CN116170177A - Data security processing method, device, equipment and storage medium - Google Patents

Data security processing method, device, equipment and storage medium Download PDF

Info

Publication number
CN116170177A
CN116170177A CN202211643266.9A CN202211643266A CN116170177A CN 116170177 A CN116170177 A CN 116170177A CN 202211643266 A CN202211643266 A CN 202211643266A CN 116170177 A CN116170177 A CN 116170177A
Authority
CN
China
Prior art keywords
target
encryption
identifier
data
return
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211643266.9A
Other languages
Chinese (zh)
Inventor
李良斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing SoundAI Technology Co Ltd
Original Assignee
Beijing SoundAI Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing SoundAI Technology Co Ltd filed Critical Beijing SoundAI Technology Co Ltd
Priority to CN202211643266.9A priority Critical patent/CN116170177A/en
Publication of CN116170177A publication Critical patent/CN116170177A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Abstract

The present disclosure relates to a data security processing method, apparatus, device, and storage medium. According to the embodiment of the disclosure, a data decryption request sent by a user terminal is received, wherein the data decryption request comprises a target ciphertext for requesting decryption and a target encryption identifier; determining a target encryption algorithm corresponding to the target encryption algorithm identifier based on the target encryption algorithm identifier, and determining a target key corresponding to the target key identifier based on the target key identifier; and decrypting the target ciphertext based on the target encryption and decryption algorithm and the target key to obtain a plaintext corresponding to the target ciphertext, and directly acquiring the required encryption and decryption algorithm and key from the encryption and decryption algorithm corresponding to the preset encryption and decryption algorithm identifier and the key corresponding to the key identifier when the data is required to be decrypted, so that the automatic decryption of the data is realized, the writing quantity of related codes is greatly reduced, and the accuracy of data decryption and the safety of the data are improved.

Description

Data security processing method, device, equipment and storage medium
Technical Field
The disclosure relates to the technical field of data security, and in particular relates to a data security processing method, a device, equipment and a storage medium.
Background
With rapid development of internet technology, more and more data are transmitted in a network, and in order to protect the security of the data, encryption and decryption transmission of the data becomes more and more important.
In the related art, in order to decrypt data, in the process of project development and maintenance, a developer is required to write a large amount of related codes in each functional interface needing to decrypt the data to realize the data decryption function, so as to maintain the data security, and if different types of decryption modes need to be replaced, the related codes need to be rewritten to realize the change of the decryption modes, so that the automatic decryption of the data cannot be realized.
Disclosure of Invention
In order to solve the technical problem that the data cannot be automatically decrypted, the disclosure provides a data security processing method, a device, equipment and a storage medium.
A first aspect of an embodiment of the present disclosure provides a data security processing method, including:
receiving a data decryption request sent by a user side, wherein the data decryption request comprises a target ciphertext requested to be decrypted and a target encryption identifier, and the target encryption identifier comprises a target encryption algorithm identifier corresponding to an encryption algorithm used by the target ciphertext and a target key identifier corresponding to a key used by the target ciphertext;
determining a target encryption algorithm corresponding to the target encryption algorithm identifier based on the target encryption algorithm identifier, and determining a target key corresponding to the target key identifier based on the target key identifier;
and decrypting the target ciphertext based on the target encryption and decryption algorithm and the target key to obtain a plaintext corresponding to the target ciphertext.
A second aspect of an embodiment of the present disclosure provides a data security processing apparatus, the apparatus comprising:
the first receiving module is used for receiving a data decryption request sent by a user side, wherein the data decryption request comprises a target ciphertext requested to be decrypted and a target encryption identifier, and the target encryption identifier comprises a target encryption algorithm identifier corresponding to an encryption algorithm used by the target ciphertext and a target key identifier corresponding to a key used by the target ciphertext;
the first determining module is used for determining a target encryption algorithm corresponding to the target encryption algorithm identifier based on the target encryption algorithm identifier and determining a target key corresponding to the target key identifier based on the target key identifier;
and the decryption module is used for decrypting the target ciphertext based on the target encryption and decryption algorithm and the target key to obtain a plaintext corresponding to the target ciphertext.
A third aspect of the embodiments of the present disclosure provides a computer apparatus, the apparatus including a memory and a processor, wherein the memory stores a computer program, and the data security processing method of the first aspect can be implemented when the computer program is executed by the processor.
A fourth aspect of the embodiments of the present disclosure provides a computer-readable storage medium in which a computer program is stored, which when executed by a processor, can implement the data security processing method of the first aspect.
Compared with the prior art, the technical scheme provided by the embodiment of the disclosure has the following advantages:
according to the embodiment of the disclosure, a data decryption request sent by a user terminal is received, wherein the data decryption request comprises a target ciphertext requested to be decrypted and a target encryption identifier, and the target encryption identifier comprises a target encryption algorithm identifier corresponding to an encryption algorithm used by the target ciphertext and a target key identifier corresponding to a key used by the target ciphertext; determining a target encryption algorithm corresponding to the target encryption algorithm identifier based on the target encryption algorithm identifier, and determining a target key corresponding to the target key identifier based on the target key identifier; and decrypting the target ciphertext based on the target encryption and decryption algorithm and the target key to obtain a plaintext corresponding to the target ciphertext, and directly acquiring the required encryption and decryption algorithm and key from the encryption and decryption algorithm corresponding to the preset encryption and decryption algorithm identifier and the key corresponding to the key identifier when the data is required to be decrypted, so that the automatic decryption of the data is realized, the writing quantity of related codes is greatly reduced, and the accuracy of data decryption and the safety of the data are improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the embodiments of the present disclosure or the solutions in the prior art, the drawings that are required for the description of the embodiments or the prior art will be briefly described below, and it will be obvious to those skilled in the art that other drawings can be obtained from these drawings without inventive effort.
FIG. 1 is a flow chart of a data security processing method provided by an embodiment of the present disclosure;
FIG. 2 is a flow chart of another data security processing method provided by an embodiment of the present disclosure;
FIG. 3 is a flow chart of yet another data security processing method provided by an embodiment of the present disclosure;
FIG. 4 is a flow chart of yet another data security processing method provided by an embodiment of the present disclosure;
FIG. 5 is a schematic diagram of a data security processing apparatus according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of a computer device according to an embodiment of the present disclosure.
Detailed Description
In order that the above objects, features and advantages of the present disclosure may be more clearly understood, a further description of aspects of the present disclosure will be provided below. It should be noted that, without conflict, the embodiments of the present disclosure and features in the embodiments may be combined with each other.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure, but the present disclosure may be practiced otherwise than as described herein; it will be apparent that the embodiments in the specification are only some, but not all, embodiments of the disclosure.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order and/or performed in parallel. Furthermore, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
It should be noted that in this document, relational terms such as "first" and "second" and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises an element.
It should be noted that references to "one", "a plurality" and "a plurality" in this disclosure are intended to be illustrative rather than limiting, and those of ordinary skill in the art will appreciate that "one or more" is intended to be understood as "one or more" unless the context clearly indicates otherwise.
With rapid development of internet technology, more and more data are transmitted in a network, and in order to protect the security of the data, encryption and decryption transmission of the data becomes more and more important.
In the related art, in order to encrypt and decrypt data, in the process of project development and maintenance, a developer is required to write a large amount of related codes in each functional interface which needs to encrypt and decrypt data to realize the encryption and decryption function of the data so as to maintain the data security, and if different types of encryption and decryption modes need to be replaced, the related codes need to be rewritten to realize the change of the encryption and decryption modes. The related technology cannot realize automatic encryption and decryption of data, needs to consume a large amount of development resources, has low development efficiency, is easy to leak after being written for many times, has poor safety, and cannot meet the requirement of efficient development of the current project.
Aiming at the defects of the related technology in the aspect of data encryption and decryption, the embodiment of the disclosure provides a data security processing method, a device, equipment and a storage medium, which can directly acquire the required encryption and decryption algorithm and key through the identification from the encryption and decryption algorithm corresponding to the preset encryption and decryption algorithm identification and the key corresponding to the key identification when the data is required to be decrypted, thereby realizing automatic decryption of the data, greatly reducing the writing quantity of related codes and improving the accuracy of data decryption and the security of the data.
The data security processing method provided by the embodiment of the present disclosure may be performed by a computer device, where the device may be understood as any device with processing capability and computing capability, and the device may include, but is not limited to, electronic devices such as a cloud server, a computer, and the like.
In order to better understand the inventive concepts of the embodiments of the present disclosure, the technical solutions of the embodiments of the present disclosure are described below in conjunction with exemplary embodiments.
Fig. 1 is a flowchart of a data security processing method provided in an embodiment of the present disclosure, as shown in fig. 1, the data security processing method provided in the embodiment may include steps 110 to 130:
step 110, receiving a data decryption request sent by a user terminal, wherein the data decryption request comprises a target ciphertext requested to be decrypted and a target encryption identifier, and the target encryption identifier comprises a target encryption algorithm identifier corresponding to an encryption algorithm used by the target ciphertext and a target key identifier corresponding to a key used by the target ciphertext.
In the embodiment of the disclosure, a data security processing functional framework is arranged in a computer device, the data security processing functional framework can be understood as a data processing functional module, the data security processing framework comprises a plurality of types of encryption and decryption algorithm identifications, encryption and decryption algorithms corresponding to the encryption and decryption algorithm identifications, a plurality of types of key identifications and keys corresponding to the key identifications, and the encryption and decryption algorithm identifications, the encryption and decryption algorithms corresponding to the encryption and decryption algorithm identifications, the key identifications and the keys corresponding to the key identifications in the data security processing functional framework can be constructed in advance according to requirements.
A user terminal in the embodiments of the present disclosure may be understood as any device having processing capability and computing capability, which may include, but is not limited to, mobile terminals such as smartphones, notebook computers, personal Digital Assistants (PDAs), tablet computers (PADs), portable Multimedia Players (PMPs), vehicle terminals (e.g., vehicle navigation terminals), wearable devices, etc., as well as stationary terminals such as digital TVs, desktop computers, smart home devices, etc.
The data decryption request in the embodiment of the present disclosure may be understood as a request for decrypting data, where the data decryption request may include a target ciphertext requested to be decrypted and a target encryption identifier, and the target encryption identifier may include a target encryption algorithm identifier corresponding to an encryption and decryption algorithm used by the target ciphertext and a target key identifier corresponding to a key used by the target ciphertext. Identification may be understood as data in the form of notes or strings or the like.
The encryption algorithm identifier may be understood as an identifier corresponding to an encryption algorithm used for ciphertext, and the encryption algorithm may include an advanced encryption standard algorithm (Advanced Encryption Standard, AES), an RSA encryption algorithm (RSA algorithm), a national encryption algorithm, and the like, but is not limited thereto.
The key identification may be understood as an identification corresponding to the type of key used by the ciphertext.
In some embodiments, the user side may establish a communication connection with the computer device to perform data transmission, where the user side stores at least one type of encryption and decryption algorithm included in the computer device and a corresponding relationship between the encryption and decryption algorithm and the encryption algorithm identifier, the user side may select one type of encryption and decryption algorithm from the stored at least one type of encryption and decryption algorithm as a target encryption and decryption algorithm, call a key acquisition interface of the computer device, acquire a key of any key type from the computer device as a target key, then the user side uses the target encryption and decryption algorithm and the target key to encrypt data to be encrypted to obtain a target ciphertext, then generates a data decryption request based on the target ciphertext, a target encryption algorithm identifier corresponding to the target encryption and decryption algorithm, and a target key identifier corresponding to the target key, and then sends the data decryption request to the computer device, where the computer device may receive the data decryption request sent by the user side.
In other embodiments, the user side stores at least one type of encryption and decryption algorithm included in the computer device, a corresponding relation between the encryption and decryption algorithm and the encryption algorithm identifier, at least one type of key, and a corresponding relation between the key identifier and the key in advance, the user side selects one type of encryption and decryption algorithm from the stored at least one type of encryption and decryption algorithm as a target encryption and decryption algorithm, selects one type of key from the stored at least one type of key as a target key, then the user side encrypts data to be encrypted by using the target encryption and decryption algorithm and the target key to obtain a target ciphertext, generates a data decryption request based on the target ciphertext, a target encryption algorithm identifier corresponding to the target encryption and decryption algorithm identifier corresponding to the target key, and then sends the data decryption request to the computer device, and the computer device can receive the data decryption request sent by the user side.
Step 120, determining a target encryption algorithm corresponding to the target encryption algorithm identifier based on the target encryption algorithm identifier, and determining a target key corresponding to the target key identifier based on the target key identifier.
In the embodiment of the disclosure, after obtaining the data decryption request sent by the user side, the computer device may determine, based on the target encryption algorithm identifier in the data decryption request, a target encryption algorithm corresponding to the target encryption algorithm identifier, and determine, based on the target key identifier, a target key corresponding to the target key identifier.
In some embodiments, determining the target encryption algorithm corresponding to the target encryption algorithm identifier based on the target encryption algorithm identifier, and determining the target key corresponding to the target key identifier based on the target key identifier may include steps 1201-1202:
step 1201, determining an encryption algorithm corresponding to the target encryption algorithm identifier as a target encryption algorithm based on a first mapping relation between the preset encryption algorithm identifier and the encryption algorithm.
In the embodiment of the disclosure, a first mapping relation between each encryption algorithm identifier and an encryption algorithm is prestored in computer equipment, namely the encryption algorithm identifiers and the encryption algorithm correspond to each other one by one. After obtaining the target encryption algorithm identification of the target ciphertext, the computer device may obtain a first mapping relationship between the target encryption algorithm identification and the encryption and decryption algorithm, determine an encryption and decryption algorithm corresponding to the target encryption algorithm identification based on the first mapping relationship between the target encryption algorithm identification and the encryption and decryption algorithm, and determine the encryption and decryption algorithm corresponding to the target encryption algorithm identification as the target encryption and decryption algorithm.
Step 1202, determining a key corresponding to the target key identifier as a target key based on a second mapping relationship between the preset key identifier and the key.
In the embodiment of the disclosure, a second mapping relationship between each key identifier and a key, that is, a one-to-one correspondence between the key type identifiers and the keys, is prestored in the computer device. After obtaining the target key identification of the target ciphertext, the computer device may obtain a second mapping relationship between the target key identification and the key, determine a key corresponding to the target key identification based on the second mapping relationship between the target key identification and the key, and determine the key corresponding to the target key identification as the target key.
And 130, decrypting the target ciphertext based on the target encryption and decryption algorithm and the target key to obtain a plaintext corresponding to the target ciphertext.
In the embodiment of the disclosure, after obtaining the target encryption and decryption algorithm and the target key used by the target ciphertext, the computer device may decrypt the target ciphertext based on the target encryption and decryption algorithm and the target key to obtain a plaintext corresponding to the target ciphertext.
According to the embodiment of the disclosure, a data decryption request sent by a user terminal is received, wherein the data decryption request comprises a target ciphertext requested to be decrypted and a target encryption identifier, and the target encryption identifier comprises a target encryption algorithm identifier corresponding to an encryption algorithm used by the target ciphertext and a target key identifier corresponding to a key used by the target ciphertext; determining a target encryption algorithm corresponding to the target encryption algorithm identifier based on the target encryption algorithm identifier, and determining a target key corresponding to the target key identifier based on the target key identifier; and decrypting the target ciphertext based on the target encryption and decryption algorithm and the target key to obtain a plaintext corresponding to the target ciphertext, and directly acquiring the required encryption and decryption algorithm and key from the encryption and decryption algorithm corresponding to the preset encryption and decryption algorithm identifier and the key corresponding to the key identifier when the data is required to be decrypted, so that the automatic decryption of the data is realized, the writing quantity of related codes is greatly reduced, and the accuracy of data decryption and the safety of the data are improved.
Fig. 2 is a flowchart of a data security processing method provided in an embodiment of the present disclosure, and as shown in fig. 2, the data security processing method provided in the embodiment may include steps 210 to 250:
step 210, receiving a data decryption request sent by a user side, where the data decryption request includes a target ciphertext requested to be decrypted and a target encryption identifier, and the target encryption identifier includes a target encryption algorithm identifier corresponding to an encryption algorithm used by the target ciphertext and a target key identifier corresponding to a key used by the target ciphertext.
Step 220, determining a target encryption algorithm corresponding to the target encryption algorithm identifier based on the target encryption algorithm identifier, and determining a target key corresponding to the target key identifier based on the target key identifier.
And 230, decrypting the target ciphertext based on the target encryption and decryption algorithm and the target key to obtain a plaintext corresponding to the target ciphertext.
Step 240, determining return data corresponding to the plaintext.
In the embodiment of the disclosure, a third mapping relationship between each plaintext and the returned data, that is, one-to-one correspondence between the plaintext and the returned data, is prestored in the computer device. After obtaining the plaintext corresponding to the ciphertext, the computer device may obtain a third mapping relationship between the plaintext and the return data from the storage space, and determine the return data corresponding to the plaintext based on the third mapping relationship between the plaintext and the return data.
Step 250, the return data is encrypted and then sent to the user terminal.
In the embodiment of the disclosure, after obtaining the return data corresponding to the plaintext, the computer device may encrypt the return data, and then send the encrypted return data to the user terminal.
In some embodiments, the return data is encrypted and sent to the client, which may include steps 2501-2502:
step 2501, encrypting the return data to obtain a return ciphertext and a return encryption identifier, where the return encryption identifier includes a return encryption algorithm identifier corresponding to an encryption algorithm used by the return ciphertext and a return key identifier corresponding to a key used by the return ciphertext.
In the embodiment of the disclosure, a user side stores various types of encryption and decryption algorithms, a corresponding relation between the encryption and decryption algorithms and an encryption algorithm identifier, various types of keys and a corresponding relation between a key identifier and a key, and the corresponding relation between the encryption and decryption algorithms, the key identifier and the key, and the corresponding relation between the encryption and decryption algorithms, the key identifier and the key.
In the embodiment of the disclosure, the computer device may select one encryption and decryption algorithm from a plurality of stored encryption and decryption algorithms and select one key from a plurality of stored keys to encrypt the return data, so as to obtain a return ciphertext and a return encryption identifier, where the return encryption identifier includes a return encryption algorithm identifier corresponding to the encryption algorithm used by the return ciphertext and a return key identifier corresponding to the key used by the return ciphertext.
In some embodiments, the return data may be encrypted based on the target encryption and decryption algorithm and the target key to obtain a return ciphertext and a return encrypted identifier, where the return encrypted identifier is the target encrypted identifier. Specifically, after obtaining the return data corresponding to the plaintext, the computer device may encrypt the return data according to a target encryption and decryption algorithm and a target key corresponding to the target ciphertext, to obtain a return ciphertext and a return encryption identifier, where the return encryption identifier is a target encryption identifier, and the target encryption identifier may include a target encryption algorithm identifier and a target key identifier.
Step 2502, sending the return ciphertext and the return encryption identifier to the user side, so that the user side decrypts the return ciphertext based on the encryption and decryption algorithm corresponding to the return encryption algorithm identifier and the key corresponding to the return key identifier in the return encryption identifier, and obtaining the return data.
In the embodiment of the disclosure, the computer device may send the return ciphertext and the return encryption identifier to the user side, so that the user side decrypts the return ciphertext based on the encryption and decryption algorithm corresponding to the return encryption algorithm identifier and the key corresponding to the return key identifier in the return encryption identifier, and obtains the return data.
In other embodiments, the return data is encrypted and sent to the client, which may include steps 2511-2512:
step 2511, encrypting the return data according to a preset encryption and decryption algorithm preset with the user side and a preset secret key to obtain a return ciphertext.
In the embodiment of the disclosure, the agreed encryption and decryption algorithm may be understood as an encryption and decryption algorithm for the returned data agreed in advance by the computer device and the user terminal, and the agreed key may be understood as an encryption and decryption key for the returned data agreed in advance by the computer device and the user terminal.
In the embodiment of the disclosure, after obtaining the return data corresponding to the plaintext, the computer device may determine an agreed encryption and decryption algorithm and an agreed key agreed with the user side in advance, and then encrypt the return data according to the agreed encryption and decryption algorithm and the agreed key agreed with the user side in advance, to obtain the return ciphertext.
Step 2512, send the return ciphertext to the user terminal, so that the user terminal decrypts the return ciphertext based on the agreed encryption and decryption algorithm and the agreed secret key, and return data is obtained.
In the embodiment of the disclosure, the computer device may send the return ciphertext to the user terminal, so that the user terminal decrypts the return ciphertext based on the agreed encryption and decryption algorithm and the agreed secret key to obtain the return data.
Therefore, the ciphertext is automatically decrypted to obtain the plaintext, and then the return data corresponding to the plaintext is automatically encrypted and then sent to the user side, so that the functions of automatic encryption and decryption of the data can be realized, the writing quantity of related codes is greatly reduced, and the accuracy of data encryption and decryption and the safety of the data are improved.
Fig. 3 is a flowchart of a data security processing method according to an embodiment of the present disclosure, as shown in fig. 3, the data security processing method provided in the present embodiment may include steps 310 to 360:
step 310, receiving a data decryption request sent by a user terminal, where the data decryption request includes a target ciphertext requested to be decrypted and a target encryption identifier, and the target encryption identifier includes a target encryption algorithm identifier corresponding to an encryption algorithm used by the target ciphertext and a target key identifier corresponding to a key used by the target ciphertext.
Step 320, determining a target encryption algorithm corresponding to the target encryption algorithm identifier based on the target encryption algorithm identifier, and determining a target key corresponding to the target key identifier based on the target key identifier.
And 330, decrypting the target ciphertext based on the target encryption and decryption algorithm and the target key to obtain a plaintext corresponding to the target ciphertext.
Step 340, determining return data corresponding to the plaintext.
Steps 310-340 in the embodiments of the present disclosure may refer to the content of steps 210-240 described above, and will not be described herein.
Step 350, determining the security level of the returned data.
The security level in the embodiments of the present disclosure may be understood as the magnitude of the importance or sensitivity of the data.
In the disclosed embodiments, after obtaining the returned data, the computer device may determine a security level of the returned data.
And step 360, encrypting the returned data and transmitting the encrypted returned data to the user side when the security level is greater than a preset threshold value.
In the embodiment of the disclosure, if the security level of the returned data is greater than the preset threshold value, indicating that the importance degree or the sensitivity degree of the data is greater, the computer device may encrypt the returned data and then send the encrypted returned data to the user terminal; if the security level of the returned data is smaller than or equal to the preset threshold value, which indicates that the importance degree or the sensitivity degree of the data is smaller, the computer equipment can directly send the returned data to the user side.
The preset threshold may be set according to actual needs, and is not specifically limited herein.
Therefore, the data can be encrypted according to the security level of the data, the security of data transmission is improved, the functions of automatic encryption and decryption of the data are realized, the writing quantity of related codes is greatly reduced, the utilization rate of development resources and the development efficiency of projects are improved, and the accuracy of data encryption and decryption and the security of the data are improved.
Fig. 4 is a flowchart of a data security processing method according to an embodiment of the present disclosure, as shown in fig. 4, the data security processing method provided in the present embodiment may include steps 401 to 412:
step 401, obtaining and storing a preset number of encryption and decryption algorithms and keys.
In the embodiment of the disclosure, the computer device can acquire and store a preset number of types of encryption and decryption algorithms and keys. The preset number may be set as needed, and is not particularly limited herein.
Step 402, corresponding encryption algorithm identifications are allocated to each encryption algorithm, and a first mapping relation between the encryption algorithm identifications and the encryption algorithm is constructed.
In the embodiment of the disclosure, the computer device may allocate a corresponding encryption algorithm identifier to each encryption algorithm, and construct a first mapping relationship between the encryption algorithm identifier and the encryption algorithm, that is, the encryption algorithm identifier corresponds to the encryption algorithm one by one.
Step 403, corresponding key identifiers are allocated to the keys, and a second mapping relationship between the key identifiers and the keys is constructed.
In the embodiment of the disclosure, the computer device may allocate a corresponding key identifier to each key, and construct a second mapping relationship between the key identifier and the key, that is, the key identifier corresponds to the key one to one.
Step 404, receiving a key call request sent by the user terminal, where the key call request includes a target key identifier of the request.
In the embodiment of the disclosure, when the user side needs to encrypt data, an encryption and decryption algorithm contained in the computer device may be selected as a target encryption and decryption algorithm, then the user side may send a key call request to the computer device, where the key call request includes a target key identifier of the request, and the computer device may receive the key call request sent by the user side.
And step 405, sending a target key corresponding to the target key identifier to the user terminal, so that the user terminal encrypts the data based on the target encryption and decryption algorithm and the target key, and generates a data decryption request containing the target ciphertext and the target encryption identifier.
In the embodiment of the disclosure, after receiving a key calling request sent by a user terminal, a computer device may determine a target key corresponding to the target key identifier according to the target key identifier in the key calling request, and then send the target key to the user terminal, so that the user terminal encrypts data based on a target encryption and decryption algorithm and the target key to generate a target ciphertext and a target encryption identifier, and further generate a data decryption request including the target ciphertext and the target encryption identifier.
Step 406, receiving a data decryption request sent by a user side, where the data decryption request includes a target ciphertext requested to be decrypted and a target encryption identifier, and the target encryption identifier includes a target encryption algorithm identifier corresponding to an encryption algorithm used by the target ciphertext and a target key identifier corresponding to a key used by the target ciphertext.
In the embodiment of the disclosure, after generating the data decryption request, the user side may send the data decryption request to the computer device, and the computer device may receive the data decryption request sent by the user side.
Step 407, determining the encryption and decryption algorithm corresponding to the target encryption algorithm identifier as a target encryption and decryption algorithm based on a first mapping relation between the preset encryption algorithm identifier and the encryption and decryption algorithm.
Step 408, determining the key corresponding to the target key identifier as the target key based on a second mapping relationship between the preset key identifier and the key.
Steps 407-408 in the embodiments of the present disclosure may refer to the content of steps 1201-1202, which are not described herein.
And 409, decrypting the target ciphertext based on the target encryption and decryption algorithm and the target key to obtain a plaintext corresponding to the target ciphertext.
Step 410, determining return data corresponding to the plaintext.
Steps 409-410 in the embodiments of the present disclosure may refer to the content of steps 230-240 described above, and will not be described herein.
Step 411, encrypting the return data based on the target encryption and decryption algorithm and the target key to obtain a return ciphertext and a return encryption identifier, wherein the return encryption identifier is the target encryption identifier.
In the embodiment of the disclosure, after obtaining the return data corresponding to the plaintext, the computer device may encrypt the return data according to the target encryption and decryption algorithm and the target key corresponding to the target ciphertext, to obtain the return ciphertext and a return encryption identifier, where the return encryption identifier is the target encryption identifier, and the target encryption identifier may include the target encryption algorithm identifier and the target key identifier.
And step 412, the return ciphertext and the return encryption identifier are sent to the user side, so that the user side decrypts the return ciphertext based on the target encryption and decryption algorithm corresponding to the target encryption algorithm identifier and the target key corresponding to the target key identifier in the return encryption identifier, and return data are obtained.
In the embodiment of the disclosure, the computer device may send the return ciphertext and the return encryption identifier to the user side, so that the user side decrypts the return ciphertext based on the target encryption and decryption algorithm corresponding to the target encryption algorithm identifier and the target key corresponding to the target key identifier in the return encryption identifier, to obtain the return data.
Therefore, the automatic encryption and decryption functions of the data can be realized, the writing quantity of related codes is greatly reduced, the utilization rate of development resources and the development efficiency of projects are improved, and the accuracy of data encryption and decryption and the safety of the data are improved.
Fig. 5 is a schematic structural diagram of a data security processing apparatus according to an embodiment of the present disclosure, where the apparatus may be understood as the above-mentioned computer device or a part of functional modules in the above-mentioned computer device. As shown in fig. 5, the data security processing apparatus 500 may include:
the first receiving module 510 is configured to receive a data decryption request sent by a user side, where the data decryption request includes a target ciphertext requested to be decrypted and a target encryption identifier, and the target encryption identifier includes a target encryption algorithm identifier corresponding to an encryption algorithm used by the target ciphertext and a target key identifier corresponding to a key used by the target ciphertext;
the first determining module 520 is configured to determine, based on the target encryption algorithm identifier, a target encryption algorithm corresponding to the target encryption algorithm identifier, and determine, based on the target key identifier, a target key corresponding to the target key identifier;
the decryption module 530 is configured to decrypt the target ciphertext based on the target encryption and decryption algorithm and the target key, to obtain a plaintext corresponding to the target ciphertext.
Optionally, the data security processing apparatus 500 may include:
the second receiving module is used for receiving a key calling request sent by the user terminal, wherein the key calling request comprises a target key identifier of the request;
and the first sending module is used for sending the target key corresponding to the target key identifier to the user terminal so that the user terminal encrypts the data based on the target encryption and decryption algorithm and the target key to generate a data decryption request containing the target ciphertext and the target encryption identifier.
Optionally, the data security processing apparatus 500 may include:
the second determining module is used for determining return data corresponding to the plaintext;
and the second sending module is used for encrypting the returned data and sending the encrypted returned data to the user side.
Optionally, the second sending module may include:
the first encryption sub-module is used for encrypting the return data to obtain a return ciphertext and a return encryption identifier, wherein the return encryption identifier comprises a return encryption algorithm identifier corresponding to an encryption algorithm used by the return ciphertext and a return key identifier corresponding to a key used by the return ciphertext;
the first sending sub-module is used for sending the return ciphertext and the return encryption identifier to the user side so that the user side decrypts the return ciphertext based on an encryption and decryption algorithm corresponding to the return encryption algorithm identifier and a key corresponding to the return key identifier in the return encryption identifier to obtain return data.
Optionally, the encryption sub-module may include:
the encryption unit is used for encrypting the return data based on the target encryption and decryption algorithm and the target key to obtain a return ciphertext and a return encryption identifier, wherein the return encryption identifier is the target encryption identifier.
Optionally, the second sending module may include:
the second encryption sub-module is used for encrypting the return data according to a preset encryption and decryption algorithm preset with the user side and a preset secret key to obtain a return ciphertext;
and the second sending submodule is used for sending the return ciphertext to the user terminal so that the user terminal decrypts the return ciphertext based on the appointed encryption and decryption algorithm and the appointed secret key to obtain return data.
Optionally, the second sending module may include:
a determining submodule for determining a security level of the returned data;
and the third sending sub-module is used for encrypting the returned data and sending the encrypted returned data to the user side when the security level is greater than a preset threshold value.
The data security processing device provided in the embodiments of the present disclosure may implement the method of any one of the embodiments, and the implementation manner and the beneficial effects of the method are similar, and are not described herein again.
The embodiment of the disclosure further provides a computer device, where the computer device includes a processor and a memory, where the memory stores a computer program, and when the computer program is executed by the processor, the method of any one of the foregoing embodiments may be implemented, and an implementation manner and a beneficial effect of the method are similar, and are not repeated herein.
A computer device in an embodiment of the present disclosure may be understood as any device having processing and computing capabilities, which may include, but is not limited to, electronic devices such as cloud servers, computers, and the like.
Fig. 6 is a schematic structural diagram of a computer device according to an embodiment of the present disclosure, as shown in fig. 6, a computer device 600 may include a processor 610 and a memory 620, where the memory 620 stores a computer program 621, and when the computer program 621 is executed by the processor 610, the method provided in any of the foregoing embodiments may be implemented, and the implementation manner and the beneficial effects are similar, and are not repeated herein.
Of course, only some of the components of the computer apparatus 600 relevant to the present invention are shown in fig. 6 for simplicity, and components such as buses, input/output interfaces, input devices, output devices, and the like are omitted. In addition, the computer device 600 may include any other suitable components depending on the particular application.
The embodiments of the present disclosure provide a computer readable storage medium, in which a computer program is stored, where when the computer program is executed by a processor, the method of any of the foregoing embodiments may be implemented, and the implementation manner and beneficial effects are similar, and are not described herein again.
The computer readable storage media described above can employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium may include, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer programs described above may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer device, partly on the user's device, as a stand-alone software package, partly on the user's computer device and partly on a remote computer device or entirely on the remote computer device or server.
The foregoing is merely a specific embodiment of the disclosure to enable one skilled in the art to understand or practice the disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown and described herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A data security processing method, comprising:
receiving a data decryption request sent by a user side, wherein the data decryption request comprises a target ciphertext requested to be decrypted and a target encryption identifier, and the target encryption identifier comprises a target encryption algorithm identifier corresponding to an encryption algorithm used by the target ciphertext and a target key identifier corresponding to a key used by the target ciphertext;
determining a target encryption algorithm corresponding to the target encryption algorithm identifier based on the target encryption algorithm identifier, and determining a target key corresponding to the target key identifier based on the target key identifier;
and decrypting the target ciphertext based on the target encryption and decryption algorithm and the target key to obtain a plaintext corresponding to the target ciphertext.
2. The method of claim 1, wherein prior to receiving the data decryption request sent by the client, the method further comprises:
receiving a key calling request sent by the user side, wherein the key calling request comprises a target key identifier of the request;
and sending a target key corresponding to the target key identifier to the user side so that the user side encrypts data based on the target encryption and decryption algorithm and the target key to generate a data decryption request containing the target ciphertext and the target encryption identifier.
3. The method according to claim 1, wherein after decrypting the target ciphertext based on the target encryption and decryption algorithm and the target key to obtain plaintext corresponding to the target ciphertext, the method further comprises:
determining return data corresponding to the plaintext;
and encrypting the return data and then sending the encrypted return data to the user side.
4. The method of claim 3, wherein the encrypting the return data and sending the encrypted return data to the client comprises:
encrypting the return data to obtain a return ciphertext and a return encryption identifier, wherein the return encryption identifier comprises a return encryption algorithm identifier corresponding to an encryption algorithm used by the return ciphertext and a return key identifier corresponding to a key used by the return ciphertext;
and sending the return ciphertext and the return encryption identifier to the user side so that the user side decrypts the return ciphertext based on an encryption and decryption algorithm corresponding to the return encryption algorithm identifier and a key corresponding to the return key identifier in the return encryption identifier to obtain the return data.
5. The method of claim 4, wherein encrypting the return data to obtain a return ciphertext and a return encrypted identification comprises:
and encrypting the return data based on the target encryption and decryption algorithm and the target key to obtain a return ciphertext and a return encryption identifier, wherein the return encryption identifier is the target encryption identifier.
6. The method of claim 3, wherein the encrypting the return data and sending the encrypted return data to the client comprises:
encrypting the return data according to a contract encryption and decryption algorithm and a contract key which are contracted with the user side in advance to obtain the return ciphertext;
and sending the return ciphertext to the user side so that the user side decrypts the return ciphertext based on the appointed encryption and decryption algorithm and the appointed secret key to obtain the return data.
7. The method of claim 3, wherein the encrypting the return data and sending the encrypted return data to the client comprises:
determining a security level of the returned data;
and when the security level is greater than a preset threshold value, encrypting the returned data and then sending the encrypted returned data to the user side.
8. A data security processing apparatus, comprising:
the first receiving module is used for receiving a data decryption request sent by a user side, wherein the data decryption request comprises a target ciphertext requested to be decrypted and a target encryption identifier, and the target encryption identifier comprises a target encryption algorithm identifier corresponding to an encryption algorithm used by the target ciphertext and a target key identifier corresponding to a key used by the target ciphertext;
the first determining module is used for determining a target encryption and decryption algorithm corresponding to the target encryption algorithm identifier based on the target encryption algorithm identifier and determining a target key corresponding to the target key identifier based on the target key identifier;
and the decryption module is used for decrypting the target ciphertext based on the target encryption and decryption algorithm and the target key to obtain a plaintext corresponding to the target ciphertext.
9. A computer device, comprising:
a memory and a processor, wherein the memory has stored therein a computer program which, when executed by the processor, implements the data security processing method of any of claims 1-7.
10. A computer-readable storage medium, in which a computer program is stored which, when executed by a processor, implements the data security processing method according to any one of claims 1 to 7.
CN202211643266.9A 2022-12-20 2022-12-20 Data security processing method, device, equipment and storage medium Pending CN116170177A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211643266.9A CN116170177A (en) 2022-12-20 2022-12-20 Data security processing method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211643266.9A CN116170177A (en) 2022-12-20 2022-12-20 Data security processing method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116170177A true CN116170177A (en) 2023-05-26

Family

ID=86417375

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211643266.9A Pending CN116170177A (en) 2022-12-20 2022-12-20 Data security processing method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116170177A (en)

Similar Documents

Publication Publication Date Title
US20210157938A1 (en) Methods, media, apparatuses and computing devices of user data authorization based on blockchain
US10728018B2 (en) Secure probabilistic analytics using homomorphic encryption
CN110266480B (en) Data transmission method, device and storage medium
US11283778B2 (en) Data exchange system, method and device
US9430211B2 (en) System and method for sharing information in a private ecosystem
CN106487763B (en) Data access method based on cloud computing platform and user terminal
CN107948152B (en) Information storage method, information acquisition method, information storage device, information acquisition device and information acquisition equipment
CN107786331B (en) Data processing method, device, system and computer readable storage medium
US10425388B2 (en) Protecting sensitive data security
CN110401677B (en) Method and device for acquiring digital copyright key, storage medium and electronic equipment
CN111741028B (en) Service processing method, device, equipment and system
CN107733639B (en) Key management method, device and readable storage medium
CN113806777A (en) File access realization method and device, storage medium and electronic equipment
CN115529130B (en) Data processing method, terminal, server, system, device, medium and product
CN111245811A (en) Information encryption method and device and electronic equipment
CN107872315B (en) Data processing method and intelligent terminal
CN109039997B (en) Secret key obtaining method, device and system
CN110545542B (en) Main control key downloading method and device based on asymmetric encryption algorithm and computer equipment
CN109711178B (en) Key value pair storage method, device, equipment and storage medium
CN116170177A (en) Data security processing method, device, equipment and storage medium
CN115567263A (en) Data transmission management method, data processing method and device
CN108985109A (en) A kind of date storage method and device
CN109462604B (en) Data transmission method, device, equipment and storage medium
US9537842B2 (en) Secondary communications channel facilitating document security
CN113946862A (en) Data processing method, device and equipment and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination