CN109583237A - User data protection method, server and storage medium - Google Patents

User data protection method, server and storage medium Download PDF

Info

Publication number
CN109583237A
CN109583237A CN201811503783.XA CN201811503783A CN109583237A CN 109583237 A CN109583237 A CN 109583237A CN 201811503783 A CN201811503783 A CN 201811503783A CN 109583237 A CN109583237 A CN 109583237A
Authority
CN
China
Prior art keywords
data
encryption
encrypted
user
segment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811503783.XA
Other languages
Chinese (zh)
Inventor
胡燕
苏玉峰
吴东勤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201811503783.XA priority Critical patent/CN109583237A/en
Publication of CN109583237A publication Critical patent/CN109583237A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to data processings, disclose a kind of user data protection method, this method comprises: determining the sensitive data in user data after receiving user data;Encryption is carried out to the sensitive data according to preset Encryption Algorithm and generates encryption data;Sensitive data in user data is replaced with into the encryption data, form and saves user encryption data.The present invention is also disclosed that a kind of server and computer storage medium.Using the present invention, the risk of privacy of user data leak can be reduced, improve the safety of user data.

Description

User data protection method, server and storage medium
Technical field
The present invention relates to technical field of data processing more particularly to a kind of user data protection methods, server and calculating Machine readable storage medium storing program for executing.
Background technique
With the continuous development of conventional internet and mobile Internet, public's privacy information (such as phone number, silver are obtained The privacy informations such as row account number, passport NO., home address) approach it is more and more (for example, can be obtained from express delivery list Transmit/receive part people phone number and home address, can be obtained from airline ticket seize the opportunity people passport NO., can be from bank The bank account numbers etc. of client are obtained on various bills), normal life and order of work to the public constitute serious challenge.
For this status, although the various government departments for being related to public's privacy and/company are also taking specific measure Protection public's privacy information is still related to privacy information protection side used by the government department and/company of public's privacy at present Case usually uses the methods of mask, masks portion numbers, or directly use symmetric cryptography or rivest, shamir, adelman, right The fields such as cell-phone number are encrypted, or hint obliquely at table by establishing data, are tabled look-up and are converted original number and encrypted number, Huo Zhetong It crosses the random number generated and replacement Treatment is carried out to privacy of user data.
The prior art includes following one or more technological deficiencies: one, destroying the availability of respective field, make total Word sequence itself is imperfect;Two, it needs to make corresponding change to application system, database or operation flow, often due to implementing Difficulty is big, influence business operation, is computationally intensive, database table storage extends the reasons such as difficulty causes to be difficult to land;Three, decryption is tired It is difficult (for example, the courier of express company needs by way of inputting or scanning express delivery two dimensional code, to be obtained from Courier Service device The corresponding phone number for transmitting/receiving part people);Four, safety is not strong, and confidentiality depends on the confidentiality of mapping table, lacks solid Contemporary cryptology basis;Five, it is replaced using random number, the random number of generation usually requires to obey specific distribution function, no Only calculation amount is larger, and usually can not easily be decrypted, and constitutes obstacle to the Subsequent secure application of data.
Summary of the invention
In view of the foregoing, the present invention provides a kind of user data protection method, server and computer-readable storage medium Matter, its main purpose is, the safety for reducing the risk of privacy of user data leak, improving user data.
To achieve the above object, the present invention provides a kind of user data protection method, this method comprises:
S1, the user data that client is sent is received, preset kind sensitive data is determined from the user data, it is described Preset kind sensitive data includes numeric type data and nonumeric type data;
S2, when determining the user data includes numeric type data, according to preset first Encryption Algorithm to the number Value type data carry out part number or all same digit number encryption of number, numeric type encryption data are generated, when determining When to state the user data include nonumeric type data, the nonumeric type data are carried out according to preset second Encryption Algorithm The field encryption of part field or whole fields, generates nonumeric type encryption data;And
S3, the numeric type data in the user data is substituted for the numeric type encryption data, and/or, it will be described Nonumeric type data in preset kind sensitive data are substituted for the nonumeric type encryption data, obtain encryption user data, And save the encryption user data.
In addition, the server includes: memory, processor the present invention also provides a kind of server, deposited on the memory The user data protective program that can be run on the processor is contained, the user data protective program is held by the processor , it can be achieved that arbitrary steps in user data protection method as described above when row.
In addition, to achieve the above object, it is described computer-readable the present invention also provides a kind of computer readable storage medium It include user data protective program in storage medium, it can be achieved that as above when the user data protective program is executed by processor Arbitrary steps in the user data protection method.
User data protection method, server and computer readable storage medium proposed by the present invention, it is original by guaranteeing The data of preservation are the data of encryption, even if the data saved are maliciously leaked, also guarantee the safety of user's sensitive data enough; Ciphering process is not related to complicated functional operation, and calculation amount is small, and must be according to preset encryption and decryption to the data of preservation Algorithm realizes decryption, so that authorization could be decrypted and be become a reality.
Detailed description of the invention
Fig. 1 is the flow chart of user data protection method preferred embodiment of the present invention;
Fig. 2 is the schematic diagram of server preferred embodiment of the present invention;
Fig. 3 is the program module schematic diagram of user data protective program in Fig. 2.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The present invention provides a kind of user data protection method.Referring to Fig.1 shown in, be user data protection method of the present invention compared with The flow chart of good embodiment.This method can be executed by a device, which can be by software and or hardware realization.
In the present embodiment, the user data protection method includes step S1-S3.
S1, the user data that client is sent is received, preset kind sensitive data is determined from the user data, it is described Preset kind sensitive data includes numeric type data and nonumeric type data.
For example, preset kind sensitive data may include the phone number of user, home address, passport NO., the age and Income etc. is related to the information of privacy of user.
The numeric type data refers to the data being all made of 0-9 number, for example, phone number, passport NO. etc..
The nonumeric type data refer to the data not being made of 0-9 number all, for example, home address, marriage shape Condition, hobby interests etc..
S2, when determining the user data includes numeric type data, according to preset first Encryption Algorithm to the number Value type data carry out part number or all same digit number encryption of number, numeric type encryption data are generated, when determining When to state the user data include nonumeric type data, the nonumeric type data are carried out according to preset second Encryption Algorithm The field encryption of part field or whole fields, generates nonumeric type encryption data.
Wherein, the same digit number encryption refers to that the initial data by a N bit digital to be encrypted is encrypted to one The encryption data of a N bit digital, for example, " digital data encryption " is counted at the encryption data of 4 bit digitals by the data of 4 bit digitals The encryption of word, N are positive integer.
S3, the numeric type data in the user data is substituted for the numeric type encryption data, and/or, it will be described Nonumeric type data in preset kind sensitive data are substituted for the nonumeric type encryption data, obtain encryption user data, And save the encryption user data.
Preset kind sensitive data in above-mentioned user data is replaced with into corresponding encryption data.
The user data protection method that above-described embodiment proposes, the data of original preservation are the data of encryption, even if saving Data maliciously leaked, also enough guarantee user's sensitive data safety;Ciphering process is not related to complicated functional operation, Calculation amount is small, and must be realized and be decrypted according to preset enciphering and deciphering algorithm to the data of preservation, so that authorization can be just decrypted into For reality.
In order to guarantee the decryption safety of encryption data, in other embodiments, this method further include: step S4-S6.
S4, receive user for the decoding requests of one or more encryption user data, verify the user whether have this one The decrypted rights of a or multiple encryption user data.
For example, the acquisition request can be downloading request or check request etc. online.
Preferably, the Authority Verification data that the decrypted user of having the right of encryption user data can be pre-saved, for example, permission Verify data includes subscriber identity data (for example, work number), finger print data, face characteristic data etc., if the user of the user marks Data are known in the Authority Verification data pre-saved, then are verified, if not in the Authority Verification data pre-saved, Authentication failed;Alternatively, if having the Authority Verification data pre-saved and the finger print data and/or face characteristic from user acquisition Data Matching is then verified, if the Authority Verification data not pre-saved with from the user acquire finger print data and/or Face characteristic Data Matching, then authentication failed.
If S5, authentication failed refuse to respond the decoding request, alternatively, if being verified, according to preset first solution Close algorithm to the one or more encryption user data numeric type encryption data carry out part number or all number it is same Digit number decryption generates numeric type ciphertext data, and/or, the one or more is added according to preset second decipherment algorithm The nonumeric type encryption data of close user data carries out the field decryption of part field or whole fields, generates nonumeric type solution Ciphertext data.
The same digit number decryption refers to that the encryption data by a N bit digital to be decrypted is decrypted into one N The ciphertext data of number, for example, " digital encrypting and decrypting " is counted at the ciphertext data of 4 bit digitals by the encryption data of 4 bit digitals The decryption of word, N are positive integer.
S6, in one or more of encryption user data, the numeric type encryption data is substituted for the numerical value Type ciphertext data, and/or, the nonumeric type encryption data is substituted for the nonumeric type encryption data, to be decrypted User data, and the decrypted user data are sent to the user.
In order not to destroy the availability of respective field, so that encryption data sufficiently complete itself, if numeric type to be encrypted Data are multiple digital bits data (for example, phone numbers " do not destroy the availability of respective field), described in the present embodiment One Encryption Algorithm includes: a1-a4.
A1, rule is determined according to predetermined encryption digit order number, determines the be-encrypted data section of the first presetting digit capacity, and Non-encrypted data section in addition to the be-encrypted data section.
For example, the be-encrypted data section of above-mentioned first presetting digit capacity be phone number centre 4 " " machine number, be denoted as Nm, the non-encrypted data section are 3 bit digital of the phone number leftmost side, are denoted as 4 bit digital of Nl and the rightmost side, are denoted as Nr.
A2, using Crypted password algorithm predetermined corresponding with numeric type data to be encrypted and key, to true Fixed non-encrypted data section carries out calculation process and generates operation values.
For example, above-mentioned Crypted password algorithm predetermined includes hash algorithm and binary number conversion algorithm, the Kazakhstan The operational formula of uncommon algorithm can indicate are as follows: Hash=Digest (Nl+Nr+K), wherein K represents key, and Nl represents to be encrypted The numeric type data leftmost side the second presetting digit capacity data segment, Nr represents the third of the numeric type data rightmost side to be encrypted The data segment of presetting digit capacity, Hash represent cryptographic Hash;The binary number conversion algorithm is that binary hash value is converted into ten The operational formula of the algorithm of the operation values of system, the binary number conversion algorithm can indicate are as follows: Num=CalcNum (Hash).
The above-mentioned operation values generated by calculation process can be metric digital 9.
A3, it is carried out using operation values of the predetermined encryption hybrid operation algorithm to the be-encrypted data section and generation Hybrid operation is encrypted, the Hybrid Encryption data segment E_Nm of the first presetting digit capacity is obtained.
For example, the encryption hybrid operation algorithm can be resulting plus a2 step for the be-encrypted data section of the first presetting digit capacity Operation values, to resulting and remake modulo operation, " i.e. mod operation ".The formula of the hybrid operation algorithm can indicate are as follows: E_Nm =(Nm+Num) mod 10n, wherein Nm represents the be-encrypted data section, and Num represents the operation values, and n is equal to described to be added The data bits of ciphertext data section;Modulo operation is defined as follows: working as a=bq+r, q is integer, and q is made to reach maximum, at this time a mod B is equal to r, and r is nonnegative number.
The Hybrid Encryption data segment E_Nm of above-mentioned first presetting digit capacity can be exemplified as (2417+9) mod 104=2426.
A4, the be-encrypted data section replaced with into the Hybrid Encryption data in the numeric type data to be encrypted Section, generates encrypted multiple digital bits data.
For example, above-mentioned encrypted multiple digital bits data are Nl+E_Nm+Nr, Nl represents the numeric type data to be encrypted The data segment of second presetting digit capacity of the leftmost side, Nr represent the number of the third presetting digit capacity of the numeric type data rightmost side to be encrypted According to section, E_Nm represents the Hybrid Encryption data segment.
Optionally, if the data bits of the numeric type data to be encrypted is greater than 2, the predetermined encryption number Position determines that rule includes:
It is pre- by the second of the leftmost side of the numeric type data (for example, phone number " 13424174205 ") to be encrypted If digit data segment (for example, 3 bit digitals of the leftmost side) is used as preceding segment data Nl, most by the numeric type data to be encrypted The third presetting digit capacity data (for example, 4 bit digitals of the rightmost side) on right side are used as rear segment data Nr, and the preceding segment data Nl is with after Segment data Nr is non-encrypted data section, wherein second presetting digit capacity and third presetting digit capacity and be less than described to be added The digit of close numeric type data;
By the preceding segment data and rear segment data after being removed in the numeric type data to be encrypted, remaining data segment Nm is the be-encrypted data section (for example, " 2417 ").
Optionally, if the data bits of the numeric type data to be encrypted is equal to 2, the predetermined encryption number Position determines that rule includes:
By 1 data of the leftmost side of the numeric type data to be encrypted (for example, age " described to) (for example, most left Side 1 bit digital " number) be used as preceding segment data Nl, the preceding segment data Nl is non-encrypted data section;
By the preceding segment data after removing in the numeric type data to be encrypted, remaining data segment Nm is described Be-encrypted data section (for example, " for institute).
Preferably, the Crypted password algorithm predetermined includes hash algorithm and binary number conversion algorithm, In:
The operational formula of the hash algorithm can indicate are as follows: Hash=Digest (Nl+Nr+K), wherein K is represented should be to Encrypt the corresponding key of multiple digital bits number, it should be noted that for the multiple digital digit to be encrypted of all preset kinds According to corresponding key can be unification, and Nl represents the number of the second presetting digit capacity of the multiple digital bits data to be encrypted leftmost side According to Nr represents the data of the third presetting digit capacity of the multiple digital bits data to be encrypted rightmost side, and Hash represents cryptographic Hash.
The binary number conversion algorithm is the algorithm that binary hash value is converted into metric operation values, this two The operational formula of system number conversion algorithm can indicate are as follows: Num=CalcNum (Hash), wherein Hash represents aforementioned Hash and calculates The calculated cryptographic Hash of method.
Preferably, second Encryption Algorithm in the present embodiment includes:
According to the mapping relations of the type of predetermined nonumeric type data and encryption rule, the preset kind is determined The corresponding encryption rule of each nonumeric type data in sensitive data;
Each nonumeric type data in the preset kind sensitive data are encrypted according to corresponding encryption rule.
In order to guarantee can inversely decrypting for nonumeric type data, the complexity of calculating is reduced, nonumeric type number is effectively ensured According to safety, optionally, the nonumeric type data include home address data, the corresponding encryption of the home address data Rule includes:
Home address data are split according to default level administrative division, be divided into average family address date section and Privacy home address data segment;For example, above-mentioned default level administrative division may is that street, village, town etc..
According to the mapping of predetermined default level administrative division, privacy home address data segment and encryption address data Relation data determines the corresponding privacy home address data segment of default level administrative division in home address data and cryptographically The mapping relations data of location data, and according to the mapping relations number of determining privacy home address data segment and encryption address data According to finding the corresponding encryption address data of privacy home address data segment of segmentation;For example, different privacy home address data The corresponding different encryption address data of section, the encryption address data can be the data encoding of more data bit, for example, " according to pre- The corresponding data encoding of X5 unit X6 " can be that " data encoding answered can be that " " " area, " " X5 unit X7 " are right The data encoding answered can be that " data encoding answered can be " " " area.
Privacy home address data segment in home address data is substituted for the encryption address data found, generates family Address encryption data.
Preferably, described " home address data to be split according to default level administrative division, are divided into average family The step of address date section and privacy home address data segment " includes:
Identify the default level administrative division data in home address data;
Home address data are carried out front and back data according to the default level administrative division data identified to divide, including are known Not Chu default level administrative division data leading portion address date be average family address date section, remove average family number of addresses It is privacy home address data segment according to the back segment address date other than section.
For example, if the default administrative division includes street, home address data " e.g., X4, the street X3 in the area city X2 X5 The corresponding default level administrative division data of unit X6 " are " street answered ".
To above-mentioned family data carry out front and back data segmentation result are as follows: " area the above-mentioned city X2 street X3 " for the leading portion Location data, " described X5 unit X6 " are back segment address date.
In order to guarantee can inversely decrypting for nonumeric type data, the complexity of calculating is reduced, nonumeric type number is effectively ensured According to safety, optionally, the nonumeric type data include institution where he works's title (for example, work work unit's title or School's title of person's study), the corresponding encryption rule of the organization names includes:
Identify the mechanism font size in organization names;
According to predetermined font size and the mapping relations data of encrypted word number, the mechanism font size pair identified is determined The encrypted word number answered;
Font size in organization names is substituted for determining encrypted word number, generating mechanism title encryption data.
For example, mechanism font size in organization names is enterprise's font size or school's font size, it can be from industrial and commercial registration mechanism number It is determined according in library.
Different font sizes corresponds to different encrypted word numbers, and the encrypted word number can be the data of more data bit Coding, for example, " with font size can be that " a number corresponding data are compiled, and " " corresponding number is corresponding to the corresponding data encoding of font size Data encoding can be " data encoding answered ".
Optionally, if numeric type data to be decrypted is multiple digital bits data (for example, phone number " selection of land, if to be decrypted Numeric type number), first decipherment algorithm in the present embodiment includes: b1-b4.
B1, rule is determined according to predetermined decryption digit order number, determines the data segment to be decrypted of the first presetting digit capacity, and Non- ciphertext data section in addition to the data segment to be decrypted.
For example, the data segment to be decrypted of above-mentioned first presetting digit capacity is the centre 4 " 2426 " of phone number to be decrypted, note For E_Nm, above-mentioned non-ciphertext data section is 3 bit digital of the phone number leftmost side to be decrypted, is denoted as 4 digit of Nl and the rightmost side Word is denoted as Nr.If not decrypting number segment is provided with encryption indicator position, then first restore encryption indicator position, then negated decryption when calculating Number segment.
B2, using clear crytpographic key algorithm predetermined corresponding with numeric type data to be decrypted and key, to true Fixed non-encrypted data section carries out calculation process and generates operation values.
For example, above-mentioned cryptographic algorithm predetermined includes hash algorithm and binary number conversion algorithm, which is calculated The operational formula of method can indicate are as follows: Hash=Digest (Nl+Nr+K), wherein K represents key, and it is to be decrypted more that Nl represents this The data of second presetting digit capacity of the numeric bit data leftmost side, the third that Nr represents the multiple digital bits data to be decrypted rightmost side are default The data of digit, Hash represent cryptographic Hash;The binary number conversion algorithm is metric for binary hash value to be converted into The operational formula of the algorithm of operation values, the binary number conversion algorithm can indicate are as follows: Num=CalcNum (Hash).
The above-mentioned operation values generated by calculation process can be metric digital 9.
B3, it is carried out using operation values of the predetermined decryption hybrid operation algorithm to the data segment to be decrypted and generation Hybrid operation is decrypted, the mixing ciphertext data section Nm of the first presetting digit capacity is obtained.
For example, the decryption hybrid operation algorithm can for the first presetting digit capacity data segment to be decrypted subtract b2 step it is resulting Operation values remake modulo operation to resulting difference, " i.e. mod operation ".The formula of the hybrid operation algorithm can indicate are as follows: Nm= (E_Nm-Num)mod 10n, wherein E_Nm represents the data segment to be decrypted, and Num represents the operation values, n be equal to it is described to The number length of encryption data section;Modulo operation is defined as follows: working as a=bq+r, q is integer, and q is made to reach maximum, at this time a Mod b is equal to r, and r is nonnegative number.
The mixing ciphertext data section Nm of above-mentioned first presetting digit capacity can be exemplified as (2426-9) mod 104=2417.
B4, the data segment to be decrypted replaced with into the mixing ciphertext data in the multiple digital bits data to be decrypted Section, the multiple digital bits data after generating decryption.
Multiple digital bits data after above-mentioned decryption are " 13424174205 ".
Preferably, the predetermined decryption digit order number determines that rule includes:
It is pre- by the second of the leftmost side of the multiple digital bits data (for example, phone number " 13424264205 ") to be decrypted If digit data (for example, 3 bit digitals of the leftmost side) are used as preceding segment data Nl, by the most right of the multiple digital bits data to be decrypted The third presetting digit capacity data (for example, 4 bit digitals of the rightmost side) of side are used as rear segment data Nr, the preceding segment data Nl and back segment Data Nr is non-ciphertext data section, wherein second presetting digit capacity and third presetting digit capacity and be less than the multiple digital The digit of position data;
By the preceding segment data and rear segment data after being removed in the multiple digital bits data to be decrypted, remaining data segment E_Nm is the data segment to be decrypted (for example, " 2426 ").
Preferably, the clear crytpographic key algorithm predetermined includes hash algorithm and binary number conversion algorithm, In:
The operational formula of the hash algorithm is represented by Hash=Digest (Nl+Nr+K), and K represents the majority to be decrypted The corresponding key of numeric bit data, it should be noted that corresponding for the multiple digital bits data to be decrypted of all preset kinds Key can be unification, and Nl represents the data of the second presetting digit capacity of the multiple digital bits data to be decrypted leftmost side, and Nr is represented The data of the third presetting digit capacity of the multiple digital bits data to be decrypted rightmost side, Hash represent cryptographic Hash.
The binary number conversion algorithm is the algorithm that binary hash value is converted into metric operation values, this two The operational formula of system number conversion algorithm can be expressed as Num=CalcNum (Hash), and Hash represents the hash algorithm and calculates Cryptographic Hash.
Optionally, when the nonumeric type encryption data includes home address encryption data, second decipherment algorithm Include:
Home address encryption data is split according to default level administrative division, is divided into average family address date Section and encryption address data segment;For example, above-mentioned default level administrative division may is that street, village, town etc..
According to the mapping of predetermined default level administrative division, privacy home address data segment and encryption address data Relation data determines the corresponding privacy home address data segment of default level administrative division in home address encryption data and adds The mapping relations data of close address date, and closed according to the mapping of determining privacy home address data segment and encryption address data Coefficient evidence finds the corresponding privacy home address data segment of encryption address data of segmentation;For example, different privacy home addresses Data segment corresponds to different encryption address data, and the encryption address data can be the data encoding of more data bit, for example, " e.g., X5 unit X6 " corresponding data encoding can be " data encoding answered can be " " " according to, " " and X5 unit X7 Number " corresponding data encoding can be " data encoding answered can be " " " according to.
Encryption address data in home address data are substituted for the privacy home address data segment found, generate family Address ciphertext data.
Optionally, when the nonumeric type encryption data includes organization names encryption data, second decipherment algorithm Include:
Identify the encrypted word number in organization names encryption data;
According to predetermined font size and the mapping relations data of encrypted word number, the encryption byte number identified is determined According to corresponding font size;For example, different font sizes corresponds to different encrypted word numbers, the encrypted word number can be majority According to the data encoding of position, for example, " the corresponding data encoding of close font size data signal can be that " a number corresponding data are compiled, " " corresponding The corresponding data encoding of number can be " data encoding answered ".
Encrypted word number in organization names encryption data is substituted for determining font size, generating mechanism title decrypts number According to.
It is the schematic diagram of 1 preferred embodiment of server of the present invention referring to shown in Fig. 2.
In the present embodiment, server 1 can be rack-mount server, blade server, tower server or cabinet Formula server.
The server 1 includes memory 11, processor 12 and network interface 13.
Wherein, memory 11 include at least a type of readable storage medium storing program for executing, the readable storage medium storing program for executing include flash memory, Hard disk, multimedia card, card-type memory (for example, SD or DX memory etc.), magnetic storage, disk, CD etc..Memory 11 It can be the internal storage unit of the server 1, such as the hard disk of the server 1 in some embodiments.Memory 11 exists It is hard to be also possible to the plug-in type being equipped on the External memory equipment of the server 1, such as the server 1 in other embodiments Disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash card (Flash Card) etc..Further, memory 11 can also both including the server 1 internal storage unit and also including outside Store equipment.
Memory 11 can be not only used for the application software and Various types of data that storage is installed on the server 1, such as user Data protection program 10 etc. can be also used for temporarily storing the data that has exported or will export.
Processor 12 can be in some embodiments a central processing unit (Central Processing Unit, CPU), controller, microcontroller, microprocessor or other data processing chips, the program for being stored in run memory 11 Code or processing data, such as user data protective program 10 etc..
Network interface 13 optionally may include standard wireline interface and wireless interface (such as WI-FI interface), be commonly used in Communication connection is established between the server 1 and other electronic equipments.For example, client (being not marked in figure).
Fig. 2 illustrates only the server 1 with component 11-13, it will be appreciated by persons skilled in the art that Fig. 2 shows Structure do not constitute the restriction to server 1, may include than illustrating less perhaps more components or the certain portions of combination Part or different component layouts.
Optionally, which can also include user interface, and user interface may include display (Display), defeated Enter unit such as keyboard (Keyboard), optional user interface can also include standard wireline interface and wireless interface.
Optionally, in some embodiments, display can be light-emitting diode display, liquid crystal display, touch control type LCD and show Device and Organic Light Emitting Diode (Organic Light-Emitting Diode, OLED) touch device etc..Wherein, display It is properly termed as display screen or display unit, for showing the information handled in the server 1 and for showing visual use Family interface.
Optionally, in other examples, user data protective program 10 can also be divided into one or more Module, one or more module are stored in memory 11, and (the present embodiment is processor by one or more processors 12) performed, to complete the present invention, the so-called module of the present invention is the series of computation machine program for referring to complete specific function Instruction segment.It is the module diagram of 10 preferred embodiment of user data protective program in Fig. 2, the reality for example, referring to shown in Fig. 3 It applies in example, user data protective program 10 can only include module 110-130.
First receiving module 110 determines default for receiving the user data of client transmission from the user data Type sensitive data, the preset kind sensitive data include numeric type data and nonumeric type data.
For example, preset kind sensitive data may include the phone number of user, home address, passport NO., the age and Income etc. is related to the information of privacy of user.
The numeric type data refers to the data being all made of 0-9 number, for example, phone number, passport NO. etc..
The nonumeric type data refer to the data not being made of 0-9 number all, for example, home address, marriage shape Condition, hobby interests etc..
Encrypting module 120, for being encrypted according to preset first when determining the user data includes numeric type data Algorithm carries out part number to the numeric type data or all the same digit number of number encrypts, and generates numeric type and encrypts number According to when determining the user data includes nonumeric type data, according to preset second Encryption Algorithm to the non-number Value type data carry out the field encryption of part field or whole fields, generate nonumeric type encryption data.
Wherein, the same digit number encryption refers to that the initial data by a N bit digital to be encrypted is encrypted to one The encryption data of a N bit digital, for example, " digital data encryption " is counted at the encryption data of 4 bit digitals by the data of 4 bit digitals The encryption of word, N are positive integer.
First replacement module 130 is encrypted for the numeric type data in the user data to be substituted for the numeric type Data, and/or, the nonumeric type data in the preset kind sensitive data are substituted for the nonumeric type encryption data, Encryption user data is obtained, and saves the encryption user data.
Preset kind sensitive data in above-mentioned user data is replaced with into corresponding encryption data.
The user data protection method that above-described embodiment proposes, the data of original preservation are the data of encryption, even if saving Data maliciously leaked, also enough guarantee user's sensitive data safety;Ciphering process is not related to complicated functional operation, Calculation amount is small, and must be realized and be decrypted according to preset enciphering and deciphering algorithm to the data of preservation, so that authorization can be just decrypted into For reality.
In order to guarantee the decryption safety of encryption data, in other embodiments, the user data protective program 10 includes Module 140-160.
Second receiving module 140, for receiving user for the decoding request of one or more encryption user data, verifying Whether the user has the decrypted rights of one or more encryption user data.
For example, the acquisition request can be downloading request or check request etc. online.
Preferably, the Authority Verification data that the decrypted user of having the right of encryption user data can be pre-saved, for example, permission Verify data includes subscriber identity data (for example, work number), finger print data, face characteristic data etc., if the user of the user marks Data are known in the Authority Verification data pre-saved, then are verified, if not in the Authority Verification data pre-saved, Authentication failed;Alternatively, if having the Authority Verification data pre-saved and the finger print data and/or face characteristic from user acquisition Data Matching is then verified, if the Authority Verification data not pre-saved with from the user acquire finger print data and/or Face characteristic Data Matching, then authentication failed.
Deciphering module 150 refuses to respond the decoding request if being used for authentication failed, alternatively, if being verified, root According to preset first decipherment algorithm to the one or more encryption user data numeric type encryption data carry out part number or The same digit number decryption of the whole numbers of person, generates numeric type ciphertext data, and/or, according to preset second decipherment algorithm pair The nonumeric type encryption data that the one or more encrypts user data carries out the field decryption of part field or whole fields, Generate nonumeric type ciphertext data.
The same digit number decryption refers to that the encryption data by a N bit digital to be decrypted is decrypted into one N The ciphertext data of number, for example, " digital encrypting and decrypting " is counted at the ciphertext data of 4 bit digitals by the encryption data of 4 bit digitals The decryption of word, N are positive integer.
Second replacement module 160, in one or more of encryption user data, the numeric type to be encrypted number According to being substituted for the numeric type ciphertext data, and/or, the nonumeric type encryption data is substituted for the nonumeric type and is encrypted The decrypted user data to obtain decrypted user data, and are sent to the user by data.
In order not to destroy the availability of respective field, so that encryption data sufficiently complete itself, if numeric type to be encrypted Data are multiple digital bits data (for example, phone numbers " do not destroy the availability of respective field), described in the present embodiment One Encryption Algorithm includes: a1-a4.
A1, rule is determined according to predetermined encryption digit order number, determines the be-encrypted data section of the first presetting digit capacity, and Non-encrypted data section in addition to the be-encrypted data section;
For example, the be-encrypted data section of above-mentioned first presetting digit capacity be phone number centre 4 " ", above-mentioned the, be denoted as Nm, the non-encrypted data section are 3 bit digital of the phone number leftmost side, are denoted as 4 bit digital of Nl and the rightmost side, are denoted as Nr.
A2, using Crypted password algorithm predetermined corresponding with numeric type data to be encrypted and key, to true Fixed non-encrypted data section carries out calculation process and generates operation values;
For example, above-mentioned Crypted password algorithm predetermined includes hash algorithm and binary number conversion algorithm, the Kazakhstan The operational formula of uncommon algorithm can indicate are as follows: Hash=Digest (Nl+Nr+K), wherein K represents key, and Nl represents to be encrypted The numeric type data leftmost side the second presetting digit capacity data segment, Nr represents the third of the numeric type data rightmost side to be encrypted The data segment of presetting digit capacity, Hash represent cryptographic Hash;The binary number conversion algorithm is that binary hash value is converted into ten The operational formula of the algorithm of the operation values of system, the binary number conversion algorithm can indicate are as follows: Num=CalcNum (Hash).
The above-mentioned operation values generated by calculation process can be metric digital 9.
A3, it is carried out using operation values of the predetermined encryption hybrid operation algorithm to the be-encrypted data section and generation Hybrid operation is encrypted, the Hybrid Encryption data segment E_Nm of the first presetting digit capacity is obtained;
For example, the encryption hybrid operation algorithm can be resulting plus a2 step for the be-encrypted data section of the first presetting digit capacity Operation values, to resulting and remake modulo operation, " i.e. mod operation ".The formula of the hybrid operation algorithm can indicate are as follows: E_Nm =(Nm+Num) mod 10n, wherein Nm represents the be-encrypted data section, and Num represents the operation values, and n is equal to described to be added The data bits of ciphertext data section;Modulo operation is defined as follows: working as a=bq+r, q is integer, and q is made to reach maximum, at this time a mod B is equal to r, and r is nonnegative number.
The Hybrid Encryption data segment E_Nm of above-mentioned first presetting digit capacity can be exemplified as (2417+9) mod 104=2426.
A4, the be-encrypted data section replaced with into the Hybrid Encryption data in the numeric type data to be encrypted Section, generates encrypted multiple digital bits data.
For example, above-mentioned encrypted multiple digital bits data are Nl+E_Nm+Nr, Nl represents the numeric type data to be encrypted The data segment of second presetting digit capacity of the leftmost side, Nr represent the number of the third presetting digit capacity of the numeric type data rightmost side to be encrypted According to section, E_Nm represents the Hybrid Encryption data segment.
Preferably, second Encryption Algorithm in the present embodiment includes:
According to the mapping relations of the type of predetermined nonumeric type data and encryption rule, the preset kind is determined The corresponding encryption rule of each nonumeric type data in sensitive data;
Each nonumeric type data in the preset kind sensitive data are encrypted according to corresponding encryption rule.
In order to guarantee can inversely decrypting for nonumeric type data, the complexity of calculating is reduced, nonumeric type number is effectively ensured According to safety, optionally, the nonumeric type data include home address data, the corresponding encryption of the home address data Rule includes:
Home address data are split according to default level administrative division, be divided into average family address date section and Privacy home address data segment;For example, above-mentioned default level administrative division may is that street, village, town etc..
According to the mapping of predetermined default level administrative division, privacy home address data segment and encryption address data Relation data determines the corresponding privacy home address data segment of default level administrative division in home address data and cryptographically The mapping relations data of location data, and according to the mapping relations number of determining privacy home address data segment and encryption address data According to finding the corresponding encryption address data of privacy home address data segment of segmentation;For example, different privacy home address data The corresponding different encryption address data of section, the encryption address data can be the data encoding of more data bit, for example, " according to pre- The corresponding data encoding of X5 unit X6 " can be that " data encoding answered can be that " " " area, " " X5 unit X7 " are right The data encoding answered can be that " data encoding answered can be " " " area.
Privacy home address data segment in home address data is substituted for the encryption address data found, generates family Address encryption data.
Preferably, described " home address data to be split according to default level administrative division, are divided into average family The step of address date section and privacy home address data segment " includes:
Identify the default level administrative division data in home address data;
Home address data are carried out front and back data according to the default level administrative division data identified to divide, including are known Not Chu default level administrative division data leading portion address date be average family address date section, remove average family number of addresses It is privacy home address data segment according to the back segment address date other than section.
For example, if the default administrative division includes street, home address data " e.g., X4, the street X3 in the area city X2 X5 The corresponding default level administrative division data of unit X6 " are " street answered ".
To above-mentioned family data carry out front and back data segmentation result are as follows: " area the above-mentioned city X2 street X3 " for the leading portion Location data, " described X5 unit X6 " are back segment address date.
In order to guarantee can inversely decrypting for nonumeric type data, the complexity of calculating is reduced, nonumeric type number is effectively ensured According to safety, optionally, the nonumeric type data include institution where he works's title (for example, work work unit's title or School's title of person's study), the corresponding encryption rule of the organization names includes:
Identify the mechanism font size in organization names;
According to predetermined font size and the mapping relations data of encrypted word number, the mechanism font size pair identified is determined The encrypted word number answered;
Font size in organization names is substituted for determining encrypted word number, generating mechanism title encryption data.
For example, mechanism font size in organization names is enterprise's font size or school's font size, it can be from industrial and commercial registration mechanism number It is determined according in library.
Different font sizes corresponds to different encrypted word numbers, and the encrypted word number can be the data of more data bit Coding, for example, " with font size can be that " a number corresponding data are compiled, and " " corresponding number is corresponding to the corresponding data encoding of font size Data encoding can be " data encoding answered ".
Optionally, if numeric type data to be decrypted is multiple digital bits data (for example, phone number " selection of land, if to be decrypted Numeric type number), first decipherment algorithm in the present embodiment includes: b1-b4.
B1, rule is determined according to predetermined decryption digit order number, determines the data segment to be decrypted of the first presetting digit capacity, and Non- ciphertext data section in addition to the data segment to be decrypted.
For example, the data segment to be decrypted of above-mentioned first presetting digit capacity is the centre 4 " 2426 " of phone number to be decrypted, note For E_Nm, above-mentioned non-ciphertext data section is 3 bit digital of the phone number leftmost side to be decrypted, is denoted as 4 digit of Nl and the rightmost side Word is denoted as Nr.If not decrypting number segment is provided with encryption indicator position, then first restore encryption indicator position, then negated decryption when calculating Number segment.
B2, using clear crytpographic key algorithm predetermined corresponding with numeric type data to be decrypted and key, to true Fixed non-encrypted data section carries out calculation process and generates operation values.
For example, above-mentioned cryptographic algorithm predetermined includes hash algorithm and binary number conversion algorithm, which is calculated The operational formula of method can indicate are as follows: Hash=Digest (Nl+Nr+K), wherein K represents key, and it is to be decrypted more that Nl represents this The data of second presetting digit capacity of the numeric bit data leftmost side, the third that Nr represents the multiple digital bits data to be decrypted rightmost side are default The data of digit, Hash represent cryptographic Hash;The binary number conversion algorithm is metric for binary hash value to be converted into The operational formula of the algorithm of operation values, the binary number conversion algorithm can indicate are as follows: Num=CalcNum (Hash).
The above-mentioned operation values generated by calculation process can be metric digital 9.
B3, it is carried out using operation values of the predetermined decryption hybrid operation algorithm to the data segment to be decrypted and generation Hybrid operation is decrypted, the mixing ciphertext data section Nm of the first presetting digit capacity is obtained.
For example, the decryption hybrid operation algorithm can for the first presetting digit capacity data segment to be decrypted subtract b2 step it is resulting Operation values remake modulo operation to resulting difference, " i.e. mod operation ".The formula of the hybrid operation algorithm can indicate are as follows: Nm= (E_Nm-Num)mod 10n, wherein E_Nm represents the data segment to be decrypted, and Num represents the operation values, n be equal to it is described to The number length of encryption data section;Modulo operation is defined as follows: working as a=bq+r, q is integer, and q is made to reach maximum, at this time a Mod b is equal to r, and r is nonnegative number.
The mixing ciphertext data section Nm of above-mentioned first presetting digit capacity can be exemplified as (2426-9) mod 104=2417.
B4, the data segment to be decrypted replaced with into the mixing ciphertext data in the multiple digital bits data to be decrypted Section, the multiple digital bits data after generating decryption.
Multiple digital bits data after above-mentioned decryption are " 13424174205 ".
In addition, the embodiment of the present invention also proposes a kind of computer readable storage medium, the computer readable storage medium In include user data protective program 10, following operation is realized when the user data protective program 10 is executed by processor:
A1, the user data that client is sent is received, preset kind sensitive data is determined from the user data, it is described Preset kind sensitive data includes numeric type data and nonumeric type data;
A2, when determining the user data includes numeric type data, according to preset first Encryption Algorithm to the number Value type data carry out part number or all same digit number encryption of number, numeric type encryption data are generated, when determining When to state the user data include nonumeric type data, the nonumeric type data are carried out according to preset second Encryption Algorithm The field encryption of part field or whole fields, generates nonumeric type encryption data;And
A3, the numeric type data in the user data is substituted for the numeric type encryption data, and/or, it will be described Nonumeric type data in preset kind sensitive data are substituted for the nonumeric type encryption data, obtain encryption user data, And save the encryption user data.
The specific embodiment of the computer readable storage medium of the present invention is specific with above-mentioned user data protection method Embodiment is roughly the same, and details are not described herein.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that the process, device, article or the method that include a series of elements not only include those elements, and And further include other elements that are not explicitly listed, or further include for this process, device, article or method institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do There is also other identical elements in the process, device of element, article or method.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art The part contributed out can be embodied in the form of software products, which is stored in one as described above In storage medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that terminal device (it can be mobile phone, Computer, server or network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills Art field, is included within the scope of the present invention.

Claims (10)

1. a kind of user data protection method is applied to server, which is characterized in that the described method includes:
S1, the user data that client is sent is received, preset kind sensitive data is determined from the user data, it is described default Type sensitive data includes numeric type data and nonumeric type data;
S2, when determining the user data includes numeric type data, according to preset first Encryption Algorithm to the numeric type Data carry out part number or all same digit number encryption of number, numeric type encryption data are generated, when determining the institute When to state user data include nonumeric type data, part is carried out to the nonumeric type data according to preset second Encryption Algorithm The field encryption of field or whole fields, generates nonumeric type encryption data;And
S3, the numeric type data in the user data is substituted for the numeric type encryption data, and/or, it will be described default Nonumeric type data in type sensitive data are substituted for the nonumeric type encryption data, obtain encryption user data, and protect Deposit the encryption user data.
2. user data protection method according to claim 1, which is characterized in that this method further include:
S4, receive user for the decoding requests of one or more encryption user data, verify the user whether have this or The decrypted rights of multiple encryption user data;
If S5, authentication failed refuse to respond the decoding request, alternatively, being calculated if being verified according to preset first decryption Method carries out part number or all same numerical digit of number to the numeric type encryption data of one or more encryption user data Digital decrypted generates numeric type ciphertext data, and/or, the one or more is encrypted according to preset second decipherment algorithm and is used The nonumeric type encryption data of user data carries out the field decryption of part field or whole fields, generates nonumeric type decryption number According to;And
S6, in one or more of encryption user data, the numeric type encryption data is substituted for the numeric type solution Ciphertext data, and/or, the nonumeric type encryption data is substituted for the nonumeric type encryption data, to obtain decrypted user Data, and the decrypted user data are sent to the user.
3. user data protection method described in any one of -2 according to claim 1, which is characterized in that when described to be encrypted Numeric type data when being multiple digital bits data, first Encryption Algorithm includes:
A1, rule is determined according to predetermined encryption digit order number, determines the be-encrypted data section of the first presetting digit capacity, and remove institute State the non-encrypted data section other than be-encrypted data section;
A2, using Crypted password algorithm predetermined corresponding with numeric type data to be encrypted and key, to determining Non-encrypted data section carries out calculation process and generates operation values;
A3, the operation values of the be-encrypted data section and generation are encrypted using predetermined encryption hybrid operation algorithm Hybrid operation obtains the Hybrid Encryption data segment of the first presetting digit capacity;And
A4, the be-encrypted data section replaced with into the Hybrid Encryption data segment in the numeric type data to be encrypted, Generate encrypted multiple digital bits data.
4. user data protection method according to claim 3, which is characterized in that when the numeric type data to be encrypted Data bits be greater than 2 when, the predetermined encryption digit order number determines that rule includes:
Using the second presetting digit capacity data segment of the leftmost side of the numeric type data to be encrypted as preceding segment data, will it is described to The third presetting digit capacity data of the rightmost side of the numeric type data of encryption are as rear segment data, the preceding segment data and rear segment data As non-encrypted data section;And
By the preceding segment data and rear segment data after removing in the numeric type data to be encrypted, remaining data segment is The be-encrypted data section.
5. user data protection method according to claim 4, which is characterized in that when the numeric type data to be encrypted Data bits be equal to 2 when, the predetermined encryption digit order number determines that rule includes:
Using 1 data of the leftmost side of the numeric type data to be encrypted as preceding segment data, the preceding segment data is as non- Encryption data section;
By the preceding segment data after removing in the numeric type data to be encrypted, remaining data segment is described to be encrypted Data segment.
6. user data protection method according to claim 5, which is characterized in that second Encryption Algorithm includes:
According to the mapping relations of the type of predetermined nonumeric type data and encryption rule, determine that the preset kind is sensitive The corresponding encryption rule of each nonumeric type data in data;
Each nonumeric type data in the preset kind sensitive data are encrypted according to corresponding encryption rule.
7. user data protection method according to claim 2, which is characterized in that when the numeric type data to be decrypted When being multiple digital bits data, first decipherment algorithm includes:
B1, rule is determined according to predetermined decryption digit order number, determines the data segment to be decrypted of the first presetting digit capacity, and remove institute State the non-ciphertext data section other than data segment to be decrypted;
B2, using clear crytpographic key algorithm predetermined corresponding with numeric type data to be decrypted and key, to determining Non-encrypted data section carries out calculation process and generates operation values;
B3, the operation values of the data segment to be decrypted and generation are decrypted using predetermined decryption hybrid operation algorithm Hybrid operation obtains the mixing ciphertext data section of the first presetting digit capacity;And
B4, the data segment to be decrypted replaced with into the mixing ciphertext data section in the multiple digital bits data to be decrypted, Multiple digital bits data after generating decryption.
8. user data protection method according to claim 7, which is characterized in that the predetermined decryption digit order number Determine that rule includes:
Using the second presetting digit capacity data of the leftmost side of the multiple digital bits data to be decrypted as preceding segment data, by described wait solve The third presetting digit capacity data of the rightmost side of close multiple digital bits data are as rear segment data, the preceding segment data and rear segment data For non-ciphertext data section;
By the preceding segment data and rear segment data after removing in the multiple digital bits data to be decrypted, remaining data segment is The data segment to be decrypted.
9. a kind of server, which is characterized in that the server includes: memory, processor, and being stored on the memory can be The user data protective program run on the processor can when the user data protective program is executed by the processor The step of realizing user data protection method as claimed in any of claims 1 to 8 in one of claims.
10. a kind of computer readable storage medium, which is characterized in that include user data in the computer readable storage medium Protective program, when the user data protective program is executed by processor, it can be achieved that such as any one of claim 1 to 8 institute The step of user data protection method stated.
CN201811503783.XA 2018-12-10 2018-12-10 User data protection method, server and storage medium Pending CN109583237A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811503783.XA CN109583237A (en) 2018-12-10 2018-12-10 User data protection method, server and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811503783.XA CN109583237A (en) 2018-12-10 2018-12-10 User data protection method, server and storage medium

Publications (1)

Publication Number Publication Date
CN109583237A true CN109583237A (en) 2019-04-05

Family

ID=65929372

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811503783.XA Pending CN109583237A (en) 2018-12-10 2018-12-10 User data protection method, server and storage medium

Country Status (1)

Country Link
CN (1) CN109583237A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110719365A (en) * 2019-09-27 2020-01-21 深圳传音控股股份有限公司 Information processing method, mobile terminal and computer storage medium
CN111984987A (en) * 2020-09-01 2020-11-24 上海梅斯医药科技有限公司 Method, device, system and medium for desensitization and reduction of electronic medical record
CN114003953A (en) * 2021-10-29 2022-02-01 平安科技(深圳)有限公司 Data processing method, device and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103853985A (en) * 2012-12-05 2014-06-11 中国移动通信集团黑龙江有限公司 Data encryption method, decryption method and decryption device
CN104063334A (en) * 2014-07-11 2014-09-24 中国人民公安大学 Encryption method and system based on data attributions
CN104463003A (en) * 2013-09-13 2015-03-25 天津智树电子科技有限公司 File encryption protecting method
CN105678185A (en) * 2015-12-31 2016-06-15 深圳市科漫达智能管理科技有限公司 Data security protection method and intelligent terminal management system
CN107835073A (en) * 2017-12-15 2018-03-23 卫盈联信息技术(深圳)有限公司 The encryption and decryption method of multiple digital bits number and encryption, decryption server

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103853985A (en) * 2012-12-05 2014-06-11 中国移动通信集团黑龙江有限公司 Data encryption method, decryption method and decryption device
CN104463003A (en) * 2013-09-13 2015-03-25 天津智树电子科技有限公司 File encryption protecting method
CN104063334A (en) * 2014-07-11 2014-09-24 中国人民公安大学 Encryption method and system based on data attributions
CN105678185A (en) * 2015-12-31 2016-06-15 深圳市科漫达智能管理科技有限公司 Data security protection method and intelligent terminal management system
CN107835073A (en) * 2017-12-15 2018-03-23 卫盈联信息技术(深圳)有限公司 The encryption and decryption method of multiple digital bits number and encryption, decryption server

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110719365A (en) * 2019-09-27 2020-01-21 深圳传音控股股份有限公司 Information processing method, mobile terminal and computer storage medium
CN111984987A (en) * 2020-09-01 2020-11-24 上海梅斯医药科技有限公司 Method, device, system and medium for desensitization and reduction of electronic medical record
CN111984987B (en) * 2020-09-01 2024-04-02 上海梅斯医药科技有限公司 Method, device, system and medium for desensitizing and restoring electronic medical records
CN114003953A (en) * 2021-10-29 2022-02-01 平安科技(深圳)有限公司 Data processing method, device and storage medium
CN114003953B (en) * 2021-10-29 2024-10-25 平安科技(深圳)有限公司 Data processing method, device and storage medium

Similar Documents

Publication Publication Date Title
US9208491B2 (en) Format-preserving cryptographic systems
US8806200B2 (en) Method and system for securing electronic data
Barker et al. Recommendation for random number generation using deterministic random bit generators (revised)
US8208627B2 (en) Format-preserving cryptographic systems
US9049023B2 (en) Outsourcing the decryption of functional encryption ciphertexts
US11488134B2 (en) Format-preserving cryptographic systems
US5748782A (en) Device for implementing a message signature system and chip card comprising such a device
CN107078899B (en) Method of obfuscating data
GB2520446A (en) Quorum based data processing
RU2584500C2 (en) Cryptographic authentication and identification method with real-time encryption
CN110710155A (en) Progressive key encryption algorithm
CN110663215B (en) Elliptic curve point multiplication device and method in white-box scene
CN114756895B (en) Hidden trace data verification method and system based on homomorphic encryption
CN109583237A (en) User data protection method, server and storage medium
CN110889121A (en) Method, server and storage medium for preventing data leakage
CN113127915A (en) Data encryption desensitization method and device, electronic equipment and storage medium
CN103607273A (en) Data file encryption and decryption method based on time limit control
US7424114B2 (en) Method for enhancing security of public key encryption schemas
Wang et al. A new personal information protection approach based on RSA cryptography
US8769301B2 (en) Product authentication based upon a hyperelliptic curve equation and a curve pairing function
WO2019114084A1 (en) Encrypting/decrypting method for multi-digit number and encrypting/decrypting server
US20220337415A1 (en) Data Security Solution Using Randomized 3-Axis Data Shapes and Tokenized Data Element Placement of Encrypted and Non-Encrypted Data
US11646885B2 (en) Safe token storage
CN110474873A (en) It is a kind of based on know range encryption electronic document access control method and system
ZHANG Cryptographic Techniques in Digital Media Security: Current Practices and Future Directions.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190405