CN108768962A - Data processing method and device and system - Google Patents

Data processing method and device and system Download PDF

Info

Publication number
CN108768962A
CN108768962A CN201810449123.1A CN201810449123A CN108768962A CN 108768962 A CN108768962 A CN 108768962A CN 201810449123 A CN201810449123 A CN 201810449123A CN 108768962 A CN108768962 A CN 108768962A
Authority
CN
China
Prior art keywords
data
encryption
client
encryption data
sent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810449123.1A
Other languages
Chinese (zh)
Inventor
丁敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Haitai Fangyuan High Technology Co Ltd
Original Assignee
Beijing Haitai Fangyuan High Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Haitai Fangyuan High Technology Co Ltd filed Critical Beijing Haitai Fangyuan High Technology Co Ltd
Priority to CN201810449123.1A priority Critical patent/CN108768962A/en
Publication of CN108768962A publication Critical patent/CN108768962A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/568Storing data temporarily at an intermediate stage, e.g. caching
    • H04L67/5682Policies or rules for updating, deleting or replacing the stored data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of data processing method and device and systems.This method includes:Obtain the ID for being sent to the clear data of client and being distributed for clear data;It is to be sent to the clear data of client to be encrypted by the corresponding keys of the ID of distribution, obtains encryption data;Encryption data is sent to client.Through the invention, the efficiency for improving data clearing method has been achieved the effect that.

Description

Data processing method and device and system
Technical field
The present invention relates to information security fields, in particular to a kind of data processing method and device and system.
Background technology
The securely held of data is exactly many companies problem of interest always, since the file once deleted is very possible Restored to obtain former data by data, thus in existing technical solution, the data for being stored in client carry out Safety Sweep When, the method taken is to cover to write after deleting mostly, the operation is then repeatedly recycled, to reduce the probability that data are resumed.
According to prior art, by covering the operation write after repeatedly recycling deletion, theoretically cycle-index is more, number It is smaller according to the possibility being resumed, but the number reduced performances that may result in data dump, especially for bigger. more File.If client terminal quantity is more, Safety Sweep portion data, it is necessary to will execute phase in each client Same operation, workload are huge.And the safety of the technical solution can not also be verified from point of theory.
For the low problem of data clearing method efficiency in the related technology, currently no effective solution has been proposed.
Invention content
The main purpose of the present invention is to provide a kind of data processing method and device and systems, to solve data dump side The low problem of method efficiency.
To achieve the goals above, according to an aspect of the invention, there is provided a kind of data processing method, this method packet It includes:Obtain the ID for being sent to the clear data of client and being distributed for the clear data;It is corresponded to by the ID of the distribution Key be that the clear data for being sent to client is encrypted, obtain encryption data;The encryption data is sent To the client.
Further, after the encryption data is sent to the client, the method further includes:Described in reception The inquiry request that client is sent, wherein the ID of the encryption data is carried in the inquiry request;According to the encryption number According to ID inquire corresponding key;The corresponding keys of the ID of the encryption data are sent to the client.
Further, the corresponding keys of the ID of the encryption data are sent to the client includes:According to preset The corresponding keys of the ID of the encryption data are encrypted in encryption rule, obtain encrypted key;After sending the encryption Key to the client.
Further, after the encryption data being sent to the client, the method further includes:In the encryption In the case of data fit data dump condition, the corresponding keys of the ID of the encryption data are deleted.
To achieve the goals above, according to an aspect of the invention, there is provided a kind of data processing method, this method packet It includes:Receive encryption data;The encryption data is parsed, the ID values of the encryption data are obtained;According to the encryption number According to ID values inquire corresponding key to server;The encryption data is decrypted in memory based on the key, is obtained Clear data after to decryption.
Further, after the clear data after being decrypted, the method further includes:It is used in the clear data After completion, the clear data is deleted from memory.
Further, including to the corresponding key of server inquiry according to the ID values of the encryption data:According to described The ID values of encryption data inquire to obtain encrypted key to server;According to preset encryption rule to described encrypted close Key is decrypted, and obtains clear text key;Wherein, the encryption data is decrypted in memory based on the clear text key.
To achieve the goals above, according to another aspect of the present invention, a kind of data processing system is additionally provided, the system Including server, the ID for being sent to the clear data of client and being distributed for the clear data is obtained;Pass through the distribution The corresponding keys of ID be that the clear data for being sent to client is encrypted, obtain encryption data;By the encryption Data are sent to the client, client, for receiving encryption data;The encryption data is parsed, is obtained described The ID values of encryption data;According to the ID values of the encryption data corresponding key is inquired to server;Including the key The encryption data is decrypted in depositing, the clear data after being decrypted.
To achieve the goals above, according to another aspect of the present invention, a kind of data processing equipment is additionally provided, the device Including:Acquiring unit, for obtaining the ID for being sent to the clear data of client and being distributed for the clear data;Encryption is single Member is that the clear data for being sent to client is encrypted for the corresponding keys of ID by the distribution, obtains Encryption data;Transmission unit, for the encryption data to be sent to the client.
To achieve the goals above, according to another aspect of the present invention, a kind of data processing equipment is additionally provided, the device Including:Receiving unit, for receiving encryption data;Resolution unit obtains described add for being parsed to the encryption data The ID values of ciphertext data;Query unit, for inquiring corresponding key to server according to the ID values of the encryption data;Decryption is single Member is in memory decrypted the encryption data for being based on the key, the clear data after being decrypted.
To achieve the goals above, according to another aspect of the present invention, a kind of storage medium is additionally provided, including storage Program, wherein the data processing method of the present invention of equipment where controlling the storage medium when described program is run.
To achieve the goals above, according to another aspect of the present invention, a kind of processor is additionally provided, for running journey Sequence, wherein described program executes data processing method of the present invention when running.
The present invention is by obtaining the ID for being sent to the clear data of client and being distributed for clear data;Pass through distribution The corresponding keys of ID are to be sent to the clear data of client to be encrypted, and obtain encryption data;Encryption data is sent to Client solves the problems, such as that data clearing method efficiency is low, and then has achieved the effect that the efficiency for improving data clearing method.
Description of the drawings
The attached drawing constituted part of this application is used to provide further understanding of the present invention, schematic reality of the invention Example and its explanation are applied for explaining the present invention, is not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is the schematic diagram of data processing system according to the ... of the embodiment of the present invention;
Fig. 2 is the flow chart of data processing method according to a first embodiment of the present invention;
Fig. 3 is the flow chart of data processing method according to a second embodiment of the present invention;
Fig. 4 is the schematic diagram of data processing equipment according to a first embodiment of the present invention;And
Fig. 5 is the schematic diagram of data processing equipment according to a second embodiment of the present invention.
Specific implementation mode
It should be noted that in the absence of conflict, the features in the embodiments and the embodiments of the present application can phase Mutually combination.The present invention will be described in detail below with reference to the accompanying drawings and embodiments.
In order to make those skilled in the art more fully understand application scheme, below in conjunction in the embodiment of the present application Attached drawing, technical solutions in the embodiments of the present application are clearly and completely described, it is clear that described embodiment is only The embodiment of the application part, instead of all the embodiments.Based on the embodiment in the application, ordinary skill people The every other embodiment that member is obtained without making creative work should all belong to the model of the application protection It encloses.
It should be noted that term " first " in the description and claims of this application and above-mentioned attached drawing, " Two " etc. be for distinguishing similar object, without being used to describe specific sequence or precedence.It should be appreciated that using in this way Data can be interchanged in the appropriate case, so as to embodiments herein described herein.In addition, term " comprising " and " tool Have " and their any deformation, it is intended that cover it is non-exclusive include, for example, containing series of steps or unit Process, method, system, product or equipment those of are not necessarily limited to clearly to list step or unit, but may include without clear It is listing to Chu or for these processes, method, product or equipment intrinsic other steps or unit.
An embodiment of the present invention provides a kind of data processing systems.
Fig. 1 is the schematic diagram of data processing system according to the ... of the embodiment of the present invention, as shown in Figure 1, the system includes service Device and client.
Server 01 obtains the ID for being sent to the clear data of client and being distributed for clear data;Pass through distribution The corresponding keys of ID are to be sent to the clear data of client to be encrypted, and obtain encryption data;Encryption data is sent to Client,
Client 02, for receiving encryption data;Encryption data is parsed, the ID values of encryption data are obtained;According to The ID values of encryption data inquire corresponding key to server;Encryption data is decrypted in memory based on key, is obtained Clear data after decryption.
Before data distributing to client, clear data will be encrypted to obtain encryption data, ciphering process for server The encryption method of middle use:It is that clear data distributes ID first, is then the plaintext according to the corresponding keys of the ID of clear data Data are encrypted, and ID and key can be advance binding storages, can also be to generate and distribute temporarily according to clear data , the corresponding keys of the ID can be inquired according to ID, encryption data to be decrypted.Client is sent to after data encryption End.
After client receives encryption data, ID can be parsed from encryption data, inquired to server according to ID Corresponding key is directly in memory decrypted encryption data after obtaining key, the clear data after being decrypted, due to Be directly decrypt in memory, in this way, clear data using complete after, can directly delete file, after deletion data without Method is restored, even if data are resumed, due to being encryption data, can only be restored to ciphertext data, can not obtain key, can not be right The ciphertext data are identified, thus can only delete data, no longer need to carry out additional erasing operation data can be realized Safety Sweep, compared with the prior art in data clearing method, improve the efficiency of data dump.
In embodiments of the present invention, whole system can be divided into three parts, two server and client sides, and server can be with Including Key Management server and data server, two servers can focus in a server, can also be used as two A independent server, wherein Key Management server is responsible for the relevant data of key, and data server calls close first Key management server generates a key and a unique ID value, the key and ID values are stored in Key Management server, Middle key is that ciphertext preserves, and then data server is encrypted using the data that the key pair issues, then by ciphertext data and ID values are handed down to client, and client preserves after receiving ciphertext data.
When client will use the data preserved, obtained first from Key Management server according to the corresponding ID values of ciphertext data The corresponding key of ciphertext data is taken, then in memory ciphertext data are decrypted to obtain clear data using the key, Directly there is deletion from interior after having used.
When needing the data to client to carry out Safety Sweep (for example, carrying out data dump at regular intervals), only It needs to call Key Management server to delete the corresponding keys of the ID according to the corresponding ID of the data in data server. Since key is deleted, the ciphertext data of client storage will be unable to be decrypted, to reach the mesh of data safety removing 's.
An embodiment of the present invention provides a kind of data processing methods.
Fig. 2 is the flow chart of data processing method according to a first embodiment of the present invention, as shown in Fig. 2, this method includes Following steps:
Step S102:Obtain the ID for being sent to the clear data of client and being distributed for clear data;
Step S104:It is to be sent to the clear data of client to be encrypted by the corresponding keys of the ID of distribution, obtains To encryption data;
Step S106:Encryption data is sent to client.
The embodiment uses the ID for obtaining and being sent to the clear data of client and being distributed for clear data;Pass through distribution The corresponding keys of ID be to be sent to the clear data of client to be encrypted, obtain encryption data;Encryption data is sent It to client, solves the problems, such as that data clearing method efficiency is low, and then has reached the effect for the efficiency for improving data clearing method Fruit.
The technical solution of the embodiment of the present invention is that server executes, and in embodiments of the present invention, server acquisition will count Before being issued to client, clear data is encrypted to obtain encryption data, the encryption method used in ciphering process:It is first It is first that clear data distributes ID, is then that the clear data is encrypted according to the corresponding keys of the ID of clear data, ID and close Key can be advance binding storage, can also be to generate and distribute temporarily according to clear data, can be inquired according to ID The corresponding keys of the ID, encryption data to be decrypted.Client is sent to after data encryption.
After client receives encryption data, ID can be parsed from encryption data, inquired to server according to ID Corresponding key is directly in memory decrypted encryption data after obtaining key, the clear data after being decrypted, due to Be directly decrypt in memory, in this way, clear data using complete after, can directly delete file, after deletion data without Method is restored, even if data are resumed, due to being encryption data, can only be restored to ciphertext data, can not obtain key, can not be right The ciphertext data are identified, thus can only delete data, no longer need to carry out additional erasing operation data can be realized Safety Sweep.
Optionally, after encryption data is sent to client, the inquiry request that client is sent is received, wherein look into Ask the ID that encryption data is carried in request;Corresponding key is inquired according to the ID of encryption data;The ID of encryption data is corresponded to Key be sent to client.
Optionally, the corresponding keys of the ID of encryption data are sent to client includes:According to preset encryption rule pair The corresponding keys of ID of encryption data are encrypted, and obtain encrypted key;Encrypted key is sent to client.
Client is according to the key corresponding with the ID stored in the ID inquiry servers parsed in encryption data, so The key is sent to client afterwards, client according to key pair encryption data for being decrypted.As a preferred method, Key itself is also encrypting storing and transmission, and the encryption rule of key is that server and client side knows, for example, root According to default number rule encryption, even if can not know that key itself is if key from stealing arrives stealer in transmission process Content cannot be used for that the data of client are decrypted, can further increase the safety of data, be also beneficial to data Safety Sweep.
Optionally, after encryption data being sent to client, in the case where encryption data meets data dump condition, The corresponding keys of the ID of encryption data are deleted.
Data dump condition can be the condition pre-set, for example, time conditions or quantity term, every a timing Between by data dump, often run up to certain quantity by data dump, for client, data dump can be in data It is removed after the completion of use.Data dump condition can be adjusted according to concrete application scene.
Fig. 3 is the flow chart of data processing method according to a second embodiment of the present invention, as shown in figure 3, the data processing Method includes:
Step S202:Receive encryption data;
Step S204:Encryption data is parsed, the ID values of encryption data are obtained;
Step S206:According to the ID values of encryption data corresponding key is inquired to server;
Step S208:Encryption data is decrypted in memory based on key, the clear data after being decrypted.
The embodiment is using reception encryption data;The encryption data is parsed, the ID of the encryption data is obtained Value;According to the ID values of the encryption data corresponding key is inquired to server;Added in memory to described based on the key Ciphertext data is decrypted, the clear data after being decrypted, and solves the problems, such as that data clearing method efficiency is low, and then reach Improve the effect of the efficiency of data clearing method.
The technical solution of the embodiment of the present invention is client executing, and in embodiments of the present invention, client, which receives, to be added After ciphertext data, ID can be parsed from encryption data, corresponding key is inquired to server according to ID, obtained straight after key It connects and encryption data is decrypted in memory, the clear data after being decrypted, due to being directly to decrypt in memory, this Sample can directly delete file after clear data is using completing, and data can not be restored after deletion, even if data are resumed, Due to being encryption data, ciphertext data can only be restored to, key can not be obtained, which can not be identified, because And can only delete data, it no longer needs to carry out the Safety Sweep that data can be realized in additional erasing operation, compared to existing Data clearing method in technology improves the efficiency of data dump.
Optionally, after the clear data after being decrypted, clear data using complete after, by clear data from It is deleted in memory.The decryption of data is completed in the memory of client, can be from memory after data deciphering use It deletes, since whole process is that in memory, data can not be resumed, since the file in memory can not be resumed, compares In in the related technology preserving file in the buffer, it can more play the protective effect to data and also may be used in data dump Directly to delete without repeatedly erasing, data dump efficiency is improved.
Optionally, including to the corresponding key of server inquiry according to the ID values of encryption data:According to encryption data ID values inquire to obtain encrypted key to server;Encrypted key is decrypted according to preset encryption rule, is obtained To clear text key;Wherein, encryption data is decrypted in memory based on clear text key.
Key itself is also encrypted, and the transmission process of key is also encrypted, after client obtains encrypted key By secret key decryption, key is obtained, then be decrypted with key pair encryption data, improve the safety of cipher key delivery.
It should be noted that step shown in the flowchart of the accompanying drawings can be in such as a group of computer-executable instructions It is executed in computer system, although also, logical order is shown in flow charts, and it in some cases, can be with not The sequence being same as herein executes shown or described step.
An embodiment of the present invention provides a kind of data processing equipment, which can be used for executing the number of the embodiment of the present invention According to processing method.
Fig. 4 is the schematic diagram of data processing equipment according to a first embodiment of the present invention, as shown in figure 4, the device includes:
Acquiring unit 10, for obtaining the ID for being sent to the clear data of client and being distributed for clear data;
Encryption unit 20 is to be sent to the clear data of client to be added for the corresponding keys of ID by distribution It is close, obtain encryption data;
Transmission unit 30, for encryption data to be sent to client.
The embodiment use acquiring unit 10, for obtains be sent to client clear data and for clear data divide The ID matched;Encryption unit 20 is to be sent to the clear data of client to be added for the corresponding keys of ID by distribution It is close, obtain encryption data;Transmission unit 30, for encryption data to be sent to client, to solve data clearing method The low problem of efficiency, and then achieved the effect that the efficiency for improving data clearing method.
Fig. 5 is the schematic diagram of data processing equipment according to a second embodiment of the present invention, as shown in figure 5, the device includes:
Receiving unit 40, for receiving encryption data;
Resolution unit 50 obtains the ID values of encryption data for being parsed to encryption data;
Query unit 60, for inquiring corresponding key to server according to the ID values of encryption data;
Decryption unit 70 is in memory decrypted encryption data for being based on key, the plaintext number after being decrypted According to.
The embodiment uses receiving unit 40, for receiving encryption data;Resolution unit 50, for being carried out to encryption data Parsing, obtains the ID values of encryption data;Query unit 60, it is corresponding close for being inquired to server according to the ID values of encryption data Key;Decryption unit 70 is in memory decrypted encryption data for being based on key, the clear data after being decrypted, from And solve the problems, such as that data clearing method efficiency is low, and then achieved the effect that the efficiency for improving data clearing method.
The data processing equipment includes processor and memory, and above-mentioned acquiring unit, transmission unit, connects encryption unit It receives unit and resolution unit etc. and is used as program unit storage in memory, executed on stored in memory by processor Program unit is stated to realize corresponding function.
Include kernel in processor, is gone in memory to transfer corresponding program unit by kernel.Kernel can be arranged one Or more, the efficiency of data clearing method is improved by adjusting kernel parameter.
Memory may include computer-readable medium in volatile memory, random access memory (RAM) and/ Or the forms such as Nonvolatile memory, if read-only memory (ROM) or flash memory (flash RAM), memory include at least one deposit Store up chip.
An embodiment of the present invention provides a kind of storage mediums, are stored thereon with program, real when which is executed by processor The existing data processing method.
An embodiment of the present invention provides a kind of processor, the processor is for running program, wherein described program is run Data processing method described in Shi Zhihang.
An embodiment of the present invention provides a kind of equipment, equipment include processor, memory and storage on a memory and can The program run on a processor, processor realize following steps when executing program:Obtain the plaintext number for being sent to client According to the ID that is distributed for clear data;It is to be sent to the clear data of client to be added by the corresponding keys of the ID of distribution It is close, obtain encryption data;Encryption data is sent to client.Equipment herein can be server, PC, PAD, mobile phone Deng.
Present invention also provides a kind of computer program products, when being executed on data processing equipment, are adapted for carrying out just The program of beginningization there are as below methods step:Obtain the ID for being sent to the clear data of client and being distributed for clear data;It is logical The corresponding keys of ID for crossing distribution are to be sent to the clear data of client to be encrypted, and obtain encryption data;Number will be encrypted According to being sent to client.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application Apply the form of example.Moreover, the application can be used in one or more wherein include computer usable program code computer The computer program production implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of product.
The application is with reference to method, the flow of equipment (system) and computer program product according to the embodiment of the present application Figure and/or block diagram describe.It should be understood that can be realized by computer program instructions every first-class in flowchart and/or the block diagram The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided Instruct the processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine so that the instruction executed by computer or the processor of other programmable data processing devices is generated for real The device for the function of being specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that instruction generation stored in the computer readable memory includes referring to Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device so that count Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computer or The instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in a box or multiple boxes.
In a typical configuration, computing device includes one or more processors (CPU), input/output interface, net Network interface and memory.
Memory may include computer-readable medium in volatile memory, random access memory (RAM) and/ Or the forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable Jie The example of matter.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology realizes information storage.Information can be computer-readable instruction, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moves State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM), Digital versatile disc (DVD) or other optical storages, magnetic tape cassette, tape magnetic disk storage or other magnetic storage apparatus Or any other non-transmission medium, it can be used for storage and can be accessed by a computing device information.As defined in this article, it calculates Machine readable medium does not include temporary computer readable media (transitory media), such as data-signal and carrier wave of modulation.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability Including so that process, method, commodity or equipment including a series of elements include not only those elements, but also wrap Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including element There is also other identical elements in process, method, commodity or equipment.
It will be understood by those skilled in the art that embodiments herein can be provided as method, system or computer program product. Therefore, complete hardware embodiment, complete software embodiment or embodiment combining software and hardware aspects can be used in the application Form.It is deposited moreover, the application can be used to can be used in the computer that one or more wherein includes computer usable program code The shape for the computer program product implemented on storage media (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) Formula.
It these are only embodiments herein, be not intended to limit this application.To those skilled in the art, The application can have various modifications and variations.It is all within spirit herein and principle made by any modification, equivalent replacement, Improve etc., it should be included within the scope of claims hereof.

Claims (12)

1. a kind of data processing method, which is characterized in that including:
Obtain the ID for being sent to the clear data of client and being distributed for the clear data;
It is that the clear data for being sent to client is encrypted by the corresponding keys of the ID of the distribution, is encrypted Data;
The encryption data is sent to the client.
2. according to the method described in claim 1, it is characterized in that, by the encryption data be sent to the client it Afterwards, the method further includes:
Receive the inquiry request that the client is sent, wherein the ID of the encryption data is carried in the inquiry request;
Corresponding key is inquired according to the ID of the encryption data;
The corresponding keys of the ID of the encryption data are sent to the client.
3. according to the method described in claim 2, it is characterized in that, the corresponding keys of the ID of the encryption data are sent to institute Stating client includes:
The corresponding keys of the ID of the encryption data are encrypted according to preset encryption rule, obtain encrypted key;
The encrypted key is sent to the client.
4. according to the method described in claim 1, it is characterized in that, after the encryption data is sent to the client, The method further includes:
In the case where the encryption data meets data dump condition, the corresponding keys of the ID of the encryption data are deleted.
5. a kind of data processing method, which is characterized in that including:
Receive encryption data;
The encryption data is parsed, the ID values of the encryption data are obtained;
According to the ID values of the encryption data corresponding key is inquired to server;
The encryption data is decrypted in memory based on the key, the clear data after being decrypted.
6. according to the method described in claim 5, it is characterized in that, after the clear data after being decrypted, the method Further include:
After the clear data is using completing, the clear data is deleted from memory.
7. according to the method described in claim 5, it is characterized in that, being inquired to server according to the ID values of the encryption data Corresponding key includes:
It is inquired to server to obtain encrypted key according to the ID values of the encryption data;
The encrypted key is decrypted according to preset encryption rule, obtains clear text key;
Wherein, the encryption data is decrypted in memory based on the clear text key.
8. a kind of data processing system, which is characterized in that including:
Server,
Obtain the ID for being sent to the clear data of client and being distributed for the clear data;
It is that the clear data for being sent to client is encrypted by the corresponding keys of the ID of the distribution, is encrypted Data;
The encryption data is sent to the client,
Client,
For receiving encryption data;
The encryption data is parsed, the ID values of the encryption data are obtained;
According to the ID values of the encryption data corresponding key is inquired to server;
The encryption data is decrypted in memory based on the key, the clear data after being decrypted.
9. a kind of data processing equipment, which is characterized in that including:
Acquiring unit, for obtaining the ID for being sent to the clear data of client and being distributed for the clear data;
Encryption unit is that the clear data for being sent to client carries out for the corresponding keys of ID by the distribution Encryption, obtains encryption data;
Transmission unit, for the encryption data to be sent to the client.
10. a kind of data processing equipment, which is characterized in that including:
Receiving unit, for receiving encryption data;
Resolution unit obtains the ID values of the encryption data for being parsed to the encryption data;
Query unit, for inquiring corresponding key to server according to the ID values of the encryption data;
Decryption unit is in memory decrypted the encryption data for being based on the key, the plaintext after being decrypted Data.
11. a kind of storage medium, which is characterized in that the storage medium includes the program of storage, wherein run in described program When control the storage medium where equipment perform claim require data processing method described in any one of 1 to 7.
12. a kind of processor, which is characterized in that the processor is for running program, wherein right of execution when described program is run Profit requires the data processing method described in any one of 1 to 7.
CN201810449123.1A 2018-05-11 2018-05-11 Data processing method and device and system Pending CN108768962A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810449123.1A CN108768962A (en) 2018-05-11 2018-05-11 Data processing method and device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810449123.1A CN108768962A (en) 2018-05-11 2018-05-11 Data processing method and device and system

Publications (1)

Publication Number Publication Date
CN108768962A true CN108768962A (en) 2018-11-06

Family

ID=64010177

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810449123.1A Pending CN108768962A (en) 2018-05-11 2018-05-11 Data processing method and device and system

Country Status (1)

Country Link
CN (1) CN108768962A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110647758A (en) * 2019-08-22 2020-01-03 南京晨光集团有限责任公司 Data encryption-based data protection and removal method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120072713A1 (en) * 2010-09-17 2012-03-22 International Business Machines Corporation General Purpose Distributed Encrypted File System
CN103037246A (en) * 2011-10-10 2013-04-10 华为技术有限公司 Encryption content distribution method and conditional access device and system
CN106650482A (en) * 2015-11-04 2017-05-10 阿里巴巴集团控股有限公司 Electronic file encryption method and device, electronic file decryption method and device and electronic file encryption and decryption system
CN107665311A (en) * 2016-07-28 2018-02-06 中国电信股份有限公司 Authentication Client, encryption data access method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120072713A1 (en) * 2010-09-17 2012-03-22 International Business Machines Corporation General Purpose Distributed Encrypted File System
CN103037246A (en) * 2011-10-10 2013-04-10 华为技术有限公司 Encryption content distribution method and conditional access device and system
CN106650482A (en) * 2015-11-04 2017-05-10 阿里巴巴集团控股有限公司 Electronic file encryption method and device, electronic file decryption method and device and electronic file encryption and decryption system
CN107665311A (en) * 2016-07-28 2018-02-06 中国电信股份有限公司 Authentication Client, encryption data access method and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110647758A (en) * 2019-08-22 2020-01-03 南京晨光集团有限责任公司 Data encryption-based data protection and removal method
CN110647758B (en) * 2019-08-22 2021-08-03 南京晨光集团有限责任公司 Data encryption-based data protection and removal method

Similar Documents

Publication Publication Date Title
US9037870B1 (en) Method and system for providing a rotating key encrypted file system
CN103259762B (en) A kind of file encryption based on cloud storage, decryption method and system
US9100170B2 (en) File packing and unpacking method, and device thereof
Hoang et al. A secure searchable encryption framework for privacy-critical cloud storage services
CN106209739A (en) Cloud storage method and system
CN108520183A (en) A kind of date storage method and device
CN102693398A (en) Data encryption method and system
CN204360381U (en) mobile device
CN113536362B (en) Quantum key management method and system based on security chip carrier
US20190222414A1 (en) System and method for controlling usage of cryptographic keys
CN114327261B (en) Data file storage method and data security agent
CN103873236A (en) Searchable encryption method and equipment thereof
CN110224808A (en) Bank data sharing method and relevant device based on block chain
CN106231346A (en) A kind of distributed cryptographic method for offline video
CN104660590A (en) Cloud storage scheme for file encryption security
CN104092672A (en) Method for encrypting and decrypting information by means of ciphertext storage gateway
CN103457952A (en) IPSec processing method and device based on encrypting engine
CN103152346A (en) Privacy protection method, server and system of massive users
CN104601820A (en) Mobile terminal information protection method based on TF password card
Bhargav et al. A review on cryptography in cloud computing
CN109063496A (en) A kind of method and device of data processing
CN106991332A (en) The method and device that a kind of mass data is stored safely
CN100435509C (en) Encipher treating method and encipher treating device
CN108768962A (en) Data processing method and device and system
CN104202166B (en) A kind of erp system datas encryption method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181106