CN106549762A - A kind of data ciphering method and device - Google Patents
A kind of data ciphering method and device Download PDFInfo
- Publication number
- CN106549762A CN106549762A CN201510609517.5A CN201510609517A CN106549762A CN 106549762 A CN106549762 A CN 106549762A CN 201510609517 A CN201510609517 A CN 201510609517A CN 106549762 A CN106549762 A CN 106549762A
- Authority
- CN
- China
- Prior art keywords
- data
- dimension
- tables
- encrypted
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000009826 distribution Methods 0.000 claims abstract description 201
- 241000282320 Panthera leo Species 0.000 description 8
- 241000522620 Scorpio Species 0.000 description 6
- 230000009471 action Effects 0.000 description 6
- 230000008859 change Effects 0.000 description 6
- 239000004744 fabric Substances 0.000 description 6
- 230000000717 retained effect Effects 0.000 description 6
- 239000009490 scorpio Substances 0.000 description 6
- 238000013480 data collection Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 241000282322 Panthera Species 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000035945 sensitivity Effects 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a kind of data ciphering method and device, obtain the CIPHERING REQUEST for be-encrypted data set, the be-encrypted data set includes the first tables of data, first tables of data has at least one data dimension, the CIPHERING REQUEST includes the encryption set of reserved data distribution character and request encryption, transfers the be-encrypted data set;Be-encrypted data set encryption is obtained by encrypted data set according to the CIPHERING REQUEST, the reserved data distribution character of the encrypted data set is identical with the reserved data distribution character of the be-encrypted data set.That is the sensitive data after encrypting can still retain all or part of data division characteristic before the CIPHERING REQUEST wishes the encryption for retaining, it is ensured that the integrality of shared data required for before and after encryption.
Description
Technical field
The present invention relates to field of data encryption, more particularly to a kind of data ciphering method and device.
Background technology
Data sharing, exchange belong to common behavior between data owner.Under the background of big data, lead to
Analyze data is crossed, such as user can be obtained to important informations such as the preference of product, user's Regional Distributions,
These information can serve extremely important directive function to the popularization of product, operation arrangement etc..Data
In can analyze and obtain the partial data of above- mentioned information and become the treasure of data owner, this part
Sensitive data can be sensitive traffic data of the privacy information of user, or data owner etc..
Data owner is carrying out sharing data, in this shared procedure that exchanges, will not wish shared
Sensitive data in data is to outward leakage, therefore needs to be encrypted the sensitive information in data.Traditional
Sensitive data cipher mode can be that (the English of message digest algorithm the 5th edition is for example carried out to sensitive data:
Message-Digest Algorithm 5, abbreviation:MD5) encryption etc..Sensitive data after encryption can be replaced
It is changed to an insignificant character string.
After conventional cryptography is carried out to sensitive data, data of the sensitive data in shared data point before encryption
Cloth characteristic will be lost, and can destroy the integrality of shared data.
The content of the invention
In order to solve above-mentioned technical problem, the invention provides a kind of data ciphering method and device, so that
Sensitive data after must encrypting can still retain all or part of data division characteristic before encryption.
The embodiment of the invention discloses following technical scheme:
A kind of data ciphering method, methods described include:
The CIPHERING REQUEST for be-encrypted data set is obtained, the be-encrypted data set includes the first number
According to table, first tables of data has at least one data dimension, and the CIPHERING REQUEST includes reserved data
Distribution character and the encryption set of request encryption, the reserved data distribution character include the first dimension in institute
The first data distribution characteristic in the first tables of data is stated, and/or, the reserved data distribution character is described
When first tables of data has multiple data dimensions, at least two data dimensions in the plurality of data dimension
Dimension combines the second data distribution characteristic in first tables of data;First dimension for it is described extremely
A data dimension in a few data dimension, the encryption set include first dimension and/or institute
Dimension combination is stated, the data dimension that the encryption set includes belongs at least one data dimension;
Transfer the be-encrypted data set;
Be-encrypted data set encryption is obtained by encrypted data set, institute according to the CIPHERING REQUEST
State encrypted data set the reserved data distribution character and the be-encrypted data set it is described pre-
Residual is identical according to distribution character.
Optionally, the encryption set also includes the second tables of data in the be-encrypted data set, institute
State the second tables of data and there is first dimension and/or dimension combination;The reserved data distribution character
Also include first data distribution characteristic of first dimension in second tables of data, and/or, it is described reserved
When data distribution characteristic has multiple data dimensions for second tables of data, in the plurality of data dimension
The dimension of at least two data dimensions combines the second data distribution characteristic in first tables of data;Institute
State the second tables of data also the data distribution characteristic with least one data dimension and first data distribution
Characteristic and/or the second data distribution characteristic have the first relevance;It is described to be incited somebody to action according to the CIPHERING REQUEST
The be-encrypted data set encryption obtains encrypted data set, also includes:
First relevance of the second tables of data described in the encrypted data set and described to be encrypted
First relevance of the second tables of data described in data acquisition system is identical.
Optionally, the be-encrypted data set also includes the 3rd tables of data, and the 3rd tables of data has
The data distribution characteristic of at least one data dimension and the first data distribution characteristic and/or second number
There is the second relevance according to distribution character;It is described according to the CIPHERING REQUEST by the be-encrypted data set
Encryption obtains encrypted data set, also includes:
Second relevance of the 3rd tables of data described in the encrypted data set and the first tables of data
With the second relevance phase of the 3rd tables of data described in the be-encrypted data set and the first tables of data
Together.
Optionally, the reserved data distribution character also includes first dimension in first tables of data
In the 3rd data distribution characteristic, and/or, fourth number of the dimension combination in first tables of data
According to distribution character.
Optionally, the CIPHERING REQUEST also includes the reservation set that request is not encrypted, the reservation set bag
Include the second dimension, at least one dimension that second dimension is had by first tables of data
Individual data dimension, second dimension are different from first dimension, described to be incited somebody to action according to the CIPHERING REQUEST
The be-encrypted data set encryption obtains encrypted data set, also includes:
Described in the encrypted data set, the second dimension of the first tables of data is not encrypted.
A kind of data encryption device, described device include:
Acquiring unit, for obtaining the CIPHERING REQUEST for be-encrypted data set, the be-encrypted data
Set includes the first tables of data, and first tables of data has at least one data dimension, and the encryption please
Ask the encryption set including reserved data distribution character and request encryption, the reserved data distribution character bag
First data distribution characteristic of first dimension in first tables of data is included, and/or, the reserved data
When distribution character has multiple data dimensions for first tables of data, in the plurality of data dimension at least
The dimension of two data dimensions combines the second data distribution characteristic in first tables of data;Described
Dimension is a data dimension at least one data dimension, and the encryption set includes described
First dimension and/or dimension combination, the data dimension that the encryption set includes belong to described at least one
Individual data dimension;
Unit is transferred, for transferring the be-encrypted data set;
Ciphering unit, for obtaining adding by be-encrypted data set encryption according to the CIPHERING REQUEST
Ciphertext data set, the reserved data distribution character and the number to be encrypted of the encrypted data set
The reserved data distribution character according to set is identical.
Optionally, the encryption set also includes the second tables of data in the be-encrypted data set, institute
State the second tables of data and there is first dimension and/or dimension combination;The reserved data distribution character
Also include first data distribution characteristic of first dimension in second tables of data, and/or, it is described reserved
When data distribution characteristic has multiple data dimensions for second tables of data, in the plurality of data dimension
The dimension of at least two data dimensions combines the second data distribution characteristic in first tables of data;Institute
State the second tables of data also the data distribution characteristic with least one data dimension and first data distribution
Characteristic and/or the second data distribution characteristic have the first relevance;It is described to be incited somebody to action according to the CIPHERING REQUEST
The be-encrypted data set encryption obtains encrypted data set, the institute that the ciphering unit encryption is obtained
State first relevance and the be-encrypted data collection of the second tables of data described in encrypted data set
First relevance of the second tables of data described in conjunction is identical.
Optionally, the be-encrypted data set also includes the 3rd tables of data, and the 3rd tables of data has
The data distribution characteristic of at least one data dimension and the first data distribution characteristic and/or second number
There is the second relevance according to distribution character;It is described according to the CIPHERING REQUEST by the be-encrypted data set
Encryption obtains encrypted data set, in the encrypted data set that the ciphering unit encryption is obtained
Institute in second relevance and the be-encrypted data set of the 3rd tables of data and the first tables of data
State the 3rd tables of data identical with second relevance of the first tables of data.
Optionally, the reserved data distribution character also includes first dimension in first tables of data
In the 3rd data distribution characteristic, and/or, fourth number of the dimension combination in first tables of data
According to distribution character.
Optionally, the CIPHERING REQUEST also includes the reservation set that request is not encrypted, the reservation set bag
Include the second dimension, at least one dimension that second dimension is had by first tables of data
Individual data dimension, second dimension are different from first dimension, described to be incited somebody to action according to the CIPHERING REQUEST
The be-encrypted data set encryption obtains encrypted data set, the institute that the ciphering unit encryption is obtained
The second dimension for stating the first tables of data described in encrypted data set is not encrypted.
By above-mentioned technical proposal as can be seen that in CIPHERING REQUEST except including request encryption encryption set,
Also include the data distribution characteristic for wishing still to retain after to the encryption set encryption, the pre- residual
Include first data distribution characteristic of first dimension in first tables of data according to distribution character, and/or,
When the reserved data distribution character has multiple data dimensions for first tables of data, the plurality of number
The second data distribution in first tables of data is combined according to the dimension of at least two data dimensions in dimension
Characteristic, thus when being encrypted according to the CIPHERING REQUEST, the described pre- residual of encrypted data set
It is identical with the reserved data distribution character of the be-encrypted data set according to distribution character, that is to say, that
Sensitive data after encryption can still retain the CIPHERING REQUEST and wish the whole before the encryption for retaining or portion
Divided data part of properties, it is ensured that the integrality of shared data required for before and after encryption.
Description of the drawings
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to reality
Apply accompanying drawing to be used needed for example or description of the prior art to be briefly described, it should be apparent that, below
Accompanying drawing in description is only some embodiments of the present invention, for those of ordinary skill in the art,
Without having to pay creative labor, can be with according to these other accompanying drawings of accompanying drawings acquisition.
Fig. 1 is a kind of method flow diagram of data ciphering method provided in an embodiment of the present invention;
Fig. 2 is a kind of structure drawing of device of data encryption device provided in an embodiment of the present invention.
Specific embodiment
To make purpose, technical scheme and the advantage of the embodiment of the present invention clearer, below in conjunction with this
Accompanying drawing in bright embodiment, is explicitly described to the technical scheme in the embodiment of the present invention, it is clear that
Described embodiment is a part of embodiment of the invention, rather than the embodiment of whole.Based on the present invention
In embodiment, the institute obtained under the premise of creative work is not made by those of ordinary skill in the art
There is other embodiment, belong to the scope of protection of the invention.
Due under the background of big data, by analyze data, such as user can be obtained to the inclined of product
The important informations such as good, user's Regional Distribution, these information can be risen to the popularization of product, operation arrangement etc.
Extremely important directive function is arrived.This part sensitive data for obtaining above- mentioned information can be analyzed in data
Become the treasure of data owner.So data owner data are carried out sharing, exchange
In this shared procedure, the sensitive data in shared data will not be wished to outward leakage, therefore needed data
In sensitive information be encrypted.But the sensitive number after traditional sensitive data cipher mode encryption
According to an insignificant character string can be replaced by.Data of the sensitive data in shared data point before encryption
Cloth characteristic will be lost, and can destroy the integrality of shared data.
For this purpose, embodiments providing a kind of data ciphering method and device, remove in CIPHERING REQUEST
Including the encryption set of request encryption, also still retaining after to the encryption set encryption including hope
Data distribution characteristic, the reserved data distribution character includes the first dimension in first tables of data
The first data distribution characteristic, and/or, the reserved data distribution character has for first tables of data
During multiple data dimensions, in the plurality of data dimension, the dimension of at least two data dimensions is combined described
The second data distribution characteristic in first tables of data, thus when being encrypted according to the CIPHERING REQUEST,
The reserved data distribution character of encrypted data set and the described of the be-encrypted data set are reserved
Data distribution characteristic is identical, that is to say, that the sensitive data after encryption can still retain the CIPHERING REQUEST
Wish all or part of data division characteristic before the encryption for retaining, it is ensured that shared required for before and after encryption
The integrality of data.
Embodiment one
Fig. 1 is a kind of method flow diagram of data ciphering method provided in an embodiment of the present invention, methods described
Including:
S101:The CIPHERING REQUEST for be-encrypted data set is obtained, the be-encrypted data set includes
First tables of data, first tables of data have at least one data dimension, and the CIPHERING REQUEST includes pre-
Residual includes the first dimension according to distribution character and the encryption set of request encryption, the reserved data distribution character
First data distribution characteristic of the degree in first tables of data, and/or, the reserved data distribution character
When there is multiple data dimensions for first tables of data, at least two data in the plurality of data dimension
The dimension of dimension combines the second data distribution characteristic in first tables of data;First dimension is
A data dimension at least one data dimension, the encryption set include first dimension
And/or the dimension is combined, the data dimension that the encryption set includes belongs at least one data dimension
Degree.
Illustrate, the be-encrypted data set can be user need call, and include sensitivity number
According to the data acquisition system for needing encryption.Tables of data can include one or more list items, and a list item can be
One group of data, passage, one group of corresponding relation etc..
In embodiments of the present invention, the content of tables of data is divided into one or more data dimensions, example
Such as, data block a is three sections of words " the Scorpio women in Zhejiang ", " the Leo women in Shanghai " and " Zhejiang
The Leo male sex in river ", tables of data a can just be divided at least three data dimensions, respectively:Area,
Sex, constellation.Specifically can be as shown in table 1:
| Area | Sex | Constellation | |
| 1 | Zhejiang | Female | Scorpio |
| 2 | Shanghai | Female | Leo |
| 3 | Zhejiang | Man | Leo |
Table 1
One or more tables of data can be included during the encryption set encrypted is asked in the CIPHERING REQUEST,
One or more data dimensions can be included.The tables of data for including or dimension in the encryption set will
It is encrypted in the ciphering process of S103.
The data distribution characteristic can be understood as a data dimension or dimension combination in data composition point
Cloth feature, or a kind of data characteristic is can be understood as, a data dimension or dimension combination can have
At least one data distribution characteristic.For example as in table 1, data dimension " area " can be with data point
Cloth characteristic " regional accounting ", such as Zhejiang account for 2/3, and Shanghai accounts for 1/3, and data dimension " area " can also have
There is data distribution characteristic " regional quantity ", such as Zhejiang there are 2, and Shanghai has 1.Dimension combination " area
+ sex " can have data distribution characteristic " regional sex accounting ", and such as Zhejiang female accounts for 1/3, and Zhejiang man account for
1/3, Shanghai female 1/3, Shanghai man are not then 0.
The reserved data distribution character can be to wish after the encryption of S103, encrypted data dimension
The data distribution characteristic that degree or dimension combination have before remaining able to retain encryption.
Can include in the reserved data distribution character special for multiple data distributions of a data dimension
Property, the multiple data distributions for a dimension combination can also be included in the reserved data distribution character
Characteristic.That is, optional, the reserved data distribution character also includes first dimension in institute
The 3rd data distribution characteristic in the first tables of data is stated, and/or, the dimension is combined in first data
The 4th data distribution characteristic in table.
It is also to be noted that the data distribution characteristic in first dimension is multiple situations, it is described
Can also be including in multiple data distribution characteristics of first dimension in reserved data distribution character
Or partial data distribution character.
S102:Transfer the be-encrypted data set.
Illustrate, can be searched from database by the CIPHERING REQUEST and be deployed into described to be encrypted
Data acquisition system.
S103:Be-encrypted data set encryption is obtained by encrypted data collection according to the CIPHERING REQUEST
Close, the reserved data distribution character of the encrypted data set and the be-encrypted data set
The reserved data distribution character is identical.
Illustrate, as encryption set has been specify that in the CIPHERING REQUEST, and need what is retained
The data distribution characteristic of data dimension or dimension combination in encryption set, therefore in ciphering process, by changing
Become cipher mode, by the basis of the True Data of encryption data dimension, retention data dimension it is reserved
Data distribution characteristic.
It is also to be noted that as the data in tables of data may all be not fully sensitive data, it is right
In nonsensitive data, in shared data, might not have the necessity of encryption, and some situations
Under, these nonsensitive datas also have shared necessity.Therefore in order to meet the demand of above-mentioned situation, together
When also for the data processing amount for reducing ciphering process, the embodiment of the present invention additionally provides a kind of optional reality
Apply mode, the CIPHERING REQUEST also includes the reservation set that request is not encrypted, the reservation set includes the
Two-dimensionses, the number at least one dimension that second dimension is had by first tables of data
According to dimension, second dimension is different from first dimension, it is described will be described according to the CIPHERING REQUEST
Be-encrypted data set encryption obtains encrypted data set, also includes:
Described in the encrypted data set, the second dimension of the first tables of data is not encrypted.
Illustrate, the dimension retained included by set can be in the be-encrypted data set
Remove the remaining data dimension beyond included data dimension is gathered in the encryption.Or the remaining data
A part for dimension.In the dimension retained in set, will not be encrypted by the ciphering process of S103,
In other words, after the be-encrypted data set is encrypted by S103, the number for retaining dimension in set
According to or for encryption before initial data.
Followed by illustrating as a example by specific application scenarios.In assuming the be-encrypted data set
The content of the first tables of data be divided into three dimensions, respectively area, sex and constellation.Described first
Tables of data includes ten data table items, as shown in the sequence number 1 to 10 in table 2:
| Area | Sex | Constellation | |
| 1 | Zhejiang | Female | Scorpio |
| 2 | Shanghai | Man | Lion |
| 3 | Zhejiang | Man | Lion |
| 4 | Shanghai | Female | Lion |
| 5 | Zhejiang | Female | Lion |
| 6 | Zhejiang | Man | Scorpio |
| 7 | Shanghai | Female | Lion |
| 8 | Zhejiang | Female | Lion |
| 9 | Zhejiang | Man | Lion |
| 10 | Shanghai | Female | Scorpio |
Table 2
Assume that the reservation collection in the CIPHERING REQUEST is combined into data dimension " constellation ", ask the crypto set of encryption
Data dimension " area " and " sex " are combined into, reserved data distribution character is dimension collection " area+property
" regional sex accounting " not ".In the first tables of data before encrypting as can be seen from Table 2, this is reserved
Data distribution characteristic is specially:Zhejiang female accounts for 30%, Zhejiang man and accounts for 30%, Shanghai female 30% and Shanghai man
10%.
Then the first tables of data after being encrypted to the be-encrypted data set can be shown in Table the sequence number in 3
Shown in 1 to 10:
| Area | Sex | Constellation | |
| 1 | Zhejiang | Man | Scorpio |
| 2 | Zhejiang | Man | Lion |
| 3 | Shanghai | Female | Lion |
| 4 | Zhejiang | Man | Lion |
| 5 | Shanghai | Man | Lion |
| 6 | Shanghai | Female | Scorpio |
| 7 | Zhejiang | Female | Lion |
| 8 | Shanghai | Female | Lion |
| 9 | Zhejiang | Female | Lion |
| 10 | Zhejiang | Female | Scorpio |
Table 3
From table 3 it can be seen that data dimension " area " and " sex " and in data and table 2 in not
Together, be already encrypted, it is completely the same in the data in data dimension " constellation " and table 2, not by
Encryption.Phase before the reserved data distribution character of the dimension collection " area+sex " after encryption and encryption
Than without change, still keeping:Zhejiang female accounts for 30%, Zhejiang man and accounts for 30%, Shanghai female 30% and Shanghai
The accounting of man 10%.
Hypothesis is shared using the content of table 3 as shared data, and dimension " constellation " can be truly counting
According to form disclose, the True Data of dimension " area " and " sex " is added as sensitive data
It is close, the interests of all sides of data are protected, meanwhile, the data distribution of dimension combination " area+sex " is special
Property " regional sex accounting " has been retained after encryption, still can as shared data in have
Effect data.
For the reserved data distribution character and the be-encrypted data collection of the encrypted data set
The reserved data distribution character identical cipher round results for closing, embodiments provide at least two
Specific cipher mode.By taking table 3 as an example, it is assumed that need the data dimension " area " and " sex " of encryption,
Reserved data distribution character is specially:Zhejiang female account for 30%, Zhejiang man account for 30%, Shanghai female 30% and on
Extra large man 10%.Concrete cipher mode is as follows:
First kind of way:It is encrypted successively.
Due to specify that accounting, therefore when being encrypted to data dimension " area " and " sex ",
Can be successively will choose for encryption account for sum 30% data table items data dimension " area "
" sex " is encrypted as " Zhejiang " and " female ", is chosen again and accounts for total 30% data table items
Data dimension " area " and " sex " are encrypted as " Zhejiang " and " man ", then by that analogy, will choosing
The data table items got are encrypted as Shanghai female, Shanghai man.
Aggregation is compared by identical data in the tables of data that first kind of way is encrypted.
The second way:It is encrypted by random manner.
Can mark off in 1 to 10 interval four it is interval, be [0,3] correspondingly Zhejiang female respectively, [4,
6] correspondence Zhejiang man, [7,9] correspondence Shanghai female, [10] correspondence Shanghai man.When being encrypted, one is chosen
Individual data table items, choose a value in the way of random number from 1 to 10, and the size of the value falls above-mentioned
Four it is interval in which is interval, the data table items are just encrypted as the content corresponding to the region.For example select
Fetch data list item a, and the random number for obtaining is 4, and numerical value falls into second interval, correspondence Zhejiang man, then
Just the data dimension " area " of data table items a and " sex " can be encrypted as " Zhejiang " and " man ".
Control after encryption by way of the percentage of total amount can be accounted for during encryption controlling encrypted content
Reserved data distributor characteristic,
Relatively disperseed by identical data in the tables of data that the second way is encrypted.
Can be seen that in CIPHERING REQUEST except including request encryption by the embodiment as corresponding to Fig. 1
Encryption set, the data distribution characteristic for also still retaining after to the encryption set encryption including hope,
The reserved data distribution character includes that first data distribution of first dimension in first tables of data is special
Property, and/or, when the reserved data distribution character has multiple data dimensions for first tables of data,
In the plurality of data dimension, the dimension of at least two data dimensions combines the in first tables of data
Two data distribution characteristics, thus when being encrypted according to the CIPHERING REQUEST, encrypted data set
The reserved data distribution character and the reserved data distribution character phase of the be-encrypted data set
Together, that is to say, that the sensitive data after encryption can still retain the encryption that the CIPHERING REQUEST wishes to retain
Front all or part of data division characteristic, it is ensured that the integrality of shared data required for before and after encryption.
As can be seen here, also exist including hope except the encryption set including request encryption in CIPHERING REQUEST
To the data distribution characteristic still retained after the encryption set encryption, the reserved data distribution character bag
First data distribution characteristic of first dimension in first tables of data is included, and/or, the reserved data
When distribution character has multiple data dimensions for first tables of data, in the plurality of data dimension at least
The dimension of two data dimensions combines the second data distribution characteristic in first tables of data, thus exists
When being encrypted according to the CIPHERING REQUEST, the reserved data distribution character of encrypted data set and
The reserved data distribution character of the be-encrypted data set is identical, that is to say, that the sensitivity after encryption
Data can still retain all or part of data portion dtex before the CIPHERING REQUEST wishes the encryption for retaining
Property, it is ensured that the integrality of shared data required for before and after encryption.
Next former and later two or the relevance between multiple tables of data are encrypted in description.The relevance can be with
It is interpreted as a kind of adduction relationship of data.For example, data distribution characteristic a of the data dimension a of tables of data a
Need reference data table b dimension combine b data distribution characteristic b, then it is considered that tables of data a with
Between tables of data b have relevance, specifically, it is also possible to think data dimension a combine with dimension b it
Between there is relevance etc..
In the case of for the relevance between this two or more packets, the invention provides at least
Two kinds of association implementations that may be related to data encryption.
In the case of the first, the be-encrypted data set includes multiple tables of data such as the second tables of data,
And, also include second tables of data during the encryption set encrypted is required in the CIPHERING REQUEST.
Second tables of data has at least one identical data dimension and/or dimension group with first tables of data
Close and be also in the reserved data distribution character, in second tables of data, be not at the pre- residual
According to the dimension in the dimension in distribution character and second tables of data in the reserved data distribution character
Degree is with relevance.This relevance can be understood as the relevance in tables of data.
In the case of second, the be-encrypted data set includes multiple tables of data such as the 3rd tables of data,
3rd tables of data can be in the encryption set, it is also possible in no longer described encryption set, described
Having in data distribution characteristic in reserved data distribution character in the 3rd tables of data and first tables of data
Relevant property.This relevance can be understood as the relevance between tables of data.
For described the first situation, optionally, the encryption set also includes the be-encrypted data collection
The second tables of data in conjunction, second tables of data have first dimension and/or dimension combination;
The reserved data distribution character also includes first data distribution of first dimension in second tables of data
Characteristic, and/or, when the reserved data distribution character has multiple data dimensions for second tables of data,
In the plurality of data dimension, the dimension of at least two data dimensions combines the in first tables of data
Two data distribution characteristics;The second tables of data also data distribution characteristic with least one data dimension
There is the first relevance with the first data distribution characteristic and/or the second data distribution characteristic.
Illustrate, in first tables of data and the second tables of data, include first dimension and/or institute
State dimension combination, and second tables of data also with least one data dimension data distribution characteristic with
The first data distribution characteristic and/or the second data distribution characteristic have the first relevance.In encryption
During, the first tables of data and the second tables of data can be encrypted using identical cipher mode, then
The first data distribution characteristic and/or the second data distribution in the first tables of data and the second tables of data after encryption
Characteristic is as before encryption being.Due to the first data distribution characteristic for being cited and/or the second data distribution
Characteristic does not change after encryption, then first relevance will not change.That is, institute
State and be-encrypted data set encryption is obtained by encrypted data set according to the CIPHERING REQUEST, also wrap
Include:
First relevance of the second tables of data described in the encrypted data set and described to be encrypted
First relevance of the second tables of data described in data acquisition system is identical.
For second situation, include in the 3rd tables of data needs it is encrypted described first
Dimension and/or dimension combination.That is, the be-encrypted data set also includes the 3rd tables of data,
3rd tables of data has the data distribution characteristic and first data distribution of at least one data dimension
Characteristic and/or the second data distribution characteristic have the second relevance.Due to the first data point being cited
Cloth characteristic and/or the second data distribution characteristic do not change after encryption, then first relevance will not
Change.That is, described encrypt the be-encrypted data set according to the CIPHERING REQUEST
To encrypted data set, also include:
Second relevance of the 3rd tables of data described in the encrypted data set and the first tables of data
With the second relevance phase of the 3rd tables of data described in the be-encrypted data set and the first tables of data
Together.
As can be seen that retaining the data point that the reserved data distribution character includes during encryption
Cloth characteristic, can not destroy originally needs to quote the data distribution characteristic in the reserved data distribution character
Relevance, it is ensured that encrypted data table maximum analysis value.
Embodiment two
Fig. 2 is a kind of structure drawing of device of data encryption device provided in an embodiment of the present invention, described device
Including:
Acquiring unit 201, for obtaining the CIPHERING REQUEST for be-encrypted data set, the number to be encrypted
Include the first tables of data according to set, first tables of data has at least one data dimension, the encryption
Request includes the encryption set of reserved data distribution character and request encryption, the reserved data distribution character
The first data distribution characteristic including the first dimension in first tables of data, and/or, the pre- residual
When there is multiple data dimensions for first tables of data according to distribution character, in the plurality of data dimension extremely
The dimension of few two data dimensions combines the second data distribution characteristic in first tables of data;It is described
First dimension is a data dimension at least one data dimension, and the encryption set includes institute
State the first dimension and/or dimension combination, the data dimension that includes of encryption set belong to it is described at least
One data dimension.
Unit 202 is transferred, for transferring the be-encrypted data set.
Ciphering unit 203, for being obtained be-encrypted data set encryption according to the CIPHERING REQUEST
Encrypted data set, the reserved data distribution character of the encrypted data set and described to be encrypted
The reserved data distribution character of data acquisition system is identical.
Optionally, the encryption set also includes the second tables of data in the be-encrypted data set, institute
State the second tables of data and there is first dimension and/or dimension combination;The reserved data distribution character
Also include first data distribution characteristic of first dimension in second tables of data, and/or, it is described reserved
When data distribution characteristic has multiple data dimensions for second tables of data, in the plurality of data dimension
The dimension of at least two data dimensions combines the second data distribution characteristic in first tables of data;Institute
State the second tables of data also the data distribution characteristic with least one data dimension and first data distribution
Characteristic and/or the second data distribution characteristic have the first relevance;It is described to be incited somebody to action according to the CIPHERING REQUEST
The be-encrypted data set encryption obtains encrypted data set, and the encryption of the ciphering unit 203 is obtained
The encrypted data set described in the second tables of data first relevance and the number to be encrypted
First relevance according to the second tables of data described in set is identical.
Optionally, the be-encrypted data set also includes the 3rd tables of data, and the 3rd tables of data has
The data distribution characteristic of at least one data dimension and the first data distribution characteristic and/or second number
There is the second relevance according to distribution character;It is described according to the CIPHERING REQUEST by the be-encrypted data set
Encryption obtains encrypted data set, the encrypted data collection that the encryption of the ciphering unit 203 is obtained
Second relevance and the be-encrypted data set of the 3rd tables of data described in conjunction and the first tables of data
Described in the 3rd tables of data it is identical with second relevance of the first tables of data.
Optionally, the reserved data distribution character also includes first dimension in first tables of data
In the 3rd data distribution characteristic, and/or, fourth number of the dimension combination in first tables of data
According to distribution character.
Optionally, the CIPHERING REQUEST also includes the reservation set that request is not encrypted, the reservation set bag
Include the second dimension, at least one dimension that second dimension is had by first tables of data
Individual data dimension, second dimension are different from first dimension, described to be incited somebody to action according to the CIPHERING REQUEST
The be-encrypted data set encryption obtains encrypted data set, and the encryption of the ciphering unit 203 is obtained
The encrypted data set described in the first tables of data the second dimension it is not encrypted.
It can be seen that, except the encryption set including request encryption in CIPHERING REQUEST, also including hope to institute
State the data distribution characteristic that still retains after encryption set encryption, the reserved data distribution character includes the
First data distribution characteristic of the dimension in first tables of data, and/or, the reserved data distribution
When characteristic has multiple data dimensions for first tables of data, at least two in the plurality of data dimension
The dimension of data dimension combines the second data distribution characteristic in first tables of data, thus in basis
When the CIPHERING REQUEST is encrypted, the reserved data distribution character of encrypted data set and described
The reserved data distribution character of be-encrypted data set is identical, that is to say, that the sensitive data after encryption
The all or part of data division characteristic before the CIPHERING REQUEST wishes the encryption for retaining can still be retained,
Ensure that the integrality of shared data required for before and after encrypting.
One of ordinary skill in the art will appreciate that:Realize all or part of step of said method embodiment
Can be completed by the related hardware of programmed instruction, foregoing routine can be stored in an embodied on computer readable
In storage medium, the program upon execution, performs the step of including said method embodiment;And it is aforesaid
Storage medium can be at least one in following media:Read-only storage (English:read-only
Memory, abbreviation:ROM), RAM, magnetic disc or CD etc. are various can be with Jie of store program codes
Matter.
It should be noted that each embodiment in this specification is described by the way of progressive, each
Between embodiment, identical similar part is mutually referring to what each embodiment was stressed is and which
The difference of his embodiment.For especially for equipment and system embodiment, due to its basic simlarity
In embodiment of the method, so describe fairly simple, part explanation of the related part referring to embodiment of the method
.Equipment described above and system embodiment are only schematic, wherein as separating component
The unit of explanation can be or may not be physically separate, and the part shown as unit can be with
It is or may not be physical location, you can be local to be located at one, or can also be distributed to multiple
On NE.Some or all of module therein can be selected according to the actual needs to realize this reality
Apply the purpose of a scheme.Those of ordinary skill in the art are not in the case where creative work is paid, you can
To understand and implement.
The above, preferably specific embodiment only of the invention, but protection scope of the present invention is not
Be confined to this, any those familiar with the art the invention discloses technical scope in, can
The change or replacement for readily occurring in, should all be included within the scope of the present invention.Therefore, the present invention
Protection domain should be defined by scope of the claims.
Claims (10)
1. a kind of data ciphering method, it is characterised in that methods described includes:
The CIPHERING REQUEST for be-encrypted data set is obtained, the be-encrypted data set includes the first number
According to table, first tables of data has at least one data dimension, and the CIPHERING REQUEST includes reserved data
Distribution character and the encryption set of request encryption, the reserved data distribution character include the first dimension in institute
The first data distribution characteristic in the first tables of data is stated, and/or, the reserved data distribution character is described
When first tables of data has multiple data dimensions, at least two data dimensions in the plurality of data dimension
Dimension combines the second data distribution characteristic in first tables of data;First dimension for it is described extremely
A data dimension in a few data dimension, the encryption set include first dimension and/or institute
Dimension combination is stated, the data dimension that the encryption set includes belongs at least one data dimension;
Transfer the be-encrypted data set;
Be-encrypted data set encryption is obtained by encrypted data set, institute according to the CIPHERING REQUEST
State encrypted data set the reserved data distribution character and the be-encrypted data set it is described pre-
Residual is identical according to distribution character.
2. method according to claim 1, it is characterised in that the encryption set also includes described
The second tables of data in be-encrypted data set, second tables of data have first dimension and/or institute
State dimension combination;The reserved data distribution character also includes the first dimension in second tables of data
First data distribution characteristic, and/or, the reserved data distribution character is second tables of data with many
During individual data dimension, in the plurality of data dimension, the dimension combination of at least two data dimensions is described the
The second data distribution characteristic in one tables of data;Second tables of data also has at least one data dimension
Data distribution characteristic and the first data distribution characteristic and/or the second data distribution characteristic have the
One relevance;It is described that be-encrypted data set encryption has been encrypted by number according to the CIPHERING REQUEST
According to set, also include:
First relevance of the second tables of data described in the encrypted data set and described to be encrypted
First relevance of the second tables of data described in data acquisition system is identical.
3. method according to claim 1, it is characterised in that the be-encrypted data set is also wrapped
The 3rd tables of data is included, the 3rd tables of data has the data distribution characteristic of at least one data dimension and institute
State the first data distribution characteristic and/or the second data distribution characteristic has the second relevance;The basis
Be-encrypted data set encryption is obtained encrypted data set by the CIPHERING REQUEST, is also included:
Second relevance of the 3rd tables of data described in the encrypted data set and the first tables of data
With the second relevance phase of the 3rd tables of data described in the be-encrypted data set and the first tables of data
Together.
4. the method according to any one of claims 1 to 3, it is characterised in that the reserved data
Distribution character also include threeth data distribution characteristic of first dimension in first tables of data, and/
Or, fourth data distribution characteristic of the dimension combination in first tables of data.
5. method according to claim 1, it is characterised in that the CIPHERING REQUEST also includes request
The reservation set do not encrypted, the reservation set include the second dimension, and second dimension is described first
A data dimension at least one dimension that tables of data has, second dimension and described first
Dimension is different, described that be-encrypted data set encryption has been encrypted number according to the CIPHERING REQUEST
According to set, also include:
Described in the encrypted data set, the second dimension of the first tables of data is not encrypted.
6. a kind of data encryption device, it is characterised in that described device includes:
Acquiring unit, for obtaining the CIPHERING REQUEST for be-encrypted data set, the be-encrypted data
Set includes the first tables of data, and first tables of data has at least one data dimension, and the encryption please
Ask the encryption set including reserved data distribution character and request encryption, the reserved data distribution character bag
First data distribution characteristic of first dimension in first tables of data is included, and/or, the reserved data
When distribution character has multiple data dimensions for first tables of data, in the plurality of data dimension at least
The dimension of two data dimensions combines the second data distribution characteristic in first tables of data;Described
Dimension is a data dimension at least one data dimension, and the encryption set includes described
First dimension and/or dimension combination, the data dimension that the encryption set includes belong to described at least one
Individual data dimension;
Unit is transferred, for transferring the be-encrypted data set;
Ciphering unit, for obtaining adding by be-encrypted data set encryption according to the CIPHERING REQUEST
Ciphertext data set, the reserved data distribution character and the number to be encrypted of the encrypted data set
The reserved data distribution character according to set is identical.
7. device according to claim 6, it is characterised in that the encryption set also includes described
The second tables of data in be-encrypted data set, second tables of data have first dimension and/or institute
State dimension combination;The reserved data distribution character also includes the first dimension in second tables of data
First data distribution characteristic, and/or, the reserved data distribution character is second tables of data with many
During individual data dimension, in the plurality of data dimension, the dimension combination of at least two data dimensions is described the
The second data distribution characteristic in one tables of data;Second tables of data also has at least one data dimension
Data distribution characteristic and the first data distribution characteristic and/or the second data distribution characteristic have the
One relevance;It is described that be-encrypted data set encryption has been encrypted by number according to the CIPHERING REQUEST
According to the second tables of data described in the encrypted data set that set, the ciphering unit encryption are obtained
First relevance of the second tables of data described in first relevance and the be-encrypted data set
It is identical.
8. device according to claim 6, it is characterised in that the be-encrypted data set is also wrapped
The 3rd tables of data is included, the 3rd tables of data has the data distribution characteristic of at least one data dimension and institute
State the first data distribution characteristic and/or the second data distribution characteristic has the second relevance;The basis
Be-encrypted data set encryption is obtained encrypted data set, the encryption list by the CIPHERING REQUEST
Described the of 3rd tables of data described in unit's encrypted data set for obtaining of encryption and the first tables of data
3rd tables of data described in two relevances and the be-encrypted data set and described the second of the first tables of data
Relevance is identical.
9. the device according to any one of claim 6 to 8, it is characterised in that the reserved data
Distribution character also include threeth data distribution characteristic of first dimension in first tables of data, and/
Or, fourth data distribution characteristic of the dimension combination in first tables of data.
10. device according to claim 6, it is characterised in that the CIPHERING REQUEST also includes please
Ask the reservation set do not encrypted, the reservation set includes the second dimension, second dimension is described the
A data dimension at least one dimension that one tables of data has, second dimension and described
Dimension is different, described to encrypt be-encrypted data set encryption according to the CIPHERING REQUEST
Data acquisition system, the first tables of data described in the encrypted data set that the ciphering unit encryption is obtained
The second dimension it is not encrypted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510609517.5A CN106549762B (en) | 2015-09-22 | 2015-09-22 | A kind of data ciphering method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510609517.5A CN106549762B (en) | 2015-09-22 | 2015-09-22 | A kind of data ciphering method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106549762A true CN106549762A (en) | 2017-03-29 |
| CN106549762B CN106549762B (en) | 2019-08-09 |
Family
ID=58364592
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510609517.5A Active CN106549762B (en) | 2015-09-22 | 2015-09-22 | A kind of data ciphering method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106549762B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040052267A1 (en) * | 1999-03-29 | 2004-03-18 | Ken Umeno | Apparatus and method for outputting sequence of vectors, data recording medium, and carrier wave signal |
| CN101561854A (en) * | 2009-05-22 | 2009-10-21 | 江苏大学 | Private data guard method in sequential mode mining |
| CN102012985A (en) * | 2010-11-19 | 2011-04-13 | 国网电力科学研究院 | Sensitive data dynamic identification method based on data mining |
| CN103279499A (en) * | 2013-05-09 | 2013-09-04 | 北京信息科技大学 | User privacy protection method in personalized information retrieval |
-
2015
- 2015-09-22 CN CN201510609517.5A patent/CN106549762B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040052267A1 (en) * | 1999-03-29 | 2004-03-18 | Ken Umeno | Apparatus and method for outputting sequence of vectors, data recording medium, and carrier wave signal |
| CN101561854A (en) * | 2009-05-22 | 2009-10-21 | 江苏大学 | Private data guard method in sequential mode mining |
| CN102012985A (en) * | 2010-11-19 | 2011-04-13 | 国网电力科学研究院 | Sensitive data dynamic identification method based on data mining |
| CN103279499A (en) * | 2013-05-09 | 2013-09-04 | 北京信息科技大学 | User privacy protection method in personalized information retrieval |
Non-Patent Citations (2)
| Title |
|---|
| STEPHEN E.FIENBERG,JULIE MCINTYRE: "Data Swapping:Variations on a Theme by Dalenius and Reiss", 《PRIVACY IN STATISTICAL DATABASES》 * |
| TORE DALENIUS,STEVEN P.REISS: "Data-swapping: A technique for disclosure control", 《JOURNAL OF STATISTICAL PLANNING AND INFERENCE》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106549762B (en) | 2019-08-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109033855B (en) | Data transmission method and device based on block chain and storage medium | |
| DE60214640T2 (en) | Microprocessor with improved task management and table management devices | |
| CN104503745B (en) | A kind of method and apparatus generated using channel packet | |
| CN107040585A (en) | A kind of method and device of business verification | |
| US20070198419A1 (en) | Method of transferring digital rights | |
| CN103268456B (en) | Method and device for file safety control | |
| CN110224808B (en) | Bank data sharing method and device based on block chain, computer equipment and storage medium | |
| CN106209739A (en) | Cloud storage method and system | |
| CN107819891A (en) | Data processing method, device, computer equipment and storage medium | |
| CN107483192A (en) | A kind of data transmission method and device based on quantum communication | |
| CN112100679B (en) | Data processing method and device based on privacy protection and server | |
| CN102368760A (en) | Data secure transmission method among multilevel information systems | |
| CN106657105A (en) | Method and device for sending target resource | |
| US20190089540A1 (en) | Data object transfer between network domains | |
| CN110401527A (en) | Data encryption, decryption method, device and storage medium | |
| CN103336670B (en) | A kind of method and apparatus data block being distributed automatically based on data temperature | |
| CN107885864A (en) | A kind of encryption data querying method, system, device and readable storage medium storing program for executing | |
| KR20080029687A (en) | Apparatus and method for implementation of high performance data encryption system with secure memory | |
| CN107659400A (en) | A kind of quantum secret communication method and device based on mark identification | |
| CN107239542A (en) | A kind of data statistical approach, device, server and storage medium | |
| CN112597525B (en) | Data processing method and device based on privacy protection and server | |
| CN104484619B (en) | It is a kind of to solve the method that client multi-logical channel accesses PKCS#15 file conflicts | |
| DE102022000091A1 (en) | MANAGEMENT OF ENCRYPTED KEYS | |
| CN103177224A (en) | Data protection method and device used for terminal external storage card | |
| CN106549762A (en) | A kind of data ciphering method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20211109 Address after: Room 516, floor 5, building 3, No. 969, Wenyi West Road, Wuchang Street, Yuhang District, Hangzhou City, Zhejiang Province Patentee after: Alibaba Dharma Institute (Hangzhou) Technology Co.,Ltd. Address before: Cayman Islands Grand Cayman capital building, a four storey No. 847 mailbox Patentee before: ALIBABA GROUP HOLDING Ltd. |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20170329 Assignee: Hangzhou Jinyong Technology Co.,Ltd. Assignor: Alibaba Dharma Institute (Hangzhou) Technology Co.,Ltd. Contract record no.: X2024980001317 Denomination of invention: A data encryption method and device Granted publication date: 20190809 License type: Common License Record date: 20240123 Application publication date: 20170329 Assignee: Golden Wheat Brand Management (Hangzhou) Co.,Ltd. Assignor: Alibaba Dharma Institute (Hangzhou) Technology Co.,Ltd. Contract record no.: X2024980001316 Denomination of invention: A data encryption method and device Granted publication date: 20190809 License type: Common License Record date: 20240123 Application publication date: 20170329 Assignee: Hangzhou Xinlong Huazhi Trademark Agency Co.,Ltd. Assignor: Alibaba Dharma Institute (Hangzhou) Technology Co.,Ltd. Contract record no.: X2024980001315 Denomination of invention: A data encryption method and device Granted publication date: 20190809 License type: Common License Record date: 20240123 |