CN107948152A - Information storage means, acquisition methods, device and equipment - Google Patents

Information storage means, acquisition methods, device and equipment Download PDF

Info

Publication number
CN107948152A
CN107948152A CN201711179733.6A CN201711179733A CN107948152A CN 107948152 A CN107948152 A CN 107948152A CN 201711179733 A CN201711179733 A CN 201711179733A CN 107948152 A CN107948152 A CN 107948152A
Authority
CN
China
Prior art keywords
salt
information
subscriber identity
identity information
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711179733.6A
Other languages
Chinese (zh)
Other versions
CN107948152B (en
Inventor
赵子云
于涛
崔精兵
屈亚鑫
毕磊
张洁烽
王炳堪
张友旭
任光辉
郭长宇
郭晓龙
姜澎
吴彬
苏蒙
王俊豪
申金娟
张森炜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201711179733.6A priority Critical patent/CN107948152B/en
Publication of CN107948152A publication Critical patent/CN107948152A/en
Application granted granted Critical
Publication of CN107948152B publication Critical patent/CN107948152B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a kind of information storage means, acquisition methods, device and equipment.The described method includes:Obtain the subscriber identity information in the second application by the user of the first application generation;At least one wheel encryption is performed to subscriber identity information using the first salt group and obtains user identifier, and at least one wheel encryption performs subscriber identity information using second group of salt and obtains key, respectively includes at least one salt in the first salt group and the second salt group;Information to be stored is encrypted using key, obtains encryption information;User identifier and encryption information are corresponded to and stored into the information database of the second application.The embodiment of the present invention is using subscriber identity information as basic character string, user identifier and key are generated using salt Encryption Algorithm is added, encrypted using the cipher key pair information, user identifier and encryption information are then corresponded into storage, stored compared to hash algorithm is directly used after being encrypted to information, encryption information in the embodiment of the present invention cracks difficulty lifting, and security improves.

Description

Information storage means, acquisition methods, device and equipment
Technical field
The present embodiments relate to technical field of information storage, more particularly to a kind of information storage means, acquisition methods, dress Put and equipment.
Background technology
How preferably to store, manage for sensitive information, preferably to ensure the safety of these sensitive informations and protection The privacy of user, the problem of being major company and enterprise's concern all the time and pay attention to.The sensitive information of user can include surname The information such as name, gender, date of birth, passport NO., telephone number.
In order to improve the security of above-mentioned sensitive information, it is necessary to after these sensitive informations are encrypted etc. with safe handling again Stored.In the related art, there is provided a kind of encryption storage scheme based on hash algorithm.To store the quick of targeted customer Exemplified by feeling information, the sensitive information progress Hash calculation to targeted customer obtains encryption information, then by the user of targeted customer Account number and above-mentioned encryption information, which correspond to, to be stored into non-sensitive information database.Wherein, the user account number of targeted customer can be this The account number that targeted customer is registered in a certain network service of login, the identity for unique mark targeted customer.
But the sensitive information for being encrypted using foregoing hash algorithm, network hacker can use rainbow table (rainbow tables) technology is cracked, and security is relatively low.Also, when wanting to obtain the sensitive information of a certain user, Corresponding sensitive information can be found by being directly based upon the user account number of the user.
The content of the invention
It is related available for solving an embodiment of the present invention provides a kind of information storage means, acquisition methods, device and equipment Technology provide information storage schemes present in lookup and crack the problem of difficulty is low, and security is low.The technical solution is such as Under:
First aspect, there is provided a kind of information storage means, the described method includes:
Obtain the subscriber identity information in the second application by the user of the first application generation;
At least one wheel encryption is performed to the subscriber identity information using the first salt group and obtains user identifier, first salt Group includes at least one salt;
At least one wheel encryption is performed to the subscriber identity information using second group of salt and obtains key, in the second salt group Including at least one salt;
Information to be stored is encrypted using the key, obtains encryption information;
The user identifier and the encryption information are corresponded to and stored into the information database of the described second application.
Second aspect, there is provided a kind of information acquisition method, the described method includes:
Obtain the subscriber identity information in the second application by the user of the first application generation;
At least one wheel encryption is performed to the subscriber identity information using the first salt group and obtains user identifier, first salt Group includes at least one salt;
At least one wheel encryption is performed to the subscriber identity information using second group of salt and obtains key, in the second salt group Including at least one salt;
The encryption information of storage corresponding with the user identifier is obtained from the information database of the described second application;
The encryption information is decrypted using the key, obtains cleartext information.
The third aspect, there is provided a kind of information-storing device, described device include:
Data obtaining module, for obtaining the subscriber identity information by the user of the first application generation in the second application;
First encrypting module, is used for being performed at least one wheel encryption to the subscriber identity information using the first salt group Family identifies, and the first salt group includes at least one salt;
Second encrypting module, it is close for being obtained using second group of salt at least one wheel encryption of subscriber identity information execution Key, the second salt group include at least one salt;
3rd encrypting module, for being encrypted using the key to information to be stored, obtains encryption information;
Information storage module, stores to the described second application for the user identifier and the encryption information to be corresponded to In information database.
Fourth aspect, there is provided a kind of information acquisition device, described device include:
Data obtaining module, for obtaining the subscriber identity information by the user of the first application generation in the second application;
First encrypting module, is used for being performed at least one wheel encryption to the subscriber identity information using the first salt group Family identifies, and the first salt group includes at least one salt;
Second encrypting module, it is close for being obtained using second group of salt at least one wheel encryption of subscriber identity information execution Key, the second salt group include at least one salt;
Data obtaining module, for obtaining deposit corresponding with the user identifier from the information database of the described second application The encryption information of storage;
Information deciphering module, for being decrypted using the key to the encryption information, obtains cleartext information.
5th aspect, there is provided a kind of computer equipment, the computer equipment includes processor and memory, described to deposit Be stored with least one instruction, at least one section of program, code set or instruction set in reservoir, at least one instruction, it is described extremely Few one section of program, the code set or described instruction collection realize such as first aspect or second aspect when being performed by the processor The method.
A kind of 6th aspect, there is provided computer-readable recording medium, it is characterised in that the computer-readable storage medium Be stored with least one instruction, at least one section of program, code set or instruction set in matter, at least one instruction, it is described at least One section of program, the code set or described instruction collection realize the method as described in first aspect or second aspect when executed.
7th aspect, there is provided a kind of computer program product, when the computer program product is performed, it is used to hold Method described in the above-mentioned first aspect of row or second aspect.
Technical solution provided in an embodiment of the present invention can bring following beneficial effect:
By the character string based on subscriber identity information, subscriber identity information is added using salt Encryption Algorithm is added It is close, user identifier and key are obtained, information to be stored is encrypted using above-mentioned key to obtain encryption information, then by user identifier Storage corresponding with encryption information;On the one hand, obtained after encryption information is encrypted using key, and key is by adding salt Encryption Algorithm generation, compared to directly information to be stored is encrypted using hash algorithm after store, the embodiment of the present invention In encryption information crack difficulty lifting, security improve;On the other hand, user identifier is also by adding salt Encryption Algorithm to generate , and the user account number of ciphertext, so that in the stored information of the desired a certain user of acquisition, it is impossible to be directly based upon the use The user account number at family finds corresponding information, it is necessary to which corresponding information can just be found by generating accurate user identifier so that cracks Difficulty is further lifted, and security further improves.
Brief description of the drawings
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for For those of ordinary skill in the art, without creative efforts, other can also be obtained according to these attached drawings Attached drawing.
Fig. 1 is the schematic diagram of implementation environment provided by one embodiment of the present invention;
Fig. 2 is the flow chart of information storage means provided by one embodiment of the present invention;
Fig. 3 is the flow chart for the information storage means that another embodiment of the present invention provides;
Fig. 4 be the present embodiments relate to information storing process schematic diagram;
Fig. 5 is the schematic diagram of four key elements involved in information storing process provided in an embodiment of the present invention;
Fig. 6 is the flow chart of information acquisition method provided by one embodiment of the present invention;
Fig. 7 is the flow chart for the information acquisition method that another embodiment of the present invention provides;
Fig. 8 be the present embodiments relate to information access process schematic diagram;
Fig. 9 is the block diagram of information-storing device provided by one embodiment of the present invention;
Figure 10 is the block diagram of information acquisition device provided by one embodiment of the present invention;
Figure 11 is the structure diagram of computer equipment provided by one embodiment of the present invention.
Embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to embodiment party of the present invention Formula is described in further detail.
Method provided in an embodiment of the present invention, the executive agent of each step can be the electricity for arbitrarily possessing data access function Sub- equipment, such as server, terminal device, cloud device, data center apparatus, etc..In one example, when executive agent is During server, which can be the background server of network service provider, add for carrying out safety to the information of user Close storage management.Above-mentioned network service provider can be such as social class application, instant messaging application, pay class application, net Any application program such as network shopping application, game application.
In one example, as shown in Figure 1, the implementation environment that the embodiment of the present invention may relate to can include:Eventually End 110 and server 120.
Terminal 110 can be the electronic equipments such as mobile phone, tablet computer, personal computer.
Server 120 can be a server or the server cluster being made of multiple servers, either One cloud computing service center.The server 120 can be the background server of network service provider, correspondingly, terminal 110 In can be with the application client of installation and operation network service provider, user is by above application programmatic client on backstage Access information in server.
Implementation environment shown in above-mentioned Fig. 1 is only exemplary and explanatory, and information is except that can be stored in server 120 In outside, can also be stored in terminal 110, either synchronously store or be stored in terminal 110 and server 120 with Have between server 120 in the miscellaneous equipment (such as cloud device, data center apparatus) of communication connection, the embodiment of the present invention pair This is not construed as limiting.It can change with the appearance of new business scene, the storage mode of information with the development of science and technology, but this The technical solution that inventive embodiments provide is equally applicable for the similar problems in new business scene.
In embodiments of the present invention, the particular content of the information of access is not construed as limiting, such as it can be such as user Name, gender, the date of birth, passport NO., telephone number, kinsfolk, payroll records, work resume, log, phase The information of storage, such as file, data is encrypted in the sensitive informations such as volume or other any need.
Please refer to Fig.2, it illustrates the flow chart of information storage means provided by one embodiment of the present invention.This method can With including the following steps:
Step 201, the subscriber identity information in the second application by the user of the first application generation is obtained.
First application and the second application application program that to be two different, such as the first application is an instant messaging application, the Two applications are a shopping at network application.In embodiments of the present invention, the second application is used to carry out safe encryption to the information of user Storage management.
Subscriber identity information is the information for referring to identity of the unique mark user in the second application, and different users has There is different subscriber identity informations, such as subscriber identity information can be user account number or other unique identifiers.In this hair In bright embodiment, subscriber identity information of the user in the second application is generated by the first application.Alternatively, the second application is not protected Subscriber identity information is deposited, when it needs to obtain every time subscriber identity information, calls the first application to provide it subscriber identity information.
Exemplarily, the client of the second application provides a user Quick Response Code, is called by the above-mentioned Quick Response Code of scanning recognition User account number generation user subscriber identity information in second application of first application according to user in the second application, and will Above-mentioned subscriber identity information is supplied to the second application.Second applies after the user's identity information is got, and can be based on should Subscriber identity information stores information to be stored using method and step provided below, and after Stored Procedure is completed, Without preserving subscriber identity information on the backstage of the second application.When needing to store information again or obtain information, in repetition State flow.
Step 202, at least one wheel encryption is performed to subscriber identity information using the first salt group and obtains user identifier.
In embodiments of the present invention, using adding salt enciphered method that subscriber identity information is encrypted to obtain user identifier.Add Salt enciphered method refers to, using information to be encrypted and a string-concatenation as salt (salt), then hold character string after splicing Row Hash calculation obtains encrypted result.Above-mentioned salt is typically a n random numbers, and salt also referred to as encrypts salt, and n is positive integer.The One salt group includes at least one salt, each salt can generate at random.
User identifier is also referred to as User ID (identity), is unique identification information of the user in information database.It is right For different users, since its subscriber identity information is different, the user identifier that encryption obtains is also different, i.e., different User has different user identifiers in information database.Information database refers to the data of the information for storing user Storehouse, above- mentioned information store again after would generally encrypting, to lift the security of information.In information database, by user identifier and Encrypted information corresponds to storage.
In one example, the first salt group includes a salt, and a is positive integer.Above-mentioned steps 202 can include following several Sub-steps:
1st, i-th of salt in the i-th -1 wheel encrypted result and the first salt group is spliced, character string after splicing is performed and is once breathed out It is uncommon that the i-th wheel encrypted result is calculated, wherein, the initial value of i is 1, as i=1, the i-th -1 wheel encrypted result (namely the 0th wheel Encrypted result) it is subscriber identity information;
2nd, when i is less than a, i=i+1 is made, and is performed again since above-mentioned steps 1, until i terminates flow when being equal to a, And the i-th wheel encrypted result is determined as user identifier.
Exemplarily, it is assumed that a=3, namely the first salt group include 3 salt, are denoted as salt1, salt2 and salt3 respectively, Assuming that subscriber identity information is represented with A, user identifier is represented with User ID, then the process for generating User ID is as follows:(1) to A+ Salt1 carries out a Hash calculation and obtains B, and (2) carry out a Hash calculation to B+salt2 and obtain C, and (3) carry out C+salt3 One time Hash calculation obtains User ID.It is above-mentioned+to represent two string-concatenations.
The algorithm of above-mentioned generation user identifier is properly termed as PBKDF2 (Password-Based Key DerivationFunction 2) algorithm.Wherein, the quantity a of salt can be advance according to the demand to complexity in the first salt group Setting, if complexity demand is higher, the value of a is bigger, and the difficulty cracked to user identifier is also bigger.By encrypted result Splice with salt, can be namely first of the last character of encrypted result and salt by salt splicing behind encrypted result Character mutually splices;Encrypted result can also be spliced behind salt, namely the first of the last character of salt and encrypted result A character mutually splices;Or both are spliced using other combinations.Algorithm can be SHA256 used by Hash calculation Algorithm, SHA1 algorithms, MD5 (Message Digest Algorithm 5) algorithm etc., the embodiment of the present invention is not construed as limiting this.
Step 203, at least one wheel encryption is performed to subscriber identity information using second group of salt and obtains key.
In above-mentioned steps 202, user identifier, in embodiments of the present invention, key are generated based on subscriber identity information It is to be generated based on subscriber identity information.Key is used to information to be stored be encrypted.In embodiments of the present invention, using symmetrical Information is encrypted in Encryption Algorithm, namely encryption with decryption used by key it is identical.
Similarly, in embodiments of the present invention, using adding salt enciphered method that subscriber identity information is encrypted to obtain key. Second salt group includes at least one salt, each salt can generate at random.Since the salt in the first salt group and the second salt group is equal The character string being randomly generated, therefore the first salt group usually will not be identical with the salt in the second salt group.In addition, first The quantity of salt included by salt group and the quantity of the salt included by the second salt group may be the same or different, and the present invention is implemented Example is not construed as limiting this.
In one example, the second salt group includes b salt, and b is positive integer.Above-mentioned steps 203 can include following several Sub-steps:
1st, j-th of the salt taken turns jth -1 in encrypted result and the second salt group splices, and character string after splicing is performed and is once breathed out It is uncommon that jth wheel encrypted result is calculated, wherein, the initial value of j is 1, as j=1, the wheel of jth -1 encrypted result (namely the 0th wheel Encrypted result) it is subscriber identity information;
2nd, when j is less than b, j=j+1 is made, and is performed again since above-mentioned steps 1, until j terminates flow when being equal to b, And jth wheel encrypted result is determined as key.
Exemplarily, it is assumed that b=4, namely the second salt group include 4 salt, be denoted as respectively salt4, salt5, salt6 and Salt7, it is assumed that subscriber identity information represents that key is represented with secret key with A, then the process for generating secretkey is as follows: (1) Hash calculation is carried out to A+salt4 and obtains D, (2) carry out a Hash calculation to D+salt5 and obtain E, and (3) are to E+ Salt6 carries out a Hash calculation and obtains F, and (4) carry out a Hash calculation to F+salt7 and obtain secret key.Above-mentioned+table Show two string-concatenations.
The algorithm of above-mentioned generation key is properly termed as PBKDF2 algorithms.Wherein, the quantity b of salt can basis in the second salt group The demand of complexity is preset, if complexity demand is higher, the value of b is bigger, the difficulty cracked to key It is bigger.Encrypted result and salt are spliced, they can splice salt behind encrypted result, namely the last character of encrypted result Accord with and mutually splicing with the first character of salt;Can also by encrypted result splice behind salt, namely the last character of salt with The first character of encrypted result mutually splices;Or both are spliced using other combinations.Calculated used by Hash calculation Method can be SHA256 algorithms, SHA1 algorithms, MD5 algorithms etc., and the embodiment of the present invention is not construed as limiting this.
In addition, in embodiments of the present invention, the execution sequence of above-mentioned steps 202 and step 203 is not construed as limiting, step 203 can perform after step 202, can also be performed before step 202, or be performed at the same time with step 202.
Step 204, information to be stored is encrypted using key, obtains encryption information.
When needing to store the information of any user, the subscriber identity information based on the user generates the use of the user respectively Family identifies and key, and then the information of the user is encrypted using the key of generation, obtains encryption information.
In embodiments of the present invention, to encryption used by symmetric encipherment algorithm be not construed as limiting, such as DES (Data Encryption Standard, data encryption standards) algorithm, 3DES algorithms, Blowfish algorithms, RC5 algorithms, IDEA (International Data Encryption Algorithm, international data encryption algorithm) algorithm etc..
Step 205, user identifier and encryption information are corresponded to and stored into the information database of the second application.
Alternatively, store encryption information in the database, which is properly termed as information database, by user identifier and Encryption information is corresponded to and stored into information database.In information database, major key of the user identifier as encryption information, with right The encryption information of different user distinguishes.Exemplarily, the data stored in information database are as shown in following table -1:
The user identifier of user 1 The encryption information of user 1
The user identifier of user 2 The encryption information of user 2
The user identifier of user 3 The encryption information of user 3
Table -1
In conclusion information storage means provided in an embodiment of the present invention, pass through the word based on subscriber identity information Symbol string, using adding salt Encryption Algorithm that subscriber identity information is encrypted, obtains user identifier and key, using above-mentioned key pair Information to be stored encrypts to obtain encryption information, and user identifier and encryption information then are corresponded to storage;On the one hand, encryption information is Obtained after being encrypted using key, and key is by adding salt Encryption Algorithm to generate, compared to directly using Hash calculation Method stores after information to be stored is encrypted, and the encryption information in the embodiment of the present invention cracks difficulty lifting, and security improves; On the other hand, user identifier is also what is generated by adding salt Encryption Algorithm, and the user account number of ciphertext, so as to want to obtain During the stored information of a certain user, it is impossible to which the user account number for being directly based upon the user finds corresponding information, it is necessary to generate Accurate user identifier can just find corresponding information so that crack difficulty and further lifted, security further improves.
In addition, the starting content of whole information encryption storing process is subscriber identity information, and subscriber identity information be by First application generation, when the second application needs to store the information of user, it first passes through the first application and obtains user identity letter Breath, and the user's identity information is not to be preserved by the second application, so even the information database of the second application is stolen, due to Hacker can not simultaneously get subscriber identity information, also cannot carry out successful decryption to the encryption information in information database.
Please refer to Fig.3, the flow chart of the information storage means provided it illustrates another embodiment of the present invention.This method It can include the following steps:
Step 301, the subscriber identity information in the second application by the user of the first application generation is obtained.
Step 301 is identical with the step 201 in Fig. 2 embodiments, illustrates referring to the introduction in Fig. 2 embodiments, the present embodiment This is repeated no more.
Step 302, Hash calculation at least once is performed to subscriber identity information, obtains a character string and identified as salt.
Salt mark is also referred to as salt ID, is unique identification information of the user in salt database.For different users, Since its subscriber identity information is different, the salt mark obtained by Hash calculation is also different, i.e., different users are in salt number According in storehouse there is different salt to identify.Salt database refers to the information of user is encrypted for storing used during storage The database of salt (namely the first salt group mentioned above and second salt group).In salt database, salt is identified into deposit corresponding with salt Storage.
In a kind of possible embodiment, a Hash calculation is performed to subscriber identity information, obtains character string work Identified for salt.
In alternatively possible embodiment, first time Hash calculation is performed to subscriber identity information, obtains a character String is used as salt;Subscriber identity information and salt are spliced, second of Hash calculation is performed to character string after splicing, obtains a character string Identified as salt.Wherein, subscriber identity information and salt are spliced, they can splice salt behind subscriber identity information, namely The last character of subscriber identity information is mutually spliced with the first character of salt;Subscriber identity information can also be spliced in salt Below, namely the last character of salt and the first character of subscriber identity information mutually splice;Or use other combination sides Formula splices both.Algorithm can be SHA256 algorithms, SHA1 algorithms, MD5 algorithms etc. used by Hash calculation, and the present invention is real Example is applied to be not construed as limiting this.Compared to the first above-mentioned embodiment, difficulty is cracked using what the salt of present embodiment generation identified Spend bigger.
Step 303, the first salt group and the second salt group are generated.
Each salt in the first salt group and the second salt group generates at random, namely each salt is one random The character string of generation.First salt group includes at least one salt, and the second salt group includes at least one salt.
Alternatively, in order to lift the difficulty that cracks of user identifier and key, and then the difficulty that cracks of encryption information is lifted, the One salt group includes at least two salt, and/or, the second salt group includes at least two salt.
Alternatively, when the first salt group includes at least two salt, which can sequentially arrange in the form of a list Row, during at least one wheel encryption is subsequently performed to subscriber identity information using the first salt group and obtains user identifier, according to At least two salt puts in order, and chooses salt successively and is encrypted.For example, it is assumed that the corresponding list of the first salt group includes a A salt, the process for being encrypted to obtain user identifier to subscriber identity information using the first salt group are as follows:1st, the i-th -1 wheel is encrypted As a result i-th of the salt splicing in list corresponding with the first salt group, performs a Hash calculation to character string after splicing and obtains i-th Encrypted result is taken turns, wherein, the initial value of i is 1, and as i=1, the i-th -1 wheel encrypted result (namely the 0th wheel encrypted result) is to use Family identity information;2nd, when i is less than a, i=i+1 is made, and is performed again since above-mentioned steps 1, until i terminates to flow when being equal to a Journey, and the i-th wheel encrypted result is determined as user identifier.
Similarly, when the second salt group includes at least two salt, which can sequentially arrange in the form of a list Row, during subsequently performing at least one wheel encryption to subscriber identity information using the second salt group and obtaining key, according to this extremely Few two salt put in order, and choose salt successively and are encrypted.For example, it is assumed that the corresponding list of the second salt group includes b salt, The process for being encrypted to obtain key to subscriber identity information using the second salt group is as follows:1st, jth -1 is taken turns into encrypted result and the J-th of salt splicing in the corresponding list of disalt group, performs character string after splicing Hash calculation and obtains jth wheel encryption knot Fruit, wherein, the initial value of j is 1, and as j=1, jth -1 is taken turns encrypted result (namely the 0th wheel encrypted result) and believed for user identity Breath;2nd, when j is less than b, j=j+1 is made, and is performed again since above-mentioned steps 1, until j terminates flow when being equal to b, and will Jth wheel encrypted result is determined as key.
In addition, in embodiments of the present invention, the execution sequence of above-mentioned steps 301 and step 303 is not construed as limiting, step 303 can perform after step 301, can also be performed before step 301, or be performed at the same time with step 301.
Step 304, store salt mark and the first salt group, the second salt group are corresponding.
Alternatively, salt group is stored in the database, which is properly termed as salt database, by salt mark and the first salt Group, the second salt group are corresponded to and stored into salt database.In salt database, salt identifies the major key as salt, with to different user Salt distinguish.Exemplarily, the data stored in salt database are as shown in following table -2:
Table -2
Step 305, at least one wheel encryption is performed to subscriber identity information using the first salt group and obtains user identifier.
Step 306, at least one wheel encryption is performed to subscriber identity information using second group of salt and obtains key.
Step 307, information to be stored is encrypted using key, obtains encryption information.
Step 308, user identifier and encryption information are corresponded to and stored into the information database of the second application.
Above-mentioned steps 305-308 is identical with the step 202-205 in Fig. 2 embodiments, referring to introducing in Fig. 2 embodiments Bright, the present embodiment repeats no more this.
With reference to reference to figure 4, it illustrates the present embodiments relate to information storing process schematic diagram.The process is main Including following 4 part:
1st, salt mark, storage corresponding with salt are generated
Hash calculation is performed to subscriber identity information, obtains a character string as salt;By subscriber identity information and salt Splicing, a Hash calculation is performed to character string after splicing, is obtained a character string and is identified as salt.Master using salt mark as salt Key, is stored in salt database, and generates corresponding with salt mark the first salt group and the second salt group, the first salt group and the second salt group In salt generate at random.Above-mentioned part 1 is corresponding with the step 301-304 in Fig. 3 embodiments.
2nd, user identifier is generated
Subscriber identity information is encrypted to obtain user identifier using the first salt group using PBKDF2 algorithms.User is marked Know the major key as user information, be stored in information database.Above-mentioned part 2 is opposite with the step 305 in Fig. 3 embodiments Should.
3rd, key is generated
Subscriber identity information is encrypted to obtain key using the second salt group using PBKDF2 algorithms.Above-mentioned third portion It is corresponding with the step 306 in Fig. 3 embodiments.
4th, encryption storage
When there is the information to be stored of user, information to be stored is encrypted using key, obtains encryption information, will then added Confidential information storage corresponding with user identifier in information database.Above-mentioned 4th part and the step 307-308 in Fig. 3 embodiments It is corresponding.
As shown in figure 5, in embodiments of the present invention, following 4 partial content is arrived involved in information storing process:User identity Information 51, salt database 52, information database 53, encryption logic code 54.Encryption logic code is used for realization above-mentioned Fig. 2 and figure Each method and step in 3 embodiments.Each separate storage, hacker need to such as carry out encrypted information above-mentioned 4 partial content Crack, then need at the same time to get this 4 partial content, cracking difficulty will be greatly improved.
In conclusion information storage means provided in an embodiment of the present invention, pass through the word based on subscriber identity information Symbol string, using adding salt Encryption Algorithm that subscriber identity information is encrypted, obtains user identifier and key, using above-mentioned key pair Information to be stored encrypts to obtain encryption information, and user identifier and encryption information then are corresponded to storage;On the one hand, encryption information is Obtained after being encrypted using key, and key is by adding salt Encryption Algorithm to generate, compared to directly using Hash calculation Method stores after information to be stored is encrypted, and the encryption information in the embodiment of the present invention cracks difficulty lifting, and security improves; On the other hand, user identifier is also what is generated by adding salt Encryption Algorithm, and the user account number of ciphertext, so as to want to obtain During the stored information of a certain user, it is impossible to which the user account number for being directly based upon the user finds corresponding information, it is necessary to generate Accurate user identifier can just find corresponding information so that crack difficulty and further lifted, security further improves.
Fig. 6 is refer to, it illustrates the flow chart of information acquisition method provided by one embodiment of the present invention.This method can With including the following steps:
Step 601, the subscriber identity information in the second application by the user of the first application generation is obtained.
First application and the second application application program that to be two different, such as the first application is an instant messaging application, the Two applications are a shopping at network application.In embodiments of the present invention, the second application is used to carry out safe encryption to the information of user Storage management.
Subscriber identity information is the information for referring to identity of the unique mark user in the second application, and different users has There is different subscriber identity informations, such as subscriber identity information can be user account number or other unique identifiers.In this hair In bright embodiment, subscriber identity information of the user in the second application is generated by the first application.Alternatively, the second application is not protected Subscriber identity information is deposited, when it needs to obtain every time subscriber identity information, calls the first application to provide it subscriber identity information.
Exemplarily, the client of the second application provides a user Quick Response Code, is called by the above-mentioned Quick Response Code of scanning recognition User account number generation user subscriber identity information in second application of first application according to user in the second application, and will Above-mentioned subscriber identity information is supplied to the second application.Second applies after the user's identity information is got, and can be based on should Subscriber identity information using method and step provided below decryption obtain the stored information of user, and complete obtain flow it Afterwards, without preserving subscriber identity information on the backstage of the second application.When needing to obtain information or storage information again, repeat Above-mentioned flow.
Step 602, at least one wheel encryption is performed to subscriber identity information using the first salt group and obtains user identifier.
In embodiments of the present invention, using adding salt enciphered method that subscriber identity information is encrypted to obtain user identifier.Add Salt enciphered method refers to, using information to be encrypted and a string-concatenation as salt (salt), then hold character string after splicing Row Hash calculation obtains encrypted result.Above-mentioned salt is typically a n random numbers, and salt also referred to as encrypts salt, and n is positive integer.The One salt group includes at least one salt, each salt can generate at random.
User identifier is also referred to as User ID, is unique identification information of the user in information database.For different use For family, since its subscriber identity information is different, the user identifier that encryption obtains is also different, i.e., different users are in information There is different user identifiers in database.Information database refers to the database of the information for storing user, above- mentioned information Stored again after would generally encrypting, to lift the security of information.In information database, by user identifier and encrypted information Corresponding storage.
In one example, the first salt group includes a salt, and a is positive integer.Above-mentioned steps 602 can include following several Sub-steps:
1st, i-th of salt in the i-th -1 wheel encrypted result and the first salt group is spliced, character string after splicing is performed and is once breathed out It is uncommon that the i-th wheel encrypted result is calculated, wherein, the initial value of i is 1, as i=1, the i-th -1 wheel encrypted result (namely the 0th wheel Encrypted result) it is subscriber identity information;
2nd, when i is less than a, i=i+1 is made, and is performed again since above-mentioned steps 1, until when i is equal to a, terminates stream Journey, and the i-th wheel encrypted result is determined as user identifier.
Exemplarily, it is assumed that a=3, namely the first salt group include 3 salt, are denoted as salt1, salt2 and salt3 respectively, Assuming that subscriber identity information is represented with A, user identifier is represented with User ID, then the process for generating User ID is as follows:(1) to A+ Salt1 carries out a Hash calculation and obtains B, and (2) carry out a Hash calculation to B+salt2 and obtain C, and (3) carry out C+salt3 One time Hash calculation obtains User ID.It is above-mentioned+to represent two string-concatenations.
The algorithm of above-mentioned generation user identifier is properly termed as PBKDF2 algorithms.Wherein, the quantity a of salt can be with the first salt group Preset according to the demand to complexity, if complexity demand is higher, the value of a is bigger, and user identifier is cracked Difficulty it is also bigger.Encrypted result and salt are spliced, can splice salt behind encrypted result, namely encrypted result is most The latter character and the first character of salt mutually splice;Can also by encrypted result splice behind salt, namely salt last A character and the first character of encrypted result mutually splice;Or both are spliced using other combinations.Hash calculation institute The algorithm of use can be SHA256 algorithms, SHA1 algorithms, MD5 algorithms etc., and the embodiment of the present invention is not construed as limiting this.
Step 603, at least one wheel encryption is performed to subscriber identity information using second group of salt and obtains key.
In above-mentioned steps 602, user identifier, in embodiments of the present invention, key are generated based on subscriber identity information It is to be generated based on subscriber identity information.In embodiments of the present invention, information to be stored is encrypted using symmetric encipherment algorithm, Namely key is identical used by encrypting with decryption.Therefore, key is also used in addition to for information to be stored to be encrypted Encryption information is decrypted to obtain cleartext information.
Similarly, in embodiments of the present invention, using adding salt enciphered method that subscriber identity information is encrypted to obtain key. Second salt group includes at least one salt, each salt can generate at random.Since the salt in the first salt group and the second salt group is equal The character string being randomly generated, therefore the first salt group usually will not be identical with the salt in the second salt group.In addition, first The quantity of salt included by salt group and the quantity of the salt included by the second salt group may be the same or different, and the present invention is implemented Example is not construed as limiting this.
In one example, the second salt group includes b salt, and b is positive integer.Above-mentioned steps 603 can include following several Sub-steps:
1st, j-th of the salt taken turns jth -1 in encrypted result and the second salt group splices, and character string after splicing is performed and is once breathed out It is uncommon that jth wheel encrypted result is calculated, wherein, the initial value of j is 1, as j=1, the wheel of jth -1 encrypted result (namely the 0th wheel Encrypted result) it is subscriber identity information;
2nd, when j is less than b, j=j+1 is made, and is performed again since above-mentioned steps 1, until j terminates flow when being equal to b, And jth wheel encrypted result is determined as key.
Exemplarily, it is assumed that b=4, namely the second salt group include 4 salt, be denoted as respectively salt4, salt5, salt6 and Salt7, it is assumed that subscriber identity information represents that key is represented with secret key with A, then the process for generating secretkey is as follows: (1) Hash calculation is carried out to A+salt4 and obtains D, (2) carry out a Hash calculation to D+salt5 and obtain E, and (3) are to E+ Salt6 carries out a Hash calculation and obtains F, and (4) carry out a Hash calculation to F+salt7 and obtain secret key.Above-mentioned+table Show two string-concatenations.
The algorithm of above-mentioned generation key is properly termed as PBKDF2 algorithms.Wherein, the quantity b of salt can basis in the second salt group The demand of complexity is preset, if complexity demand is higher, the value of b is bigger, the difficulty cracked to key It is bigger.Encrypted result and salt are spliced, they can splice salt behind encrypted result, namely the last character of encrypted result Accord with and mutually splicing with the first character of salt;Can also by encrypted result splice behind salt, namely the last character of salt with The first character of encrypted result mutually splices;Or both are spliced using other combinations.Calculated used by Hash calculation Method can be SHA256 algorithms, SHA1 algorithms, MD5 algorithms etc., and the embodiment of the present invention is not construed as limiting this.
In addition, in embodiments of the present invention, the execution sequence of above-mentioned steps 602 and step 603 is not construed as limiting, step 603 can perform after step 602, can also be performed before step 602, or be performed at the same time with step 602.
Step 604, the encryption information of storage corresponding with user identifier is obtained from the information database of the second application.
When needing to obtain the information of any user, the subscriber identity information based on the user generates the use of the user respectively Family identifies and key, and then using the user identifier of the user as major key, the user with the user is obtained from information database The encryption information of the corresponding storage of mark, which is the encrypted information of the user.
Step 605, decrypted using key pair encryption information, obtain cleartext information.
It is corresponding using used Encryption Algorithm when generating encryption information with encryption after encryption information is got Decipherment algorithm, is decrypted using key pair encryption information, obtains cleartext information.
In conclusion information acquisition method provided in an embodiment of the present invention, passes through the word based on subscriber identity information Symbol string, using adding salt Encryption Algorithm that subscriber identity information is encrypted, obtains user identifier and key, is marked using above-mentioned user Know and obtain corresponding encryption information, then decrypt to obtain cleartext information using key pair encryption information;On the one hand, cleartext information needs To be decrypted to obtain using key, and key is by adding salt Encryption Algorithm to generate, compared to directly using hash algorithm Stored after information is encrypted, the encryption information in the embodiment of the present invention cracks difficulty lifting, and security improves;The opposing party Face, user identifier is also what is generated by adding salt Encryption Algorithm, and the user account number of ciphertext, so as to want to obtain a certain use During the stored information in family, it is impossible to which the user account number for being directly based upon the user finds corresponding information, it is necessary to generate accurately User identifier can just find corresponding information so that crack difficulty and further lifted, security further improves.
Fig. 7 is refer to, the flow chart of the information acquisition method provided it illustrates another embodiment of the present invention.This method It can include the following steps:
Step 701, the subscriber identity information in the second application by the user of the first application generation is obtained.
Step 701 is identical with the step 601 in Fig. 6 embodiments, illustrates referring to the introduction in Fig. 6 embodiments, the present embodiment This is repeated no more.
Step 702, Hash calculation at least once is performed to subscriber identity information, obtains a character string and identified as salt.
Salt mark is also referred to as salt ID, is unique identification information of the user in salt database.For different users, Since its subscriber identity information is different, the salt mark obtained by Hash calculation is also different, i.e., different users are in salt number According in storehouse there is different salt to identify.Salt database refers to the information of user is encrypted for storing used during storage The database of salt (namely the first salt group mentioned above and second salt group).In salt database, salt is identified into deposit corresponding with salt Storage.
In a kind of possible embodiment, a Hash calculation is performed to subscriber identity information, obtains character string work Identified for salt.
In alternatively possible embodiment, first time Hash calculation is performed to subscriber identity information, obtains a character String is used as salt;Subscriber identity information and salt are spliced, second of Hash calculation is performed to character string after splicing, obtains a character string Identified as salt.Wherein, subscriber identity information and salt are spliced, they can splice salt behind subscriber identity information, namely The last character of subscriber identity information is mutually spliced with the first character of salt;Subscriber identity information can also be spliced in salt Below, namely the last character of salt and the first character of subscriber identity information mutually splice;Or use other combination sides Formula splices both.Algorithm can be SHA256 algorithms, SHA1 algorithms, MD5 algorithms etc. used by Hash calculation, and the present invention is real Example is applied to be not construed as limiting this.Compared to the first above-mentioned embodiment, difficulty is cracked using what the salt of present embodiment generation identified Spend bigger.
Step 703, the first salt group and the second salt group of storage corresponding with salt mark are obtained.
Each salt in first salt group and the second salt group generates at random, namely each salt is a random generation Character string.First salt group includes at least one salt, and the second salt group includes at least one salt.
When needing to obtain the salt of any user, major key is used as using the salt of the user mark, obtained from salt database and The the first salt group and the second salt group of the corresponding storage of salt mark of the user, above-mentioned the first salt group got and the second salt group are The salt used when the user identifier and key that generate the user, in follow-up decrypting process, equally using first salt Group and the second salt group generate the user identifier and key of the user.
Step 704, at least one wheel encryption is performed to subscriber identity information using the first salt group and obtains user identifier.
Step 705, at least one wheel encryption is performed to subscriber identity information using second group of salt and obtains key.
Step 706, the encryption information of storage corresponding with user identifier is obtained from the information database of the second application.
Step 707, decrypted using key pair encryption information, obtain cleartext information.
Above-mentioned steps 704-707 is identical with the step 602-605 in Fig. 6 embodiments, referring to introducing in Fig. 6 embodiments Bright, the present embodiment repeats no more this.
With reference to reference to figure 8, it illustrates the present embodiments relate to information access process schematic diagram.The process is main Including following 4 part:
1st, salt mark is generated, inquiry salt database obtains corresponding salt
Hash calculation is performed to subscriber identity information, obtains a character string as salt;By subscriber identity information and salt Splicing, a Hash calculation is performed to character string after splicing, is obtained a character string and is identified as salt.Using salt mark as major key, Corresponding with salt mark the first salt group and the second salt group are obtained from salt database.In above-mentioned part 1 and Fig. 7 embodiments Step 701-703 is corresponding.
2nd, user identifier is generated
Subscriber identity information is encrypted to obtain user identifier using the first salt group using PBKDF2 algorithms.Marked with user Knowledge is used as major key, and encryption information corresponding with user identifier is obtained from information database.Above-mentioned part 2 and Fig. 7 embodiments In step 704 it is corresponding.
3rd, key is generated
Subscriber identity information is encrypted to obtain key using the second salt group using PBKDF2 algorithms.Above-mentioned third portion It is corresponding with the step 705 in Fig. 7 embodiments.
4th, decrypting process
The encryption information got is decrypted using key, obtains cleartext information.Implement with Fig. 7 above-mentioned 4th part Step 706-707 in example is corresponding.
In conclusion information acquisition method provided in an embodiment of the present invention, passes through the word based on subscriber identity information Symbol string, using adding salt Encryption Algorithm that subscriber identity information is encrypted, obtains user identifier and key, is marked using above-mentioned user Know and obtain corresponding encryption information, then decrypt to obtain cleartext information using key pair encryption information;On the one hand, cleartext information needs To be decrypted to obtain using key, and key is by adding salt Encryption Algorithm to generate, compared to directly using hash algorithm Stored after information is encrypted, the encryption information in the embodiment of the present invention cracks difficulty lifting, and security improves;The opposing party Face, user identifier is also what is generated by adding salt Encryption Algorithm, and the user account number of ciphertext, so as to want to obtain a certain use During the stored information in family, it is impossible to which the user account number for being directly based upon the user finds corresponding information, it is necessary to generate accurately User identifier can just find corresponding information so that crack difficulty and further lifted, security further improves.
Following is apparatus of the present invention embodiment, can be used for performing the method for the present invention embodiment.It is real for apparatus of the present invention The details not disclosed in example is applied, refer to the method for the present invention embodiment.
Fig. 9 is refer to, it illustrates the block diagram of information-storing device provided by one embodiment of the present invention.The device has Realize the function for the information storage means that above method example provides, the function can be by hardware realization, can also be by hardware Corresponding software is performed to realize.The device can include:Data obtaining module 910, the first encrypting module 920, second encryption mould Block 930, the 3rd encrypting module 940 and information storage module 950.
Data obtaining module 910, is believed for obtaining by user identity of the user of the first application generation in the second application Breath.
First encrypting module 920, is encrypted for being performed at least one wheel to the subscriber identity information using the first salt group To user identifier, the first salt group includes at least one salt.
Second encrypting module 930, obtains at least one wheel encryption of subscriber identity information execution using second group of salt close Key, the second salt group include at least one salt.
3rd encrypting module 940, for being encrypted using the key to information to be stored, obtains encryption information.
Information storage module 950, is answered for corresponding to store to described second the user identifier and the encryption information In information database.
In conclusion information-storing device provided in an embodiment of the present invention, passes through the word based on subscriber identity information Symbol string, using adding salt Encryption Algorithm that subscriber identity information is encrypted, obtains user identifier and key, using above-mentioned key pair Information to be stored encrypts to obtain encryption information, and user identifier and encryption information then are corresponded to storage;On the one hand, encryption information is Obtained after being encrypted using key, and key is by adding salt Encryption Algorithm to generate, compared to directly using Hash calculation Method stores after information to be stored is encrypted, and the encryption information in the embodiment of the present invention cracks difficulty lifting, and security improves; On the other hand, user identifier is also what is generated by adding salt Encryption Algorithm, and the user account number of ciphertext, so as to want to obtain During the stored information of a certain user, it is impossible to which the user account number for being directly based upon the user finds corresponding information, it is necessary to generate Accurate user identifier can just find corresponding information so that crack difficulty and further lifted, security further improves.
In the alternative embodiment provided based on Fig. 9 embodiments, the first salt group includes a salt, and a is Positive integer;
First encrypting module 920, is used for:
I-th of salt in i-th -1 wheel encrypted result and the first salt group is spliced, character string after splicing is performed once Hash calculation obtains the i-th wheel encrypted result, wherein, the initial value of the i is 1, as i=1, the i-th -1 wheel encrypted result For the subscriber identity information;
When i is less than a, make i=i+1, and again from it is described by the i-th -1 wheel encrypted result and the first salt group the I salt splicing, performs a step of Hash calculation obtains the i-th wheel encrypted result to character string after splicing and starts to perform, until i Terminate flow during equal to a, and the described i-th wheel encrypted result is determined as the user identifier.
In another alternative embodiment provided based on Fig. 9 embodiments, the second salt group includes b salt, the b For positive integer;
Second encrypting module 930, is used for:
J-th of salt jth -1 taken turns in encrypted result and the second salt group splices, and character string after splicing is performed once Hash calculation obtains jth wheel encrypted result, wherein, the initial value of the j is 1, and as j=1, the jth -1 takes turns encrypted result For the subscriber identity information;
When j is less than b, make j=j+1, and again from it is described jth -1 taken turns in encrypted result and the second salt group the J salt splicing, performs a step of Hash calculation obtains jth wheel encrypted result to character string after splicing and starts to perform, until j Terminate flow during equal to b, and the jth wheel encrypted result is determined as the key.
In another alternative embodiment provided based on Fig. 9 embodiments, described device further includes:Salt generation module, salt Identifier generation module and salt memory module (not shown).
Salt generation module, for generating the first salt group and the second salt group, wherein, the first salt group and described Each salt in second salt group generates at random.
Salt identifier generation module, for performing Hash calculation at least once to the subscriber identity information, obtains a character String is identified as salt.
Salt memory module, for storing salt mark and the first salt group, the second salt group are corresponding.
Alternatively, salt identifier generation module, for performing first time Hash calculation to the subscriber identity information, obtains one Character string is as salt;The subscriber identity information and the salt are spliced, second of Hash calculation is performed to character string after splicing, A character string is obtained to identify as the salt.
0 is please referred to Fig.1, it illustrates the block diagram of information acquisition device provided by one embodiment of the present invention.The device has There is the function of realizing the information acquisition method that above method example provides, the function can be by hardware realization, can also be by hard Part performs corresponding software and realizes.The device can include:Data obtaining module 1010, the first encrypting module 1020, second add Close module 1030, data obtaining module 1040 and information deciphering module 1050.
Data obtaining module 1010, is believed for obtaining by user identity of the user of the first application generation in the second application Breath.
First encrypting module 1020, is encrypted for being performed at least one wheel to the subscriber identity information using the first salt group To user identifier, the first salt group includes at least one salt.
Second encrypting module 1030, is encrypted for being performed at least one wheel to the subscriber identity information using second group of salt To key, the second salt group includes at least one salt.
Data obtaining module 1040, for being obtained and the user identifier pair from the information database of the described second application The encryption information that should be stored.
Information deciphering module 1050, for being decrypted using the key to the encryption information, obtains cleartext information.
In conclusion information acquisition device provided in an embodiment of the present invention, passes through the word based on subscriber identity information Symbol string, using adding salt Encryption Algorithm that subscriber identity information is encrypted, obtains user identifier and key, is marked using above-mentioned user Know and obtain corresponding encryption information, then decrypt to obtain cleartext information using key pair encryption information;On the one hand, cleartext information needs To be decrypted to obtain using key, and key is by adding salt Encryption Algorithm to generate, compared to directly using hash algorithm Stored after information is encrypted, the encryption information in the embodiment of the present invention cracks difficulty lifting, and security improves;The opposing party Face, user identifier is also what is generated by adding salt Encryption Algorithm, and the user account number of ciphertext, so as to want to obtain a certain use During the stored information in family, it is impossible to which the user account number for being directly based upon the user finds corresponding information, it is necessary to generate accurately User identifier can just find corresponding information so that crack difficulty and further lifted, security further improves.
In the alternative embodiment provided based on Figure 10 embodiments, the first salt group includes a salt, a For positive integer;
First encrypting module 1020, is used for:
I-th of salt in i-th -1 wheel encrypted result and the first salt group is spliced, character string after splicing is performed once Hash calculation obtains the i-th wheel encrypted result, wherein, the initial value of the i is 1, as i=1, the i-th -1 wheel encrypted result For the subscriber identity information;
When i is less than a, make i=i+1, and again from it is described by the i-th -1 wheel encrypted result and the first salt group the I salt splicing, performs a step of Hash calculation obtains the i-th wheel encrypted result to character string after splicing and starts to perform, until i Terminate flow during equal to a, and the described i-th wheel encrypted result is determined as the user identifier.
In another alternative embodiment provided based on Figure 10 embodiments, the second salt group includes b salt, described B is positive integer;
Second encrypting module 1030, is used for:
J-th of salt jth -1 taken turns in encrypted result and the second salt group splices, and character string after splicing is performed once Hash calculation obtains jth wheel encrypted result, wherein, the initial value of the j is 1, and as j=1, the jth -1 takes turns encrypted result For the subscriber identity information;
When j is less than b, make j=j+1, and again from it is described jth -1 taken turns in encrypted result and the second salt group the J salt splicing, performs a step of Hash calculation obtains jth wheel encrypted result to character string after splicing and starts to perform, until j Terminate flow during equal to b, and the jth wheel encrypted result is determined as the key.
In another alternative embodiment provided based on Figure 10 embodiments, described device further includes:Salt mark generation mould Block and salt acquisition module (not shown).
Salt identifier generation module, for performing Hash calculation at least once to the subscriber identity information, obtains a character String is identified as salt.
Salt acquisition module, the first salt group and the second salt group for acquisition storage corresponding with salt mark, Wherein, each salt in the first salt group and the second salt group generates at random.
Alternatively, salt identifier generation module, is used for:First time Hash calculation is performed to the subscriber identity information, is obtained One character string is as salt;The subscriber identity information and the salt are spliced, second of Hash meter is performed to character string after splicing Calculate, obtain a character string and identified as the salt.
It should be noted that above-described embodiment provide device when realizing its function, only with above-mentioned each function module Division for example, in practical application, can be completed as needed and by above-mentioned function distribution by different function modules, The internal structure of equipment is divided into different function modules, to complete all or part of function described above.In addition, The apparatus and method embodiment that above-described embodiment provides belongs to same design, its specific implementation process refers to embodiment of the method, this In repeat no more.
1 is please referred to Fig.1, it illustrates the structure diagram of computer equipment provided by one embodiment of the present invention.For example, The computer equipment can be server, the method for implementing above-described embodiment offer.Specifically:
The computer equipment 1100 includes central processing unit (CPU) 1101 including random access memory (RAM) 1102 and the system storage 1104 of read-only storage (ROM) 1103, and connection system storage 1104 and central processing list The system bus 1105 of member 1101.The computer equipment 1100 transmits letter between further including each device helped in computer The basic input/output (I/O systems) 1106 of breath, and for storage program area 1113, application program 1114 and other The mass-memory unit 1107 of program module 1115.
The basic input/output 1106 includes the display 1108 for showing information and is inputted for user The input equipment 1109 of such as mouse, keyboard etc of information.Wherein described display 1108 and input equipment 1109 all pass through The input and output controller 1110 for being connected to system bus 1105 is connected to central processing unit 1101.The basic input/defeated Going out system 1106 can also touch including input and output controller 1110 for receiving and handling from keyboard, mouse or electronics Control the input of multiple other equipments such as pen.Similarly, input and output controller 1110 also provide output to display screen, printer or Other kinds of output equipment.
The mass-memory unit 1107 (is not shown by being connected to the bulk memory controller of system bus 1105 Go out) it is connected to central processing unit 1101.The mass-memory unit 1107 and its associated computer-readable medium are Computer equipment 1100 provides non-volatile memories.That is, the mass-memory unit 1107 can include it is such as hard The computer-readable medium (not shown) of disk or CD-ROM drive etc.
Without loss of generality, the computer-readable medium can include computer storage media and communication media.Computer Storage medium is included for information such as storage computer-readable instruction, data structure, program module or other data The volatile and non-volatile of any method or technique realization, removable and irremovable medium.Computer-readable storage medium includes RAM, ROM, EPROM, EEPROM, flash memory or other solid-state storages its technologies, CD-ROM, DVD or other optical storages, tape Box, tape, disk storage or other magnetic storage apparatus.Certainly, skilled person will appreciate that the computer-readable storage medium It is not limited to above-mentioned several.Above-mentioned system storage 1104 and mass-memory unit 1107 may be collectively referred to as memory.
According to various embodiments of the present invention, the computer equipment 1100 can also be connected by networks such as internets The remote computer operation being connected on network.Namely computer equipment 1100 can be by being connected on the system bus 1105 Network Interface Unit 1111 be connected to network 1112, in other words, it can also be connected to using Network Interface Unit 1111 The network or remote computer system of his type.
It is stored with least one instruction, at least one section of program, code set or instruction set in the memory, described at least one Bar instruction, at least one section of program, code set or instruction set are configured to by one or the execution of more than one processor, to realize Above- mentioned information storage method or information acquisition method.
In the exemplary embodiment, a kind of computer-readable recording medium is additionally provided, is stored with the storage medium At least one instruction, at least one section of program, code set or instruction set, at least one instruction, at least one section of program, the institute State code set or described instruction collection and realize such as above-mentioned information storage means or letter when being performed by the processor of computer equipment Cease the function of each step in acquisition methods.
Alternatively, above computer readable storage medium storing program for executing can be ROM, random access memory (RAM), CD-ROM, magnetic Band, floppy disk and optical data storage devices etc..
It should be appreciated that referenced herein " multiple " refer to two or more."and/or", description association The incidence relation of object, expression may have three kinds of relations, for example, A and/or B, can represent:Individualism A, while there are A And B, individualism B these three situations.It is a kind of relation of "or" that character "/", which typicallys represent forward-backward correlation object,.
The embodiments of the present invention are for illustration only, do not represent the quality of embodiment.
The foregoing is merely the exemplary embodiment of the present invention, it is not intended to limit the invention, all spirit in the present invention Within principle, any modification, equivalent replacement, improvement and so on, should all be included in the protection scope of the present invention.

Claims (14)

  1. A kind of 1. information storage means, it is characterised in that the described method includes:
    Obtain the subscriber identity information in the second application by the user of the first application generation;
    At least one wheel encryption is performed to the subscriber identity information using the first salt group and obtains user identifier, in the first salt group Including at least one salt;
    At least one wheel encryption is performed to the subscriber identity information using second group of salt and obtains key, the second salt group includes At least one salt;
    Information to be stored is encrypted using the key, obtains encryption information;
    The user identifier and the encryption information are corresponded to and stored into the information database of the described second application.
  2. 2. according to the method described in claim 1, it is characterized in that, the first salt group includes a salt, a is just whole Number;
    It is described that user identifier is obtained at least one wheel encryption of subscriber identity information execution using the first salt group, including:
    I-th of salt in i-th -1 wheel encrypted result and the first salt group is spliced, a Hash is performed to character string after splicing The i-th wheel encrypted result is calculated, wherein, the initial value of the i is 1, and as i=1, the i-th -1 wheel encrypted result is institute State subscriber identity information;
    When i is less than a, i=i+1 is made, and again from i-th by the i-th -1 wheel encrypted result and the first salt group Salt splices, and performing a step of Hash calculation obtains the i-th wheel encrypted result to character string after splicing starts to perform, until i etc. Terminate flow when a, and the described i-th wheel encrypted result is determined as the user identifier.
  3. 3. according to the method described in claim 1, it is characterized in that, the second salt group includes b salt, the b is just whole Number;
    It is described that key is obtained at least one wheel encryption of subscriber identity information execution using second group of salt, including:
    J-th of salt jth -1 taken turns in encrypted result and the second salt group splices, and a Hash is performed to character string after splicing Jth wheel encrypted result is calculated, wherein, the initial value of the j is 1, and as j=1, it is institute that the jth -1, which takes turns encrypted result, State subscriber identity information;
    When j is less than b, j=j+1 is made, and again from j-th taken turns jth -1 in encrypted result and the second salt group Salt splices, and performing a step of Hash calculation obtains jth wheel encrypted result to character string after splicing starts to perform, until j etc. Terminate flow when b, and the jth wheel encrypted result is determined as the key.
  4. 4. method according to any one of claims 1 to 3, it is characterised in that the method further includes:
    The first salt group and the second salt group are generated, wherein, each in the first salt group and the second salt group Salt generates at random;
    Hash calculation at least once is performed to the subscriber identity information, a character string is obtained and is identified as salt;
    Store salt mark and the first salt group, the second salt group are corresponding.
  5. 5. according to the method described in claim 4, it is characterized in that, described performed to the subscriber identity information is breathed out at least once It is uncommon to calculate, obtain a character string and identified as salt, including:
    First time Hash calculation is performed to the subscriber identity information, obtains a character string as salt;
    The subscriber identity information and the salt are spliced, second of Hash calculation is performed to character string after splicing, obtains a word Symbol string is identified as the salt.
  6. A kind of 6. information acquisition method, it is characterised in that the described method includes:
    Obtain the subscriber identity information in the second application by the user of the first application generation;
    At least one wheel encryption is performed to the subscriber identity information using the first salt group and obtains user identifier, in the first salt group Including at least one salt;
    At least one wheel encryption is performed to the subscriber identity information using second group of salt and obtains key, the second salt group includes At least one salt;
    The encryption information of storage corresponding with the user identifier is obtained from the information database of the described second application;
    The encryption information is decrypted using the key, obtains cleartext information.
  7. 7. according to the method described in claim 6, it is characterized in that, the first salt group includes a salt, a is just whole Number;
    It is described that user identifier is obtained at least one wheel encryption of subscriber identity information execution using the first salt group, including:
    I-th of salt in i-th -1 wheel encrypted result and the first salt group is spliced, a Hash is performed to character string after splicing The i-th wheel encrypted result is calculated, wherein, the initial value of the i is 1, and as i=1, the i-th -1 wheel encrypted result is institute State subscriber identity information;
    When i is less than a, i=i+1 is made, and again from i-th by the i-th -1 wheel encrypted result and the first salt group Salt splices, and performing a step of Hash calculation obtains the i-th wheel encrypted result to character string after splicing starts to perform, until i etc. Terminate flow when a, and the described i-th wheel encrypted result is determined as the user identifier.
  8. 8. according to the method described in claim 6, it is characterized in that, the second salt group includes b salt, the b is just whole Number;
    It is described that key is obtained at least one wheel encryption of subscriber identity information execution using second group of salt, including:
    J-th of salt jth -1 taken turns in encrypted result and the second salt group splices, and a Hash is performed to character string after splicing Jth wheel encrypted result is calculated, wherein, the initial value of the j is 1, and as j=1, it is institute that the jth -1, which takes turns encrypted result, State subscriber identity information;
    When j is less than b, j=j+1 is made, and again from j-th taken turns jth -1 in encrypted result and the second salt group Salt splices, and performing a step of Hash calculation obtains jth wheel encrypted result to character string after splicing starts to perform, until j etc. Terminate flow when b, and the jth wheel encrypted result is determined as the key.
  9. 9. according to claim 6 to 8 any one of them method, it is characterised in that described to obtain by the use of the first application generation After subscriber identity information of the family in the second application, further include:
    Hash calculation at least once is performed to the subscriber identity information, a character string is obtained and is identified as salt;
    Obtain the first salt group of corresponding with salt mark storage and the second salt group, wherein, the first salt group with Each salt in the second salt group generates at random.
  10. 10. according to the method described in claim 9, it is characterized in that, described perform at least once the subscriber identity information Hash calculation, obtains a character string and is identified as salt, including:
    First time Hash calculation is performed to the subscriber identity information, obtains a character string as salt;
    The subscriber identity information and the salt are spliced, second of Hash calculation is performed to character string after splicing, obtains a word Symbol string is identified as the salt.
  11. 11. a kind of information-storing device, it is characterised in that described device includes:
    Data obtaining module, for obtaining the subscriber identity information by the user of the first application generation in the second application;
    First encrypting module, user's mark is obtained for performing at least one wheel encryption to the subscriber identity information using the first salt group Know, the first salt group includes at least one salt;
    Second encrypting module, key is obtained for performing at least one wheel encryption to the subscriber identity information using second group of salt, The second salt group includes at least one salt;
    3rd encrypting module, for being encrypted using the key to information to be stored, obtains encryption information;
    Information storage module, stores to the information of the described second application for the user identifier and the encryption information to be corresponded to In database.
  12. 12. a kind of information acquisition device, it is characterised in that described device includes:
    Data obtaining module, for obtaining the subscriber identity information by the user of the first application generation in the second application;
    First encrypting module, user's mark is obtained for performing at least one wheel encryption to the subscriber identity information using the first salt group Know, the first salt group includes at least one salt;
    Second encrypting module, key is obtained for performing at least one wheel encryption to the subscriber identity information using second group of salt, The second salt group includes at least one salt;
    Data obtaining module, for obtaining storage corresponding with the user identifier from the information database of the described second application Encryption information;
    Information deciphering module, for being decrypted using the key to the encryption information, obtains cleartext information.
  13. 13. a kind of computer equipment, it is characterised in that the computer equipment includes processor and memory, the memory In be stored with least one instruction, at least one section of program, code set or instruction set, at least one instruction, described at least one Duan Chengxu, the code set or described instruction collection are realized such as any one of claims 1 to 10 institute when being performed by the processor The method stated.
  14. 14. a kind of computer-readable recording medium, it is characterised in that at least one is stored with the computer-readable recording medium Bar instruction, at least one section of program, code set or instruction set, at least one instruction, at least one section of program, the code Collection or described instruction collection are realized such as claims 1 to 10 any one of them method when executed.
CN201711179733.6A 2017-11-23 2017-11-23 Information storage method, information acquisition method, information storage device, information acquisition device and information acquisition equipment Active CN107948152B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711179733.6A CN107948152B (en) 2017-11-23 2017-11-23 Information storage method, information acquisition method, information storage device, information acquisition device and information acquisition equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711179733.6A CN107948152B (en) 2017-11-23 2017-11-23 Information storage method, information acquisition method, information storage device, information acquisition device and information acquisition equipment

Publications (2)

Publication Number Publication Date
CN107948152A true CN107948152A (en) 2018-04-20
CN107948152B CN107948152B (en) 2021-05-14

Family

ID=61930868

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711179733.6A Active CN107948152B (en) 2017-11-23 2017-11-23 Information storage method, information acquisition method, information storage device, information acquisition device and information acquisition equipment

Country Status (1)

Country Link
CN (1) CN107948152B (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108616533A (en) * 2018-04-27 2018-10-02 正方软件股份有限公司 Sensitive data encryption method and device
CN109599170A (en) * 2018-12-05 2019-04-09 易必祥 Medical management method and system based on big data
CN109670329A (en) * 2018-12-28 2019-04-23 东信和平科技股份有限公司 A kind of safe lead-in and lead-out method of server data and server
CN109858255A (en) * 2018-12-19 2019-06-07 杭州安恒信息技术股份有限公司 Data encryption storage method, device and realization device
CN110008745A (en) * 2019-03-29 2019-07-12 深圳供电局有限公司 Encryption method, computer equipment and computer storage medium
CN110048835A (en) * 2019-03-27 2019-07-23 北京三快在线科技有限公司 The method and apparatus of encryption, storage medium
CN110717827A (en) * 2019-09-03 2020-01-21 网联清算有限公司 Database determination method and device and transaction processing system
CN110781419A (en) * 2020-01-02 2020-02-11 成都四方伟业软件股份有限公司 Multi-system cooperative use method based on block chain
CN111062047A (en) * 2019-12-25 2020-04-24 中国联合网络通信集团有限公司 Data storage method, system, device and storage medium
CN113486375A (en) * 2021-07-16 2021-10-08 青岛海尔科技有限公司 Method and device for storing equipment information, storage medium and electronic device
CN115242540A (en) * 2022-08-03 2022-10-25 平安银行股份有限公司 Data processing method and system
CN115438324A (en) * 2022-09-20 2022-12-06 中国建设银行股份有限公司 Identity verification method, device and equipment

Citations (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060095786A1 (en) * 2004-11-01 2006-05-04 Aaron Jeffrey A Communication networks and methods and computer program products for preventing tracking of network activity thereon through use of identity pseudonym domains
US7716206B2 (en) * 2004-11-01 2010-05-11 At&T Intellectual Property I, L.P. Communication networks and methods and computer program products for performing searches thereon while maintaining user privacy
US20100251347A1 (en) * 2002-02-26 2010-09-30 Aol Inc. Simple, secure login with multiple authentication providers
CN102594779A (en) * 2011-01-05 2012-07-18 中国移动通信集团公司 User data processing method and device thereof
CN102638468A (en) * 2012-04-12 2012-08-15 华为技术有限公司 Method, sending end, receiving end and system for protecting information transmission safety
CN103116730A (en) * 2013-01-21 2013-05-22 厦门市美亚柏科信息股份有限公司 Deciphering method and system of data protection application programming interface (DPAPI) enciphered data
CN103179134A (en) * 2013-04-19 2013-06-26 中国建设银行股份有限公司 Single sign on method and system based on Cookie and application server thereof
CN104079539A (en) * 2013-03-28 2014-10-01 阿里巴巴集团控股有限公司 Data privacy storage method and client
CN104734854A (en) * 2013-12-23 2015-06-24 西门子公司 Secure Provision of a Key
CN105978878A (en) * 2016-05-11 2016-09-28 腾讯科技(深圳)有限公司 Webpage verification method and device
CN106060078A (en) * 2016-07-11 2016-10-26 浪潮(北京)电子信息产业有限公司 User information encryption method, user registration method and user validation method applied to cloud platform
US20170085562A1 (en) * 2015-09-18 2017-03-23 Case Wallet, Inc. Biometric data hashing, verification and security
CN106656476A (en) * 2017-01-18 2017-05-10 腾讯科技(深圳)有限公司 Password protecting method and device
CN107070948A (en) * 2017-05-23 2017-08-18 广东工业大学 Signature and verification method based on hybrid encryption algorithm in cloud storage
CN107104787A (en) * 2017-04-26 2017-08-29 山东开创云软件有限公司 A kind of cipher set-up method for resisting password cracking
CN107231346A (en) * 2017-05-03 2017-10-03 北京海顿中科技术有限公司 A kind of method of cloud platform identification
US20170331808A1 (en) * 2012-06-25 2017-11-16 Amazon Technologies, Inc. Protection from data security threats

Patent Citations (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100251347A1 (en) * 2002-02-26 2010-09-30 Aol Inc. Simple, secure login with multiple authentication providers
US7716206B2 (en) * 2004-11-01 2010-05-11 At&T Intellectual Property I, L.P. Communication networks and methods and computer program products for performing searches thereon while maintaining user privacy
US20060095786A1 (en) * 2004-11-01 2006-05-04 Aaron Jeffrey A Communication networks and methods and computer program products for preventing tracking of network activity thereon through use of identity pseudonym domains
CN102594779A (en) * 2011-01-05 2012-07-18 中国移动通信集团公司 User data processing method and device thereof
CN102638468A (en) * 2012-04-12 2012-08-15 华为技术有限公司 Method, sending end, receiving end and system for protecting information transmission safety
US20170331808A1 (en) * 2012-06-25 2017-11-16 Amazon Technologies, Inc. Protection from data security threats
CN103116730A (en) * 2013-01-21 2013-05-22 厦门市美亚柏科信息股份有限公司 Deciphering method and system of data protection application programming interface (DPAPI) enciphered data
CN104079539A (en) * 2013-03-28 2014-10-01 阿里巴巴集团控股有限公司 Data privacy storage method and client
CN103179134A (en) * 2013-04-19 2013-06-26 中国建设银行股份有限公司 Single sign on method and system based on Cookie and application server thereof
CN104734854A (en) * 2013-12-23 2015-06-24 西门子公司 Secure Provision of a Key
US20170085562A1 (en) * 2015-09-18 2017-03-23 Case Wallet, Inc. Biometric data hashing, verification and security
CN105978878A (en) * 2016-05-11 2016-09-28 腾讯科技(深圳)有限公司 Webpage verification method and device
CN106060078A (en) * 2016-07-11 2016-10-26 浪潮(北京)电子信息产业有限公司 User information encryption method, user registration method and user validation method applied to cloud platform
CN106656476A (en) * 2017-01-18 2017-05-10 腾讯科技(深圳)有限公司 Password protecting method and device
CN107104787A (en) * 2017-04-26 2017-08-29 山东开创云软件有限公司 A kind of cipher set-up method for resisting password cracking
CN107231346A (en) * 2017-05-03 2017-10-03 北京海顿中科技术有限公司 A kind of method of cloud platform identification
CN107070948A (en) * 2017-05-23 2017-08-18 广东工业大学 Signature and verification method based on hybrid encryption algorithm in cloud storage

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
潘潘: "前端数据加密分析", 《计算机与网络》 *
祁鑫: "口令加密算法安全性分析与对比", 《网络空间安全》 *

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108616533A (en) * 2018-04-27 2018-10-02 正方软件股份有限公司 Sensitive data encryption method and device
CN109599170A (en) * 2018-12-05 2019-04-09 易必祥 Medical management method and system based on big data
CN109858255A (en) * 2018-12-19 2019-06-07 杭州安恒信息技术股份有限公司 Data encryption storage method, device and realization device
CN109670329A (en) * 2018-12-28 2019-04-23 东信和平科技股份有限公司 A kind of safe lead-in and lead-out method of server data and server
CN110048835A (en) * 2019-03-27 2019-07-23 北京三快在线科技有限公司 The method and apparatus of encryption, storage medium
CN110008745A (en) * 2019-03-29 2019-07-12 深圳供电局有限公司 Encryption method, computer equipment and computer storage medium
CN110008745B (en) * 2019-03-29 2024-01-16 深圳供电局有限公司 Encryption method, computer equipment and computer storage medium
CN110717827B (en) * 2019-09-03 2022-08-30 网联清算有限公司 Database determination method and device and transaction processing system
CN110717827A (en) * 2019-09-03 2020-01-21 网联清算有限公司 Database determination method and device and transaction processing system
CN111062047A (en) * 2019-12-25 2020-04-24 中国联合网络通信集团有限公司 Data storage method, system, device and storage medium
CN110781419A (en) * 2020-01-02 2020-02-11 成都四方伟业软件股份有限公司 Multi-system cooperative use method based on block chain
CN113486375A (en) * 2021-07-16 2021-10-08 青岛海尔科技有限公司 Method and device for storing equipment information, storage medium and electronic device
CN113486375B (en) * 2021-07-16 2024-04-19 青岛海尔科技有限公司 Storage method and device of equipment information, storage medium and electronic device
CN115242540A (en) * 2022-08-03 2022-10-25 平安银行股份有限公司 Data processing method and system
CN115242540B (en) * 2022-08-03 2023-09-26 平安银行股份有限公司 Data processing method and system
CN115438324A (en) * 2022-09-20 2022-12-06 中国建设银行股份有限公司 Identity verification method, device and equipment

Also Published As

Publication number Publication date
CN107948152B (en) 2021-05-14

Similar Documents

Publication Publication Date Title
CN107948152A (en) Information storage means, acquisition methods, device and equipment
Arockiam et al. Efficient cloud storage confidentiality to ensure data security
US9430655B1 (en) Split tokenization
Gupta et al. Layer-based privacy and security architecture for cloud data sharing
CN108256340B (en) Data acquisition method and device, terminal equipment and storage medium
CN107078899B (en) Method of obfuscating data
CN107113286A (en) The roaming content erasing operation of striding equipment
US8619978B2 (en) Multiple account authentication
US11757625B2 (en) Multi-factor-protected private key distribution
CN107918731A (en) Method and apparatus for controlling the authority to access to open interface
CN112953974B (en) Data collision method, device, equipment and computer readable storage medium
US20180115535A1 (en) Blind En/decryption for Multiple Clients Using a Single Key Pair
CA3066701A1 (en) Controlling access to data
CN112422287B (en) Multi-level role authority control method and device based on cryptography
Hemalatha et al. A comparative analysis of encryption techniques and data security issues in cloud computing
CN109818923A (en) A kind of attribute base cloud service access control method based on attribute ciphertext re-encryption
US11133926B2 (en) Attribute-based key management system
CN105553661B (en) Key management method and device
CN106789963A (en) Asymmetric whitepack cipher encrypting method and device and equipment
Thiyagarajan et al. Data integrity and security in cloud environment using AES algorithm
Olanrewaju et al. Cryptography as a service (CaaS): quantum cryptography for secure cloud computing
CN110392035A (en) System and method for secure data processing
CN114866317A (en) Multi-party data security calculation method and device, electronic equipment and storage medium
CN114553557A (en) Key calling method, key calling device, computer equipment and storage medium
CN111740944A (en) KYC solution based on block chain and client information sharing and protection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant