CN110602146A - Data encryption and decryption method, readable storage medium and electronic equipment - Google Patents
Data encryption and decryption method, readable storage medium and electronic equipment Download PDFInfo
- Publication number
- CN110602146A CN110602146A CN201910943370.1A CN201910943370A CN110602146A CN 110602146 A CN110602146 A CN 110602146A CN 201910943370 A CN201910943370 A CN 201910943370A CN 110602146 A CN110602146 A CN 110602146A
- Authority
- CN
- China
- Prior art keywords
- key
- encryption
- information
- current
- database
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0414—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication
Abstract
The embodiment of the invention discloses a data encryption method, a data decryption method, a readable storage medium and electronic equipment. The data encryption and decryption method accesses the encrypted database through a specific server, and reads and stores a key and encrypted information in the encrypted database based on the authority granted by the encrypted database. The method can directly realize that only specific servers are allowed to encrypt and decrypt information, avoids the risk of sensitive information leakage, and simultaneously avoids influencing the availability of the current service due to the fact that the external service cannot be used by using the specific servers in the system to communicate with the encryption database without depending on the external system.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a data encryption and decryption method, a readable storage medium and electronic equipment.
Background
To prevent privacy disclosure, many software applications encrypt sensitive information stored in a database. The existing information encryption methods are generally two, wherein one of the two methods is to encrypt and decrypt the sensitive information by a specified key: firstly, storing the encrypted sensitive information persistently, so that external personnel can only see the encrypted information; when the device needs to be used, the encrypted sensitive information is inquired from the persistent storage, and then the sensitive information is decrypted through the specified key. The encrypted information stored in this way can still be queried by the development technicians of the system and decrypted by the key pair, thereby causing the risk of sensitive information being revealed. Another kind calls the service that the outside provides to encrypt the sensitive information, store to the persistent storage after encrypting, so the outside personnel can only see the information after encrypting; when the encryption and decryption method is needed to be used, the decrypted sensitive information is inquired in the external system according to the ID, namely, the encryption and decryption process depends on the external system. This encryption method is too dependent on external services, which for some reason may result in current systems being unable to encrypt and decrypt, which is unacceptable for systems with very high requirements on availability.
Disclosure of Invention
In view of this, the embodiment of the present invention discloses a data encryption and decryption method, a customer service storage medium, and an electronic device, so as to directly implement encryption and decryption of specific user information without depending on an external system, and avoid the risk of sensitive information leakage.
In a first aspect, an embodiment of the present invention discloses a data encryption method, where the method includes:
receiving data information through a preset application program interface;
sending a key reading request, wherein the reading request comprises a server identifier;
receiving a first key returned by the encryption database in response to the key reading request;
encrypting the data information according to the first key to determine first encryption information;
storing the first encryption information to the encryption database.
Further, the method further comprises:
determining a second key, and sending a key updating instruction containing the second key to the encryption database;
storing the first key in the encryption database to an old key position according to the key updating instruction, and storing the second key to a current key position;
and storing the first encryption information in the encryption database to an old encryption information position.
Further, the method further comprises:
acquiring the first encryption information, a first key and a second key;
decrypting the first encrypted information according to the first key to determine corresponding data information;
encrypting the data information according to the second key to determine second encryption information;
and storing the second encryption information to the current encryption information position of the encryption database as the encryption information after key updating.
Further, the method further comprises:
acquiring all second encryption information, a first key and a second key contained in the encryption database according to a preset period;
decrypting each second encrypted message according to the second key;
in response to a failure to decrypt the second encrypted information according to the second key, decrypting the second encrypted information according to the first key;
in response to the data information being obtained by decrypting the second encrypted information according to the first key, encrypting the data information according to a second key to determine third encrypted information;
and storing the second encryption information to an old encryption information position in the encryption database, and storing the third encryption information to the current encryption information position.
Further, the method further comprises:
sending an alert in response to a failure to decrypt the second encrypted information according to the first key.
In a second aspect, an embodiment of the present invention discloses a data decryption method, where the method includes:
receiving an encrypted information identifier through a preset application program interface, and sending a decryption request containing a server identifier and the encrypted information identifier;
receiving a current key and current encryption information returned by the encryption database in response to the decryption request;
and decrypting the current encrypted information according to the current key to determine data information.
Further, an old key is also included in the encryption database;
the current key and the current encryption information returned by the encryption receiving database in response to the decryption request are specifically:
and receiving a current key, current encryption information and an old key returned by the encryption database in response to the decryption request, wherein the current key is stored in the current key position of the encryption database, and the old key is stored in the old key position of the encryption database.
Further, the decrypting the current encrypted information according to the current key to determine data information includes:
decrypting the current encrypted information according to the current key;
and in response to the failure of decrypting the current encrypted information according to the current key, decrypting the current encrypted information according to the old key to determine data information.
In a third aspect, an embodiment of the present invention discloses a computer-readable storage medium for storing computer program instructions, wherein the computer program instructions, when executed by a processor, implement the method according to any one of the first and second aspects.
In a fourth aspect, an embodiment of the present invention discloses an electronic device, including a memory and a processor, wherein the memory is configured to store one or more computer program instructions, and wherein the one or more computer program instructions are executed by the processor to implement the method according to any one of the first and second aspects.
Drawings
The above and other objects, features and advantages of the present invention will become more apparent from the following description of the embodiments of the present invention with reference to the accompanying drawings, in which:
FIG. 1 is a system diagram of a data encryption and decryption method according to an embodiment of the present invention;
FIG. 2 is a flow chart of a data encryption method according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating key updating according to an alternative implementation of an embodiment of the present invention;
FIG. 4 is a diagram illustrating updating encryption information according to an alternative implementation of an embodiment of the present invention;
fig. 5 is a schematic diagram of modifying encryption information according to an alternative implementation of an embodiment of the present invention;
FIG. 6 is a flow chart of a data decryption method according to an embodiment of the present invention;
fig. 7 is a schematic diagram of an electronic device according to an embodiment of the invention.
Detailed Description
The present invention will be described below based on examples, but the present invention is not limited to only these examples. In the following detailed description of the present invention, certain specific details are set forth. It will be apparent to one skilled in the art that the present invention may be practiced without these specific details. Well-known methods, procedures, components and circuits have not been described in detail so as not to obscure the present invention.
Further, those of ordinary skill in the art will appreciate that the drawings provided herein are for illustrative purposes and are not necessarily drawn to scale.
Unless the context clearly requires otherwise, throughout the description, the words "comprise", "comprising", and the like are to be construed in an inclusive sense as opposed to an exclusive or exhaustive sense; that is, what is meant is "including, but not limited to".
In the description of the present invention, it is to be understood that the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. In addition, in the description of the present invention, "a plurality" means two or more unless otherwise specified.
Fig. 1 is a system schematic diagram of a data encryption and decryption method according to an embodiment of the present invention, and as shown in fig. 1, the system includes a first service server 10, a second service server 11, an encryption server 12, and an encryption database 13, as an optional implementation manner of this embodiment, the first service server 10 and the second service server 11 may be the same service server.
Specifically, in the process of data encryption, the first service server 10 is configured to send data information to be confidential to the encryption server 12, and the encryption server 12 sends a key reading request to the encryption database 13 after receiving the data information, and receives a key returned by the encryption database 13. And after encrypting the data information, the encryption database 13 sends the corresponding current encryption information to the encryption database 13 for storage. In the process of data decryption, the second service server 11 is configured to send an encrypted information identifier to the encryption server 12, and the encryption server 12 sends a decryption request to the encryption database 13 after receiving the encrypted information identifier, and receives a key returned by the encryption database 13 and current encrypted information determined according to the encrypted information identifier. The encryption server 12 decrypts the current encrypted information according to the key to determine the data information corresponding to the current encrypted information, and returns the data information to the second service server 11.
Further, the encryption server 12 may separately transmit information to the encryption database 13 when not receiving information transmitted from the first service server 10 or the second service server 11. Specifically, the encryption server 12 generates a new key, updates the new key as a current key to the encryption database 13, obtains encryption information of an old key from the encryption database 13, decrypts the encryption information according to the old key to obtain data information, encrypts the data information according to the generated new key to obtain new encryption information, and updates the new encryption information as the current encryption information to the encryption database 13.
Fig. 2 is a flowchart of a data encryption method according to an embodiment of the present invention, and as shown in fig. 2, the method includes:
and step S100, receiving data information through a preset application program interface.
Specifically, the data information is sensitive information to be encrypted, and may be, for example, user personal information such as a user telephone and an address, company important information such as a company important document and a contract, or other preset sensitive information to be encrypted. The data information may be sent through a terminal device or a service server, where the terminal device may be, for example, a mobile phone, a computer, a tablet computer, or the like. The device for receiving the data information is an encryption server provided with a preset application program interface and used for receiving and processing the data information.
And step S200, sending a key reading request.
Specifically, after the encryption server receives the data information through step S100, a key reading request including a server identifier, such as a server code, a server ID, and the like, for characterizing the server identity is determined and sent based on the data information. In this embodiment, the receiving device of the key reading request is an encrypted database for storing keys.
And step S300, receiving a first key returned by the encrypted database in response to the key reading request.
In particular, an access list is maintained in the encrypted database for storing an identification of servers that may access the encrypted database. When the server identifier included in the key reading request received by the encryption database in step S200 is in the access list of the encryption database, the first key stored in the current key address of the encryption database is returned based on the key reading request, and the first key is received by the encryption server that sent the key reading request. Optionally, the encryption server generates and stores the first key into the encryption database.
In this embodiment, the first key is a key that can encrypt and decrypt all the data information. In other embodiments of the present invention, the encrypted database may contain a plurality of selectable first keys, and the encryption server may select a corresponding first key in the encrypted database based on a predetermined rule according to a data format, data content, and the like of the received data information.
And S400, encrypting the data information according to the first key to determine first encryption information.
Specifically, when a key reading request sent by the encryption server is identified by the encryption database and a first key is received, the data information is encrypted by the first key to determine first encryption information.
Step S500, storing the first encryption information to the encryption database.
Specifically, after the encryption server determines first encryption information through the step S400, the first encryption information is stored in the encryption database as current encryption information of the data information, and the encryption process of the data information is completed.
Further, in order to prevent the key from being leaked and further improve the security performance of the encryption process, the encryption database is further configured to periodically and randomly generate a key and update the key to a current key location of the encryption database. And in the key updating process, stopping receiving the encryption request and the decryption request sent by the external service server. Specifically, the key update process includes:
step S501, determining a second key, and sending a key updating instruction containing the second key to the encryption database.
Specifically, the encryption server randomly generates a second key according to preset time, and sends a key update instruction of the second key to the encryption database, and a server identifier used for representing the encryption server. And after receiving the key updating instruction, the encryption database identifies a server identifier in the key updating instruction, and when the server identifier is determined to be in the access list, the encryption server is allowed to perform the next operation.
Step S502, storing the first key in the encryption database to an old key position according to the key updating instruction, and storing the second key to a current key position.
Specifically, the encryption server moves the first key stored in the current key position in the encryption database to an old key position for storage according to the key update instruction, that is, updates the first key to an old key. Optionally, if other key information is stored in the old key location at this time, the other key information is discarded. And then the second key contained in the key updating instruction is used as a new current key to be stored in the current key position of the encryption database.
And step S503, storing the first encryption information in the encryption database to an old encryption information position.
Specifically, after the key update is completed, the encryption server moves the first encryption information stored in the current encryption information position in the encryption database to the old encryption information position based on the key update instruction, that is, updates the first encryption information to the old encryption information. Optionally, if other encryption information is stored in the old encryption information position at this time, the other encryption information is discarded.
Fig. 3 is a schematic diagram of updating a key according to an alternative implementation manner of the embodiment of the present invention, as shown in fig. 3, the encryption database includes a current key location 30 and an old key location 31, which are respectively used for storing the current key and the old key.
Specifically, after receiving the key update instruction through the encryption database and identifying the server identifier, the encryption server moves the first key stored as the current key in the current key location 30 to the old key location 31, that is, updates the first key from the current key to the old key; and at the same time, storing the second key included in the key update instruction to the current key position 30, that is, updating the second key to the current key.
When the encryption server completes the key updating in the encryption database based on the key updating instruction and determines the current encryption information as old encryption information, the encryption database does not store the current encryption information, and therefore, the current encryption information in the encryption database needs to be updated through the following steps:
step S504, obtaining the first encryption information, the first key, and the second key.
Specifically, after the encryption server completes the key update, the first encryption information, the first key, and the second key in the encryption database are obtained. At this time, the first encryption information is old encryption information, the first key is an old key, and the second key is a current key.
And step S505, decrypting the first encrypted information according to the first key to determine corresponding data information.
Specifically, the encryption server decrypts each piece of first encryption information included in the encryption database according to the first key, to obtain data information corresponding to each piece of first encryption information. Namely, the old encrypted information is decrypted by the old key, and the original data information before the encryption is not obtained.
And S506, encrypting the data information according to the second key to determine second encryption information.
Specifically, after the original data information is determined in step S505, each data information is encrypted according to the second key to determine second encrypted information. Namely, the current encryption information is obtained by encrypting the data information through the current key.
And step S507, storing the second encryption information to the current encryption information position of the encryption database as the encryption information after key updating.
Specifically, after the second encryption information is determined through step S506, each piece of the second encryption information is stored as current encryption information to the current encryption information location of the encryption database.
Fig. 4 is a schematic diagram of updating encryption information according to an alternative implementation manner of the embodiment of the present invention, as shown in fig. 4, the encryption database includes a current encryption information location 40 and an old encryption information location 41, which are respectively used for storing the current encryption information and the old encryption information.
Specifically, after the encryption server completes the key update in the encryption database, the encryption server stores the first encryption information as old encryption information to the old encryption information location 41, and when a problem occurs in the encryption database, the encryption server is used for data rollback. And the encryption server stores the second encryption information as current encryption information to a current encryption information position of the encryption database.
Further, in the process of updating the key and the encryption information, it may happen that part of the current encryption information is obtained by encrypting the data information through the old key due to thread synchronization, and further, part of the current encryption information in the encryption database may be wrong. Therefore, in order to prevent the current encryption information in the encryption database from being incorrect, the current encryption information in the encryption database needs to be checked and corrected regularly. Specifically, the process includes:
step S508, acquiring all the second encryption information, the first key, and the second key included in the encryption database according to a predetermined period.
Specifically, a time period for detecting the current encryption information is set, and the information stored in the current encryption information position, the current key position and the old key position in the encryption database is periodically acquired according to the preset time period. Therefore, in this embodiment, the encryption server obtains all the second encryption information, the first key, and the second key included in the encryption database.
Step S509, decrypts each of the second encrypted information according to the second key.
Specifically, the encryption server decrypts each acquired second encrypted message according to the second key, that is, decrypts the current encrypted message according to the current key, so as to determine whether the current encrypted message is correct.
Step S510, in response to the failure of decrypting the second encrypted information according to the second key, decrypting the second encrypted information according to the first key.
Specifically, when the second encrypted information is decrypted by the second key unsuccessfully, it is preliminarily determined that the second encrypted information is data information encrypted by an old key, and therefore, the encryption server decrypts the second encrypted information according to the first key stored in the address of the old key.
Further, when all the second encryption information can be decrypted by the second key in step S509, it is determined that there is no wrong current encryption information in the encryption database, and the checking and correcting process is ended.
Step S511, in response to the data information obtained by decrypting the second encrypted information according to the first key, encrypting the data information according to the second key to determine third encrypted information.
Specifically, when the encryption server successfully decrypts the second encryption information according to the first key to obtain the corresponding data information, the second encryption information is considered to be the current encryption information obtained by encrypting the old key. And encrypting the obtained data information according to the current key, namely the second key, so as to determine third encryption information as the current encryption information of the data information.
Further, when the encryption server fails to decrypt the second encrypted information successfully even based on the first key, it is determined that an unexpected error has occurred in the second encrypted information, and an alarm is sent based on the error.
Step S512, storing the second encrypted information to an old encrypted information position in the encrypted database, and storing the third encrypted information to the current encrypted information position.
Specifically, when it is determined that the correct current encryption information is the third encryption information according to the step S511, the second encryption information determined as the old encryption information is moved to an old encryption information location of the encryption database for storage, and the third encryption information is stored as the current encryption information to the current encryption information location. So as to complete the checking and correcting process of the current encryption information.
Fig. 5 is a schematic diagram of modifying encryption information according to an alternative implementation manner of the embodiment of the present invention, as shown in fig. 5, the encryption database includes a current encryption information location 40 and an old encryption information location 41, which are respectively used for storing the current encryption information and the old encryption information.
Specifically, after the encryption server completes updating of the encryption information in the encryption database, the current encryption information is the second encryption information, and the old encryption information is the first encryption information. And when the encryption server checks the current encryption information in the encryption database and finds errors, generating corresponding correct current encryption information, namely third encryption information. And moving the second encryption information to the old encryption information position 41 for storage, and discarding the first encryption information stored in the old encryption information position 31. While storing the third encrypted information as current encrypted information to the current encrypted information location 40.
The data encryption method accesses the encryption database through a specific server, and reads and stores a key and encryption information in the encryption database based on the authority granted by the encryption database. The method can directly realize that only specific servers are allowed to encrypt and decrypt information, avoids the risk of sensitive information leakage, and also avoids the influence on the availability of the current service due to the fact that the external service cannot be used by using the specific servers in the system to communicate with the encryption database without depending on the external system. Meanwhile, the data encryption method updates the key, namely the encryption information, in the encryption database periodically, and checks and corrects the current encryption information, so that the safety and the reliability of the encryption database are improved.
Fig. 6 is a flowchart of a data decryption method according to an embodiment of the present invention, and as shown in fig. 6, the data decryption method includes:
step S600, receiving the encrypted information identifier through a preset application program interface, and sending a decryption request containing the server identifier and the encrypted information identifier.
Specifically, the encrypted information identifier is sent by a service server, and is used for retrieving the encrypted information, which may be, for example, an ID corresponding to the encrypted information, a keyword of the encrypted information, or the like. The device for receiving the encrypted information identifier is an encryption server provided with a preset application program interface and used for receiving and processing the encrypted information identifier. After receiving the encrypted information identifier, the encryption server determines a decryption request including the encrypted information identifier and a server identifier, where the server identifier is an identifier used to characterize the identity of the encryption server, and may be, for example, a server code, a server ID, or the like.
And step S700, receiving the current key and the current encryption information returned by the encryption database in response to the decryption request.
In particular, an access list is maintained in the encrypted database for storing an identification of servers that may access the encrypted database. When the server identifier included in the decryption request received by the encrypted database in step S700 is in the access list of the encrypted database, searching for corresponding current encryption information in the encrypted database based on the encryption information identifier in the decryption request, and returning the encryption information and the current key stored in the current key address of the encrypted database.
Further, when an old key is also included in the encrypted database, the encryption server also receives the old key stored in the encrypted database while receiving a current key and current encryption information returned by the encrypted database in response to the decryption request, wherein the current key is stored in a current key position of the encrypted database, and the old key is stored in an old key position of the encrypted database.
And step S800, decrypting the current encrypted information according to the current key to determine data information.
Specifically, after the encryption server obtains the current key and the current encryption information through step S700, the encryption server decrypts the current encryption information according to the current key, and determines the data information corresponding to the current encryption information. Optionally, after determining the data information, the encryption server sends the data information to a service server sending an encryption information identifier.
Further, in order to ensure information security, the encryption database may periodically update the current key stored in the current key location, and further update the encryption information stored in the current encryption information location. In the process of updating the key and the encryption information, it may happen that part of the current encryption information is obtained by encrypting the data information through the old key due to thread synchronization, and further, part of the current encryption information in the encryption database is wrong. In order to prevent the current encrypted information from being decrypted accurately due to the error of the encrypted information, the current encrypted information is decrypted through the following steps:
and step S810, decrypting the current encrypted information according to the current key.
Specifically, the encryption server decrypts the current encryption information according to the current key, and if decryption succeeds to obtain corresponding data information, the encryption server determines that the current encryption information is correct, and ends the decryption process.
Step S820, in response to the failure of decrypting the current encrypted information according to the current key, decrypting the current encrypted information according to the old key to determine data information.
Specifically, when the current encrypted information cannot be decrypted in step S810, it is determined that the current encrypted information is incorrect, and the encryption server further decrypts the current encrypted information according to an old key to determine data information. And if the decryption is successful, obtaining the corresponding data information, and ending the decryption process.
Further, when the encryption server cannot successfully decrypt the current encrypted information according to the old key, the encryption server judges that unexpected errors occur in the current encrypted information, and sends an alarm based on the errors.
The data decryption method accesses the encrypted database through a specific server, reads a key and encrypted information in the encrypted database based on the authority granted by the encrypted database, and completes the decryption process according to the key and the encrypted information. The method can directly realize that only a specific server is allowed to decrypt information, avoids the risk of sensitive information leakage, and also avoids the influence on the availability of the current service due to the fact that the external service cannot be used by using the specific server in the system to communicate with the encryption database without depending on the external system.
Fig. 7 is a schematic diagram of an electronic device according to an embodiment of the present invention, as shown in fig. 7, in this embodiment, the electronic device includes a server, a terminal, and the like. As shown, the electronic device includes: at least one processor 72; a memory 71 communicatively coupled to the at least one processor; and a communication component 73 communicatively coupled to the storage medium, the communication component 73 receiving and transmitting data under control of the processor; the memory 71 stores instructions executable by the at least one processor 72, and the instructions are executed by the at least one processor 72 to implement the data encryption method and the data decryption method in the above-described embodiments.
In particular, the memory 71, as a non-volatile computer-readable storage medium, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules. The processor 72 executes various functional applications of the device and data processing, i.e., implements the above-described data encryption method and data decryption method, by executing nonvolatile software programs, instructions, and modules stored in the memory.
The memory 71 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store a list of options, etc. Further, the memory 71 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, the memory 71 optionally includes memory located remotely from the processor 72, and these remote memories may be connected to external devices via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
One or more modules are stored in the memory 71 and, when executed by the one or more processors 72, perform the data encryption method and the data decryption method of any of the method embodiments described above.
The product can execute the method provided by the embodiment of the application, has corresponding functional modules and beneficial effects of the execution method, and can refer to the method provided by the embodiment of the application without detailed technical details in the embodiment.
The present invention also relates to a computer-readable storage medium for storing a computer-readable program for causing a computer to perform some or all of the above-described method embodiments.
That is, as can be understood by those skilled in the art, all or part of the steps in the method for implementing the embodiments described above may be implemented by a program instructing related hardware, where the program is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, or the like) or a processor (processor) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method for data encryption, the method comprising:
receiving data information through a preset application program interface;
sending a key reading request, wherein the reading request comprises a server identifier;
receiving a first key returned by the encryption database in response to the key reading request;
encrypting the data information according to the first key to determine first encryption information;
storing the first encryption information to the encryption database.
2. The method of claim 1, further comprising:
determining a second key, and sending a key updating instruction containing the second key to the encryption database;
storing the first key in the encryption database to an old key position according to the key updating instruction, and storing the second key to a current key position;
and storing the first encryption information in the encryption database to an old encryption information position.
3. The method of claim 2, further comprising:
acquiring the first encryption information, a first key and a second key;
decrypting the first encrypted information according to the first key to determine corresponding data information;
encrypting the data information according to the second key to determine second encryption information;
and storing the second encryption information to the current encryption information position of the encryption database as the encryption information after key updating.
4. The method of claim 3, further comprising:
acquiring all second encryption information, a first key and a second key contained in the encryption database according to a preset period;
decrypting each second encrypted message according to the second key;
in response to a failure to decrypt the second encrypted information according to the second key, decrypting the second encrypted information according to the first key;
in response to the data information being obtained by decrypting the second encrypted information according to the first key, encrypting the data information according to a second key to determine third encrypted information;
and storing the second encryption information to an old encryption information position in the encryption database, and storing the third encryption information to the current encryption information position.
5. The method of claim 3, further comprising:
sending an alert in response to a failure to decrypt the second encrypted information according to the first key.
6. A method for data decryption, the method comprising:
receiving an encrypted information identifier through a preset application program interface, and sending a decryption request containing a server identifier and the encrypted information identifier;
receiving a current key and current encryption information returned by the encryption database in response to the decryption request;
and decrypting the current encrypted information according to the current key to determine data information.
7. The method of claim 6, wherein the encryption database further comprises an old key;
the current key and the current encryption information returned by the encryption receiving database in response to the decryption request are specifically:
and receiving a current key, current encryption information and an old key returned by the encryption database in response to the decryption request, wherein the current key is stored in the current key position of the encryption database, and the old key is stored in the old key position of the encryption database.
8. The method of claim 7, wherein the decrypting the current encrypted information to determine data information according to the current key comprises:
decrypting the current encrypted information according to the current key;
and in response to the failure of decrypting the current encrypted information according to the current key, decrypting the current encrypted information according to the old key to determine data information.
9. A computer readable storage medium storing computer program instructions, which when executed by a processor implement the method of any one of claims 1-8.
10. An electronic device comprising a memory and a processor, wherein the memory is configured to store one or more computer program instructions, wherein the one or more computer program instructions are executed by the processor to implement the method of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910943370.1A CN110602146A (en) | 2019-09-30 | 2019-09-30 | Data encryption and decryption method, readable storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910943370.1A CN110602146A (en) | 2019-09-30 | 2019-09-30 | Data encryption and decryption method, readable storage medium and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110602146A true CN110602146A (en) | 2019-12-20 |
Family
ID=68865325
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910943370.1A Pending CN110602146A (en) | 2019-09-30 | 2019-09-30 | Data encryption and decryption method, readable storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110602146A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112243000A (en) * | 2020-10-09 | 2021-01-19 | 北京达佳互联信息技术有限公司 | Application data processing method and device, computer equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101005357A (en) * | 2006-12-28 | 2007-07-25 | 北京飞天诚信科技有限公司 | Method and system for updating certification key |
| CN102750233A (en) * | 2011-03-22 | 2012-10-24 | Arm有限公司 | Encrypting and storing confidential data |
| CN103685162A (en) * | 2012-09-05 | 2014-03-26 | 中国移动通信集团公司 | File storing and sharing method |
| CN106888183A (en) * | 2015-12-15 | 2017-06-23 | 阿里巴巴集团控股有限公司 | Data encryption, decryption, the method and apparatus and system of key request treatment |
| CN109271798A (en) * | 2018-09-13 | 2019-01-25 | 深圳萨摩耶互联网金融服务有限公司 | Sensitive data processing method and system |
-
2019
- 2019-09-30 CN CN201910943370.1A patent/CN110602146A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101005357A (en) * | 2006-12-28 | 2007-07-25 | 北京飞天诚信科技有限公司 | Method and system for updating certification key |
| CN102750233A (en) * | 2011-03-22 | 2012-10-24 | Arm有限公司 | Encrypting and storing confidential data |
| CN103685162A (en) * | 2012-09-05 | 2014-03-26 | 中国移动通信集团公司 | File storing and sharing method |
| CN106888183A (en) * | 2015-12-15 | 2017-06-23 | 阿里巴巴集团控股有限公司 | Data encryption, decryption, the method and apparatus and system of key request treatment |
| CN109271798A (en) * | 2018-09-13 | 2019-01-25 | 深圳萨摩耶互联网金融服务有限公司 | Sensitive data processing method and system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112243000A (en) * | 2020-10-09 | 2021-01-19 | 北京达佳互联信息技术有限公司 | Application data processing method and device, computer equipment and storage medium |
| CN112243000B (en) * | 2020-10-09 | 2023-04-25 | 北京达佳互联信息技术有限公司 | Application data processing method and device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110365670B (en) | Blacklist sharing method and device, computer equipment and storage medium | |
| US9787663B2 (en) | Replaying a batch of secure commands in a secure channel | |
| CN110138744B (en) | Method, device and system for replacing communication number, computer equipment and storage medium | |
| CN106790156B (en) | Intelligent device binding method and device | |
| CN107920081B (en) | Login authentication method and device | |
| CN108270739B (en) | Method and device for managing encryption information | |
| KR102036411B1 (en) | Securing of the loading of data into a nonvolatile memory of a secure element | |
| KR20170066607A (en) | Security check method, device, terminal and server | |
| WO2018072403A1 (en) | Password reset method, apparatus, terminal device and server, and computer-readable medium | |
| US10728045B2 (en) | Authentication device, authentication system, authentication method, and program | |
| US20220407683A1 (en) | Data extraction system, data extraction method, registration apparatus, and program | |
| CN113553572A (en) | Resource information acquisition method and device, computer equipment and storage medium | |
| CN112367164A (en) | Service request processing method and device, computer equipment and storage medium | |
| CN109492384B (en) | Method for receiving entity access and accessing password device, password device and entity | |
| WO2016173174A1 (en) | Network locking data upgrading method and device | |
| CN110602146A (en) | Data encryption and decryption method, readable storage medium and electronic equipment | |
| CN111917711B (en) | Data access method and device, computer equipment and storage medium | |
| CN116545776B (en) | Data transmission method, device, computer equipment and storage medium | |
| CN105100030B (en) | Access control method, system and device | |
| CN111444496A (en) | Application control method, device, equipment and storage medium | |
| KR102405977B1 (en) | System and method for preventing network hacking | |
| CN110166452B (en) | Access control method and system based on JavaCard shared interface | |
| JP4887129B2 (en) | Update information generation apparatus, identification information update system, identification information update method and program | |
| KR101286767B1 (en) | Verification method for application program using dynamic hashing | |
| CN114444093B (en) | Data security encryption method, device, equipment and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191220 |