CN109325360A - Approaches to IM and device - Google Patents
Approaches to IM and device Download PDFInfo
- Publication number
- CN109325360A CN109325360A CN201811039097.1A CN201811039097A CN109325360A CN 109325360 A CN109325360 A CN 109325360A CN 201811039097 A CN201811039097 A CN 201811039097A CN 109325360 A CN109325360 A CN 109325360A
- Authority
- CN
- China
- Prior art keywords
- information
- digest value
- approaches
- data
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
Abstract
The disclosure provides a kind of approaches to IM and device.Approaches to IM includes: the digest value that response data inquiry request determines information to be checked;The information inquiring request including the digest value is sent to first terminal;The information to be checked is obtained by the return information that inquiry rainbow table determines according to the first terminal.The preservation safety of sensitive information can be improved in the approaches to IM that the disclosure provides.
Description
Technical field
This disclosure relates to information technology field, in particular to a kind of approaches to IM and device.
Background technique
Due to financial industry supervision department and all kinds of compliance requirement, financial sensitive information needed in storage and use into
Row desensitization or encryption, forbid stored in clear, but quick to finance such as bank's card number, identification card number, signing cell-phone numbers in business
Sense information often has the demand, such as customer service, air control identification, real name verification etc. used in plain text.Generally, for sensitivity
Scene of the information as query result, business side is for sensitive information (such as name, mobile phone, identity card, four element of bank card)
Store method mainly have encryption, abstract, desensitization three kinds;And the scene for sensitive information as key word of the inquiry, then it needs
Transfer correlation is carried out using other major keys such as customer ID.
Encryption is generally used for the scene that business side needs to restore plaintext, is carried out using symmetrical, four element of asymmetric key pair
Encryption, is decrypted reduction using corresponding key when obtaining query result.But business side in this way can encrypt but also solve
It is close, it is possible to create information leakage hidden danger.Therefore it needs to carry out key high level management and closes up.For service line multiplicity
For Large-Scale Interconnected net company, it is low that this way to manage will lead to sensitive information search efficiency.Abstract is usually used in proof of identity
Etc. links, then most tail numbers for being used in interface prompt for desensitization, both modes irreversibly shield or destroy the true of plaintext
Meaning, application scenarios are limited.
Therefore, it is necessary to one kind to be not only able to satisfy information security demand, but also can improve the information management of sensitive information search efficiency
Method.
It should be noted that information is only used for reinforcing the reason to the background of the disclosure disclosed in above-mentioned background technology part
Solution, therefore may include the information not constituted to the prior art known to persons of ordinary skill in the art.
Summary of the invention
The disclosure is designed to provide a kind of approaches to IM and apparatus for management of information, at least to a certain degree
On overcome following problems caused by the limitation and defect due to the relevant technologies:
1. business side can voluntarily encryption and decryption, cannot exclude the hidden danger of sensitive information internal leakage.
2. product line of the management of key based on each cause group can not carry out effective audit supervision in real time.
3. existing three classes method respectively has limitation, need to be adapted to according to scene, there are cumbersome, redundancy pain spots in construction.
Poor availability when 4. sensitive information is used as querying condition.
According to the first aspect of the embodiments of the present disclosure, a kind of approaches to IM is provided, comprising: response data inquiry request
Determine the digest value of information to be checked;The information inquiring request including the digest value is sent to first terminal;According to described
One terminal obtains the information to be checked by the return information that inquiry rainbow table determines.
In a kind of exemplary embodiment of the disclosure, further includes:
After obtaining the digest value of the first information and record, the first information is deleted.
In a kind of exemplary embodiment of the disclosure, further includes:
Obtain the mask data of the first information;
Obtain in the mask data digest value of ciphertext and with the mask data corresponding record, delete first letter
Breath.
In a kind of exemplary embodiment of the disclosure, further includes:
Index is established to the plaintext in the mask data.
In a kind of exemplary embodiment of the disclosure, further includes:
Response data retrieval request obtains multiple mask datas according to search key and the index;
Obtain the first digest value and corresponding second digest value of the multiple mask data of the search key, root
Search result is determined in the multiple mask data according to first digest value.
It is described to be looked into the information that first terminal transmission includes the digest value in a kind of exemplary embodiment of the disclosure
Asking request includes:
Public key and private key are generated according to the data inquiry request;
The information inquiring request including the digest value and the public key is sent to the first terminal.
It is described to pass through what inquiry rainbow table determined according to the first terminal in a kind of exemplary embodiment of the disclosure
Return information obtains the information to be checked
The return information is decrypted according to the private key, obtains the information to be checked.
According to the second aspect of an embodiment of the present disclosure, a kind of apparatus for management of information is provided, comprising:
Digest value determining module is set as the digest value that response data inquiry request determines information to be checked;
Information inquiry module is set as sending the information inquiring request including the digest value to first terminal;
Information recovery module is set as obtaining institute by the return information that inquiry rainbow table determines according to the first terminal
State information to be checked.
According to the third aspect of the disclosure, a kind of apparatus for management of information is provided, comprising: memory;And belonging to being coupled to
The processor of memory, the processor is configured to the instruction based on storage in the memory, executes as above-mentioned any
Method described in one.
According to the fourth aspect of the disclosure, a kind of computer readable storage medium is provided, program is stored thereon with, the program
The approaches to IM as described in above-mentioned any one is realized when being executed by processor.
The approaches to IM that the embodiment of the present disclosure provides, it is quick by being saved using the digest value of sensitive information as business side
Feel the form of information and inquires the querying condition of sensitive information, and docket value and number in the rainbow table for closing rule supervision side
According to relationship, can be effectively ensured close rule supervision side to business side inquire sensitive information process monitoring, guarantee Information Security,
And ensure that business side can obtain query result when meeting query specification in time.In addition, by by data and digest value with coloured silk
Rainbow sheet form saves, and can also prevent from closing the complete sensitive information of rule supervision side acquisition, ensure that the safety of data.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not
The disclosure can be limited.
Detailed description of the invention
The drawings herein are incorporated into the specification and forms part of this specification, and shows the implementation for meeting the disclosure
Example, and together with specification for explaining the principles of this disclosure.It should be evident that the accompanying drawings in the following description is only the disclosure
Some embodiments for those of ordinary skill in the art without creative efforts, can also basis
These attached drawings obtain other attached drawings.
Fig. 1 is the flow chart of approaches to IM in disclosure exemplary embodiment.
Fig. 2 is a kind of flow chart of digest value preservation process in disclosure exemplary embodiment.
Fig. 3 is the flow chart that another digest value saves process in disclosure exemplary embodiment.
Fig. 4 is a sub-process figure of approaches to IM in disclosure exemplary embodiment.
Fig. 5 is the flow chart of approaches to IM in another exemplary embodiment of the disclosure.
Fig. 6 is the schematic diagram of approaches to IM in one application scenarios of the disclosure.
Fig. 7 is a kind of block diagram of apparatus for management of information in one exemplary embodiment of the disclosure.
Fig. 8 is the block diagram of a kind of electronic equipment in one exemplary embodiment of the disclosure.
Fig. 9 is a kind of schematic diagram of computer readable storage medium in one exemplary embodiment of the disclosure.
Specific embodiment
Example embodiment is described more fully with reference to the drawings.However, example embodiment can be with a variety of shapes
Formula is implemented, and is not understood as limited to example set forth herein;On the contrary, thesing embodiments are provided so that the disclosure will more
Fully and completely, and by the design of example embodiment comprehensively it is communicated to those skilled in the art.Described feature, knot
Structure or characteristic can be incorporated in any suitable manner in one or more embodiments.In the following description, it provides perhaps
More details fully understand embodiment of the present disclosure to provide.It will be appreciated, however, by one skilled in the art that can
It is omitted with technical solution of the disclosure one or more in the specific detail, or others side can be used
Method, constituent element, device, step etc..In other cases, be not shown in detail or describe known solution to avoid a presumptuous guest usurps the role of the host and
So that all aspects of this disclosure thicken.
In addition, attached drawing is only the schematic illustrations of the disclosure, identical appended drawing reference indicates same or similar portion in figure
Point, thus repetition thereof will be omitted.Some block diagrams shown in the drawings are functional entitys, not necessarily necessary and object
The entity managed or be logically independent is corresponding.These functional entitys can be realized using software form, or in one or more
These functional entitys are realized in hardware module or integrated circuit, or in heterogeneous networks and/or processor device and/or microcontroller
These functional entitys are realized in device.
Disclosure example embodiment is described in detail with reference to the accompanying drawing.
Fig. 1 schematically shows the flow chart of approaches to IM in disclosure exemplary embodiment.With reference to Fig. 1, message tube
Reason method 100 may include:
Step S1, response data inquiry request determine the digest value of information to be checked;
Step S2 sends the information inquiring request including the digest value to first terminal;
Step S3 obtains the letter to be checked by the return information that inquiry rainbow table determines according to the first terminal
Breath.
The approaches to IM that the embodiment of the present disclosure provides, it is quick by being saved using the digest value of sensitive information as business side
Feel the form of information and inquires the querying condition of sensitive information, and docket value and number in the rainbow table for closing rule supervision side
According to relationship, can be effectively ensured close rule supervision side to business side inquire sensitive information process monitoring, guarantee Information Security,
And ensure that business side can obtain query result when meeting query specification in time.In addition, by by data and digest value with coloured silk
Rainbow sheet form saves, and can also prevent from closing the complete sensitive information of rule supervision side acquisition, ensure that the safety of data.
In the following, each step to approaches to IM 100 is described in detail.In the embodiments of the present disclosure, information management
Method 100 can be executed by business side's terminal, and business side for example can be to collect sensitive information, the object using sensitive information,
It is opposite with business side, be save sensitive information, audit business side whether with access to sensitive information conjunction advise supervision side.
In step S1, response data inquiry request determines the digest value of information to be checked.
It, i.e., can be first when needing to inquire the sensitive information of an object in scene of the sensitive information as query result
First determine the corresponding association major key of information to be checked.For example, when data to be checked are the cell-phone number of user A, it can be with user A
The entitled association major key of user, determine the digest value of the cell-phone number of the corresponding user of the association major key.
Fig. 2 is a kind of preservation process of digest value in the embodiments of the present disclosure.
With reference to Fig. 2, in an exemplary embodiment of the disclosure, the preservation process of digest value may include:
Step S01 after obtaining the digest value of the first information and record, deletes the first information.
Wherein, the first information is sensitive information.Business side after obtaining sensitive information, can according to default digest algorithm and
Default salt figure obtains the digest value of the sensitive information, and the digest value is recorded in the record position of the sensitive information, deletes simultaneously
Except sensitive information.In this way, business side only remains the digest value of sensitive information, and since there are irreversibility, industry for digest algorithm
The digest value can not be decrypted in business side, and Information Security has been effectively ensured.
In some cases, in order to cope with application scenarios of the sensitive information as key word of the inquiry, need to retain sensitive letter
A part of breath is in plain text.Fig. 3 is the preservation process of another digest value in the embodiments of the present disclosure.
With reference to Fig. 3, in the embodiments of the present disclosure, the preservation process of digest value can be with are as follows:
Step S02 obtains the mask data of the first information;
Step S03, obtain in the mask data digest value of ciphertext and with the mask data corresponding record, delete institute
State the first information.
Wherein, the first information for example can be the sensitive information for needing to extract digest value.
The mask data of sensitive information can be obtained by preset mask algorithm, which includes the close of default position
Text and plaintext, ciphertext are covered data, usually with " * " display;It is in plain text plaintext data.For example, if the first information is
" 123456789 ", corresponding mask data can be " 123***789 ", and ciphertext is " 456 ".
After determining mask data, the digest value of cipher text part can be obtained according to default digest algorithm and default salt figure,
In above example, i.e., the digest value of digital " 456 ".After obtaining digest value, can only it be covered in the record position record of sensitive information
Code data and corresponding ciphertext digest value delete former sensitive data, to realize the safe preservation of sensitive data.
In step S2, the information inquiring request including the digest value is sent to first terminal.
First terminal can be for example the terminal of conjunction rule supervision side.In the embodiments of the present disclosure, business side only remain by
The data that digest algorithm destroyed can obtain, to make to close when needing to inquire complete sensitive information from rule supervision side is closed
Rule supervision side can effectively supervise business side to the service condition of sensitive data.
It business side can be to the information inquiring request for closing digest value of the rule supervision side transmission including information to be checked.
Fig. 4 is a sub-process figure for sending information inquiring request in the embodiment of the present disclosure to first terminal.
With reference to Fig. 4, in a kind of exemplary embodiment of the disclosure, step S2 may include:
Step S21 generates public key and private key according to the data inquiry request;
Step S22 sends the information inquiring request including the digest value and the public key to the first terminal.
Corresponding to each using sensitive information as the data inquiry request of query result, closing rule supervision Fang Jun can be generated one
To public key and private key, the digest value of public key and data to be checked is being sent jointly to close rule supervision side, to realize to communication
The encryption of process, further ensures Information Security.
In step S3, the letter to be checked is obtained by the return information that inquiry rainbow table determines according to the first terminal
Breath.
In the embodiments of the present disclosure, the relationship that rule supervision side saves data and digest value by rainbow table is closed.Closing rule prison
The rainbow table including multiple independent datas can be generated in the terminal for the side of superintending and directing, and the data in the rainbow table are not associated with each other.Further
Ground can also obtain the digest value of each data in rainbow table according to digest algorithm identical with business side and default salt figure, and
By the digest value and data corresponding record.
Therefore, quick to this in audit business side when conjunction rule supervision side receives the information inquiring request including digest value
The access right of sense information is to allow in use, can retrieve the corresponding data of the digest value in rainbow table, and by the data
Business side is sent to as return information.It, can not be from each data due to Dynamic data exchange in rainbow table for closing and advising supervision side
The associated data of each data is obtained in association, and then conjunction rule supervision side can be effectively ensured can not to obtain the sensitive information of user
(such as four elements), to improve Information Security.When business side sends jointly to public key and digest value to close rule supervision side
When, conjunction rule supervision side can also carry out encryption to return information according to the public key and be then forwarded to business side.
After business side receives return information, if being provided with public private key encryption, according to private key corresponding with the public key
Return information is decrypted, obtains and closes the corresponding data of digest value that rule supervision side returns.It, can be with if return information does not encrypt
It directly acquires and closes the corresponding data of digest value that rule supervision side returns.
After obtaining the corresponding data of digest value, if being to make a summary in digest value acquisition process to sensitive information full text,
Then can directly it be returned the corresponding data of digest value as query result;If being to sensitive information in digest value acquisition process
Cipher text part make a summary, then the corresponding data of digest value and the clear portion of data to be checked can be spliced, from
And it gets complete sensitive information and is returned as query result.
It is to be used using sensitive information as the scene of query result to cope with using sensitive information as key word of the inquiry above
Scene, in addition to the carry out mask to sensitive information and save in plain text, can also to plaintext establish index.
Fig. 5 is the flow chart in an embodiment of the present disclosure.
With reference to Fig. 5, to the scene used using sensitive information as key word of the inquiry, approaches to IM may include:
Step S4, response data retrieval request obtain multiple mask datas according to search key and the index;
Step S5, the first digest value and the multiple mask data corresponding second for obtaining the search key are plucked
It is worth, search result is determined in the multiple mask data according to first digest value.
For example, when retrieving the relevant information of user A using the phone number of user A as search key, due to
Index is established to the plaintext of phone number, can directly retrieve the phone number in the index.Since index is that have plaintext group
At primary retrieval is possible to return to multiple search results, these search results are mask data.
It, can be first according to above-mentioned pre- in order to determine the corresponding mask data of the phone number in multiple mask datas
If mask range, default digest algorithm and default salt figure obtain the digest value that ciphertext in the phone number corresponds to digit, and determine
The corresponding digest value of the ciphertext of multiple search results;Alternatively, the digest value of the phone number can be obtained first, and determination is multiple
The corresponding digest value of search result, to will be determined as with the consistent search result of phone number digest value to be checked to be checked
Data, and the associated data according to the data to be checked can be further found in systems.Above phone number inquiry
Process is merely illustrative, can also be other sensitive datas in practical applications.
It, can by carrying out mask to sensitive information, index is established to plaintext and determining unique search result according to digest value
Recall precision caused by avoid mass data is faced when directly retrieving according to digest value is low, effectively improves the sensitivity of business side
Information search efficiency.
The above method 100 is described in detail below by specific implementation scene.
Fig. 6 is the schematic diagram of one embodiment of disclosure application scenarios.
With reference to Fig. 6, the embodiment of the present disclosure is by designing the sensitivity based on digest algorithm in business side, conjunction rule two side of supervision side
Information preservation framework, the principle cut by responsibility are de- using digest algorithm solution sensitive information corresponding with the relationship of rainbow table
The safety and practicability contradiction of quick preservation and reduction.
In business side, it is first determined digest algorithm, mask range, reasonable salt figure, to externally input sensitive information (first
Information) mask processing is carried out, digest value is obtained using KMS salt to mask part, and retain corresponding relationship and the part of four elements
In plain text, index is established to the clear portion of non-mask.
When the data query environment for closing rule side can be accessed by document using sensitive information as when data query result,
Obtain the clear data returned;When can inquire in the index, then comparison query item using sensitive information as when search key
The digest value of part and the digest value of search result, determine unique search result, to improve inquiry velocity, realize High Availabitity.
Since clear data is destroyed and irreversible, business side can not individually obtain the true content of sensitive information, effective guarantee letter
Cease safety.
Close advise supervision side, firstly generate rainbow table, further according to the consistent digest algorithm in business side, mask range, conjunction
Managing the building of salt figure combination KMS salt includes digest value-data rainbow table, thus the corresponding relationship of four elements of shielding.Due to rainbow
Each data weight homogenizing in table, the true meaning of sensitive information can not individually be obtained by closing rule supervision side, effective guarantee information peace
Quan Xing.In addition, also needing to construct the data query environment of high concurrent High Availabitity closing rule supervision side, and provide query interface text
Shelves, to improve information search efficiency;Monitor closely and audit system are established, to improve the supervision that sensitive data is used business side
Dynamics.
The inquiry channel that single credit can be constructed between business Fang Yuhe rule supervision side, makes business side pass through digest value
To closing, rule supervision side carries out data query or mask inquiry, data are spliced to adapt to the reduction scene of output result.To guarantee to pass
Public private key pair can be generated in defeated safety, business side, and public key is distributed to conjunction rule supervision side.Closing after rule supervision side completes inquiry will return
Business side is returned to after returning the public key encryption that data are provided with business side, use is corresponding with the public key after business side obtains ciphertext
Returned data is decrypted in private key.Exemplary conjunction rule side in scheme, business side are only one embodiment, protection scope not office
It is limited to this.
The embodiment of the present disclosure can meet the business need such as reduction, condition query in plain text by the deployment framework of unification
It asks, while eliminating the hidden danger that sensitive information is revealed from internal single channel, all there is between industry tool inside big companies
There is extremely strong universality.
To sum up, the approaches to IM that the disclosure provides eliminates sensitive letter the characteristics of homogenizing using rainbow table weight
The directive property of breath, to protect data-privacy;Multiple business application scenarios are met in a manner of single information desensitization, greatly
Simplify deployment process.Therefore, the approaches to IM of the disclosure at least has the advantages that
1. high safety: business side does not have clear data, and closing rule supervision side does not have data relationship, either party is technically
All voluntarily one it can not peep clear data overall picture;
2. low in cost: it is small to business side and the terminal software retrofit work amount for closing rule supervision side, without moving existing frame greatly
Structure;
3. broad covered area: due to the reusability of rainbow table, this method can be widely used for multiple business line, such as financial, take-away,
Wine trip, platform, by the monitor audit for closing rule side's setting single port diameter, solving each Self management sensitivity letter of each product line at present at one stroke
The management pain spot of breath.
Corresponding to above method embodiment, the disclosure also provides a kind of apparatus for management of information, can be used for executing above-mentioned side
Method embodiment.
Fig. 7 schematically shows a kind of block diagram of apparatus for management of information in one exemplary embodiment of the disclosure.
With reference to Fig. 7, apparatus for management of information 70 may include:
Digest value determining module 71 is set as the digest value that response data inquiry request determines information to be checked;
Information inquiry module 72 is set as sending the information inquiring request including the digest value to first terminal;
Information recovery module 73 is set as being obtained according to the first terminal by the return information that inquiry rainbow table determines
The information to be checked.
In a kind of exemplary embodiment of the disclosure, further includes:
Full text digest value logging modle 701 deletes described first after being set as the digest value and the record that obtain the first information
Information.
In a kind of exemplary embodiment of the disclosure, further includes:
Mask module 702 is set as obtaining the mask data of the first information;
Mask digest value logging modle 703 is set as obtaining the digest value of ciphertext in the mask data and covers with described
Code data corresponding record, deletes the first information.
In a kind of exemplary embodiment of the disclosure, further includes:
Index establishes module 74, is set as establishing index to the plaintext in the mask data.
In a kind of exemplary embodiment of the disclosure, further includes:
Respond module 75 is retrieved, response data retrieval request is set as, is obtained according to search key and the index more
A mask data;
As a result determining module 76 are set as obtaining the first digest value of the search key and the multiple mask number
According to corresponding second digest value, search result is determined in the multiple mask data according to first digest value.
In a kind of exemplary embodiment of the disclosure, information inquiry module 72 includes:
Key generating unit 721 is set as generating public key and private key according to the data inquiry request;
Key transmission unit 722, being set as sending to the first terminal includes the digest value and the public key
Information inquiring request.
In a kind of exemplary embodiment of the disclosure, information recovery module 73 includes:
Data decryption unit 731 is set as that the return information is decrypted according to the private key, obtains described to be checked
Ask information.
Since each function of device 70 has been described in detail in its corresponding embodiment of the method, the disclosure in this no longer
It repeats.
It should be noted that although being referred to several modules or list for acting the equipment executed in the above detailed description
Member, but this division is not enforceable.In fact, according to embodiment of the present disclosure, it is above-described two or more
Module or the feature and function of unit can embody in a module or unit.Conversely, an above-described mould
The feature and function of block or unit can be to be embodied by multiple modules or unit with further division.
In an exemplary embodiment of the disclosure, a kind of electronic equipment that can be realized the above method is additionally provided.
Person of ordinary skill in the field it is understood that various aspects of the invention can be implemented as system, method or
Program product.Therefore, various aspects of the invention can be embodied in the following forms, it may be assumed that complete hardware embodiment, complete
The embodiment combined in terms of full Software Implementation (including firmware, microcode etc.) or hardware and software, can unite here
Referred to as circuit, " module " or " system ".
The electronic equipment 800 of this embodiment according to the present invention is described referring to Fig. 8.The electronics that Fig. 8 is shown
Equipment 800 is only an example, should not function to the embodiment of the present invention and use scope bring any restrictions.
As shown in figure 8, electronic equipment 800 is showed in the form of universal computing device.The component of electronic equipment 800 can wrap
It includes but is not limited to: at least one above-mentioned processing unit 810, at least one above-mentioned storage unit 820, the different system components of connection
The bus 830 of (including storage unit 820 and processing unit 810).
Wherein, the storage unit is stored with program code, and said program code can be held by the processing unit 810
Row, so that various according to the present invention described in the execution of the processing unit 810 above-mentioned " illustrative methods " part of this specification
The step of illustrative embodiments.For example, the processing unit 810 can execute step S1: response data as shown in fig. 1
Inquiry request determines the digest value of information to be checked;Step S2: the information including the digest value is sent to first terminal and is inquired
Request;Step S3: the information to be checked is obtained by the return information that inquiry rainbow table determines according to the first terminal.
Storage unit 820 may include the readable medium of volatile memory cell form, such as Random Access Storage Unit
(RAM) 8201 and/or cache memory unit 8202, it can further include read-only memory unit (ROM) 8203.
Storage unit 820 can also include program/utility with one group of (at least one) program module 8205
8204, such program module 8205 includes but is not limited to: operating system, one or more application program, other program moulds
It may include the realization of network environment in block and program data, each of these examples or certain combination.
Bus 830 can be to indicate one of a few class bus structures or a variety of, including storage unit bus or storage
Cell controller, peripheral bus, graphics acceleration port, processing unit use any bus structures in a variety of bus structures
Local bus.
Electronic equipment 800 can also be with one or more external equipments 700 (such as keyboard, sensing equipment, bluetooth equipment
Deng) communication, can also be enabled a user to one or more equipment interact with the electronic equipment 800 communicate, and/or with make
Any equipment (such as the router, modulation /demodulation that the electronic equipment 800 can be communicated with one or more of the other calculating equipment
Device etc.) communication.This communication can be carried out by input/output (I/O) interface 850.Also, electronic equipment 800 can be with
By network adapter 860 and one or more network (such as local area network (LAN), wide area network (WAN) and/or public network,
Such as internet) communication.As shown, network adapter 860 is communicated by bus 830 with other modules of electronic equipment 800.
It should be understood that although not shown in the drawings, other hardware and/or software module can not used in conjunction with electronic equipment 800, including but not
Be limited to: microcode, device driver, redundant processing unit, external disk drive array, RAID system, tape drive and
Data backup storage system etc..
Through the above description of the embodiments, those skilled in the art is it can be readily appreciated that example described herein is implemented
Mode can also be realized by software realization in such a way that software is in conjunction with necessary hardware.Therefore, according to the disclosure
The technical solution of embodiment can be embodied in the form of software products, which can store non-volatile at one
Property storage medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) in or network on, including some instructions are so that a calculating
Equipment (can be personal computer, server, terminal installation or network equipment etc.) is executed according to disclosure embodiment
Method.
In an exemplary embodiment of the disclosure, a kind of computer readable storage medium is additionally provided, energy is stored thereon with
Enough realize the program product of this specification above method.In some possible embodiments, various aspects of the invention may be used also
In the form of being embodied as a kind of program product comprising program code, when described program product is run on the terminal device, institute
Program code is stated for executing the terminal device described in above-mentioned " illustrative methods " part of this specification according to this hair
The step of bright various illustrative embodiments.
Refering to what is shown in Fig. 9, describing the program product for realizing the above method of embodiment according to the present invention
900, can using portable compact disc read only memory (CD-ROM) and including program code, and can in terminal device,
Such as it is run on PC.However, program product of the invention is without being limited thereto, in this document, readable storage medium storing program for executing can be with
To be any include or the tangible medium of storage program, the program can be commanded execution system, device or device use or
It is in connection.
Described program product can be using any combination of one or more readable mediums.Readable medium can be readable letter
Number medium or readable storage medium storing program for executing.Readable storage medium storing program for executing for example can be but be not limited to electricity, magnetic, optical, electromagnetic, infrared ray or
System, device or the device of semiconductor, or any above combination.The more specific example of readable storage medium storing program for executing is (non exhaustive
List) include: electrical connection with one or more conducting wires, portable disc, hard disk, random access memory (RAM), read-only
Memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc read only memory
(CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.
Computer-readable signal media may include in a base band or as carrier wave a part propagate data-signal,
In carry readable program code.The data-signal of this propagation can take various forms, including but not limited to electromagnetic signal,
Optical signal or above-mentioned any appropriate combination.Readable signal medium can also be any readable Jie other than readable storage medium storing program for executing
Matter, the readable medium can send, propagate or transmit for by instruction execution system, device or device use or and its
The program of combined use.
The program code for including on readable medium can transmit with any suitable medium, including but not limited to wirelessly, have
Line, optical cable, RF etc. or above-mentioned any appropriate combination.
The program for executing operation of the present invention can be write with any combination of one or more programming languages
Code, described program design language include object oriented program language-Java, C++ etc., further include conventional
Procedural programming language-such as " C " language or similar programming language.Program code can be fully in user
It calculates and executes in equipment, partly executes on a user device, being executed as an independent software package, partially in user's calculating
Upper side point is executed on a remote computing or is executed in remote computing device or server completely.It is being related to far
Journey calculates in the situation of equipment, and remote computing device can pass through the network of any kind, including local area network (LAN) or wide area network
(WAN), it is connected to user calculating equipment, or, it may be connected to external computing device (such as utilize ISP
To be connected by internet).
In addition, above-mentioned attached drawing is only the schematic theory of processing included by method according to an exemplary embodiment of the present invention
It is bright, rather than limit purpose.It can be readily appreciated that the time that above-mentioned processing shown in the drawings did not indicated or limited these processing is suitable
Sequence.In addition, be also easy to understand, these processing, which can be, for example either synchronously or asynchronously to be executed in multiple modules.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the disclosure
Its embodiment.This application is intended to cover any variations, uses, or adaptations of the disclosure, these modifications, purposes or
Person's adaptive change follows the general principles of this disclosure and including the undocumented common knowledge in the art of the disclosure
Or conventional techniques.The description and examples are only to be considered as illustrative, and the true scope of the disclosure and design are wanted by right
It asks and points out.
Claims (10)
1. a kind of approaches to IM characterized by comprising
Response data inquiry request determines the digest value of information to be checked;
The information inquiring request including the digest value is sent to first terminal;
The information to be checked is obtained by the return information that inquiry rainbow table determines according to the first terminal.
2. approaches to IM as described in claim 1, which is characterized in that further include:
After obtaining the digest value of the first information and record, the first information is deleted.
3. approaches to IM as described in claim 1, which is characterized in that further include:
Obtain the mask data of the first information;
Obtain in the mask data digest value of ciphertext and with the mask data corresponding record, delete the first information.
4. approaches to IM as claimed in claim 3, which is characterized in that further include:
Index is established to the plaintext in the mask data.
5. approaches to IM as claimed in claim 4, which is characterized in that further include:
Response data retrieval request obtains multiple mask datas according to search key and the index;
The first digest value and corresponding second digest value of the multiple mask data for obtaining the search key, according to institute
It states the first digest value and determines search result in the multiple mask data.
6. approaches to IM as described in claim 1, which is characterized in that described send to first terminal includes the abstract
The information inquiring request of value includes:
Public key and private key are generated according to the data inquiry request;
The information inquiring request including the digest value and the public key is sent to the first terminal.
7. approaches to IM as claimed in claim 5, which is characterized in that described color by inquiry according to the first terminal
The return information that rainbow table determines obtains the information to be checked
The return information is decrypted according to the private key, obtains the information to be checked.
8. a kind of apparatus for management of information characterized by comprising
Digest value determining module is set as the digest value that response data inquiry request determines information to be checked;
Information inquiry module is set as sending the information inquiring request including the digest value to first terminal;
Information recovery module, be set as according to the first terminal by the return information that inquiry rainbow table determines obtain it is described to
Query information.
9. a kind of electronic equipment characterized by comprising
Memory;And
The processor of memory belonging to being coupled to, the processor is configured to the instruction based on storage in the memory,
Execute such as the described in any item approaches to IM of claim 1-7.
10. a kind of computer readable storage medium, is stored thereon with program, realized when which is executed by processor as right is wanted
Seek the described in any item approaches to IM of 1-7.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811039097.1A CN109325360B (en) | 2018-09-06 | 2018-09-06 | Information management method and device |
| CA3054213A CA3054213A1 (en) | 2018-09-06 | 2019-09-05 | Information management method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811039097.1A CN109325360B (en) | 2018-09-06 | 2018-09-06 | Information management method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109325360A true CN109325360A (en) | 2019-02-12 |
| CN109325360B CN109325360B (en) | 2020-05-26 |
Family
ID=65263902
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811039097.1A Active CN109325360B (en) | 2018-09-06 | 2018-09-06 | Information management method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN109325360B (en) |
| CA (1) | CA3054213A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113630237A (en) * | 2021-07-26 | 2021-11-09 | 珠海格力电器股份有限公司 | Data encryption method and device and data decryption method and device |
| CN114003964A (en) * | 2021-12-30 | 2022-02-01 | 云账户技术(天津)有限公司 | Method and device for processing sensitive information mask |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113704816A (en) * | 2021-08-05 | 2021-11-26 | 绿盟科技集团股份有限公司 | Data desensitization method, device and storage medium |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7783046B1 (en) * | 2007-05-23 | 2010-08-24 | Elcomsoft Co. Ltd. | Probabilistic cryptographic key identification with deterministic result |
| CN103049709A (en) * | 2013-01-22 | 2013-04-17 | 上海交通大学 | Code recovery system and recovery method based on generator and extended rainbow table |
| US20130198821A1 (en) * | 2012-02-01 | 2013-08-01 | Amazon Technologies, Inc. | Account Management for Multiple Network Sites |
| GB2503545A (en) * | 2012-04-26 | 2014-01-01 | Appsense Ltd | Encrypted key stretching and checking using header, metadata or filenames |
| CN103731432A (en) * | 2014-01-11 | 2014-04-16 | 西安电子科技大学昆山创新研究院 | Multi-user supported searchable encryption system and method |
| CN103975333A (en) * | 2011-12-01 | 2014-08-06 | 国际商业机器公司 | Cross system secure logon |
| CN103995834A (en) * | 2014-04-24 | 2014-08-20 | 小米科技有限责任公司 | Sensitive information detection method and related device |
| CN105681280A (en) * | 2015-12-29 | 2016-06-15 | 西安电子科技大学 | Searchable encryption method based on Chinese in cloud environment |
| CN106203099A (en) * | 2016-07-26 | 2016-12-07 | 北京航空航天大学 | A kind of guard method of hardware supported embedded system program cue mark |
| CN106357384A (en) * | 2016-08-26 | 2017-01-25 | 广州慧睿思通信息科技有限公司 | Word2003 document cracking system based on FPGA hardware and method |
| CN106778292A (en) * | 2016-11-24 | 2017-05-31 | 中国电子科技集团公司第三十研究所 | A kind of quick restoring method of Word encrypted documents |
| CN106845275A (en) * | 2017-02-09 | 2017-06-13 | 中国科学院数据与通信保护研究教育中心 | The electronic bill management system and method for a kind of secret protection |
-
2018
- 2018-09-06 CN CN201811039097.1A patent/CN109325360B/en active Active
-
2019
- 2019-09-05 CA CA3054213A patent/CA3054213A1/en active Pending
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7783046B1 (en) * | 2007-05-23 | 2010-08-24 | Elcomsoft Co. Ltd. | Probabilistic cryptographic key identification with deterministic result |
| CN103975333A (en) * | 2011-12-01 | 2014-08-06 | 国际商业机器公司 | Cross system secure logon |
| US20130198821A1 (en) * | 2012-02-01 | 2013-08-01 | Amazon Technologies, Inc. | Account Management for Multiple Network Sites |
| GB2503545A (en) * | 2012-04-26 | 2014-01-01 | Appsense Ltd | Encrypted key stretching and checking using header, metadata or filenames |
| CN103049709A (en) * | 2013-01-22 | 2013-04-17 | 上海交通大学 | Code recovery system and recovery method based on generator and extended rainbow table |
| CN103731432A (en) * | 2014-01-11 | 2014-04-16 | 西安电子科技大学昆山创新研究院 | Multi-user supported searchable encryption system and method |
| CN103995834A (en) * | 2014-04-24 | 2014-08-20 | 小米科技有限责任公司 | Sensitive information detection method and related device |
| CN105681280A (en) * | 2015-12-29 | 2016-06-15 | 西安电子科技大学 | Searchable encryption method based on Chinese in cloud environment |
| CN106203099A (en) * | 2016-07-26 | 2016-12-07 | 北京航空航天大学 | A kind of guard method of hardware supported embedded system program cue mark |
| CN106357384A (en) * | 2016-08-26 | 2017-01-25 | 广州慧睿思通信息科技有限公司 | Word2003 document cracking system based on FPGA hardware and method |
| CN106778292A (en) * | 2016-11-24 | 2017-05-31 | 中国电子科技集团公司第三十研究所 | A kind of quick restoring method of Word encrypted documents |
| CN106845275A (en) * | 2017-02-09 | 2017-06-13 | 中国科学院数据与通信保护研究教育中心 | The electronic bill management system and method for a kind of secret protection |
Non-Patent Citations (1)
| Title |
|---|
| 王昱镔: "互联网个人敏感信息保护研究", 《信息网络安全》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113630237A (en) * | 2021-07-26 | 2021-11-09 | 珠海格力电器股份有限公司 | Data encryption method and device and data decryption method and device |
| CN114003964A (en) * | 2021-12-30 | 2022-02-01 | 云账户技术(天津)有限公司 | Method and device for processing sensitive information mask |
| CN114003964B (en) * | 2021-12-30 | 2022-03-25 | 云账户技术(天津)有限公司 | Method and device for processing sensitive information mask |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109325360B (en) | 2020-05-26 |
| CA3054213A1 (en) | 2020-03-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105453105B (en) | System and method for cloud data safety | |
| CN109862041A (en) | A kind of digital identification authentication method, unit, system and storage medium | |
| CN105874464B (en) | System and method for introducing variation in subsystem output signal to prevent device-fingerprint from analyzing | |
| CN108540459A (en) | Data storage method, device, system, electronic equipment and computer-readable medium | |
| Alani et al. | Security challenges in the industry 4.0 era | |
| US10887307B1 (en) | Systems and methods for identifying users | |
| US11425571B2 (en) | Device configuration method, apparatus and system | |
| US20240095538A1 (en) | Privacy-preserving graphical model training methods, apparatuses, and devices | |
| CN109325360A (en) | Approaches to IM and device | |
| CN109918668A (en) | Credit information management method, device, equipment and storage medium based on block chain | |
| Molnar et al. | Privacy for RFID through trusted computing | |
| US10027770B2 (en) | Expected location-based access control | |
| US20200193057A1 (en) | Privacy enhanced data lake for a total customer view | |
| US11734439B2 (en) | Secure data analysis | |
| WO2021042746A1 (en) | Information recommendation method and apparatus, and storage medium and electronic device | |
| CN110442654A (en) | Promise breaking information query method, device, computer equipment and storage medium | |
| US20160219069A1 (en) | Method for detecting anomalies in network traffic | |
| US10931790B2 (en) | Systems and methods for securely transferring selective datasets between terminals with multi-applications support | |
| Tuna et al. | Cyber Business Management | |
| CN115146815A (en) | Service processing method, device, computer and readable storage medium | |
| CN108133150A (en) | Safety management system, storage medium and electric terminal based on contract dataset | |
| Mateus-Coelho et al. | Exploring Cyber Criminals and Data Privacy Measures | |
| US9514326B1 (en) | Serial interpolation for secure membership testing and matching in a secret-split archive | |
| JP2009129312A (en) | Public relations business support system and its method | |
| Dorigo | Security information and event management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |