CN106570410A - Data encryption method and device, data decryption method and device, and data processing system - Google Patents

Data encryption method and device, data decryption method and device, and data processing system Download PDF

Info

Publication number
CN106570410A
CN106570410A CN201510648132.XA CN201510648132A CN106570410A CN 106570410 A CN106570410 A CN 106570410A CN 201510648132 A CN201510648132 A CN 201510648132A CN 106570410 A CN106570410 A CN 106570410A
Authority
CN
China
Prior art keywords
data
encryption
unserializing
attribute
serializing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510648132.XA
Other languages
Chinese (zh)
Other versions
CN106570410B (en
Inventor
李�真
赵子轩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201510648132.XA priority Critical patent/CN106570410B/en
Publication of CN106570410A publication Critical patent/CN106570410A/en
Application granted granted Critical
Publication of CN106570410B publication Critical patent/CN106570410B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment discloses a data encryption method and device, a data decryption method and device, and a data processing system. The data encryption method of the embodiment of the invention comprises the following steps of: adopting a serialization algorithm to carry out serialization on attributes which need to be encrypted in original relational data; then, adopting a preset encryption algorithm to encrypt obtained serialization data; and storing encryption data as one attribute of the original relational data so as to obtain encrypted relational data. The embodiment of the invention also provides a corresponding decryption scheme. By use of the scheme provided by the embodiment of the invention, the operation of the CPU (Central Processing Unit) can be reduced, processing efficiency is greatly improved, and data storage speed is greatly improved.

Description

A kind of encryption method of data, decryption method, device and system
Technical field
The present invention relates to communication technical field, and in particular to a kind of encryption method of data, decryption method, dress Put and system.
Background technology
With the development of Internet technology, the information on the Internet is more and more, wherein being no lack of some and user The related information of privacy, once these information are compromised, may bring puzzlement and risk to user, therefore, How protection information becomes safely more and more important.
In order to prevent information to be illegally accessed, it will usually which the information to preserving is encrypted storage, wherein, use The information at family is typically relational data, i.e., constitute a record by a plurality of attribute and be stored in inside data base. In order to be encrypted storage to these information, it usually needs each attribute of a record is carried out adding respectively It is close, among being then stored to data base again, i.e., for record A=(a1, a2, a3 ..., an), need to be first with Encryption function E is converted to A '=(E (a1), E (a2), E (a3) ..., E (an)), then just can deposit A ' Enter in data base.
In the research and practice process to prior art, it was found by the inventors of the present invention that in existing scheme, For each record of encryption, need to call an AES respectively for each attribute, therefore, need Want repeated multiple times and call AES, and AES is typically computationally intensive operation, need to expend more Central processing unit (CPU, Central Processing Unit) operation, so, leverage process The speed of efficiency and data storage.
The content of the invention
The embodiment of the present invention provides a kind of encryption method of data, decryption method, device and system, it is only necessary to An AES is called, treatment effeciency, and the speed of data storage can be improved.
The embodiment of the present invention provides a kind of encryption method of data, including:
Obtain the primitive relation type data for needing to be encrypted;
The attribute encrypted is needed in determining the primitive relation type data;
The attribute for needing encryption is serialized using serializing algorithm, obtain serialized data;
The serialized data is encrypted using predetermined encryption algorithm, obtains encryption data;
Stored the encryption data as an attribute of the primitive relation type data, encrypted Relational data afterwards.
Accordingly, the embodiment of the present invention also provides a kind of decryption method of data, including:
Obtain relational data after the encryption for needing to be decrypted;
Determine the encryption data in relational data after the encryption;
The encryption data is decrypted using default decipherment algorithm, obtains ciphertext data;
Unserializing is carried out to the ciphertext data using serializing algorithm, unserializing data are obtained;
The unserializing data are stored as the attribute of relational data, primitive relation is obtained Type data.
Accordingly, the embodiment of the present invention also provides a kind of data encryption device, including:
Acquiring unit, needs the primitive relation type data being encrypted for obtaining;
Determining unit, needs the attribute encrypted for determining in the primitive relation type data;
Serialization unit, for adopting serializing algorithm to serialize the attribute for needing encryption, obtains To serialized data;
Ciphering unit, for being encrypted to the serialized data using predetermined encryption algorithm, is encrypted Data;
Memory element, for carrying out the encryption data as an attribute of the primitive relation type data Storage, relational data after being encrypted.
Accordingly, the embodiment of the present invention also provides a kind of data decryption apparatus, including:
Acquiring unit, needs relational data after the encryption being decrypted for obtaining;
Determining unit, for determining the encryption data after the encryption in relational data;
Decryption unit, for adopting default decipherment algorithm to be decrypted the encryption data, obtains decrypting number According to;
Unserializing unit, for adopting serializing algorithm to carry out unserializing to the ciphertext data, obtains Unserializing data;
Memory element, for the unserializing data are deposited as the attribute of relational data Storage, obtains primitive relation type data.
Additionally, the embodiment of the present invention also provides a kind of data handling system, including it is provided in an embodiment of the present invention Any one data encryption device and any one data decryption apparatus.
The embodiment of the present invention is by adopting serializing algorithm to the attribute of encryption is needed in primitive relation type data Serialized, then, the serialized data for obtaining is encrypted using predetermined encryption algorithm, and will be added Ciphertext data is stored as an attribute of the primitive relation type data, so as to relationship type number after being encrypted According to reaching the purpose being encrypted to relational data;Due in this scenario, it is possible to use serializing is calculated Method recalls AES after serializing to multiple attributes of relational data, therefore, only need to call one Secondary AES, needs to call encryption to calculate for each attribute of relational data respectively relative to prior art For the scheme of method, the call number of AES is greatly reduced, so, it is possible to reduce the operation of CPU, Greatly improve treatment effeciency, and the speed of data storage.
Accordingly, the embodiment of the present invention can also be using default decipherment algorithm in relational data after encryption Encryption data is decrypted, and unserializing is carried out to ciphertext data using serializing algorithm then, and will be obtained Unserializing data stored respectively as the attribute of relational data, obtain primitive relation type data, So as to reach the purpose of decryption.Due in this scenario, only a decipherment algorithm being called to enter encryption data Row decryption, then recycles serializing algorithm to carry out unserializing to ciphertext data, accordingly, with respect to existing Technology is needed for each attribute of relational data calls the scheme of decipherment algorithm respectively, is greatly reduced The call number of decipherment algorithm, so, it is possible to reduce the operation of CPU, treatment effeciency is greatly improved, with And the speed of data storage.
Description of the drawings
For the technical scheme being illustrated more clearly that in the embodiment of the present invention, below will be to institute in embodiment description The accompanying drawing that needs are used is briefly described, it should be apparent that, drawings in the following description are only the present invention Some embodiments, for those skilled in the art, on the premise of not paying creative work, also Other accompanying drawings can be obtained according to these accompanying drawings.
Fig. 1 a are the schematic diagram of a scenario of data handling system provided in an embodiment of the present invention;
Fig. 1 b are the schematic flow sheets of the encryption method of data provided in an embodiment of the present invention;
Fig. 2 is the schematic flow sheet of the decryption method of data provided in an embodiment of the present invention;
Fig. 3 a are another schematic flow sheets of the encryption method of data provided in an embodiment of the present invention;
Fig. 3 b are another schematic flow sheets of the decryption method of data provided in an embodiment of the present invention;
Fig. 4 is the structural representation of data encryption device provided in an embodiment of the present invention;
Fig. 5 is the structural representation of data decryption apparatus provided in an embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clearly Chu, it is fully described by, it is clear that described embodiment is only a part of embodiment of the invention, rather than Whole embodiments.Based on the embodiment in the present invention, those skilled in the art are not making creative labor The every other embodiment obtained under the premise of dynamic, belongs to the scope of protection of the invention.
The embodiment of the present invention provides a kind of encryption method of data, decryption method, device and system.
As shown in Figure 1a, the data handling system can include data encryption device and data decryption apparatus, its In, data encryption device can adopt serializing algorithm to needing the attribute encrypted to enter in primitive relation type data Row serializing, then, is encrypted to the serialized data for obtaining using predetermined encryption algorithm, and will encryption Data are stored as an attribute of the primitive relation type data, so as to relationship type number after being encrypted According to reaching the purpose being encrypted to relational data.And data decryption apparatus, then can be using default solution Close algorithm is decrypted to the encryption data in relational data after encryption, then using serializing algorithm to solution Ciphertext data carries out unserializing, and the unserializing data for obtaining are entered as the attribute of relational data Row storage, obtains primitive relation type data, so as to reach the purpose of decryption.
Wherein, data encryption device and data decryption apparatus are mutually matched, that is, the AES for being adopted is conciliate Close algorithm is mutually matched, and the serializing algorithm for being adopted should be consistent.
It is described in detail respectively below.
Embodiment one,
The angle of data encryption device is described by the present embodiment, and the data encryption device specifically can be with integrated In the equipment such as terminal, server or storage device.
A kind of encryption method of data, including:Obtain the primitive relation type data for needing to be encrypted;It is determined that The attribute encrypted is needed in the primitive relation type data;The attribute of the needs encryption is entered using serializing algorithm Row serializing, obtains serialized data;The serialized data is encrypted using predetermined encryption algorithm, is obtained To encryption data;Stored the encryption data as an attribute of the primitive relation type data, obtained Relational data after encryption.
As shown in Figure 1 b, the idiographic flow of the encryption method of the data can be as follows:
101st, the primitive relation type data for needing to be encrypted are obtained.
Wherein, primitive relation type data refer to encrypt before relational data, relational data refer to Come the data that represent, it generally constitutes a record with a plurality of attribute and is stored in lane database relation mathematic model Face.
102nd, the attribute encrypted is needed in determining the primitive relation type data.
For example, if the primitive relation type data are A=(a1, a2, a3 ..., an), then at this point it is possible to really It is fixed need encryption attribute be a1, a2, a3 ..., and an.
Optionally, in addition to the attribute that all properties all can be encrypted as needs, it is also possible to according to pre- Policy selection several attributes therein are put as the attribute for needing encryption, the preset strategy specifically can basis The demand of practical application is configured.
Such as, for certain user profile, its attribute can include " name ", " age ", " position ", " location " and " contact method " etc., then now, be all encrypted all properties except arranging Outside, it is also possible to only by some attributes therein, such as " age ", " position " and " contact method " enter Row encryption, will not be described here.
103rd, the attribute of the needs encryption is serialized using serializing algorithm, obtains serialized data. For example, specifically can be as follows:
(1) for the corresponding data interchange format file of attribute definition serializing algorithm of the needs encryption.
Wherein, data interchange format document definition needs each data field type of encryption etc., i.e. step " for the corresponding data interchange format file of attribute definition serializing algorithm of needs encryption " specifically can be with It is as follows:
Determine the field type of the attribute of the needs encryption, according to the field type definition serializing algorithm pair Data interchange format file answered, etc..
For example, it is specially agreement relief area (protobuf, Protocol Buffer) with the serializing algorithm to calculate As a example by method, then now, the corresponding source of attribute definition protobuf algorithms of the needs encryption can be specifically directed to File, such as " .proto files ".
Such as, it may be determined that the field type of the attribute of the needs encryption, it is then, fixed according to the field type Adopted " .proto files ", a type of message such as defined in .proto files, it is intended that field type, distribution Identification number and specific field rule etc..
It should be noted that, the serializing algorithm can include that multiple fields can be carried out overall beating by any one The algorithm of packet sequence, such as protobuf algorithms, for convenience, in embodiments of the present invention, Illustrate by taking the serializing algorithm specially protobuf algorithms as an example.
(2) attribute of the needs encryption is serialized according to the data interchange format file, obtains sequence Rowization data.For example, specifically can be as follows:
The corresponding serializing function library of the serializing algorithm is obtained, using the serializing function library, according to the number The attribute of the needs encryption is serialized according to DIF file, obtain serialized data.
For example, by taking the serializing algorithm specially protobuf algorithms as an example, then now, can specifically obtain The corresponding serializing function library of protobuf algorithms, using the serializing function library, according to the source file, As .proto files are serialized to the attribute of the needs encryption, serialized data is obtained, such as buf (appoints The code of meaning system number conversion).
104th, the serialized data is encrypted using predetermined encryption algorithm, obtains encryption data.
For example, can specifically adopt predetermined encryption algorithm by the serialized data by password is converted in plain text, obtain Arrive encryption data, etc..
Wherein, AES can be configured according to the demand of practical application, be will not be described here.
105th, stored the encryption data as an attribute of the primitive relation type data, added Close rear relational data, the data after will encrypting carry out global storage.
From the foregoing, it will be observed that the present embodiment is by adopting serializing algorithm to needing what is encrypted in primitive relation type data Attribute is serialized, and then, the serialized data for obtaining is encrypted using predetermined encryption algorithm, and Stored encryption data as an attribute of the primitive relation type data, so as to relation after being encrypted Type data, reach the purpose being encrypted to relational data;Due in this scenario, it is possible to use sequence Change after algorithm is serialized to multiple attributes of relational data and recall AES, therefore, only need to adjust With an AES, need to be called for each attribute of relational data respectively relative to prior art plus For the scheme of close algorithm, the call number of AES is greatly reduced, so, it is possible to reduce CPU's Operation, greatly improves treatment effeciency, and the speed of data storage.
Embodiment two,
In the present embodiment, will be described from the angle of data decryption apparatus, the data decryption apparatus are concrete Can be integrated in the equipment such as terminal, server or storage device.
A kind of decryption method of data, including:Obtain relational data after the encryption for needing to be decrypted;Really Encryption data after the fixed encryption in relational data;The encryption data is solved using default decipherment algorithm It is close, obtain ciphertext data;Unserializing is carried out to the ciphertext data using serializing algorithm, antitone sequence is obtained Change data;The unserializing data are stored as the attribute of relational data, original pass is obtained It is type data.
As shown in Fig. 2 the idiographic flow of the decryption method of the data can be as follows:
201st, obtain relational data after the encryption for needing to be decrypted.
Wherein, gained after relational data is encrypted by primitive relation type data after the encryption, it is specific to add Decryption method can be found in embodiment one, will not be described here.
Wherein, primitive relation type data refer to encrypt before relational data, relational data refer to Come the data that represent, it generally constitutes a record with a plurality of attribute and is stored in lane database relation mathematic model Face.
202nd, determine the encryption data in relational data after the encryption.
Wherein, encryption data is the serialized data that rear gained is encrypted according to predetermined encryption algorithm, and sequence Rowization data are then to needing the attribute encrypted to carry out sequence in primitive relation type data using serializing algorithm After change, gained, specifically can be found in embodiment one, will not be described here.
For example, if relational data is after encryption:A '=Ea, wherein E are encryption function, then Ea as adds Ciphertext data.
203rd, the encryption data is decrypted using default decipherment algorithm, obtains ciphertext data.
For example, specifically the ciphertext of the encryption data can be converted in plain text using default decipherment algorithm, is obtained Ciphertext data, etc..
Wherein, the decipherment algorithm should be matched with AES, and specific AES can be according to AES Depending on, and AES then can be configured according to the demand of practical application, be will not be described here.
204th, unserializing is carried out to the ciphertext data using serializing algorithm, obtains unserializing data. For example, specifically can be as follows:
(1) the data interchange format file adopted when obtaining encryption.
Wherein, the data interchange format file is in encryption, for encryption is needed in primitive relation type data Attribute be defined and obtain, specifically can be found in embodiment one, will not be described here.
(2) unserializing is carried out to the ciphertext data according to the data interchange format file, obtains antitone sequence Change data.For example, specifically can be as follows:
The corresponding unserializing function library of the serializing algorithm is obtained, using the unserializing function library, according to The data interchange format file carries out unserializing to the ciphertext data, obtains unserializing data.
It should be noted that, the serializing algorithm can include that multiple fields can be carried out overall beating by any one The algorithm of packet sequence, such as protobuf algorithms, the serializing algorithm should be with the sequences adopted during encryption Change algorithm to be consistent.
For example, protobuf algorithms, and the data interchange format file are specially with the serializing algorithm As a example by for .proto files, then now, the corresponding unserializing function library of protobuf algorithms can be specifically obtained, Using the unserializing function library, unserializing is carried out to the ciphertext data according to the .proto files, is obtained Unserializing data.
205th, the unserializing data are stored as the attribute of relational data, is obtained original Relational data.
Will the unserializing data convert be the relational data each attribute, so as to obtain primitive relation Type data.
From the foregoing, it will be observed that the present embodiment can also adopt adding in presetting decipherment algorithm to relational data after encryption Ciphertext data is decrypted, then carry out unserializing to ciphertext data using serializing algorithm, and will obtain Unserializing data are stored respectively as the attribute of relational data, obtain primitive relation type data, from And reach the purpose of decryption.Due in this scenario, only a decipherment algorithm being called to carry out encryption data Decryption, then recycles serializing algorithm to carry out unserializing to ciphertext data, accordingly, with respect to existing skill Art is needed for each attribute of relational data calls the scheme of decipherment algorithm respectively, is greatly reduced The call number of decipherment algorithm, so, it is possible to reduce the operation of CPU, treatment effeciency is greatly improved, and The speed of data storage.
Embodiment three,
Citing is described in further detail by method according to described by embodiment one and two below.
In the present embodiment, will illustrate by taking the serializing algorithm specially protobuf algorithms as an example, have Body can be as follows:
(1) encrypt;
As shown in Figure 3 a, a kind of encryption method of data, idiographic flow can be as follows:
A301, data encryption device obtain the primitive relation type data for needing to be encrypted.
For example, after receiving CIPHERING REQUEST, obtain what the needs were encrypted according to the instruction in CIPHERING REQUEST Primitive relation type data, such as, specifically can obtain the needs from local or other storage devices carries out adding Close primitive relation type data, etc..
Wherein, primitive relation type data refer to encrypt before relational data, relational data refer to Come the data that represent, it generally constitutes a record with a plurality of attribute and is stored in lane database relation mathematic model Face.
A302, data encryption device need the attribute encrypted in determining the primitive relation type data.
For example, if the primitive relation type data are A=(a1, a2, a3 ..., an), then at this point it is possible to really It is fixed need encryption attribute be a1, a2, a3 ..., and an.
Optionally, in addition to the attribute that all properties all can be encrypted as needs, it is also possible to according to pre- Policy selection several attributes therein are put as the attribute for needing encryption, the preset strategy specifically can basis The demand of practical application is configured.
Such as, for certain user profile, its attribute can include " name ", " age ", " position ", " location " and " contact method " etc., then now, be all encrypted all properties except arranging Outside, it is also possible to only by some attributes therein, such as " age ", " position " and " contact method " enter Row encryption, will not be described here.
A303, data encryption device determine the field type of the attribute of the needs encryption, and according to the field Type definition " .proto files ".
A type of message such as defined in .proto files, it is intended that field type, assigned identification number, And specific field rule etc..
A304, data encryption device obtain the corresponding serializing function library of protobuf algorithms.
A305, data encryption device utilize the serializing function library, the needs are added according to the .proto files Close attribute is serialized, and obtains serialized data, and such as buf, the wherein buf can be binary numbers According to.
, using predetermined encryption algorithm to the serialized data, such as buf carries out adding for A306, data encryption device It is close, obtain encryption data, such as enc_buf.
For example, specifically can be using predetermined encryption algorithm by the serialized data, such as buf is by changing in plain text For password, encryption data such as enc_buf, etc. is obtained.
Wherein, AES can be configured according to the demand of practical application, be will not be described here.
A307, data encryption device by the encryption data, if enc_buf is used as the primitive relation type data One attribute is stored, relational data after being encrypted.
Data after will encrypting carry out global storage, for example, can store it in preset data base, Etc..
(2) decrypt;
Corresponding with the encryption method of (), the embodiment of the present invention also provides a kind of decryption method of data, As shown in Figure 3 b, idiographic flow can be as follows:
B301, data decryption apparatus obtain relational data after the encryption for needing to be decrypted.
For example, after receiving decoding request, obtain what the needs were decrypted according to the instruction in decoding request Relational data after encryption, such as, specifically can obtain the needs from local or other storage devices is carried out Relational data, etc. after the encryption of decryption.
Wherein, gained after relational data is encrypted by primitive relation type data after the encryption, it is specific to add Decryption method can be found in () of the present embodiment, will not be described here.
Wherein, primitive relation type data refer to encrypt before relational data, relational data refer to Come the data that represent, it generally constitutes a record with a plurality of attribute and is stored in lane database relation mathematic model Face.
B302, data decryption apparatus determine the encryption data after the encryption in relational data.
Wherein, encryption data is the serialized data that rear gained is encrypted according to predetermined encryption algorithm, and sequence Rowization data be then using protobuf to need in primitive relation type data encrypt attribute serialize after Gained, specifically can be found in () of embodiment, will not be described here.
For example, if relational data is after encryption:A '=Ea, wherein E are encryption function, then Ea as adds Ciphertext data.
B303, data decryption apparatus are decrypted to the encryption data using default decipherment algorithm, are solved Ciphertext data.
For example, specifically the ciphertext of the encryption data can be converted in plain text using default decipherment algorithm, is obtained Ciphertext data, etc..
Wherein, the decipherment algorithm should be matched with AES, and specific AES can be according to AES Depending on, and AES then can be configured according to the demand of practical application, be will not be described here.
B304, data decryption apparatus obtain the .proto files adopted during encryption.
B305, data decryption apparatus obtain the corresponding unserializing function library of protobuf algorithms.
B306, data decryption apparatus utilize the unserializing function library, according to the .proto files to the decryption Data carry out unserializing, obtain unserializing data.
The attribute of B307, data decryption apparatus using the unserializing data as relational data is carried out Storage, obtains primitive relation type data.
Will the unserializing data convert be the relational data each attribute, so as to obtain primitive relation Type data.
From the foregoing, it will be observed that the present embodiment by using protobuf algorithms to need in primitive relation type data encryption Attribute serialized, then, the serialized data for obtaining is encrypted using predetermined encryption algorithm, And stored encryption data as an attribute of the primitive relation type data, so as to close after being encrypted It is type data, reaches the purpose being encrypted to relational data;Accordingly, when decryption, then may be used To adopt default decipherment algorithm to be decrypted the encryption data in relational data after encryption, then adopt Protobuf algorithms carry out unserializing to ciphertext data, and using the unserializing data for obtaining as pass It is that the attribute of type data is stored, obtains primitive relation type data, so as to reach the purpose of decryption;Due to In these schemes, it is possible to use the serializing algorithm such as protobuf is carried out to multiple attributes of relational data AES is recalled after serializing, or after being decrypted to encryption data using decipherment algorithm, it is just sharp Unserializing is carried out to ciphertext data with the serializing algorithm such as protobuf, therefore, need to only call and once encrypt Algorithm or decipherment algorithm, so, each attribute for relational data is needed relative to prior art For calling the scheme of AES or decipherment algorithm respectively, AES or decipherment algorithm are greatly reduced Call number, so, this programme can reduce the operation of CPU, greatly improve treatment effeciency, and data The speed of storage.
Example IV,
In order to preferably implement above method, the embodiment of the present invention also provides a kind of data encryption device, such as schemes Shown in 4, the data encryption device include acquiring unit 401, determining unit 402, serialization unit 403, plus Close unit 404 and memory element 405 are as follows:
Acquiring unit 401, needs the primitive relation type data being encrypted for obtaining.
Wherein, primitive relation type data refer to encrypt before relational data, relational data refer to Come the data that represent, it generally constitutes a record with a plurality of attribute and is stored in lane database relation mathematic model Face.
Determining unit 402, needs the attribute encrypted for determining in the primitive relation type data.
Optionally, in addition to the attribute that all properties all can be encrypted as needs, it is also possible to according to pre- Policy selection several attributes therein are put as the attribute for needing encryption, the preset strategy specifically can basis The demand of practical application is configured.
Serialization unit 403, for adopting serializing algorithm to serialize the attribute of the needs encryption, Obtain serialized data.
Ciphering unit 404, for being encrypted to the serialized data using predetermined encryption algorithm, is added Ciphertext data.
For example, the serialized data specifically can be turned by plaintext by ciphering unit 404 using predetermined encryption algorithm Password is changed to, encryption data, etc. is obtained.
Wherein, AES can be configured according to the demand of practical application, be will not be described here.
Memory element 405, for carrying out the encryption data as an attribute of the primitive relation type data Storage, relational data after being encrypted.
For example, the serialization unit 403 can include defining subelement and process subelement, as follows:
This definition subelement, hands over for the corresponding data of attribute definition serializing algorithm for the needs encryption Change formatted file.For example, specifically can be as follows:
(1) define subelement;
This definition subelement, is specifically determined for the field type of the attribute of the needs encryption, according to this The corresponding data interchange format file of the field type definition serializing algorithm.
Wherein, the serializing algorithm can include that multiple fields can be carried out overall packing sequence by any one The algorithm of change, such as protobuf algorithms.By taking the serializing algorithm specially protobuf algorithms as an example, then:
This definition subelement, is specifically used against the attribute definition protobuf algorithms pair of the needs encryption The source file answered, such as .proto files.
(2) process subelement;
The process subelement, for carrying out sequence to the attribute of the needs encryption according to the data interchange format file Rowization, obtain serialized data.For example, specifically can be as follows:
The process subelement, specifically can be used for obtaining the corresponding serializing function library of the serializing algorithm, profit With the serializing function library, sequence is carried out to the attribute of the needs encryption according to the data interchange format file Change, obtain serialized data.
For example, by taking the serializing algorithm specially protobuf algorithms as an example, then:
The process subelement, specifically can be used for obtaining the corresponding serializing function library of protobuf algorithms, profit With the serializing function library, according to the source file, such as .proto files are carried out to the attribute of the needs encryption Serializing, obtains serialized data, such as buf.
When being embodied as, above unit can be realized as independent entity, it is also possible to carried out arbitrarily Combination, realizes as same or several entities, and being embodied as of above unit can be found in above Embodiment of the method, will not be described here.
The data encryption device can be specifically integrated in the equipment such as terminal, server or storage device.
From the foregoing, it will be observed that the serialization unit 403 of the data encryption device of the present embodiment can be calculated using serializing Then method, is adopted by ciphering unit 404 to needing the attribute encrypted to serialize in primitive relation type data The serialized data for obtaining is encrypted with predetermined encryption algorithm, and by memory element 405 by encryption data Stored as an attribute of the primitive relation type data, so as to relational data after being encrypted, reached To the purpose being encrypted to relational data;Due in this scenario, it is possible to use serializing algorithm is to closing It is to recall AES after multiple attributes of type data are serialized, therefore, need to only call and once encrypt Algorithm, needs to call the side of AES for each attribute of relational data respectively relative to prior art For case, the call number of AES is greatly reduced, so, it is possible to reduce the operation of CPU, significantly Improve treatment effeciency, and the speed of data storage.
Embodiment five,
Accordingly, the embodiment of the present invention also provides a kind of data decryption apparatus, as shown in figure 5, the data solution Close device includes acquiring unit 501, determining unit 502, decryption unit 503, unserializing unit 504 and deposits Storage unit 505, it is as follows:
Acquiring unit 501, needs relational data after the encryption being decrypted for obtaining.
Wherein, gained after relational data is encrypted by primitive relation type data after the encryption, it is specific to add Decryption method can be found in embodiment above, will not be described here.
Wherein, primitive relation type data refer to encrypt before relational data, relational data refer to Come the data that represent, it generally constitutes a record with a plurality of attribute and is stored in lane database relation mathematic model Face.
Determining unit 502, for determining the encryption data after the encryption in relational data.
Wherein, encryption data is the serialized data that rear gained is encrypted according to predetermined encryption algorithm, and sequence Rowization data are then to needing the attribute encrypted to carry out sequence in primitive relation type data using serializing algorithm After change, gained, specifically can be found in embodiment above, will not be described here.
Decryption unit 503, for adopting default decipherment algorithm to be decrypted the encryption data, is decrypted Data.
For example, decryption unit 503 can specifically adopt default decipherment algorithm to change the ciphertext of the encryption data In plain text, to obtain ciphertext data, etc..
Wherein, the decipherment algorithm should be matched with AES, and specific AES can be according to AES Depending on, and AES then can be configured according to the demand of practical application, be will not be described here.
Unserializing unit 504, for adopting serializing algorithm to carry out unserializing to the ciphertext data, obtains To unserializing data.
Memory element 505, for the unserializing data are deposited as the attribute of relational data Storage, obtains primitive relation type data.
For example, wherein, the unserializing unit 504 can include file acquisition subelement and process subelement, It is as follows:
File acquisition subelement, the data interchange format file adopted during for obtaining encryption.
Wherein, the data interchange format file is in encryption, for encryption is needed in primitive relation type data Attribute be defined and obtain, specifically can be found in embodiment above, will not be described here.
Subelement is processed, for unserializing being carried out to the ciphertext data according to the data interchange format file, Obtain unserializing data.For example, specifically can be as follows:
Subelement is processed, specifically can be used for obtaining the corresponding unserializing function library of the serializing algorithm, profit With the unserializing function library, unserializing is carried out to the ciphertext data according to the data interchange format file, Obtain unserializing data.
It should be noted that, the serializing algorithm can include that multiple fields can be carried out overall beating by any one The algorithm of packet sequence, such as protobuf algorithms, the serializing algorithm should be with the sequences adopted during encryption Change algorithm to be consistent.
For example, protobuf algorithms, and the data interchange format file are specially with the serializing algorithm As a example by for .proto files, then:
Subelement is processed, specifically can be used for obtaining the corresponding unserializing function library of protobuf algorithms, profit With the unserializing function library, unserializing is carried out to the ciphertext data according to the proto files, inverted sequence is obtained Rowization data.
When being embodied as, above unit can be realized as independent entity, it is also possible to carried out arbitrarily Combination, realizes as same or several entities, and being embodied as of above unit can be found in above Embodiment of the method, will not be described here.
The data decryption apparatus can be specifically integrated in the equipment such as terminal, server or storage device.
From the foregoing, it will be observed that the present embodiment can also adopt adding in presetting decipherment algorithm to relational data after encryption Ciphertext data is decrypted, then carry out unserializing to ciphertext data using serializing algorithm, and will obtain Unserializing data are stored respectively as the attribute of relational data, obtain primitive relation type data, from And reach the purpose of decryption.Due in this scenario, only a decipherment algorithm being called to carry out encryption data Decryption, then recycles serializing algorithm to carry out unserializing to ciphertext data, accordingly, with respect to existing skill Art is needed for each attribute of relational data calls the scheme of decipherment algorithm respectively, is greatly reduced The call number of decipherment algorithm, so, it is possible to reduce the operation of CPU, treatment effeciency is greatly improved, and The speed of data storage.
Embodiment six,
Additionally, the embodiment of the present invention also provides a kind of data handling system, including it is provided in an embodiment of the present invention Any one data encryption device and any one data decryption apparatus, wherein, data encryption device specifically can be found in Example IV, data decryption apparatus specifically can be found in embodiment five, for example, can be as follows:
Data encryption device, needs the primitive relation type data being encrypted for obtaining;Determine the original pass It is the attribute for needing in type data to encrypt;Sequence is carried out to the attribute of the needs encryption using serializing algorithm Change, obtain serialized data;The serialized data is encrypted using predetermined encryption algorithm, is encrypted Data;Stored the encryption data as an attribute of the primitive relation type data, after being encrypted Relational data.
Data decryption apparatus, need relational data after the encryption being decrypted for obtaining;Determine the encryption Encryption data in relational data afterwards;The encryption data is decrypted using default decipherment algorithm, is obtained Ciphertext data;Unserializing is carried out to the ciphertext data using serializing algorithm, unserializing data are obtained; The unserializing data are stored as the attribute of relational data, primitive relation type number is obtained According to.
Wherein, the serializing algorithm can include that multiple fields can be carried out overall packing sequence by any one The algorithm of change, such as protobuf algorithms.For example, by taking protobuf as an example, then:
Data encryption device, it is corresponding specifically for the attribute definition protobuf algorithms for the needs encryption Source file, such as " .proto files ", then obtains the corresponding serializing function library of protobuf algorithms, utilizes The serializing function library, serializes to the attribute of the needs encryption according to the .proto files, obtains sequence Rowization data, such as buf.
Data decryption apparatus, specifically can be used for obtaining the corresponding unserializing function library of protobuf algorithms, Using the unserializing function library, unserializing is carried out to the ciphertext data according to the proto files, obtain anti- Serialized data.
Additionally, the data handling system can also include other equipment, such as storage device etc., the storage Equipment, can be used for storing relational data after primitive relation type data and encryption.
It should be noted that, when being embodied as, the data encryption device, data decryption apparatus and storage device can With in same entity, it is also possible in different entities.The entity can be specifically terminal, service The equipment such as device or storage device, will not be described here.
More than each equipment be embodied as can be found in embodiment above, will not be described here.
As the data handling system can include that any one data encryption that the embodiment of the present invention is provided is filled Put and data decryption apparatus, it is thereby achieved that any one data encryption that the embodiment of the present invention is provided is filled Put and the beneficial effect achieved by data decryption apparatus, refer to embodiment above, will not be described here.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment Suddenly can be by program to instruct the hardware of correlation to complete, the program can be stored in a computer-readable In storage medium, storage medium can include:Read only memory (ROM, Read Only Memory), Random access memory (RAM, Random Access Memory), disk or CD etc..
A kind of encryption method of data that above embodiment of the present invention is provided, decryption method, device and it is System is described in detail, and specific case used herein is carried out to the principle and embodiment of the present invention Illustrate, the explanation of above example is only intended to help and understands the method for the present invention and its core concept;Meanwhile, For those skilled in the art, according to the thought of the present invention, in specific embodiments and applications Will change, in sum, this specification content should not be construed as limiting the invention.

Claims (19)

1. a kind of encryption method of data, it is characterised in that include:
Obtain the primitive relation type data for needing to be encrypted;
The attribute encrypted is needed in determining the primitive relation type data;
The attribute for needing encryption is serialized using serializing algorithm, obtain serialized data;
The serialized data is encrypted using predetermined encryption algorithm, obtains encryption data;
Stored the encryption data as an attribute of the primitive relation type data, encrypted Relational data afterwards.
2. method according to claim 1, it is characterised in that it is described using serializing algorithm to described Need the attribute of encryption to be serialized, obtain serialized data, including:
For the corresponding data interchange format file of attribute definition serializing algorithm for needing encryption;
The attribute for needing encryption is serialized according to the data interchange format file, obtain sequence Change data.
3. method according to claim 2, it is characterised in that described according to the data interchange format File is serialized to the attribute for needing encryption, obtains serialized data, including:
Obtain the corresponding serializing function library of the serializing algorithm;
Using the serializing function library, according to the data interchange format file to the category for needing encryption Property is serialized, and obtains serialized data.
4. method according to claim 2, it is characterised in that described for the category for needing encryption The property corresponding data interchange format file of defined nucleotide sequence algorithm, including:
Determine the field type of the attribute for needing encryption;
The corresponding data interchange format file of algorithm is serialized according to the field type definition.
5. the method according to any one of claim 2 to 4, it is characterised in that described for the need The corresponding data interchange format file of attribute definition serializing algorithm to be encrypted, including:
For the corresponding source file of attribute definition agreement relief area protobuf algorithms for needing encryption;
It is described the attribute for needing encryption to be serialized according to the data interchange format file, obtain Serialized data, specially:The corresponding serializing function library of protobuf algorithms is obtained, using the sequence Change function library, the attribute for needing encryption is serialized according to the source file, obtain serializing number According to.
6. a kind of decryption method of data, it is characterised in that include:
Obtain relational data after the encryption for needing to be decrypted;
Determine the encryption data in relational data after the encryption;
The encryption data is decrypted using default decipherment algorithm, obtains ciphertext data;
Unserializing is carried out to the ciphertext data using serializing algorithm, unserializing data are obtained;
The unserializing data are stored as the attribute of relational data, primitive relation is obtained Type data.
7. method according to claim 6, it is characterised in that it is described using serializing algorithm to described Ciphertext data carries out unserializing, obtains unserializing data, including:
The data interchange format file adopted during encryption is obtained, the data interchange format file is in encryption When, obtain for needing the attribute encrypted to be defined in primitive relation type data;
Unserializing is carried out to the ciphertext data according to the data interchange format file, unserializing is obtained Data.
8. method according to claim 7, it is characterised in that described according to the data interchange format File carries out unserializing to the ciphertext data, obtains unserializing data, including:
Obtain the corresponding unserializing function library of the serializing algorithm;
Using the unserializing function library, the ciphertext data is entered according to the data interchange format file Row unserializing, obtains unserializing data.
9. the method according to claim 7 or 8, it is characterised in that the serializing algorithm is agreement Relief area protobuf algorithms, the data interchange format file are source file, then described according to the data DIF file carries out unserializing to the ciphertext data, obtains unserializing data, including:
The corresponding unserializing function library of protobuf algorithms is obtained, using the unserializing function library, root Unserializing is carried out to the ciphertext data according to the source file, unserializing data are obtained.
10. a kind of data encryption device, it is characterised in that include:
Acquiring unit, needs the primitive relation type data being encrypted for obtaining;
Determining unit, needs the attribute encrypted for determining in the primitive relation type data;
Serialization unit, for adopting serializing algorithm to serialize the attribute for needing encryption, obtains To serialized data;
Ciphering unit, for being encrypted to the serialized data using predetermined encryption algorithm, is encrypted Data;
Memory element, for carrying out the encryption data as an attribute of the primitive relation type data Storage, relational data after being encrypted.
11. data encryption devices according to claim 10, it is characterised in that the serialization unit Including definition subelement and process subelement;
The definition subelement, for for the corresponding number of attribute definition serializing algorithm for needing encryption According to DIF file;
The process subelement, for needing the attribute encrypted to described according to the data interchange format file Serialized, obtained serialized data.
12. data encryption devices according to claim 11, it is characterised in that
The process subelement, specifically for obtaining the corresponding serializing function library of the serializing algorithm, profit With the serializing function library, the attribute for needing encryption is carried out according to the data interchange format file Serializing, obtains serialized data.
13. data encryption devices according to claim 11, it is characterised in that
The definition subelement, the field type specifically for determining the attribute for needing encryption, according to institute State.
14. data encryption devices according to any one of claim 11 to 13, it is characterised in that
The definition subelement, specifically for for the attribute definition agreement relief area for needing encryption Protobuf algorithms correspondence source file;
The process subelement, specifically for obtaining the corresponding serializing function library of protobuf algorithms, utilizes The serializing function library, serializes to the attribute for needing encryption according to the source file, obtains Serialized data.
15. a kind of data decryption apparatus, it is characterised in that include:
Acquiring unit, needs relational data after the encryption being decrypted for obtaining;
Determining unit, for determining the encryption data after the encryption in relational data;
Decryption unit, for adopting default decipherment algorithm to be decrypted the encryption data, obtains decrypting number According to;
Unserializing unit, for adopting serializing algorithm to carry out unserializing to the ciphertext data, obtains Unserializing data;
Memory element, for the unserializing data are deposited as the attribute of relational data Storage, obtains primitive relation type data.
16. data decryption apparatus according to claim 15, it is characterised in that the unserializing list Unit includes file acquisition subelement and processes subelement;
The file acquisition subelement, the data interchange format file adopted during for obtaining encryption are described Data interchange format file is in encryption, for needing the attribute encrypted to carry out determining in primitive relation type data Justice and obtain;
The process subelement, for being carried out instead to the ciphertext data according to the data interchange format file Serializing, obtains unserializing data.
17. data decryption apparatus according to claim 16, it is characterised in that
The process subelement, specifically for obtaining the corresponding unserializing function library of the serializing algorithm, Using the unserializing function library, the ciphertext data is carried out instead according to the data interchange format file Serializing, obtains unserializing data.
18. data decryption apparatus according to claim 16 or 17, it is characterised in that the serializing Algorithm is agreement relief area protobuf algorithms, and the data interchange format file is source file, then:
The process subelement, specifically for obtaining the corresponding unserializing function library of protobuf algorithms, profit With the unserializing function library, unserializing is carried out to the ciphertext data according to the source file, is obtained Unserializing data.
19. a kind of data handling systems, it is characterised in that including described in any one of claim 10 to 14 Data decryption apparatus described in data encryption device and any one of claim 15 to 18.
CN201510648132.XA 2015-10-09 2015-10-09 Data encryption method, data decryption method, device and system Active CN106570410B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510648132.XA CN106570410B (en) 2015-10-09 2015-10-09 Data encryption method, data decryption method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510648132.XA CN106570410B (en) 2015-10-09 2015-10-09 Data encryption method, data decryption method, device and system

Publications (2)

Publication Number Publication Date
CN106570410A true CN106570410A (en) 2017-04-19
CN106570410B CN106570410B (en) 2020-05-12

Family

ID=58507283

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510648132.XA Active CN106570410B (en) 2015-10-09 2015-10-09 Data encryption method, data decryption method, device and system

Country Status (1)

Country Link
CN (1) CN106570410B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110019553A (en) * 2017-12-21 2019-07-16 北京奇虎科技有限公司 Processing method, device and the computer readable storage medium of Recommendations data

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103413099A (en) * 2013-08-22 2013-11-27 曙光云计算技术有限公司 Data storage method and device and enciphered data accessing method and device
CN103605741A (en) * 2013-11-19 2014-02-26 北京国双科技有限公司 Object encryption storage method, device and system
CN104077335A (en) * 2013-05-07 2014-10-01 腾讯科技(深圳)有限公司 Methods, devices and system for serializing and deserializing structured data
CN104580158A (en) * 2014-12-12 2015-04-29 集时通(福建)信息科技有限公司 Distributed platform file and content distribution method and distributed platform file and content distribution system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104077335A (en) * 2013-05-07 2014-10-01 腾讯科技(深圳)有限公司 Methods, devices and system for serializing and deserializing structured data
CN103413099A (en) * 2013-08-22 2013-11-27 曙光云计算技术有限公司 Data storage method and device and enciphered data accessing method and device
CN103605741A (en) * 2013-11-19 2014-02-26 北京国双科技有限公司 Object encryption storage method, device and system
CN104580158A (en) * 2014-12-12 2015-04-29 集时通(福建)信息科技有限公司 Distributed platform file and content distribution method and distributed platform file and content distribution system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
聂晓旭等: "基于Protobuf的数据传输协议", 《基于PROTOBUF的数据传输协议》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110019553A (en) * 2017-12-21 2019-07-16 北京奇虎科技有限公司 Processing method, device and the computer readable storage medium of Recommendations data

Also Published As

Publication number Publication date
CN106570410B (en) 2020-05-12

Similar Documents

Publication Publication Date Title
US10635824B1 (en) Methods and apparatus for private set membership using aggregation for reduced communications
CN105760764B (en) Encryption and decryption method and device for embedded storage device file and terminal
CN105610793B (en) A kind of outsourcing data encryption storage and cryptogram search system and its application process
CN109728914B (en) Digital signature verification method, system, device and computer readable storage medium
CN106452770B (en) Data encryption method, data decryption method, device and system
CN105577379A (en) Information processing method and apparatus thereof
US11316671B2 (en) Accelerated encryption and decryption of files with shared secret and method therefor
CN110505054B (en) Data processing method, device and equipment based on dynamic white box
CN105071927A (en) Mobile device data local storage method
CN111767559B (en) Field level encryption blockchain data
CN111371545A (en) Encryption method and system based on privacy protection
CN109544164A (en) A kind of encryption system based on internet payment, method and storage medium
CN106878322A (en) A kind of encryption and decryption method of the fixed length ciphertext based on attribute and key
CN112287366A (en) Data encryption method and device, computer equipment and storage medium
CN106446697A (en) Method and device for saving private data
CN104023009A (en) Web system license verification mechansim
CN112328639A (en) Data query method, device and system and data set processing method
CN104978542A (en) Secure data storage and data access method and system
CN106656496A (en) Data encryption method and apparatus
CN106570410A (en) Data encryption method and device, data decryption method and device, and data processing system
CN116455555A (en) Data encryption method and device and electronic equipment
CN115766244A (en) Internet of vehicles information encryption method and device, computer equipment and storage medium
CN114611129A (en) Data privacy protection method and system
CN113612799A (en) Block chain hash encryption method and device based on SM2 algorithm
EP3406050B1 (en) Method for safeguarding the confidentiality of the sender's identification of messages transmitted through promiscuous channels

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant