CN111245811A - Information encryption method and device and electronic equipment - Google Patents

Information encryption method and device and electronic equipment Download PDF

Info

Publication number
CN111245811A
CN111245811A CN202010012999.7A CN202010012999A CN111245811A CN 111245811 A CN111245811 A CN 111245811A CN 202010012999 A CN202010012999 A CN 202010012999A CN 111245811 A CN111245811 A CN 111245811A
Authority
CN
China
Prior art keywords
encryption
information
target
target type
target information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010012999.7A
Other languages
Chinese (zh)
Inventor
赵鹏昕
陈韬
郝拯华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing ByteDance Network Technology Co Ltd
Original Assignee
Beijing ByteDance Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing ByteDance Network Technology Co Ltd filed Critical Beijing ByteDance Network Technology Co Ltd
Priority to CN202010012999.7A priority Critical patent/CN111245811A/en
Publication of CN111245811A publication Critical patent/CN111245811A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiment of the disclosure provides an information encryption method, an information encryption device and electronic equipment, and belongs to the technical field of computer application. The method comprises the following steps: determining a target type of target information to be encrypted; selecting an encryption scheme corresponding to the target type; and executing an encryption scheme corresponding to the target type on the target information. By the scheme, the problem of balance between the complexity of an encryption technology and the reliability in logic in business logic is effectively solved. Data needing different levels of protection are distributed with different levels of encryption technologies, so that the system can run efficiently on the premise of ensuring the safety of user information, and the applicability and the encryption effect of different types of encrypted data are improved.

Description

Information encryption method and device and electronic equipment
Technical Field
The present disclosure relates to the field of computer application technologies, and in particular, to an information encryption method and apparatus, and an electronic device.
Background
With the development of computer application technology, the interaction between the terminal and the service system constitutes a major network. The service system carries access requests of tens of thousands of terminals, and the encryption transmission of user information in the access request process influences the overall interactive security. The existing encryption scheme provides an inherent encryption scheme, the same encryption scheme is adopted for all interactive data, and the applicability and the encryption effect of the encryption scheme are poor.
Therefore, an efficient and comprehensive encryption scheme for service system users is needed in the prior art.
Disclosure of Invention
In view of the above, the embodiments of the present disclosure provide an information encryption method, which at least partially solves the problems in the prior art.
In a first aspect, an embodiment of the present disclosure provides an information encryption method, including:
determining a target type of target information to be encrypted;
selecting an encryption scheme corresponding to the target type;
and executing an encryption scheme corresponding to the target type on the target information.
According to a specific implementation manner of the embodiment of the present disclosure, the target type is any one of the following types:
a symmetric encrypted key;
authority verification data;
sensitive data that needs to be located;
sensitive data of the query does not need to be indexed;
sensitive data of the query needs to be indexed.
The target type is a symmetric encrypted key;
the step of executing an encryption scheme corresponding to the target type on the target information includes:
and encrypting and transmitting the target information by adopting an asymmetric encryption algorithm.
According to a specific implementation manner of the embodiment of the disclosure, the target type is permission verification data;
the step of executing an encryption scheme corresponding to the target type on the target information includes:
and carrying out encryption transmission on the target information by utilizing a secure hash algorithm.
According to a specific implementation manner of the embodiment of the disclosure, the target type is sensitive data needing positioning;
the step of executing an encryption scheme corresponding to the target type on the target information includes:
and encrypting and transmitting the target information by adopting a fixed symmetric encryption algorithm.
According to a specific implementation manner of the embodiment of the disclosure, the target type is sensitive data which does not need index query;
the step of executing an encryption scheme corresponding to the target type on the target information includes:
and encrypting and transmitting the target information by adopting a dynamic symmetric encryption algorithm.
According to a specific implementation manner of the embodiment of the disclosure, the target type is sensitive data which needs to be indexed and queried;
the step of executing an encryption scheme corresponding to the target type on the target information includes:
and encrypting and transmitting the target information by adopting a mode of combining a random symmetric encryption algorithm and a Hash algorithm.
According to a specific implementation manner of the embodiment of the present disclosure, the step of performing encryption transmission on the target information in a manner of combining a random symmetric encryption algorithm and a hash algorithm includes:
accessing a key management service platform;
receiving an advanced encryption standard key which is issued after the key management service platform verifies that the access is passed and is subjected to asymmetric encryption processing;
and decrypting to obtain the advanced encryption standard key, encrypting the target information by using the advanced encryption standard key, performing hash processing on the target information, and correspondingly storing the obtained hash value and the encrypted target information in a database.
According to a specific implementation manner of the embodiment of the disclosure, the information encryption method is applied to an open account service system, and the target information is user information for logging in the open account service system;
the user information comprises a unique identification code, address information or a contact way of the user.
In a second aspect, an embodiment of the present disclosure provides an information encryption apparatus, including:
the determining module is used for determining the target type of the target information to be encrypted;
a selection module for selecting an encryption scheme corresponding to the target type;
and the execution module is used for executing an encryption scheme corresponding to the target type on the target information.
According to a specific implementation manner of the embodiment of the present disclosure, the target type is any one of the following types:
a symmetric encrypted key;
authority verification data;
sensitive data that needs to be located;
sensitive data of the query does not need to be indexed;
sensitive data of the query needs to be indexed.
In a third aspect, an embodiment of the present disclosure further provides an electronic device, where the electronic device includes:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of encrypting information in the first aspect or any implementation manner of the first aspect.
In a fourth aspect, the disclosed embodiments also provide a non-transitory computer-readable storage medium storing computer instructions for causing a computer to execute the information encryption method in the first aspect or any implementation manner of the first aspect.
In a fifth aspect, the disclosed embodiments also provide a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions that, when executed by a computer, cause the computer to perform the information encryption method in the first aspect or any implementation manner of the first aspect.
The information encryption scheme in the embodiment of the disclosure includes: determining a target type of target information to be encrypted; selecting an encryption scheme corresponding to the target type; and executing an encryption scheme corresponding to the target type on the target information. By the scheme, the applicability and the encryption effect for different types of encrypted data are improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings needed to be used in the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present disclosure, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of an information encryption method according to an embodiment of the present disclosure;
fig. 2 is a partial schematic flow chart of an information encryption method according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an information encryption apparatus according to an embodiment of the present disclosure;
fig. 4 is a schematic partial structural diagram of an information encryption apparatus provided in an embodiment of the present disclosure;
fig. 5 is a schematic view of an electronic device provided in an embodiment of the present disclosure.
Detailed Description
The embodiments of the present disclosure are described in detail below with reference to the accompanying drawings.
The embodiments of the present disclosure are described below with specific examples, and other advantages and effects of the present disclosure will be readily apparent to those skilled in the art from the disclosure in the specification. It is to be understood that the described embodiments are merely illustrative of some, and not restrictive, of the embodiments of the disclosure. The disclosure may be embodied or carried out in various other specific embodiments, and various modifications and changes may be made in the details within the description without departing from the spirit of the disclosure. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
It is noted that various aspects of the embodiments are described below within the scope of the appended claims. It should be apparent that the aspects described herein may be embodied in a wide variety of forms and that any specific structure and/or function described herein is merely illustrative. Based on the disclosure, one skilled in the art should appreciate that one aspect described herein may be implemented independently of any other aspects and that two or more of these aspects may be combined in various ways. For example, an apparatus may be implemented and/or a method practiced using any number of the aspects set forth herein. Additionally, such an apparatus may be implemented and/or such a method may be practiced using other structure and/or functionality in addition to one or more of the aspects set forth herein.
It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present disclosure, and the drawings only show the components related to the present disclosure rather than the number, shape and size of the components in actual implementation, and the type, amount and ratio of the components in actual implementation may be changed arbitrarily, and the layout of the components may be more complicated.
In addition, in the following description, specific details are provided to facilitate a thorough understanding of the examples. However, it will be understood by those skilled in the art that the aspects may be practiced without these specific details.
The embodiment of the disclosure provides an information encryption method. The information encryption method provided by the present embodiment may be executed by a computing apparatus, which may be implemented as software or as a combination of software and hardware, and may be integrally provided in a server, a terminal device, or the like.
Referring to fig. 1, an information encryption method provided in an embodiment of the present disclosure includes:
s101, determining a target type of target information to be encrypted;
the information encryption method provided by the embodiment is used for encrypting the information of the user so as to ensure the information security of the user. Based on the specificity of the service, the basic information of the user needs to be recorded, which includes some sensitive information of the user, such as a mobile phone number, a birthday, and the like. The system needs to encrypt in different levels according to different encryption requirements. Optionally, the information encryption method is applied to an open account service system, and the target information is user information for logging in the open account service system;
the user information comprises a unique identification code, address information or a contact way of the user.
The information is classified according to the attribute of the information, the encryption grades corresponding to different types of encryption information are different, and the encryption schemes corresponding to different types of information are different. The method comprises the steps of defining information to be encrypted as target information, and determining a target type corresponding to the target information before encrypting the target information.
S102, selecting an encryption scheme corresponding to the target type;
specifically, the target type may be any one of the following types:
a symmetric encrypted key;
authority verification data;
sensitive data that needs to be located;
sensitive data of the query does not need to be indexed;
sensitive data of the query needs to be indexed.
The electronic equipment is pre-configured with an encryption scheme corresponding to each type of information, and after the target type corresponding to the target information to be encrypted is determined, the encryption scheme corresponding to the target type can be selected.
S103, executing an encryption scheme corresponding to the target type on the target information.
The encryption scheme corresponding to the target type of the target information is determined, i.e. the target information can be encrypted using the selected encryption scheme.
The process of information encryption will be explained in detail below in connection with different types of target information.
According to a specific implementation manner of the embodiment of the present disclosure, the target type is a symmetric encryption key;
the step of executing an encryption scheme corresponding to the target type on the target information includes:
and encrypting and transmitting the target information by adopting an asymmetric encryption algorithm (RSA).
In this embodiment, the "sealed and protected key" is directly transmitted in the insecure communication process such as transmission and storage by using envelope encryption. When the symmetric key is to be used, the envelope is opened to retrieve the key. The encryption technology can adopt RSA asymmetric encryption technology, and the protected object is a symmetric encryption key.
According to another specific implementation manner of the embodiment of the disclosure, the target type is permission verification data;
the step of executing an encryption scheme corresponding to the target type on the target information includes:
and carrying out encryption transmission on the target information by using a Secure Hash Algorithm (SHA for short).
The embodiment aims at the conditions that in the website operation process, a malicious user can carry out malicious attack on the server and steal information of other users. In the service calling process, security check is required to be performed on user behavior, a Token is often added into a request header, and the Token is often used for performing request check in a ciphertext form. For example, the request performs some kind of hash processing on the name of the user in the API layer, and transmits the hash processing to the server, and the server compares the Token field in the request with the name of the user subjected to the same hash processing in the database while taking the plaintext request. And only the user information on the match can be returned, so that other users are effectively protected from being leaked. The Token does not need to reproduce plaintext, and can ensure information safety after hash processing.
According to a specific implementation manner of the embodiment of the disclosure, the target type is sensitive data needing positioning;
the step of executing an encryption scheme corresponding to the target type on the target information includes:
and encrypting and transmitting the target information by adopting a fixed symmetric encryption algorithm.
In the embodiment, sensitive data of partial types does not need to be encrypted and stored, and information which needs to be searched, such as a unique identification code of a user, is also needed. The data generally has no readability to the outside, and a fixed symmetric encryption technology can be adopted. When the user identification code needs to be searched in the database, only the plain text needs to be encrypted by using the same Advanced Encryption Standard (AES) key, and then the plain text is subjected to matching query in the database. Therefore, only single encryption and decryption are needed in data storage and logic judgment, and the processing efficiency in the process can be ensured.
According to a specific implementation manner of the embodiment of the disclosure, the target type is sensitive data which does not need index query;
the step of executing an encryption scheme corresponding to the target type on the target information includes:
and encrypting and transmitting the target information by adopting a dynamic symmetric encryption algorithm.
Data that does not need to be retrieved but needs to be encrypted, such as the address of the user, is addressed. The encryption adopts a dynamic symmetric encryption technology for plaintext, namely, the situation of one-time pad is generated, namely, the situation that the same plaintext is encrypted and then the result is different. This ensures that even if some encrypted information is broken, other information can be in a secure state.
According to a specific implementation manner of the embodiment of the disclosure, the target type is sensitive data which needs to be indexed and queried;
the step of executing an encryption scheme corresponding to the target type on the target information includes:
and encrypting and transmitting the target information by adopting a mode of combining a random symmetric encryption algorithm and a Hash algorithm.
Further, as shown in fig. 2, the step of performing encryption transmission on the target information by using a combination of a random symmetric encryption algorithm and a hash algorithm may further include:
s201, accessing a Key Management Service (KMS);
s202, receiving an advanced encryption standard key which is issued after the key management service platform verifies that the access is passed and is subjected to asymmetric encryption processing;
s203, the advanced encryption standard key is obtained through decryption, the target information is encrypted through the advanced encryption standard key, the target information is subjected to hash processing, and the obtained hash value and the encrypted target information are correspondingly stored in a database.
Firstly, for obtaining an AES key, an open account service system accesses a KMS service platform, the KMS service platform performs access verification in a Token or white list IP mode, the AES key after RSA encryption is issued after verification is passed, and the service decrypts the AES key after taking the encryption key and takes the AES plaintext key. The account service encrypts and stores the mobile phone number of the user by using an AES encryption method, wherein the encryption mode is an encryption mechanism of GCM + random number IV, and the random number IV used can cause the condition of one-time pad, namely the same ciphertext encryption results are different. However, since the service also needs to provide a request for inquiring user information according to the mobile phone number, the mobile phone number needs to be hashed, and the processed hash value is stored in the database. The mobile phone number identification method can ensure that the same mobile phone number obtains the same hash value through the hash algorithm with high probability, the hash value is stored in a database, a corresponding index is established, relevant data can be taken according to the index, data comparison is carried out on the mobile phone number corresponding to the mobile phone number through decryption operation, and the correctness of the taken user information can be ensured.
The information encryption method provided by the embodiment of the invention adopts the key management service based on the envelope encryption technology, and realizes the encryption technologies of different levels aiming at the sensitive data of different levels so as to ensure the protection of the sensitive data of the user. The problem of balance between the complexity of the encryption technology and the reliability of the logic in the service logic is effectively solved. Data needing different levels of protection are distributed with different levels of encryption technologies, so that the system can run efficiently on the premise of ensuring the information security of users.
Corresponding to the above method embodiment, referring to fig. 3, an embodiment of the present disclosure further provides an information encryption apparatus, including:
a determining module 301, configured to determine a target type of target information to be encrypted;
a selecting module 302, configured to select an encryption scheme corresponding to the target type;
an executing module 303, configured to execute an encryption scheme corresponding to the target type on the target information.
Optionally, the target type is any one of the following:
a symmetric encrypted key;
authority verification data;
sensitive data that needs to be located;
sensitive data of the query does not need to be indexed;
sensitive data of the query needs to be indexed.
Optionally, as shown in fig. 4, the executing module 303 specifically includes:
an access submodule 3031, configured to access a Key Management Service (KMS);
a receiving submodule 3032, configured to receive an advanced encryption standard key issued after the key management service platform verifies that the access is passed and is subjected to asymmetric encryption processing;
the processing submodule 3033 is configured to decrypt the high-level encryption standard key to obtain the high-level encryption standard key, encrypt the target information by using the high-level encryption standard key, perform hash processing on the target information, and store an obtained hash value and the encrypted target information in a database in a corresponding manner.
The apparatus shown in fig. 3 and fig. 4 may correspondingly execute the content in the above method embodiment, and details of the part not described in detail in this embodiment refer to the content described in the above method embodiment, which is not described again here.
Referring to fig. 5, an embodiment of the present disclosure also provides an electronic device 50, including:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of encrypting information in the above method embodiments.
The disclosed embodiments also provide a non-transitory computer-readable storage medium storing computer instructions for causing the computer to execute the information encryption method in the aforementioned method embodiments.
The disclosed embodiments also provide a computer program product comprising a computer program stored on a non-transitory computer-readable storage medium, the computer program comprising program instructions that, when executed by a computer, cause the computer to perform the information encryption method in the aforementioned method embodiments.
Referring now to FIG. 5, a schematic diagram of an electronic device 50 suitable for use in implementing embodiments of the present disclosure is shown. The electronic devices in the embodiments of the present disclosure may include, but are not limited to, mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), in-vehicle terminals (e.g., car navigation terminals), and the like, and fixed terminals such as digital TVs, desktop computers, and the like. The electronic device shown in fig. 5 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 5, electronic device 50 may include a processing means (e.g., central processing unit, graphics processor, etc.) 501 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)502 or a program loaded from a storage means 508 into a Random Access Memory (RAM) 503. In the RAM 503, various programs and data necessary for the operation of the electronic apparatus 50 are also stored. The processing device 501, the ROM 502, and the RAM 503 are connected to each other through a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
Generally, the following devices may be connected to the I/O interface 505: input devices 506 including, for example, a touch screen, touch pad, keyboard, mouse, image sensor, microphone, accelerometer, gyroscope, etc.; output devices 507 including, for example, a Liquid Crystal Display (LCD), speakers, vibrators, and the like; storage devices 508 including, for example, magnetic tape, hard disk, etc.; and a communication device 509. The communication means 509 may allow the electronic device 50 to communicate with other devices wirelessly or by wire to exchange data. While the figures illustrate an electronic device 50 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication means 509, or installed from the storage means 508, or installed from the ROM 502. The computer program performs the above-described functions defined in the methods of the embodiments of the present disclosure when executed by the processing device 501.
It should be noted that the computer readable medium in the present disclosure can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, enable the electronic device to implement the schemes provided by the method embodiments.
Alternatively, the computer readable medium carries one or more programs, which when executed by the electronic device, enable the electronic device to implement the schemes provided by the method embodiments.
Computer program code for carrying out operations for aspects of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software or hardware. Where the name of a unit does not in some cases constitute a limitation of the unit itself, for example, the first retrieving unit may also be described as a "unit for retrieving at least two internet protocol addresses".
It should be understood that portions of the present disclosure may be implemented in hardware, software, firmware, or a combination thereof.
The above description is only for the specific embodiments of the present disclosure, but the scope of the present disclosure is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present disclosure should be covered within the scope of the present disclosure. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.

Claims (13)

1. An information encryption method, comprising:
determining a target type of target information to be encrypted;
selecting an encryption scheme corresponding to the target type;
and executing an encryption scheme corresponding to the target type on the target information.
2. The method of claim 1, wherein the target type is any one of:
a symmetric encrypted key;
authority verification data;
sensitive data that needs to be located;
sensitive data of the query does not need to be indexed;
sensitive data of the query needs to be indexed.
3. The method of claim 2, wherein the target type is a symmetric encrypted key;
the step of executing an encryption scheme corresponding to the target type on the target information includes:
and encrypting and transmitting the target information by adopting an asymmetric encryption algorithm.
4. The method of claim 2, wherein the target type is rights checking data;
the step of executing an encryption scheme corresponding to the target type on the target information includes:
and carrying out encryption transmission on the target information by utilizing a secure hash algorithm.
5. The method of claim 2, wherein the target type is sensitive data that needs to be located;
the step of executing an encryption scheme corresponding to the target type on the target information includes:
and encrypting and transmitting the target information by adopting a fixed symmetric encryption algorithm.
6. The method of claim 2, wherein the target type is sensitive data that does not require an index query;
the step of executing an encryption scheme corresponding to the target type on the target information includes:
and encrypting and transmitting the target information by adopting a dynamic symmetric encryption algorithm.
7. The method of claim 2, wherein the target type is sensitive data requiring an index query;
the step of executing an encryption scheme corresponding to the target type on the target information includes:
and encrypting and transmitting the target information by adopting a mode of combining a random symmetric encryption algorithm and a Hash algorithm.
8. The method according to claim 7, wherein the step of performing encrypted transmission on the target information by using a combination of a random symmetric encryption algorithm and a hash algorithm comprises:
accessing a key management service platform;
receiving an advanced encryption standard key which is issued after the key management service platform verifies that the access is passed and is subjected to asymmetric encryption processing;
and decrypting to obtain the advanced encryption standard key, encrypting the target information by using the advanced encryption standard key, performing hash processing on the target information, and correspondingly storing the obtained hash value and the encrypted target information in a database.
9. The method according to any one of claims 1 to 8, wherein the information encryption method is applied to an open account service system, and the target information is user information logged in the open account service system;
the user information comprises a unique identification code, address information or a contact way of the user.
10. An information encryption apparatus, comprising:
the determining module is used for determining the target type of the target information to be encrypted;
a selection module for selecting an encryption scheme corresponding to the target type;
and the execution module is used for executing an encryption scheme corresponding to the target type on the target information.
11. The apparatus of claim 10, wherein the target type is any one of:
a symmetric encrypted key;
authority verification data;
sensitive data that needs to be located;
sensitive data of the query does not need to be indexed;
sensitive data of the query needs to be indexed.
12. An electronic device, characterized in that the electronic device comprises:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the information encryption method of any one of the preceding claims 1-9.
13. A non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform the information encryption method of any one of the preceding claims 1-9.
CN202010012999.7A 2020-01-07 2020-01-07 Information encryption method and device and electronic equipment Pending CN111245811A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010012999.7A CN111245811A (en) 2020-01-07 2020-01-07 Information encryption method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010012999.7A CN111245811A (en) 2020-01-07 2020-01-07 Information encryption method and device and electronic equipment

Publications (1)

Publication Number Publication Date
CN111245811A true CN111245811A (en) 2020-06-05

Family

ID=70872302

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010012999.7A Pending CN111245811A (en) 2020-01-07 2020-01-07 Information encryption method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN111245811A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112564889A (en) * 2020-12-04 2021-03-26 深圳市安室智能有限公司 Data encryption transmission method and related product
CN112866226A (en) * 2021-01-12 2021-05-28 中国工商银行股份有限公司 Network security protection method and device
CN112989389A (en) * 2021-04-09 2021-06-18 国网陕西省电力公司电力科学研究院 Data security protection method and system
CN114666048A (en) * 2022-03-23 2022-06-24 成都商汤科技有限公司 Data processing method and device, electronic equipment and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101989984A (en) * 2010-08-24 2011-03-23 北京易恒信认证科技有限公司 Electronic document safe sharing system and method thereof
CN105119928A (en) * 2015-09-07 2015-12-02 百度在线网络技术(北京)有限公司 Data transmission method, device and system for Android intelligent terminal
CN106295367A (en) * 2016-08-15 2017-01-04 北京奇虎科技有限公司 Data ciphering method and device
CN107292183A (en) * 2017-06-29 2017-10-24 国信优易数据有限公司 A kind of data processing method and equipment
US10075469B1 (en) * 2015-08-31 2018-09-11 Amazon Technologies, Inc. Assured encrypted delivery
CN109614809A (en) * 2018-12-13 2019-04-12 税友软件集团股份有限公司 A kind of electronic bill information ciphering method, device and computer readable storage medium
CN110176986A (en) * 2019-05-30 2019-08-27 杭州奇治信息技术股份有限公司 A kind of data ciphering method of multi-enciphering, device and mobile terminal

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101989984A (en) * 2010-08-24 2011-03-23 北京易恒信认证科技有限公司 Electronic document safe sharing system and method thereof
US10075469B1 (en) * 2015-08-31 2018-09-11 Amazon Technologies, Inc. Assured encrypted delivery
CN105119928A (en) * 2015-09-07 2015-12-02 百度在线网络技术(北京)有限公司 Data transmission method, device and system for Android intelligent terminal
CN106295367A (en) * 2016-08-15 2017-01-04 北京奇虎科技有限公司 Data ciphering method and device
CN107292183A (en) * 2017-06-29 2017-10-24 国信优易数据有限公司 A kind of data processing method and equipment
CN109614809A (en) * 2018-12-13 2019-04-12 税友软件集团股份有限公司 A kind of electronic bill information ciphering method, device and computer readable storage medium
CN110176986A (en) * 2019-05-30 2019-08-27 杭州奇治信息技术股份有限公司 A kind of data ciphering method of multi-enciphering, device and mobile terminal

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112564889A (en) * 2020-12-04 2021-03-26 深圳市安室智能有限公司 Data encryption transmission method and related product
CN114338095A (en) * 2020-12-04 2022-04-12 深圳市安室智能有限公司 Data encryption transmission method and related device, equipment, medium and program product
CN112866226A (en) * 2021-01-12 2021-05-28 中国工商银行股份有限公司 Network security protection method and device
CN112866226B (en) * 2021-01-12 2023-03-10 中国工商银行股份有限公司 Network security protection method and device
CN112989389A (en) * 2021-04-09 2021-06-18 国网陕西省电力公司电力科学研究院 Data security protection method and system
CN114666048A (en) * 2022-03-23 2022-06-24 成都商汤科技有限公司 Data processing method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
US11520912B2 (en) Methods, media, apparatuses and computing devices of user data authorization based on blockchain
CN111245811A (en) Information encryption method and device and electronic equipment
CN108923925B (en) Data storage method and device applied to block chain
CN111400760B (en) Method, device, server and storage medium for web application to access database
CN107920060B (en) Data access method and device based on account
CN110705985B (en) Method and apparatus for storing information
CN113282951B (en) Application program security verification method, device and equipment
CN112464068B (en) Data processing method and device and electronic equipment
CN110545542B (en) Main control key downloading method and device based on asymmetric encryption algorithm and computer equipment
CN116956308A (en) Database processing method, device, equipment and medium
CN110602075A (en) File stream processing method, device and system for encryption access control
CN116502189A (en) Software authorization method, system, device and storage medium
CN111935138B (en) Protection method and device for secure login and electronic equipment
CN110618967B (en) Application program running method, installation package generating method, device, equipment and medium
CN109462604B (en) Data transmission method, device, equipment and storage medium
CN108958771B (en) Application program updating method, device, server and storage medium
CN113742663B (en) Watermark file acquisition method and device and electronic equipment
CN115952518B (en) Data request method, device, electronic equipment and storage medium
CN113626873B (en) Authentication method, device, electronic equipment and computer readable medium
CN113505364B (en) Password protection method, electronic device and computer-readable storage medium
CN113742774B (en) Data processing method and device, readable medium and electronic equipment
CN114826616B (en) Data processing method, device, electronic equipment and medium
CN112261659B (en) Control method and device for terminal and server, terminal and storage medium
CN110619218B (en) Method and apparatus for generating information
CN116933321A (en) Database processing method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200605

RJ01 Rejection of invention patent application after publication