CN111783117B - Plaintext data processing method, device and system - Google Patents
Plaintext data processing method, device and system Download PDFInfo
- Publication number
- CN111783117B CN111783117B CN202010608842.0A CN202010608842A CN111783117B CN 111783117 B CN111783117 B CN 111783117B CN 202010608842 A CN202010608842 A CN 202010608842A CN 111783117 B CN111783117 B CN 111783117B
- Authority
- CN
- China
- Prior art keywords
- data
- plaintext
- ciphertext
- encryption
- plaintext data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title abstract description 7
- 238000000034 method Methods 0.000 claims abstract description 29
- 238000012545 processing Methods 0.000 claims description 35
- 230000005540 biological transmission Effects 0.000 claims description 18
- 238000004590 computer program Methods 0.000 claims description 13
- 230000009466 transformation Effects 0.000 abstract description 16
- 238000010586 diagram Methods 0.000 description 16
- 230000006870 function Effects 0.000 description 15
- 238000004891 communication Methods 0.000 description 10
- 230000008569 process Effects 0.000 description 6
- 239000000872 buffer Substances 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000006243 chemical reaction Methods 0.000 description 3
- 238000013500 data storage Methods 0.000 description 3
- 238000002407 reforming Methods 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000001131 transforming effect Effects 0.000 description 2
- 238000011144 upstream manufacturing Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a plaintext data processing method, device and system, wherein the method comprises the following steps: acquiring plaintext data; setting ciphertext data identification for plaintext data according to a preset rule, and encrypting the plaintext data to generate encrypted data; storing the encrypted data in a preset ciphertext storage unit, wherein the storage form comprises the following steps: directly storing the encrypted data and storing the HEX code of the encrypted data. The invention can realize transformation from plaintext data to ciphertext data, better protect client information and realize less transformation on a plaintext system.
Description
Technical Field
The present invention relates to the field of data processing, and in particular, to a method, an apparatus, and a system for processing plaintext data.
Background
At present, the private information of users in the system is commonly stored in a plaintext, and the same private information is redundantly distributed in different service systems, so that the information is easy to lose, steal, leak, forge and change. With the increasing awareness of customer information protection and the increasingly stringent regulations for customer information protection and administration, an intersystem transmission and storage method is needed to support the increased protection of customer information.
In order to solve the problem of leakage of the plain text data of the client information, the current practice in the industry generally adopts encryption storage. For data transmission among a plurality of service systems, storage and verification of ciphertext information can be inconvenient, and meanwhile, for a system with stock already adopting plaintext storage, the reconstruction workload is large.
Disclosure of Invention
In view of the above, the present invention provides a method, apparatus and system for processing plaintext data, so as to solve at least one of the above-mentioned problems.
According to a first aspect of the present invention, there is provided a plaintext data processing method, the method comprising: acquiring plaintext data; setting ciphertext data identification for the plaintext data according to a preset rule, and encrypting the plaintext data to generate encrypted data; storing the encrypted data in a preset ciphertext storage unit, wherein the storage form comprises the following steps: directly storing the encrypted data and storing the HEX code of the encrypted data.
According to a second aspect of the present invention, there is provided a plaintext data processing apparatus, the apparatus comprising: the plaintext data acquisition unit is used for acquiring plaintext data; the ciphertext data identifier setting unit is used for setting ciphertext data identifiers for the plaintext data according to a preset rule; the encryption data generation unit is used for encrypting the plaintext data to generate encryption data; the storage execution unit is used for storing the encrypted data in a preset ciphertext storage unit, wherein the storage form comprises the following steps: directly storing the encrypted data and storing the HEX code of the encrypted data.
According to a third aspect of the present invention, there is provided a plaintext data processing system, the system comprising: an encryption platform and the plaintext data processing apparatus.
According to a fourth aspect of the present invention there is provided an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the above method when the program is executed.
According to a fifth aspect of the present invention there is provided a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the above method.
According to the technical scheme, the ciphertext data identifier is set for the plaintext data, the plaintext data is encrypted to generate encrypted data, and the encrypted data is stored in the preset ciphertext storage unit, so that transformation from the plaintext data to the ciphertext data can be realized, client information is better protected, and meanwhile, transformation of a plaintext system is smaller.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a plaintext data processing method according to an embodiment of the present invention;
FIG. 2 is a diagram of transformation of plaintext data into ciphertext data according to an embodiment of the invention;
FIG. 3 is a block diagram of a plaintext data processing system according to an embodiment of the present invention;
FIG. 4 is a block diagram of a plaintext data processing apparatus according to an embodiment of the present invention;
FIG. 5 is a detailed block diagram of a plaintext data processing apparatus according to an embodiment of the present invention;
FIG. 6 is an exemplary block diagram of a plaintext data processing system according to an embodiment of the present invention;
Fig. 7 is a schematic block diagram of a system configuration of an electronic device 600 according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In order to solve the problem of leakage of the plain text data of the client information, encryption storage is mainly adopted at present, but for data transmission among a plurality of service systems, storage and verification of ciphertext information are inconvenient. If the plaintext storage system is transformed into the ciphertext system, the transformation workload is larger. Based on the above, the embodiment of the invention provides a plaintext data processing scheme, which processes plaintext data into ciphertext data, so that the ciphertext data can be conveniently stored and circulated in a plurality of systems, client information can be better protected, and the influence of system transformation is reduced to the greatest extent. Embodiments of the present invention are described in detail below with reference to the accompanying drawings.
FIG. 1 is a flowchart of a plaintext data processing method according to an embodiment of the present invention, as shown in FIG. 1, the method comprising:
step 101, plaintext data is obtained, the plaintext data representing unencrypted data.
And 102, setting a ciphertext data identifier for the plaintext data according to a predetermined rule, and encrypting the plaintext data to generate encrypted data.
The predetermined rule herein may be a rule for mapping data into an identification, and may be according to actual operations, to which the present invention is not limited.
Step 103, storing the encrypted data in a preset ciphertext storage unit, wherein the storage form comprises: directly storing the encrypted data and storing the HEX code of the encrypted data.
The ciphertext data identification is set for the plaintext data based on a preset rule, the plaintext data is encrypted to generate encrypted data, and the encrypted data is stored in a preset ciphertext storage unit, so that transformation from the plaintext data to the ciphertext data can be realized, client information is better protected, and meanwhile, transformation to a plaintext system is smaller.
For the plaintext data, a ciphertext data Identification (ID) is set in step 102, that is, a field in which plaintext information is originally stored is changed to a record ID in which ciphertext information is stored.
In actual operation, if ciphertext is directly stored in the original plaintext storage space, the following problems may exist:
1) Since encryption algorithms may result in ciphertext requiring more storage space than plaintext, a change of table structure, associated file structure, and interface communication area is required. That is, all places where the information is used in the system need to be modified, all upstream and downstream are affected (whether ciphertext information is stored or not), the related area is wide, and the workload is high.
2) If the ciphertext is directly stored in the plaintext space, the plaintext and ciphertext can be stored in a mixed mode, and a series of problems such as transmission and incapability of unifying data deformation rules are caused.
Therefore, by setting the ciphertext data identifier for the plaintext data and encrypting the plaintext data to generate encrypted data and storing the encrypted data in the preset ciphertext storage unit, the client information can be protected, and the influence of system transformation is reduced to the greatest extent.
The flow of transforming plaintext data into ciphertext data is described in detail below in connection with fig. 2.
As shown in fig. 2, the ciphertext record ID (corresponding to the ciphertext data identifier) is stored in a plaintext field, the actual encrypted information (corresponding to the encrypted data) is stored in a newly created ciphertext table (corresponding to the preset ciphertext storage unit), and the association relationship between the client and the ciphertext information is associated with the ciphertext record ID as an external key. The table structure, the file structure and the interface communication area do not need to be modified, and only the internal logic processing modification of a single service system is involved, so that the influence is controlled in the service system range involving the storage of ciphertext. In the embodiment of the invention, plaintext data and ciphertext data are stored separately, the plaintext part (including the record ID of the ciphertext) maintains the original data transmission and data deformation rules, and the newly added ciphertext can independently design new transmission rules and data deformation rules and can be specifically set according to actual conditions.
In practice, the host system string may use two encoding tables. Generally, ASCII codes are required to support multilingual character set fields, and EBCDIC codes are used for others. The information to be encrypted is in ASCII code, and the record ID may be in EBCDIC code. The system implementation needs to take into account the transition between the two coding types.
Specifically, the EBCDIC code and the ASCII code are mutually converted, for example, the EBCDIC code of the number 0 is 0xf0, and the ASCII code is 0x30, and the mutual conversion is possible in such correspondence.
In a specific implementation operation, the plaintext data may be encrypted by the encryption platform, i.e., the encryption platform is invoked to encrypt the data. The encryption algorithm is uniformly packaged by the encryption platform, and can be loosely coupled with a service system.
Specifically, the unified encryption platform provides an encryption/decryption interface for all other related encryption/decryption service system calls (supporting host online, batch interfaces, supporting platform online interfaces) to use the 3DES algorithm. The encryption interface needs to ensure that the same data source (without code system conversion) and the encryption result is the same under the condition of the same key. The encryption platform uniformly manages the keys of the host/platform application and is transparent to all other business systems.
In one embodiment, unified rules for encrypted storage, transmission, and presentation are specified for customer sensitive information. For example, client sensitive information can only be stored by ciphertext, and intersystem file transfer also only transfers ciphertext; the interface display can display single customer sensitive information and can display plaintext; for the function of providing the bulk export data, the export data needs to be encrypted and authorized by using the document security protection system.
Preferably, the encrypted data is transmitted after being processed according to the coding rule adopted by the sender system and the receiver system of the data transmission.
In particular, different business systems support encrypted storage and streaming of the same information using different character sets and different keys. In the plaintext system reconstruction process, the transmission difficulty to be solved is as follows: the ciphertext information flow system has two completely different character encoding tables. For example, IBM mainframes use EBCDIC codes, common miniframes use industry standard encoded ASCII codes, and ASCII code systems exist for conversion of different multilingual character sets. Therefore, in the process of transforming the plaintext into the ciphertext according to the embodiment of the present invention, a set of rules for different character encoding tables needs to be designed. The different codebooks here are binary values of one word stored in a computer.
The storage form of ciphertext mainly comprises two types: 1) Directly storing the ciphertext character; 2) The ciphertext HEX codeword string is stored. Which storage form is taken is primarily determined by the encryption and decryption service and the file transfer system.
In general, a host system (EBCDIC code) stores client information by adopting a local language code system, and directly stores ciphertext characters into a database after encryption; and the file needs to be decoded when the data is distributed to the secondary data system (ASCII code). For the host system character string, there are two types of decoding modes, EBCDIC code decoding and ASCII code decoding.
The EDCDIC code decoding mode is to convert according to the comparison relation between the EBCDIC code table and the ASCII code, and relates to the modification of the original character string content, which does not meet the ciphertext transmission requirement. The ASCII code decoding rule is to check the character set used according to the region where the data is located (for example, the chinese character set is GB18030, the japanese is SJIS), the characters not belonging to the character set in the region are converted into the numbers, the value range of the ciphertext single character is 0x00-0xFF, the characters not belonging to any character set code system, and there is a risk of modifying the original text content.
By analyzing the ciphertext HEX codeword string, it can be seen that the ciphertext HEX code is comprised of digits and letters a-F, which are standard ASCII codes, independent of the multilingual character set. And the platform system adopts UTF8 code system storage, and adopts ciphertext HEX code character string form storage and communication, so that the use and decoding can be more convenient.
In addition, in the data transmission loading process, the situation that the original text storage code systems are different needs to be considered, and if the storage code systems of the upstream system and the downstream system (namely, the data sender system and the data receiver system) are different, the data needs to be subjected to decryption-transcoding-re-encryption operation. For example, if the plaintext information is in the same code system or is only data letters, the plaintext information is directly stored without transcoding. The rule is also applicable to the situation that information comparison is needed among different service systems.
In actual operation, encryption switching parameters may also be set according to the region rule to control the encryption operation.
Specifically, the encryption switch parameter may be set per trial point of the region, and only the region where the encryption parameter is set may be encrypted.
In general, the client information protection is implemented according to local supervision laws and regulations, encryption switch parameters are set according to regions, and the client data is encrypted according to actual conditions of the local supervision laws and regulations. In addition, the system risk can be better controlled by setting the switch parameters, and if a problem is found during operation, one-key rollback can be realized by closing the switch.
The design scheme of how the ciphertext data is stored and circulated in a plurality of systems fully considers the implementation characteristics of the client information protection condition and the implementation condition among the systems; through the idea of converting plaintext storage into ciphertext storage, the transformation influence can be reduced. Meanwhile, by setting encryption switch parameters, step-by-step test points can be realized, and risk controllability is realized. In addition, the embodiment of the invention provides a preset ciphertext storage unit for storing ciphertext, which has flexible structure and convenient subsequent expansion, so that the encryption algorithm better provides service for protecting client information.
Based on similar inventive concepts, an embodiment of the present invention further provides a plaintext data processing system, as shown in fig. 3, including: the encryption platform 1 and the plaintext data processing device 2, wherein the plaintext data processing device calls the encryption platform to perform encryption and decryption operations of data. Preferably, the plaintext data processing apparatus 2 is configured to implement the procedure in the above-described method embodiment.
Fig. 4 is a block diagram of the plain data processing apparatus 2, and as shown in fig. 4, the apparatus includes: a plaintext data acquisition unit 41, a ciphertext data identification setting unit 42, an encrypted data generation unit 43, and a storage execution unit 44.
A plaintext data acquisition unit 41 for acquiring plaintext data;
A ciphertext data identifier setting unit 42 that sets ciphertext data identifiers for the plaintext data according to a predetermined rule;
an encrypted data generation unit 43 for encrypting the plaintext data to generate encrypted data;
A storage execution unit 44, configured to store the encrypted data in a preset ciphertext storage unit, where the storage form includes: directly storing the encrypted data and storing the HEX code of the encrypted data.
By setting the ciphertext data identifier for the plaintext data based on a predetermined rule by the ciphertext data identifier setting unit 42, the plaintext data is encrypted by the encrypted data generating unit 43, the encrypted data is generated, and the encrypted data is stored in the preset ciphertext storage unit by the storage executing unit 44, so that transformation from the plaintext data to the ciphertext data can be realized, customer information can be better protected, and meanwhile, transformation of a plaintext system is smaller.
Specifically, the above-described encrypted data generation unit 43 is specifically configured to: and encrypting the data corresponding to the plaintext data identifier through an encryption platform.
As shown in fig. 5, the apparatus further includes: and the data transmission unit 45 is configured to transmit the encrypted data after performing processing corresponding to the encoding rule based on the encoding rule adopted by the sender system and the receiver system of the data transmission.
The device further comprises: an encryption switch parameter setting unit 46 for setting encryption switch parameters according to the region rule to control the encryption operation.
The specific implementation process of each unit may be referred to the description in the above method embodiment, and will not be repeated here.
In actual operation, the above units may be combined or may be singly disposed, and the present invention is not limited thereto.
FIG. 6 is an exemplary block diagram of a plaintext data processing system according to an embodiment of the present invention, as shown in FIG. 6, the system comprising: front-end transaction/report end, data storage end and encryptor cluster, wherein: the front-end transaction/report end is used for displaying a plaintext and deriving a ciphertext; the data storage end is used for storing ciphertext through a database or a file; and the encryption machine cluster is used for providing encryption and decryption services.
The storage format of the ciphertext mainly comprises: ciphertext HEX code strings (referred to as a format) and ciphertext characters (referred to as B format).
As shown in fig. 6, at the data storage end, for the host, the database stores ciphertext in B format and the file stores ciphertext in a format; for an open platform, both the database and the file store ciphertext in a format A.
At the front-end transaction/report end, the host and the open platform can respectively transmit data in the format A and the file transmission system, at this time, whether the code system is the same is judged, and when the code systems are different, decryption-transcoding-re-encryption operation (namely decryption-decoding-encryption operation in the figure) is needed.
The present embodiment also provides an electronic device, which may be a desktop computer, a tablet computer, a mobile terminal, or the like, and the present embodiment is not limited thereto. In this embodiment, the electronic device may be implemented by referring to the above method embodiment and the embodiment of the plaintext data processing apparatus/system, and the contents thereof are incorporated herein, and the repetition is omitted.
Fig. 7 is a schematic block diagram of a system configuration of an electronic device 600 according to an embodiment of the present invention. As shown in fig. 7, the electronic device 600 may include a central processor 100 and a memory 140; memory 140 is coupled to central processor 100. Notably, the diagram is exemplary; other types of structures may also be used in addition to or in place of the structures to implement telecommunications functions or other functions.
In one embodiment, the plaintext data processing functions may be integrated into the central processor 100. Wherein the central processor 100 may be configured to control as follows:
step 101, obtaining plaintext data, wherein the plaintext data comprises: a plaintext data identifier and data corresponding to the plaintext data identifier;
102, setting a plaintext data identifier in the plaintext data as a ciphertext data identifier according to a predetermined rule, and encrypting data corresponding to the plaintext data identifier to generate encrypted data;
Step 103, storing the encrypted data in a preset ciphertext storage unit, wherein the storage form comprises: directly storing the encrypted data and storing the HEX code of the encrypted data.
The ciphertext data identification is set for the plaintext data based on a preset rule, the plaintext data is encrypted to generate encrypted data, and the encrypted data is stored in a preset ciphertext storage unit, so that transformation from the plaintext data to the ciphertext data can be realized, client information is better protected, and meanwhile, transformation to a plaintext system is smaller.
In another embodiment, the plaintext data processing apparatus/system may be configured separately from the cpu 100, for example, the plaintext data processing apparatus/system may be configured as a chip connected to the cpu 100, and the plaintext data processing functions are implemented by the control of the cpu.
As shown in fig. 7, the electronic device 600 may further include: a communication module 110, an input unit 120, an audio processing unit 130, a display 160, a power supply 170. It is noted that the electronic device 600 need not include all of the components shown in fig. 7; in addition, the electronic device 600 may further include components not shown in fig. 7, to which reference is made to the related art.
As shown in fig. 7, the central processor 100, sometimes also referred to as a controller or operational control, may include a microprocessor or other processor device and/or logic device, which central processor 100 receives inputs and controls the operation of the various components of the electronic device 600.
The memory 140 may be, for example, one or more of a buffer, a flash memory, a hard drive, a removable media, a volatile memory, a non-volatile memory, or other suitable device. The information about failure may be stored, and a program for executing the information may be stored. And the central processor 100 can execute the program stored in the memory 140 to realize information storage or processing, etc.
The input unit 120 provides an input to the central processor 100. The input unit 120 is, for example, a key or a touch input device. The power supply 170 is used to provide power to the electronic device 600. The display 160 is used for displaying display objects such as images and characters. The display may be, for example, but not limited to, an LCD display.
The memory 140 may be a solid state memory such as Read Only Memory (ROM), random Access Memory (RAM), SIM card, or the like. But also a memory which holds information even when powered down, can be selectively erased and provided with further data, an example of which is sometimes referred to as EPROM or the like. Memory 140 may also be some other type of device. Memory 140 includes a buffer memory 141 (sometimes referred to as a buffer). The memory 140 may include an application/function storage 142, the application/function storage 142 for storing application programs and function programs or a flow for executing operations of the electronic device 600 by the central processor 100.
The memory 140 may also include a data store 143, the data store 143 for storing data, such as contacts, digital data, pictures, sounds, and/or any other data used by the electronic device. The driver storage 144 of the memory 140 may include various drivers of the electronic device for communication functions and/or for performing other functions of the electronic device (e.g., messaging applications, address book applications, etc.).
The communication module 110 is a transmitter/receiver 110 that transmits and receives signals via an antenna 111. A communication module (transmitter/receiver) 110 is coupled to the central processor 100 to provide an input signal and receive an output signal, which may be the same as in the case of a conventional mobile communication terminal.
Based on different communication technologies, a plurality of communication modules 110, such as a cellular network module, a bluetooth module, and/or a wireless local area network module, etc., may be provided in the same electronic device. The communication module (transmitter/receiver) 110 is also coupled to a speaker 131 and a microphone 132 via an audio processor 130 to provide audio output via the speaker 131 and to receive audio input from the microphone 132 to implement usual telecommunication functions. The audio processor 130 may include any suitable buffers, decoders, amplifiers and so forth. In addition, the audio processor 130 is also coupled to the central processor 100 so that sound can be recorded locally through the microphone 132 and so that sound stored locally can be played through the speaker 131.
The embodiment of the invention also provides a computer readable storage medium, on which a computer program is stored, which when being executed by a processor, implements the steps of the above-mentioned plaintext data processing method.
In summary, in order to solve the problem of leakage of the plaintext data of the client information, the embodiment of the invention provides a method for safely storing and transferring the confidential information of the client by encrypting and reforming the stock plaintext storage system, fully considers the implementation characteristics of the protection condition of the client information and the implementation conditions among systems, provides a feasible idea for reforming the ciphertext storage system of the plaintext storage system, and reduces the reforming influence. Moreover, the risk is controllable through step-by-step test points; the system after transformation has flexible structure and can be extended subsequently, so that the encryption algorithm can better provide service for protecting the client information.
Preferred embodiments of the present invention are described above with reference to the accompanying drawings. The many features and advantages of the embodiments are apparent from the detailed specification, and thus, it is intended by the appended claims to cover all such features and advantages of the embodiments which fall within the true spirit and scope thereof. Further, since numerous modifications and changes will readily occur to those skilled in the art, it is not desired to limit the embodiments of the invention to the exact construction and operation illustrated and described, and accordingly, all suitable modifications and equivalents may be resorted to, falling within the scope thereof.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The principles and embodiments of the present invention have been described in detail with reference to specific examples, which are provided to facilitate understanding of the method and core ideas of the present invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.
Claims (9)
1. A method of plaintext data processing, the method comprising:
acquiring plaintext data;
Setting a ciphertext data identifier for the plaintext data according to a preset rule, storing the ciphertext data identifier in a storage space corresponding to the plaintext data, and encrypting the plaintext data to generate encrypted data;
Determining a storage form according to the language coding type for storing the encrypted data, and storing the encrypted data in a preset ciphertext storage unit according to the determined storage form, wherein the storage form comprises the following steps: directly storing the encrypted data and a HEX code storing the encrypted data;
designating unified encryption storage, transmission and presentation rules for the client sensitive information;
And setting encryption switching parameters according to the region rule to control encryption operation.
2. The method of claim 1, wherein encrypting plaintext data comprises:
Encrypting the plaintext data through an encryption platform.
3. The method according to claim 1, wherein the method further comprises:
And based on coding rules adopted by a sender system and a receiver system of data transmission, the encrypted data is transmitted after being processed corresponding to the coding rules.
4. A plaintext data processing apparatus, the apparatus comprising:
the plaintext data acquisition unit is used for acquiring plaintext data;
The ciphertext data identifier setting unit is used for setting ciphertext data identifiers for the plaintext data according to a preset rule, and storing the ciphertext data identifiers in a storage space corresponding to the plaintext data;
The encryption data generation unit is used for encrypting the plaintext data to generate encryption data;
The storage execution unit is used for determining a storage form according to the language coding type for storing the encrypted data, and storing the encrypted data in a preset ciphertext storage unit according to the determined storage form, wherein the storage form comprises the following steps: directly storing the encrypted data and a HEX code storing the encrypted data;
And the encryption switch parameter setting unit is used for setting the encryption switch parameters according to the region rule so as to control the encryption operation.
5. The apparatus according to claim 4, wherein the encrypted data generation unit is specifically configured to:
Encrypting the plaintext data through an encryption platform.
6. The apparatus of claim 4, wherein the apparatus further comprises:
And the data transmission unit is used for transmitting the encrypted data after processing corresponding to the coding rule based on the coding rule adopted by the sender system and the receiver system of the data transmission.
7. A plaintext data processing system, the system comprising: an encryption platform, and a plaintext data processing apparatus as claimed in any one of claims 4 to 6.
8. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method of any one of claims 1 to 3 when the program is executed by the processor.
9. A computer-readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010608842.0A CN111783117B (en) | 2020-06-30 | 2020-06-30 | Plaintext data processing method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010608842.0A CN111783117B (en) | 2020-06-30 | 2020-06-30 | Plaintext data processing method, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111783117A CN111783117A (en) | 2020-10-16 |
| CN111783117B true CN111783117B (en) | 2024-04-30 |
Family
ID=72761212
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010608842.0A Active CN111783117B (en) | 2020-06-30 | 2020-06-30 | Plaintext data processing method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111783117B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101616162A (en) * | 2009-08-04 | 2009-12-30 | 中兴通讯股份有限公司 | A kind of system and method thereof of handling cryptograph files |
| CN105471826A (en) * | 2014-09-04 | 2016-04-06 | 中电长城网际系统应用有限公司 | Ciphertext data query method, device and ciphertext query server |
| CN106934030A (en) * | 2016-12-08 | 2017-07-07 | 戴林 | The ciphertext index method and Ku Nei encryption systems of a kind of data base-oriented encryption |
| CN109858263A (en) * | 2019-01-21 | 2019-06-07 | 北京城市网邻信息技术有限公司 | Search data memory method, apparatus, electronic equipment and storage medium |
| CN110391895A (en) * | 2019-07-31 | 2019-10-29 | 阿里巴巴集团控股有限公司 | Data preprocessing method, ciphertext data capture method, device and electronic equipment |
| CN110519203A (en) * | 2018-05-21 | 2019-11-29 | 北京京东尚科信息技术有限公司 | A kind of data encryption and transmission method and device |
| CN110795741A (en) * | 2018-08-01 | 2020-02-14 | 北京京东金融科技控股有限公司 | Method and device for carrying out security processing on data |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10476661B2 (en) * | 2016-06-27 | 2019-11-12 | Fujitsu Limited | Polynomial-based homomorphic encryption |
-
2020
- 2020-06-30 CN CN202010608842.0A patent/CN111783117B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101616162A (en) * | 2009-08-04 | 2009-12-30 | 中兴通讯股份有限公司 | A kind of system and method thereof of handling cryptograph files |
| CN105471826A (en) * | 2014-09-04 | 2016-04-06 | 中电长城网际系统应用有限公司 | Ciphertext data query method, device and ciphertext query server |
| CN106934030A (en) * | 2016-12-08 | 2017-07-07 | 戴林 | The ciphertext index method and Ku Nei encryption systems of a kind of data base-oriented encryption |
| CN110519203A (en) * | 2018-05-21 | 2019-11-29 | 北京京东尚科信息技术有限公司 | A kind of data encryption and transmission method and device |
| CN110795741A (en) * | 2018-08-01 | 2020-02-14 | 北京京东金融科技控股有限公司 | Method and device for carrying out security processing on data |
| CN109858263A (en) * | 2019-01-21 | 2019-06-07 | 北京城市网邻信息技术有限公司 | Search data memory method, apparatus, electronic equipment and storage medium |
| CN110391895A (en) * | 2019-07-31 | 2019-10-29 | 阿里巴巴集团控股有限公司 | Data preprocessing method, ciphertext data capture method, device and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111783117A (en) | 2020-10-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109150499B (en) | Method and device for dynamically encrypting data, computer equipment and storage medium | |
| JPH09179871A (en) | System and method providing safe sql-level access to data base | |
| US7191343B2 (en) | Voucher driven on-device content personalization | |
| US7751556B2 (en) | Apparatus and method of generating falsification detecting data of encrypted data in the course of process | |
| WO2020233033A1 (en) | Information interaction method, device and storage medium | |
| CN112287372A (en) | Method and apparatus for protecting clipboard privacy | |
| US8891760B2 (en) | System for checking acceptance of string by automaton | |
| CN111680067A (en) | Data processing method, device and system based on block chain | |
| CN111464564A (en) | Data high-speed encryption and decryption method and device based on symmetric cryptographic algorithm | |
| CN115529587A (en) | Wireless Bluetooth keyboard data transmission equipment, method and system thereof | |
| CN114416773B (en) | Data processing method, device, storage medium and server | |
| CN111783117B (en) | Plaintext data processing method, device and system | |
| CN106817216B (en) | ZIP (ZIP packet decompression) method based on ZLib library and AES (advanced encryption Standard) algorithm | |
| CN116886391A (en) | Internet of things equipment authentication method and device, storage medium and electronic equipment | |
| CN116248343A (en) | Registration and login method and system for client | |
| US8966254B2 (en) | Keyless challenge and response system | |
| CN115757535A (en) | Data query method, data storage method and device and electronic equipment | |
| CN114969793A (en) | Encryption upgrading method, device and system for software product | |
| CN101141442A (en) | System and method for implementing memory card function service | |
| JP6763096B1 (en) | system | |
| CN111241173A (en) | Method and system for data interaction among multiple systems | |
| CN110737910A (en) | Android log decryption management method, device, equipment and medium | |
| CN109918929A (en) | A kind of encrypting and decrypting method and device | |
| KR20080030266A (en) | Service method for encryption of short message and apparatus thereof | |
| CN113297587B (en) | Data storage method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |