark
Key, therefore, when receiving the solicited message that external system is sent, the solicited message can be determined according to corresponding relation
In external system identify corresponding key.Here, the external system can be obtained relative with the external system by the key
The outer logo of user in the built-in system answered, so as to reach user, internally system uses internal indicator, and in outside
System uses the purpose of outer logo.
Step S102:Specified information is encrypted based on key for built-in system, to generate user in the external system
In outer logo.As described in step S101, the user in the built-in system corresponding with the external system is obtained using key
Outer logo, be that specified information is encrypted based on key, so as to generate corresponding outer logo.
In some embodiments, user's mark in user internally system is included in the information specified.That is,
Based on key, directly user's mark in built-in system can be encrypted, generation user is with outside in external system
System identifies corresponding outer logo.
In other embodiments, containment mapping identifier is gone back in the information specified;Map in identifier comprising service
One or more in device network address, server processes number and server time stamp.That is, mapping can be marked
Know at least one of the server network address included in symbol, server processes number and server time stamp to be encrypted,
Then can with generate user in external system with the corresponding outer logo of external system mark.
Furthermore, it is desirable to, it is noted that after the step of internally outer logo of user is returned to external system by system,
Also include:Identified according to the external system of external system and determine key, the external system is corresponded to according to the key and user
Outer logo and external system mark be decrypted to obtain mapping identifier.So, it is possible to according to key, outside
Portion identifies and external system mark completes decryption, and then obtains mapping identifier, it is of course also possible to obtain mapping mark
At least one of the server network address, server processes number and the server time stamp that are included in symbol information, Ran Houjin
The determination of one step needs the network information handled.
In other embodiments, map in identifier and also include random string;And the method for the present invention is also wrapped
Include:Preserve the mapping table between the user's mark of random string and user internally in system;And it is being decrypted
After the step of obtaining mapping identifier, in addition to:According to the random string in mapping identifier, looked into mapping table
Ask out user mark of the user internally in system.Determine to need the network equipment to be processed it is then possible to be identified according to the user
Information.
In certain embodiments of the present invention, specified information is encrypted based on key for built-in system, with generation
The step of outer logo of the user in the external system, includes:Based on key, using DEA DES by specified letter
Breath carries out one-time pad encryption, and the data then obtained using coded system Base64 to the one-time pad encryption carry out secondary encryption to generate
Outer logo.It should be noted that DEA DES of the present invention and coded system Base64 are only a kind of excellent
The mode of choosing, and be not limited to mode of the present invention and can also solve the of the invention purpose to be encrypted.
Step S103:The outer logo of user is returned to external system by built-in system.The outer logo of generation is returned
To corresponding external system.
Fig. 2 is the method schematic diagram isolated according to the user profile of a specific embodiment of the invention.As shown in Fig. 2 this hair
It is bright as follows including external system and built-in system, concrete implementation mode:
External system:The id information of external system internally system request user, external system have different business sides, often
Individual business side has a business ID (i.e. said external system banner) to identify.External system obtain is by adding
Close open ID (outer logo of i.e. above-mentioned user).
Built-in system:Built-in system is according to the business ID of different business side, and by the ID of inside, (i.e. above-mentioned user exists
User's mark in built-in system) it is encrypted to different open ID and returns to external business side.
Fig. 3 is the schematic flow sheet for the method isolated according to the user profile of a specific embodiment of the invention.Such as Fig. 3 institutes
Show, the present invention, so as to generate corresponding open ID process, namely the process of encryption, has according to the business ID received
Body step is as follows:
1. obtain the business ID carried in business side's solicited message.
2. judging whether the business ID are effective, directly terminate if the business ID are invalid.
3. obtaining secret key (i.e. above-mentioned key) according to business ID, the mode of acquisition is to be internally in advance
Blanket insurance has the relation table with the corresponding key of multiple external systems mark, the pass for then identifying and preserving according to external system
It is that table determines key.And the secret key are the keys of AES below in the present invention, it is necessary to hold in close confidence, it is impossible to
Leak to outside.
4. judge whether internal UID (i.e. above-mentioned user internally user's mark in system) is effective, if user deletes
Except UID, UID can be caused to fail, then need to delete UID and mapping ID (the i.e. above-mentioned mapping marks in redis (database)
Know symbol) mapping relations.
5. if UID is effective, mapping ID are inquired about from redis caching according to UID.
6. judge that mapping ID whether there is.If mapping ID exist, directly according to mapping ID,
Business ID and secret key are according to rule generation open ID;If mapping ID are not present, mapping is generated
ID。
7. producing mapping ID according to rule, specific generation mapping ID process is as follows:
Mapping ID=server ips;Server processes number;Server time stabs;Random string
It should be noted that when above-mentioned server ip, server processes number, server can be included in mapping ID
Between stamp and at least one of random string, can also all include.
8. UID and mapping ID corresponding relation is write into redis.Corresponding relation includes:When key values are UID,
Value values are mapping ID, and the corresponding relation is used for ciphering process;When key values are random string, value values are
UID, the corresponding relation are used for decrypting process.
9. obtaining secret key, open ID are generated according to the rule of correspondence after mapping ID, business ID, specifically
Generation formula it is as follows:
Open ID=Base64 (DES (secret key, mapping ID+business ID))
Wherein, DES is used for the encryption to mapping ID, and base64 is used for the transmission information on network.Due to not of the same trade or business
Business ID and the secret key of business side are not the same, therefore in face of different trafficwises, even identical
UID can also obtain different open ID, so as to isolate different business sides, protect the privacy of user;For identical industry
It is also very easily, because even business ID, secret key, UID that business side, which wants a set of new open ID of generation,
It is identical, because server ip, server processes number and server timestamp also will not be identical, so different time, difference service
The mapping ID that device process obtains are also what is differed, and the open ID of generation also will not be identical.
Fig. 4 is the schematic flow sheet for the method inquired about according to the user profile of another specific embodiment of the present invention.Such as Fig. 4 institutes
Show, the process of the invention according to query-related information in the business ID received internally system, namely the mistake of decryption
Journey, comprise the following steps that:
1. secret key are obtained according to business ID.The external system mark equally preserved according further to built-in system
The relation table known and preserved determines key.
2. the source code (source code includes open ID) of pair encryption is decoded to obtain mapping ID, open ID are carried out
DeBase64 operates to obtain the character string of former encryption, and then carrying out deDES according to secret key decodes to obtain mapping ID.
3. UID is inquired according to mapping ID.Information in mapping ID inquires about pair preserved in redis
It should be related to, so as to obtain UID.
It should be noted that because generation open ID service arrangement is in multiple devices, once divulging a secret and cracking needs
Track is that the open ID that server generates are cracked, it is necessary to regenerate open ID.Then further tracking
The equipment divulged a secret simultaneously regenerates open ID.It is according to the open being decrypted first during open ID are regenerated
ID decodes to obtain mapping ID (process that the process is decrypted as described above), then the server ip in mapping ID and
Server time stabs, it may be determined that the mapping ID generated by the server handle precarious position, according to these mapping
ID can determine which open ID and UID is cracked, and finally regenerate the mapping ID of the server again,
As long as all mapping ID cans generated by the server are deleted during generation in redis, because the clothes of server
Be engaged in device IP, and server processes, timestamp difference is different, so can also be generated even if the request of next identical business side new
Mapping ID, and generate a set of new open ID.
The method of user profile isolation according to embodiments of the present invention can be seen that because use utilizes and outer logo phase
Specified information is encrypted the key answered, and then generates the technological means of the outer logo of user, so overcoming
The technical problem of existing security reliability difference when isolating to the information of user, and then improve its security reliability
Technique effect;By the way that the internal information of user and external information are isolated so that the business side of external system can not pass through
The external information of user is cracked, and while effectively user profile is isolated, improves the safe and reliable of encryption
Property.
Fig. 5 is the schematic diagram of the main modular of the device of user profile isolation according to embodiments of the present invention.Such as Fig. 5 institutes
Show, the device 500 of the user profile isolation of the embodiment of the present invention mainly includes:Determining module 501, processing module 502 and return
Return module 503.Wherein:
Determining module 501, for built-in system in the case where receiving the solicited message that external system is sent, it is determined that should
External system in solicited message identifies corresponding key;The user's that solicited message is used in external system acquisition built-in system
Corresponding to the outer logo of the external system;Processing module 502, specified information is added based on key for built-in system
It is close, to generate outer logo of the user in the external system;Module 503 is returned, marks the outside of user for built-in system
Knowledge returns to external system.
Alternatively, user's mark in user internally system is included in the information specified of the embodiment of the present invention.
Alternatively, containment mapping identifier is gone back in the information specified of the embodiment of the present invention;Map in identifier comprising clothes
The one or more being engaged in device network address, server processes number and server time stamp;Processing module 502 is additionally operable to:Root
Key is determined according to the external system mark of external system, according to the key and the outer logo corresponding to the external system of user
And external system mark is decrypted to obtain mapping identifier.
Alternatively, random string is also included in the mapping identifier of the embodiment of the present invention;And device also includes preserving
Module (not shown), is used for:The mapping preserved between the user's mark of random string and user internally in system is closed
It is table;And processing module, it is additionally operable to:According to the random string in mapping identifier, use is inquired in mapping table
Family internally user's mark in system.
Alternatively, the processing module 502 of the embodiment of the present invention is used for:Based on key, will be referred to using DEA DES
Fixed information carries out one-time pad encryption, and the data then obtained using coded system Base64 to the one-time pad encryption carry out secondary encryption
To generate outer logo.
From the above, it can be seen that specified information is added using key corresponding with outer logo because using
It is close, the technological means of the outer logo of user is then generated, is existed so overcoming when the information to user is isolated
Security reliability difference technical problem, and then improve the technique effect of its security reliability;By by the inside of user
Information and external information are isolated so that and the business side of external system can not be cracked by the external information of user,
While effectively user profile is isolated, the security reliability of encryption is improved.
Fig. 6, which is shown, can apply the user profile partition method of the embodiment of the present invention or showing for user profile isolating device
Example sexual system framework 600.
As shown in fig. 6, system architecture 600 can include terminal device 601,602,603, network 604 and server 605.
Network 604 between terminal device 601,602,603 and server 605 provide communication link medium.Network 604 can be with
Including various connection types, such as wired, wireless communication link or fiber optic cables etc..
User can be interacted with using terminal equipment 601,602,603 by network 604 with server 605, to receive or send out
Send message etc..Various telecommunication customer end applications, such as the application of shopping class, net can be installed on terminal device 601,602,603
(merely illustrative) such as the application of page browsing device, searching class application, JICQ, mailbox client, social platform softwares.
Terminal device 601,602,603 can have a display screen and a various electronic equipments that supported web page browses, bag
Include but be not limited to smart mobile phone, tablet personal computer, pocket computer on knee and desktop computer etc..
Server 605 can be to provide the server of various services, such as utilize terminal device 601,602,603 to user
The shopping class website browsed provides the back-stage management server (merely illustrative) supported.Back-stage management server can be to receiving
To the data such as information query request analyze etc. processing, and by result (such as target push information, product letter
Breath -- merely illustrative) feed back to terminal device.
It should be noted that the user profile partition method that the embodiment of the present invention is provided typically is performed by server 605,
Correspondingly, user profile isolating device is generally positioned in server 605.
It should be understood that the number of the terminal device, network and server in Fig. 6 is only schematical.According to realizing need
Will, can have any number of terminal device, network and server.
Below with reference to Fig. 7, it illustrates suitable for for realizing the computer system 700 of the terminal device of the embodiment of the present invention
Structural representation.Terminal device shown in Fig. 7 is only an example, to the function of the embodiment of the present invention and should not use model
Shroud carrys out any restrictions.
As shown in fig. 7, computer system 700 includes CPU (CPU) 701, it can be read-only according to being stored in
Program in memory (ROM) 702 or be loaded into program in random access storage device (RAM) 703 from storage part 708 and
Perform various appropriate actions and processing.In RAM 703, also it is stored with system 700 and operates required various programs and data.
CPU 701, ROM 702 and RAM 703 are connected with each other by bus 704.Input/output (I/O) interface 705 is also connected to always
Line 704.
I/O interfaces 705 are connected to lower component:Importation 706 including keyboard, mouse etc.;Penetrated including such as negative electrode
The output par, c 707 of spool (CRT), liquid crystal display (LCD) etc. and loudspeaker etc.;Storage part 708 including hard disk etc.;
And the communications portion 709 of the NIC including LAN card, modem etc..Communications portion 709 via such as because
The network of spy's net performs communication process.Driver 710 is also according to needing to be connected to I/O interfaces 705.Detachable media 711, such as
Disk, CD, magneto-optic disk, semiconductor memory etc., it is arranged on as needed on driver 710, in order to read from it
Computer program be mounted into as needed storage part 708.
Especially, according to embodiment disclosed by the invention, may be implemented as counting above with reference to the process of flow chart description
Calculation machine software program.For example, embodiment disclosed by the invention includes a kind of computer program product, it includes being carried on computer
Computer program on computer-readable recording medium, the computer program include the program code for being used for the method shown in execution flow chart.
In such embodiment, the computer program can be downloaded and installed by communications portion 709 from network, and/or from can
Medium 711 is dismantled to be mounted.When the computer program is performed by CPU (CPU) 701, system of the invention is performed
The above-mentioned function of middle restriction.
It should be noted that the computer-readable medium shown in the present invention can be computer-readable signal media or meter
Calculation machine readable storage medium storing program for executing either the two any combination.Computer-readable recording medium for example can be --- but not
Be limited to --- electricity, magnetic, optical, electromagnetic, system, device or the device of infrared ray or semiconductor, or it is any more than combination.Meter
The more specifically example of calculation machine readable storage medium storing program for executing can include but is not limited to:Electrical connection with one or more wires, just
Take formula computer disk, hard disk, random access storage device (RAM), read-only storage (ROM), erasable type and may be programmed read-only storage
Device (EPROM or flash memory), optical fiber, portable compact disc read-only storage (CD-ROM), light storage device, magnetic memory device,
Or above-mentioned any appropriate combination.In the present invention, computer-readable recording medium can any include or store journey
The tangible medium of sequence, the program can be commanded the either device use or in connection of execution system, device.And at this
In invention, computer-readable signal media can include in a base band or as carrier wave a part propagation data-signal,
Wherein carry computer-readable program code.The data-signal of this propagation can take various forms, including but unlimited
In electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be that computer can
Any computer-readable medium beyond storage medium is read, the computer-readable medium, which can send, propagates or transmit, to be used for
By instruction execution system, device either device use or program in connection.Included on computer-readable medium
Program code can be transmitted with any appropriate medium, be included but is not limited to:Wirelessly, electric wire, optical cable, RF etc., or it is above-mentioned
Any appropriate combination.
Flow chart and block diagram in accompanying drawing, it is illustrated that according to the system of various embodiments of the invention, method and computer journey
Architectural framework in the cards, function and the operation of sequence product.At this point, each square frame in flow chart or block diagram can generation
The part of one module of table, program segment or code, a part for above-mentioned module, program segment or code include one or more
For realizing the executable instruction of defined logic function.It should also be noted that some as replace realization in, institute in square frame
The function of mark can also be with different from the order marked in accompanying drawing generation.For example, two square frames succeedingly represented are actual
On can perform substantially in parallel, they can also be performed in the opposite order sometimes, and this is depending on involved function.Also
It is noted that the combination of each square frame and block diagram in block diagram or flow chart or the square frame in flow chart, can use and perform rule
Fixed function or the special hardware based system of operation are realized, or can use the group of specialized hardware and computer instruction
Close to realize.
Being described in module involved in the embodiment of the present invention can be realized by way of software, can also be by hard
The mode of part is realized.Described module can also be set within a processor, for example, can be described as:A kind of processor bag
Include determining module, processing module and return to module.Wherein, the title of these modules is not formed to the mould under certain conditions
The restriction of block in itself.
As on the other hand, present invention also offers a kind of computer-readable medium, the computer-readable medium can be
Included in equipment described in above-described embodiment;Can also be individualism, and without be incorporated the equipment in.Above-mentioned calculating
Machine computer-readable recording medium carries one or more program, when said one or multiple programs are performed by the equipment, makes
Obtaining the equipment includes:Built-in system is determined in the solicited message in the case where receiving the solicited message that external system is sent
External system identify corresponding key;The user's that solicited message is used in external system acquisition built-in system is outer corresponding to this
The outer logo of portion's system;Specified information is encrypted based on key for built-in system, to generate user in the external system
In outer logo;The outer logo of user is returned to external system by built-in system.
Technical scheme according to embodiments of the present invention, because using using key corresponding with outer logo to specified letter
Breath is encrypted, and then generates the technological means of the outer logo of user, thus overcome the information of user is carried out every
From when the poor technical problem of existing security reliability, and then improve the technique effect of its security reliability;By that will use
The internal information and external information at family are isolated so that the business side of external system can not be carried out by the external information of user
Crack, while effectively user profile is isolated, improve the security reliability of encryption.
Above-mentioned embodiment, does not form limiting the scope of the invention.Those skilled in the art should be bright
It is white, depending on design requirement and other factors, various modifications, combination, sub-portfolio and replacement can occur.It is any
Modifications, equivalent substitutions and improvements made within the spirit and principles in the present invention etc., should be included in the scope of the present invention
Within.
Claims (12)
- A kind of 1. method of user profile isolation, it is characterised in that built-in system is preserved corresponding to multiple external systems mark Key, methods described includes:Built-in system determines the external system in the solicited message in the case where receiving the solicited message that external system is sent Identify corresponding key;The user's that the solicited message is used in external system acquisition built-in system corresponds to the external system Outer logo;Specified information is encrypted based on the key for built-in system, outer in the external system to generate the user Portion identifies;The outer logo of the user is returned to external system by built-in system.
- 2. according to the method for claim 1, it is characterised in that be internally comprising the user in the information specified User's mark in system.
- 3. according to the method for claim 2, it is characterised in thatContainment mapping identifier is gone back in the information specified;Server network address, service are included in the mapping identifier One or more in device process number and server time stamp;After the step of outer logo of the user is returned to external system by the built-in system, in addition to:Root Key is determined according to the external system mark of external system, according to the key and the outer logo corresponding to the external system of user And external system mark is decrypted to obtain the mapping identifier.
- 4. according to the method for claim 3, it is characterised in thatRandom string is also included in the mapping identifier;And methods described also includes:Preserve between the user's mark of the random string and the user internally in system Mapping table;And after described the step of being decrypted to obtain the mapping identifier, in addition to:According to the mapping identifier In random string, user mark of the user internally in system is inquired in the mapping table.
- 5. method according to any one of claim 1 to 4, it is characterised in that the built-in system is based on the key Specified information is encrypted, included with generating the step of outer logo of the user in the external system:Based on the key, the information specified is subjected to one-time pad encryption using DEA DES, then utilizes coding The data that mode Base64 obtains to the one-time pad encryption carry out secondary encryption to generate the outer logo.
- 6. a kind of device of user profile isolation, it is characterised in that built-in system is preserved corresponding to multiple external systems mark Key, described device includes:Determining module, for built-in system in the case where receiving the solicited message that external system is sent, determine that the request is believed External system in breath identifies corresponding key;The solicited message is used for pair that external system obtains the user in built-in system Should be in the outer logo of the external system;Processing module, specified information is encrypted based on the key for built-in system, to generate the user at this Outer logo in external system;Module is returned, the outer logo of the user is returned into external system for built-in system.
- 7. device according to claim 6, it is characterised in that be internally comprising the user in the information specified User's mark in system.
- 8. device according to claim 7, it is characterised in that go back containment mapping identifier in the information specified;Institute State in mapping identifier comprising the one or more in server network address, server processes number and server time stamp;The processing module is additionally operable to:Identified according to the external system of external system and determine key, according to the key and user It is decrypted to obtain the mapping identifier corresponding to the outer logo of the external system and external system mark.
- 9. device according to claim 8, it is characterised in thatRandom string is also included in the mapping identifier;And described device also includes preserving module, is used for:The random string and the user are preserved internally in system User mark between mapping table;And the processing module, is additionally operable to:According to the random string in the mapping identifier, in the mapping table In inquire user mark of the user internally in system.
- 10. according to the device any one of claim 6-9, it is characterised in that the processing module is used for:Based on the key, the information specified is subjected to one-time pad encryption using DEA DES, then utilizes coding The data that mode Base64 obtains to the one-time pad encryption carry out secondary encryption to generate the outer logo.
- 11. a kind of electronic equipment, it is characterised in that including:One or more processors;Storage device, for storing one or more programs,When one or more of programs are by one or more of computing devices so that one or more of processors are real The now method as described in any in claim 1-5.
- 12. a kind of computer-readable medium, is stored thereon with computer program, it is characterised in that described program is held by processor The method as described in any in claim 1-5 is realized during row.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710784930.4A CN107707528B (en) | 2017-09-04 | 2017-09-04 | Method and device for isolating user information |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710784930.4A CN107707528B (en) | 2017-09-04 | 2017-09-04 | Method and device for isolating user information |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107707528A true CN107707528A (en) | 2018-02-16 |
CN107707528B CN107707528B (en) | 2020-06-30 |
Family
ID=61171928
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710784930.4A Active CN107707528B (en) | 2017-09-04 | 2017-09-04 | Method and device for isolating user information |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107707528B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109491772A (en) * | 2018-09-28 | 2019-03-19 | 深圳财富农场互联网金融服务有限公司 | Business serial number gencration method, apparatus, computer equipment and storage medium |
CN111382409A (en) * | 2020-03-19 | 2020-07-07 | 支付宝(杭州)信息技术有限公司 | Identity authentication method and device for protecting privacy |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102739708A (en) * | 2011-04-07 | 2012-10-17 | 腾讯科技(深圳)有限公司 | System and method for accessing third party application based on cloud platform |
US20130024919A1 (en) * | 2011-07-21 | 2013-01-24 | Microsoft Corporation | Cloud service authentication |
CN103297436A (en) * | 2013-06-14 | 2013-09-11 | 大连三通科技发展有限公司 | Electronic authorization method and system |
CN105812341A (en) * | 2014-12-31 | 2016-07-27 | 阿里巴巴集团控股有限公司 | User identity identifying method and device |
CN106817358A (en) * | 2015-12-02 | 2017-06-09 | 阿里巴巴集团控股有限公司 | The encryption and decryption method and equipment of a kind of user resources |
-
2017
- 2017-09-04 CN CN201710784930.4A patent/CN107707528B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102739708A (en) * | 2011-04-07 | 2012-10-17 | 腾讯科技(深圳)有限公司 | System and method for accessing third party application based on cloud platform |
US20130024919A1 (en) * | 2011-07-21 | 2013-01-24 | Microsoft Corporation | Cloud service authentication |
CN103297436A (en) * | 2013-06-14 | 2013-09-11 | 大连三通科技发展有限公司 | Electronic authorization method and system |
CN105812341A (en) * | 2014-12-31 | 2016-07-27 | 阿里巴巴集团控股有限公司 | User identity identifying method and device |
CN106817358A (en) * | 2015-12-02 | 2017-06-09 | 阿里巴巴集团控股有限公司 | The encryption and decryption method and equipment of a kind of user resources |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109491772A (en) * | 2018-09-28 | 2019-03-19 | 深圳财富农场互联网金融服务有限公司 | Business serial number gencration method, apparatus, computer equipment and storage medium |
CN109491772B (en) * | 2018-09-28 | 2020-10-27 | 深圳财富农场互联网金融服务有限公司 | Service sequence number generation method and device, computer equipment and storage medium |
CN111382409A (en) * | 2020-03-19 | 2020-07-07 | 支付宝(杭州)信息技术有限公司 | Identity authentication method and device for protecting privacy |
Also Published As
Publication number | Publication date |
---|---|
CN107707528B (en) | 2020-06-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20200092267A1 (en) | Secure processing environment for protecting sensitive information | |
US9355389B2 (en) | Purchase transaction system with encrypted payment card data | |
CN107408135A (en) | For carrying out the database server and client of query processing to encryption data | |
CN111934879A (en) | Data transmission encryption method, device, equipment and medium for internal and external network system | |
KR20190061078A (en) | Establish a link between identifiers without disclosing specific identification information | |
CN113179323B (en) | HTTPS request processing method, device and system for load balancing equipment | |
CN107248984A (en) | Data exchange system, method and apparatus | |
CN108880812A (en) | The method and system of data encryption | |
CN110198248A (en) | The method and apparatus for detecting IP address | |
CN112489742B (en) | Prescription circulation processing method and device | |
JP6557338B2 (en) | Concealed similarity search system and similarity concealment search method | |
CN116383867A (en) | Data query method, device, electronic equipment and computer readable medium | |
CN107707528A (en) | A kind of method and apparatus of user profile isolation | |
CN110363025A (en) | A kind of user data privacy management method, apparatus and electronic equipment | |
US20200145200A1 (en) | Attribute-based key management system | |
CN109995534A (en) | The method and apparatus that a kind of pair of application program carries out safety certification | |
CN110492998A (en) | The method of encryption and decryption data | |
CN111008236A (en) | Data query method and system | |
US20200396055A1 (en) | Method and Apparatus for Use in Information Processing | |
CN110351262A (en) | A kind of data interactive method, device, electronic equipment | |
CN110264205A (en) | A kind of electric quotient data cochain method and its equipment applied to block chain | |
CN110490003B (en) | User trusted data generation method, user trusted data acquisition method, device and system | |
CN108694326A (en) | Text encryption method, apparatus and server | |
CN112118208B (en) | Method and device for reporting data | |
CN116933290A (en) | Data query method, device, computer equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |