CN111104691A - Sensitive information processing method and device, storage medium and equipment - Google Patents
Sensitive information processing method and device, storage medium and equipment Download PDFInfo
- Publication number
- CN111104691A CN111104691A CN201911193062.8A CN201911193062A CN111104691A CN 111104691 A CN111104691 A CN 111104691A CN 201911193062 A CN201911193062 A CN 201911193062A CN 111104691 A CN111104691 A CN 111104691A
- Authority
- CN
- China
- Prior art keywords
- service party
- sensitive data
- data
- sensitive
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a method, a device, a storage medium and equipment for processing sensitive information, belongs to the technical field of computers, and solves the problems that multiple business parties need to upgrade encryption rules with a data provider at the same time, the maintenance cost is high, and the leakage source of the sensitive information cannot be tracked. The method comprises the following steps: receiving a data request comprising a service party identifier and requested sensitive data identifier information; extracting sensitive data from a database; encrypting the sensitive data by using a random key corresponding to the service party identifier in the current life cycle, and returning a ciphertext to the service party; when a decryption request containing a service party identifier and a ciphertext is received, extracting a random key corresponding to the service party identifier in the current life cycle; decrypting the ciphertext by using the random key to obtain sensitive data, and storing the service party identification and the sensitive data in an action database in an associated manner; and returning the sensitive data to the service party. The embodiment of the invention is suitable for the processing process of sensitive data.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method, a device, a storage medium and equipment for processing sensitive information.
Background
In the big data era, personal privacy is more and more emphasized, and information leakage is prevented. Companies may also take a series of measures to track data usage and protect sensitive information. In the prior art, a company generally adopts the following technical scheme for processing sensitive information: symmetric encryption techniques are employed to encrypt and decrypt sensitive information. Encryption is performed at the data service provider using a key that is used to decrypt the data service for the business that called the sensitive information. However, this solution has the following disadvantages: (1) business parties need to obtain corresponding decryption algorithms, if a plurality of sets of encryption rules exist, the business parties need to be connected for many times, if the encryption rules or the encrypted keys are adjusted regularly to prevent the encryption rules from being cracked, different business parties need to be upgraded at the same time, and time and labor are consumed; (2) the encrypted keys are respectively stored in the data provider and the service party, so that the risk of key leakage is increased; (3) the data provider can only track the calling condition of the data interface, cannot track the use details of the encrypted data, and cannot acquire the service party used by the sensitive information and the specifically acquired sensitive information.
Disclosure of Invention
The embodiment of the invention aims to provide a method, a device, a storage medium and equipment for processing sensitive information, which solve the problems that a plurality of service parties need to update encryption rules with a data provider at the same time, the maintenance cost is high, and the leakage source of the sensitive information cannot be tracked in the prior art.
In order to achieve the above object, an embodiment of the present invention provides a method for processing sensitive information, including: receiving a data request sent by a service party, wherein the data request comprises a service party identifier and requested sensitive data identifier information; extracting corresponding sensitive data from a database according to the sensitive data identification information of the request; encrypting the sensitive data by using a random key corresponding to the service party identifier in the current life cycle, and returning a ciphertext obtained by encryption to the service party; when a decryption request which is sent by the service party and contains the service party identification and the ciphertext is received, extracting the random key corresponding to the service party identification in the current life cycle; decrypting the ciphertext by using the random key to obtain the sensitive data, and storing the service party identification and the sensitive data in a behavior database in an associated manner; and returning the sensitive data to the service party.
Further, the data request further includes a login password, and before the step of extracting the corresponding sensitive data from the database according to the sensitive data identification information of the request, the method further includes: verifying the validity of the data request of the service party according to the service party identifier and the login password; when the data request of the service party is verified to be legal, the data request is continuously processed; and returning the data request of the service party when the data request is verified to be illegal.
Further, the method further comprises: and after the current life cycle is finished, randomly generating a random key in the next life cycle aiming at the service party identifier.
Further, the step of decrypting the ciphertext with the random key to obtain the sensitive data includes: when the cipher text decryption by using the random key fails, extracting the random key corresponding to the service party identifier in the last life cycle; decrypting the ciphertext with the random key in the last life cycle; when the decryption is successful, obtaining the sensitive data; and when the decryption fails, returning the request failure to the service party.
Further, the method further comprises: when an information leakage query instruction is received, searching a business party identifier associated with the sensitive data to be queried in the behavior database according to the sensitive data to be queried in the instruction.
Correspondingly, an embodiment of the present invention further provides a device for processing sensitive information, including: the system comprises a receiving unit, a sending unit and a receiving unit, wherein the receiving unit is used for receiving a data request sent by a service party, and the data request comprises a service party identifier and requested sensitive data identifier information; the extraction unit is used for extracting corresponding sensitive data from a database according to the sensitive data identification information of the request; the encryption unit is used for encrypting the sensitive data by using a random key corresponding to the service party identifier in the current life cycle; a sending unit, configured to return the encrypted ciphertext to the service party; the receiving unit is further configured to receive a decryption request that includes the service party identifier and the ciphertext and is sent by the service party; the extracting unit is further configured to extract the random key corresponding to the service party identifier in the current life cycle when the receiving unit receives a decryption request that includes the service party identifier and the ciphertext and is sent by the service party; the decryption unit is used for decrypting the ciphertext by using the random key to obtain the sensitive data; the storage unit is used for storing the business party identification and the sensitive data in a behavior database in an associated manner; the sending unit is further configured to return the sensitive data to the service party.
Further, the data request further includes a login password, and the apparatus further includes: the verification unit is used for verifying the validity of the data request of the service party according to the service party identifier and the login password; when the data request of the service party is verified to be legal, the data request is continuously processed; and returning the data request of the service party when the data request is verified to be illegal.
Further, the apparatus further comprises: and the key generation unit is used for randomly generating a random key in the next life cycle aiming at the service party identifier after the current life cycle is finished.
Further, the decryption unit is further configured to, when decryption of the ciphertext by using the random key fails, extract a random key corresponding to the service party identifier in a last life cycle; decrypting the ciphertext with the random key in the last life cycle; when the decryption is successful, obtaining the sensitive data; and when the decryption fails, returning the request failure to the service party.
Further, the receiving unit is further configured to receive an information leakage query instruction; the device further comprises: and the searching unit is used for searching the service party identifier associated with the sensitive data to be inquired in the behavior database according to the sensitive data to be inquired in the instruction when the receiving unit receives the information leakage inquiry instruction.
Correspondingly, the embodiment of the invention also provides equipment, which comprises at least one processor, at least one memory and a bus, wherein the memory and the bus are connected with the processor; the processor and the memory complete mutual communication through the bus; the processor is used for calling the program instructions in the memory to execute the processing method of the sensitive information.
Correspondingly, the embodiment of the present invention further provides a storage medium, where the storage medium includes a stored program, and when the program runs, the device on which the storage medium is located is controlled to execute the processing method of the sensitive information.
According to the technical scheme, the sensitive data are encrypted and decrypted by using the random key corresponding to the business party identification, and the business party requesting to decrypt the sensitive data and the sensitive data are stored, so that the problems that in the prior art, a plurality of business parties need to update encryption rules with a data provider at the same time, the maintenance cost is high, and the sensitive information leakage source cannot be tracked are solved.
Additional features and advantages of embodiments of the invention will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the embodiments of the invention without limiting the embodiments of the invention. In the drawings:
fig. 1 is a schematic flow chart of a method for processing sensitive information according to an embodiment of the present invention;
FIG. 2 is a flow chart illustrating another method for processing sensitive information according to an embodiment of the present invention;
FIG. 3 is a schematic structural diagram of a device for processing sensitive information according to an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of another sensitive information processing apparatus provided in an embodiment of the present invention;
FIG. 5 is a schematic structural diagram of another apparatus for processing sensitive information according to an embodiment of the present invention;
FIG. 6 is a schematic structural diagram of another apparatus for processing sensitive information according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an apparatus according to an embodiment of the present invention.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating embodiments of the invention, are given by way of illustration and explanation only, not limitation.
Fig. 1 is a schematic flowchart of a method for processing sensitive information according to an embodiment of the present invention. As shown in fig. 1, the method comprises the steps of:
102, extracting corresponding sensitive data from a database according to the sensitive data identification information of the request;
103, encrypting the sensitive data by using a random key corresponding to the service party identifier in the current life cycle, and returning a ciphertext obtained by encryption to the service party;
and step 106, returning the sensitive data to the service party.
The executing main body of the embodiment of the invention is a server side for providing basic data service, different business sides request data from the server side, taking a real estate transaction service as an example, the server side provides house source data information, owner information corresponding to the house source data information, buyer information and the like, and the business sides are various service systems, such as a customer source system, a house source system, a broker system and the like.
In the embodiment of the invention, in each life cycle, a corresponding random key is automatically generated for each service party, and after the current life cycle is finished, a random key in the next life cycle is randomly generated for each service party identifier. The life cycle can be set to be one hour or half hour, and the like, and can be determined according to the specific requirements of the server.
When the server side receives a data request sent by a service side, the legality of the data request of the service side is verified according to the service side identification and the login password in the data request, namely whether the service side has the authority of requesting the data in the database is verified. And when the data request of the service party is verified to be legal, the data request is continuously processed, and if the data request of the service party is verified to be illegal, the data request is returned.
And when the data request of the service party is verified to be legal, extracting corresponding sensitive data from a database of a server according to the sensitive data identification information requested in the data request. The sensitive data in the embodiment of the invention can be private data such as identification numbers, addresses, telephones, bank accounts and the like. The sensitive data identification information in the embodiment of the present invention may be a code, an identifier, or other associated information having a corresponding relationship with the sensitive data. The present invention is not particularly limited in the embodiments.
Sensitive data stored in the database are encrypted and protected by a symmetric encryption algorithm, and when the server extracts the sensitive data, the sensitive data are obtained by decryption by using a secret key in the database. And then, encrypting the sensitive data by using a random key corresponding to the service party identifier in the current life cycle, and returning a ciphertext obtained by encryption to the service party. Namely, the sensitive data is obtained by decryption by using a key of a database, and then the sensitive data is encrypted by using a random key corresponding to the service party identifier. Because the ciphertexts of the same sensitive data acquired by each service party are completely different, the problem of data leakage caused by the fact that an encryption algorithm is cracked is solved. And the random keys in different life cycles are different, so that the problem of data leakage caused by the fact that sensitive data requested later can be obtained by breaking the random key in the current life cycle is solved.
In addition, the data request of the service party can obtain the sensitive data and also can obtain the conventional data, and the conventional data can be directly returned to the service party together with the encrypted sensitive data.
After the ciphertext is returned to the service side, if the service side wants to use the sensitive data in the ciphertext, the service side needs to request decryption from a server side. When the server side receives a decryption request which is sent by the service side and contains the service side identification and the ciphertext, the legality of the decryption request of the service side is verified according to the service side identification and the login password in the decryption request, namely whether the service side has the authority of decrypting data in the database is verified. And when the decryption request of the service party is verified to be legal, the decryption request is continuously processed, and if the decryption request of the service party is verified to be illegal, the decryption request is returned. And when the decryption request of the service party is verified to be legal, the server side extracts the random key corresponding to the service party identifier in the current life cycle, and decrypts the ciphertext by using the random key to obtain the sensitive data. The service side extracts the random key corresponding to the service party identifier in the previous life cycle and decrypts the ciphertext by using the random key in the previous life cycle, if decryption is successful, the sensitive data is obtained, and if decryption is failed, the service side returns that the decryption request is failed. After the sensitive data is obtained through decryption, the sensitive data is returned to the service party, and meanwhile, the service party identification and the sensitive data are stored in a behavior database in an associated mode, so that the use condition of sensitive information is tracked, and the investigation and positioning of information leakage are facilitated.
In an implementation manner of the embodiment of the present invention, when an information leakage query instruction is received, sensitive data to be queried in the instruction is extracted, and a service party identifier associated with the sensitive data to be queried is searched in the behavior database, so as to obtain a service party corresponding to a service release identifier that may leak the sensitive data, so as to adjust a random key and an encryption and decryption algorithm corresponding to the service party identifier that may leak the sensitive data to implement timely loss stopping.
To facilitate understanding of the embodiment of the present invention, the following describes the embodiment of the present invention by taking a business party as a house source system as an example, and fig. 2 is a schematic flow chart of a method for processing sensitive information provided by the embodiment of the present invention, as shown in fig. 2, including the following steps:
step 201, a service side sends a data request to a server side, wherein the data request comprises a service side identifier, a login password, requested conventional data and sensitive data identifier information;
step 202, the server side verifies the validity of the data request of the service party according to the service party identification and the login password, when the data request of the service party is verified to be legal, step 203 is executed, and when the data request of the service party is verified to be illegal, step 204 is executed;
step 203, extracting corresponding conventional data and sensitive data from a database according to the identification information of the conventional data and the sensitive data of the request;
step 204, returning the data request;
step 205, encrypting the sensitive data by using a random key corresponding to the service party identifier in the current life cycle, and returning a ciphertext obtained by encryption and the conventional data to the service party;
step 206, the service side sends a decryption request to the server side, wherein the decryption request comprises a service side identifier, a login password and a ciphertext;
step 207, the server side verifies the validity of the data request of the service party according to the service party identifier and the login password, when the decryption request of the service party is verified to be legal, step 208 is executed, and when the decryption request of the service party is verified to be illegal, step 209 is executed;
step 208, extracting the random key corresponding to the service party identifier in the current life cycle, and decrypting the ciphertext by using the random key;
step 209, returning the decryption request;
step 210, when the decryption of the ciphertext by using the random key fails, extracting a random key corresponding to the service party identifier in the last life cycle;
step 211, decrypting the ciphertext by using the random key in the previous life cycle, if the decryption is successful, executing step 212, and if the decryption is failed, executing step 213;
step 212, returning the sensitive data to the service party, and storing the service party identification and the sensitive data in association in a behavior database;
step 213, return request failure to the service party.
According to the embodiment of the invention, the sensitive data is encrypted and decrypted by using the random key corresponding to the service party identification, and the service party requesting to decrypt the sensitive data and the sensitive data are stored, so that the problems that in the prior art, a plurality of service parties need to update the encryption rule with a data provider at the same time, the maintenance cost is high, and the sensitive information leakage source cannot be tracked are solved. In addition, the random key corresponding to each service party identifier is automatically and randomly generated at regular intervals, so that the risk of sensitive data leakage is reduced.
Correspondingly, fig. 3 is a schematic structural diagram of a device for processing sensitive information according to an embodiment of the present invention. As shown in fig. 3, the apparatus 30 includes: a receiving unit 31, configured to receive a data request sent by a service party, where the data request includes a service party identifier and requested sensitive data identifier information; an extracting unit 32, configured to extract corresponding sensitive data from a database according to the requested sensitive data identification information; an encryption unit 33, configured to encrypt the sensitive data by using a random key corresponding to the service party identifier in the current life cycle; a sending unit 34, configured to return the encrypted ciphertext to the service party; the receiving unit is further configured to receive a decryption request that includes the service party identifier and the ciphertext and is sent by the service party; the extracting unit is further configured to extract the random key corresponding to the service party identifier in the current life cycle when the receiving unit receives a decryption request that includes the service party identifier and the ciphertext and is sent by the service party; the decryption unit 35 is configured to decrypt the ciphertext with the random key to obtain the sensitive data; a storage unit 36, configured to store the service party identifier in association with the sensitive data in a behavior database; the sending unit is further configured to return the sensitive data to the service party.
Further, the data request further includes a login password, as shown in fig. 4, the apparatus further includes: the verifying unit 37 is configured to verify the validity of the data request of the service party according to the service party identifier and the login password; when the data request of the service party is verified to be legal, the data request is continuously processed; and returning the data request of the service party when the data request is verified to be illegal.
Further, as shown in fig. 5, the apparatus further includes: and a key generating unit 38, configured to randomly generate a random key in a next life cycle for the service party identifier after the current life cycle is ended.
Further, the decryption unit is further configured to, when decryption of the ciphertext by using the random key fails, extract a random key corresponding to the service party identifier in a last life cycle; decrypting the ciphertext with the random key in the last life cycle; when the decryption is successful, obtaining the sensitive data; and when the decryption fails, returning the request failure to the service party.
Further, the receiving unit is further configured to receive an information leakage query instruction; as shown in fig. 6, the apparatus further includes: and the searching unit 39 is configured to, when the receiving unit receives an information leakage query instruction, search, according to the sensitive data to be queried in the instruction, a service party identifier associated with the sensitive data to be queried in the behavior database.
The operation process of the device refers to the implementation process of the processing method of the sensitive information.
Correspondingly, fig. 7 is a schematic structural diagram of an apparatus according to an embodiment of the present invention, and as shown in fig. 7, the apparatus 70 includes at least one processor 71, at least one memory 72 connected to the processor, and a bus 73; the processor and the memory complete mutual communication through the bus; the processor is used for calling the program instructions in the memory to execute the processing method of the sensitive information according to the embodiment.
Correspondingly, the embodiment of the present invention further provides a storage medium, where the storage medium includes a stored program, and when the program runs, the device on which the storage medium is located is controlled to execute the processing method of the sensitive information according to the embodiment.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
The above-described embodiments of the electronic device and the like are merely illustrative, where the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may also be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing an electronic device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A method for processing sensitive information, comprising:
receiving a data request sent by a service party, wherein the data request comprises a service party identifier and requested sensitive data identifier information;
extracting corresponding sensitive data from a database according to the sensitive data identification information of the request;
encrypting the sensitive data by using a random key corresponding to the service party identifier in the current life cycle, and returning a ciphertext obtained by encryption to the service party;
when a decryption request which is sent by the service party and contains the service party identification and the ciphertext is received, extracting the random key corresponding to the service party identification in the current life cycle;
decrypting the ciphertext by using the random key to obtain the sensitive data, and storing the service party identification and the sensitive data in a behavior database in an associated manner;
and returning the sensitive data to the service party.
2. The method for processing sensitive information according to claim 1, wherein the data request further includes a login password, and before the step of extracting the corresponding sensitive data from the database according to the sensitive data identification information of the request, the method further includes:
verifying the validity of the data request of the service party according to the service party identifier and the login password;
when the data request of the service party is verified to be legal, the data request is continuously processed;
and returning the data request of the service party when the data request is verified to be illegal.
3. The method of processing sensitive information according to claim 1, further comprising:
and after the current life cycle is finished, randomly generating a random key in the next life cycle aiming at the service party identifier.
4. The method for processing sensitive information according to claim 1, wherein the step of decrypting the ciphertext using the random key to obtain the sensitive data comprises:
when the cipher text decryption by using the random key fails, extracting the random key corresponding to the service party identifier in the last life cycle;
decrypting the ciphertext with the random key in the last life cycle;
when the decryption is successful, obtaining the sensitive data;
and when the decryption fails, returning the request failure to the service party.
5. The method of processing sensitive information according to claim 1, further comprising:
when an information leakage query instruction is received, searching a business party identifier associated with the sensitive data to be queried in the behavior database according to the sensitive data to be queried in the instruction.
6. An apparatus for processing sensitive information, comprising:
the system comprises a receiving unit, a sending unit and a receiving unit, wherein the receiving unit is used for receiving a data request sent by a service party, and the data request comprises a service party identifier and requested sensitive data identifier information;
the extraction unit is used for extracting corresponding sensitive data from a database according to the sensitive data identification information of the request;
the encryption unit is used for encrypting the sensitive data by using a random key corresponding to the service party identifier in the current life cycle;
a sending unit, configured to return the encrypted ciphertext to the service party;
the receiving unit is further configured to receive a decryption request that includes the service party identifier and the ciphertext and is sent by the service party;
the extracting unit is further configured to extract the random key corresponding to the service party identifier in the current life cycle when the receiving unit receives a decryption request that includes the service party identifier and the ciphertext and is sent by the service party;
the decryption unit is used for decrypting the ciphertext by using the random key to obtain the sensitive data;
the storage unit is used for storing the business party identification and the sensitive data in a behavior database in an associated manner;
the sending unit is further configured to return the sensitive data to the service party.
7. The apparatus for processing sensitive information according to claim 1, wherein the decryption unit is further configured to extract a random key corresponding to the service party identifier in a last life cycle when decryption of the ciphertext using the random key fails; decrypting the ciphertext with the random key in the last life cycle; when the decryption is successful, obtaining the sensitive data; and when the decryption fails, returning the request failure to the service party.
8. The sensitive information processing apparatus according to claim 1,
the receiving unit is also used for receiving an information leakage inquiry instruction;
the device further comprises: and the searching unit is used for searching the service party identifier associated with the sensitive data to be inquired in the behavior database according to the sensitive data to be inquired in the instruction when the receiving unit receives the information leakage inquiry instruction.
9. A storage medium, characterized in that the storage medium comprises a stored program, wherein when the program runs, a device where the storage medium is located is controlled to execute the processing method of the sensitive information according to any one of claims 1-5.
10. An apparatus comprising at least one processor, and at least one memory, bus connected to the processor; the processor and the memory complete mutual communication through the bus; the processor is used for calling the program instructions in the memory to execute the processing method of the sensitive information in any one of the claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911193062.8A CN111104691A (en) | 2019-11-28 | 2019-11-28 | Sensitive information processing method and device, storage medium and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911193062.8A CN111104691A (en) | 2019-11-28 | 2019-11-28 | Sensitive information processing method and device, storage medium and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111104691A true CN111104691A (en) | 2020-05-05 |
Family
ID=70421317
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911193062.8A Pending CN111104691A (en) | 2019-11-28 | 2019-11-28 | Sensitive information processing method and device, storage medium and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111104691A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111756522A (en) * | 2020-06-28 | 2020-10-09 | 中国平安财产保险股份有限公司 | Data processing method and system |
| CN112054893A (en) * | 2020-08-06 | 2020-12-08 | 中信银行股份有限公司 | Sensitive information encryption method and system under micro-service framework |
| CN112597481A (en) * | 2020-12-29 | 2021-04-02 | 平安银行股份有限公司 | Sensitive data access method and device, computer equipment and storage medium |
| CN113779598A (en) * | 2021-08-27 | 2021-12-10 | 北京达佳互联信息技术有限公司 | Data processing method, device, server and storage medium |
| CN113849847A (en) * | 2021-12-01 | 2021-12-28 | 北京欧应信息技术有限公司 | Method, apparatus and medium for encrypting and decrypting sensitive data |
| CN113992345A (en) * | 2021-09-13 | 2022-01-28 | 百度在线网络技术(北京)有限公司 | Method and device for encrypting and decrypting webpage sensitive data, electronic equipment and storage medium |
| CN114629644A (en) * | 2022-03-29 | 2022-06-14 | 贝壳找房网(北京)信息技术有限公司 | Data encryption method, storage medium, computer program product and electronic device |
| CN115801453A (en) * | 2023-01-30 | 2023-03-14 | 北京大数元科技发展有限公司 | System for security query of sensitive data internet |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105706104A (en) * | 2013-11-13 | 2016-06-22 | 格马尔托股份有限公司 | Method to protect a set of sensitive data associated to public data in a secured container |
| US20170338950A1 (en) * | 2014-10-21 | 2017-11-23 | Zte Corporation | Method, terminal, and network server for information encryption and decryption and key management |
| CN109388642A (en) * | 2018-10-23 | 2019-02-26 | 北京计算机技术及应用研究所 | Sensitive data based on label tracks source tracing method |
| CN109670332A (en) * | 2017-10-13 | 2019-04-23 | 哈尔滨安天科技股份有限公司 | Using data guard method, device and its equipment |
| CN109728902A (en) * | 2018-06-01 | 2019-05-07 | 平安科技(深圳)有限公司 | Key management method, equipment, storage medium and device |
-
2019
- 2019-11-28 CN CN201911193062.8A patent/CN111104691A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105706104A (en) * | 2013-11-13 | 2016-06-22 | 格马尔托股份有限公司 | Method to protect a set of sensitive data associated to public data in a secured container |
| US20170338950A1 (en) * | 2014-10-21 | 2017-11-23 | Zte Corporation | Method, terminal, and network server for information encryption and decryption and key management |
| CN109670332A (en) * | 2017-10-13 | 2019-04-23 | 哈尔滨安天科技股份有限公司 | Using data guard method, device and its equipment |
| CN109728902A (en) * | 2018-06-01 | 2019-05-07 | 平安科技(深圳)有限公司 | Key management method, equipment, storage medium and device |
| CN109388642A (en) * | 2018-10-23 | 2019-02-26 | 北京计算机技术及应用研究所 | Sensitive data based on label tracks source tracing method |
Non-Patent Citations (1)
| Title |
|---|
| 冯晓玲: "《电子商务安全》", 31 March 2008 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111756522A (en) * | 2020-06-28 | 2020-10-09 | 中国平安财产保险股份有限公司 | Data processing method and system |
| CN112054893A (en) * | 2020-08-06 | 2020-12-08 | 中信银行股份有限公司 | Sensitive information encryption method and system under micro-service framework |
| CN112054893B (en) * | 2020-08-06 | 2022-10-25 | 中信银行股份有限公司 | Sensitive information encryption method and system under micro-service framework |
| CN112597481A (en) * | 2020-12-29 | 2021-04-02 | 平安银行股份有限公司 | Sensitive data access method and device, computer equipment and storage medium |
| CN113779598A (en) * | 2021-08-27 | 2021-12-10 | 北京达佳互联信息技术有限公司 | Data processing method, device, server and storage medium |
| CN113992345A (en) * | 2021-09-13 | 2022-01-28 | 百度在线网络技术(北京)有限公司 | Method and device for encrypting and decrypting webpage sensitive data, electronic equipment and storage medium |
| CN113992345B (en) * | 2021-09-13 | 2024-05-28 | 百度在线网络技术(北京)有限公司 | Webpage sensitive data encryption and decryption method and device, electronic equipment and storage medium |
| CN113849847A (en) * | 2021-12-01 | 2021-12-28 | 北京欧应信息技术有限公司 | Method, apparatus and medium for encrypting and decrypting sensitive data |
| CN114629644A (en) * | 2022-03-29 | 2022-06-14 | 贝壳找房网(北京)信息技术有限公司 | Data encryption method, storage medium, computer program product and electronic device |
| CN115801453A (en) * | 2023-01-30 | 2023-03-14 | 北京大数元科技发展有限公司 | System for security query of sensitive data internet |
| CN115801453B (en) * | 2023-01-30 | 2023-05-02 | 北京大数元科技发展有限公司 | System for sensitive data internet security inquiry |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111104691A (en) | Sensitive information processing method and device, storage medium and equipment | |
| CN110324143B (en) | Data transmission method, electronic device and storage medium | |
| CN103138939B (en) | Based on the key access times management method of credible platform module under cloud memory module | |
| KR101371608B1 (en) | Database Management System and Encrypting Method thereof | |
| US10250613B2 (en) | Data access method based on cloud computing platform, and user terminal | |
| US11240008B2 (en) | Key management method, security chip, service server and information system | |
| CN103457733A (en) | Data sharing method and system under cloud computing environment | |
| CN111723385B (en) | Data information processing method, device, electronic equipment and storage medium | |
| CN108810017B (en) | Service processing security verification method and device | |
| CN108270739B (en) | Method and device for managing encryption information | |
| CN107040520B (en) | Cloud computing data sharing system and method | |
| WO2020114377A1 (en) | Secure distributed key management system | |
| CN104995632A (en) | A privacy-preserving database system | |
| KR20150045790A (en) | Method and Apparatus for authenticating and managing an application using trusted platform module | |
| KR20130118951A (en) | Secure management and personalization of unique code signing keys | |
| CN111917711B (en) | Data access method and device, computer equipment and storage medium | |
| CN113726515B (en) | UKEY-based key processing method, storage medium and electronic device | |
| CN111338841A (en) | Data processing method, device, equipment and storage medium | |
| CN110232570B (en) | Information supervision method and device | |
| CN112865965A (en) | Train service data processing method and system based on quantum key | |
| CN100561913C (en) | A kind of method of access code equipment | |
| CN113342802A (en) | Method and device for storing block chain data | |
| CN105100030B (en) | Access control method, system and device | |
| CN114095165B (en) | Key updating method, server device, client device and storage medium | |
| WO2018043466A1 (en) | Data extraction system, data extraction method, registration device, and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200505 |