CN106570410A - Data encryption method and device, data decryption method and device, and data processing system - Google Patents
Data encryption method and device, data decryption method and device, and data processing system Download PDFInfo
- Publication number
- CN106570410A CN106570410A CN201510648132.XA CN201510648132A CN106570410A CN 106570410 A CN106570410 A CN 106570410A CN 201510648132 A CN201510648132 A CN 201510648132A CN 106570410 A CN106570410 A CN 106570410A
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- unserializing
- attribute
- serializing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment discloses a data encryption method and device, a data decryption method and device, and a data processing system. The data encryption method of the embodiment of the invention comprises the following steps of: adopting a serialization algorithm to carry out serialization on attributes which need to be encrypted in original relational data; then, adopting a preset encryption algorithm to encrypt obtained serialization data; and storing encryption data as one attribute of the original relational data so as to obtain encrypted relational data. The embodiment of the invention also provides a corresponding decryption scheme. By use of the scheme provided by the embodiment of the invention, the operation of the CPU (Central Processing Unit) can be reduced, processing efficiency is greatly improved, and data storage speed is greatly improved.
Description
Technical field
The present invention relates to communication technical field, and in particular to a kind of encryption method of data, decryption method, dress
Put and system.
Background technology
With the development of Internet technology, the information on the Internet is more and more, wherein being no lack of some and user
The related information of privacy, once these information are compromised, may bring puzzlement and risk to user, therefore,
How protection information becomes safely more and more important.
In order to prevent information to be illegally accessed, it will usually which the information to preserving is encrypted storage, wherein, use
The information at family is typically relational data, i.e., constitute a record by a plurality of attribute and be stored in inside data base.
In order to be encrypted storage to these information, it usually needs each attribute of a record is carried out adding respectively
It is close, among being then stored to data base again, i.e., for record A=(a1, a2, a3 ..., an), need to be first with
Encryption function E is converted to A '=(E (a1), E (a2), E (a3) ..., E (an)), then just can deposit A '
Enter in data base.
In the research and practice process to prior art, it was found by the inventors of the present invention that in existing scheme,
For each record of encryption, need to call an AES respectively for each attribute, therefore, need
Want repeated multiple times and call AES, and AES is typically computationally intensive operation, need to expend more
Central processing unit (CPU, Central Processing Unit) operation, so, leverage process
The speed of efficiency and data storage.
The content of the invention
The embodiment of the present invention provides a kind of encryption method of data, decryption method, device and system, it is only necessary to
An AES is called, treatment effeciency, and the speed of data storage can be improved.
The embodiment of the present invention provides a kind of encryption method of data, including:
Obtain the primitive relation type data for needing to be encrypted;
The attribute encrypted is needed in determining the primitive relation type data;
The attribute for needing encryption is serialized using serializing algorithm, obtain serialized data;
The serialized data is encrypted using predetermined encryption algorithm, obtains encryption data;
Stored the encryption data as an attribute of the primitive relation type data, encrypted
Relational data afterwards.
Accordingly, the embodiment of the present invention also provides a kind of decryption method of data, including:
Obtain relational data after the encryption for needing to be decrypted;
Determine the encryption data in relational data after the encryption;
The encryption data is decrypted using default decipherment algorithm, obtains ciphertext data;
Unserializing is carried out to the ciphertext data using serializing algorithm, unserializing data are obtained;
The unserializing data are stored as the attribute of relational data, primitive relation is obtained
Type data.
Accordingly, the embodiment of the present invention also provides a kind of data encryption device, including:
Acquiring unit, needs the primitive relation type data being encrypted for obtaining;
Determining unit, needs the attribute encrypted for determining in the primitive relation type data;
Serialization unit, for adopting serializing algorithm to serialize the attribute for needing encryption, obtains
To serialized data;
Ciphering unit, for being encrypted to the serialized data using predetermined encryption algorithm, is encrypted
Data;
Memory element, for carrying out the encryption data as an attribute of the primitive relation type data
Storage, relational data after being encrypted.
Accordingly, the embodiment of the present invention also provides a kind of data decryption apparatus, including:
Acquiring unit, needs relational data after the encryption being decrypted for obtaining;
Determining unit, for determining the encryption data after the encryption in relational data;
Decryption unit, for adopting default decipherment algorithm to be decrypted the encryption data, obtains decrypting number
According to;
Unserializing unit, for adopting serializing algorithm to carry out unserializing to the ciphertext data, obtains
Unserializing data;
Memory element, for the unserializing data are deposited as the attribute of relational data
Storage, obtains primitive relation type data.
Additionally, the embodiment of the present invention also provides a kind of data handling system, including it is provided in an embodiment of the present invention
Any one data encryption device and any one data decryption apparatus.
The embodiment of the present invention is by adopting serializing algorithm to the attribute of encryption is needed in primitive relation type data
Serialized, then, the serialized data for obtaining is encrypted using predetermined encryption algorithm, and will be added
Ciphertext data is stored as an attribute of the primitive relation type data, so as to relationship type number after being encrypted
According to reaching the purpose being encrypted to relational data;Due in this scenario, it is possible to use serializing is calculated
Method recalls AES after serializing to multiple attributes of relational data, therefore, only need to call one
Secondary AES, needs to call encryption to calculate for each attribute of relational data respectively relative to prior art
For the scheme of method, the call number of AES is greatly reduced, so, it is possible to reduce the operation of CPU,
Greatly improve treatment effeciency, and the speed of data storage.
Accordingly, the embodiment of the present invention can also be using default decipherment algorithm in relational data after encryption
Encryption data is decrypted, and unserializing is carried out to ciphertext data using serializing algorithm then, and will be obtained
Unserializing data stored respectively as the attribute of relational data, obtain primitive relation type data,
So as to reach the purpose of decryption.Due in this scenario, only a decipherment algorithm being called to enter encryption data
Row decryption, then recycles serializing algorithm to carry out unserializing to ciphertext data, accordingly, with respect to existing
Technology is needed for each attribute of relational data calls the scheme of decipherment algorithm respectively, is greatly reduced
The call number of decipherment algorithm, so, it is possible to reduce the operation of CPU, treatment effeciency is greatly improved, with
And the speed of data storage.
Description of the drawings
For the technical scheme being illustrated more clearly that in the embodiment of the present invention, below will be to institute in embodiment description
The accompanying drawing that needs are used is briefly described, it should be apparent that, drawings in the following description are only the present invention
Some embodiments, for those skilled in the art, on the premise of not paying creative work, also
Other accompanying drawings can be obtained according to these accompanying drawings.
Fig. 1 a are the schematic diagram of a scenario of data handling system provided in an embodiment of the present invention;
Fig. 1 b are the schematic flow sheets of the encryption method of data provided in an embodiment of the present invention;
Fig. 2 is the schematic flow sheet of the decryption method of data provided in an embodiment of the present invention;
Fig. 3 a are another schematic flow sheets of the encryption method of data provided in an embodiment of the present invention;
Fig. 3 b are another schematic flow sheets of the decryption method of data provided in an embodiment of the present invention;
Fig. 4 is the structural representation of data encryption device provided in an embodiment of the present invention;
Fig. 5 is the structural representation of data decryption apparatus provided in an embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clearly
Chu, it is fully described by, it is clear that described embodiment is only a part of embodiment of the invention, rather than
Whole embodiments.Based on the embodiment in the present invention, those skilled in the art are not making creative labor
The every other embodiment obtained under the premise of dynamic, belongs to the scope of protection of the invention.
The embodiment of the present invention provides a kind of encryption method of data, decryption method, device and system.
As shown in Figure 1a, the data handling system can include data encryption device and data decryption apparatus, its
In, data encryption device can adopt serializing algorithm to needing the attribute encrypted to enter in primitive relation type data
Row serializing, then, is encrypted to the serialized data for obtaining using predetermined encryption algorithm, and will encryption
Data are stored as an attribute of the primitive relation type data, so as to relationship type number after being encrypted
According to reaching the purpose being encrypted to relational data.And data decryption apparatus, then can be using default solution
Close algorithm is decrypted to the encryption data in relational data after encryption, then using serializing algorithm to solution
Ciphertext data carries out unserializing, and the unserializing data for obtaining are entered as the attribute of relational data
Row storage, obtains primitive relation type data, so as to reach the purpose of decryption.
Wherein, data encryption device and data decryption apparatus are mutually matched, that is, the AES for being adopted is conciliate
Close algorithm is mutually matched, and the serializing algorithm for being adopted should be consistent.
It is described in detail respectively below.
Embodiment one,
The angle of data encryption device is described by the present embodiment, and the data encryption device specifically can be with integrated
In the equipment such as terminal, server or storage device.
A kind of encryption method of data, including:Obtain the primitive relation type data for needing to be encrypted;It is determined that
The attribute encrypted is needed in the primitive relation type data;The attribute of the needs encryption is entered using serializing algorithm
Row serializing, obtains serialized data;The serialized data is encrypted using predetermined encryption algorithm, is obtained
To encryption data;Stored the encryption data as an attribute of the primitive relation type data, obtained
Relational data after encryption.
As shown in Figure 1 b, the idiographic flow of the encryption method of the data can be as follows:
101st, the primitive relation type data for needing to be encrypted are obtained.
Wherein, primitive relation type data refer to encrypt before relational data, relational data refer to
Come the data that represent, it generally constitutes a record with a plurality of attribute and is stored in lane database relation mathematic model
Face.
102nd, the attribute encrypted is needed in determining the primitive relation type data.
For example, if the primitive relation type data are A=(a1, a2, a3 ..., an), then at this point it is possible to really
It is fixed need encryption attribute be a1, a2, a3 ..., and an.
Optionally, in addition to the attribute that all properties all can be encrypted as needs, it is also possible to according to pre-
Policy selection several attributes therein are put as the attribute for needing encryption, the preset strategy specifically can basis
The demand of practical application is configured.
Such as, for certain user profile, its attribute can include " name ", " age ", " position ",
" location " and " contact method " etc., then now, be all encrypted all properties except arranging
Outside, it is also possible to only by some attributes therein, such as " age ", " position " and " contact method " enter
Row encryption, will not be described here.
103rd, the attribute of the needs encryption is serialized using serializing algorithm, obtains serialized data.
For example, specifically can be as follows:
(1) for the corresponding data interchange format file of attribute definition serializing algorithm of the needs encryption.
Wherein, data interchange format document definition needs each data field type of encryption etc., i.e. step
" for the corresponding data interchange format file of attribute definition serializing algorithm of needs encryption " specifically can be with
It is as follows:
Determine the field type of the attribute of the needs encryption, according to the field type definition serializing algorithm pair
Data interchange format file answered, etc..
For example, it is specially agreement relief area (protobuf, Protocol Buffer) with the serializing algorithm to calculate
As a example by method, then now, the corresponding source of attribute definition protobuf algorithms of the needs encryption can be specifically directed to
File, such as " .proto files ".
Such as, it may be determined that the field type of the attribute of the needs encryption, it is then, fixed according to the field type
Adopted " .proto files ", a type of message such as defined in .proto files, it is intended that field type, distribution
Identification number and specific field rule etc..
It should be noted that, the serializing algorithm can include that multiple fields can be carried out overall beating by any one
The algorithm of packet sequence, such as protobuf algorithms, for convenience, in embodiments of the present invention,
Illustrate by taking the serializing algorithm specially protobuf algorithms as an example.
(2) attribute of the needs encryption is serialized according to the data interchange format file, obtains sequence
Rowization data.For example, specifically can be as follows:
The corresponding serializing function library of the serializing algorithm is obtained, using the serializing function library, according to the number
The attribute of the needs encryption is serialized according to DIF file, obtain serialized data.
For example, by taking the serializing algorithm specially protobuf algorithms as an example, then now, can specifically obtain
The corresponding serializing function library of protobuf algorithms, using the serializing function library, according to the source file,
As .proto files are serialized to the attribute of the needs encryption, serialized data is obtained, such as buf (appoints
The code of meaning system number conversion).
104th, the serialized data is encrypted using predetermined encryption algorithm, obtains encryption data.
For example, can specifically adopt predetermined encryption algorithm by the serialized data by password is converted in plain text, obtain
Arrive encryption data, etc..
Wherein, AES can be configured according to the demand of practical application, be will not be described here.
105th, stored the encryption data as an attribute of the primitive relation type data, added
Close rear relational data, the data after will encrypting carry out global storage.
From the foregoing, it will be observed that the present embodiment is by adopting serializing algorithm to needing what is encrypted in primitive relation type data
Attribute is serialized, and then, the serialized data for obtaining is encrypted using predetermined encryption algorithm, and
Stored encryption data as an attribute of the primitive relation type data, so as to relation after being encrypted
Type data, reach the purpose being encrypted to relational data;Due in this scenario, it is possible to use sequence
Change after algorithm is serialized to multiple attributes of relational data and recall AES, therefore, only need to adjust
With an AES, need to be called for each attribute of relational data respectively relative to prior art plus
For the scheme of close algorithm, the call number of AES is greatly reduced, so, it is possible to reduce CPU's
Operation, greatly improves treatment effeciency, and the speed of data storage.
Embodiment two,
In the present embodiment, will be described from the angle of data decryption apparatus, the data decryption apparatus are concrete
Can be integrated in the equipment such as terminal, server or storage device.
A kind of decryption method of data, including:Obtain relational data after the encryption for needing to be decrypted;Really
Encryption data after the fixed encryption in relational data;The encryption data is solved using default decipherment algorithm
It is close, obtain ciphertext data;Unserializing is carried out to the ciphertext data using serializing algorithm, antitone sequence is obtained
Change data;The unserializing data are stored as the attribute of relational data, original pass is obtained
It is type data.
As shown in Fig. 2 the idiographic flow of the decryption method of the data can be as follows:
201st, obtain relational data after the encryption for needing to be decrypted.
Wherein, gained after relational data is encrypted by primitive relation type data after the encryption, it is specific to add
Decryption method can be found in embodiment one, will not be described here.
Wherein, primitive relation type data refer to encrypt before relational data, relational data refer to
Come the data that represent, it generally constitutes a record with a plurality of attribute and is stored in lane database relation mathematic model
Face.
202nd, determine the encryption data in relational data after the encryption.
Wherein, encryption data is the serialized data that rear gained is encrypted according to predetermined encryption algorithm, and sequence
Rowization data are then to needing the attribute encrypted to carry out sequence in primitive relation type data using serializing algorithm
After change, gained, specifically can be found in embodiment one, will not be described here.
For example, if relational data is after encryption:A '=Ea, wherein E are encryption function, then Ea as adds
Ciphertext data.
203rd, the encryption data is decrypted using default decipherment algorithm, obtains ciphertext data.
For example, specifically the ciphertext of the encryption data can be converted in plain text using default decipherment algorithm, is obtained
Ciphertext data, etc..
Wherein, the decipherment algorithm should be matched with AES, and specific AES can be according to AES
Depending on, and AES then can be configured according to the demand of practical application, be will not be described here.
204th, unserializing is carried out to the ciphertext data using serializing algorithm, obtains unserializing data.
For example, specifically can be as follows:
(1) the data interchange format file adopted when obtaining encryption.
Wherein, the data interchange format file is in encryption, for encryption is needed in primitive relation type data
Attribute be defined and obtain, specifically can be found in embodiment one, will not be described here.
(2) unserializing is carried out to the ciphertext data according to the data interchange format file, obtains antitone sequence
Change data.For example, specifically can be as follows:
The corresponding unserializing function library of the serializing algorithm is obtained, using the unserializing function library, according to
The data interchange format file carries out unserializing to the ciphertext data, obtains unserializing data.
It should be noted that, the serializing algorithm can include that multiple fields can be carried out overall beating by any one
The algorithm of packet sequence, such as protobuf algorithms, the serializing algorithm should be with the sequences adopted during encryption
Change algorithm to be consistent.
For example, protobuf algorithms, and the data interchange format file are specially with the serializing algorithm
As a example by for .proto files, then now, the corresponding unserializing function library of protobuf algorithms can be specifically obtained,
Using the unserializing function library, unserializing is carried out to the ciphertext data according to the .proto files, is obtained
Unserializing data.
205th, the unserializing data are stored as the attribute of relational data, is obtained original
Relational data.
Will the unserializing data convert be the relational data each attribute, so as to obtain primitive relation
Type data.
From the foregoing, it will be observed that the present embodiment can also adopt adding in presetting decipherment algorithm to relational data after encryption
Ciphertext data is decrypted, then carry out unserializing to ciphertext data using serializing algorithm, and will obtain
Unserializing data are stored respectively as the attribute of relational data, obtain primitive relation type data, from
And reach the purpose of decryption.Due in this scenario, only a decipherment algorithm being called to carry out encryption data
Decryption, then recycles serializing algorithm to carry out unserializing to ciphertext data, accordingly, with respect to existing skill
Art is needed for each attribute of relational data calls the scheme of decipherment algorithm respectively, is greatly reduced
The call number of decipherment algorithm, so, it is possible to reduce the operation of CPU, treatment effeciency is greatly improved, and
The speed of data storage.
Embodiment three,
Citing is described in further detail by method according to described by embodiment one and two below.
In the present embodiment, will illustrate by taking the serializing algorithm specially protobuf algorithms as an example, have
Body can be as follows:
(1) encrypt;
As shown in Figure 3 a, a kind of encryption method of data, idiographic flow can be as follows:
A301, data encryption device obtain the primitive relation type data for needing to be encrypted.
For example, after receiving CIPHERING REQUEST, obtain what the needs were encrypted according to the instruction in CIPHERING REQUEST
Primitive relation type data, such as, specifically can obtain the needs from local or other storage devices carries out adding
Close primitive relation type data, etc..
Wherein, primitive relation type data refer to encrypt before relational data, relational data refer to
Come the data that represent, it generally constitutes a record with a plurality of attribute and is stored in lane database relation mathematic model
Face.
A302, data encryption device need the attribute encrypted in determining the primitive relation type data.
For example, if the primitive relation type data are A=(a1, a2, a3 ..., an), then at this point it is possible to really
It is fixed need encryption attribute be a1, a2, a3 ..., and an.
Optionally, in addition to the attribute that all properties all can be encrypted as needs, it is also possible to according to pre-
Policy selection several attributes therein are put as the attribute for needing encryption, the preset strategy specifically can basis
The demand of practical application is configured.
Such as, for certain user profile, its attribute can include " name ", " age ", " position ",
" location " and " contact method " etc., then now, be all encrypted all properties except arranging
Outside, it is also possible to only by some attributes therein, such as " age ", " position " and " contact method " enter
Row encryption, will not be described here.
A303, data encryption device determine the field type of the attribute of the needs encryption, and according to the field
Type definition " .proto files ".
A type of message such as defined in .proto files, it is intended that field type, assigned identification number,
And specific field rule etc..
A304, data encryption device obtain the corresponding serializing function library of protobuf algorithms.
A305, data encryption device utilize the serializing function library, the needs are added according to the .proto files
Close attribute is serialized, and obtains serialized data, and such as buf, the wherein buf can be binary numbers
According to.
, using predetermined encryption algorithm to the serialized data, such as buf carries out adding for A306, data encryption device
It is close, obtain encryption data, such as enc_buf.
For example, specifically can be using predetermined encryption algorithm by the serialized data, such as buf is by changing in plain text
For password, encryption data such as enc_buf, etc. is obtained.
Wherein, AES can be configured according to the demand of practical application, be will not be described here.
A307, data encryption device by the encryption data, if enc_buf is used as the primitive relation type data
One attribute is stored, relational data after being encrypted.
Data after will encrypting carry out global storage, for example, can store it in preset data base,
Etc..
(2) decrypt;
Corresponding with the encryption method of (), the embodiment of the present invention also provides a kind of decryption method of data,
As shown in Figure 3 b, idiographic flow can be as follows:
B301, data decryption apparatus obtain relational data after the encryption for needing to be decrypted.
For example, after receiving decoding request, obtain what the needs were decrypted according to the instruction in decoding request
Relational data after encryption, such as, specifically can obtain the needs from local or other storage devices is carried out
Relational data, etc. after the encryption of decryption.
Wherein, gained after relational data is encrypted by primitive relation type data after the encryption, it is specific to add
Decryption method can be found in () of the present embodiment, will not be described here.
Wherein, primitive relation type data refer to encrypt before relational data, relational data refer to
Come the data that represent, it generally constitutes a record with a plurality of attribute and is stored in lane database relation mathematic model
Face.
B302, data decryption apparatus determine the encryption data after the encryption in relational data.
Wherein, encryption data is the serialized data that rear gained is encrypted according to predetermined encryption algorithm, and sequence
Rowization data be then using protobuf to need in primitive relation type data encrypt attribute serialize after
Gained, specifically can be found in () of embodiment, will not be described here.
For example, if relational data is after encryption:A '=Ea, wherein E are encryption function, then Ea as adds
Ciphertext data.
B303, data decryption apparatus are decrypted to the encryption data using default decipherment algorithm, are solved
Ciphertext data.
For example, specifically the ciphertext of the encryption data can be converted in plain text using default decipherment algorithm, is obtained
Ciphertext data, etc..
Wherein, the decipherment algorithm should be matched with AES, and specific AES can be according to AES
Depending on, and AES then can be configured according to the demand of practical application, be will not be described here.
B304, data decryption apparatus obtain the .proto files adopted during encryption.
B305, data decryption apparatus obtain the corresponding unserializing function library of protobuf algorithms.
B306, data decryption apparatus utilize the unserializing function library, according to the .proto files to the decryption
Data carry out unserializing, obtain unserializing data.
The attribute of B307, data decryption apparatus using the unserializing data as relational data is carried out
Storage, obtains primitive relation type data.
Will the unserializing data convert be the relational data each attribute, so as to obtain primitive relation
Type data.
From the foregoing, it will be observed that the present embodiment by using protobuf algorithms to need in primitive relation type data encryption
Attribute serialized, then, the serialized data for obtaining is encrypted using predetermined encryption algorithm,
And stored encryption data as an attribute of the primitive relation type data, so as to close after being encrypted
It is type data, reaches the purpose being encrypted to relational data;Accordingly, when decryption, then may be used
To adopt default decipherment algorithm to be decrypted the encryption data in relational data after encryption, then adopt
Protobuf algorithms carry out unserializing to ciphertext data, and using the unserializing data for obtaining as pass
It is that the attribute of type data is stored, obtains primitive relation type data, so as to reach the purpose of decryption;Due to
In these schemes, it is possible to use the serializing algorithm such as protobuf is carried out to multiple attributes of relational data
AES is recalled after serializing, or after being decrypted to encryption data using decipherment algorithm, it is just sharp
Unserializing is carried out to ciphertext data with the serializing algorithm such as protobuf, therefore, need to only call and once encrypt
Algorithm or decipherment algorithm, so, each attribute for relational data is needed relative to prior art
For calling the scheme of AES or decipherment algorithm respectively, AES or decipherment algorithm are greatly reduced
Call number, so, this programme can reduce the operation of CPU, greatly improve treatment effeciency, and data
The speed of storage.
Example IV,
In order to preferably implement above method, the embodiment of the present invention also provides a kind of data encryption device, such as schemes
Shown in 4, the data encryption device include acquiring unit 401, determining unit 402, serialization unit 403, plus
Close unit 404 and memory element 405 are as follows:
Acquiring unit 401, needs the primitive relation type data being encrypted for obtaining.
Wherein, primitive relation type data refer to encrypt before relational data, relational data refer to
Come the data that represent, it generally constitutes a record with a plurality of attribute and is stored in lane database relation mathematic model
Face.
Determining unit 402, needs the attribute encrypted for determining in the primitive relation type data.
Optionally, in addition to the attribute that all properties all can be encrypted as needs, it is also possible to according to pre-
Policy selection several attributes therein are put as the attribute for needing encryption, the preset strategy specifically can basis
The demand of practical application is configured.
Serialization unit 403, for adopting serializing algorithm to serialize the attribute of the needs encryption,
Obtain serialized data.
Ciphering unit 404, for being encrypted to the serialized data using predetermined encryption algorithm, is added
Ciphertext data.
For example, the serialized data specifically can be turned by plaintext by ciphering unit 404 using predetermined encryption algorithm
Password is changed to, encryption data, etc. is obtained.
Wherein, AES can be configured according to the demand of practical application, be will not be described here.
Memory element 405, for carrying out the encryption data as an attribute of the primitive relation type data
Storage, relational data after being encrypted.
For example, the serialization unit 403 can include defining subelement and process subelement, as follows:
This definition subelement, hands over for the corresponding data of attribute definition serializing algorithm for the needs encryption
Change formatted file.For example, specifically can be as follows:
(1) define subelement;
This definition subelement, is specifically determined for the field type of the attribute of the needs encryption, according to this
The corresponding data interchange format file of the field type definition serializing algorithm.
Wherein, the serializing algorithm can include that multiple fields can be carried out overall packing sequence by any one
The algorithm of change, such as protobuf algorithms.By taking the serializing algorithm specially protobuf algorithms as an example, then:
This definition subelement, is specifically used against the attribute definition protobuf algorithms pair of the needs encryption
The source file answered, such as .proto files.
(2) process subelement;
The process subelement, for carrying out sequence to the attribute of the needs encryption according to the data interchange format file
Rowization, obtain serialized data.For example, specifically can be as follows:
The process subelement, specifically can be used for obtaining the corresponding serializing function library of the serializing algorithm, profit
With the serializing function library, sequence is carried out to the attribute of the needs encryption according to the data interchange format file
Change, obtain serialized data.
For example, by taking the serializing algorithm specially protobuf algorithms as an example, then:
The process subelement, specifically can be used for obtaining the corresponding serializing function library of protobuf algorithms, profit
With the serializing function library, according to the source file, such as .proto files are carried out to the attribute of the needs encryption
Serializing, obtains serialized data, such as buf.
When being embodied as, above unit can be realized as independent entity, it is also possible to carried out arbitrarily
Combination, realizes as same or several entities, and being embodied as of above unit can be found in above
Embodiment of the method, will not be described here.
The data encryption device can be specifically integrated in the equipment such as terminal, server or storage device.
From the foregoing, it will be observed that the serialization unit 403 of the data encryption device of the present embodiment can be calculated using serializing
Then method, is adopted by ciphering unit 404 to needing the attribute encrypted to serialize in primitive relation type data
The serialized data for obtaining is encrypted with predetermined encryption algorithm, and by memory element 405 by encryption data
Stored as an attribute of the primitive relation type data, so as to relational data after being encrypted, reached
To the purpose being encrypted to relational data;Due in this scenario, it is possible to use serializing algorithm is to closing
It is to recall AES after multiple attributes of type data are serialized, therefore, need to only call and once encrypt
Algorithm, needs to call the side of AES for each attribute of relational data respectively relative to prior art
For case, the call number of AES is greatly reduced, so, it is possible to reduce the operation of CPU, significantly
Improve treatment effeciency, and the speed of data storage.
Embodiment five,
Accordingly, the embodiment of the present invention also provides a kind of data decryption apparatus, as shown in figure 5, the data solution
Close device includes acquiring unit 501, determining unit 502, decryption unit 503, unserializing unit 504 and deposits
Storage unit 505, it is as follows:
Acquiring unit 501, needs relational data after the encryption being decrypted for obtaining.
Wherein, gained after relational data is encrypted by primitive relation type data after the encryption, it is specific to add
Decryption method can be found in embodiment above, will not be described here.
Wherein, primitive relation type data refer to encrypt before relational data, relational data refer to
Come the data that represent, it generally constitutes a record with a plurality of attribute and is stored in lane database relation mathematic model
Face.
Determining unit 502, for determining the encryption data after the encryption in relational data.
Wherein, encryption data is the serialized data that rear gained is encrypted according to predetermined encryption algorithm, and sequence
Rowization data are then to needing the attribute encrypted to carry out sequence in primitive relation type data using serializing algorithm
After change, gained, specifically can be found in embodiment above, will not be described here.
Decryption unit 503, for adopting default decipherment algorithm to be decrypted the encryption data, is decrypted
Data.
For example, decryption unit 503 can specifically adopt default decipherment algorithm to change the ciphertext of the encryption data
In plain text, to obtain ciphertext data, etc..
Wherein, the decipherment algorithm should be matched with AES, and specific AES can be according to AES
Depending on, and AES then can be configured according to the demand of practical application, be will not be described here.
Unserializing unit 504, for adopting serializing algorithm to carry out unserializing to the ciphertext data, obtains
To unserializing data.
Memory element 505, for the unserializing data are deposited as the attribute of relational data
Storage, obtains primitive relation type data.
For example, wherein, the unserializing unit 504 can include file acquisition subelement and process subelement,
It is as follows:
File acquisition subelement, the data interchange format file adopted during for obtaining encryption.
Wherein, the data interchange format file is in encryption, for encryption is needed in primitive relation type data
Attribute be defined and obtain, specifically can be found in embodiment above, will not be described here.
Subelement is processed, for unserializing being carried out to the ciphertext data according to the data interchange format file,
Obtain unserializing data.For example, specifically can be as follows:
Subelement is processed, specifically can be used for obtaining the corresponding unserializing function library of the serializing algorithm, profit
With the unserializing function library, unserializing is carried out to the ciphertext data according to the data interchange format file,
Obtain unserializing data.
It should be noted that, the serializing algorithm can include that multiple fields can be carried out overall beating by any one
The algorithm of packet sequence, such as protobuf algorithms, the serializing algorithm should be with the sequences adopted during encryption
Change algorithm to be consistent.
For example, protobuf algorithms, and the data interchange format file are specially with the serializing algorithm
As a example by for .proto files, then:
Subelement is processed, specifically can be used for obtaining the corresponding unserializing function library of protobuf algorithms, profit
With the unserializing function library, unserializing is carried out to the ciphertext data according to the proto files, inverted sequence is obtained
Rowization data.
When being embodied as, above unit can be realized as independent entity, it is also possible to carried out arbitrarily
Combination, realizes as same or several entities, and being embodied as of above unit can be found in above
Embodiment of the method, will not be described here.
The data decryption apparatus can be specifically integrated in the equipment such as terminal, server or storage device.
From the foregoing, it will be observed that the present embodiment can also adopt adding in presetting decipherment algorithm to relational data after encryption
Ciphertext data is decrypted, then carry out unserializing to ciphertext data using serializing algorithm, and will obtain
Unserializing data are stored respectively as the attribute of relational data, obtain primitive relation type data, from
And reach the purpose of decryption.Due in this scenario, only a decipherment algorithm being called to carry out encryption data
Decryption, then recycles serializing algorithm to carry out unserializing to ciphertext data, accordingly, with respect to existing skill
Art is needed for each attribute of relational data calls the scheme of decipherment algorithm respectively, is greatly reduced
The call number of decipherment algorithm, so, it is possible to reduce the operation of CPU, treatment effeciency is greatly improved, and
The speed of data storage.
Embodiment six,
Additionally, the embodiment of the present invention also provides a kind of data handling system, including it is provided in an embodiment of the present invention
Any one data encryption device and any one data decryption apparatus, wherein, data encryption device specifically can be found in
Example IV, data decryption apparatus specifically can be found in embodiment five, for example, can be as follows:
Data encryption device, needs the primitive relation type data being encrypted for obtaining;Determine the original pass
It is the attribute for needing in type data to encrypt;Sequence is carried out to the attribute of the needs encryption using serializing algorithm
Change, obtain serialized data;The serialized data is encrypted using predetermined encryption algorithm, is encrypted
Data;Stored the encryption data as an attribute of the primitive relation type data, after being encrypted
Relational data.
Data decryption apparatus, need relational data after the encryption being decrypted for obtaining;Determine the encryption
Encryption data in relational data afterwards;The encryption data is decrypted using default decipherment algorithm, is obtained
Ciphertext data;Unserializing is carried out to the ciphertext data using serializing algorithm, unserializing data are obtained;
The unserializing data are stored as the attribute of relational data, primitive relation type number is obtained
According to.
Wherein, the serializing algorithm can include that multiple fields can be carried out overall packing sequence by any one
The algorithm of change, such as protobuf algorithms.For example, by taking protobuf as an example, then:
Data encryption device, it is corresponding specifically for the attribute definition protobuf algorithms for the needs encryption
Source file, such as " .proto files ", then obtains the corresponding serializing function library of protobuf algorithms, utilizes
The serializing function library, serializes to the attribute of the needs encryption according to the .proto files, obtains sequence
Rowization data, such as buf.
Data decryption apparatus, specifically can be used for obtaining the corresponding unserializing function library of protobuf algorithms,
Using the unserializing function library, unserializing is carried out to the ciphertext data according to the proto files, obtain anti-
Serialized data.
Additionally, the data handling system can also include other equipment, such as storage device etc., the storage
Equipment, can be used for storing relational data after primitive relation type data and encryption.
It should be noted that, when being embodied as, the data encryption device, data decryption apparatus and storage device can
With in same entity, it is also possible in different entities.The entity can be specifically terminal, service
The equipment such as device or storage device, will not be described here.
More than each equipment be embodied as can be found in embodiment above, will not be described here.
As the data handling system can include that any one data encryption that the embodiment of the present invention is provided is filled
Put and data decryption apparatus, it is thereby achieved that any one data encryption that the embodiment of the present invention is provided is filled
Put and the beneficial effect achieved by data decryption apparatus, refer to embodiment above, will not be described here.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment
Suddenly can be by program to instruct the hardware of correlation to complete, the program can be stored in a computer-readable
In storage medium, storage medium can include:Read only memory (ROM, Read Only Memory),
Random access memory (RAM, Random Access Memory), disk or CD etc..
A kind of encryption method of data that above embodiment of the present invention is provided, decryption method, device and it is
System is described in detail, and specific case used herein is carried out to the principle and embodiment of the present invention
Illustrate, the explanation of above example is only intended to help and understands the method for the present invention and its core concept;Meanwhile,
For those skilled in the art, according to the thought of the present invention, in specific embodiments and applications
Will change, in sum, this specification content should not be construed as limiting the invention.
Claims (19)
1. a kind of encryption method of data, it is characterised in that include:
Obtain the primitive relation type data for needing to be encrypted;
The attribute encrypted is needed in determining the primitive relation type data;
The attribute for needing encryption is serialized using serializing algorithm, obtain serialized data;
The serialized data is encrypted using predetermined encryption algorithm, obtains encryption data;
Stored the encryption data as an attribute of the primitive relation type data, encrypted
Relational data afterwards.
2. method according to claim 1, it is characterised in that it is described using serializing algorithm to described
Need the attribute of encryption to be serialized, obtain serialized data, including:
For the corresponding data interchange format file of attribute definition serializing algorithm for needing encryption;
The attribute for needing encryption is serialized according to the data interchange format file, obtain sequence
Change data.
3. method according to claim 2, it is characterised in that described according to the data interchange format
File is serialized to the attribute for needing encryption, obtains serialized data, including:
Obtain the corresponding serializing function library of the serializing algorithm;
Using the serializing function library, according to the data interchange format file to the category for needing encryption
Property is serialized, and obtains serialized data.
4. method according to claim 2, it is characterised in that described for the category for needing encryption
The property corresponding data interchange format file of defined nucleotide sequence algorithm, including:
Determine the field type of the attribute for needing encryption;
The corresponding data interchange format file of algorithm is serialized according to the field type definition.
5. the method according to any one of claim 2 to 4, it is characterised in that described for the need
The corresponding data interchange format file of attribute definition serializing algorithm to be encrypted, including:
For the corresponding source file of attribute definition agreement relief area protobuf algorithms for needing encryption;
It is described the attribute for needing encryption to be serialized according to the data interchange format file, obtain
Serialized data, specially:The corresponding serializing function library of protobuf algorithms is obtained, using the sequence
Change function library, the attribute for needing encryption is serialized according to the source file, obtain serializing number
According to.
6. a kind of decryption method of data, it is characterised in that include:
Obtain relational data after the encryption for needing to be decrypted;
Determine the encryption data in relational data after the encryption;
The encryption data is decrypted using default decipherment algorithm, obtains ciphertext data;
Unserializing is carried out to the ciphertext data using serializing algorithm, unserializing data are obtained;
The unserializing data are stored as the attribute of relational data, primitive relation is obtained
Type data.
7. method according to claim 6, it is characterised in that it is described using serializing algorithm to described
Ciphertext data carries out unserializing, obtains unserializing data, including:
The data interchange format file adopted during encryption is obtained, the data interchange format file is in encryption
When, obtain for needing the attribute encrypted to be defined in primitive relation type data;
Unserializing is carried out to the ciphertext data according to the data interchange format file, unserializing is obtained
Data.
8. method according to claim 7, it is characterised in that described according to the data interchange format
File carries out unserializing to the ciphertext data, obtains unserializing data, including:
Obtain the corresponding unserializing function library of the serializing algorithm;
Using the unserializing function library, the ciphertext data is entered according to the data interchange format file
Row unserializing, obtains unserializing data.
9. the method according to claim 7 or 8, it is characterised in that the serializing algorithm is agreement
Relief area protobuf algorithms, the data interchange format file are source file, then described according to the data
DIF file carries out unserializing to the ciphertext data, obtains unserializing data, including:
The corresponding unserializing function library of protobuf algorithms is obtained, using the unserializing function library, root
Unserializing is carried out to the ciphertext data according to the source file, unserializing data are obtained.
10. a kind of data encryption device, it is characterised in that include:
Acquiring unit, needs the primitive relation type data being encrypted for obtaining;
Determining unit, needs the attribute encrypted for determining in the primitive relation type data;
Serialization unit, for adopting serializing algorithm to serialize the attribute for needing encryption, obtains
To serialized data;
Ciphering unit, for being encrypted to the serialized data using predetermined encryption algorithm, is encrypted
Data;
Memory element, for carrying out the encryption data as an attribute of the primitive relation type data
Storage, relational data after being encrypted.
11. data encryption devices according to claim 10, it is characterised in that the serialization unit
Including definition subelement and process subelement;
The definition subelement, for for the corresponding number of attribute definition serializing algorithm for needing encryption
According to DIF file;
The process subelement, for needing the attribute encrypted to described according to the data interchange format file
Serialized, obtained serialized data.
12. data encryption devices according to claim 11, it is characterised in that
The process subelement, specifically for obtaining the corresponding serializing function library of the serializing algorithm, profit
With the serializing function library, the attribute for needing encryption is carried out according to the data interchange format file
Serializing, obtains serialized data.
13. data encryption devices according to claim 11, it is characterised in that
The definition subelement, the field type specifically for determining the attribute for needing encryption, according to institute
State.
14. data encryption devices according to any one of claim 11 to 13, it is characterised in that
The definition subelement, specifically for for the attribute definition agreement relief area for needing encryption
Protobuf algorithms correspondence source file;
The process subelement, specifically for obtaining the corresponding serializing function library of protobuf algorithms, utilizes
The serializing function library, serializes to the attribute for needing encryption according to the source file, obtains
Serialized data.
15. a kind of data decryption apparatus, it is characterised in that include:
Acquiring unit, needs relational data after the encryption being decrypted for obtaining;
Determining unit, for determining the encryption data after the encryption in relational data;
Decryption unit, for adopting default decipherment algorithm to be decrypted the encryption data, obtains decrypting number
According to;
Unserializing unit, for adopting serializing algorithm to carry out unserializing to the ciphertext data, obtains
Unserializing data;
Memory element, for the unserializing data are deposited as the attribute of relational data
Storage, obtains primitive relation type data.
16. data decryption apparatus according to claim 15, it is characterised in that the unserializing list
Unit includes file acquisition subelement and processes subelement;
The file acquisition subelement, the data interchange format file adopted during for obtaining encryption are described
Data interchange format file is in encryption, for needing the attribute encrypted to carry out determining in primitive relation type data
Justice and obtain;
The process subelement, for being carried out instead to the ciphertext data according to the data interchange format file
Serializing, obtains unserializing data.
17. data decryption apparatus according to claim 16, it is characterised in that
The process subelement, specifically for obtaining the corresponding unserializing function library of the serializing algorithm,
Using the unserializing function library, the ciphertext data is carried out instead according to the data interchange format file
Serializing, obtains unserializing data.
18. data decryption apparatus according to claim 16 or 17, it is characterised in that the serializing
Algorithm is agreement relief area protobuf algorithms, and the data interchange format file is source file, then:
The process subelement, specifically for obtaining the corresponding unserializing function library of protobuf algorithms, profit
With the unserializing function library, unserializing is carried out to the ciphertext data according to the source file, is obtained
Unserializing data.
19. a kind of data handling systems, it is characterised in that including described in any one of claim 10 to 14
Data decryption apparatus described in data encryption device and any one of claim 15 to 18.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510648132.XA CN106570410B (en) | 2015-10-09 | 2015-10-09 | Data encryption method, data decryption method, device and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510648132.XA CN106570410B (en) | 2015-10-09 | 2015-10-09 | Data encryption method, data decryption method, device and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106570410A true CN106570410A (en) | 2017-04-19 |
CN106570410B CN106570410B (en) | 2020-05-12 |
Family
ID=58507283
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510648132.XA Active CN106570410B (en) | 2015-10-09 | 2015-10-09 | Data encryption method, data decryption method, device and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106570410B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110019553A (en) * | 2017-12-21 | 2019-07-16 | 北京奇虎科技有限公司 | Processing method, device and the computer readable storage medium of Recommendations data |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103413099A (en) * | 2013-08-22 | 2013-11-27 | 曙光云计算技术有限公司 | Data storage method and device and enciphered data accessing method and device |
CN103605741A (en) * | 2013-11-19 | 2014-02-26 | 北京国双科技有限公司 | Object encryption storage method, device and system |
CN104077335A (en) * | 2013-05-07 | 2014-10-01 | 腾讯科技(深圳)有限公司 | Methods, devices and system for serializing and deserializing structured data |
CN104580158A (en) * | 2014-12-12 | 2015-04-29 | 集时通(福建)信息科技有限公司 | Distributed platform file and content distribution method and distributed platform file and content distribution system |
-
2015
- 2015-10-09 CN CN201510648132.XA patent/CN106570410B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104077335A (en) * | 2013-05-07 | 2014-10-01 | 腾讯科技(深圳)有限公司 | Methods, devices and system for serializing and deserializing structured data |
CN103413099A (en) * | 2013-08-22 | 2013-11-27 | 曙光云计算技术有限公司 | Data storage method and device and enciphered data accessing method and device |
CN103605741A (en) * | 2013-11-19 | 2014-02-26 | 北京国双科技有限公司 | Object encryption storage method, device and system |
CN104580158A (en) * | 2014-12-12 | 2015-04-29 | 集时通(福建)信息科技有限公司 | Distributed platform file and content distribution method and distributed platform file and content distribution system |
Non-Patent Citations (1)
Title |
---|
聂晓旭等: "基于Protobuf的数据传输协议", 《基于PROTOBUF的数据传输协议》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110019553A (en) * | 2017-12-21 | 2019-07-16 | 北京奇虎科技有限公司 | Processing method, device and the computer readable storage medium of Recommendations data |
Also Published As
Publication number | Publication date |
---|---|
CN106570410B (en) | 2020-05-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10635824B1 (en) | Methods and apparatus for private set membership using aggregation for reduced communications | |
CN105760764B (en) | Encryption and decryption method and device for embedded storage device file and terminal | |
CN105610793B (en) | A kind of outsourcing data encryption storage and cryptogram search system and its application process | |
CN109728914B (en) | Digital signature verification method, system, device and computer readable storage medium | |
CN106452770B (en) | Data encryption method, data decryption method, device and system | |
CN105577379A (en) | Information processing method and apparatus thereof | |
US11316671B2 (en) | Accelerated encryption and decryption of files with shared secret and method therefor | |
CN110505054B (en) | Data processing method, device and equipment based on dynamic white box | |
CN105071927A (en) | Mobile device data local storage method | |
CN111767559B (en) | Field level encryption blockchain data | |
CN111371545A (en) | Encryption method and system based on privacy protection | |
CN109544164A (en) | A kind of encryption system based on internet payment, method and storage medium | |
CN106878322A (en) | A kind of encryption and decryption method of the fixed length ciphertext based on attribute and key | |
CN112287366A (en) | Data encryption method and device, computer equipment and storage medium | |
CN106446697A (en) | Method and device for saving private data | |
CN104023009A (en) | Web system license verification mechansim | |
CN112328639A (en) | Data query method, device and system and data set processing method | |
CN104978542A (en) | Secure data storage and data access method and system | |
CN106656496A (en) | Data encryption method and apparatus | |
CN106570410A (en) | Data encryption method and device, data decryption method and device, and data processing system | |
CN116455555A (en) | Data encryption method and device and electronic equipment | |
CN115766244A (en) | Internet of vehicles information encryption method and device, computer equipment and storage medium | |
CN114611129A (en) | Data privacy protection method and system | |
CN113612799A (en) | Block chain hash encryption method and device based on SM2 algorithm | |
EP3406050B1 (en) | Method for safeguarding the confidentiality of the sender's identification of messages transmitted through promiscuous channels |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |