CN110008727A - Processing method, device, computer equipment and the storage medium of encrypted sensitive parameter - Google Patents
Processing method, device, computer equipment and the storage medium of encrypted sensitive parameter Download PDFInfo
- Publication number
- CN110008727A CN110008727A CN201910282983.5A CN201910282983A CN110008727A CN 110008727 A CN110008727 A CN 110008727A CN 201910282983 A CN201910282983 A CN 201910282983A CN 110008727 A CN110008727 A CN 110008727A
- Authority
- CN
- China
- Prior art keywords
- parameter
- client
- sensitive parameter
- acquisition request
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
This application involves processing method, device, computer equipment and the storage mediums of a kind of encrypted sensitive parameter.The described method includes: the encrypted sensitive parameter of parameter service platform is received, it will be in the local memory of encrypted sensitive parameter write-in client;The encrypted sensitive parameter is decrypted, decrypting sensitive parameter is obtained;Business operation is carried out according to the decrypting sensitive parameter;When business operation is finished, the decrypting sensitive parameter and the encrypted sensitive parameter are destroyed from the local memory of the client.It can ensure that sensitive parameter is not leaked using this method.
Description
Technical field
This application involves field of information security technology, more particularly to a kind of processing method of encrypted sensitive parameter, device,
Computer equipment and storage medium.
Background technique
RPA (Robotic Process Automation, robot process automation) is a kind of automated software technology,
It allows to simulate the identical movement of interaction in software systems with the mankind by configuring automated software (being also " robot "),
Thus to execute operation flow.
It executes in automated software when executing operation flow, it is often necessary on the client using sensitive parameter in business
A series of automatic operations are carried out in system.However, since client usually will receive the network attack of criminal and illegal
Access, this sensitive parameter for also resulting in client storage are compromised and are stolen by criminal.
Therefore, existing automated software often there are problems that being easy leakage sensitive parameter.
Summary of the invention
Based on this, it is necessary in view of the above technical problems, provide a kind of encrypted sensitive that can be avoided sensitive parameter leakage
Processing method, device, computer equipment and the storage medium of parameter.
A kind of processing method of encrypted sensitive parameter, which comprises
The encrypted sensitive parameter for receiving parameter service platform, by the local memory of encrypted sensitive parameter write-in client
In;
The encrypted sensitive parameter is decrypted, decrypting sensitive parameter is obtained;
Business operation is carried out according to the decrypting sensitive parameter;
When business operation is finished, the decrypting sensitive parameter and institute are destroyed from the local memory of the client
State encrypted sensitive parameter.
The decrypting sensitive parameter includes login account, login password and operation system in one of the embodiments,
At least one of web page access address;
It is described that business operation is carried out according to the decrypting sensitive parameter, comprising:
According to the web page access address, the operation system is accessed;
Execute robot simulation's register;Robot simulation's register is used to use the login account and institute
Login password is stated, the operation system is logged in.
The decryption encrypted sensitive parameter in one of the embodiments, obtains decrypting sensitive parameter, comprising:
Password key acquisition request is obtained, and sends the password key acquisition request to the parameter service platform;
Receive the session encryption key for being directed to the password key acquisition request;
The encrypted sensitive parameter is decrypted using the session encryption key, generates the decrypting sensitive parameter.
The acquisition password key acquisition request in one of the embodiments, comprising:
Password acquisition request is sent to the parameter service platform;
Receive the user password for being directed to the password acquisition request;
According to the user password, the password key acquisition request is generated.
The encrypted sensitive parameter for receiving parameter service platform in one of the embodiments, comprising:
Parameter acquisition request is sent to the parameter service platform;The parameter acquisition request is used to supply the parameter service
Platform determines the user identity feature of the client;The user identity feature is used to determine needle for the parameter service platform
To the encrypted sensitive parameter of the client;
Receive the encrypted sensitive parameter for being directed to the parameter acquisition request.
A kind of sending method of encrypted sensitive parameter, which comprises
Receive the parameter acquisition request of client;
Generate the encrypted sensitive parameter for being directed to the parameter acquisition request;
Send the encrypted sensitive parameter;The encrypted sensitive parameter described will add for receiving for the client
Close sensitive parameter is written in the local memory of the client;The encrypted sensitive parameter is also used to decrypt for the client,
Obtain decrypting sensitive parameter;The decrypting sensitive parameter is used to carry out business operation for the client;When business operation executes
When finishing, the client destroys the decrypting sensitive parameter and the encrypted sensitive parameter from the local memory.
It is described in one of the embodiments, to generate the encrypted sensitive parameter for being directed to the parameter acquisition request, comprising:
According to the parameter acquisition request, the user identity feature of the client is determined;The user identity feature packet
Include at least one of user's position hierarchy, user's concerning security matters grade and user's registration duration;
According to the user identity feature, judge whether the client has parameter access right;
If so, inquiry is directed to the initial sensitive parameter of the parameter acquisition request;
Session encryption key is obtained, and the initial sensitive parameter is encrypted using the session encryption key, it is raw
At the encrypted sensitive parameter.
The acquisition session encryption key in one of the embodiments, comprising:
Receive the password key acquisition request of the client;
According to the password key acquisition request, user password is determined;
According to the user password, inquiry whether there is the session encryption key in preset key mapping table;
If it is not, generating the session encryption key, and the session encryption key is written to the key mapping table;
The session encryption key is sent to the client.
The inquiry is directed to the initial sensitive parameter of the parameter acquisition request in one of the embodiments, comprising:
According to the parameter acquisition request, initial encryption parameter is inquired;
Platform key is obtained, and the initial encryption parameter is decrypted using the platform key, is obtained described first
Beginning sensitive parameter.
A kind of processing system of encrypted sensitive parameter, the system comprises: client and parameter service platform;
The client, for sending parameter acquisition request to the parameter service platform;It is also used to receive parameter service
The encrypted sensitive parameter of platform, will be in the local memory of encrypted sensitive parameter write-in client;Decrypt the encrypted sensitive
Parameter obtains decrypting sensitive parameter;Business operation is carried out according to the decrypting sensitive parameter;When business operation is finished,
The decrypting sensitive parameter and the encrypted sensitive parameter are destroyed from the local memory of the client;
The parameter service platform, for receiving the parameter acquisition request of the client;It generates and is obtained for the parameter
Take the encrypted sensitive parameter of request;Send the encrypted sensitive parameter.
A kind of processing unit of encrypted sensitive parameter, described device include:
For receiving the encrypted sensitive parameter of parameter service platform visitor is written in the encrypted sensitive parameter by writing module
In the local memory at family end;
Deciphering module obtains decrypting sensitive parameter for decrypting the encrypted sensitive parameter;
Operation module, for carrying out business operation according to the decrypting sensitive parameter;
Module is destroyed, for destroying the solution from the local memory of the client when business operation is finished
Close sensitive parameter and the encrypted sensitive parameter.
A kind of sending device of encrypted sensitive parameter, described device include:
Receiving module, for receiving the parameter acquisition request of client;
Generation module, for generating the encrypted sensitive parameter for being directed to the parameter acquisition request;
Sending module, for sending the encrypted sensitive parameter;The encrypted sensitive parameter is used to terminate for the client
It receives, and the encrypted sensitive parameter is written in the local memory of the client;The encrypted sensitive parameter is also used to for institute
Client decryption is stated, decrypting sensitive parameter is obtained;The decrypting sensitive parameter is used to carry out business operation for the client;When
When business operation is finished, the client destroys the decrypting sensitive parameter from the local memory and the encryption is quick
Feel parameter.
A kind of computer equipment, including memory and processor, the memory are stored with computer program, the processing
Device performs the steps of when executing the computer program
The encrypted sensitive parameter for receiving parameter service platform, by the local memory of encrypted sensitive parameter write-in client
In;
The encrypted sensitive parameter is decrypted, decrypting sensitive parameter is obtained;
Business operation is carried out according to the decrypting sensitive parameter;
When business operation is finished, the decrypting sensitive parameter and institute are destroyed from the local memory of the client
State encrypted sensitive parameter.
A kind of computer readable storage medium, is stored thereon with computer program, and the computer program is held by processor
It is performed the steps of when row
Receive the parameter acquisition request of client;
Generate the encrypted sensitive parameter for being directed to the parameter acquisition request;
Send the encrypted sensitive parameter;The encrypted sensitive parameter described will add for receiving for the client
Close sensitive parameter is written in the local memory of the client;The encrypted sensitive parameter is also used to decrypt for the client,
Obtain decrypting sensitive parameter;The decrypting sensitive parameter is used to carry out business operation for the client;When business operation executes
When finishing, the client destroys the decrypting sensitive parameter and the encrypted sensitive parameter from the local memory.
Processing method, device, computer equipment and the storage medium of a kind of above-mentioned encrypted sensitive parameter, client is by connecing
The encrypted sensitive parameter of parameter service platform is received, and will be in the local memory of encrypted sensitive parameter write-in client;Then, pass through
Encrypted sensitive parameter is decrypted, decrypting sensitive parameter is obtained;Finally, carrying out business operation according to decrypting sensitive parameter;When business is grasped
When being finished, decrypting sensitive parameter and encrypted sensitive parameter are destroyed from the local memory of client, avoids sensitive parameter
It is stored in client for a long time locally to be easy to be compromised, the unification to sensitive parameter is realized by using parameter management platform
Control further improves the difficulty of sensitive parameter leakage.
Detailed description of the invention
Fig. 1 is a kind of applied environment figure of the processing method of encrypted sensitive parameter in one embodiment;
Fig. 2 is a kind of flow diagram of the processing method of encrypted sensitive parameter in one embodiment;
Fig. 3 is a kind of flow diagram of the sending method of encrypted sensitive parameter in another embodiment;
Fig. 4 is a kind of structural block diagram of the processing unit of encrypted sensitive parameter in one embodiment;
Fig. 5 is a kind of structural block diagram of the sending device of encrypted sensitive parameter in another embodiment;
Fig. 6 is a kind of timing diagram of the processing system of encrypted sensitive parameter in another embodiment;
Fig. 7 is the internal structure chart of computer equipment in one embodiment.
Specific embodiment
It is with reference to the accompanying drawings and embodiments, right in order to which the objects, technical solutions and advantages of the application are more clearly understood
The application is further elaborated.It should be appreciated that specific embodiment described herein is only used to explain the application, not
For limiting the application.
A kind of processing method of encrypted sensitive parameter provided by the present application, can be applied to application environment as shown in Figure 1
In.Wherein, client 110 is communicated with parameter service platform 120 by network by network.Wherein, client 110 can
With but be not limited to various personal computers, laptop, smart phone, tablet computer and portable wearable device, join
Number service platform 120 can be realized with the server cluster of the either multiple server compositions of independent server.
In one embodiment, as shown in Fig. 2, providing a kind of processing method of encrypted sensitive parameter, including following step
It is rapid:
Step 210, the encrypted sensitive parameter for receiving parameter service platform, by the local of encrypted sensitive parameter write-in client
In memory.
Wherein, sensitive parameter can refer to be related to the parameter of individual privacy or business secret.
Wherein, sensitive data can refer to the sensitive parameter encrypted by specific key.
In the specific implementation, client 110 can carry out a series of automations by using sensitive parameter in operation system
Operation.When client 110 is needed using sensitive parameter, it is flat to parameter service to send parameter acquisition request for client 110 at this time
Platform 120.After parameter service platform 120 receives the parameter acquisition request, parameter service platform 120 is looked into from parameter database
Sensitive parameter corresponding with the parameter acquisition request is found out, and encryption is carried out to sensitive parameter and generates encrypted sensitive parameter, and will
The encrypted sensitive parameter is sent to client 110.Then, client 110 receives the encrypted sensitive parameter of parameter service platform, and
By in the local memory of encrypted sensitive parameter write-in client 110, further used for client 110.
Step 220, encrypted sensitive parameter is decrypted, decrypting sensitive parameter is obtained.
Wherein, decrypting sensitive parameter can refer to by decoded sensitive parameter.
In the specific implementation, client 110 is joined according to the encrypted sensitive after client 110 receives encrypted sensitive parameter
Number, is obtained the corresponding decruption key of encrypted sensitive parameter, and encrypted sensitive parameter is decrypted using the decruption key, obtained
To decrypting sensitive parameter.
Step 230, business operation is carried out according to decrypting sensitive parameter.
Wherein, business operation can refer to the operation for needing that business processing is carried out using sensitive parameter.
In the specific implementation, after encrypted sensitive parameter is decrypted in client 110 and obtains decrypting sensitive parameter, client
End 110 carries out business operation according to the decrypting sensitive parameter, for example, automated log on financial system, automatic audit financial information etc.
A series of business operations.
Step 240, when business operation is finished, decrypting sensitive parameter is destroyed from the local memory of client and is added
Close sensitive parameter.
In the specific implementation, whether real-time monitoring business operation is finished, and when business operation is finished, client
110 destroy decrypting sensitive parameter and encrypted sensitive parameter from local memory, avoid being compromised.For example, client 110 passes through
In a manner of supervisory control system running process, monitor whether current business operation is finished in real time, when business operation executes
When finishing, decrypting sensitive parameter and encrypted sensitive parameter of 110 destruction of stockpiles of client in local memory.
A kind of processing method of above-mentioned encrypted sensitive parameter, client are joined by receiving the encrypted sensitive of parameter service platform
Number, and will be in the local memory of encrypted sensitive parameter write-in client;Then, it by decrypting encrypted sensitive parameter, is decrypted
Sensitive parameter;Finally, carrying out business operation according to decrypting sensitive parameter;When business operation is finished, from the sheet of client
Decrypting sensitive parameter and encrypted sensitive parameter are destroyed in ground memory, are avoided sensitive parameter from being stored in client for a long time and are locally held
It is subject to reveal, the same control to sensitive parameter is realized by using parameter management platform, further improves sensitive parameter
The difficulty of leakage.
In another embodiment, decrypting sensitive parameter includes that the webpage of login account, login password and operation system is visited
Ask at least one of address;Business operation is carried out according to decrypting sensitive parameter, comprising: according to web page access address, accesses industry
Business system;Execute robot simulation's register;Robot simulation's register is used to use login account and login password, steps on
Record operation system.
Wherein, operation system can refer to the system for handling financial affair work.
In the specific implementation, decrypting sensitive parameter may include the web page access of login account, login password and operation system
At least one of address;When client 110 carries out business operation according to the decrypting sensitive parameter, client 110 is logical first
The web page access address of operation system is crossed, and by way of calling Internet-browser, accesses the operation system.Then, objective
Family end 110 executes robot simulation's register.Wherein, robot simulation's register a kind of can be based on Selenium
The automation logon script that Webdriver (a kind of browser automated test frame) writes, when client 110 executes robot
When simulating register, start the automation logon script, automating logon script at this time can be automatically by login account and login
Password is inserted in corresponding typing frame, thus allow operation system carry out user's checking and log in the operation system, and then complete
Business operation.
The technical solution of the present embodiment, client is when carrying out business operation according to decrypting sensitive parameter, by according to net
Access to web page address accesses operation system;And robot simulation's register is executed, the same of the safe coefficient of sensitive parameter is being provided
When, realize the business operation of operation system automated log on.
In another embodiment, encrypted sensitive parameter is decrypted, decrypting sensitive parameter is obtained, comprising: obtains password key
Acquisition request, and password key acquisition request is sent to parameter service platform;Receive the session for being directed to password key acquisition request
Encryption key;Encrypted sensitive parameter is decrypted using session encryption key, generates decrypting sensitive parameter.
Wherein, password key acquisition request can refer to the request for obtaining the key with password information.
Wherein, session encryption key can refer in active client and come into force in the session phase locating for parameter service platform
Encryption key.
In practical applications, parameter service platform encrypts sensitive parameter using session encryption key, generates encryption
Sensitive parameter.
In the specific implementation, when client 110 is during being decrypted encrypted sensitive parameter, 110 basis of client
Current user password obtains password key acquisition request;Then, client 110 sends the password key acquisition request to ginseng
Number service platform 120.After parameter service platform 120 receives password key acquisition request, 120 basis of parameter service platform
Password key acquisition request inquires session encryption key corresponding with encrypted sensitive parameter, which is only working as
It preceding client and comes into force in the session phase locating for parameter service platform;Then, the session encryption key is sent to client 110.
Client 110 is decrypted encrypted sensitive parameter after receiving session encryption key, using the session encryption key, raw
At decrypting sensitive parameter.
The technical solution of the present embodiment, by using raw in the session phase locating for active client and parameter service platform
Sensitive parameter is encrypted and decrypted in the session encryption key of effect, has ensured communication meeting between client and parameter service platform
The safety of words is compromised so as to avoid sensitive parameter from cracking by the abduction of criminal.
In another embodiment, password key acquisition request is obtained, comprising: send password acquisition request to parameter service
Platform;Receive the user password for being directed to password acquisition request;According to user password, password key acquisition request is generated.
Wherein, user password can be the interim verifying token for referring to and being directed to client user.
In the specific implementation, client 110 can send password acquisition request to ginseng when user successfully logs in client 110
Number service platform 120;After parameter service platform 120 receives the password acquisition request, parameter service platform 120 can generate use
The registered permanent residence enables, wherein user password can be made of the unique identity of user, the timestamp of current time and signature.Then,
Parameter service platform 120 sends the user password to client 110.Client 110 receives the user for being directed to password acquisition request
Password.Client 110 can also generate password key acquisition request according to user password.
The technical solution of the present embodiment, client is by sending password acquisition request to parameter service platform;And receive needle
To the user password of password acquisition request;Then, according to user password, password key acquisition request is generated;Keep parameter service flat
Platform can determine the corresponding user password of active client, and according to user password inquiry pair according to password key acquisition request
The session encryption key answered improves the safe coefficient of parameter management platform control sensitive parameter.
In another embodiment, the encrypted sensitive parameter of parameter service platform is received, comprising: send parameter acquisition request
To parameter service platform;Parameter acquisition request is used to determine the user identity feature of client for parameter service platform;User's body
Part feature is used to determine the encrypted sensitive parameter for being directed to client for parameter service platform;Receive adding for parameter acquisition request
Close sensitive parameter.
In the specific implementation, parameter service is flat after client 110 sends parameter acquisition request to parameter service platform 120
Platform 120 determines the user identity feature for using 110 user of active client according to parameter acquisition request, for example, address name, use
Family position hierarchy, user's concerning security matters grade and user's registration duration.Then, parameter service platform 120 is according to the user identity feature,
It determines for the encrypted sensitive parameter using 110 user of active client, and encrypted sensitive parameter is sent to client 110,
It is received for client 110.
For example, when lower using user's concerning security matters grade of 110 user of client, at this time for relatively current user, ginseng
It is sensitive parameter that number management platform 120, which will be sent to all parameters of client 110, therefore parameter management platform 120 is right
All parameters are encrypted, and encrypted sensitive parameter is obtained.When higher ranked using user's concerning security matters of 110 user of client, this
When with respect to active user for, parameter management platform 120 will be sent in the parameter of client 110 only have partial parameters belong to
Sensitive parameter, therefore parameter management platform 120 only encrypts partial parameters, obtains encrypted sensitive parameter.
The technical solution of the present embodiment, by determining user identity feature according to sending parameter acquisition request, and according to
Family identity characteristic selectively encrypts sensitive parameter, improves the efficiency that client obtains encrypted sensitive parameter.
In one embodiment, as shown in figure 3, providing a kind of sending method of encrypted sensitive parameter, which is characterized in that
The following steps are included:
Step 310, the parameter acquisition request of client is received.
Wherein, parameter acquisition request can refer to the request for obtaining sensitive parameter.
In the specific implementation, client 110 can carry out a series of automations by using sensitive parameter in operation system
Operation.When client 110 is needed using sensitive parameter, it is flat to parameter service to send parameter acquisition request for client 110 at this time
Platform 120.Parameter service platform 120 receives the parameter acquisition request that client 110 is sent.
Step 320, the encrypted sensitive parameter for being directed to parameter acquisition request is generated.
In the specific implementation, after parameter service platform 120 receives the parameter acquisition request, parameter service platform 120 from
Sensitive parameter corresponding with the parameter acquisition request is found out in parameter database, and encryption is carried out to sensitive parameter and generates encryption
Sensitive parameter.
Step 330, encrypted sensitive parameter is sent;Encrypted sensitive parameter is used to receive for client, and encrypted sensitive is joined
In the local memory of number write-in client;Encrypted sensitive parameter is also used to decrypt for client, obtains decrypting sensitive parameter;Decryption
Sensitive parameter is used to carry out business operation for client;When business operation is finished, client is destroyed from local memory
Decrypting sensitive parameter and encrypted sensitive parameter.
In the specific implementation, sending encrypted sensitive parameter to client after parameter service platform 120 generates encrypted sensitive parameter
End 110.Client 110 receives the encrypted sensitive parameter of parameter service platform, and client 110 is written in the encrypted sensitive parameter
Local memory in.Then, it is close to obtain the corresponding decryption of the encrypted sensitive parameter according to the encrypted sensitive parameter for client 110
Key, and encrypted sensitive parameter is decrypted using the decruption key, obtain decrypting sensitive parameter.
Then, client 110 carries out business operation according to the decrypting sensitive parameter, for example, executing automated log on finance system
System executes a series of business operations such as automatic audit financial information.When business operation is finished, client 110 destroys storage
There are the decrypting sensitive parameters and encrypted sensitive parameter in local memory.
A kind of sending method of above-mentioned encrypted sensitive parameter, client are joined by receiving the encrypted sensitive of parameter service platform
Number, and will be in the local memory of encrypted sensitive parameter write-in client;Then, it by decrypting encrypted sensitive parameter, is decrypted
Sensitive parameter;Finally, carrying out business operation according to decrypting sensitive parameter;When business operation is finished, from the sheet of client
Decrypting sensitive parameter and encrypted sensitive parameter are destroyed in ground memory, are avoided sensitive parameter from being stored in client for a long time and are locally held
It is subject to reveal, the same control to sensitive parameter is realized by using parameter management platform, further improves sensitive parameter
The difficulty of leakage.
In another embodiment, the encrypted sensitive parameter for being directed to parameter acquisition request is generated, comprising: obtain according to parameter
Request, determines the user identity feature of client;User identity feature includes user's position hierarchy, user's concerning security matters grade and user
At least one of registration duration;According to user identity feature, judge whether client has parameter access right;If so,
Inquiry is directed to the initial sensitive parameter of parameter acquisition request;Session encryption key is obtained, and using session encryption key to initial
Sensitive parameter is encrypted, and encrypted sensitive parameter is generated.
Wherein, initial sensitive parameter can refer to the sensitive parameter encrypted without key.
In the specific implementation, parameter service platform 120 is in the process for generating the encrypted sensitive parameter for parameter acquisition request
In, parameter service platform 120 determines the user identity feature for using 110 user of active client according to parameter acquisition request, uses
Family identity characteristic includes at least one of user's position hierarchy, user's concerning security matters grade and user's registration duration;Then, parameter takes
Platform 120 be engaged according to user identity feature, judges whether client has parameter access right;When client 110 has parameter
When access right, parameter service platform 120 is for parameter acquisition request and according to user identity feature in server database
Inquire initial sensitive parameter;And obtain session encryption key, wherein session encryption key only takes in active client and parameter
It comes into force in the session phase locating for business platform.Then, parameter service platform 120 using session encryption key to initial sensitive parameter into
Row encryption, generates encrypted sensitive parameter.When client 110 does not have parameter access right, parameter service platform 120 returns to ginseng
Number obtains error message to client 110.
The technical solution of the present embodiment, parameter service platform is by determining the user of client according to parameter acquisition request
Identity characteristic;And according to user identity feature, judge whether client has parameter access right;When client makes with parameter
When with permission, encrypted sensitive parameter is just sent;By verifying using whether the user of client has parameter access right, improve
The safe coefficient of parameter management platform control sensitive parameter.
In another embodiment, session encryption key is obtained, comprising: receive the password key acquisition request of client;
According to password key acquisition request, user password is determined;According to user password, inquires and whether deposit in preset key mapping table
In session encryption key;If it is not, generating session encryption key, and session encryption key is written to key mapping table;Send session
Encryption key is to client.
Wherein, key mapping table can refer to the data generated according to the mapping relations of user password and session encryption key
Table.
In practical applications, session encryption key can be stored in by parameter service platform 120 with the format of (token, key)
In the memory mapping table of 120 server of parameter service platform, and by 120 server admin session encryption key of parameter service platform
Validity period.
In the specific implementation, parameter service platform 120 is during obtaining session encryption key, parameter service platform 120
Receive the password key acquisition request of client;Then, parameter service platform 120 is worked as according to password key acquisition request, determination
The user password of preceding client 110, wherein user password can be by the unique identity of user, the timestamp of current time
It is formed with signature.Parameter service platform 120 is inquired in preset key mapping table and is added with the presence or absence of session according to user password
Key.
When inquiry is less than session encryption key in preset key mapping table, parameter service platform 120 generates session
Encryption key, and session encryption key is written to key mapping table;Finally, sending session encryption key to client 110.
When inquiring session encryption key in preset key mapping table, parameter service platform 120 directly transmits meeting
Encryption key is talked about to client 110.In addition, parameter service platform 120 can regenerate session when session encryption key is expired
Encryption key, and session encryption key is written to key mapping table.
The technical solution of the present embodiment, by using raw in the session phase locating for active client and parameter service platform
Sensitive parameter is encrypted and decrypted in the session encryption key of effect, has ensured communication meeting between client and parameter service platform
The safety of words is compromised so as to avoid sensitive parameter from cracking by the abduction of criminal.
In another embodiment, inquiry is directed to the initial sensitive parameter of parameter acquisition request, comprising: is obtained according to parameter
Initial encryption parameter is inquired in request;Platform key is obtained, and initial encryption parameter is decrypted using platform key, is obtained
Initial sensitive parameter.
Wherein, platform key can refer to only for parameter service platform carry out using encryption key.
Wherein, initial encryption parameter can refer to the initial sensitive parameter encrypted by platform key.
It is encrypted in the specific implementation, storing to have in advance in the server database of parameter service platform 120 by platform key
Initial sensitive parameter, i.e. initial encryption parameter.Inquiry is directed to the initial sensitivity of parameter acquisition request in server database
During parameter, parameter service platform 120 is first had in the server database of parameter service platform 120, according to parameter
Acquisition request inquires initial encryption parameter;Then, platform key is obtained, and initial encryption parameter is solved using platform key
It is close, obtain initial sensitive parameter.
The technical solution of the present embodiment, server database in advance storage have by platform key encryption it is initial plus
Close parameter reuses platform key and initial encryption parameter is decrypted when client is needed using sensitive parameter, obtains just
Beginning sensitive parameter.Parameter service platform is realized to the encrypting storing of sensitive parameter, improves the management of parameter service platform and storage
The safe coefficient of sensitive parameter.
It should be understood that although each step in the flow chart of Fig. 2 and Fig. 3 is successively shown according to the instruction of arrow,
But these steps are not that the inevitable sequence according to arrow instruction successively executes.Unless expressly state otherwise herein, these
There is no stringent sequences to limit for the execution of step, these steps can execute in other order.Moreover, in Fig. 2 and Fig. 3
At least part step may include that perhaps these sub-steps of multiple stages or stage are not necessarily same to multiple sub-steps
One moment executed completion, but can execute at different times, and the execution in these sub-steps or stage sequence is also not necessarily
Be successively carry out, but can at least part of the sub-step or stage of other steps or other steps in turn or
Alternately execute.
In one embodiment, a kind of processing system of encrypted sensitive parameter is provided, system includes: client and parameter
Service platform;
Client, for sending parameter acquisition request to parameter service platform;It is also used to receive adding for parameter service platform
Close sensitive parameter, will be in the local memory of encrypted sensitive parameter write-in client;Encrypted sensitive parameter is decrypted, decrypting sensitive is obtained
Parameter;Business operation is carried out according to decrypting sensitive parameter;When business operation is finished, sold from the local memory of client
Ruin decrypting sensitive parameter and encrypted sensitive parameter;
Parameter service platform, for receiving the parameter acquisition request of client;Generate the encryption for being directed to parameter acquisition request
Sensitive parameter;Send encrypted sensitive parameter.
A kind of specific restriction of processing system about encrypted sensitive parameter may refer to quick above for a kind of encryption
Feel the restriction of the processing method of parameter, details are not described herein.
In one embodiment, as shown in figure 4, providing a kind of processing unit of encrypted sensitive parameter, comprising:
The encrypted sensitive parameter is written for receiving the encrypted sensitive parameter of parameter service platform for writing module 410
In the local memory of client;
Deciphering module 420 obtains decrypting sensitive parameter for decrypting the encrypted sensitive parameter;
Operation module 430, for carrying out business operation according to the decrypting sensitive parameter;
Module 440 is destroyed, described in being destroyed from the local memory of the client when business operation is finished
Decrypting sensitive parameter and the encrypted sensitive parameter.
In one embodiment, the decrypting sensitive parameter includes the webpage of login account, login password and operation system
At least one of access address;Above-mentioned operation module 430, comprising: access submodule, for according to the web page access
Location accesses the operation system;Submodule is logged in, for executing robot simulation's register;The robot simulation logs in
Operation logs in the operation system for using the login account and the login password.
In one embodiment, above-mentioned deciphering module 420, comprising: request submodule, for obtaining password key
Acquisition request, and the password key acquisition request is sent to the parameter service platform;Key reception submodule, for receiving
For the session encryption key of the password key acquisition request;Submodule is decrypted, for using the session encryption key pair
The encrypted sensitive parameter is decrypted, and generates the decrypting sensitive parameter.
In one embodiment, above-mentioned request submodule, comprising: transmission unit is asked for sending password acquisition
It asks to the parameter service platform;Receiving unit, for receiving the user password for being directed to the password acquisition request;It generates single
Member, for generating the password key acquisition request according to the user password.
In one embodiment, above-mentioned writing module 410, comprising: sending submodule, for sending parameter acquisition request
To the parameter service platform;The parameter acquisition request is used to determine the user of the client for the parameter service platform
Identity characteristic;The user identity feature is used to determine that the encrypted sensitive for the client is joined for the parameter service platform
Number;Parameter receiving submodule, for receiving the encrypted sensitive parameter for being directed to the parameter acquisition request.
A kind of specific restriction of processing unit about encrypted sensitive parameter may refer to quick above for a kind of encryption
Feel the restriction of the processing method of parameter, details are not described herein.Each mould in a kind of processing unit of above-mentioned encrypted sensitive parameter
Block can be realized fully or partially through software, hardware and combinations thereof.Above-mentioned each module can be embedded in the form of hardware or independence
In processor in computer equipment, it can also be stored in a software form in the memory in computer equipment, in order to
Processor, which calls, executes the corresponding operation of the above modules.
In one embodiment, as shown in figure 5, providing a kind of sending device of encrypted sensitive parameter, comprising:
Receiving module 510, for receiving the parameter acquisition request of client;
Generation module 520, for generating the encrypted sensitive parameter for being directed to the parameter acquisition request;
Sending module 530, for sending the encrypted sensitive parameter;The encrypted sensitive parameter is used to supply the client
It receives, and the encrypted sensitive parameter is written in the local memory of the client;The encrypted sensitive parameter is also used to supply
The client decryption, obtains decrypting sensitive parameter;The decrypting sensitive parameter is used to carry out business operation for the client;
When business operation is finished, the client destroys the decrypting sensitive parameter and the encryption from the local memory
Sensitive parameter.
In one embodiment, above-mentioned generation module 520, comprising: submodule is determined, for obtaining according to the parameter
Request, determines the user identity feature of the client;The user identity feature includes user's position hierarchy, user's concerning security matters etc.
At least one of grade and user's registration duration;Judging submodule, for judging the client according to the user identity feature
Whether end has parameter access right;Submodule is inquired, for if so, inquiry is directed to the initial quick of the parameter acquisition request
Feel parameter;Acquisition submodule, for obtaining session encryption key, and using the session encryption key to the initial sensitive ginseng
Number is encrypted, and the encrypted sensitive parameter is generated.
In one embodiment, above-mentioned acquisition submodule, comprising: receiving unit, for receiving the mouth of the client
Enable cipher key acquisition request;Determination unit, for determining user password according to the password key acquisition request;First cargo tracer
Member, for according to the user password, inquiry to whether there is the session encryption key in preset key mapping table;Write-in
For if it is not, generate the session encryption key, and the session encryption key is written to the key mapping table in unit;Hair
Unit is sent, for sending the session encryption key to the client.
In one embodiment, above-mentioned inquiry submodule, comprising: the second query unit, for being obtained according to the parameter
Request is taken, initial encryption parameter is inquired;Key acquiring unit, for obtaining platform key, and using the platform key to institute
It states initial encryption parameter to be decrypted, obtains the initial sensitive parameter.
A kind of specific restriction of sending device about encrypted sensitive parameter may refer to quick above for a kind of encryption
Feel the restriction of the sending method of parameter, details are not described herein.Each mould in a kind of sending device of above-mentioned encrypted sensitive parameter
Block can be realized fully or partially through software, hardware and combinations thereof.Above-mentioned each module can be embedded in the form of hardware or independence
In processor in computer equipment, it can also be stored in a software form in the memory in computer equipment, in order to
Processor, which calls, executes the corresponding operation of the above modules.
In one embodiment, for the ease of the understanding of those skilled in the art, as shown in fig. 6, providing a kind of encryption
The timing diagram of the processing system of sensitive parameter;Wherein,
When user logs in client 110, parameter service platform 120 generates user password (token, token), and will use
Registered permanent residence order is back to client 110.
When client 110 is to 120 queued session encryption key of parameter service platform, parameter service platform 120 according to
The registered permanent residence enables, and inquiry whether there is effective session encryption key.If it does not exist or session encryption key is expired, parameter service platform
120 generate session encryption key, and session encryption key is written to key mapping table;Finally, sending session encryption key to visitor
Family end 110.
When the sensitive parameter of 110 required parameter service platform 120 of client, parameter service platform 120 judges client
Whether there is parameter access right;If having parameter access right, clothes of the parameter service platform 120 in parameter service platform 120
It is engaged in device database, initial encryption parameter is inquired according to parameter acquisition request;Then, platform key is obtained, and close using platform
Initial encryption parameter is decrypted in key, obtains initial sensitive parameter.Parameter service platform 120 is using session encryption key to first
Beginning sensitive parameter is encrypted, and encrypted sensitive parameter is generated.
When client 110 does not have parameter access right, 120 return parameters of parameter service platform obtain error message extremely
Client 110.
Parameter service platform 120 sends encrypted sensitive parameter to client 110.Client 110 receives parameter service platform
Encrypted sensitive parameter, and by the encrypted sensitive parameter write-in client 110 local memory in.Then, 110 basis of client
The encrypted sensitive parameter is obtained the corresponding decruption key of encrypted sensitive parameter, and is joined using the decruption key to encrypted sensitive
Number is decrypted, and obtains decrypting sensitive parameter.
Then, client 110 carries out business operation according to the decrypting sensitive parameter, for example, executing automated log on finance system
System executes a series of business operations such as automatic audit financial information.When business operation is finished, client 110 destroys storage
There are the decrypting sensitive parameters and encrypted sensitive parameter in local memory.
In one embodiment, a kind of computer equipment is provided, which can be server, internal junction
Composition can be as shown in Figure 7.The computer equipment include by system bus connect processor, memory, network interface and
Database.Wherein, the processor of the computer equipment is for providing calculating and control ability.The memory packet of the computer equipment
Include non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system, computer program and data
Library.The built-in storage provides environment for the operation of operating system and computer program in non-volatile memory medium.The calculating
The database of machine equipment is for storing encrypted sensitive parameter and decryption sensitive parameter data.The network interface of the computer equipment is used
It is communicated in passing through network connection with external terminal.To realize a kind of encrypted sensitive ginseng when the computer program is executed by processor
Several processing methods and a kind of sending method of encrypted sensitive parameter.
It will be understood by those skilled in the art that structure shown in Fig. 7, only part relevant to application scheme is tied
The block diagram of structure does not constitute the restriction for the computer equipment being applied thereon to application scheme, specific computer equipment
It may include perhaps combining certain components or with different component layouts than more or fewer components as shown in the figure.
In one embodiment, a kind of computer equipment, including memory and processor are provided, is stored in memory
Computer program, the processor perform the steps of when executing computer program
Step 210, the encrypted sensitive parameter for receiving parameter service platform, by encrypted sensitive parameter write-in client
In local memory;
Step 220, the encrypted sensitive parameter is decrypted, decrypting sensitive parameter is obtained;
Step 230, business operation is carried out according to the decrypting sensitive parameter;
Step 240, when business operation is finished, the decrypting sensitive is destroyed from the local memory of the client
Parameter and the encrypted sensitive parameter.
In one embodiment, following steps are also realized when processor executes computer program;According to the web page access
Address accesses the operation system;Execute robot simulation's register;Robot simulation's register is used to use institute
Login account and the login password are stated, the operation system is logged in.
In one embodiment, it is also performed the steps of when processor executes computer program and obtains password key acquisition
Request, and the password key acquisition request is sent to the parameter service platform;It receives and is asked for password key acquisition
The session encryption key asked;The encrypted sensitive parameter is decrypted using the session encryption key, generates the decryption
Sensitive parameter.
In one embodiment, it is also performed the steps of when processor executes computer program and sends password acquisition request
To the parameter service platform;Receive the user password for being directed to the password acquisition request;According to the user password, institute is generated
State password key acquisition request.
In one embodiment, it is also performed the steps of when processor executes computer program and sends parameter acquisition request
To the parameter service platform;The parameter acquisition request is used to determine the user of the client for the parameter service platform
Identity characteristic;The user identity feature is used to determine that the encrypted sensitive for the client is joined for the parameter service platform
Number;Receive the encrypted sensitive parameter for being directed to the parameter acquisition request.
In one embodiment, a kind of computer readable storage medium is provided, computer program is stored thereon with, is calculated
Machine program performs the steps of when being executed by processor
Step 210, the encrypted sensitive parameter for receiving parameter service platform, by encrypted sensitive parameter write-in client
In local memory;
Step 220, the encrypted sensitive parameter is decrypted, decrypting sensitive parameter is obtained;
Step 230, business operation is carried out according to the decrypting sensitive parameter;
Step 240, when business operation is finished, the decrypting sensitive is destroyed from the local memory of the client
Parameter and the encrypted sensitive parameter.
In one embodiment, following steps are also realized when computer program is executed by processor;It is visited according to the webpage
It asks address, accesses the operation system;Execute robot simulation's register;Robot simulation's register is for using
The login account and the login password, log in the operation system.
In one embodiment, acquisition password key is also performed the steps of when computer program is executed by processor to obtain
Request is taken, and sends the password key acquisition request to the parameter service platform;It receives and is obtained for the password key
The session encryption key of request;The encrypted sensitive parameter is decrypted using the session encryption key, generates the solution
Close sensitive parameter.
In one embodiment, transmission password acquisition is also performed the steps of when computer program is executed by processor to ask
It asks to the parameter service platform;Receive the user password for being directed to the password acquisition request;According to the user password, generate
The password key acquisition request.
In one embodiment, transmission parameter acquisition is also performed the steps of when computer program is executed by processor to ask
It asks to the parameter service platform;The parameter acquisition request is used to determine the client for the parameter service platform
Family identity characteristic;The user identity feature is used to determine the encrypted sensitive for being directed to the client for the parameter service platform
Parameter;Receive the encrypted sensitive parameter for being directed to the parameter acquisition request.
In one embodiment, a kind of computer equipment, including memory and processor are provided, is stored in memory
Computer program, the processor perform the steps of when executing computer program
Step 310, the parameter acquisition request of client is received;
Step 320, the encrypted sensitive parameter for being directed to the parameter acquisition request is generated;
Step 330, the encrypted sensitive parameter is sent;The encrypted sensitive parameter is used to receive for the client, and
The encrypted sensitive parameter is written in the local memory of the client;The encrypted sensitive parameter is also used to for the client
End decryption, obtains decrypting sensitive parameter;The decrypting sensitive parameter is used to carry out business operation for the client;When business is grasped
When being finished, the client destroys the decrypting sensitive parameter and encrypted sensitive ginseng from the local memory
Number.
In one embodiment, it also performs the steps of when processor executes computer program and is obtained according to the parameter
Request, determines the user identity feature of the client;The user identity feature includes user's position hierarchy, user's concerning security matters etc.
At least one of grade and user's registration duration;According to the user identity feature, judge whether the client has parameter
Access right;If so, inquiry is directed to the initial sensitive parameter of the parameter acquisition request;Session encryption key is obtained, and is made
The initial sensitive parameter is encrypted with the session encryption key, generates the encrypted sensitive parameter.
In one embodiment, it is also performed the steps of when processor executes computer program and receives the client
Password key acquisition request;According to the password key acquisition request, user password is determined;According to the user password, pre-
If key mapping table in inquiry whether there is the session encryption key;If it is not, generating the session encryption key, and be written
The session encryption key is to the key mapping table;The session encryption key is sent to the client.
In one embodiment, it also performs the steps of when processor executes computer program and is obtained according to the parameter
Initial encryption parameter is inquired in request;Platform key is obtained, and the initial encryption parameter is solved using the platform key
It is close, obtain the initial sensitive parameter.
In one embodiment, a kind of computer readable storage medium is provided, computer program is stored thereon with, is calculated
Machine program performs the steps of when being executed by processor
Step 310, the parameter acquisition request of client is received;
Step 320, the encrypted sensitive parameter for being directed to the parameter acquisition request is generated;
Step 330, the encrypted sensitive parameter is sent;The encrypted sensitive parameter is used to receive for the client, and
The encrypted sensitive parameter is written in the local memory of the client;The encrypted sensitive parameter is also used to for the client
End decryption, obtains decrypting sensitive parameter;The decrypting sensitive parameter is used to carry out business operation for the client;When business is grasped
When being finished, the client destroys the decrypting sensitive parameter and encrypted sensitive ginseng from the local memory
Number.
In one embodiment, it also performs the steps of when computer program is executed by processor and is obtained according to the parameter
Request is taken, determines the user identity feature of the client;The user identity feature includes user's position hierarchy, user's concerning security matters
At least one of grade and user's registration duration;According to the user identity feature, judge whether the client has ginseng
Number access right;If so, inquiry is directed to the initial sensitive parameter of the parameter acquisition request;Session encryption key is obtained, and
The initial sensitive parameter is encrypted using the session encryption key, generates the encrypted sensitive parameter.
In one embodiment, it is also performed the steps of when computer program is executed by processor and receives the client
Password key acquisition request;According to the password key acquisition request, user password is determined;According to the user password,
Inquiry whether there is the session encryption key in preset key mapping table;If it is not, generating the session encryption key, and write
Enter the session encryption key to the key mapping table;The session encryption key is sent to the client.
In one embodiment, it also performs the steps of when computer program is executed by processor and is obtained according to the parameter
Request is taken, initial encryption parameter is inquired;Platform key is obtained, and the initial encryption parameter is carried out using the platform key
Decryption, obtains the initial sensitive parameter.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the computer program can be stored in a non-volatile computer
In read/write memory medium, the computer program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein,
To any reference of memory, storage, database or other media used in each embodiment provided herein,
Including non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM
(PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include
Random access memory (RAM) or external cache.By way of illustration and not limitation, RAM is available in many forms,
Such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram (DDRSDRAM), enhancing
Type SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM
(RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
Each technical characteristic of above embodiments can be combined arbitrarily, for simplicity of description, not to above-described embodiment
In each technical characteristic it is all possible combination be all described, as long as however, the combination of these technical characteristics be not present lance
Shield all should be considered as described in this specification.
The several embodiments of the application above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously
It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art
It says, without departing from the concept of this application, various modifications and improvements can be made, these belong to the protection of the application
Range.Therefore, the scope of protection shall be subject to the appended claims for the application patent.
Claims (14)
1. a kind of processing method of sensitive parameter, which is characterized in that the described method includes:
The encrypted sensitive parameter for receiving parameter service platform, will be in the local memory of encrypted sensitive parameter write-in client;
The encrypted sensitive parameter is decrypted, decrypting sensitive parameter is obtained;
Business operation is carried out according to the decrypting sensitive parameter;
When business operation is finished, destroyed from the local memory of the client decrypting sensitive parameter and it is described plus
Close sensitive parameter.
2. the method according to claim 1, wherein the decrypting sensitive parameter include login account, log in it is close
At least one of the web page access address of code and operation system;
It is described that business operation is carried out according to the decrypting sensitive parameter, comprising:
According to the web page access address, the operation system is accessed;
Execute robot simulation's register;Robot simulation's register is used for using the login account and described steps on
Password is recorded, the operation system is logged in.
3. the method according to claim 1, wherein the decryption encrypted sensitive parameter, obtains decrypting quick
Feel parameter, comprising:
Password key acquisition request is obtained, and sends the password key acquisition request to the parameter service platform;
Receive the session encryption key for being directed to the password key acquisition request;
The encrypted sensitive parameter is decrypted using the session encryption key, generates the decrypting sensitive parameter.
4. according to the method described in claim 2, it is characterized in that, the acquisition password key acquisition request, comprising:
Password acquisition request is sent to the parameter service platform;
Receive the user password for being directed to the password acquisition request;
According to the user password, the password key acquisition request is generated.
5. the method according to claim 1, wherein it is described receive parameter service platform encrypted sensitive parameter,
Include:
Parameter acquisition request is sent to the parameter service platform;The parameter acquisition request is used to supply the parameter service platform
Determine the user identity feature of the client;The user identity feature, which is used to determine for the parameter service platform, is directed to institute
State the encrypted sensitive parameter of client;
Receive the encrypted sensitive parameter for being directed to the parameter acquisition request.
6. a kind of sending method of encrypted sensitive parameter, which is characterized in that the described method includes:
Receive the parameter acquisition request of client;
Generate the encrypted sensitive parameter for being directed to the parameter acquisition request;
Send the encrypted sensitive parameter;The encrypted sensitive parameter is used to receive for the client, and the encryption is quick
Sense parameter is written in the local memory of the client;The encrypted sensitive parameter is also used to decrypt for the client, obtains
Decrypting sensitive parameter;The decrypting sensitive parameter is used to carry out business operation for the client;When business operation is finished
When, the client destroys the decrypting sensitive parameter and the encrypted sensitive parameter from the local memory.
7. according to the method described in claim 6, it is characterized in that, the generation is quick for the encryption of the parameter acquisition request
Feel parameter, comprising:
According to the parameter acquisition request, the user identity feature of the client is determined;The user identity feature includes using
At least one of family position hierarchy, user's concerning security matters grade and user's registration duration;
According to the user identity feature, judge whether the client has parameter access right;
If so, inquiry is directed to the initial sensitive parameter of the parameter acquisition request;
Session encryption key is obtained, and the initial sensitive parameter is encrypted using the session encryption key, generates institute
State encrypted sensitive parameter.
8. the method according to the description of claim 7 is characterized in that the acquisition session encryption key, comprising:
Receive the password key acquisition request of the client;
According to the password key acquisition request, user password is determined;
According to the user password, inquiry whether there is the session encryption key in preset key mapping table;
If it is not, generating the session encryption key, and the session encryption key is written to the key mapping table;
The session encryption key is sent to the client.
9. according to the method described in claim 2, it is characterized in that, the inquiry is for the initial quick of the parameter acquisition request
Feel parameter, comprising:
According to the parameter acquisition request, initial encryption parameter is inquired;
Platform key is obtained, and the initial encryption parameter is decrypted using the platform key, is obtained described initial quick
Feel parameter.
10. a kind of processing system of encrypted sensitive parameter, which is characterized in that the system comprises: client and parameter service are flat
Platform;
The client, for sending parameter acquisition request to the parameter service platform;It is also used to receive parameter service platform
Encrypted sensitive parameter, by the encrypted sensitive parameter write-in client local memory in;The encrypted sensitive parameter is decrypted,
Obtain decrypting sensitive parameter;Business operation is carried out according to the decrypting sensitive parameter;When business operation is finished, from described
The decrypting sensitive parameter and the encrypted sensitive parameter are destroyed in the local memory of client;
The parameter service platform, for receiving the parameter acquisition request of the client;It generates and is asked for parameter acquisition
The encrypted sensitive parameter asked;Send the encrypted sensitive parameter.
11. a kind of processing unit of encrypted sensitive parameter, which is characterized in that described device includes:
For receiving the encrypted sensitive parameter of parameter service platform client is written in the encrypted sensitive parameter by writing module
Local memory in;
Deciphering module obtains decrypting sensitive parameter for decrypting the encrypted sensitive parameter;
Operation module, for carrying out business operation according to the decrypting sensitive parameter;
Module is destroyed, it is quick for when business operation is finished, destroying the decryption from the local memory of the client
Feel parameter and the encrypted sensitive parameter.
12. a kind of sending device of encrypted sensitive parameter, which is characterized in that described device includes:
Receiving module, for receiving the parameter acquisition request of client;
Generation module, for generating the encrypted sensitive parameter for being directed to the parameter acquisition request;
Sending module, for sending the encrypted sensitive parameter;The encrypted sensitive parameter is used to receive for the client, and
The encrypted sensitive parameter is written in the local memory of the client;The encrypted sensitive parameter is also used to for the client
End decryption, obtains decrypting sensitive parameter;The decrypting sensitive parameter is used to carry out business operation for the client;When business is grasped
When being finished, the client destroys the decrypting sensitive parameter and encrypted sensitive ginseng from the local memory
Number.
13. a kind of computer equipment, including memory and processor, the memory are stored with computer program, feature exists
In the step of processor realizes any one of claims 1 to 9 the method when executing the computer program.
14. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
The step of method described in any one of claims 1 to 9 is realized when being executed by processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910282983.5A CN110008727B (en) | 2019-04-10 | 2019-04-10 | Encryption sensitive parameter processing method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910282983.5A CN110008727B (en) | 2019-04-10 | 2019-04-10 | Encryption sensitive parameter processing method and device, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110008727A true CN110008727A (en) | 2019-07-12 |
| CN110008727B CN110008727B (en) | 2020-07-21 |
Family
ID=67170606
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910282983.5A Active CN110008727B (en) | 2019-04-10 | 2019-04-10 | Encryption sensitive parameter processing method and device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110008727B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111027047A (en) * | 2019-11-29 | 2020-04-17 | 哈尔滨安天科技集团股份有限公司 | Application program sensitive information control method and device, electronic equipment and storage medium |
| CN115955325A (en) * | 2022-10-26 | 2023-04-11 | 贝壳找房(北京)科技有限公司 | Information management and control method and system and electronic equipment |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0843928A2 (en) * | 1995-07-17 | 1998-05-27 | Roger E. Billings | Distributed data processing network |
| CN1753359A (en) * | 2004-09-24 | 2006-03-29 | 华为技术有限公司 | Method of implementing transmission syncML synchronous data |
| CN101742508A (en) * | 2009-12-21 | 2010-06-16 | 中兴通讯股份有限公司 | System and method for transmitting files between WAPI terminal and application server |
| CN101964793A (en) * | 2010-10-08 | 2011-02-02 | 上海银联电子支付服务有限公司 | Method and system for transmitting data between terminal and server and sign-in and payment method |
| CN105307165A (en) * | 2015-10-10 | 2016-02-03 | 中国民生银行股份有限公司 | Communication method based on mobile application, server and client |
| CN107566324A (en) * | 2016-06-30 | 2018-01-09 | 南京中兴新软件有限责任公司 | Encryption method, decryption method and device |
| CN108418785A (en) * | 2017-12-13 | 2018-08-17 | 平安科技(深圳)有限公司 | Password call method, server and storage medium |
| CN109347626A (en) * | 2018-09-03 | 2019-02-15 | 杭州电子科技大学 | A kind of safety identification authentication method with antitracking characteristic |
| CN109409109A (en) * | 2018-10-17 | 2019-03-01 | 网易(杭州)网络有限公司 | Data processing method, device, processor and server in network service |
| CN109471844A (en) * | 2018-10-10 | 2019-03-15 | 深圳市达仁基因科技有限公司 | File sharing method, device, computer equipment and storage medium |
| CN109600730A (en) * | 2019-01-22 | 2019-04-09 | 苏州宏裕千智能设备科技有限公司 | A kind of collection control method and terminal of information |
-
2019
- 2019-04-10 CN CN201910282983.5A patent/CN110008727B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0843928A2 (en) * | 1995-07-17 | 1998-05-27 | Roger E. Billings | Distributed data processing network |
| CN1753359A (en) * | 2004-09-24 | 2006-03-29 | 华为技术有限公司 | Method of implementing transmission syncML synchronous data |
| CN101742508A (en) * | 2009-12-21 | 2010-06-16 | 中兴通讯股份有限公司 | System and method for transmitting files between WAPI terminal and application server |
| CN101964793A (en) * | 2010-10-08 | 2011-02-02 | 上海银联电子支付服务有限公司 | Method and system for transmitting data between terminal and server and sign-in and payment method |
| CN105307165A (en) * | 2015-10-10 | 2016-02-03 | 中国民生银行股份有限公司 | Communication method based on mobile application, server and client |
| CN107566324A (en) * | 2016-06-30 | 2018-01-09 | 南京中兴新软件有限责任公司 | Encryption method, decryption method and device |
| CN108418785A (en) * | 2017-12-13 | 2018-08-17 | 平安科技(深圳)有限公司 | Password call method, server and storage medium |
| CN109347626A (en) * | 2018-09-03 | 2019-02-15 | 杭州电子科技大学 | A kind of safety identification authentication method with antitracking characteristic |
| CN109471844A (en) * | 2018-10-10 | 2019-03-15 | 深圳市达仁基因科技有限公司 | File sharing method, device, computer equipment and storage medium |
| CN109409109A (en) * | 2018-10-17 | 2019-03-01 | 网易(杭州)网络有限公司 | Data processing method, device, processor and server in network service |
| CN109600730A (en) * | 2019-01-22 | 2019-04-09 | 苏州宏裕千智能设备科技有限公司 | A kind of collection control method and terminal of information |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111027047A (en) * | 2019-11-29 | 2020-04-17 | 哈尔滨安天科技集团股份有限公司 | Application program sensitive information control method and device, electronic equipment and storage medium |
| CN111027047B (en) * | 2019-11-29 | 2024-04-02 | 安天科技集团股份有限公司 | Application sensitive information management and control method and device, electronic equipment and storage medium |
| CN115955325A (en) * | 2022-10-26 | 2023-04-11 | 贝壳找房(北京)科技有限公司 | Information management and control method and system and electronic equipment |
| CN115955325B (en) * | 2022-10-26 | 2024-02-02 | 贝壳找房(北京)科技有限公司 | Information management and control method and system and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110008727B (en) | 2020-07-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106850699B (en) | A kind of mobile terminal login authentication method and system | |
| CN110535833B (en) | Data sharing control method based on block chain | |
| CN110365670A (en) | Blacklist sharing method, device, computer equipment and storage medium | |
| CN108833355B (en) | Data processing method, data processing device, computer equipment and computer readable storage medium | |
| CN109067528B (en) | Password operation method, work key creation method, password service platform and equipment | |
| CN109347625B (en) | Password operation method, work key creation method, password service platform and equipment | |
| CN112613076B (en) | Privacy-protecting multi-party data processing method, device and system | |
| CN111241555B (en) | Access method and device for simulating user login, computer equipment and storage medium | |
| CN110245505A (en) | Tables of data access method, device, computer equipment and storage medium | |
| CN112685786B (en) | Financial data encryption and decryption method, system, equipment and storage medium | |
| CN111274599A (en) | Data sharing method based on block chain and related device | |
| CN110489393A (en) | Promise breaking information query method, device, computer equipment and storage medium | |
| CN106992851A (en) | TrustZone-based database file password encryption and decryption method and device and terminal equipment | |
| CN112528268B (en) | Cross-channel applet login management method and device and related equipment | |
| CN110851800B (en) | Code protection method, device, system and readable storage medium | |
| WO2022206453A1 (en) | Method and apparatus for providing cross-chain private data | |
| CN109697370A (en) | Database data encipher-decipher method, device, computer equipment and storage medium | |
| CN109347813A (en) | Internet of things equipment login method, system, computer equipment and storage medium | |
| CN110008727A (en) | Processing method, device, computer equipment and the storage medium of encrypted sensitive parameter | |
| CN113886862A (en) | Trusted computing system and resource processing method based on trusted computing system | |
| CN114222288B (en) | Equipment identifier generation method, equipment identifier verification method and device | |
| CN110445757A (en) | Personnel information encryption method, device, computer equipment and storage medium | |
| CN108985040B (en) | Method and apparatus, storage medium and the processor logged in using cipher key | |
| CN117879820A (en) | Block chain-based data sharing method | |
| CN117294484A (en) | Method, apparatus, device, medium and product for data interaction |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 511458 Room 1301, Chengtou Building, 106 Fengze East Road, Nansha District, Guangzhou City, Guangdong Province (self-compiled 1301-12159) Applicant after: Southern Power Grid Digital Grid Research Institute Co., Ltd. Address before: 511458 Room 1301, Chengtou Building, 106 Fengze East Road, Nansha District, Guangzhou City, Guangdong Province (self-compiled 1301-12159) Applicant before: Dingxin Information Technology Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |