CN110795743B - Data writing, reading and encrypting method and device and data transmission system - Google Patents

Data writing, reading and encrypting method and device and data transmission system Download PDF

Info

Publication number
CN110795743B
CN110795743B CN201910864586.9A CN201910864586A CN110795743B CN 110795743 B CN110795743 B CN 110795743B CN 201910864586 A CN201910864586 A CN 201910864586A CN 110795743 B CN110795743 B CN 110795743B
Authority
CN
China
Prior art keywords
data
service
ciphertext
data ciphertext
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910864586.9A
Other languages
Chinese (zh)
Other versions
CN110795743A (en
Inventor
崔旻迁
孔万群
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lianlian Yintong Electronic Payment Co ltd
Original Assignee
Lianlian Yintong Electronic Payment Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lianlian Yintong Electronic Payment Co ltd filed Critical Lianlian Yintong Electronic Payment Co ltd
Priority to CN201910864586.9A priority Critical patent/CN110795743B/en
Publication of CN110795743A publication Critical patent/CN110795743A/en
Application granted granted Critical
Publication of CN110795743B publication Critical patent/CN110795743B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a data writing-in method, a data reading-out method, an encryption device and a data transmission system, and the scheme comprises the following steps: when data writing is carried out, the back-end service forwards the data ciphertext sent by the client to the encryption service, the encryption service respectively decrypts and secondarily encrypts the data ciphertext to obtain the data ciphertext, the encryption service sends the data ciphertext to the back-end service, and the back-end service stores the data ciphertext to the database. When data reading is carried out, the back-end service acquires a data ciphertext according to access information sent by the client and forwards the data ciphertext to the encryption service, the encryption service decrypts and secondarily encrypts the data ciphertext respectively to obtain the data ciphertext, the data ciphertext is sent to the client again through the back-end service, and the client decrypts the data ciphertext to obtain a data plaintext. In the transmission process of the database and the client, the back-end service cannot receive the data plaintext, so that the data leakage is effectively avoided, and the safety of data transmission is remarkably improved.

Description

Data writing, reading and encrypting method and device and data transmission system
Technical Field
The present application relates to the field of data communication, and in particular, to a data writing method, a data reading method, an encryption device, and a data transmission system.
Background
With the rapid development of the internet, people's lives and works are more and more independent of the internet, and more companies launch their own internet application products according to their business disputes. The safety of data transmission between the client and the back-end service of the application product is related to the use experience of a user, and the method is an important research object in the development process of the application product.
At present, in data transmission between a user and a backend service in the prior art, an https protocol is generally adopted to encrypt and transmit data plaintext received by the backend service. Based on the existing data transmission mode, the back-end service may have potential safety hazards of data plaintext leakage. However, the security level of the back-end service is high or low, the back-end service needs a back-end developer to maintain, and the data plaintext does not provide for the back-end developer, so that the potential safety hazard of data plaintext leakage is further improved, and the security of data transmission is reduced.
Disclosure of Invention
The application provides a data writing-in, reading-out and encrypting method and device and a data transmission system, and aims to solve the problems that potential safety hazards of data plaintext leakage exist in back-end service in the prior art, and the back-end service needs to be maintained by developers, so that the potential safety hazards of the data plaintext leakage are further improved.
In order to achieve the above object, the present application provides the following technical solutions:
a first aspect of an embodiment of the present application discloses a data writing method, where the data writing method includes:
acquiring a data ciphertext and a user identifier sent by a client, wherein the client encrypts data according to a public key of a preconfigured personal certificate to obtain the data ciphertext;
sending the data ciphertext and the user identifier to an encryption service, wherein the data ciphertext and the user identifier are the basis for the encryption service to obtain a private key of a corresponding personal certificate, decrypt the data ciphertext according to the private key to obtain a data plaintext, and encrypt the data plaintext according to a preset public key of the user identifier to obtain the data ciphertext;
and acquiring the data ciphertext fed back by the encryption service, and storing the data ciphertext fed back by the encryption service to a database.
Optionally, in the data writing method, the private key of the personal certificate is:
the encryption service is obtained by decrypting a private key ciphertext of the personal certificate obtained from the database based on a symmetric encryption algorithm.
A second aspect of the embodiments of the present application discloses a data reading method, where the data reading method includes:
acquiring access information and a user identifier sent by a client, and acquiring a corresponding data ciphertext from a database according to the access information;
sending the data ciphertext and the user identifier to an encryption service, wherein the data ciphertext and the user identifier are the basis for the encryption service to decrypt the data ciphertext according to a preset private key of the encryption service to obtain a data plaintext, obtain a public key of a corresponding personal certificate from a database in which a public key of the personal certificate and the user identifier corresponding to the personal certificate are prestored based on the user identifier, and encrypt the data plaintext according to the public key to obtain the data ciphertext;
and acquiring the data ciphertext fed back by the encryption service, sending the data ciphertext fed back by the encryption service to the client, and decrypting the data ciphertext by the client according to a private key of a pre-configured personal certificate to obtain a data plaintext.
Optionally, in the data reading method, the public key of the personal certificate is:
the encryption service is obtained by decrypting the public key ciphertext of the personal certificate obtained from the database based on a symmetric encryption algorithm.
A third aspect of the embodiments of the present application discloses a data encryption method, where the data encryption method includes:
the method comprises the steps of obtaining a data ciphertext and a user identifier sent by a back-end service, obtaining a private key of a corresponding personal certificate from a database which prestores the private key of the personal certificate and the user identifier corresponding to the personal certificate based on the user identifier, decrypting the data ciphertext according to the private key to obtain a data plaintext, encrypting the data plaintext according to a preset public key of the data plaintext to obtain a data ciphertext, and sending the data ciphertext to the back-end service;
or the like, or, alternatively,
the method comprises the steps of obtaining a data ciphertext and a user identification sent by a back-end service, decrypting the data ciphertext according to a preset private key of the back-end service to obtain a data plaintext, obtaining a public key of a corresponding personal certificate from a database which prestores a public key of the personal certificate and the user identification corresponding to the personal certificate based on the user identification, encrypting the data plaintext according to the public key to obtain a data ciphertext, and sending the data ciphertext to the back-end service.
A fourth aspect of the embodiments of the present application discloses a data writing apparatus, including:
the system comprises an acquisition unit, a storage unit and a processing unit, wherein the acquisition unit is used for acquiring a data ciphertext and a user identifier sent by a client, and the client encrypts data according to a public key of a pre-configured personal certificate to obtain the data ciphertext;
the sending unit is used for sending the data ciphertext and the user identifier to an encryption service, wherein the data ciphertext and the user identifier are the basis for the encryption service to obtain a private key of a corresponding personal certificate from a database in which a private key of the personal certificate and a user identifier corresponding to the personal certificate are prestored based on the user identifier, decrypt the data ciphertext according to the private key to obtain a data plaintext, and encrypt the data plaintext according to a preset public key of the sending unit to obtain the data ciphertext;
and the storage unit is used for acquiring the data ciphertext fed back by the encryption service and storing the data ciphertext fed back by the encryption service to a database.
A fifth aspect of an embodiment of the present application discloses a data reading apparatus, including:
the acquisition unit is used for acquiring access information and user identification sent by a client and acquiring a corresponding data ciphertext from a database according to the access information;
the sending unit is used for sending the data ciphertext and the user identifier to an encryption service, wherein the data ciphertext and the user identifier are the basis for the encryption service to decrypt the data ciphertext according to a preset private key of the encryption service to obtain a data plaintext, obtain a public key of a corresponding personal certificate from a database in which a public key of the personal certificate and the user identifier corresponding to the personal certificate are prestored based on the user identifier, and encrypt the data plaintext according to the public key to obtain the data ciphertext;
and the reading unit is used for acquiring the data ciphertext fed back by the encryption service and sending the data ciphertext fed back by the encryption service to the client, and the client decrypts the data ciphertext according to a private key of a pre-configured personal certificate to obtain a data plaintext.
A sixth aspect of the present embodiment discloses a data encryption apparatus, including:
the system comprises a first encryption unit, a back-end service and a second encryption unit, wherein the first encryption unit is used for acquiring a data ciphertext and a user identifier sent by the back-end service, acquiring a private key of a corresponding personal certificate from a database which prestores the private key of the personal certificate and the user identifier corresponding to the personal certificate based on the user identifier, decrypting the data ciphertext according to the private key to obtain a data plaintext, encrypting the data plaintext according to a preset public key of the first encryption unit to obtain a data ciphertext, and sending the data ciphertext to the back-end service;
the second encryption unit is used for acquiring a data ciphertext and a user identifier sent by a back-end service, decrypting the data ciphertext according to a preset private key of the second encryption unit to obtain a data plaintext, acquiring a public key of a corresponding personal certificate from a database which prestores a public key of the personal certificate and the user identifier corresponding to the personal certificate based on the user identifier, encrypting the data plaintext according to the public key to obtain a data ciphertext, and sending the data ciphertext to the back-end service.
A seventh aspect of the present embodiment discloses a data transmission system, including:
a client, a backend service and an encryption service;
the client is used for sending a data ciphertext to the back-end service, and the client encrypts data according to a public key of a pre-configured personal certificate to obtain the data ciphertext; sending access information to the back-end service, receiving a data ciphertext fed back by the back-end service based on the access information, and decrypting the data ciphertext according to a private key of a pre-configured personal certificate to obtain a data plaintext;
the back-end service is used for acquiring a data ciphertext and a user identifier sent by the client, sending the data ciphertext and the user identifier to the encryption service, acquiring the data ciphertext fed back by the encryption service, and storing the data ciphertext fed back by the encryption service to a database; acquiring access information and a user identifier sent by the client, acquiring a corresponding data ciphertext from a database according to the access information, sending the data ciphertext and the user identifier to the encryption service, acquiring a data ciphertext fed back by the encryption service, and sending the data ciphertext fed back by the encryption service to the client;
the encryption service is used for acquiring a data ciphertext and a user identifier sent by the back-end service, acquiring a private key of a corresponding personal certificate from a database which prestores the private key of the personal certificate and the user identifier corresponding to the personal certificate based on the user identifier, decrypting the data ciphertext according to the private key to obtain a data plaintext, encrypting the data plaintext according to a preset public key of the encryption service to obtain a data ciphertext, and sending the data ciphertext to the back-end service; and acquiring a data ciphertext and a user identifier sent by the back-end service, decrypting the data ciphertext according to a preset private key of the back-end service to obtain a data plaintext, acquiring a public key of a corresponding personal certificate from a database in which a public key of the personal certificate and the user identifier corresponding to the personal certificate are prestored based on the user identifier, encrypting the data plaintext according to the public key to obtain a data ciphertext, and sending the data ciphertext to the back-end service.
Optionally, in the data transmission system, the encryption service is further configured to:
decrypting a private key ciphertext of the personal certificate acquired from a database based on a symmetric encryption algorithm to obtain a private key of the personal certificate; and decrypting the public key ciphertext of the personal certificate acquired from the database based on a symmetric encryption algorithm to obtain the public key of the personal certificate.
According to the data writing, reading and encrypting method and device and the data transmission system, when data writing is carried out, a client sends a data ciphertext encrypted according to a public key of a pre-configured personal certificate to a back-end service, the back-end service forwards the data ciphertext to an encrypting service, the encrypting service decrypts the data ciphertext according to a private key of the pre-stored personal certificate to obtain the data ciphertext, then the encrypting service encrypts a data plaintext according to a self preset public key to obtain the data ciphertext, the encrypting service sends the data ciphertext to the back-end service, and the back-end service stores the data ciphertext to a database. When data reading is carried out, a client side sends access information to a back-end service, the back-end service obtains a corresponding data ciphertext from a database according to the access information, the back-end service sends the data ciphertext to an encryption service, the encryption service decrypts the data ciphertext according to a preset private key of the encryption service to obtain a data plaintext, the encryption service encrypts the data plaintext according to a public key of a pre-stored personal certificate to obtain a data ciphertext, the encryption service sends the data ciphertext to the back-end service, the back-end service sends the data ciphertext to the client side, and the client side decrypts the data ciphertext according to a private key of a pre-configured personal certificate to obtain the data plaintext. Based on the application, in the transmission process of the database and the client, the data ciphertext is obtained by the back-end service, the data ciphertext is decrypted and secondarily encrypted through the encryption service with the higher security level, the data is transmitted in a ciphertext mode, the data leakage is effectively avoided, and the data transmission security is remarkably improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic diagram of a data writing method according to an embodiment of the present application;
fig. 2 is a schematic diagram illustrating an implementation manner of performing data encryption by an encryption service according to an embodiment of the present application;
fig. 3 is a schematic diagram of a data reading method according to an embodiment of the present application;
fig. 4 is a diagram illustrating another implementation manner of performing data encryption for an encryption service according to an embodiment of the present application;
fig. 5 is a schematic diagram of a data encryption method according to an embodiment of the present application;
fig. 6 is a schematic diagram of another data encryption method provided in an embodiment of the present application;
fig. 7 is a schematic structural diagram of a data writing device according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a data reading apparatus according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a data encryption apparatus according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of a data transmission system according to an embodiment of the present application;
fig. 11 is a schematic diagram of a specific process of data writing between a client, a backend service, and an encryption service according to an embodiment of the present application;
fig. 12 is a schematic diagram of another specific flow of data writing between a client, a backend service, and an encryption service according to an embodiment of the present application;
fig. 13 is a schematic diagram illustrating a specific process of data reading among the client, the backend service, and the encryption service according to an embodiment of the present application;
fig. 14 is a schematic diagram of another specific flow of data reading among the client, the backend service, and the encryption service according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
As shown in fig. 1, a data writing method provided for an embodiment of the present application includes the following steps:
s101: and acquiring a data ciphertext and a user identifier sent by the client.
The client encrypts data according to a public key of a pre-configured personal certificate to obtain a data ciphertext. The user identifier is used for identifying the identity of the current user at the client, and the identity of the current user at the client needs to be determined from the login state information of the client when the client performs data interaction.
It should be noted that the personal certificate is a virtual world identity issued by an authority, and is composed of a string of corresponding data, the personal certificate adopts an asymmetric encryption technology, a public key is used for encryption, and a private key is used for decryption. In addition, each personal certificate corresponds to a user identification.
In order to improve the security of data transmission, only the client with the personal certificate installed in advance can perform data interaction. Specifically, before sending data, the client needs to verify whether a personal certificate is installed, and if the personal certificate is not installed, the client is prohibited from sending data. If the personal certificate is installed, the personal certificate information is obtained, and the public key of the personal certificate is called to encrypt the data based on the personal certificate information.
S102: and sending the data cipher text and the user identification to an encryption service.
The data ciphertext and the user identifier are used as a basis for obtaining the data ciphertext and the user identifier for the encryption service, obtaining a private key of a corresponding personal certificate from a database which prestores the private key of the personal certificate and the user identifier corresponding to the personal certificate based on the user identifier, and decrypting the data ciphertext according to the private key to obtain a data plaintext. After the encryption service obtains the data plaintext, the encryption service encrypts the data plaintext according to a preset public key of the encryption service to obtain a data ciphertext.
It should be noted that the encryption service refers to: and the server runs an application program to realize the function of encrypting the data. In the embodiment of the application, the security level of the encryption service is higher than that of the back-end service.
It should be noted that, after the client configures the personal certificate, the client sends corresponding personal certificate information and the user identifier of the personal certificate to the encryption service. The encryption service stores the private key of the personal certificate and the user identification corresponding to the personal certificate in a database.
Optionally, the private key of the personal certificate is: the encryption service is obtained by decrypting the private key ciphertext of the personal certificate obtained from the database based on a symmetric encryption algorithm.
It should be noted that, a specific implementation of the encryption service to perform data encryption can be seen in fig. 2 described below.
S103: and acquiring a data ciphertext fed back by the encryption service, and storing the data ciphertext fed back by the encryption service to a database.
The key adopted by the data ciphertext stored in the database is a preset public key of the encryption service, and is not a public key of a personal certificate configured in advance by the client.
It should be noted that, in the process of transmitting data from the client to the database, the data is transmitted in the form of ciphertext, and based on the transfer of the encryption service, the data is always in an encryption state with a higher security level, so that the leakage of the data is effectively avoided, and the security of data transmission is significantly improved.
In the embodiment of the application, a data ciphertext and a user identifier sent by a client are obtained, the client encrypts data according to a public key of a preconfigured personal certificate to obtain the data ciphertext, and the user identifier comprises the user identifier. And sending the data ciphertext and the user identifier to an encryption service, wherein the data ciphertext and the user identifier are the basis for the encryption service to obtain a private key of a corresponding personal certificate from a database in which the private key of the personal certificate and the user identifier corresponding to the personal certificate are prestored based on the user identifier, decrypt the data ciphertext according to the private key to obtain a data plaintext, and encrypt the data plaintext according to a preset public key of the data ciphertext to obtain the data ciphertext. And acquiring a data ciphertext fed back by the encryption service, and storing the data ciphertext fed back by the encryption service to a database. Based on the application, in the process that data are transmitted to the database from the client, the data ciphertext is obtained by the back-end service, the data ciphertext is decrypted and secondarily encrypted through the encryption service with the higher security level, the data are transmitted in a ciphertext mode, the data leakage is effectively avoided, and the data transmission security is remarkably improved.
Optionally, fig. 2 shows an implementation manner of performing data encryption by an encryption service according to an embodiment of the present application, where the implementation manner includes:
s201: the encryption service obtains a data cipher text and a user identification.
The key used by the data ciphertext is a public key of a personal certificate configured in advance by the client.
S202: and the encryption service acquires the private key ciphertext of the corresponding personal certificate from a database which prestores the private key ciphertext of the personal certificate and the user identifier corresponding to the personal certificate based on the user identifier.
The encryption service obtains a private key ciphertext of the personal certificate corresponding to the user identifier of the current client user from the database based on the user identifier of the current client user.
It should be noted that, after the client configures the personal certificate, the encryption service obtains the personal certificate information sent by the client and the user identifier corresponding to the personal certificate, and encrypts the private key of the personal certificate based on a symmetric encryption algorithm to obtain a private key ciphertext. And the encryption service stores the private key ciphertext and the user identification corresponding to the personal certificate into a database.
S203: the encryption service decrypts the private key ciphertext based on a symmetric encryption algorithm to obtain a private key.
S204: and the encryption service decrypts the data ciphertext according to the private key to obtain the data plaintext.
S205: and the encryption service encrypts the data plaintext according to the preset public key of the encryption service to obtain a data ciphertext.
In the embodiment of the application, the encryption service acquires a data ciphertext and a user identifier, acquires a corresponding private key ciphertext of a personal certificate from a database which prestores the private key ciphertext of the personal certificate and the user identifier corresponding to the personal certificate based on the user identifier, decrypts the private key ciphertext based on a symmetric encryption algorithm to obtain a private key, decrypts the data ciphertext according to the private key to obtain a data plaintext, and encrypts the data plaintext according to a preset public key of the encryption service to obtain the data ciphertext. Based on the application, in the data transmission process, the data ciphertext is obtained by the back-end service, the data ciphertext is decrypted and secondarily encrypted through the encryption service with the higher security level, the data is transmitted in a ciphertext mode, the data leakage is effectively avoided, and the data transmission safety is obviously improved.
As shown in fig. 3, a data reading method provided for the embodiment of the present application includes the following steps:
s301: and acquiring access information and a user identifier sent by the client, and acquiring a corresponding data ciphertext from the database according to the access information.
And determining the identifier of the data required to be read by the current client based on the access information, and acquiring the corresponding data ciphertext from the database according to the identifier.
S302: and sending the data cipher text and the user identification to an encryption service.
The data ciphertext and the user identifier are the basis for the encryption service to decrypt the data ciphertext according to a preset private key of the encryption service to obtain a data plaintext, the public key of the corresponding personal certificate is obtained from a database which prestores the public key of the personal certificate and the user identifier corresponding to the personal certificate on the basis of the user identifier, and the data plaintext is encrypted according to the public key to obtain the data ciphertext.
It should be noted that the key used by the data ciphertext stored in the database is a preset public key of the encryption service itself, rather than a public key of a personal certificate configured in advance by the client.
It should be noted that, after the client configures the personal certificate, the client sends corresponding personal certificate information and the user identifier of the personal certificate to the encryption service. The encryption service stores the public key of the personal certificate and the user identification corresponding to the personal certificate in a database.
Optionally, the public key of the personal certificate is: the encryption service is obtained by decrypting the public key ciphertext of the personal certificate obtained from the database based on a symmetric encryption algorithm.
It should be noted that, a specific implementation manner of performing data encryption by the encryption service can be referred to the following fig. 4.
S303: and acquiring a data ciphertext fed back by the encryption service, and sending the data ciphertext fed back by the encryption service to the client.
After the client receives the data ciphertext, the client decrypts the data ciphertext according to a private key of a pre-configured personal certificate to obtain the data plaintext.
It should be noted that, in the process of transmitting data from the database to the client, the data is transmitted in the form of ciphertext, and based on the transfer of the encryption service, the data is always in an encryption state with a higher security level, so that the leakage of the data is effectively avoided, and the security of data transmission is significantly improved.
In the embodiment of the application, the access information and the user identification sent by the client are obtained, and the corresponding data ciphertext is obtained from the database according to the access information. And sending the data cipher text and the user identification to an encryption service. And acquiring a data ciphertext fed back by the encryption service, and sending the data ciphertext fed back by the encryption service to the client. After the client receives the data ciphertext, the client decrypts the data ciphertext according to a private key of a pre-configured personal certificate to obtain the data plaintext. Based on the application, in the process that data are transmitted to the client side from the database, the data ciphertext is obtained by the back-end service, the data ciphertext is decrypted and secondarily encrypted through the encryption service with the higher security level, the data are transmitted in a ciphertext mode, the data leakage is effectively avoided, and the data transmission security is remarkably improved.
Optionally, fig. 4 shows another implementation manner of performing data encryption by an encryption service provided in this embodiment, where the implementation manner includes:
s401: the encryption service obtains a data cipher text and a user identification.
The key used by the data ciphertext is a preset public key of the encryption service.
S402: and the encryption service decrypts the data ciphertext according to the preset public key of the encryption service to obtain the data plaintext.
S403: and the encryption service acquires the public key ciphertext of the corresponding personal certificate from a database which prestores the public key ciphertext of the personal certificate and the user identifier corresponding to the personal certificate based on the user identifier.
The encryption service obtains a public key ciphertext of the personal certificate corresponding to the user identifier of the current client user from the database based on the user identifier of the current client user.
It should be noted that, after the client configures the personal certificate, the encryption service obtains the personal certificate information sent by the client and the user identifier corresponding to the personal certificate, and encrypts the public key of the personal certificate based on a symmetric encryption algorithm to obtain a public key ciphertext. The encryption service stores the public key ciphertext and the user identification corresponding to the personal certificate in a database.
S404: the encryption service decrypts the public key ciphertext based on a symmetric encryption algorithm to obtain a public key.
S405: and the encryption service encrypts the data plaintext according to the public key to obtain a data ciphertext.
In the embodiment of the application, the encryption service acquires a data ciphertext and a user identifier, decrypts the data ciphertext according to a preset public key of the encryption service to acquire a data plaintext, acquires a public key ciphertext of a corresponding personal certificate from a database which prestores the public key ciphertext of the personal certificate and the user identifier corresponding to the personal certificate based on the user identifier, decrypts the public key ciphertext based on a symmetric encryption algorithm to acquire a public key, and encrypts the data plaintext according to the public key to acquire the data ciphertext. Based on the application, in the data transmission process, the data ciphertext is obtained by the back-end service, the data ciphertext is decrypted and secondarily encrypted through the encryption service with the higher security level, the data is transmitted in a ciphertext mode, the data leakage is effectively avoided, and the data transmission safety is obviously improved.
As shown in fig. 5, a data encryption method provided for the embodiment of the present application includes the following steps:
s501: and acquiring a data cipher text and a user identification sent by the back-end service.
S502: and based on the user identification, obtaining the private key of the corresponding personal certificate from a database which prestores the private key of the personal certificate and the user identification corresponding to the personal certificate.
S503: and decrypting the data ciphertext according to the private key to obtain a data plaintext.
S504: and encrypting the data plaintext according to the preset public key of the user to obtain the data ciphertext.
S505: and sending the data cipher text to a back-end service.
In the embodiment of the application, a data ciphertext and a user identifier sent by a back-end service are obtained, a private key of a corresponding personal certificate is obtained from a database in which a private key ciphertext of the personal certificate and the user identifier corresponding to the personal certificate are prestored based on the user identifier, the data plaintext is obtained by decrypting the data ciphertext according to the private key, the data plaintext is encrypted according to a preset public key of the data ciphertext to obtain the data ciphertext, and the data ciphertext is sent to the back-end service. In the data transmission process, the back-end service obtains data ciphertexts, the data ciphertexts are decrypted and secondarily encrypted through the encryption service with the higher security level, the data are transmitted in the form of the ciphertexts, the data leakage is effectively avoided, and the data transmission security is remarkably improved.
Optionally, as shown in fig. 6, another data encryption method provided in the embodiment of the present application includes the following steps:
s601: and acquiring a data cipher text and a user identification sent by the back-end service.
S602: and decrypting the data ciphertext according to the preset private key of the user to obtain the data plaintext.
S603: and based on the user identification, acquiring the public key of the corresponding personal certificate from a database which prestores the public key of the personal certificate and the user identification corresponding to the personal certificate.
S604: and encrypting the data plaintext according to the public key to obtain a data ciphertext.
S605: and sending the data cipher text to a back-end service.
In the embodiment of the application, a data ciphertext and a user identifier sent by a back-end service are obtained, the data ciphertext is decrypted according to a preset public key of the user identifier to obtain a data plaintext, the public key of a corresponding personal certificate is obtained from a database in which the public key of the personal certificate and the user identifier corresponding to the personal certificate are prestored based on the user identifier, the data plaintext is encrypted according to the public key to obtain the data ciphertext, and the data ciphertext is sent to the back-end service. Based on the application, in the data transmission process, the data ciphertext is obtained by the back-end service, the data ciphertext is decrypted and secondarily encrypted through the encryption service with the higher security level, the data is transmitted in a ciphertext mode, the data leakage is effectively avoided, and the data transmission safety is obviously improved.
Corresponding to the data writing method provided in the embodiment of the present application, as shown in fig. 7, the data writing device provided in the embodiment of the present application includes:
the obtaining unit 100 is configured to obtain a data ciphertext and a user identifier sent by a client, where the client obtains the data ciphertext by encrypting data according to a public key of a preconfigured personal certificate.
And the sending unit 200 is configured to send the data ciphertext and the user identifier to an encryption service, where the data ciphertext and the user identifier are a basis for the encryption service to obtain a private key of a corresponding personal certificate from a database in which a private key of the personal certificate and a user identifier corresponding to the personal certificate are prestored based on the user identifier, decrypt the data ciphertext according to the private key to obtain a data plaintext, and encrypt the data plaintext according to a preset public key of the sending unit to obtain the data ciphertext.
The storage unit 300 is configured to obtain a data ciphertext fed back by the encryption service, and store the data ciphertext fed back by the encryption service in a database.
In the embodiment of the application, the obtaining unit obtains a data ciphertext and a user identifier sent by a client, the client encrypts data according to a public key of a preconfigured personal certificate to obtain the data ciphertext, and the user identifier comprises the user identifier. The data ciphertext and the user identification are sent to the encryption service by the encryption unit, wherein the data ciphertext and the user identification are the basis for the encryption service to obtain a private key of a corresponding personal certificate from a database in which the private key of the personal certificate and the user identification corresponding to the personal certificate are prestored based on the user identification, decrypt the data ciphertext according to the private key to obtain a data plaintext, and encrypt the data plaintext according to a preset public key of the data ciphertext. And the storage unit acquires the data ciphertext fed back by the encryption service and stores the data ciphertext fed back by the encryption service to the database. Based on the application, in the process that data are transmitted to the database from the client, the data ciphertext is obtained by the back-end service, the data ciphertext is decrypted and secondarily encrypted through the encryption service with the higher security level, the data are transmitted in a ciphertext mode, the data leakage is effectively avoided, and the data transmission security is remarkably improved.
Corresponding to the data reading method provided by the embodiment of the present application, as shown in fig. 8, the data reading apparatus provided by the embodiment of the present application includes:
the obtaining unit 400 is configured to obtain the access information and the user identifier sent by the client, and obtain a corresponding data ciphertext from the database according to the access information.
The sending unit 500 is configured to send the data ciphertext and the user identifier to the encryption service, where the data ciphertext and the user identifier are a basis for the encryption service to decrypt the data ciphertext according to a preset private key of the encryption service to obtain a data plaintext, and based on the user identifier, obtain a public key of a corresponding personal certificate from a database in which a public key of the personal certificate and a user identifier corresponding to the personal certificate are prestored, and encrypt the data plaintext according to the public key to obtain the data ciphertext.
The reading unit 600 is configured to obtain a data cipher text fed back by the encryption service, and send the data cipher text fed back by the encryption service to the client, where the client decrypts the data cipher text according to a private key of a preconfigured personal certificate to obtain a data plaintext.
In the embodiment of the application, the obtaining unit obtains the access information and the user identification sent by the client, and obtains the corresponding data ciphertext from the database according to the access information. The encryption unit sends the data cipher text and the user identification to the encryption service. The reading unit acquires the data ciphertext fed back by the encryption service and sends the data ciphertext fed back by the encryption service to the client. After the client receives the data ciphertext, the client decrypts the data ciphertext according to a private key of a pre-configured personal certificate to obtain the data plaintext. Based on the application, in the process that data are transmitted to the client side from the database, the data ciphertext is obtained by the back-end service, the data ciphertext is decrypted and secondarily encrypted through the encryption service with the higher security level, the data are transmitted in a ciphertext mode, the data leakage is effectively avoided, and the data transmission security is remarkably improved.
Corresponding to the data encryption method provided in the embodiment of the present application, as shown in fig. 9, the data encryption device provided in the embodiment of the present application includes:
the first encryption unit 700 is configured to obtain a data ciphertext and a user identifier sent by the backend service, obtain, based on the user identifier, a private key of a corresponding personal certificate from a database in which the private key of the personal certificate and the user identifier corresponding to the personal certificate are prestored, decrypt the data ciphertext according to the private key to obtain a data plaintext, encrypt the data plaintext according to a preset public key of the data ciphertext to obtain the data ciphertext, and send the data ciphertext to the backend service.
The second encryption unit 800 is configured to obtain a data ciphertext and a user identifier sent by the backend service, decrypt the data ciphertext according to a preset private key of the second encryption unit to obtain a data plaintext, obtain a public key of a corresponding personal certificate from a database in which a public key of the personal certificate and the user identifier corresponding to the personal certificate are prestored based on the user identifier, encrypt the data plaintext according to the public key to obtain the data ciphertext, and send the data ciphertext to the backend service.
Based on the application, in the data transmission process, the data ciphertext is obtained by the back-end service, the data ciphertext is decrypted and secondarily encrypted through the encryption service with the higher security level, the data is transmitted in a ciphertext mode, the data leakage is effectively avoided, and the data transmission safety is obviously improved.
As shown in fig. 10, a data transmission system provided for the embodiment of the present application includes:
client 900, backend service 1000, and encryption service 1100.
A specific flow of data writing among the client 900, the backend service 1000, and the encryption service 1100 is shown in fig. 11, and includes:
s1101: the client 900 encrypts data according to the public key of the pre-configured personal certificate to obtain a data ciphertext.
S1102: client 900 sends data cipher text to backend service 1000.
S1103: the backend service 1000 obtains the data cipher text and the user identifier sent by the client 900.
S1104: the back-end service 1000 sends the data cipher text and the user identification to the encryption service 1100.
S1105: the encryption service 1100 obtains the data cipher text and the user identifier sent by the backend service 1000, and obtains the private key of the corresponding personal certificate from a database in which the private key of the personal certificate and the user identifier corresponding to the personal certificate are prestored based on the user identifier.
S1106: the encryption service 1100 decrypts the data ciphertext according to the private key to obtain a data plaintext.
S1107: the encryption service 1100 encrypts the data plaintext according to its own preset public key to obtain the data ciphertext.
S1108: the encryption service 1100 sends the data cipher text to the back-end service 1000.
S1109: the backend service 1000 stores the data cipher text fed back by the encryption service 1100 to the database.
It should be noted that, in order to improve the security of the private key of the personal certificate, the encryption service 1100 encrypts the private key of the personal certificate by using a symmetric encryption algorithm.
Another specific flow of data writing among the client 900, the backend service 1000, and the encryption service 1100 is shown in fig. 12, and includes:
s1201: the client 900 encrypts data according to the public key of the pre-configured personal certificate to obtain a data ciphertext.
S1202: client 900 sends data cipher text to backend service 1000.
S1203: the backend service 1000 obtains the data cipher text and the user identifier sent by the client 900.
S1204: the data cipher text and user identification are sent to encryption service 1100.
S1205: the encryption service 1100 obtains the data ciphertext and the user identifier sent by the backend service 1000, and obtains the corresponding private key ciphertext of the personal certificate from a database in which the private key ciphertext of the personal certificate and the user identifier corresponding to the personal certificate are prestored based on the user identifier.
S1206: the encryption service 1100 decrypts the private key ciphertext of the personal certificate obtained from the database based on the symmetric encryption algorithm to obtain the private key of the personal certificate.
S1207: the encryption service 1100 decrypts the data ciphertext according to the private key to obtain a data plaintext.
S1208: the encryption service 1100 encrypts the data plaintext according to its own preset public key to obtain the data ciphertext.
S1209: the encryption service 1100 sends the data cipher text to the back-end service 1000.
S1210: the backend service 1000 stores the data cipher text fed back by the encryption service 1100 to the database.
A specific flow of data reading among the client 900, the backend service 1000, and the encryption service 1100 is shown in fig. 13, and includes:
s1301: the client 900 sends access information to the backend service 1000.
S1302: the backend service 1000 obtains the access information and the user identifier sent by the client 900, and obtains a corresponding data ciphertext from the database according to the access information.
S1303: the back-end service 1000 sends the data cipher text and the user identification to the encryption service 1100.
S1304: the encryption service 1100 obtains the data cipher text and the user identifier sent by the backend service 1000, and decrypts the data cipher text according to a preset private key of the encryption service 1100 to obtain a data plaintext.
S1305: the encryption service 1100 obtains the public key of the corresponding personal certificate from a database in which the public key of the personal certificate and the user identifier corresponding to the personal certificate are prestored based on the user identifier.
S1306: the encryption service 1100 encrypts data plaintext according to the public key to obtain data ciphertext.
S1307: the encryption service 1100 sends the data cipher text to the back-end service 1000.
S1308: the backend service 1000 sends the data ciphertext fed back by the encryption service 1100 to the client 900.
S1309: the client 900 receives the data ciphertext fed back by the backend service 1000 based on the access information, and decrypts the data ciphertext according to the private key of the preconfigured personal certificate to obtain the data plaintext.
It should be noted that, in order to improve the security of the public key of the personal certificate, the encryption service 1100 encrypts the public key of the personal certificate by using a symmetric encryption algorithm.
Another specific flow of data reading among the client 900, the backend service 1000, and the encryption service 1100 is shown in fig. 14, and includes:
s1401: the client 900 sends access information to the backend service 1000.
S1402: the backend service 1000 obtains the access information and the user identifier sent by the client 900, and obtains a corresponding data ciphertext from the database according to the access information.
S1403: the back-end service 1000 sends the data cipher text and the user identification to the encryption service 1100.
S1404: the encryption service 1100 obtains the data cipher text and the user identifier sent by the backend service 1000, and decrypts the data cipher text according to a preset private key of the encryption service 1100 to obtain a data plaintext.
S1405: the encryption service 1100 obtains the public key ciphertext of the corresponding personal certificate from a database in which the public key ciphertext of the personal certificate and the user identifier corresponding to the personal certificate are pre-stored, based on the user identifier.
S1406: the encryption service 1100 decrypts the public key ciphertext of the personal certificate obtained from the database based on the symmetric encryption algorithm to obtain the public key of the personal certificate.
S1407: the encryption service 1100 encrypts data plaintext according to the public key to obtain data ciphertext.
S1408: the encryption service 1100 sends the data cipher text to the back-end service 1000.
S1409: the backend service 1000 sends the data ciphertext fed back by the encryption service 1100 to the client 900.
S1410: the client 900 receives the data ciphertext fed back by the backend service 1000 based on the access information, and decrypts the data ciphertext according to the private key of the preconfigured personal certificate to obtain the data plaintext.
In the embodiment of the application, when data writing is performed, a client sends a data ciphertext encrypted according to a public key of a pre-configured personal certificate to a back-end service, the back-end service forwards the data ciphertext to an encryption service, the encryption service decrypts the data ciphertext according to a private key of the pre-stored personal certificate to obtain the data ciphertext, then the encryption service encrypts the data plaintext according to a preset public key of the encryption service to obtain the data ciphertext, the encryption service sends the data ciphertext to the back-end service, and the back-end service stores the data ciphertext to a database. When data reading is carried out, a client side sends access information to a back-end service, the back-end obtains a corresponding data ciphertext from a database according to the access information, the back-end service sends the data ciphertext to an encryption service, the encryption service decrypts the data ciphertext according to a preset private key of the encryption service to obtain a data plaintext, the encryption service encrypts the data plaintext according to a public key of a pre-stored personal certificate to obtain a data ciphertext, the encryption service sends the data ciphertext to the back-end service, the back-end service sends the data ciphertext to the client side, and the client side decrypts the data ciphertext according to a private key of a pre-configured personal certificate to obtain the data plaintext. Based on the application, in the transmission process of the database and the client, the data ciphertext is obtained by the back-end service, the data ciphertext is decrypted and secondarily encrypted through the encryption service with the higher security level, the data is transmitted in a ciphertext mode, the data leakage is effectively avoided, and the data transmission security is remarkably improved.
The functions described in the method of the embodiment of the present application, if implemented in the form of software functional units and sold or used as independent products, may be stored in a storage medium readable by a computing device. Based on such understanding, part of the contribution to the prior art of the embodiments of the present application or part of the technical solution may be embodied in the form of a software product stored in a storage medium and including several instructions for causing a computing device (which may be a personal computer, a server, a mobile computing device or a network device) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A data writing method is applied to a back-end service, and comprises the following steps:
acquiring a first data ciphertext and a user identifier sent by a client, wherein the client encrypts data according to a public key of a pre-configured personal certificate to obtain the first data ciphertext;
sending the first data ciphertext and the user identifier to an encryption service, wherein the encryption service acquires a private key of a corresponding personal certificate from a database which prestores the private key of the personal certificate and the user identifier corresponding to the personal certificate based on the user identifier, the encryption service decrypts the first data ciphertext according to the private key to obtain a data plaintext, and the encryption service encrypts the data plaintext according to a preset public key of the encryption service to obtain a second data ciphertext;
and acquiring the second data ciphertext fed back by the encryption service, and storing the second data ciphertext fed back by the encryption service to a database.
2. The method of claim 1, wherein the private key of the personal certificate is:
the encryption service is obtained by decrypting a private key ciphertext of the personal certificate obtained from the database based on a symmetric encryption algorithm.
3. A data reading method is applied to a back-end service, and comprises the following steps:
acquiring access information and a user identifier sent by a client, and acquiring a corresponding second data ciphertext from a database according to the access information;
the second data ciphertext and the user identification are sent to an encryption service, the encryption service decrypts the second data ciphertext according to a preset private key of the encryption service to obtain a data plaintext, the encryption service acquires a public key of a corresponding personal certificate from a database which prestores a public key of the personal certificate and the user identification corresponding to the personal certificate on the basis of the user identification, and the encryption service encrypts the data plaintext according to the public key to obtain a first data ciphertext;
and the first data ciphertext fed back by the encryption service is obtained and sent to the client, and the client decrypts the first data ciphertext according to a private key of a pre-configured personal certificate to obtain a data plaintext.
4. The method of claim 3, wherein the public key of the personal certificate is:
the encryption service is obtained by decrypting the public key ciphertext of the personal certificate obtained from the database based on a symmetric encryption algorithm.
5. A data encryption method, applied to an encryption service, comprising:
the method comprises the steps of obtaining a first data ciphertext and a user identifier sent by a back-end service, obtaining a private key of a corresponding personal certificate from a database which prestores a private key of the personal certificate and the user identifier corresponding to the personal certificate based on the user identifier, decrypting the first data ciphertext according to the private key to obtain a data plaintext, encrypting the data plaintext according to a preset public key of an encryption service to obtain a second data ciphertext, and sending the second data ciphertext to the back-end service; the key adopted by the first data ciphertext sent by the back-end service is a public key of a personal certificate configured in advance by the client;
or the like, or, alternatively,
acquiring a second data ciphertext and a user identifier sent by a back-end service, decrypting the second data ciphertext according to a preset private key of an encryption service to obtain a data plaintext, acquiring a public key of a corresponding personal certificate from a database which prestores a public key of the personal certificate and the user identifier corresponding to the personal certificate based on the user identifier, encrypting the data plaintext according to the public key to obtain a first data ciphertext, and sending the first data ciphertext to the back-end service; and the key adopted by the second data ciphertext sent by the back-end service is a preset public key of the encryption service.
6. A data writing apparatus, comprising:
the system comprises an acquisition unit, a data processing unit and a data processing unit, wherein the acquisition unit is used for acquiring a first data ciphertext and a user identifier sent by a client by a back-end service, and the client encrypts data according to a public key of a pre-configured personal certificate to obtain the first data ciphertext;
the sending unit is used for sending the first data ciphertext and the user identifier to an encryption service by the back-end service, the encryption service acquires a private key of a corresponding personal certificate from a database which prestores the private key of the personal certificate and the user identifier corresponding to the personal certificate based on the user identifier, the encryption service decrypts the first data ciphertext according to the private key to obtain a data plaintext, and the encryption service encrypts the data plaintext according to a preset public key of the encryption service to obtain a second data ciphertext;
and the storage unit is used for the back-end service to acquire the second data ciphertext fed back by the encryption service and store the second data ciphertext fed back by the encryption service to a database.
7. A data reading apparatus, comprising:
the acquisition unit is used for acquiring the access information and the user identification sent by the client by the back-end service and acquiring a corresponding second data ciphertext from the database according to the access information;
the sending unit is used for sending the second data ciphertext and the user identifier to an encryption service by the back-end service, the encryption service decrypts the second data ciphertext according to a preset private key of the encryption service to obtain a data plaintext, the encryption service obtains a public key of a corresponding personal certificate from a database in which a public key of the personal certificate and the user identifier corresponding to the personal certificate are prestored on the basis of the user identifier, and the encryption service encrypts the data plaintext according to the public key to obtain a first data ciphertext;
and the reading unit is used for the back-end service to acquire the first data ciphertext fed back by the encryption service and send the first data ciphertext fed back by the encryption service to the client, and the client decrypts the first data ciphertext according to a private key of a pre-configured personal certificate to obtain a data plaintext.
8. A data encryption apparatus, wherein the data encryption apparatus is applied to an encryption service, and comprises:
the system comprises a first encryption unit, a back-end service and a second encryption unit, wherein the first encryption unit is used for acquiring a first data ciphertext and a user identifier sent by the back-end service, acquiring a private key of a corresponding personal certificate from a database which prestores the private key of the personal certificate and the user identifier corresponding to the personal certificate based on the user identifier, decrypting the first data ciphertext according to the private key to obtain a data plaintext, encrypting the data plaintext according to a preset public key of the encryption service to obtain a second data ciphertext, and sending the second data ciphertext to the back-end service; the key adopted by the first data ciphertext sent by the back-end service is a public key of a personal certificate configured in advance by the client;
the second encryption unit is used for acquiring a second data ciphertext and a user identifier sent by a back-end service, decrypting the second data ciphertext according to a preset private key of the encryption service to obtain a data plaintext, acquiring a public key of a corresponding personal certificate from a database which prestores a public key of the personal certificate and the user identifier corresponding to the personal certificate based on the user identifier, encrypting the data plaintext according to the public key to obtain a first data ciphertext, and sending the first data ciphertext to the back-end service; and the key adopted by the second data ciphertext sent by the back-end service is a preset public key of the encryption service.
9. A data transmission system, comprising:
a client, a backend service and an encryption service;
the client is used for sending a first data ciphertext to the back-end service, and the client encrypts data according to a public key of a pre-configured personal certificate to obtain the first data ciphertext; sending access information to the back-end service, receiving a first data ciphertext fed back by the back-end service based on the access information, and decrypting the first data ciphertext according to a private key of a pre-configured personal certificate to obtain a data plaintext;
the back-end service is used for acquiring a first data ciphertext and a user identifier sent by the client, sending the first data ciphertext and the user identifier to the encryption service, acquiring a second data ciphertext fed back by the encryption service, and storing the second data ciphertext fed back by the encryption service in a database; acquiring access information and a user identifier sent by the client, acquiring a corresponding second data ciphertext from a database according to the access information, sending the second data ciphertext and the user identifier to the encryption service, acquiring a first data ciphertext fed back by the encryption service, and sending the first data ciphertext fed back by the encryption service to the client;
the encryption service is used for acquiring a first data ciphertext and a user identifier sent by the back-end service, acquiring a private key of a corresponding personal certificate from a database in which a private key of the personal certificate and the user identifier corresponding to the personal certificate are prestored based on the user identifier, decrypting the first data ciphertext according to the private key to obtain a data plaintext, encrypting the data plaintext according to a preset public key of the encryption service to obtain a second data ciphertext, and sending the second data ciphertext to the back-end service; and acquiring a second data ciphertext and a user identifier sent by the back-end service, decrypting the second data ciphertext according to a preset private key of the back-end service to obtain a data plaintext, acquiring a public key of a corresponding personal certificate from a database which prestores a public key of the personal certificate and the user identifier corresponding to the personal certificate based on the user identifier, encrypting the data plaintext according to the public key to obtain a first data ciphertext, and sending the first data ciphertext to the back-end service.
10. The system of claim 9, wherein the encryption service is further configured to:
decrypting a private key ciphertext of the personal certificate acquired from a database based on a symmetric encryption algorithm to obtain a private key of the personal certificate; and decrypting the public key ciphertext of the personal certificate acquired from the database based on a symmetric encryption algorithm to obtain the public key of the personal certificate.
CN201910864586.9A 2019-09-12 2019-09-12 Data writing, reading and encrypting method and device and data transmission system Active CN110795743B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910864586.9A CN110795743B (en) 2019-09-12 2019-09-12 Data writing, reading and encrypting method and device and data transmission system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910864586.9A CN110795743B (en) 2019-09-12 2019-09-12 Data writing, reading and encrypting method and device and data transmission system

Publications (2)

Publication Number Publication Date
CN110795743A CN110795743A (en) 2020-02-14
CN110795743B true CN110795743B (en) 2022-03-25

Family

ID=69427150

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910864586.9A Active CN110795743B (en) 2019-09-12 2019-09-12 Data writing, reading and encrypting method and device and data transmission system

Country Status (1)

Country Link
CN (1) CN110795743B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111914289B (en) * 2020-07-15 2023-11-24 中国民航信息网络股份有限公司 Application program configuration information protection method and device
CN112491921A (en) * 2020-12-07 2021-03-12 中国电子信息产业集团有限公司第六研究所 Block chain-based distributed gateway data protection system and protection method
CN112632587A (en) * 2020-12-30 2021-04-09 中国农业银行股份有限公司 Method and device for processing data by service middling station

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101668018A (en) * 2009-10-13 2010-03-10 金蝶软件(中国)有限公司 Network transmission method and system therefor
CN104426973A (en) * 2013-09-03 2015-03-18 中国移动通信集团公司 Cloud database encryption method, system and device
CN108496336A (en) * 2018-03-21 2018-09-04 福建联迪商用设备有限公司 A kind of method and POS terminal of transmission key
CN109450881A (en) * 2018-10-26 2019-03-08 天津海泰方圆科技有限公司 A kind of data transmission system, method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101668018A (en) * 2009-10-13 2010-03-10 金蝶软件(中国)有限公司 Network transmission method and system therefor
CN104426973A (en) * 2013-09-03 2015-03-18 中国移动通信集团公司 Cloud database encryption method, system and device
CN108496336A (en) * 2018-03-21 2018-09-04 福建联迪商用设备有限公司 A kind of method and POS terminal of transmission key
CN109450881A (en) * 2018-10-26 2019-03-08 天津海泰方圆科技有限公司 A kind of data transmission system, method and device

Also Published As

Publication number Publication date
CN110795743A (en) 2020-02-14

Similar Documents

Publication Publication Date Title
CN104602238B (en) A kind of wireless network connecting method, device and system
CN110795743B (en) Data writing, reading and encrypting method and device and data transmission system
AU2013101722A4 (en) Data security management system
CN104917759B (en) Based on third-party secure file storage and shared system and method
KR102364874B1 (en) Method and apparatus for facilitating electronic payments using a wearable device
US9485096B2 (en) Encryption / decryption of data with non-persistent, non-shared passkey
JP6145806B2 (en) Immediate communication method and system
EP3185466B1 (en) Encrypted communications method and communications terminal, and computer storage medium
CN106612275B (en) User terminal and method for transmitting and receiving messages
WO2020019387A1 (en) Method for acquiring video resource file, and management system
CN101247356B (en) DHCP message passing method and system
JP2008187280A (en) Electronic mail system, electronic mail relay device, electronic mail relay method, and electronic mail relay program
US10063655B2 (en) Information processing method, trusted server, and cloud server
CN103475474A (en) Method for providing and acquiring shared enciphered data and identity authentication equipment
KR101541165B1 (en) Mobile message encryption method, computer readable recording medium recording program performing the method and download server storing the method
CN109547196B (en) Watch token system implementation method, watch token system and device
CN103067897A (en) Asymmetrical mobile phone short message encryption method
JP2015095896A (en) Method for encrypting and decrypting file using telephone number
CN110750326B (en) Disk encryption and decryption method and system for virtual machine
CN103997730A (en) Method for decrypting, copying and pasting encrypted data
CN105635100A (en) Information encryption method, information decryption method and terminal
US20140185808A1 (en) Apparatus, systems, and methods for encryption key distribution
KR102293610B1 (en) Secure instant messaging method and attaratus thereof
CN104734853A (en) Information processing apparatus and information processing method
CN112041897B (en) Control method, ticketing rule server, ticket checking rule server and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant