CN110765465A - Encryption method and device for digital information and service server - Google Patents

Encryption method and device for digital information and service server Download PDF

Info

Publication number
CN110765465A
CN110765465A CN201810826477.3A CN201810826477A CN110765465A CN 110765465 A CN110765465 A CN 110765465A CN 201810826477 A CN201810826477 A CN 201810826477A CN 110765465 A CN110765465 A CN 110765465A
Authority
CN
China
Prior art keywords
mask
digital information
target
service server
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810826477.3A
Other languages
Chinese (zh)
Inventor
张艳
彭华熹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Communications Ltd Research Institute filed Critical China Mobile Communications Group Co Ltd
Priority to CN201810826477.3A priority Critical patent/CN110765465A/en
Publication of CN110765465A publication Critical patent/CN110765465A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides an encryption method and device of digital information and a service server, and relates to the technical field of communication. The method comprises the following steps: acquiring a digitally coded mask, wherein the mask comprises a service server code and digital coding information of the mask at the associated time; and encoding the target digital information according to the mask. According to the scheme, the source of the leakage information can be tracked and positioned when leakage occurs through the coding of the mask, the leak can be repaired in time, and the leakage risk of the personal information of the user can be reduced.

Description

Encryption method and device for digital information and service server
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for encrypting digital information, and a service server.
Background
With the rapid development of the internet, personal information of users is also exposed in the flood, and events of stealing, selling and utilizing the personal information are frequent, especially, the influence and the hazard caused by illegal construction by mass exporting of a large amount of personal information of the users through a business server are larger.
The personal information of the user stored by the service server is easy to acquire because the personal information is stored in clear text and is stored in simple encryption. However, in the prior art, the attacked service server cannot be determined, and the service server with potential safety hazards cannot be corrected in time, so that the safety of new user personal information stored subsequently is greatly threatened.
Disclosure of Invention
The invention aims to provide a digital information encryption method, a digital information encryption device and a business server, which can track and position the source of leaked information through the coding of a mask when leakage occurs, repair the leak in time and reduce the leakage risk of personal information of a user.
To achieve the above object, an embodiment of the present invention provides a method for encrypting digital information, including:
acquiring a digitally coded mask, wherein the mask comprises a service server code and digital coding information of the mask at the associated time;
and encoding the target digital information according to the mask.
Wherein the step of obtaining a digitally encoded mask comprises:
decrypting the stored encrypted mask according to the private key of the service server to obtain the mask; wherein,
the encryption mask is a mask encrypted by using a public key.
Before the step of decrypting the stored encrypted mask according to the private key of the service server to obtain the mask, the method further includes:
sending a mask generation request to a mask server, and receiving and storing an encrypted mask fed back by the mask server according to the mask generation request; or
And generating a mask according to the self service server code and the digital coding information of the current time, and storing the encrypted mask after encrypting the mask by using a public key.
Wherein the step of encoding the target digital information according to the mask includes:
under the condition that the digits of the target digital information are inconsistent with the digits of the mask, adjusting the mask to obtain a target sub-mask; wherein the number of bits of the target sub-mask is consistent with the number of bits of the target digital information;
and coding the target digital information through the target sub-mask based on a preset coding mode.
Wherein, the step of adjusting the mask to obtain the target sub-mask under the condition that the digits of the target digital information are inconsistent with the digits of the mask comprises:
if the number of bits of the target digital information is smaller than the number of bits of the mask, intercepting the mask according to a preset intercepting rule to obtain the target sub-mask;
and if the digit of the target digital information is greater than the digit of the mask, splicing the mask according to a preset splicing rule to obtain the target sub-mask.
Wherein the method further comprises:
after receiving the information reading instruction, decrypting the stored encrypted mask according to the private key of the service server to obtain a mask;
and decoding the coded information corresponding to the information reading instruction according to the mask to obtain original information.
Wherein after the step of encoding the target digital information according to the mask, the method further comprises:
and after the updating indication is obtained, obtaining an updated mask, and encoding the target digital information according to the updated mask.
To achieve the above object, an embodiment of the present invention provides an encryption apparatus for digital information, including:
the acquisition module is used for acquiring a digitally encoded mask, wherein the mask comprises a service server code and digital encoding information of the mask at the associated time;
and the coding module is used for coding the target digital information according to the mask.
Wherein the acquisition module comprises:
the first processing submodule is used for decrypting the stored encrypted mask according to the private key of the service server to obtain the mask; wherein,
the encryption mask is a mask encrypted by using a public key.
Wherein the obtaining module further comprises:
the second processing submodule is used for sending a mask generating request to a mask server and receiving and storing an encrypted mask fed back by the mask server according to the mask generating request; or
And generating a mask according to the self service server code and the digital coding information of the current time, and storing the encrypted mask after encrypting the mask by using a public key.
Wherein the encoding module comprises:
the adjusting submodule is used for adjusting the mask under the condition that the digits of the target digital information are inconsistent with the digits of the mask to obtain a target sub-mask; wherein the number of bits of the target sub-mask is consistent with the number of bits of the target digital information;
and the coding submodule is used for coding the target digital information through the target sub-mask based on a preset coding mode.
Wherein the adjustment submodule is further configured to:
if the number of bits of the target digital information is smaller than the number of bits of the mask, intercepting the mask according to a preset intercepting rule to obtain the target sub-mask;
and if the digit of the target digital information is greater than the digit of the mask, splicing the mask according to a preset splicing rule to obtain the target sub-mask.
Wherein the apparatus further comprises:
the first processing module is used for decrypting the stored encrypted mask according to the private key of the service server after receiving the information reading instruction to obtain the mask;
and the second processing module is used for decoding the coded information corresponding to the information reading instruction according to the mask to obtain original information.
Wherein the apparatus further comprises:
and the updating module is used for acquiring an updated mask after the updating instruction is acquired, and encoding the target digital information according to the updated mask.
In order to achieve the above object, an embodiment of the present invention provides a service server, including a transceiver, a memory, a processor, and a computer program stored in the memory and executable on the processor; the processor, when executing the computer program, implements the method of encrypting digital information as described above.
To achieve the above object, an embodiment of the present invention provides a computer-readable storage medium on which a computer program is stored, the computer program implementing the steps in the encryption method of digital information as described above when executed by a processor.
The technical scheme of the invention has the following beneficial effects:
the encryption method of the digital information of the embodiment of the invention firstly obtains a mask of digital coding, wherein the mask comprises a service server code and the digital coding information of the correlation time of the mask; the target digital information is then encoded according to the mask. Therefore, when the service server is attacked and information leakage occurs, the mask used by the codes can be restored based on the analysis of the leakage information, and then the attacked service server is tracked and positioned, so that the attacked service server can be corrected in time, and the risk of information leakage of the service server is reduced.
Drawings
FIG. 1 is a flow chart of a method for encrypting digital information according to an embodiment of the present invention;
FIG. 2 is a second flowchart of a method for encrypting digital information according to an embodiment of the present invention;
FIG. 3 is a third flowchart of a method for encrypting digital information according to an embodiment of the present invention;
FIG. 4 is a schematic diagram illustrating an application of the encryption method for digital information according to an embodiment of the present invention;
FIG. 5 is a second schematic diagram illustrating an application of the encryption method for digital information according to the embodiment of the present invention;
FIG. 6 is a schematic structural diagram of an apparatus for encrypting digital information according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a service server according to an embodiment of the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantages of the present invention more apparent, the following detailed description is given with reference to the accompanying drawings and specific embodiments.
The invention provides a digital information encryption method aiming at the problem that the security of the subsequently stored new user personal information has higher risk because the existing user personal information is leaked and the attacked service server cannot be determined.
As shown in fig. 1, an encryption method for digital information according to an embodiment of the present invention includes:
step 101, acquiring a digitally coded mask, wherein the mask comprises a service server code and digital coding information of the mask associated time;
and 102, coding the target digital information according to the mask.
The encryption method of the digital information of the embodiment of the invention is applied to a service server, the service server firstly obtains a mask of digital coding, wherein the mask comprises a service server code and the digital coding information of the correlation time of the mask; the target digital information (i.e., the information to be encrypted) is then encoded according to the mask. Therefore, when the service server is attacked and information leakage occurs, the mask used by the codes can be restored based on the analysis of the leakage information, and then the attacked service server is tracked and positioned, so that the attacked service server can be corrected in time, and the risk of information leakage of the service server is reduced.
In this embodiment, the mask is a reference number string used in the digital encoding process, and the mask includes a service server code and digitized encoding information of the time associated with the mask. The service server code in the mask can be a randomly generated and system unique code so as to be convenient for tracking and positioning the attacked service server in the following process, and the specific code number can be adjusted according to the actual requirement. The related time of the mask in the mask may be the generation time of the mask or the time when the mask server receives the mask generation request, and the like, and the digital coding information bit number of the time may also be adjusted according to the actual requirement, and specifically may cover the contents of year, month, day, hour, and minute, such as 180131 (i.e. covering the digital coding information of 18 years, 01 months, and 31 days).
It should be noted that the service server will encrypt and store the mask used by the code to ensure the security of the mask, so step 101 includes:
decrypting the stored encrypted mask according to the private key of the service server to obtain the mask; wherein,
the encryption mask is a mask encrypted by using a public key.
Here, the stored encrypted mask encrypted by the public key is decrypted by the private key of the service server to obtain a mask used for encoding.
Optionally, before the step of decrypting the stored encrypted mask according to the private key of the service server to obtain the mask, the method further includes:
sending a mask generation request to a mask server, and receiving and storing an encrypted mask fed back by the mask server according to the mask generation request; or
And generating a mask according to the self service server code and the digital coding information of the current time, and storing the encrypted mask after encrypting the mask by using a public key.
On one hand, the service server can send a mask generation request to the mask server to request the mask server to generate the mask required by the mask server, and the mask server generates the mask after receiving the mask generation request, and in order to ensure the security of the mask in transmission, the mask server further uses the public key of the service server to encrypt the mask and then sends the encrypted mask to the service server, and then the service server receives and stores the encrypted mask fed back by the mask server; on the other hand, the service server itself can generate and encrypt the mask, specifically, the mask is generated according to the service server code itself and the digital coding information of the current time, and the mask is encrypted by using the public key, and then the encrypted mask obtained after encryption is stored. Therefore, the service server can obtain the mask required by the coding by the mask server mask, and can generate the mask by the service server, so that the working performance of the service server is improved.
In order to ensure that the mask server generates the required mask, the mask generation request at least includes relevant information of the service server, such as a physical address of the service server, a service security level, and the like. Therefore, the mask server can generate the mask in a targeted manner according to the content of the mask generation request. For example, a service server code 23890 is randomly assigned to the service server based on the physical address of the service server; according to the service security level, if the time only covers the year, month and day, the digital coding information 180131 of the current time is obtained; then, the mask server splices the service server code and the digital coding information of the current time, so that the mask required by the service server can be obtained: 23890180131. of course, the method of generating the mask by the mask server is not limited to the above, and other generation methods based on the service server code and the digitized code information of the mask correlation time are also applicable to the embodiments of the present invention.
Generally, after the mask is acquired, the target digital information can be encoded by the mask based on a preset encoding system. However, for the preset encoding method, such as the addition encoding, there is a certain requirement for the mask bit number, and therefore, as shown in fig. 2, step 102 includes:
step 1021, under the condition that the digits of the target digital information are inconsistent with the digits of the mask, adjusting the mask to obtain a target sub-mask; wherein the number of bits of the target sub-mask is consistent with the number of bits of the target digital information;
and 1022, encoding the target digital information through the target sub-mask based on a preset encoding mode.
Here, when the number of bits of the target digital information is not the same as the number of bits of the mask, the mask is first adjusted to obtain a target sub-mask that is the same as the number of bits of the target digital information; and then, coding the target digital information through the target sub-mask based on a preset coding mode to realize coding processing of the preset coding mode.
Optionally, step 1021 comprises:
if the number of bits of the target digital information is smaller than the number of bits of the mask, intercepting the mask according to a preset intercepting rule to obtain the target sub-mask;
and if the digit of the target digital information is greater than the digit of the mask, splicing the mask according to a preset splicing rule to obtain the target sub-mask.
In this way, for the condition that the number of digits of the target digital information is smaller than that of the mask, the mask is intercepted according to a preset intercepting rule to obtain a target sub-mask; and for the condition that the number of bits of the target digital information is larger than that of the mask, splicing the mask according to a preset splicing rule to obtain the target sub-mask.
Supposing that the preset coding mode is additive coding, the preset interception rule is that the 1 st bit to the nth bit of the intercepted mask are used as target sub-masks, N is equal to the target digital information bit number, taking the mask as 23890180131 and the target digital information as 1602 as examples, since the mask bit number is greater than the target digital information bit number, the mask is intercepted according to the preset interception rule to obtain the target sub-mask as 2389. Then, the target digital information is subjected to addition coding through a target sub-mask: and (4) adding corresponding digits from left to right, and directly taking the digits as a final structure if the addition result is 2 digits. The operation is as follows: since 2+1 is 3, 3+6 is 9, 8+0 is 8, and 2+9 is 1, the result of the "1602" coding operation is "3981".
Supposing that the preset coding mode is additive coding, the preset splicing rule is that the masks are copied according to the target digital information digit and connected end to end, the masks are 23890180131, the target digital information is 110101200010110814, and the masks are spliced according to the preset splicing rule because the mask digit is less than the target digital information digit, so that the target sub-masks are 238901801312389018. Then, the target digital information is subjected to addition coding through a target sub-mask: and (4) adding corresponding digits from left to right, and directly taking the digits as a final structure if the addition result is 2 digits. The operation is as follows: since 2+1 is 3, 3+1 is 4, 8+0 is 8, 9+1 is 0, 0+0 is 0, 1+1 is 2, 8+2 is 0, 0+0 is 0, 1+0 is 1, 3+0 is 3, 1+1 is 2, 2+0 is 2, 3+1 is 4, 8+1 is 9, 9+0 is 9, 0+8 is 8, 1+1 is 2, 8+4 is 2, and "110101200010110814" is "348002001322499822" after the encoding operation.
Of course, when the number of bits of the target digital information matches the number of bits of the mask, the target digital information may be encoded by using the mask as it is. The preset coding method is additive coding, taking mask as "23890180131" and target digital information as "13466661234" as an example, because the number of mask bits and the number of target digital information bits are both 11 bits, the target digital information can be directly additive coded through the mask: and (4) adding corresponding digits from left to right, and directly taking the digits as a final structure if the addition result is 2 digits. The operation is as follows: since 2+1 is 3, 3+3 is 6, 8+4 is 2, 9+6 is 5, 0+6 is 6, 1+6 is 7, 8+6 is 4, 0+1 is 1, 1+2 is 3, 3+3 is 6, and 1+4 is 5, the result after the "13466661234" encoding operation is "36256741365".
It should also be noted that, for the encoded target digital information, the service server needs to decode the encoded target digital information when the target digital information needs to be used according to the service requirement, and therefore, as shown in fig. 3, the method further includes:
103, after receiving the information reading instruction, decrypting the stored encrypted mask according to the private key of the service server to obtain a mask;
and 104, decoding the coded information corresponding to the information reading instruction according to the mask to obtain original information.
Here, by receiving the information reading instruction, it is known that the service server needs to decode the coding result currently, and similar to the coding process, the mask needs to be obtained first, that is, the stored encrypted mask is decrypted according to the private key of the service server; then, the encoded information corresponding to the information reading instruction is decoded by the mask, and the original information (i.e., information before encoding) is obtained.
Wherein, the decoding process is the inverse operation process of the coding. For example, if the encoding process of the target digital information "1602" by the mask "23890180131" performs decoding operation on the encoding result "3981", the target sub-mask "2389" is firstly confirmed, and then the encoding result is subjected to subtraction decoding by using the sub-mask: and subtracting corresponding digits from left to right, and if the corresponding digits are not subtracted enough, directly adding 10 to the corresponding digits and subtracting the corresponding digits to obtain a final result. The operation is as follows: 3-2 ═ 1, 9-3 ═ 6, 8-8 ═ 0, 11-9 ═ 2, so the original information recovered by decoding is "1602".
For the encoding process of the target digital information "110101200010110814" by the mask "23890180131", if the encoding result "348002001322499822" is decoded, the target sub-mask "238901801312389018" is firstly confirmed, and then the encoding result is decoded by subtraction using the sub-mask: and subtracting corresponding digits from left to right, and if the corresponding digits are not subtracted enough, directly adding 10 to the corresponding digits and subtracting the corresponding digits to obtain a final result. The operation is as follows: 3-2 ═ 1, 4-3 ═ 1, 8-8 ═ 0, 10-9 ═ 1, 0-0 ═ 0, 2-1 ═ 1, 10-8 ═ 2, 0-0 ═ 0, 1-1 ═ 0, 3-3 ═ 0, 2-1 ═ 1, 2-2 ═ 0, 4-3 ═ 1, 9-8 ═ 1, 9-9 ═ 0, 8-0 ═ 8, 2-1 ═ 1, 12-8 ═ 4, and therefore the original information recovered by decoding is "110101200010110814".
Similarly, if the mask "23890180131" is used to decode the encoding result "36256741365" of the target digital information "13466661234", the mask is directly used to perform subtraction decoding on the encoding result: and subtracting corresponding digits from left to right, and if the corresponding digits are not subtracted enough, directly adding 10 to the corresponding digits and subtracting the corresponding digits to obtain a final result. The operation is as follows: 3-2 ═ 1, 6-3 ═ 3, 12-8 ═ 4, 15-9 ═ 6, 6-0 ═ 6, 7-1 ═ 6, 14-8 ═ 6, 1-0 ═ 1, 3-1 ═ 2, 6-3 ═ 3, 5-1 ═ 4, and therefore the mobile phone number recovered by decoding is "13466661234".
In addition, in the embodiment of the present invention, in order to avoid a reduction in safety due to long-term use of the mask, the mask is updated periodically or aperiodically. Optionally, the business server may send a mask generation request to the mask server periodically or aperiodically, and replace the old encryption mask with the re-received encryption mask to update the mask; or, a new mask is generated periodically or aperiodically according to the own service server code and the digital coding information of the current time, and the mask is encrypted by using a public key and then stored to replace the old encryption mask so as to update the mask. Therefore, after step 102, the method further comprises:
and after the updating indication is obtained, obtaining an updated mask, and encoding the target digital information according to the updated mask.
After an update instruction for indicating that the mask is updated is obtained, the updated mask is obtained first, and if the stored updated encrypted mask is decrypted according to a private key of the service server, the updated mask is obtained; and then the target digital information is coded according to the updated mask. Of course, since the target digital information is already encoded according to the old mask in step 102, the target digital information needs to be decoded and restored by using the old mask before this encoding, and then the target digital information needs to be re-encoded according to the updated mask and stored.
Next, an application of the encryption method of digital information according to the embodiment of the present invention will be described with reference to fig. 4 and 5.
Scene one (mask server generates mask), as shown in fig. 4:
s401, the service server sends a mask generation request to a mask server, wherein the mask generation request at least comprises the relevant information of the service server.
S402, the mask server generates a corresponding mask based on the received mask generation request.
S403, the mask server encrypts the generated mask by using the public key of the service server.
S404, the mask server sends the encrypted mask to the service server.
S405, the business server receives and securely stores the encryption mask.
S406, the service server decrypts the mask by using the private key of the service server, and encodes and stores various personal digital information (namely, the target digital information) according to the mask.
S407, when the personal digital information needs to be used, the service server firstly uses the private key of the service server to decrypt the mask, and then decodes the stored coding information to restore the original information for use.
S408, the service server applies for updating the mask to the mask server periodically, after the mask is updated, the original mask is used for restoring the personal digital information, and then the personal digital information is encoded again according to the updated mask and then stored.
Scenario two (service server generates mask), as shown in fig. 5:
s501, the business server generates a corresponding mask, encrypts the generated mask by using the public key of the business server, and then safely stores the encrypted mask.
S502, the service server decrypts the mask by using the private key of the service server, and encodes and stores various personal digital information (namely target digital information) according to the mask.
S503, when the personal digital information is needed to be used, the business server firstly uses the private key of the business server to decrypt the mask, then decodes the stored coding information, and restores the original information for use.
S504, the service server periodically updates the mask, after the mask is updated, the original mask is firstly used for restoring the personal digital information, and then the personal digital information is recoded according to the updated mask and then is stored.
Therefore, after the target digital information is protected by the method of the embodiment of the invention, for the generated information leakage, an attacker can only see the result processed by the mask, and cannot acquire real information, so that the safety of the information is ensured.
As shown in fig. 6, an encryption apparatus for digital information according to an embodiment of the present invention includes:
an obtaining module 601, configured to obtain a digitally encoded mask, where the mask includes a service server code and digitally encoded information of an associated time of the mask;
and an encoding module 602, configured to encode the target digital information according to the mask.
Wherein the acquisition module comprises:
the first processing submodule is used for decrypting the stored encrypted mask according to the private key of the service server to obtain the mask; wherein,
the encryption mask is a mask encrypted by using a public key.
Wherein the obtaining module further comprises:
the second processing submodule is used for sending a mask generating request to a mask server and receiving and storing an encrypted mask fed back by the mask server according to the mask generating request; or
And generating a mask according to the self service server code and the digital coding information of the current time, and storing the encrypted mask after encrypting the mask by using a public key.
Wherein the encoding module comprises:
the adjusting submodule is used for adjusting the mask under the condition that the digits of the target digital information are inconsistent with the digits of the mask to obtain a target sub-mask; wherein the number of bits of the target sub-mask is consistent with the number of bits of the target digital information;
and the coding submodule is used for coding the target digital information through the target sub-mask based on a preset coding mode.
Wherein the adjustment submodule is further configured to:
if the number of bits of the target digital information is smaller than the number of bits of the mask, intercepting the mask according to a preset intercepting rule to obtain the target sub-mask;
and if the digit of the target digital information is greater than the digit of the mask, splicing the mask according to a preset splicing rule to obtain the target sub-mask.
Wherein the apparatus further comprises:
the first processing module is used for decrypting the stored encrypted mask according to the private key of the service server after receiving the information reading instruction to obtain the mask;
and the second processing module is used for decoding the coded information corresponding to the information reading instruction according to the mask to obtain original information.
Wherein the apparatus further comprises:
and the updating module is used for acquiring an updated mask after the updating instruction is acquired, and encoding the target digital information according to the updated mask.
The encryption device of the digital information of the embodiment firstly obtains the digitally encoded mask, wherein the mask comprises the service server code and the digitally encoded information of the time associated with the mask; the target digital information is then encoded according to the mask. Therefore, when the service server is attacked and information leakage occurs, the mask used by the codes can be restored based on the analysis of the leakage information, and then the attacked service server is tracked and positioned, so that the attacked service server can be corrected in time, and the risk of information leakage of the service server is reduced.
It should be noted that the apparatus is an apparatus to which the above-mentioned encryption method for digital information is applied, and the implementation manner of the embodiment of the above-mentioned encryption method for digital information is applicable to the apparatus, and can also achieve the same effect, and is not described herein again.
A service server according to another embodiment of the present invention, as shown in fig. 7, includes a transceiver 710, a memory 720, a processor 700, and a computer program stored on the memory 720 and executable on the processor 700; the processor 700 implements the above-described encryption method of digital information when executing the computer program.
The transceiver 710 is used for receiving and transmitting data under the control of the processor 700.
Where in fig. 7, the bus architecture may include any number of interconnected buses and bridges, with various circuits being linked together, particularly one or more processors represented by processor 700 and memory represented by memory 720. The bus architecture may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface. The transceiver 710 may be a number of elements, including a transmitter and a transceiver, providing a means for communicating with various other apparatus over a transmission medium. The processor 700 is responsible for managing the bus architecture and general processing, and the memory 720 may store data used by the processor 700 in performing operations.
The computer-readable storage medium of the embodiment of the present invention stores thereon a computer program, and when the computer program is executed by a processor, the steps in the above-described encryption method for digital information are implemented, and the same technical effects can be achieved. The computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.
It is further noted that many of the functional units described in this specification have been labeled as modules, in order to more particularly emphasize their implementation independence.
In embodiments of the present invention, modules may be implemented in software for execution by various types of processors. An identified module of executable code may, for instance, comprise one or more physical or logical blocks of computer instructions which may, for instance, be constructed as an object, procedure, or function. Nevertheless, the executables of an identified module need not be physically located together, but may comprise disparate instructions stored in different bits which, when joined logically together, comprise the module and achieve the stated purpose for the module.
Indeed, a module of executable code may be a single instruction, or many instructions, and may even be distributed over several different code segments, among different programs, and across several memory devices. Likewise, operational data may be identified within the modules and may be embodied in any suitable form and organized within any suitable type of data structure. The operational data may be collected as a single data set, or may be distributed over different locations including over different storage devices, and may exist, at least partially, merely as electronic signals on a system or network.
When a module can be implemented by software, considering the level of existing hardware technology, a module implemented by software may build a corresponding hardware circuit to implement a corresponding function, without considering cost, and the hardware circuit may include a conventional Very Large Scale Integration (VLSI) circuit or a gate array and an existing semiconductor such as a logic chip, a transistor, or other discrete components. A module may also be implemented in programmable hardware devices such as field programmable gate arrays, programmable array logic, programmable logic devices or the like.
The exemplary embodiments described above are described with reference to the drawings, and many different forms and embodiments of the invention may be made without departing from the spirit and teaching of the invention, therefore, the invention is not to be construed as limited to the exemplary embodiments set forth herein. Rather, these exemplary embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. In the drawings, the size and relative sizes of elements may be exaggerated for clarity. The terminology used herein is for the purpose of describing particular example embodiments only and is not intended to be limiting. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. Unless otherwise indicated, a range of values, when stated, includes the upper and lower limits of the range and any subranges therebetween.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (16)

1. A method for encrypting digital information, comprising:
acquiring a digitally coded mask, wherein the mask comprises a service server code and digital coding information of the mask at the associated time;
and encoding the target digital information according to the mask.
2. The method of encrypting digital information according to claim 1, wherein said step of obtaining a digitally encoded mask comprises:
decrypting the stored encrypted mask according to the private key of the service server to obtain the mask; wherein,
the encryption mask is a mask encrypted by using a public key.
3. The method of claim 2, wherein before the step of decrypting the stored encrypted mask to obtain the mask according to the private key of the service server, the method further comprises:
sending a mask generation request to a mask server, and receiving and storing an encrypted mask fed back by the mask server according to the mask generation request; or
And generating a mask according to the self service server code and the digital coding information of the current time, and storing the encrypted mask after encrypting the mask by using a public key.
4. The method for encrypting digital information according to claim 1, wherein said step of encoding the target digital information according to the mask comprises:
under the condition that the digits of the target digital information are inconsistent with the digits of the mask, adjusting the mask to obtain a target sub-mask; wherein the number of bits of the target sub-mask is consistent with the number of bits of the target digital information;
and coding the target digital information through the target sub-mask based on a preset coding mode.
5. The method for encrypting digital information according to claim 4, wherein the step of adjusting the mask to obtain the target sub-mask if the number of bits of the target digital information is not equal to the number of bits of the mask comprises:
if the number of bits of the target digital information is smaller than the number of bits of the mask, intercepting the mask according to a preset intercepting rule to obtain the target sub-mask;
and if the digit of the target digital information is greater than the digit of the mask, splicing the mask according to a preset splicing rule to obtain the target sub-mask.
6. The method of encrypting digital information according to claim 1, further comprising:
after receiving the information reading instruction, decrypting the stored encrypted mask according to the private key of the service server to obtain a mask;
and decoding the coded information corresponding to the information reading instruction according to the mask to obtain original information.
7. The method for encrypting digital information according to claim 1, further comprising, after the step of encoding the target digital information according to the mask:
and after the updating indication is obtained, obtaining an updated mask, and encoding the target digital information according to the updated mask.
8. An apparatus for encrypting digital information, comprising:
the acquisition module is used for acquiring a digitally encoded mask, wherein the mask comprises a service server code and digital encoding information of the mask at the associated time;
and the coding module is used for coding the target digital information according to the mask.
9. The apparatus for encrypting digital information according to claim 8, wherein said obtaining module comprises:
the first processing submodule is used for decrypting the stored encrypted mask according to the private key of the service server to obtain the mask; wherein,
the encryption mask is a mask encrypted by using a public key.
10. The apparatus for encrypting digital information according to claim 9, wherein said obtaining module further comprises:
the second processing submodule is used for sending a mask generating request to a mask server and receiving and storing an encrypted mask fed back by the mask server according to the mask generating request; or
And generating a mask according to the self service server code and the digital coding information of the current time, and storing the encrypted mask after encrypting the mask by using a public key.
11. The apparatus for encrypting digital information according to claim 8, wherein said encoding module comprises:
the adjusting submodule is used for adjusting the mask under the condition that the digits of the target digital information are inconsistent with the digits of the mask to obtain a target sub-mask; wherein the number of bits of the target sub-mask is consistent with the number of bits of the target digital information;
and the coding submodule is used for coding the target digital information through the target sub-mask based on a preset coding mode.
12. The apparatus for encrypting digital information according to claim 11, wherein the adjusting sub-module is further configured to:
if the number of bits of the target digital information is smaller than the number of bits of the mask, intercepting the mask according to a preset intercepting rule to obtain the target sub-mask;
and if the digit of the target digital information is greater than the digit of the mask, splicing the mask according to a preset splicing rule to obtain the target sub-mask.
13. The apparatus for encrypting digital information according to claim 8, further comprising:
the first processing module is used for decrypting the stored encrypted mask according to the private key of the service server after receiving the information reading instruction to obtain the mask;
and the second processing module is used for decoding the coded information corresponding to the information reading instruction according to the mask to obtain original information.
14. The apparatus for encrypting digital information according to claim 8, further comprising:
and the updating module is used for acquiring an updated mask after the updating instruction is acquired, and encoding the target digital information according to the updated mask.
15. A traffic server comprising a transceiver, a memory, a processor and a computer program stored on the memory and executable on the processor; characterized in that the processor, when executing the computer program, implements a method for encrypting digital information according to any one of claims 1 to 7.
16. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps in the method of encrypting digital information according to any one of claims 1 to 7.
CN201810826477.3A 2018-07-25 2018-07-25 Encryption method and device for digital information and service server Pending CN110765465A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810826477.3A CN110765465A (en) 2018-07-25 2018-07-25 Encryption method and device for digital information and service server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810826477.3A CN110765465A (en) 2018-07-25 2018-07-25 Encryption method and device for digital information and service server

Publications (1)

Publication Number Publication Date
CN110765465A true CN110765465A (en) 2020-02-07

Family

ID=69328213

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810826477.3A Pending CN110765465A (en) 2018-07-25 2018-07-25 Encryption method and device for digital information and service server

Country Status (1)

Country Link
CN (1) CN110765465A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008102827A (en) * 2006-10-20 2008-05-01 Hitachi Capital Corp System and method for monitoring personal information file
CN103685209A (en) * 2012-09-26 2014-03-26 中国电信股份有限公司 A source-tracing processing method of Internet media files, a server, and a communication system
CN105897417A (en) * 2016-04-01 2016-08-24 广东欧珀移动通信有限公司 Encrypted data input method and encrypted data input device
CN108090364A (en) * 2017-11-29 2018-05-29 链家网(北京)科技有限公司 A kind of localization method and system in data leak source

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008102827A (en) * 2006-10-20 2008-05-01 Hitachi Capital Corp System and method for monitoring personal information file
CN103685209A (en) * 2012-09-26 2014-03-26 中国电信股份有限公司 A source-tracing processing method of Internet media files, a server, and a communication system
CN105897417A (en) * 2016-04-01 2016-08-24 广东欧珀移动通信有限公司 Encrypted data input method and encrypted data input device
CN108090364A (en) * 2017-11-29 2018-05-29 链家网(北京)科技有限公司 A kind of localization method and system in data leak source

Similar Documents

Publication Publication Date Title
US7454021B2 (en) Off-loading data re-encryption in encrypted data management systems
KR100749867B1 (en) System and method for securely installing a cryptographic system on a secure device
US8953808B2 (en) System and method for effectively performing data restore/migration procedures
US8832040B2 (en) Method and apparatus of securely processing data for file backup, de-duplication, and restoration
US9064133B2 (en) Method and apparatus of securely processing data for file backup, de-duplication, and restoration
US8959659B2 (en) Software authorization system and method
CN106415491B (en) Application protection method, server and terminal
US20130230164A1 (en) Method and apparatus of securely processing data for file backup, de-duplication, and restoration
US10887085B2 (en) System and method for controlling usage of cryptographic keys
CN1997953A (en) Method and device for protecting digital content in mobile applications
CN111104691A (en) Sensitive information processing method and device, storage medium and equipment
US10103884B2 (en) Information processing device and information processing method
CN109462475B (en) Data encryption method, data decryption method and related devices
CN100561396C (en) Revise the method for digital rights object and used electronic equipment thereof
CN111666558B (en) Key rotation method, device, computer equipment and storage medium
US7975147B1 (en) Electronic device network supporting enciphering and deciphering and update generation in electronic devices
CN112866216B (en) Method and system for encrypting file
EP2892206B1 (en) System and method for push framework security
KR20030077659A (en) A system for encryption of wireless transmission from personal palm computer to world wide web terminals
CN110765465A (en) Encryption method and device for digital information and service server
CN113810421B (en) PRE (PRE) Internet of things data sharing method and system based on block chain
KR101336069B1 (en) Apparatus and Method for Secure Update for Conditional Access Images
CN113992345A (en) Method and device for encrypting and decrypting webpage sensitive data, electronic equipment and storage medium
CN109933994B (en) Data hierarchical storage method and device and computing equipment
JP2003316652A (en) Data file storage service system and operation control method therefor

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200207

RJ01 Rejection of invention patent application after publication