CN113849847A - Method, apparatus and medium for encrypting and decrypting sensitive data - Google Patents

Method, apparatus and medium for encrypting and decrypting sensitive data Download PDF

Info

Publication number
CN113849847A
CN113849847A CN202111449142.2A CN202111449142A CN113849847A CN 113849847 A CN113849847 A CN 113849847A CN 202111449142 A CN202111449142 A CN 202111449142A CN 113849847 A CN113849847 A CN 113849847A
Authority
CN
China
Prior art keywords
key
sensitive data
server
service server
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111449142.2A
Other languages
Chinese (zh)
Other versions
CN113849847B (en
Inventor
张静
陈亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Ouying Information Technology Co Ltd
Original Assignee
Beijing Ouying Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Ouying Information Technology Co Ltd filed Critical Beijing Ouying Information Technology Co Ltd
Priority to CN202111449142.2A priority Critical patent/CN113849847B/en
Publication of CN113849847A publication Critical patent/CN113849847A/en
Application granted granted Critical
Publication of CN113849847B publication Critical patent/CN113849847B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Automation & Control Theory (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Embodiments of the present disclosure relate to methods, apparatuses, and media for encrypting and decrypting sensitive data. According to the method, a first request which is sent to a first service server by a first user through client equipment and used for inputting data to be input into the first service server is obtained at an application gateway; analyzing the data to be input to determine whether the data to be input comprises sensitive data; in response to the fact that the data to be recorded comprise sensitive data, acquiring a first secret key from a secret key management system based on a first server identification and a first access right so as to encrypt the sensitive data based on the first secret key; combining the encrypted sensitive data and the first key identification into a first ciphertext string; and sending the first ciphertext string and the non-sensitive data in the data to be recorded to the first business server. Therefore, the security and the usability of the sensitive data can be effectively ensured, and the calculation amount of the encryption and decryption processes can be reduced.

Description

Method, apparatus and medium for encrypting and decrypting sensitive data
Technical Field
Embodiments of the present disclosure relate generally to the field of data processing, and more particularly, to a method, apparatus, and medium for encrypting and decrypting sensitive data.
Background
The data encryption is widely applied to the stages of acquisition, transmission, storage, use and the like of the life cycle of an information system and is used for protecting the integrity and confidentiality of data. By encrypting the data, the cracking difficulty after the data leakage can be improved, so that an attacker cannot obtain the original data. As the country pays more and more attention to the protection of sensitive data such as data security and personal privacy information, data encryption is also increasingly applied to the field of personal privacy protection. Currently, to protect sensitive data, it is common to encrypt and store the sensitive data using an Algorithm such as Message Digest Algorithm 5 (MD 5), or to encrypt the sensitive data using a Key Management System (KMS) from collection, exchange to storage. However, the method for encrypting the sensitive data by using the MD5 algorithm is too simple and is easy to risk being hit, for example, many websites providing MD5 hit in China exist at present, so the encryption method is not reliable. The full link encryption of sensitive data by using a Key Management System (KMS) can ensure that data transmitted in each downstream business system is ciphertext data, but the method has the risks of high business transformation cost, high encryption and decryption calculation pressure, non-compliance in the encryption and decryption process and the like.
Accordingly, there is a need to provide a technique for encrypting and decrypting sensitive data, such that the security and usability of the sensitive data can be effectively ensured without the risk of data non-compliance, and the amount of computation of the encryption and decryption processes can be reduced, thereby contributing to the improvement of the efficiency of encrypting and decrypting the sensitive data.
Disclosure of Invention
In view of the above problems, the present disclosure provides a method and apparatus for encrypting and decrypting sensitive data, so that security and usability of sensitive data can be effectively guaranteed without risk of data non-compliance, and the amount of computation of the encryption and decryption processes can be reduced, thereby contributing to improving the efficiency of encrypting and decrypting sensitive data.
According to a first aspect of the present disclosure, there is provided a method for encrypting and decrypting sensitive data, comprising: at an application gateway, acquiring a first request which is sent by a first user to a first service server via a client device and is used for inputting data to be input into the first service server, wherein the first request comprises a first server identification of the first service server, and the first user has a first access right to the first service server; analyzing the data to be input to determine whether the data to be input comprises sensitive data; in response to determining that the data to be entered includes sensitive data, acquiring a first key from a key management system based on the first server identifier and the first access right so as to encrypt the sensitive data based on the first key, wherein the first key and a first key identifier are stored in the key management system in a one-to-one correspondence manner, and the first key identifier is determined based on the first server identifier and the first access right; combining the encrypted sensitive data and the first key identification into a first ciphertext string; and sending the first ciphertext string to the first business server together with the non-sensitive data in the data to be entered for storage in a first database associated with the first business server.
According to a second aspect of the present disclosure, there is provided a computing device comprising: at least one processor; and a memory communicatively coupled to the at least one processor; the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of the first aspect of the disclosure.
In a third aspect of the present disclosure, a non-transitory computer readable storage medium is provided having stored thereon computer instructions for causing a computer to perform the method of the first aspect of the present disclosure.
In some embodiments, the first access right is sent to the first user by the first service server after the authentication of the first user is passed.
In some embodiments, the method further comprises: acquiring a second request which is sent to the first service server by a second user through client equipment and is used for accessing the sensitive data on the first service server, wherein the second request comprises the first server identification, and the second user has a second access right to the first service server; determining whether the second user has access to the sensitive data based on the second access permission; in response to determining that the second user has access to the sensitive data, obtaining the first ciphertext string associated with the sensitive data from the first business server; extracting the first key identification from the first ciphertext string; acquiring the first key based on the first key identification; decrypting the first ciphertext string using the first key to obtain the sensitive data; and sending the sensitive data to the second user for display on the client device.
In some embodiments, the method further comprises: obtaining a third request sent by a third user to a second service server via a client device to access the sensitive data on the first service server, wherein the third request comprises a second server identifier of the second service server, and the third user has a third access right to the second service server; determining whether the third user has access to the sensitive data based on the third access permission; in response to determining that the third user has access to the sensitive data, obtaining the first ciphertext string associated with the sensitive data from the first business server; extracting the first key identification from the first ciphertext string; sending the first key identification to the key management system so as to acquire the first key from the key management system; decrypting the first ciphertext string using the first key to obtain the sensitive data; and obtaining a second key associated with the second traffic server to encrypt the sensitive data.
In some embodiments, obtaining a second key associated with the second traffic server to encrypt the sensitive data comprises: acquiring the second key from the key management system based on the second server identifier and the third access right, wherein the second key and the second key identifier are stored in the key management system in a one-to-one correspondence manner, and the second key identifier is generated based on the second server identifier and the third access right; encrypting the sensitive data by using the second key; combining the encrypted sensitive data and the second key identification into a second ciphertext string; and sending a second ciphertext string to the second service server for storage in a second database associated with the second service server.
In some embodiments, the first key is generated by the key management system according to the corresponding access right when the first service server registers the first server identification with the key management system.
In some embodiments, the second key is generated by the key management system according to the corresponding access right when the second service server registers the second server identification with the key management system.
In some embodiments, the sensitive data includes at least one of a cell phone number of the first user, an identification number of the first user, a social security card number of the first user.
In some embodiments, the method further comprises: if the sensitive data comprises the mobile phone number of the first user, encrypting the mobile phone number by using a preset encryption algorithm before encrypting the sensitive data based on the first secret key.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. In the drawings, like or similar reference characters designate like or similar elements.
Fig. 1 shows a schematic diagram of a system 100 for implementing a method for encrypting and decrypting sensitive data according to an embodiment of the invention.
Fig. 2 shows a schematic diagram of an application gateway 200 according to an embodiment of the present disclosure.
Fig. 3 shows a flow diagram of a method 300 for encrypting and decrypting sensitive data according to an embodiment of the present disclosure.
Fig. 4 shows a schematic diagram of a method 400 for authorized transcryption of sensitive data, in accordance with an embodiment of the present disclosure.
Fig. 5 shows a block diagram of an electronic device 500 according to an embodiment of the disclosure.
Detailed Description
Exemplary embodiments of the present disclosure are described below with reference to the accompanying drawings, in which various details of the embodiments of the disclosure are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
The term "include" and variations thereof as used herein is meant to be inclusive in an open-ended manner, i.e., "including but not limited to". Unless specifically stated otherwise, the term "or" means "and/or". The term "based on" means "based at least in part on". The terms "one example embodiment" and "one embodiment" mean "at least one example embodiment". The term "another embodiment" means "at least one additional embodiment". The terms "first," "second," and the like may refer to different or the same object. Other explicit and implicit definitions are also possible below.
As described above, at present, in order to protect sensitive data, the sensitive data is generally encrypted and stored using an algorithm such as MD5, or full link encryption from collection, exchange to storage process using a Key Management System (KMS). However, the method for encrypting sensitive data by using the MD5 algorithm is too simple and is easy to risk being collided with a library, so that the encryption method is not reliable. The full link encryption of sensitive data by using a Key Management System (KMS) can ensure that data transmitted in each downstream business system is ciphertext data, but the method has the risks of high business transformation cost, high encryption and decryption calculation pressure, non-compliance in the encryption and decryption process and the like.
To address at least in part one or more of the above issues and other potential issues, an example embodiment of the present disclosure proposes a method for encrypting and decrypting sensitive data, comprising: at an application gateway, acquiring a first request which is sent by a first user to a first service server via a client device and is used for inputting data to be input into the first service server, wherein the first request comprises a first server identification of the first service server, and the first user has a first access right to the first service server; analyzing the data to be input to determine whether the data to be input comprises sensitive data; in response to determining that the data to be entered includes sensitive data, acquiring a first key from a key management system based on the first server identifier and the first access right so as to encrypt the sensitive data based on the first key, wherein the first key and a first key identifier are stored in the key management system in a one-to-one correspondence manner, and the first key identifier is determined based on the first server identifier and the first access right; combining the encrypted sensitive data and the first key identification into a first ciphertext string; and sending the first ciphertext string to the first business server together with the non-sensitive data in the data to be entered for storage in a first database associated with the first business server. In this way, it is made possible to effectively ensure the security and availability of sensitive data without the risk of non-compliance, and the amount of computation of the encryption and decryption processes can be reduced, thereby contributing to an improvement in the efficiency of encrypting and decrypting sensitive data.
Fig. 1 shows a schematic diagram of a system 100 for implementing a method for encrypting and decrypting sensitive data according to an embodiment of the invention. As shown in fig. 1, the system 100 includes a plurality of client devices 110-1 through 110-3 (hereinafter collectively referred to as 110), an application gateway 120, a key management system 130, a plurality of business servers (e.g., a first business server 140-1 and a second business server 140-2, hereinafter collectively referred to as 130), and a plurality of databases (e.g., a first database 150-1 associated with the first business server 140-1 and a second database 150-2 associated with the second business server 140-2, hereinafter collectively referred to as 150). It should be appreciated that although the system 100 is shown in FIG. 1 as including three client devices 110-1 through 110-3, the system 100 may include more or fewer client devices. Also, while FIG. 1 shows the system 100 as including two business servers 140-1, 140-2 and, accordingly, two databases 150-1, 150-2, the system 100 may include only one business server and one database, or may include three or more business servers and three or more databases. Additionally, although the databases 150-1 and 150-2 are shown in FIG. 1 as separate parts from the first and second service servers 140-1 and 140-2, respectively, the databases 150-1 and 150-2 may also be part of the first and second service servers 140-1 and 140-2, respectively.
In the present disclosure, the client device 110 has a client application installed thereon so that a user can request a particular service from the service server 140 via the client device 110, such as a request to enter data to be entered into the service server 140, or to send a request to the service server to access data thereon, or the like. Client device 110 may be implemented by a desktop computer, laptop computer, platform computer, smart phone, and the like.
The service server 140 is used for providing required services for the client devices, and can manage and maintain data entered by different users. In some embodiments, the business server 140 may be a medical business system, and thus its users may be, for example, doctors, patients, or other users, with users in different roles having different access rights to the respective business servers, and thus access rights may be represented in this disclosure by the role of the user and whether it is an authenticated user of the business system. In some embodiments, the second service server 104-2 may be a downstream service server of the first service server 140-1, whereby the service data managed and maintained by the first service server 140-1, including sensitive data therein, may be invoked via the second service server 104-2.
The application gateway 120 is an inter-network device that operates between the client device 110 and the service server 140, and all communications between the client device 110 and the service server 140 pass through the application gateway first. In the present disclosure, the application gateway 120 is mainly used to provide services for encrypting and decrypting sensitive data for the client device 110 and the service server 140. For example, the application gateway 120 may use OpenResty in the API gateway and implement the process of encrypting and decrypting sensitive data (e.g., personal privacy data) by calling the key management system 130. Therefore, in the present disclosure, the application gateway 120 may perform encryption and isolation between the client device and the service server, and encrypt various sensitive data, so that neither the service server nor the client device can obtain a key to decrypt the sensitive data, but still ensure that the service server can normally use other service data to perform related service processing. In the present disclosure, the sensitive data may include at least one of a cell phone number of the user, an identification number of the user, a social security card number of the user, and the like.
The database 150 is used to store various service data for the service server 140, including various data entered by the user via the client device, such as encrypted sensitive data and the like.
The key management system 130 may be used to generate a plurality of keys for each of the business servers 140 with which the server identification has been registered, wherein each key of the business server 140 is associated with an access right. Each key is stored in the key management system 130 in a one-to-one correspondence with a corresponding key identifier, and each key identifier is determined based on the server identifier of the corresponding service server and the corresponding access right, for example, is formed by combining the server identifier of the corresponding service server and the corresponding access right. Since the key identification is determined based on the server identification of the corresponding service server, the key management system 130 can recognize to which service server the corresponding ciphertext belongs, by the key identification. In addition, since the key identifier is generated based on the corresponding access right, any user cannot obtain the corresponding decryption result when making a decryption request to the key management system 130 through the service server, and only the user who has obtained the corresponding access right (for example, the user who has passed the authentication of the service server and obtained the corresponding authentication code) can also make a decryption request to the key management system 130, thereby implementing the process of encryption conversion. The method not only ensures the compliance of the data, but also ensures the availability of the data. In case the service server is a medical service server, the access rights may include, for example, access rights associated with a doctor, access rights associated with a patient, and unauthorized access rights, etc. In addition, the key management system 130 may interact with the application gateway 120 to query or retrieve the corresponding key based on information provided by the application gateway. The key management system 130 may include an associated database for storing keys associated with the various business servers.
In some embodiments, as shown in fig. 3, the application gateway 120 may have a corresponding proxy portion installed at each traffic server for caching the respective keys associated with that traffic server. Each key may be cached in the proxy portion in a one-to-one correspondence with a corresponding key identification. This allows the corresponding proxy portion to be invoked directly locally when the service is using the data, without having to re-access the key management system 130, thereby further reducing the amount of computation required for encryption and decryption.
In the present disclosure, the client device 110, the application gateway 120, and the business server 140 may each be implemented by a computing device 200 as shown in fig. 2.
As shown in fig. 2, the computing device 200 may include at least one processor 212 and at least one memory 214 coupled with the at least one processor 212, the memory 214 having stored therein instructions 216 executable by the at least one processor 212, the instructions 216 when executed by the at least one processor 212 performing the methods 300 and 400 as described below. The specific structure of computing device 110 may be described, for example, as follows in connection with FIG. 5.
Fig. 3 shows a flow diagram of a method 300 for encrypting and decrypting sensitive data according to an embodiment of the present disclosure. The method 300 may be performed by an application gateway 120 as shown in fig. 1, the application gateway 120 may be implemented by a computing device 200 as shown in fig. 2, or may be implemented by an electronic device 500 as shown in fig. 5. It should be understood that method 300 may also include additional blocks not shown and/or may omit blocks shown, as the scope of the disclosure is not limited in this respect.
At step 302, at an application gateway (e.g., application gateway 120 as shown in FIG. 1), a first request sent by a first user via a client device (e.g., any one of client devices 110-1, 110-2, or 110-3 as shown in FIG. 1) to a first business server (e.g., any one of first business server 140-1 and second business server 140-2 as shown in FIG. 1) to enter data to be entered into the first business server is obtained. The first request may include a first server identification of the first service server and the first user has first access to the first service server.
Since the application gateway is an intermediate device between the client device and the service server, all communications between the client device and the service server pass through the application gateway first, that is, the application gateway can acquire communications between the client device and the service server in advance. Therefore, when a first user sends a first request for inputting data to be input into the first service server to the first service server via the client device, the application gateway may first obtain the first request, so that before the first request reaches the first service server, sensitive data in the first request may be correspondingly encrypted, so as to achieve an effect of better protecting the sensitive data.
In the present disclosure, the first service server may register its own server identification with the key management system 130 in advance, so that the key management system 130 generates a plurality of keys for the first service server in advance, where each key is associated with a different access right. Each generated key may be stored in the key management system 130 in a one-to-one correspondence with a corresponding key identification, where each key identification may be generated from, e.g., a combination of, a server identification of the first service server and a corresponding access right. Thus, each key of the first service server may be used to access different data on the first service server depending on the access rights associated therewith. For example, a first business server's key corresponding to a patient may only be used to access the patient's own entered data, while a first business server's key corresponding to a doctor may be used to access all user entered data on the first business server.
Thus, the first key mentioned in step 302 may be generated by the key management system according to the corresponding access rights when the first service server registers the first server identification with the key management system.
In the disclosure, the first user has a first access right to the first service server, and the first access right can be sent to the first user by the first service server after the first user passes the authentication. For example, when the first user sends an account and a password to the first service server via the client device to log on to the first service server, the first service server may send a corresponding verification code (e.g., a short message verification code) and an identification of a user role to the first user, and in this disclosure, the combination of the verification code and the identification may be used to indicate the access right of the first user to the first service server.
In step 304, the application gateway parses the data to be logged to determine whether the data to be logged includes sensitive data.
The sensitive data may include at least one of a cell phone number of the first user, an identification number of the first user, a social security card number of the first user.
In step 306, in response to determining that the data to be entered includes sensitive data, a first key is obtained from the key management system based on the first server identifier and the first access right, so as to encrypt the sensitive data based on the first key, the first key and the first key identifier are stored in the key management system in a one-to-one correspondence, and the first key identifier is determined based on the first server identifier and the first access right.
In the disclosure, in response to determining that the data to be entered includes sensitive data, the application gateway sends the first server identifier and the first access right to the key management system, and after receiving the first server identifier and the first access right, the key management system generates a corresponding first key identifier based on the first server identifier and the first access right, and finds a corresponding first key based on the first key identifier, because the first key is stored in the key management system in a one-to-one correspondence with the first key identifier.
In some embodiments, if the sensitive data includes the first user's cell phone number, the cell phone number may also be encrypted using a predetermined encryption algorithm (e.g., AES512 algorithm) prior to encrypting the sensitive data based on the first key. In some embodiments, the mobile phone number may be further processed, for example, the mobile phone number encrypted by using a predetermined encryption algorithm may be further processed by using the SHA256 algorithm to obtain corresponding HMAC (hash-information identification code) information, so as to facilitate indexing. In the disclosure, by obtaining HMAC information, when a ciphertext string corresponding to the mobile phone number needs to be accessed, the ciphertext string can be quickly queried from a corresponding database by means of the information. For example, the ciphertext strings may be stored in the first database in step 310 in a one-to-one correspondence with corresponding HMAC information to enable easy querying when invoked.
In the present disclosure, in response to determining that sensitive data is not included in the data to be entered, the data to be entered is directly sent to the first business server for storage in a first database associated with the first business server.
At step 308, the encrypted sensitive data and the first key identification are combined into a first ciphertext string.
For example, a first key identification may be appended to the encrypted sensitive data to form a corresponding first ciphertext string.
At step 310, the first ciphertext string is sent to the first business server with the non-sensitive data in the data to be entered for storage in a first database associated with the first business server.
Sensitive data in the data to be entered are encrypted through the application gateway and then stored in the first database of the first service server, so that the sensitive data cannot be directly accessed by a user of the first service server, and can be accessed by a user with corresponding access right after being decrypted through the application gateway.
The following describes a process in which, when a user of the first service server needs to access sensitive data stored thereon, the application gateway decrypts a corresponding ciphertext string to provide plaintext of the sensitive data.
Firstly, the application gateway obtains a second request which is sent by a second user to a first service server through a client device and is used for accessing sensitive data on the first service server, wherein the second request comprises a first server identification, the second user has a second access right to the first service server, and the second access right is sent to the second user by the first service server after the second user passes identity verification. In the present disclosure, the second user may be the same user as the first user or may be a different user. In addition, since the application gateway is an intermediate device between the client device and the service server, the second request can be obtained by the application gateway before reaching the first service server. The application gateway then determines whether the second user has access to the sensitive data based on the second access rights. In response to determining that the second user has access to the sensitive data, a first ciphertext string associated with the sensitive data is obtained from the first business server. In the present disclosure, only users with certain rights may access the ciphertext string on the corresponding service server. The first service server may, for example, query and obtain the corresponding first ciphertext string from its first database according to the corresponding HMAC information, and then send the first ciphertext string to the application gateway for subsequent processing. After the application gateway acquires the first ciphertext string, a first key identifier is extracted from the first ciphertext string. Based on the first key identification, a first key may be obtained, and then the first ciphertext string may be decrypted using the first key to obtain sensitive data. In some embodiments, the first key may be obtained by the application gateway from the key management system and the first ciphertext string may be decrypted using the first key. In other embodiments, if the application gateway installs a corresponding proxy portion at the first service server for caching the keys of the first service server, the first key may be directly obtained from the proxy portion, and the first ciphertext string may be decrypted by using the first key. Upon obtaining the sensitive data, the sensitive data may be sent to a second user for display on the client device.
According to the method, the encryption and decryption processes of the sensitive data are executed at the application gateway, so that the effects of encryption and isolation are achieved between the client equipment and the service server, the service server and the client equipment cannot obtain corresponding keys to decrypt the sensitive data, the possibility that the sensitive data are leaked is reduced, and the safety of the sensitive data can be better ensured.
Fig. 4 shows a flow diagram illustrating a method 400 for authorized transcryption of sensitive data according to an embodiment of the present disclosure. The method 400 may be performed by an application gateway 120 as shown in fig. 1, the application gateway 120 may be implemented by a computing device 200 as shown in fig. 2, or may be implemented by an electronic device 500 as shown in fig. 5. It should be understood that method 400 may also include additional blocks not shown and/or may omit blocks shown, as the scope of the disclosure is not limited in this respect.
In the present disclosure, authorization-to-encryption refers to a process of authorizing sensitive data recorded on a certain service server (e.g., an upstream service server) to other service servers (e.g., downstream service servers) for access and invocation. In the disclosure, in the process of authorization to transfer encryption, a corresponding key is obtained based on a key identifier in a ciphertext string associated with sensitive data on an upstream service server, the ciphertext string is decrypted by using the key to obtain sensitive data to be called by a downstream service server, the corresponding sensitive data is encrypted by using the key associated with the downstream service server, and a new ciphertext string is formed by using the corresponding key identifier and the encrypted sensitive data and stored on the downstream server, so that the time efficiency of decryption processing can be greatly improved, and meanwhile, in the process of tracing, the circulation process of the sensitive data can be clearly found, so that a leaked service source can be positioned when the sensitive data are leaked.
Specifically, in step 402, the application gateway 120 obtains a third request sent by a third user to the second service server via the client device to access the sensitive data on the first service server, the third request including the second server identification of the second service server, and the third user having a third access right to the second service server. In the present disclosure, the third access right is sent to the third user by the second service server after the authentication of the third user is passed.
In the present disclosure, the third user may be the same user as the first user or the second user, or may be a different user. In addition, the first traffic server may be an upstream traffic server and the second traffic server may be a downstream traffic server.
In addition, since the application gateway is an intermediate device between the client device and the service server, the third request can be obtained by the application gateway before reaching the first service server, so that the application gateway can extract various identifiers in the third request, so as to perform corresponding decryption processing on the sensitive data.
At step 404, the application gateway 120 determines whether the third user has access to the sensitive data based on the third access rights.
At step 406, in response to determining that the third user has access to the sensitive data, the application gateway 120 obtains a first ciphertext string associated with the sensitive data from the first business server.
In the present disclosure, only users with certain access rights can access sensitive data on the business server. Therefore, before obtaining the corresponding key, the application gateway 120 needs to first determine whether the user requiring access has the corresponding access right. For example, in the case where the first service server is an upstream service server and the second service server is a downstream service server, and both servers are associated with a healthcare service system, the doctor has access to both sensitive data in the upstream service server and sensitive data in the downstream service server.
The application gateway may query and retrieve the corresponding first ciphertext string from the first database of the first service server, e.g., based on the corresponding HMAC information.
At step 408, a first key identification is extracted from the first ciphertext string.
At step 410, the first key identification is sent to the key management system to obtain the first key from the key management system.
At step 412, the first ciphertext string is decrypted using the first key to obtain the sensitive data.
At step 414, a second key associated with the second traffic server is obtained to encrypt the sensitive data. After step 414 is completed, the authorization to transcrypt sensitive data is performed, thereby greatly improving the decryption processing time required for accessing the sensitive data through the second service server.
In the present disclosure, a method of obtaining a second key associated with a second traffic server to encrypt sensitive data may include the following steps.
First, a second key is obtained from the key management system based on a second server identifier and a third access right, the second key and the second key identifier are stored in the key management system in a one-to-one correspondence manner, and the second key identifier is generated based on the second server identifier and the third access right.
In this disclosure, before obtaining the second key from the key management system based on the second server identifier and the third access right, the second server identifier may be further sent to the key management system for authentication to determine whether the second service server has registered the second server identifier with the key management system. If the second service server has not registered a second server identification with the key management system, the second service server may be notified to register its second server identification with the key management system 130 so that the key management system generates a plurality of keys for the second service server, each key of the second service server being associated with an access right. Each key of the second service server is stored in the key management system 130 in a one-to-one correspondence with the corresponding key identifier, and each key identifier is determined based on the server identifier of the second service server and the corresponding access right, for example, by combining the server identifier of the corresponding service server and the corresponding access right.
In this disclosure, if it is determined that the second service server has registered the second server identifier with the key management system, when the key management system receives the second server identifier and the third access right from the second service server, the corresponding second key may be found for the second service server based on the second server identifier and the third access right.
The encryption gateway, after receiving the second key, may encrypt the sensitive data using the second key. After encrypting the sensitive data, the encrypted sensitive data and the second key identification may be combined into a second ciphertext string. The second ciphertext string is then transmitted to a second service server for storage in a second database associated with the second service server.
In the process of calling sensitive data (such as personal privacy data) from a business server, the calculation amount of inquiring and processing the personal privacy data is often larger than the data amount of creating the personal privacy data, so the method solves the problem of inquiring the private key and the calculation amount of decryption in the decryption process, and because an authorization encryption-to-encryption mode is adopted when downstream business acquires ciphertext data, the decryption processing timeliness is greatly improved, and meanwhile, in the traceability process, the circulation process of the personal privacy data can be clearly found, and the business source is positioned to be revealed.
FIG. 5 illustrates a schematic block diagram of an example electronic device 500 that can be used to implement embodiments of the present disclosure. For example, both the application gateway 120 as shown in FIG. 1 and the computing device 200 as shown in FIG. 2 may be implemented by the electronic device 500. As shown, electronic device 500 includes a Central Processing Unit (CPU) 501 that may perform various appropriate actions and processes according to computer program instructions stored in a Read Only Memory (ROM) 502 or loaded from a storage unit 508 into a Random Access Memory (RAM) 503. In the random access memory 503, various programs and data necessary for the operation of the electronic apparatus 500 can also be stored. The central processing unit 501, the read only memory 502 and the random access memory 503 are connected to each other by a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
A plurality of components in the electronic device 500 are connected to the input/output interface 505, including: an input unit 506 such as various buttons and the like; an output unit 507 such as various types of indicators, speakers, and the like; a storage unit 508, such as a magnetic disk, optical disk, or the like; and a communication unit 509 such as a network card, modem, wireless communication transceiver, etc. The communication unit 509 allows the device 500 to exchange information/data with other devices through a computer network such as the internet and/or various telecommunication networks.
The various processes and processes described above, such as methods 300 and 400, may be performed by the central processing unit 501. For example, in some embodiments, methods 300 and 400 may be implemented as a computer software program tangibly embodied in a machine-readable medium, such as storage unit 508. In some embodiments, part or all of the computer program may be loaded and/or installed onto the device 500 via the read only memory 502 and/or the communication unit 509. When the computer program is loaded into the random access memory 503 and executed by the central processing unit 501, one or more of the actions of the methods 300 and 400 described above may be performed.
The present disclosure relates to methods, apparatuses, systems, electronic devices, computer-readable storage media and/or computer program products. The computer program product may include computer-readable program instructions for performing various aspects of the present disclosure.
The computer readable storage medium may be a tangible device that can hold and store the instructions for use by the instruction execution device. The computer readable storage medium may be, for example, but not limited to, an electronic memory device, a magnetic memory device, an optical memory device, an electromagnetic memory device, a semiconductor memory device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a Static Random Access Memory (SRAM), a portable compact disc read-only memory (CD-ROM), a Digital Versatile Disc (DVD), a memory stick, a floppy disk, a mechanical coding device, such as punch cards or in-groove projection structures having instructions stored thereon, and any suitable combination of the foregoing. Computer-readable storage media as used herein is not to be construed as transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission medium (e.g., optical pulses through a fiber optic cable), or electrical signals transmitted through electrical wires.
The computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to a respective computing/processing device, or to an external computer or external storage device via a network, such as the internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, gateway computers and/or edge computing devices. The network adapter card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in a computer-readable storage medium in the respective computing/processing device.
The computer program instructions for carrying out operations of the present disclosure may be assembler instructions, Instruction Set Architecture (ISA) instructions, machine-related instructions, microcode, firmware instructions, state setting data, or source or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer-readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider). In some embodiments, the electronic circuitry that can execute the computer-readable program instructions implements aspects of the present disclosure by utilizing the state information of the computer-readable program instructions to personalize the electronic circuitry, such as a programmable logic circuit, a Field Programmable Gate Array (FPGA), or a Programmable Logic Array (PLA).
Various aspects of the present disclosure are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.
These computer-readable program instructions may be provided to a processing unit of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processing unit of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer-readable program instructions may also be stored in a computer-readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer-readable medium storing the instructions comprises an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Having described embodiments of the present disclosure, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the disclosed embodiments. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen in order to best explain the principles of the embodiments, the practical application, or improvements made to the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

Claims (11)

1. A method for encrypting and decrypting sensitive data, comprising:
at an application gateway, acquiring a first request which is sent by a first user to a first service server via a client device and is used for inputting data to be input into the first service server, wherein the first request comprises a first server identification of the first service server, and the first user has a first access right to the first service server;
analyzing the data to be input to determine whether the data to be input comprises sensitive data;
in response to determining that the data to be entered includes sensitive data, acquiring a first key from a key management system based on the first server identifier and the first access right so as to encrypt the sensitive data based on the first key, wherein the first key and a first key identifier are stored in the key management system in a one-to-one correspondence manner, and the first key identifier is determined based on the first server identifier and the first access right;
combining the encrypted sensitive data and the first key identification into a first ciphertext string; and
sending the first ciphertext string to the first business server with the non-sensitive data in the data to be entered for storage in a first database associated with the first business server.
2. The method of claim 1, wherein the first access right is sent to the first user by the first service server after authentication of the first user.
3. The method of claim 1, further comprising:
acquiring a second request which is sent to the first service server by a second user through client equipment and is used for accessing the sensitive data on the first service server, wherein the second request comprises the first server identification, and the second user has a second access right to the first service server;
determining whether the second user has access to the sensitive data based on the second access permission;
in response to determining that the second user has access to the sensitive data, obtaining the first ciphertext string associated with the sensitive data from the first business server;
extracting the first key identification from the first ciphertext string;
acquiring the first key based on the first key identification;
decrypting the first ciphertext string using the first key to obtain the sensitive data; and
sending the sensitive data to the second user for display on the client device.
4. The method of claim 1, further comprising:
obtaining a third request sent by a third user to a second service server via a client device to access the sensitive data on the first service server, wherein the third request comprises a second server identifier of the second service server, and the third user has a third access right to the second service server;
determining whether the third user has access to the sensitive data based on the third access permission;
in response to determining that the third user has access to the sensitive data, obtaining the first ciphertext string associated with the sensitive data from the first business server;
extracting the first key identification from the first ciphertext string;
sending the first key identification to the key management system so as to acquire the first key from the key management system;
decrypting the first ciphertext string using the first key to obtain the sensitive data; and
and acquiring a second key associated with the second service server based on the second server identification and the third access right so as to encrypt the sensitive data.
5. The method of claim 4, wherein obtaining a second key associated with the second traffic server based on the second server identification and the third access right to encrypt the sensitive data comprises:
acquiring the second key from the key management system based on the second server identifier and the third access right, wherein the second key and the second key identifier are stored in the key management system in a one-to-one correspondence manner, and the second key identifier is generated based on the second server identifier and the third access right;
encrypting the sensitive data by using the second key;
combining the encrypted sensitive data and the second key identification into a second ciphertext string; and
sending a second ciphertext string to the second service server for storage in a second database associated with the second service server.
6. The method of claim 1, wherein the first key is generated by the key management system according to the corresponding access rights when the first service server registers the first server identification with the key management system.
7. The method of claim 5, wherein the second key is generated by the key management system according to the corresponding access rights when the second service server registers the second server identification with the key management system.
8. The method of claim 1, wherein the sensitive data comprises at least one of a cell phone number of the first user, an identification number of the first user, a social security card number of the first user.
9. The method of claim 8, further comprising:
if the sensitive data comprises the mobile phone number of the first user, encrypting the mobile phone number by using a preset encryption algorithm before encrypting the sensitive data based on the first secret key.
10. A computing device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor;
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-9.
11. A non-transitory computer readable storage medium having stored thereon computer instructions for causing a computer to perform the method of any one of claims 1-9.
CN202111449142.2A 2021-12-01 2021-12-01 Method, apparatus and medium for encrypting and decrypting sensitive data Active CN113849847B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111449142.2A CN113849847B (en) 2021-12-01 2021-12-01 Method, apparatus and medium for encrypting and decrypting sensitive data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111449142.2A CN113849847B (en) 2021-12-01 2021-12-01 Method, apparatus and medium for encrypting and decrypting sensitive data

Publications (2)

Publication Number Publication Date
CN113849847A true CN113849847A (en) 2021-12-28
CN113849847B CN113849847B (en) 2022-03-08

Family

ID=78982604

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111449142.2A Active CN113849847B (en) 2021-12-01 2021-12-01 Method, apparatus and medium for encrypting and decrypting sensitive data

Country Status (1)

Country Link
CN (1) CN113849847B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114726596A (en) * 2022-03-25 2022-07-08 北京沃东天骏信息技术有限公司 Sensitive data processing method and device
CN114785618A (en) * 2022-06-16 2022-07-22 广州万协通信息技术有限公司 Data communication method and system based on adjacent node secondary authentication
CN114793172A (en) * 2022-04-15 2022-07-26 广东迅数智联科技有限公司 Private letter processing method and system
CN114826729A (en) * 2022-04-22 2022-07-29 马上消费金融股份有限公司 Data processing method, page updating method and related hardware
CN114826612A (en) * 2022-04-20 2022-07-29 微位(深圳)网络科技有限公司 Data interaction method, device, equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110055563A1 (en) * 2005-03-16 2011-03-03 International Business Machines Corporation Encryption of security-sensitive data by re-using a connection
CN103248476A (en) * 2013-05-02 2013-08-14 华为数字技术(苏州)有限公司 Data encryption key management method, system and terminal
US9203815B1 (en) * 2013-11-27 2015-12-01 Symantec Corporation Systems and methods for secure third-party data storage
CN107786328A (en) * 2017-09-01 2018-03-09 深圳市金立通信设备有限公司 A kind of method, service node device and computer-readable medium for generating key
CN111104691A (en) * 2019-11-28 2020-05-05 贝壳技术有限公司 Sensitive information processing method and device, storage medium and equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110055563A1 (en) * 2005-03-16 2011-03-03 International Business Machines Corporation Encryption of security-sensitive data by re-using a connection
CN103248476A (en) * 2013-05-02 2013-08-14 华为数字技术(苏州)有限公司 Data encryption key management method, system and terminal
US9203815B1 (en) * 2013-11-27 2015-12-01 Symantec Corporation Systems and methods for secure third-party data storage
CN107786328A (en) * 2017-09-01 2018-03-09 深圳市金立通信设备有限公司 A kind of method, service node device and computer-readable medium for generating key
CN111104691A (en) * 2019-11-28 2020-05-05 贝壳技术有限公司 Sensitive information processing method and device, storage medium and equipment

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114726596A (en) * 2022-03-25 2022-07-08 北京沃东天骏信息技术有限公司 Sensitive data processing method and device
CN114793172A (en) * 2022-04-15 2022-07-26 广东迅数智联科技有限公司 Private letter processing method and system
CN114826612A (en) * 2022-04-20 2022-07-29 微位(深圳)网络科技有限公司 Data interaction method, device, equipment and storage medium
CN114826612B (en) * 2022-04-20 2024-01-30 微位(深圳)网络科技有限公司 Data interaction method, device, equipment and storage medium
CN114826729A (en) * 2022-04-22 2022-07-29 马上消费金融股份有限公司 Data processing method, page updating method and related hardware
CN114826729B (en) * 2022-04-22 2024-05-28 马上消费金融股份有限公司 Data processing method, page updating method and related hardware
CN114785618A (en) * 2022-06-16 2022-07-22 广州万协通信息技术有限公司 Data communication method and system based on adjacent node secondary authentication
CN114785618B (en) * 2022-06-16 2022-08-30 广州万协通信息技术有限公司 Data communication method and system based on adjacent node secondary authentication

Also Published As

Publication number Publication date
CN113849847B (en) 2022-03-08

Similar Documents

Publication Publication Date Title
CN113849847B (en) Method, apparatus and medium for encrypting and decrypting sensitive data
CN111783075B (en) Authority management method, device and medium based on secret key and electronic equipment
JP6479758B2 (en) Establishing reliability between applications on a computer
US8059818B2 (en) Accessing protected data on network storage from multiple devices
CN108566381A (en) A kind of security upgrading method, device, server, equipment and medium
US8495383B2 (en) Method for the secure storing of program state data in an electronic device
US10594479B2 (en) Method for managing smart home environment, method for joining smart home environment and method for connecting communication session with smart device
CN104618096B (en) Protect method, equipment and the TPM key administrative center of key authorization data
EP2973183A1 (en) Intra-computer protected communications between applications
US11626976B2 (en) Information processing system, information processing device, information processing method and information processing program
CN107920081A (en) Login authentication method and device
CN110708291B (en) Data authorization access method, device, medium and electronic equipment in distributed network
US11288381B2 (en) Calculation device, calculation method, calculation program and calculation system
CN107920060A (en) Data access method and device based on account
WO2021170049A1 (en) Method and apparatus for recording access behavior
CN113434882A (en) Communication protection method and device of application program, computer equipment and storage medium
CN114584299B (en) Data processing method, device, electronic equipment and storage medium
CN114553566B (en) Data encryption method, device, equipment and storage medium
CN113672973B (en) Database system of embedded device based on RISC-V architecture of trusted execution environment
WO2022199796A1 (en) Method and computer-based system for key management
CN112565156A (en) Information registration method, device and system
US11340801B2 (en) Data protection method and electronic device implementing data protection method
Marpaung et al. Security and Privacy Issues in Cloud-Based Databases: A Literature Review
Hlushko Privacy Monitor
Melnyk et al. Protection of data transmission in remote monitoring tools by anonymization.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant