CN108898026B - Data encryption method and device - Google Patents
Data encryption method and device Download PDFInfo
- Publication number
- CN108898026B CN108898026B CN201810691168.XA CN201810691168A CN108898026B CN 108898026 B CN108898026 B CN 108898026B CN 201810691168 A CN201810691168 A CN 201810691168A CN 108898026 B CN108898026 B CN 108898026B
- Authority
- CN
- China
- Prior art keywords
- encryption
- connection
- interface
- data
- machine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a data encryption method and a device, wherein the method comprises the following steps: the method comprises the steps of receiving a data encryption request sent by an application program, selecting a first connection interface from a plurality of interfaces connected with an encryption machine, sending the data encryption request to the encryption machine through the first connection interface, receiving a ciphertext returned by the encryption machine after encrypting data to be encrypted, and sending the ciphertext to the application program, so that simplification of an external interface and data encryption of the encryption machine are realized, the workload of developers is reduced, and the encryption efficiency and the encryption success rate are improved.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a data encryption method and apparatus.
Background
Along with the rapid development of the mobile internet, the public attaches more and more importance to the information security, so that the user can obtain good experience and keep the information of the user secret. In the process of receiving more attention for information security, a domestic encryption machine is often used to encrypt important information.
The encryption scheme provided at present is that a user sends an encryption request to an encryption machine, and the encryption machine encrypts a plaintext into a ciphertext and then returns the ciphertext to the user. However, the problem of the process is that the domestic encryption machine provides a plurality of connection modes, the application program needing encryption can send a request to the domestic encryption machine only by configuring different connection parameters, and the workload of developers is increased; and under the condition that the encryption requests are sent in parallel, the domestic encryption machine is busy in work, so that the request to the domestic encryption machine is overtime, the encryption request needs to be sent again, and the encryption efficiency and the success rate are reduced.
In summary, for the current encryption scheme, the application program needs to configure different connection parameters to send the request to the domestic encryption device, so that the workload of developers is increased, and when the encryption device receives multiple encryption requests simultaneously, the encryption device overtimes the encryption requests due to busy work, thereby reducing the encryption efficiency and the success rate.
Disclosure of Invention
The invention provides a data encryption method and a data encryption device, which are used for solving the problems that an application program can send a request to a domestic encryption machine only by configuring different connection parameters, the workload of developers is increased, and when the encryption machine receives a plurality of encryption requests simultaneously, the encryption request is overtime due to busy work of the encryption machine, so that the encryption efficiency and the success rate are reduced. A first aspect of the present invention provides a data encryption method, including:
receiving the data encryption request sent by the application program;
selecting a first connection interface from a plurality of interfaces establishing connection with the encryption equipment;
sending the data encryption request to an encryption machine through the first connection interface; the data encryption request carries a plaintext of data to be encrypted of an application program;
optionally, the sending the ciphertext to the application program includes:
and if the time of the cipher text returned by the encryption machine does not exceed the preset time threshold, sending the cipher text to the application program.
Optionally, the sending the ciphertext to the application program further includes:
step (1): if the cipher text returning time of the encryption machine exceeds a preset time threshold, selecting the second connection interface from the plurality of interfaces;
step (2): the data encryption request is sent to the encryption machine again through the second connection interface, and a ciphertext returned by the encryption machine is received;
and (3): and (3) repeating the steps (1) and (2) until the time of the cryptograph returned by the encryption machine is within the time threshold value corresponding to the second connection interface, and sending the cryptograph to the application program. Optionally, the selecting a first connection interface from a plurality of interfaces for establishing connection with the encryption device includes:
and selecting the first connection interface according to a preset interface type sequence.
Optionally, the selecting a first connection interface from a plurality of interfaces for establishing connection with the encryption device includes:
and selecting the first connection interface according to the idle state of each interface, wherein the first connection interface is an idle interface in the plurality of interfaces.
Optionally, the method further includes:
if the data encryption request sent by the application program is not received within a preset time length, sending a preset encryption request to the encryption machine;
if a ciphertext corresponding to the preset encryption request returned by the encryption machine is received, determining that the connection between the encryption machine connection pool and the encryption machine is available; and if the ciphertext corresponding to the preset encryption request returned by the encryption machine is not received, initiating connection to the encryption machine again.
Optionally, the connection interface includes: HTTP rest interface, Socket interface.
A second aspect of the present invention provides a data encryption apparatus, including:
the receiving module is used for receiving a data encryption request sent by an application program;
the processing module is used for selecting a first connection interface from a plurality of interfaces for establishing connection with the encryption equipment;
the sending module is used for sending the data encryption request to the encryption machine through the first connecting interface; the data encryption request carries a plaintext of data to be encrypted of an application program;
the receiving module is further configured to receive a ciphertext returned by the encryption machine after encrypting the data to be encrypted;
the sending module is further configured to send the ciphertext to the application program.
Optionally, the sending module is specifically configured to:
and if the time of the cipher text returned by the encryption machine does not exceed the preset time threshold, sending the cipher text to the application program.
Optionally, the processing module is further configured to:
step (1), if the time of the cipher text returned by the encryption machine exceeds a preset time threshold, selecting a second connection interface from the plurality of interfaces;
optionally, the sending module is further configured to: step (2) sending the data encryption request to the encryption machine again through the second connection interface; the receiving module 11 is further configured to: receiving a ciphertext returned by the encryption machine;
optionally, the step (1) and the step (2) are repeated until the time when the cryptograph is returned by the encryption machine is within the time threshold corresponding to the second connection interface, and the sending module 13 is configured to send the cryptograph to the application program.
Optionally, the processing module is specifically configured to:
and selecting the first connection interface according to a preset interface type sequence.
Optionally, the processing module is specifically configured to:
and selecting the first connection interface according to the idle state of each interface, wherein the first connection interface is an idle interface in the plurality of interfaces.
Optionally, the sending module is further configured to:
if the data encryption request sent by the application program is not received within a preset time length, sending a preset encryption request to the encryption machine;
optionally, the processing module is further configured to:
if a ciphertext corresponding to the preset encryption request returned by the encryption machine is received, determining that the connection between the encryption machine connection pool and the encryption machine is available;
optionally, the sending module is further configured to:
and if the ciphertext corresponding to the preset encryption request returned by the encryption machine is not received, initiating connection to the encryption machine again.
Optionally, the connection interface includes:
HTTP rest interface, Socket interface.
A third aspect of the present invention provides a computer-readable storage medium storing a computer program, the computer program being executed by a terminal device to implement the data encryption method according to any one of the first aspects.
A fourth aspect of the present invention provides an electronic apparatus comprising: a processor, a memory, and a computer program; the computer program is stored in the memory, and the processor executes the computer program to implement the data encryption method according to any one of the first aspect.
According to the data encryption method, device, equipment and storage medium provided by the embodiment of the invention, the data encryption request sent by the application program is received, the first connection interface is selected from the plurality of interfaces which are connected with the encryption machine, the data encryption request is sent to the encryption machine through the first connection interface, the ciphertext which is returned by the encryption machine and used for encrypting the data to be encrypted is received, and the ciphertext is sent to the application program, so that the simplification of the encryption machine for an external interface and the encryption of the data are realized, the workload of developers is reduced, and the encryption efficiency and the success rate are improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without inventive exercise.
Fig. 1 is a flowchart of a first embodiment of a data encryption method according to the present invention;
fig. 2 is a flowchart of a second embodiment of a data encryption method according to the present invention;
FIG. 3 is a diagram illustrating a second embodiment of a data encryption method according to an embodiment of the present invention
Fig. 4 is a schematic structural diagram of an embodiment of a data encryption apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The encryption scheme provided at present is that a user sends an encryption request to an encryption machine, and the encryption machine encrypts a plaintext into a ciphertext and then returns the ciphertext to the user. However, the problem of the process is that the domestic encryption machine provides a plurality of connection modes, the application program needing encryption can send a request to the domestic encryption machine only by configuring different connection parameters, and the workload of developers is increased; and under the condition that the encryption requests are sent in parallel, the domestic encryption machine is busy in work, so that the request to the domestic encryption machine is overtime, the encryption request needs to be sent again, and the encryption efficiency and the success rate are reduced.
In order to solve the problems, the application provides a data encryption method, provides a more effective and more convenient implementation scheme for data encryption, and improves the encryption efficiency and the success rate. This scheme is described below in terms of a specific implementation.
The data encryption method provided by the application can be applied to equipment such as a server, a Personal Computer (PC), a mobile phone and the like, and the equipment at least comprises the following components: the one or more processors and the one or more memories may further include a display, a transceiver, a network interface, or other interfaces, etc., which are not limited in this respect.
This embodiment will be described in detail below with reference to several embodiments.
Fig. 1 is a flowchart of a first embodiment of a data encryption method provided in an embodiment of the present invention, and as shown in fig. 1, an execution main body of the present invention is an encryption device connection pool, and may be installed on a device on which an application program is installed or other devices, and may be specifically implemented by a software program. The data encryption method provided by the embodiment comprises the following steps:
s101, receiving a data encryption request sent by an application program.
In this step, the application program may be a background program of the server system or the terminal device. Since important data is stored in the server system, the server system data is usually encrypted, and a plaintext needs to be input when checking information in the server system, and the plaintext can be a 6-bit or 4-bit character containing upper and lower case letters, and the scheme is not limited. When a hacker attacks the background of the server system, the plaintext is relatively simple and is easy to crack, so that important data in the server system is leaked. Therefore, after the password is set, the plaintext needs to be encrypted, so that only the ciphertext corresponding to the plaintext can be acquired in the database of the application program, and the ciphertext is difficult to crack, so that the information leakage is prevented.
Specifically, the encryption device connection pool may receive an encryption request carrying a plaintext of data to be encrypted, which is sent by an application program of the server system or the terminal device, so that the encryption device connection pool sends the encryption request to the encryption device, and the encryption device encrypts the plaintext. Because the encryption machine connection pool only provides HTTP rest interface service to the outside, namely, the application program can only carry out data interaction with the encryption machine connection pool through the HTTP rest interface, which is not mentioned in the prior art, the application program sends encryption requests to the encryption machine through various interfaces provided by the encryption machine.
S102, selecting a first connection interface from a plurality of interfaces for establishing connection with the encryption equipment.
In the above steps, since the encryptor provides multiple interfaces, the encryptor connection pool needs to select one interface to send a data encryption request to the encryptor, an interface type sequence is preset in the encryptor connection pool, for example, the interface sequence 1 is preset to be an HTTP rest interface, 2 is a Socket interface, 3 is a Socket interface, and the HTTP rest interface is selected to be a first connection interface according to the preset interface type sequence; or, according to the idle state of each interface, selecting the first connection interface, and if a large number of encryption requests are sent through the HTTP rest interface at a certain time, but a small number of encryption requests are sent through the Socket interface to prevent the encryption machine from processing overtime, selecting the Socket interface as the first connection interface; alternatively, there are a plurality of interfaces with few encryption requests, and the first connection interface may be selected with reference to the above-mentioned order of the preset interfaces or in a random manner.
S103, sending the data encryption request to the encryption machine through the first connection interface.
In this step, the encryption machine may provide services such as encryption, digital signature, key management, and the like, and may support various cryptographic algorithms, such as a public key algorithm, an elliptic curve cryptographic clue, and a symmetric algorithm, and may also provide various connection interfaces, i.e., transmission modes, such as an HTTP rest interface, a Socket interface, a Soap interface, and the like, through which data interaction with an external device may be implemented, and after the encryption machine receives an encryption request of a plaintext to be encrypted that carries an application program and is forwarded by a connection pool of the encryption machine, the plaintext is processed by the cryptographic algorithm of the encryption machine, an output of the encryption machine is a ciphertext corresponding to the plaintext, and the ciphertext obtained by processing the same plaintext by different cryptographic algorithms is different, which is not limited in this scheme.
The encryption machine connection pool sends the data encryption request to the encryption machine through a connection interface provided by the encryption machine, in a specific implementation mode, an interface used by the encryption request is selected according to the idle state of the connection interface, and if a large number of encryption requests are sent to the encryption machine through a Socket interface at the same time, and few encryption requests are sent through an HTTP rest interface, so that the HTTP rest interface can be used as a first connection interface to send the encryption request to the encryption machine. Or, randomly selecting a sending mode of the encryption request, and randomly selecting a connection interface to send the encryption request to the encryptor when the data encryption request needs to be sent to the encryptor.
Optionally, if the encryption machine connection pool does not receive the encryption request within the preset duration, the encryption machine connection pool may check whether the connection between the encryption machine connection pool and each connection interface of the encryption machine is normal, specifically, the encryption machine connection pool may send a request carrying a preset encryption to the encryption machine through each connection interface, and if ciphertext corresponding to the preset encryption request returned by the encryption machine is received through each interface, it is determined that the encryption machine connection pool and the encryption machine are available for connection; if the cipher text corresponding to the preset encryption request returned by the encryption equipment is not received through a certain interface due to network reasons or other factors, the situation that the connection between the encryption equipment connection pool and the encryption equipment through the interface is unavailable is indicated, and the encryption equipment connection pool can send the encryption request to the encryption equipment through the interface again.
The preset time duration may be a time preset by a user, and if the encryption device does not receive the encryption request after exceeding the preset time duration, it is necessary to check whether the connection between the encryption device connection pool and the encryption device is abnormal.
And S104, receiving a ciphertext returned by the encryption machine after encrypting the data to be encrypted.
In this step, after being processed by the cryptographic algorithm of the encryption machine, the plaintext of the data to be encrypted of the application program is output as a ciphertext corresponding to the plaintext, and the connection pool of the encryption machine can receive the ciphertext through the different connection interfaces. Or, the connection pool of the encryption apparatus may randomly select a connection interface to receive the ciphertext, and the scheme is not limited.
And S105, sending the ciphertext to the application program.
In this step, the cipher text is sent to the application program in the connection pool of the encryption machine, and after receiving the cipher text returned by the connection pool of the encryption machine, the application program stores the cipher text in the database, so that when accessing the data in the database, the application program can verify according to the cipher text.
In the data encryption method provided by this embodiment, the encryptor connection pool receives a data encryption request sent by an application program, selects a first connection interface from a plurality of interfaces establishing connection with the encryptor, sends the data encryption request to the encryptor through the first connection interface, receives a ciphertext returned by the encryptor and obtained by encrypting data to be encrypted, and sends the ciphertext to the application program.
Based on the method of the first embodiment, fig. 2 is a flowchart of a second embodiment of the data encryption method provided by the embodiment of the present invention. As shown in fig. 2, sending the ciphertext to the application specifically includes the following steps:
s301, judging whether the cipher text returning time of the encryption machine exceeds a preset time threshold, if so, executing step 302, and if not, executing step 305.
S302, selecting a second connection interface from the plurality of interfaces.
And S303, sending the data encryption request to the encryption machine again through the second connection interface.
S304, judging whether the cipher text returning time of the encryption machine exceeds a preset time threshold, if so, returning to the step 302, and if not, executing the step 305.
And S305, receiving the ciphertext returned by the encryption machine.
The time threshold for the cipher text returning of the encryption machine can be preset in the encryption machine connection pool, and the time threshold can be set according to user requirements, for example, the cipher text returning time is controlled within a certain time, so that subsequent operations can be conveniently executed. Alternatively, the preset time threshold may be set according to historical encryption time, and one possible way that the time for returning the ciphertext exceeds the preset time threshold may be that the encryption of the encryption machine fails, or that the response of the encryption machine is overtime.
In the above steps, if the time for the encryption machine to return the ciphertext does not exceed the preset time threshold, the encryption machine connection pool sends the received ciphertext to the application program through the HTTP rest interface; if the time exceeds the preset time threshold, repeating the steps S302-S304, reselecting the second connection interface until the time of the cipher text returned by the encryption machine is within the preset time threshold, and then sending the cipher text to the application program.
A specific embodiment is used to describe the scheme, as shown in fig. 3, fig. 3 is a schematic diagram of a second embodiment of a data encryption method provided in the embodiment of the present invention.
Assuming that the encryption machine connection pool 402 can preset a threshold value of time for the encryption machine 403 to return the ciphertext through all the interfaces to be t seconds, if the time for returning the ciphertext through the HTTP rest interface is within t seconds, the encryption is successful, and the encryption machine connection pool 402 sends the ciphertext to the application program 401 through the HTTP rest interface; if the time for returning the ciphertext through the HTTP rest interface, that is, the first connection interface, exceeds t seconds, the encryptor connection pool 402 cancels the encryption request this time, selects the Socket interface as the second connection interface to send the encryption request and return the ciphertext, and when the time for returning the ciphertext is within t seconds, the encryptor connection pool 402 successfully sends the ciphertext to the application 401; if the time for returning the ciphertext exceeds t seconds, the encryptor connection pool 402 reselects the second connection interface to send the encryption request and returns the ciphertext until the time for returning the ciphertext is within t seconds.
In the data encryption method provided by this embodiment, if the time for the encryption machine to return the ciphertext does not exceed the preset time threshold, the ciphertext is sent to the application program; if the time for the encryption machine to return the ciphertext exceeds the preset time threshold, the encryption machine connection pool selects a second connection interface, sends a data encryption request to the encryption machine again through the second connection interface and receives the ciphertext returned by the encryption machine, and if the time for the encryption machine to return the ciphertext through the second connection interface does not exceed the preset time threshold, the encryption machine connection pool sends the ciphertext to the application program; and if the time for returning the ciphertext through the second connection interface exceeds the preset time threshold, reselecting the second connection interface until the ciphertext returning time of the encryption machine is within the preset time threshold, and finally sending the ciphertext to the application program by the encryption machine connection pool, so that the data encryption is realized, and the encryption efficiency and the encryption success rate are improved.
Fig. 4 is a schematic structural diagram of an embodiment of a data encryption device according to an embodiment of the present invention, and as shown in fig. 4, a data encryption device 10 according to the embodiment includes: a receiving module 11, a processing module 12 and a sending module 13.
A receiving module 11, configured to receive a data encryption request sent by an application program;
a processing module 12, configured to select a first connection interface from a plurality of interfaces for establishing a connection with an encryption device;
a sending module 13, configured to send the data encryption request to the encryption apparatus through the first connection interface; the data encryption request carries a plaintext of data to be encrypted of an application program;
the receiving module 11 is further configured to receive a ciphertext returned by the encryption machine after encrypting the data to be encrypted;
the sending module 13 is further configured to send the ciphertext to the application program.
Optionally, the sending module 13 is specifically configured to:
and if the time of the cipher text returned by the encryption machine does not exceed the preset time threshold, sending the cipher text to the application program.
Optionally, the processing module 12 is further configured to:
step (1), if the time of the cipher text returned by the encryption machine exceeds a preset time threshold, selecting a second connection interface from the plurality of interfaces;
optionally, the sending module 13 is further configured to: step (2) sending the data encryption request to the encryption machine again through the second connection interface; the receiving module 11 is further configured to: receiving a ciphertext returned by the encryption machine;
optionally, the step (1) and the step (2) are repeated until the time when the cryptograph is returned by the encryption machine is within the time threshold corresponding to the second connection interface, and the sending module 13 is configured to send the cryptograph to the application program.
Optionally, the processing module 12 is specifically configured to:
and selecting the first connection interface according to a preset interface type sequence.
Optionally, the processing module 12 is specifically configured to:
and selecting the first connection interface according to the idle state of each interface, wherein the first connection interface is an idle interface in the plurality of interfaces.
Optionally, the sending module 13 is further configured to:
if the data encryption request sent by the application program is not received within a preset time length, sending a preset encryption request to the encryption machine;
optionally, the processing module 12 is further configured to:
if a ciphertext corresponding to the preset encryption request returned by the encryption machine is received, determining that the connection between the encryption machine connection pool and the encryption machine is available;
optionally, the sending module 13 is further configured to:
and if the ciphertext corresponding to the preset encryption request returned by the encryption machine is not received, initiating connection to the encryption machine again.
Optionally, the connection interface includes:
HTTP rest interface, Socket interface.
The data encryption device provided in the foregoing embodiment is used to implement the data encryption method provided in any of the foregoing embodiments, and the implementation principle and technical effect are similar, which are not described herein again.
The present invention provides a computer-readable storage medium storing a computer program, which is executed by a terminal device to implement the data encryption method according to any one of the first aspect.
The present invention also provides an electronic device comprising: a processor, a memory, and a computer program; the computer program is stored in the memory, and the processor executes the computer program to implement the data encryption method according to any one of the first aspect.
In the above devices, it should be understood that the processor may be a Central Processing Unit (CPU), other general purpose processors, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present invention may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software modules in the processor.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: read-only memory (ROM), RAM, flash memory, hard disk, solid state disk, magnetic tape, floppy disk, optical disk, and any combination thereof.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: it is possible to modify the solution described in the preceding embodiments,
or the equivalent substitution of some or all of the technical characteristics; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (9)
1. A data encryption method is applied to an encryption machine connection pool, and is characterized by comprising the following steps:
receiving a data encryption request sent by an application program;
selecting a first connection interface from a plurality of interfaces establishing connection with the encryption equipment;
sending the data encryption request to the encryption machine through the first connection interface; the data encryption request carries a plaintext of data to be encrypted of an application program;
receiving a ciphertext returned by the encryption machine after encrypting the data to be encrypted;
sending the ciphertext to the application;
the sending the ciphertext to the application includes:
step (1): if the cipher text returning time of the encryption machine exceeds a preset time threshold, selecting a second connection interface from the plurality of interfaces;
step (2): the data encryption request is sent to the encryption machine again through the second connection interface, and a ciphertext returned by the encryption machine is received;
and (3): and (3) repeating the steps (1) and (2) until the time of the cryptograph returned by the encryption machine is within the time threshold value corresponding to the second connection interface, and sending the cryptograph to the application program.
2. The method of claim 1, wherein sending the ciphertext to the application comprises:
and if the time of the cipher text returned by the encryption machine does not exceed the preset time threshold, sending the cipher text to the application program.
3. The method according to any one of claims 1 to 2, wherein the selecting a first connection interface from a plurality of interfaces that establish a connection with the encryption engine comprises:
and selecting the first connection interface according to a preset interface type sequence.
4. The method according to any one of claims 1 to 2, wherein the selecting a first connection interface from a plurality of interfaces that establish a connection with the encryption engine comprises:
and selecting the first connection interface according to the idle state of each interface, wherein the first connection interface is an idle interface in the plurality of interfaces.
5. The method according to any one of claims 1 to 2, further comprising:
if the data encryption request sent by the application program is not received within a preset time length, sending a preset encryption request to the encryption machine;
if a ciphertext corresponding to the preset encryption request returned by the encryption machine is received, determining that the connection between the encryption machine connection pool and the encryption machine is available; and if the ciphertext corresponding to the preset encryption request returned by the encryption machine is not received, initiating connection to the encryption machine again.
6. The method of claim 1, wherein the connection interface comprises: HTTP rest interface, Socket interface.
7. A data encryption apparatus, comprising:
the receiving module is used for receiving a data encryption request sent by an application program;
the processing module is used for selecting a first connection interface from a plurality of interfaces for establishing connection with the encryption equipment;
the sending module is used for sending the data encryption request to the encryption machine through the first connecting interface; the data encryption request carries a plaintext of data to be encrypted of an application program;
the receiving module is further used for receiving a ciphertext returned by the encryption machine after encrypting the data to be encrypted;
the sending module is further configured to send the ciphertext to the application program;
the processing module is further configured to perform step (1): if the cipher text returning time of the encryption machine exceeds a preset time threshold, selecting a second connection interface from the plurality of interfaces;
the sending module is further configured to perform step (2): the data encryption request is sent to the encryption machine again through the second connection interface; the receiving module is further configured to: receiving a ciphertext returned by the encryption machine;
and (3) repeating the steps (1) and (2) until the time when the cryptograph is returned by the encryption machine is within the time threshold value corresponding to the second connection interface, wherein the sending module is used for sending the cryptograph to the application program.
8. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program, and an electronic device executes the computer program to implement the data encryption method according to any one of claims 1 to 6.
9. An electronic device, comprising: a processor, a memory, and a computer program; the computer program is stored in the memory, and the processor executes the computer program to implement the data encryption method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810691168.XA CN108898026B (en) | 2018-06-28 | 2018-06-28 | Data encryption method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810691168.XA CN108898026B (en) | 2018-06-28 | 2018-06-28 | Data encryption method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108898026A CN108898026A (en) | 2018-11-27 |
| CN108898026B true CN108898026B (en) | 2020-09-01 |
Family
ID=64346884
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810691168.XA Active CN108898026B (en) | 2018-06-28 | 2018-06-28 | Data encryption method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108898026B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109981671B (en) * | 2019-04-03 | 2020-12-08 | 北京深思数盾科技股份有限公司 | Data processing method based on encryption machine and encryption machine |
| CN110753320B (en) * | 2019-09-25 | 2022-11-01 | 株洲凯创技术有限公司 | Train-mounted encryption device and train-mounted encryption machine |
| CN113609514B (en) * | 2021-10-09 | 2022-02-18 | 苏州浪潮智能科技有限公司 | Cloud hard disk encryption and decryption method, device and system and readable storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107040589A (en) * | 2017-03-15 | 2017-08-11 | 西安电子科技大学 | The system and method for cryptographic service is provided by virtualizing encryption device cluster |
| CN107818265A (en) * | 2017-10-23 | 2018-03-20 | 中国银行股份有限公司 | Encryption method, device and system |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102902536B (en) * | 2012-09-14 | 2016-04-13 | 胡清河 | A kind of Internet of Things computer system |
| CN203689509U (en) * | 2013-11-06 | 2014-07-02 | 唐山蓝普科技有限公司 | High-safety data storage equipment |
| CN105843669A (en) * | 2016-03-21 | 2016-08-10 | 浪潮集团有限公司 | TPM encryption based virtual machine data protection method |
| CN106506149B (en) * | 2016-11-07 | 2019-10-22 | 福建星海通信科技有限公司 | Key generation method and system between a kind of TBOX terminal and TSP platform |
| CN107330318A (en) * | 2017-06-30 | 2017-11-07 | 中国航空工业集团公司雷华电子技术研究所 | A kind of binding encryption method of digital signal panel card and its debugging system |
-
2018
- 2018-06-28 CN CN201810691168.XA patent/CN108898026B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107040589A (en) * | 2017-03-15 | 2017-08-11 | 西安电子科技大学 | The system and method for cryptographic service is provided by virtualizing encryption device cluster |
| CN107818265A (en) * | 2017-10-23 | 2018-03-20 | 中国银行股份有限公司 | Encryption method, device and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108898026A (en) | 2018-11-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108600182B (en) | Block chain key management method, system, key management device and storage medium | |
| CN105978917B (en) | A kind of system and method for trusted application safety certification | |
| US8904195B1 (en) | Methods and systems for secure communications between client applications and secure elements in mobile devices | |
| CN108898026B (en) | Data encryption method and device | |
| EP3299990A1 (en) | Electronic device server and method for communicating with server | |
| CN102204304A (en) | Support of multiple pre-shared keys in access point | |
| CN108111497A (en) | Video camera and server inter-authentication method and device | |
| CN111295861B (en) | Multi-factor authentication | |
| CN111800262B (en) | Digital asset processing method and device and electronic equipment | |
| CN110430167B (en) | Temporary account management method, electronic device, management terminal and storage medium | |
| CN109684129B (en) | Data backup recovery method, storage medium, encryption machine, client and server | |
| CN105634737A (en) | Data transmission method, terminals and system thereof | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| CN105577619B (en) | Client login method, client and system | |
| CN115208697A (en) | Adaptive data encryption method and device based on attack behavior | |
| CN112087302A (en) | Device for encrypting and decrypting algorithm of asymmetric dynamic token | |
| CN116011590A (en) | Federal learning method, device and system | |
| CN106411520B (en) | Method, device and system for processing virtual resource data | |
| CN111246407B (en) | Data encryption and decryption method and device for short message transmission | |
| CN112559991A (en) | System secure login method, device, equipment and storage medium | |
| CN114338132A (en) | Secret-free login method, client application, operator server and electronic equipment | |
| CN112328415A (en) | Interface calling method and device, computer equipment and readable storage medium | |
| CN117632099A (en) | Multi-language calling method, device, equipment and medium based on application program interface | |
| CN113282951A (en) | Security verification method, device and equipment for application program | |
| CN111492614B (en) | multi-factor authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |