A kind of data ciphering method and device
Technical field
The present invention relates to field of data encryption, more particularly to a kind of data ciphering method and device.
Background technology
Data sharing, exchange belong to common behavior between data owner.Under the background of big data, lead to
Analyze data is crossed, such as user can be obtained to important informations such as the preference of product, user's Regional Distributions,
These information can serve extremely important directive function to the popularization of product, operation arrangement etc..Data
In can analyze and obtain the partial data of above- mentioned information and become the treasure of data owner, this part
Sensitive data can be sensitive traffic data of the privacy information of user, or data owner etc..
Data owner is carrying out sharing data, in this shared procedure that exchanges, will not wish shared
Sensitive data in data is to outward leakage, therefore needs to be encrypted the sensitive information in data.Traditional
Sensitive data cipher mode can be that (the English of message digest algorithm the 5th edition is for example carried out to sensitive data:
Message-Digest Algorithm 5, abbreviation:MD5) encryption etc..Sensitive data after encryption can be replaced
It is changed to an insignificant character string.
After conventional cryptography is carried out to sensitive data, data of the sensitive data in shared data point before encryption
Cloth characteristic will be lost, and can destroy the integrality of shared data.
The content of the invention
In order to solve above-mentioned technical problem, the invention provides a kind of data ciphering method and device, so that
Sensitive data after must encrypting can still retain all or part of data division characteristic before encryption.
The embodiment of the invention discloses following technical scheme:
A kind of data ciphering method, methods described include:
The CIPHERING REQUEST for be-encrypted data set is obtained, the be-encrypted data set includes the first number
According to table, first tables of data has at least one data dimension, and the CIPHERING REQUEST includes reserved data
Distribution character and the encryption set of request encryption, the reserved data distribution character include the first dimension in institute
The first data distribution characteristic in the first tables of data is stated, and/or, the reserved data distribution character is described
When first tables of data has multiple data dimensions, at least two data dimensions in the plurality of data dimension
Dimension combines the second data distribution characteristic in first tables of data;First dimension for it is described extremely
A data dimension in a few data dimension, the encryption set include first dimension and/or institute
Dimension combination is stated, the data dimension that the encryption set includes belongs at least one data dimension;
Transfer the be-encrypted data set;
Be-encrypted data set encryption is obtained by encrypted data set, institute according to the CIPHERING REQUEST
State encrypted data set the reserved data distribution character and the be-encrypted data set it is described pre-
Residual is identical according to distribution character.
Optionally, the encryption set also includes the second tables of data in the be-encrypted data set, institute
State the second tables of data and there is first dimension and/or dimension combination;The reserved data distribution character
Also include first data distribution characteristic of first dimension in second tables of data, and/or, it is described reserved
When data distribution characteristic has multiple data dimensions for second tables of data, in the plurality of data dimension
The dimension of at least two data dimensions combines the second data distribution characteristic in first tables of data;Institute
State the second tables of data also the data distribution characteristic with least one data dimension and first data distribution
Characteristic and/or the second data distribution characteristic have the first relevance;It is described to be incited somebody to action according to the CIPHERING REQUEST
The be-encrypted data set encryption obtains encrypted data set, also includes:
First relevance of the second tables of data described in the encrypted data set and described to be encrypted
First relevance of the second tables of data described in data acquisition system is identical.
Optionally, the be-encrypted data set also includes the 3rd tables of data, and the 3rd tables of data has
The data distribution characteristic of at least one data dimension and the first data distribution characteristic and/or second number
There is the second relevance according to distribution character;It is described according to the CIPHERING REQUEST by the be-encrypted data set
Encryption obtains encrypted data set, also includes:
Second relevance of the 3rd tables of data described in the encrypted data set and the first tables of data
With the second relevance phase of the 3rd tables of data described in the be-encrypted data set and the first tables of data
Together.
Optionally, the reserved data distribution character also includes first dimension in first tables of data
In the 3rd data distribution characteristic, and/or, fourth number of the dimension combination in first tables of data
According to distribution character.
Optionally, the CIPHERING REQUEST also includes the reservation set that request is not encrypted, the reservation set bag
Include the second dimension, at least one dimension that second dimension is had by first tables of data
Individual data dimension, second dimension are different from first dimension, described to be incited somebody to action according to the CIPHERING REQUEST
The be-encrypted data set encryption obtains encrypted data set, also includes:
Described in the encrypted data set, the second dimension of the first tables of data is not encrypted.
A kind of data encryption device, described device include:
Acquiring unit, for obtaining the CIPHERING REQUEST for be-encrypted data set, the be-encrypted data
Set includes the first tables of data, and first tables of data has at least one data dimension, and the encryption please
Ask the encryption set including reserved data distribution character and request encryption, the reserved data distribution character bag
First data distribution characteristic of first dimension in first tables of data is included, and/or, the reserved data
When distribution character has multiple data dimensions for first tables of data, in the plurality of data dimension at least
The dimension of two data dimensions combines the second data distribution characteristic in first tables of data;Described
Dimension is a data dimension at least one data dimension, and the encryption set includes described
First dimension and/or dimension combination, the data dimension that the encryption set includes belong to described at least one
Individual data dimension;
Unit is transferred, for transferring the be-encrypted data set;
Ciphering unit, for obtaining adding by be-encrypted data set encryption according to the CIPHERING REQUEST
Ciphertext data set, the reserved data distribution character and the number to be encrypted of the encrypted data set
The reserved data distribution character according to set is identical.
Optionally, the encryption set also includes the second tables of data in the be-encrypted data set, institute
State the second tables of data and there is first dimension and/or dimension combination;The reserved data distribution character
Also include first data distribution characteristic of first dimension in second tables of data, and/or, it is described reserved
When data distribution characteristic has multiple data dimensions for second tables of data, in the plurality of data dimension
The dimension of at least two data dimensions combines the second data distribution characteristic in first tables of data;Institute
State the second tables of data also the data distribution characteristic with least one data dimension and first data distribution
Characteristic and/or the second data distribution characteristic have the first relevance;It is described to be incited somebody to action according to the CIPHERING REQUEST
The be-encrypted data set encryption obtains encrypted data set, the institute that the ciphering unit encryption is obtained
State first relevance and the be-encrypted data collection of the second tables of data described in encrypted data set
First relevance of the second tables of data described in conjunction is identical.
Optionally, the be-encrypted data set also includes the 3rd tables of data, and the 3rd tables of data has
The data distribution characteristic of at least one data dimension and the first data distribution characteristic and/or second number
There is the second relevance according to distribution character;It is described according to the CIPHERING REQUEST by the be-encrypted data set
Encryption obtains encrypted data set, in the encrypted data set that the ciphering unit encryption is obtained
Institute in second relevance and the be-encrypted data set of the 3rd tables of data and the first tables of data
State the 3rd tables of data identical with second relevance of the first tables of data.
Optionally, the reserved data distribution character also includes first dimension in first tables of data
In the 3rd data distribution characteristic, and/or, fourth number of the dimension combination in first tables of data
According to distribution character.
Optionally, the CIPHERING REQUEST also includes the reservation set that request is not encrypted, the reservation set bag
Include the second dimension, at least one dimension that second dimension is had by first tables of data
Individual data dimension, second dimension are different from first dimension, described to be incited somebody to action according to the CIPHERING REQUEST
The be-encrypted data set encryption obtains encrypted data set, the institute that the ciphering unit encryption is obtained
The second dimension for stating the first tables of data described in encrypted data set is not encrypted.
By above-mentioned technical proposal as can be seen that in CIPHERING REQUEST except including request encryption encryption set,
Also include the data distribution characteristic for wishing still to retain after to the encryption set encryption, the pre- residual
Include first data distribution characteristic of first dimension in first tables of data according to distribution character, and/or,
When the reserved data distribution character has multiple data dimensions for first tables of data, the plurality of number
The second data distribution in first tables of data is combined according to the dimension of at least two data dimensions in dimension
Characteristic, thus when being encrypted according to the CIPHERING REQUEST, the described pre- residual of encrypted data set
It is identical with the reserved data distribution character of the be-encrypted data set according to distribution character, that is to say, that
Sensitive data after encryption can still retain the CIPHERING REQUEST and wish the whole before the encryption for retaining or portion
Divided data part of properties, it is ensured that the integrality of shared data required for before and after encryption.
Description of the drawings
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to reality
Apply accompanying drawing to be used needed for example or description of the prior art to be briefly described, it should be apparent that, below
Accompanying drawing in description is only some embodiments of the present invention, for those of ordinary skill in the art,
Without having to pay creative labor, can be with according to these other accompanying drawings of accompanying drawings acquisition.
Fig. 1 is a kind of method flow diagram of data ciphering method provided in an embodiment of the present invention;
Fig. 2 is a kind of structure drawing of device of data encryption device provided in an embodiment of the present invention.
Specific embodiment
To make purpose, technical scheme and the advantage of the embodiment of the present invention clearer, below in conjunction with this
Accompanying drawing in bright embodiment, is explicitly described to the technical scheme in the embodiment of the present invention, it is clear that
Described embodiment is a part of embodiment of the invention, rather than the embodiment of whole.Based on the present invention
In embodiment, the institute obtained under the premise of creative work is not made by those of ordinary skill in the art
There is other embodiment, belong to the scope of protection of the invention.
Due under the background of big data, by analyze data, such as user can be obtained to the inclined of product
The important informations such as good, user's Regional Distribution, these information can be risen to the popularization of product, operation arrangement etc.
Extremely important directive function is arrived.This part sensitive data for obtaining above- mentioned information can be analyzed in data
Become the treasure of data owner.So data owner data are carried out sharing, exchange
In this shared procedure, the sensitive data in shared data will not be wished to outward leakage, therefore needed data
In sensitive information be encrypted.But the sensitive number after traditional sensitive data cipher mode encryption
According to an insignificant character string can be replaced by.Data of the sensitive data in shared data point before encryption
Cloth characteristic will be lost, and can destroy the integrality of shared data.
For this purpose, embodiments providing a kind of data ciphering method and device, remove in CIPHERING REQUEST
Including the encryption set of request encryption, also still retaining after to the encryption set encryption including hope
Data distribution characteristic, the reserved data distribution character includes the first dimension in first tables of data
The first data distribution characteristic, and/or, the reserved data distribution character has for first tables of data
During multiple data dimensions, in the plurality of data dimension, the dimension of at least two data dimensions is combined described
The second data distribution characteristic in first tables of data, thus when being encrypted according to the CIPHERING REQUEST,
The reserved data distribution character of encrypted data set and the described of the be-encrypted data set are reserved
Data distribution characteristic is identical, that is to say, that the sensitive data after encryption can still retain the CIPHERING REQUEST
Wish all or part of data division characteristic before the encryption for retaining, it is ensured that shared required for before and after encryption
The integrality of data.
Embodiment one
Fig. 1 is a kind of method flow diagram of data ciphering method provided in an embodiment of the present invention, methods described
Including:
S101:The CIPHERING REQUEST for be-encrypted data set is obtained, the be-encrypted data set includes
First tables of data, first tables of data have at least one data dimension, and the CIPHERING REQUEST includes pre-
Residual includes the first dimension according to distribution character and the encryption set of request encryption, the reserved data distribution character
First data distribution characteristic of the degree in first tables of data, and/or, the reserved data distribution character
When there is multiple data dimensions for first tables of data, at least two data in the plurality of data dimension
The dimension of dimension combines the second data distribution characteristic in first tables of data;First dimension is
A data dimension at least one data dimension, the encryption set include first dimension
And/or the dimension is combined, the data dimension that the encryption set includes belongs at least one data dimension
Degree.
Illustrate, the be-encrypted data set can be user need call, and include sensitivity number
According to the data acquisition system for needing encryption.Tables of data can include one or more list items, and a list item can be
One group of data, passage, one group of corresponding relation etc..
In embodiments of the present invention, the content of tables of data is divided into one or more data dimensions, example
Such as, data block a is three sections of words " the Scorpio women in Zhejiang ", " the Leo women in Shanghai " and " Zhejiang
The Leo male sex in river ", tables of data a can just be divided at least three data dimensions, respectively:Area,
Sex, constellation.Specifically can be as shown in table 1:
|
Area |
Sex |
Constellation |
1 |
Zhejiang |
Female |
Scorpio |
2 |
Shanghai |
Female |
Leo |
3 |
Zhejiang |
Man |
Leo |
Table 1
One or more tables of data can be included during the encryption set encrypted is asked in the CIPHERING REQUEST,
One or more data dimensions can be included.The tables of data for including or dimension in the encryption set will
It is encrypted in the ciphering process of S103.
The data distribution characteristic can be understood as a data dimension or dimension combination in data composition point
Cloth feature, or a kind of data characteristic is can be understood as, a data dimension or dimension combination can have
At least one data distribution characteristic.For example as in table 1, data dimension " area " can be with data point
Cloth characteristic " regional accounting ", such as Zhejiang account for 2/3, and Shanghai accounts for 1/3, and data dimension " area " can also have
There is data distribution characteristic " regional quantity ", such as Zhejiang there are 2, and Shanghai has 1.Dimension combination " area
+ sex " can have data distribution characteristic " regional sex accounting ", and such as Zhejiang female accounts for 1/3, and Zhejiang man account for
1/3, Shanghai female 1/3, Shanghai man are not then 0.
The reserved data distribution character can be to wish after the encryption of S103, encrypted data dimension
The data distribution characteristic that degree or dimension combination have before remaining able to retain encryption.
Can include in the reserved data distribution character special for multiple data distributions of a data dimension
Property, the multiple data distributions for a dimension combination can also be included in the reserved data distribution character
Characteristic.That is, optional, the reserved data distribution character also includes first dimension in institute
The 3rd data distribution characteristic in the first tables of data is stated, and/or, the dimension is combined in first data
The 4th data distribution characteristic in table.
It is also to be noted that the data distribution characteristic in first dimension is multiple situations, it is described
Can also be including in multiple data distribution characteristics of first dimension in reserved data distribution character
Or partial data distribution character.
S102:Transfer the be-encrypted data set.
Illustrate, can be searched from database by the CIPHERING REQUEST and be deployed into described to be encrypted
Data acquisition system.
S103:Be-encrypted data set encryption is obtained by encrypted data collection according to the CIPHERING REQUEST
Close, the reserved data distribution character of the encrypted data set and the be-encrypted data set
The reserved data distribution character is identical.
Illustrate, as encryption set has been specify that in the CIPHERING REQUEST, and need what is retained
The data distribution characteristic of data dimension or dimension combination in encryption set, therefore in ciphering process, by changing
Become cipher mode, by the basis of the True Data of encryption data dimension, retention data dimension it is reserved
Data distribution characteristic.
It is also to be noted that as the data in tables of data may all be not fully sensitive data, it is right
In nonsensitive data, in shared data, might not have the necessity of encryption, and some situations
Under, these nonsensitive datas also have shared necessity.Therefore in order to meet the demand of above-mentioned situation, together
When also for the data processing amount for reducing ciphering process, the embodiment of the present invention additionally provides a kind of optional reality
Apply mode, the CIPHERING REQUEST also includes the reservation set that request is not encrypted, the reservation set includes the
Two-dimensionses, the number at least one dimension that second dimension is had by first tables of data
According to dimension, second dimension is different from first dimension, it is described will be described according to the CIPHERING REQUEST
Be-encrypted data set encryption obtains encrypted data set, also includes:
Described in the encrypted data set, the second dimension of the first tables of data is not encrypted.
Illustrate, the dimension retained included by set can be in the be-encrypted data set
Remove the remaining data dimension beyond included data dimension is gathered in the encryption.Or the remaining data
A part for dimension.In the dimension retained in set, will not be encrypted by the ciphering process of S103,
In other words, after the be-encrypted data set is encrypted by S103, the number for retaining dimension in set
According to or for encryption before initial data.
Followed by illustrating as a example by specific application scenarios.In assuming the be-encrypted data set
The content of the first tables of data be divided into three dimensions, respectively area, sex and constellation.Described first
Tables of data includes ten data table items, as shown in the sequence number 1 to 10 in table 2:
|
Area |
Sex |
Constellation |
1 |
Zhejiang |
Female |
Scorpio |
2 |
Shanghai |
Man |
Lion |
3 |
Zhejiang |
Man |
Lion |
4 |
Shanghai |
Female |
Lion |
5 |
Zhejiang |
Female |
Lion |
6 |
Zhejiang |
Man |
Scorpio |
7 |
Shanghai |
Female |
Lion |
8 |
Zhejiang |
Female |
Lion |
9 |
Zhejiang |
Man |
Lion |
10 |
Shanghai |
Female |
Scorpio |
Table 2
Assume that the reservation collection in the CIPHERING REQUEST is combined into data dimension " constellation ", ask the crypto set of encryption
Data dimension " area " and " sex " are combined into, reserved data distribution character is dimension collection " area+property
" regional sex accounting " not ".In the first tables of data before encrypting as can be seen from Table 2, this is reserved
Data distribution characteristic is specially:Zhejiang female accounts for 30%, Zhejiang man and accounts for 30%, Shanghai female 30% and Shanghai man
10%.
Then the first tables of data after being encrypted to the be-encrypted data set can be shown in Table the sequence number in 3
Shown in 1 to 10:
|
Area |
Sex |
Constellation |
1 |
Zhejiang |
Man |
Scorpio |
2 |
Zhejiang |
Man |
Lion |
3 |
Shanghai |
Female |
Lion |
4 |
Zhejiang |
Man |
Lion |
5 |
Shanghai |
Man |
Lion |
6 |
Shanghai |
Female |
Scorpio |
7 |
Zhejiang |
Female |
Lion |
8 |
Shanghai |
Female |
Lion |
9 |
Zhejiang |
Female |
Lion |
10 |
Zhejiang |
Female |
Scorpio |
Table 3
From table 3 it can be seen that data dimension " area " and " sex " and in data and table 2 in not
Together, be already encrypted, it is completely the same in the data in data dimension " constellation " and table 2, not by
Encryption.Phase before the reserved data distribution character of the dimension collection " area+sex " after encryption and encryption
Than without change, still keeping:Zhejiang female accounts for 30%, Zhejiang man and accounts for 30%, Shanghai female 30% and Shanghai
The accounting of man 10%.
Hypothesis is shared using the content of table 3 as shared data, and dimension " constellation " can be truly counting
According to form disclose, the True Data of dimension " area " and " sex " is added as sensitive data
It is close, the interests of all sides of data are protected, meanwhile, the data distribution of dimension combination " area+sex " is special
Property " regional sex accounting " has been retained after encryption, still can as shared data in have
Effect data.
For the reserved data distribution character and the be-encrypted data collection of the encrypted data set
The reserved data distribution character identical cipher round results for closing, embodiments provide at least two
Specific cipher mode.By taking table 3 as an example, it is assumed that need the data dimension " area " and " sex " of encryption,
Reserved data distribution character is specially:Zhejiang female account for 30%, Zhejiang man account for 30%, Shanghai female 30% and on
Extra large man 10%.Concrete cipher mode is as follows:
First kind of way:It is encrypted successively.
Due to specify that accounting, therefore when being encrypted to data dimension " area " and " sex ",
Can be successively will choose for encryption account for sum 30% data table items data dimension " area "
" sex " is encrypted as " Zhejiang " and " female ", is chosen again and accounts for total 30% data table items
Data dimension " area " and " sex " are encrypted as " Zhejiang " and " man ", then by that analogy, will choosing
The data table items got are encrypted as Shanghai female, Shanghai man.
Aggregation is compared by identical data in the tables of data that first kind of way is encrypted.
The second way:It is encrypted by random manner.
Can mark off in 1 to 10 interval four it is interval, be [0,3] correspondingly Zhejiang female respectively, [4,
6] correspondence Zhejiang man, [7,9] correspondence Shanghai female, [10] correspondence Shanghai man.When being encrypted, one is chosen
Individual data table items, choose a value in the way of random number from 1 to 10, and the size of the value falls above-mentioned
Four it is interval in which is interval, the data table items are just encrypted as the content corresponding to the region.For example select
Fetch data list item a, and the random number for obtaining is 4, and numerical value falls into second interval, correspondence Zhejiang man, then
Just the data dimension " area " of data table items a and " sex " can be encrypted as " Zhejiang " and " man ".
Control after encryption by way of the percentage of total amount can be accounted for during encryption controlling encrypted content
Reserved data distributor characteristic,
Relatively disperseed by identical data in the tables of data that the second way is encrypted.
Can be seen that in CIPHERING REQUEST except including request encryption by the embodiment as corresponding to Fig. 1
Encryption set, the data distribution characteristic for also still retaining after to the encryption set encryption including hope,
The reserved data distribution character includes that first data distribution of first dimension in first tables of data is special
Property, and/or, when the reserved data distribution character has multiple data dimensions for first tables of data,
In the plurality of data dimension, the dimension of at least two data dimensions combines the in first tables of data
Two data distribution characteristics, thus when being encrypted according to the CIPHERING REQUEST, encrypted data set
The reserved data distribution character and the reserved data distribution character phase of the be-encrypted data set
Together, that is to say, that the sensitive data after encryption can still retain the encryption that the CIPHERING REQUEST wishes to retain
Front all or part of data division characteristic, it is ensured that the integrality of shared data required for before and after encryption.
As can be seen here, also exist including hope except the encryption set including request encryption in CIPHERING REQUEST
To the data distribution characteristic still retained after the encryption set encryption, the reserved data distribution character bag
First data distribution characteristic of first dimension in first tables of data is included, and/or, the reserved data
When distribution character has multiple data dimensions for first tables of data, in the plurality of data dimension at least
The dimension of two data dimensions combines the second data distribution characteristic in first tables of data, thus exists
When being encrypted according to the CIPHERING REQUEST, the reserved data distribution character of encrypted data set and
The reserved data distribution character of the be-encrypted data set is identical, that is to say, that the sensitivity after encryption
Data can still retain all or part of data portion dtex before the CIPHERING REQUEST wishes the encryption for retaining
Property, it is ensured that the integrality of shared data required for before and after encryption.
Next former and later two or the relevance between multiple tables of data are encrypted in description.The relevance can be with
It is interpreted as a kind of adduction relationship of data.For example, data distribution characteristic a of the data dimension a of tables of data a
Need reference data table b dimension combine b data distribution characteristic b, then it is considered that tables of data a with
Between tables of data b have relevance, specifically, it is also possible to think data dimension a combine with dimension b it
Between there is relevance etc..
In the case of for the relevance between this two or more packets, the invention provides at least
Two kinds of association implementations that may be related to data encryption.
In the case of the first, the be-encrypted data set includes multiple tables of data such as the second tables of data,
And, also include second tables of data during the encryption set encrypted is required in the CIPHERING REQUEST.
Second tables of data has at least one identical data dimension and/or dimension group with first tables of data
Close and be also in the reserved data distribution character, in second tables of data, be not at the pre- residual
According to the dimension in the dimension in distribution character and second tables of data in the reserved data distribution character
Degree is with relevance.This relevance can be understood as the relevance in tables of data.
In the case of second, the be-encrypted data set includes multiple tables of data such as the 3rd tables of data,
3rd tables of data can be in the encryption set, it is also possible in no longer described encryption set, described
Having in data distribution characteristic in reserved data distribution character in the 3rd tables of data and first tables of data
Relevant property.This relevance can be understood as the relevance between tables of data.
For described the first situation, optionally, the encryption set also includes the be-encrypted data collection
The second tables of data in conjunction, second tables of data have first dimension and/or dimension combination;
The reserved data distribution character also includes first data distribution of first dimension in second tables of data
Characteristic, and/or, when the reserved data distribution character has multiple data dimensions for second tables of data,
In the plurality of data dimension, the dimension of at least two data dimensions combines the in first tables of data
Two data distribution characteristics;The second tables of data also data distribution characteristic with least one data dimension
There is the first relevance with the first data distribution characteristic and/or the second data distribution characteristic.
Illustrate, in first tables of data and the second tables of data, include first dimension and/or institute
State dimension combination, and second tables of data also with least one data dimension data distribution characteristic with
The first data distribution characteristic and/or the second data distribution characteristic have the first relevance.In encryption
During, the first tables of data and the second tables of data can be encrypted using identical cipher mode, then
The first data distribution characteristic and/or the second data distribution in the first tables of data and the second tables of data after encryption
Characteristic is as before encryption being.Due to the first data distribution characteristic for being cited and/or the second data distribution
Characteristic does not change after encryption, then first relevance will not change.That is, institute
State and be-encrypted data set encryption is obtained by encrypted data set according to the CIPHERING REQUEST, also wrap
Include:
First relevance of the second tables of data described in the encrypted data set and described to be encrypted
First relevance of the second tables of data described in data acquisition system is identical.
For second situation, include in the 3rd tables of data needs it is encrypted described first
Dimension and/or dimension combination.That is, the be-encrypted data set also includes the 3rd tables of data,
3rd tables of data has the data distribution characteristic and first data distribution of at least one data dimension
Characteristic and/or the second data distribution characteristic have the second relevance.Due to the first data point being cited
Cloth characteristic and/or the second data distribution characteristic do not change after encryption, then first relevance will not
Change.That is, described encrypt the be-encrypted data set according to the CIPHERING REQUEST
To encrypted data set, also include:
Second relevance of the 3rd tables of data described in the encrypted data set and the first tables of data
With the second relevance phase of the 3rd tables of data described in the be-encrypted data set and the first tables of data
Together.
As can be seen that retaining the data point that the reserved data distribution character includes during encryption
Cloth characteristic, can not destroy originally needs to quote the data distribution characteristic in the reserved data distribution character
Relevance, it is ensured that encrypted data table maximum analysis value.
Embodiment two
Fig. 2 is a kind of structure drawing of device of data encryption device provided in an embodiment of the present invention, described device
Including:
Acquiring unit 201, for obtaining the CIPHERING REQUEST for be-encrypted data set, the number to be encrypted
Include the first tables of data according to set, first tables of data has at least one data dimension, the encryption
Request includes the encryption set of reserved data distribution character and request encryption, the reserved data distribution character
The first data distribution characteristic including the first dimension in first tables of data, and/or, the pre- residual
When there is multiple data dimensions for first tables of data according to distribution character, in the plurality of data dimension extremely
The dimension of few two data dimensions combines the second data distribution characteristic in first tables of data;It is described
First dimension is a data dimension at least one data dimension, and the encryption set includes institute
State the first dimension and/or dimension combination, the data dimension that includes of encryption set belong to it is described at least
One data dimension.
Unit 202 is transferred, for transferring the be-encrypted data set.
Ciphering unit 203, for being obtained be-encrypted data set encryption according to the CIPHERING REQUEST
Encrypted data set, the reserved data distribution character of the encrypted data set and described to be encrypted
The reserved data distribution character of data acquisition system is identical.
Optionally, the encryption set also includes the second tables of data in the be-encrypted data set, institute
State the second tables of data and there is first dimension and/or dimension combination;The reserved data distribution character
Also include first data distribution characteristic of first dimension in second tables of data, and/or, it is described reserved
When data distribution characteristic has multiple data dimensions for second tables of data, in the plurality of data dimension
The dimension of at least two data dimensions combines the second data distribution characteristic in first tables of data;Institute
State the second tables of data also the data distribution characteristic with least one data dimension and first data distribution
Characteristic and/or the second data distribution characteristic have the first relevance;It is described to be incited somebody to action according to the CIPHERING REQUEST
The be-encrypted data set encryption obtains encrypted data set, and the encryption of the ciphering unit 203 is obtained
The encrypted data set described in the second tables of data first relevance and the number to be encrypted
First relevance according to the second tables of data described in set is identical.
Optionally, the be-encrypted data set also includes the 3rd tables of data, and the 3rd tables of data has
The data distribution characteristic of at least one data dimension and the first data distribution characteristic and/or second number
There is the second relevance according to distribution character;It is described according to the CIPHERING REQUEST by the be-encrypted data set
Encryption obtains encrypted data set, the encrypted data collection that the encryption of the ciphering unit 203 is obtained
Second relevance and the be-encrypted data set of the 3rd tables of data described in conjunction and the first tables of data
Described in the 3rd tables of data it is identical with second relevance of the first tables of data.
Optionally, the reserved data distribution character also includes first dimension in first tables of data
In the 3rd data distribution characteristic, and/or, fourth number of the dimension combination in first tables of data
According to distribution character.
Optionally, the CIPHERING REQUEST also includes the reservation set that request is not encrypted, the reservation set bag
Include the second dimension, at least one dimension that second dimension is had by first tables of data
Individual data dimension, second dimension are different from first dimension, described to be incited somebody to action according to the CIPHERING REQUEST
The be-encrypted data set encryption obtains encrypted data set, and the encryption of the ciphering unit 203 is obtained
The encrypted data set described in the first tables of data the second dimension it is not encrypted.
It can be seen that, except the encryption set including request encryption in CIPHERING REQUEST, also including hope to institute
State the data distribution characteristic that still retains after encryption set encryption, the reserved data distribution character includes the
First data distribution characteristic of the dimension in first tables of data, and/or, the reserved data distribution
When characteristic has multiple data dimensions for first tables of data, at least two in the plurality of data dimension
The dimension of data dimension combines the second data distribution characteristic in first tables of data, thus in basis
When the CIPHERING REQUEST is encrypted, the reserved data distribution character of encrypted data set and described
The reserved data distribution character of be-encrypted data set is identical, that is to say, that the sensitive data after encryption
The all or part of data division characteristic before the CIPHERING REQUEST wishes the encryption for retaining can still be retained,
Ensure that the integrality of shared data required for before and after encrypting.
One of ordinary skill in the art will appreciate that:Realize all or part of step of said method embodiment
Can be completed by the related hardware of programmed instruction, foregoing routine can be stored in an embodied on computer readable
In storage medium, the program upon execution, performs the step of including said method embodiment;And it is aforesaid
Storage medium can be at least one in following media:Read-only storage (English:read-only
Memory, abbreviation:ROM), RAM, magnetic disc or CD etc. are various can be with Jie of store program codes
Matter.
It should be noted that each embodiment in this specification is described by the way of progressive, each
Between embodiment, identical similar part is mutually referring to what each embodiment was stressed is and which
The difference of his embodiment.For especially for equipment and system embodiment, due to its basic simlarity
In embodiment of the method, so describe fairly simple, part explanation of the related part referring to embodiment of the method
.Equipment described above and system embodiment are only schematic, wherein as separating component
The unit of explanation can be or may not be physically separate, and the part shown as unit can be with
It is or may not be physical location, you can be local to be located at one, or can also be distributed to multiple
On NE.Some or all of module therein can be selected according to the actual needs to realize this reality
Apply the purpose of a scheme.Those of ordinary skill in the art are not in the case where creative work is paid, you can
To understand and implement.
The above, preferably specific embodiment only of the invention, but protection scope of the present invention is not
Be confined to this, any those familiar with the art the invention discloses technical scope in, can
The change or replacement for readily occurring in, should all be included within the scope of the present invention.Therefore, the present invention
Protection domain should be defined by scope of the claims.