CN108768962A - Data processing method and device and system - Google Patents
Data processing method and device and system Download PDFInfo
- Publication number
- CN108768962A CN108768962A CN201810449123.1A CN201810449123A CN108768962A CN 108768962 A CN108768962 A CN 108768962A CN 201810449123 A CN201810449123 A CN 201810449123A CN 108768962 A CN108768962 A CN 108768962A
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- client
- encryption data
- sent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/568—Storing data temporarily at an intermediate stage, e.g. caching
- H04L67/5682—Policies or rules for updating, deleting or replacing the stored data
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of data processing method and device and systems.This method includes:Obtain the ID for being sent to the clear data of client and being distributed for clear data;It is to be sent to the clear data of client to be encrypted by the corresponding keys of the ID of distribution, obtains encryption data;Encryption data is sent to client.Through the invention, the efficiency for improving data clearing method has been achieved the effect that.
Description
Technical field
The present invention relates to information security fields, in particular to a kind of data processing method and device and system.
Background technology
The securely held of data is exactly many companies problem of interest always, since the file once deleted is very possible
Restored to obtain former data by data, thus in existing technical solution, the data for being stored in client carry out Safety Sweep
When, the method taken is to cover to write after deleting mostly, the operation is then repeatedly recycled, to reduce the probability that data are resumed.
According to prior art, by covering the operation write after repeatedly recycling deletion, theoretically cycle-index is more, number
It is smaller according to the possibility being resumed, but the number reduced performances that may result in data dump, especially for bigger. more
File.If client terminal quantity is more, Safety Sweep portion data, it is necessary to will execute phase in each client
Same operation, workload are huge.And the safety of the technical solution can not also be verified from point of theory.
For the low problem of data clearing method efficiency in the related technology, currently no effective solution has been proposed.
Invention content
The main purpose of the present invention is to provide a kind of data processing method and device and systems, to solve data dump side
The low problem of method efficiency.
To achieve the goals above, according to an aspect of the invention, there is provided a kind of data processing method, this method packet
It includes:Obtain the ID for being sent to the clear data of client and being distributed for the clear data;It is corresponded to by the ID of the distribution
Key be that the clear data for being sent to client is encrypted, obtain encryption data;The encryption data is sent
To the client.
Further, after the encryption data is sent to the client, the method further includes:Described in reception
The inquiry request that client is sent, wherein the ID of the encryption data is carried in the inquiry request;According to the encryption number
According to ID inquire corresponding key;The corresponding keys of the ID of the encryption data are sent to the client.
Further, the corresponding keys of the ID of the encryption data are sent to the client includes:According to preset
The corresponding keys of the ID of the encryption data are encrypted in encryption rule, obtain encrypted key;After sending the encryption
Key to the client.
Further, after the encryption data being sent to the client, the method further includes:In the encryption
In the case of data fit data dump condition, the corresponding keys of the ID of the encryption data are deleted.
To achieve the goals above, according to an aspect of the invention, there is provided a kind of data processing method, this method packet
It includes:Receive encryption data;The encryption data is parsed, the ID values of the encryption data are obtained;According to the encryption number
According to ID values inquire corresponding key to server;The encryption data is decrypted in memory based on the key, is obtained
Clear data after to decryption.
Further, after the clear data after being decrypted, the method further includes:It is used in the clear data
After completion, the clear data is deleted from memory.
Further, including to the corresponding key of server inquiry according to the ID values of the encryption data:According to described
The ID values of encryption data inquire to obtain encrypted key to server;According to preset encryption rule to described encrypted close
Key is decrypted, and obtains clear text key;Wherein, the encryption data is decrypted in memory based on the clear text key.
To achieve the goals above, according to another aspect of the present invention, a kind of data processing system is additionally provided, the system
Including server, the ID for being sent to the clear data of client and being distributed for the clear data is obtained;Pass through the distribution
The corresponding keys of ID be that the clear data for being sent to client is encrypted, obtain encryption data;By the encryption
Data are sent to the client, client, for receiving encryption data;The encryption data is parsed, is obtained described
The ID values of encryption data;According to the ID values of the encryption data corresponding key is inquired to server;Including the key
The encryption data is decrypted in depositing, the clear data after being decrypted.
To achieve the goals above, according to another aspect of the present invention, a kind of data processing equipment is additionally provided, the device
Including:Acquiring unit, for obtaining the ID for being sent to the clear data of client and being distributed for the clear data;Encryption is single
Member is that the clear data for being sent to client is encrypted for the corresponding keys of ID by the distribution, obtains
Encryption data;Transmission unit, for the encryption data to be sent to the client.
To achieve the goals above, according to another aspect of the present invention, a kind of data processing equipment is additionally provided, the device
Including:Receiving unit, for receiving encryption data;Resolution unit obtains described add for being parsed to the encryption data
The ID values of ciphertext data;Query unit, for inquiring corresponding key to server according to the ID values of the encryption data;Decryption is single
Member is in memory decrypted the encryption data for being based on the key, the clear data after being decrypted.
To achieve the goals above, according to another aspect of the present invention, a kind of storage medium is additionally provided, including storage
Program, wherein the data processing method of the present invention of equipment where controlling the storage medium when described program is run.
To achieve the goals above, according to another aspect of the present invention, a kind of processor is additionally provided, for running journey
Sequence, wherein described program executes data processing method of the present invention when running.
The present invention is by obtaining the ID for being sent to the clear data of client and being distributed for clear data;Pass through distribution
The corresponding keys of ID are to be sent to the clear data of client to be encrypted, and obtain encryption data;Encryption data is sent to
Client solves the problems, such as that data clearing method efficiency is low, and then has achieved the effect that the efficiency for improving data clearing method.
Description of the drawings
The attached drawing constituted part of this application is used to provide further understanding of the present invention, schematic reality of the invention
Example and its explanation are applied for explaining the present invention, is not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is the schematic diagram of data processing system according to the ... of the embodiment of the present invention;
Fig. 2 is the flow chart of data processing method according to a first embodiment of the present invention;
Fig. 3 is the flow chart of data processing method according to a second embodiment of the present invention;
Fig. 4 is the schematic diagram of data processing equipment according to a first embodiment of the present invention;And
Fig. 5 is the schematic diagram of data processing equipment according to a second embodiment of the present invention.
Specific implementation mode
It should be noted that in the absence of conflict, the features in the embodiments and the embodiments of the present application can phase
Mutually combination.The present invention will be described in detail below with reference to the accompanying drawings and embodiments.
In order to make those skilled in the art more fully understand application scheme, below in conjunction in the embodiment of the present application
Attached drawing, technical solutions in the embodiments of the present application are clearly and completely described, it is clear that described embodiment is only
The embodiment of the application part, instead of all the embodiments.Based on the embodiment in the application, ordinary skill people
The every other embodiment that member is obtained without making creative work should all belong to the model of the application protection
It encloses.
It should be noted that term " first " in the description and claims of this application and above-mentioned attached drawing, "
Two " etc. be for distinguishing similar object, without being used to describe specific sequence or precedence.It should be appreciated that using in this way
Data can be interchanged in the appropriate case, so as to embodiments herein described herein.In addition, term " comprising " and " tool
Have " and their any deformation, it is intended that cover it is non-exclusive include, for example, containing series of steps or unit
Process, method, system, product or equipment those of are not necessarily limited to clearly to list step or unit, but may include without clear
It is listing to Chu or for these processes, method, product or equipment intrinsic other steps or unit.
An embodiment of the present invention provides a kind of data processing systems.
Fig. 1 is the schematic diagram of data processing system according to the ... of the embodiment of the present invention, as shown in Figure 1, the system includes service
Device and client.
Server 01 obtains the ID for being sent to the clear data of client and being distributed for clear data;Pass through distribution
The corresponding keys of ID are to be sent to the clear data of client to be encrypted, and obtain encryption data;Encryption data is sent to
Client,
Client 02, for receiving encryption data;Encryption data is parsed, the ID values of encryption data are obtained;According to
The ID values of encryption data inquire corresponding key to server;Encryption data is decrypted in memory based on key, is obtained
Clear data after decryption.
Before data distributing to client, clear data will be encrypted to obtain encryption data, ciphering process for server
The encryption method of middle use:It is that clear data distributes ID first, is then the plaintext according to the corresponding keys of the ID of clear data
Data are encrypted, and ID and key can be advance binding storages, can also be to generate and distribute temporarily according to clear data
, the corresponding keys of the ID can be inquired according to ID, encryption data to be decrypted.Client is sent to after data encryption
End.
After client receives encryption data, ID can be parsed from encryption data, inquired to server according to ID
Corresponding key is directly in memory decrypted encryption data after obtaining key, the clear data after being decrypted, due to
Be directly decrypt in memory, in this way, clear data using complete after, can directly delete file, after deletion data without
Method is restored, even if data are resumed, due to being encryption data, can only be restored to ciphertext data, can not obtain key, can not be right
The ciphertext data are identified, thus can only delete data, no longer need to carry out additional erasing operation data can be realized
Safety Sweep, compared with the prior art in data clearing method, improve the efficiency of data dump.
In embodiments of the present invention, whole system can be divided into three parts, two server and client sides, and server can be with
Including Key Management server and data server, two servers can focus in a server, can also be used as two
A independent server, wherein Key Management server is responsible for the relevant data of key, and data server calls close first
Key management server generates a key and a unique ID value, the key and ID values are stored in Key Management server,
Middle key is that ciphertext preserves, and then data server is encrypted using the data that the key pair issues, then by ciphertext data and
ID values are handed down to client, and client preserves after receiving ciphertext data.
When client will use the data preserved, obtained first from Key Management server according to the corresponding ID values of ciphertext data
The corresponding key of ciphertext data is taken, then in memory ciphertext data are decrypted to obtain clear data using the key,
Directly there is deletion from interior after having used.
When needing the data to client to carry out Safety Sweep (for example, carrying out data dump at regular intervals), only
It needs to call Key Management server to delete the corresponding keys of the ID according to the corresponding ID of the data in data server.
Since key is deleted, the ciphertext data of client storage will be unable to be decrypted, to reach the mesh of data safety removing
's.
An embodiment of the present invention provides a kind of data processing methods.
Fig. 2 is the flow chart of data processing method according to a first embodiment of the present invention, as shown in Fig. 2, this method includes
Following steps:
Step S102:Obtain the ID for being sent to the clear data of client and being distributed for clear data;
Step S104:It is to be sent to the clear data of client to be encrypted by the corresponding keys of the ID of distribution, obtains
To encryption data;
Step S106:Encryption data is sent to client.
The embodiment uses the ID for obtaining and being sent to the clear data of client and being distributed for clear data;Pass through distribution
The corresponding keys of ID be to be sent to the clear data of client to be encrypted, obtain encryption data;Encryption data is sent
It to client, solves the problems, such as that data clearing method efficiency is low, and then has reached the effect for the efficiency for improving data clearing method
Fruit.
The technical solution of the embodiment of the present invention is that server executes, and in embodiments of the present invention, server acquisition will count
Before being issued to client, clear data is encrypted to obtain encryption data, the encryption method used in ciphering process:It is first
It is first that clear data distributes ID, is then that the clear data is encrypted according to the corresponding keys of the ID of clear data, ID and close
Key can be advance binding storage, can also be to generate and distribute temporarily according to clear data, can be inquired according to ID
The corresponding keys of the ID, encryption data to be decrypted.Client is sent to after data encryption.
After client receives encryption data, ID can be parsed from encryption data, inquired to server according to ID
Corresponding key is directly in memory decrypted encryption data after obtaining key, the clear data after being decrypted, due to
Be directly decrypt in memory, in this way, clear data using complete after, can directly delete file, after deletion data without
Method is restored, even if data are resumed, due to being encryption data, can only be restored to ciphertext data, can not obtain key, can not be right
The ciphertext data are identified, thus can only delete data, no longer need to carry out additional erasing operation data can be realized
Safety Sweep.
Optionally, after encryption data is sent to client, the inquiry request that client is sent is received, wherein look into
Ask the ID that encryption data is carried in request;Corresponding key is inquired according to the ID of encryption data;The ID of encryption data is corresponded to
Key be sent to client.
Optionally, the corresponding keys of the ID of encryption data are sent to client includes:According to preset encryption rule pair
The corresponding keys of ID of encryption data are encrypted, and obtain encrypted key;Encrypted key is sent to client.
Client is according to the key corresponding with the ID stored in the ID inquiry servers parsed in encryption data, so
The key is sent to client afterwards, client according to key pair encryption data for being decrypted.As a preferred method,
Key itself is also encrypting storing and transmission, and the encryption rule of key is that server and client side knows, for example, root
According to default number rule encryption, even if can not know that key itself is if key from stealing arrives stealer in transmission process
Content cannot be used for that the data of client are decrypted, can further increase the safety of data, be also beneficial to data
Safety Sweep.
Optionally, after encryption data being sent to client, in the case where encryption data meets data dump condition,
The corresponding keys of the ID of encryption data are deleted.
Data dump condition can be the condition pre-set, for example, time conditions or quantity term, every a timing
Between by data dump, often run up to certain quantity by data dump, for client, data dump can be in data
It is removed after the completion of use.Data dump condition can be adjusted according to concrete application scene.
Fig. 3 is the flow chart of data processing method according to a second embodiment of the present invention, as shown in figure 3, the data processing
Method includes:
Step S202:Receive encryption data;
Step S204:Encryption data is parsed, the ID values of encryption data are obtained;
Step S206:According to the ID values of encryption data corresponding key is inquired to server;
Step S208:Encryption data is decrypted in memory based on key, the clear data after being decrypted.
The embodiment is using reception encryption data;The encryption data is parsed, the ID of the encryption data is obtained
Value;According to the ID values of the encryption data corresponding key is inquired to server;Added in memory to described based on the key
Ciphertext data is decrypted, the clear data after being decrypted, and solves the problems, such as that data clearing method efficiency is low, and then reach
Improve the effect of the efficiency of data clearing method.
The technical solution of the embodiment of the present invention is client executing, and in embodiments of the present invention, client, which receives, to be added
After ciphertext data, ID can be parsed from encryption data, corresponding key is inquired to server according to ID, obtained straight after key
It connects and encryption data is decrypted in memory, the clear data after being decrypted, due to being directly to decrypt in memory, this
Sample can directly delete file after clear data is using completing, and data can not be restored after deletion, even if data are resumed,
Due to being encryption data, ciphertext data can only be restored to, key can not be obtained, which can not be identified, because
And can only delete data, it no longer needs to carry out the Safety Sweep that data can be realized in additional erasing operation, compared to existing
Data clearing method in technology improves the efficiency of data dump.
Optionally, after the clear data after being decrypted, clear data using complete after, by clear data from
It is deleted in memory.The decryption of data is completed in the memory of client, can be from memory after data deciphering use
It deletes, since whole process is that in memory, data can not be resumed, since the file in memory can not be resumed, compares
In in the related technology preserving file in the buffer, it can more play the protective effect to data and also may be used in data dump
Directly to delete without repeatedly erasing, data dump efficiency is improved.
Optionally, including to the corresponding key of server inquiry according to the ID values of encryption data:According to encryption data
ID values inquire to obtain encrypted key to server;Encrypted key is decrypted according to preset encryption rule, is obtained
To clear text key;Wherein, encryption data is decrypted in memory based on clear text key.
Key itself is also encrypted, and the transmission process of key is also encrypted, after client obtains encrypted key
By secret key decryption, key is obtained, then be decrypted with key pair encryption data, improve the safety of cipher key delivery.
It should be noted that step shown in the flowchart of the accompanying drawings can be in such as a group of computer-executable instructions
It is executed in computer system, although also, logical order is shown in flow charts, and it in some cases, can be with not
The sequence being same as herein executes shown or described step.
An embodiment of the present invention provides a kind of data processing equipment, which can be used for executing the number of the embodiment of the present invention
According to processing method.
Fig. 4 is the schematic diagram of data processing equipment according to a first embodiment of the present invention, as shown in figure 4, the device includes:
Acquiring unit 10, for obtaining the ID for being sent to the clear data of client and being distributed for clear data;
Encryption unit 20 is to be sent to the clear data of client to be added for the corresponding keys of ID by distribution
It is close, obtain encryption data;
Transmission unit 30, for encryption data to be sent to client.
The embodiment use acquiring unit 10, for obtains be sent to client clear data and for clear data divide
The ID matched;Encryption unit 20 is to be sent to the clear data of client to be added for the corresponding keys of ID by distribution
It is close, obtain encryption data;Transmission unit 30, for encryption data to be sent to client, to solve data clearing method
The low problem of efficiency, and then achieved the effect that the efficiency for improving data clearing method.
Fig. 5 is the schematic diagram of data processing equipment according to a second embodiment of the present invention, as shown in figure 5, the device includes:
Receiving unit 40, for receiving encryption data;
Resolution unit 50 obtains the ID values of encryption data for being parsed to encryption data;
Query unit 60, for inquiring corresponding key to server according to the ID values of encryption data;
Decryption unit 70 is in memory decrypted encryption data for being based on key, the plaintext number after being decrypted
According to.
The embodiment uses receiving unit 40, for receiving encryption data;Resolution unit 50, for being carried out to encryption data
Parsing, obtains the ID values of encryption data;Query unit 60, it is corresponding close for being inquired to server according to the ID values of encryption data
Key;Decryption unit 70 is in memory decrypted encryption data for being based on key, the clear data after being decrypted, from
And solve the problems, such as that data clearing method efficiency is low, and then achieved the effect that the efficiency for improving data clearing method.
The data processing equipment includes processor and memory, and above-mentioned acquiring unit, transmission unit, connects encryption unit
It receives unit and resolution unit etc. and is used as program unit storage in memory, executed on stored in memory by processor
Program unit is stated to realize corresponding function.
Include kernel in processor, is gone in memory to transfer corresponding program unit by kernel.Kernel can be arranged one
Or more, the efficiency of data clearing method is improved by adjusting kernel parameter.
Memory may include computer-readable medium in volatile memory, random access memory (RAM) and/
Or the forms such as Nonvolatile memory, if read-only memory (ROM) or flash memory (flash RAM), memory include at least one deposit
Store up chip.
An embodiment of the present invention provides a kind of storage mediums, are stored thereon with program, real when which is executed by processor
The existing data processing method.
An embodiment of the present invention provides a kind of processor, the processor is for running program, wherein described program is run
Data processing method described in Shi Zhihang.
An embodiment of the present invention provides a kind of equipment, equipment include processor, memory and storage on a memory and can
The program run on a processor, processor realize following steps when executing program:Obtain the plaintext number for being sent to client
According to the ID that is distributed for clear data;It is to be sent to the clear data of client to be added by the corresponding keys of the ID of distribution
It is close, obtain encryption data;Encryption data is sent to client.Equipment herein can be server, PC, PAD, mobile phone
Deng.
Present invention also provides a kind of computer program products, when being executed on data processing equipment, are adapted for carrying out just
The program of beginningization there are as below methods step:Obtain the ID for being sent to the clear data of client and being distributed for clear data;It is logical
The corresponding keys of ID for crossing distribution are to be sent to the clear data of client to be encrypted, and obtain encryption data;Number will be encrypted
According to being sent to client.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application
Apply the form of example.Moreover, the application can be used in one or more wherein include computer usable program code computer
The computer program production implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The application is with reference to method, the flow of equipment (system) and computer program product according to the embodiment of the present application
Figure and/or block diagram describe.It should be understood that can be realized by computer program instructions every first-class in flowchart and/or the block diagram
The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided
Instruct the processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine so that the instruction executed by computer or the processor of other programmable data processing devices is generated for real
The device for the function of being specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that instruction generation stored in the computer readable memory includes referring to
Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device so that count
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computer or
The instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in a box or multiple boxes.
In a typical configuration, computing device includes one or more processors (CPU), input/output interface, net
Network interface and memory.
Memory may include computer-readable medium in volatile memory, random access memory (RAM) and/
Or the forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable Jie
The example of matter.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology realizes information storage.Information can be computer-readable instruction, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moves
State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable
Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM),
Digital versatile disc (DVD) or other optical storages, magnetic tape cassette, tape magnetic disk storage or other magnetic storage apparatus
Or any other non-transmission medium, it can be used for storage and can be accessed by a computing device information.As defined in this article, it calculates
Machine readable medium does not include temporary computer readable media (transitory media), such as data-signal and carrier wave of modulation.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability
Including so that process, method, commodity or equipment including a series of elements include not only those elements, but also wrap
Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including element
There is also other identical elements in process, method, commodity or equipment.
It will be understood by those skilled in the art that embodiments herein can be provided as method, system or computer program product.
Therefore, complete hardware embodiment, complete software embodiment or embodiment combining software and hardware aspects can be used in the application
Form.It is deposited moreover, the application can be used to can be used in the computer that one or more wherein includes computer usable program code
The shape for the computer program product implemented on storage media (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
Formula.
It these are only embodiments herein, be not intended to limit this application.To those skilled in the art,
The application can have various modifications and variations.It is all within spirit herein and principle made by any modification, equivalent replacement,
Improve etc., it should be included within the scope of claims hereof.
Claims (12)
1. a kind of data processing method, which is characterized in that including:
Obtain the ID for being sent to the clear data of client and being distributed for the clear data;
It is that the clear data for being sent to client is encrypted by the corresponding keys of the ID of the distribution, is encrypted
Data;
The encryption data is sent to the client.
2. according to the method described in claim 1, it is characterized in that, by the encryption data be sent to the client it
Afterwards, the method further includes:
Receive the inquiry request that the client is sent, wherein the ID of the encryption data is carried in the inquiry request;
Corresponding key is inquired according to the ID of the encryption data;
The corresponding keys of the ID of the encryption data are sent to the client.
3. according to the method described in claim 2, it is characterized in that, the corresponding keys of the ID of the encryption data are sent to institute
Stating client includes:
The corresponding keys of the ID of the encryption data are encrypted according to preset encryption rule, obtain encrypted key;
The encrypted key is sent to the client.
4. according to the method described in claim 1, it is characterized in that, after the encryption data is sent to the client,
The method further includes:
In the case where the encryption data meets data dump condition, the corresponding keys of the ID of the encryption data are deleted.
5. a kind of data processing method, which is characterized in that including:
Receive encryption data;
The encryption data is parsed, the ID values of the encryption data are obtained;
According to the ID values of the encryption data corresponding key is inquired to server;
The encryption data is decrypted in memory based on the key, the clear data after being decrypted.
6. according to the method described in claim 5, it is characterized in that, after the clear data after being decrypted, the method
Further include:
After the clear data is using completing, the clear data is deleted from memory.
7. according to the method described in claim 5, it is characterized in that, being inquired to server according to the ID values of the encryption data
Corresponding key includes:
It is inquired to server to obtain encrypted key according to the ID values of the encryption data;
The encrypted key is decrypted according to preset encryption rule, obtains clear text key;
Wherein, the encryption data is decrypted in memory based on the clear text key.
8. a kind of data processing system, which is characterized in that including:
Server,
Obtain the ID for being sent to the clear data of client and being distributed for the clear data;
It is that the clear data for being sent to client is encrypted by the corresponding keys of the ID of the distribution, is encrypted
Data;
The encryption data is sent to the client,
Client,
For receiving encryption data;
The encryption data is parsed, the ID values of the encryption data are obtained;
According to the ID values of the encryption data corresponding key is inquired to server;
The encryption data is decrypted in memory based on the key, the clear data after being decrypted.
9. a kind of data processing equipment, which is characterized in that including:
Acquiring unit, for obtaining the ID for being sent to the clear data of client and being distributed for the clear data;
Encryption unit is that the clear data for being sent to client carries out for the corresponding keys of ID by the distribution
Encryption, obtains encryption data;
Transmission unit, for the encryption data to be sent to the client.
10. a kind of data processing equipment, which is characterized in that including:
Receiving unit, for receiving encryption data;
Resolution unit obtains the ID values of the encryption data for being parsed to the encryption data;
Query unit, for inquiring corresponding key to server according to the ID values of the encryption data;
Decryption unit is in memory decrypted the encryption data for being based on the key, the plaintext after being decrypted
Data.
11. a kind of storage medium, which is characterized in that the storage medium includes the program of storage, wherein run in described program
When control the storage medium where equipment perform claim require data processing method described in any one of 1 to 7.
12. a kind of processor, which is characterized in that the processor is for running program, wherein right of execution when described program is run
Profit requires the data processing method described in any one of 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810449123.1A CN108768962A (en) | 2018-05-11 | 2018-05-11 | Data processing method and device and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810449123.1A CN108768962A (en) | 2018-05-11 | 2018-05-11 | Data processing method and device and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108768962A true CN108768962A (en) | 2018-11-06 |
Family
ID=64010177
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810449123.1A Pending CN108768962A (en) | 2018-05-11 | 2018-05-11 | Data processing method and device and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108768962A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110647758A (en) * | 2019-08-22 | 2020-01-03 | 南京晨光集团有限责任公司 | Data encryption-based data protection and removal method |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120072713A1 (en) * | 2010-09-17 | 2012-03-22 | International Business Machines Corporation | General Purpose Distributed Encrypted File System |
CN103037246A (en) * | 2011-10-10 | 2013-04-10 | 华为技术有限公司 | Encryption content distribution method and conditional access device and system |
CN106650482A (en) * | 2015-11-04 | 2017-05-10 | 阿里巴巴集团控股有限公司 | Electronic file encryption method and device, electronic file decryption method and device and electronic file encryption and decryption system |
CN107665311A (en) * | 2016-07-28 | 2018-02-06 | 中国电信股份有限公司 | Authentication Client, encryption data access method and system |
-
2018
- 2018-05-11 CN CN201810449123.1A patent/CN108768962A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120072713A1 (en) * | 2010-09-17 | 2012-03-22 | International Business Machines Corporation | General Purpose Distributed Encrypted File System |
CN103037246A (en) * | 2011-10-10 | 2013-04-10 | 华为技术有限公司 | Encryption content distribution method and conditional access device and system |
CN106650482A (en) * | 2015-11-04 | 2017-05-10 | 阿里巴巴集团控股有限公司 | Electronic file encryption method and device, electronic file decryption method and device and electronic file encryption and decryption system |
CN107665311A (en) * | 2016-07-28 | 2018-02-06 | 中国电信股份有限公司 | Authentication Client, encryption data access method and system |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110647758A (en) * | 2019-08-22 | 2020-01-03 | 南京晨光集团有限责任公司 | Data encryption-based data protection and removal method |
CN110647758B (en) * | 2019-08-22 | 2021-08-03 | 南京晨光集团有限责任公司 | Data encryption-based data protection and removal method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9037870B1 (en) | Method and system for providing a rotating key encrypted file system | |
CN103259762B (en) | A kind of file encryption based on cloud storage, decryption method and system | |
US9100170B2 (en) | File packing and unpacking method, and device thereof | |
Hoang et al. | A secure searchable encryption framework for privacy-critical cloud storage services | |
CN106209739A (en) | Cloud storage method and system | |
CN108520183A (en) | A kind of date storage method and device | |
CN102693398A (en) | Data encryption method and system | |
CN204360381U (en) | mobile device | |
CN113536362B (en) | Quantum key management method and system based on security chip carrier | |
US20190222414A1 (en) | System and method for controlling usage of cryptographic keys | |
CN114327261B (en) | Data file storage method and data security agent | |
CN103873236A (en) | Searchable encryption method and equipment thereof | |
CN110224808A (en) | Bank data sharing method and relevant device based on block chain | |
CN106231346A (en) | A kind of distributed cryptographic method for offline video | |
CN104660590A (en) | Cloud storage scheme for file encryption security | |
CN104092672A (en) | Method for encrypting and decrypting information by means of ciphertext storage gateway | |
CN103457952A (en) | IPSec processing method and device based on encrypting engine | |
CN103152346A (en) | Privacy protection method, server and system of massive users | |
CN104601820A (en) | Mobile terminal information protection method based on TF password card | |
Bhargav et al. | A review on cryptography in cloud computing | |
CN109063496A (en) | A kind of method and device of data processing | |
CN106991332A (en) | The method and device that a kind of mass data is stored safely | |
CN100435509C (en) | Encipher treating method and encipher treating device | |
CN108768962A (en) | Data processing method and device and system | |
CN104202166B (en) | A kind of erp system datas encryption method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181106 |