CN111737745A - Data encryption method, device, computer equipment and storage medium - Google Patents

Data encryption method, device, computer equipment and storage medium Download PDF

Info

Publication number
CN111737745A
CN111737745A CN202010587452.XA CN202010587452A CN111737745A CN 111737745 A CN111737745 A CN 111737745A CN 202010587452 A CN202010587452 A CN 202010587452A CN 111737745 A CN111737745 A CN 111737745A
Authority
CN
China
Prior art keywords
data
encrypted
index
original data
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010587452.XA
Other languages
Chinese (zh)
Inventor
于洋
马宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Life Insurance Company of China Ltd
Original Assignee
Ping An Life Insurance Company of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Life Insurance Company of China Ltd filed Critical Ping An Life Insurance Company of China Ltd
Priority to CN202010587452.XA priority Critical patent/CN111737745A/en
Publication of CN111737745A publication Critical patent/CN111737745A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • Bioethics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Computation (AREA)
  • Evolutionary Biology (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a data encryption method and device, computer equipment and a storage medium, which are applied to the technical field of computers and used for solving the problem that a leakage source cannot be accurately positioned when table type data is leaked. The data encryption method provided by the invention comprises the following steps: acquiring an identity of a user receiving encrypted data, and converting the identity of the user to obtain an index carrying encrypted position information; selecting one column of original data from original data to be encrypted; classifying the selected original data in the row to ensure that the classified original data has the same category as the total digit of the index; according to the index carrying the encryption position information, determining the classified original data of the encryption position positioned with the index in the original data as data to be encrypted; and carrying out encryption processing in a preset form on the data to be encrypted.

Description

数据的加密方法、装置、计算机设备及存储介质Data encryption method, device, computer equipment and storage medium

技术领域technical field

本发明涉及计算机技术领域,尤其涉及数据的加密方法、装置、计算机设备及存储介质。The present invention relates to the field of computer technology, and in particular, to a data encryption method, device, computer equipment and storage medium.

背景技术Background technique

数据泄露多指数据在未得到属主的授权下被私自使用。每年全球数以万亿计的损失是由数据泄露造成的。Data leakage refers to the unauthorized use of data without the authorization of the owner. Every year, trillions of losses are caused by data breaches worldwide.

为了在数据泄露之后第一时间内找到泄露该数据的人员,减少损失,目前业内较为成熟的方案是在诸如视频,图片等类型的数据中加入水印来定位数据泄露源,通过注入额外的类似水印信息的方式来对这类数进行“使用者标记”,一方面是标记的太过明显,另一方面会增加原始数据的显示内容,且水印难以定位到泄露某个加密数据的具体来源,其定位能力十分有限。In order to find the person who leaked the data as soon as possible after the data leakage and reduce losses, a relatively mature solution in the industry is to add watermarks to data such as videos and pictures to locate the source of data leakage, and inject additional similar watermarks to locate the source of the data leakage. To "user mark" such data by means of information, on the one hand, the mark is too obvious, on the other hand, it will increase the display content of the original data, and it is difficult for the watermark to locate the specific source of leaking a certain encrypted data. Positioning capabilities are very limited.

且对于诸如数据库中的结构化数据、表格类型的数据并不适用这种方法,现亟待提出一种能够在诸如数据库中的结构化数据、表格类型的数据泄漏时及时定位到泄漏源的方法。And this method is not applicable to structured data such as database and table type data. It is urgent to propose a method that can locate the leak source in time when structured data and table type data such as database leak.

发明内容SUMMARY OF THE INVENTION

本发明实施例提供一种数据的加密方法、装置、计算机设备及存储介质,以解决在表格类型的数据泄露时无法准确定位到泄漏源的技术问题。Embodiments of the present invention provide a data encryption method, device, computer equipment, and storage medium, so as to solve the technical problem that the leakage source cannot be accurately located when table-type data is leaked.

一种数据的加密方法,该方法包括:A data encryption method, the method includes:

获取接收加密数据的用户的身份标识,对该用户的身份标识进行转换,得到携带有加密位置信息的索引;Obtain the identity of the user who receives the encrypted data, convert the identity of the user, and obtain an index carrying the encrypted location information;

从待加密的原始数据中选取其中一列原始数据;Select one column of raw data from the raw data to be encrypted;

对选取的该其中一列原始数据进行分类,使得分类后的该原始数据的种类与该索引的总位数相同;classifying the selected one of the original data, so that the type of the classified original data is the same as the total number of digits of the index;

根据该携带有加密位置信息的索引,将分类后的该原始数据中与该索引定位的加密位置的原始数据确定为待加密数据;According to the index carrying the encrypted location information, determine the original data of the encrypted location located with the index in the classified original data as the data to be encrypted;

对该待加密数据进行预设形式的加密处理。Perform encryption processing in a preset form on the data to be encrypted.

一种数据的加密装置,该装置包括:A data encryption device, the device includes:

索引转换模块,用于获取接收加密数据的用户的身份标识,对该用户的身份标识进行转换,得到携带有加密位置信息的索引;an index conversion module, configured to obtain the identity of the user who receives the encrypted data, convert the identity of the user, and obtain an index that carries the encrypted location information;

数据选取模块,用于从待加密的原始数据中选取其中一列原始数据;The data selection module is used to select one column of original data from the original data to be encrypted;

分类模块,用于对选取的该其中一列原始数据进行分类,使得分类后的该原始数据的种类与该索引的总位数相同;A classification module, used to classify the selected one of the original data, so that the type of the classified original data is the same as the total number of digits of the index;

位置确定模块,用于根据该携带有加密位置信息的索引,将分类后的该原始数据中与该索引定位的加密位置的原始数据确定为待加密数据;a position determination module, configured to determine, according to the index carrying the encrypted position information, the original data of the encrypted position positioned with the index in the classified original data as the data to be encrypted;

加密模块,用于对该待加密数据进行预设形式的加密处理。The encryption module is used to perform encryption processing in a preset form on the data to be encrypted.

一种计算机设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现上述数据的加密方法的步骤。A computer device includes a memory, a processor, and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the data encryption method when the processor executes the computer program.

一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行时实现上述数据的加密方法的步骤。A computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, implements the steps of the above-mentioned data encryption method.

本申请提出的数据的加密方法、装置、计算机设备及存储介质,首先获取接收加密数据的用户的身份标识,对该用户的身份标识进行转换,得到携带有加密位置信息的索引,从待加密的原始数据中选取其中一列原始数据;对选取的该其中一列原始数据进行分类,使得分类后的该原始数据的种类与该索引的总位数相同,以适用数据量大的原始数据,然后根据该携带有加密位置信息的索引,将分类后的该原始数据中与该索引定位的加密位置的原始数据确定为待加密数据,对该待加密数据进行预设形式的加密处理,使得加密处理的数据的位置可以体现出泄漏源的身份标识,当加密处理后的数据泄露时,能够根据加密数据的加密位置反推出泄漏源的身份标识,从而在第一时间内找到泄漏源。The data encryption method, device, computer equipment and storage medium proposed in this application firstly obtain the identity of the user who receives the encrypted data, convert the user's identity, and obtain an index carrying encrypted location information. Select one column of original data from the original data; classify the selected one of the original data, so that the type of the classified original data is the same as the total number of digits of the index, so as to apply to the original data with a large amount of data, and then according to the An index carrying encrypted location information, determining the original data at the encrypted location located with the index in the classified original data as the data to be encrypted, and performing encryption processing in a preset form on the data to be encrypted, so that the encrypted data is processed. The location of the data can reflect the identity of the leak source. When the encrypted data is leaked, the identity of the leak source can be deduced according to the encrypted location of the encrypted data, so as to find the leak source in the first time.

附图说明Description of drawings

为了更清楚地说明本发明实施例的技术方案,下面将对本发明实施例的描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the technical solutions of the embodiments of the present invention more clearly, the following briefly introduces the drawings that are used in the description of the embodiments of the present invention. Obviously, the drawings in the following description are only some embodiments of the present invention. , for those of ordinary skill in the art, other drawings can also be obtained from these drawings without creative labor.

图1是本发明一实施例中数据的加密方法的一应用环境示意图;1 is a schematic diagram of an application environment of a data encryption method in an embodiment of the present invention;

图2是本发明一实施例中数据的加密方法的一流程图;2 is a flowchart of a method for encrypting data in an embodiment of the present invention;

图3是本发明另一实施例中数据的加密方法的一流程图;3 is a flowchart of a method for encrypting data in another embodiment of the present invention;

图4是本发明又一实施例中数据的加密方法的一流程图;4 is a flowchart of a method for encrypting data in another embodiment of the present invention;

图5是本发明一实施例中数据的加密装置的结构示意图;5 is a schematic structural diagram of an apparatus for encrypting data in an embodiment of the present invention;

图6是本发明一实施例中计算机设备的一示意图。FIG. 6 is a schematic diagram of a computer device in an embodiment of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

本申请提供的数据的加密方法,可应用在如图1的应用环境中,其中,计算机设备通过网络与外部设备进行通信。其中,计算机设备包括但不限于各种个人计算机、笔记本电脑、智能手机、平板电脑和便携式可穿戴设备。服务器可以用独立的服务器或者是多个服务器组成的服务器集群来实现。The data encryption method provided by the present application can be applied in the application environment as shown in FIG. 1 , in which the computer device communicates with the external device through the network. Among them, the computer equipment includes but is not limited to various personal computers, notebook computers, smart phones, tablet computers and portable wearable devices. The server can be implemented as an independent server or a server cluster composed of multiple servers.

在一实施例中,如图2所示,提供一种数据的加密方法,为了实现在不破坏原有数据信息完整表达的条件下,将“使用者标记”体现在加密数据的加密位置中,由于使用者标识具有唯一性,使得当该加密数据泄露时,根据该加密数据的加密位置可以唯一定位到泄露人,且该加密方法不会破坏原始数据,以该方法应用在图1中的计算机设备为例进行说明,包括如下步骤S101至S105。In one embodiment, as shown in FIG. 2, a data encryption method is provided, in order to realize the "user mark" in the encrypted position of the encrypted data without destroying the complete expression of the original data information, Due to the uniqueness of the user identifier, when the encrypted data is leaked, the leaker can be uniquely located according to the encrypted location of the encrypted data, and the encryption method will not destroy the original data. This method is applied to the computer in FIG. 1 . The device is described as an example, including the following steps S101 to S105.

S101、获取接收加密数据的用户的身份标识,对该用户的身份标识进行转换,得到携带有加密位置信息的索引。S101. Acquire an identity of a user who receives encrypted data, convert the identity of the user, and obtain an index carrying encrypted location information.

在其中一个实施例中,接收加密数据的用户的身份标识可以认为设定,可以是纯数字型,也可以是数字与其他形式字符的自由组合,接收加密数据的用户的是预先知道的,可以通过该身份标识将接收加密数据的用户唯一标定。In one of the embodiments, the identity of the user who receives the encrypted data can be considered to be set, which can be a pure number or a free combination of numbers and other forms of characters. The user who receives the encrypted data is known in advance and can be The user who receives the encrypted data is uniquely identified by this identification.

应用中,当确定数据接收者后,会分配给数据接收者一个身份标识,例如,将id定义为5位数字,每位数字随机选取0到9,当获取到生成指令,生成id,在生成id的过程中需要保证不会生成重复的id,保证分配给数据接收者的id唯一。In the application, when the data receiver is determined, it will assign an identity to the data receiver. For example, the id is defined as a 5-digit number, and each number is randomly selected from 0 to 9. In the process of id, it is necessary to ensure that no duplicate id is generated, and that the id assigned to the data receiver is unique.

其中,同一份数据多次传输同一用户不需要重复加密,不同数据多次传输同一用户分配的id不同。Among them, multiple transmissions of the same data to the same user do not require repeated encryption, and multiple transmissions of different data to the same user are assigned different ids.

S102、从待加密的原始数据中选取其中一列原始数据。S102. Select one column of original data from the original data to be encrypted.

其中,该原始具有均包括若干列,例如包括“外勤工号”的列,则可以将外勤工号列选取为本步骤中的列,被选取的列表示待确定加密行及待加密的数据。Wherein, the original data includes several columns, for example, a column including "field worker number", then the field worker number column can be selected as the column in this step, and the selected column represents the row to be determined to be encrypted and the data to be encrypted.

在其他实施例中,也可以选取“员工手机号”或“员工生日”等其它的列作为待确定加密行及待加密的数据。In other embodiments, other columns such as "employee mobile phone number" or "employee birthday" can also be selected as the encrypted row to be determined and the data to be encrypted.

S103、对选取的该其中一列原始数据进行分类,使得分类后的该原始数据的种类与该索引的总位数相同。S103 , classifying the one of the selected original data, so that the type of the classified original data is the same as the total number of digits of the index.

该步骤对原始数据进行转换的目的是为了对该原始数据进行分类,因为原始数据包含的行数可能会特别多,但是索引的位数有限,一般不能够包括某列中所有行的数据,对原始数据进行分类处理,可以将被归为同一类的原始数据行均标记为加密或者不加密。The purpose of converting the original data in this step is to classify the original data, because the number of rows in the original data may be very large, but the number of digits of the index is limited, and generally it cannot include the data of all rows in a certain column. The raw data is classified, and the raw data rows classified into the same category can be marked as encrypted or not encrypted.

分类后的所述原始数据的种类与所述索引的位数相同是为了使得该索引能够涵盖所有行的原始数据。The category of the classified raw data is the same as the number of digits of the index, so that the index can cover the raw data of all rows.

S104、根据该携带有加密位置信息的索引,将分类后的该原始数据中与该索引定位的加密位置的原始数据确定为待加密数据。S104. According to the index carrying the encrypted location information, determine the original data of the encrypted location located with the index in the classified original data as the data to be encrypted.

所述身份标识包括但不限于用户的工号、电脑号等等,所述待加密数据在所述原始数据中位置的确定可以通过对用户的身份标识进行转换得到。The identity identifier includes but is not limited to the user's job number, computer number, etc., and the location of the data to be encrypted in the original data can be determined by converting the user's identity identifier.

S105、对该待加密数据进行预设形式的加密处理。S105. Perform encryption processing in a preset form on the data to be encrypted.

在其中一个实施例中,该步骤S105进一步包括:In one embodiment, the step S105 further includes:

获取该待加密数据中数据类型为字符型的原始数据;Obtain the original data whose data type is character in the data to be encrypted;

对获取的该字符型的原始数据进行显示标记。Mark the acquired raw data of the character type for display.

在其中一个实施例中,该显示标记包括但不限于对字符型的原始数据加粗、变色、倾斜、加下划线等等。In one embodiment, the display mark includes, but is not limited to, bolding, discoloring, slanting, underlining, and the like for the original data of the character type.

在其他实施例中,该步骤S105进一步包括:In other embodiments, the step S105 further includes:

获取该待加密数据中数据类型为数据类型的原始数据;Obtain the original data whose data type is the data type in the data to be encrypted;

对获取的该数据类型的原始数据进行预设位置的数值增加。The value of the preset position is increased for the acquired raw data of this data type.

在其中一个实施例中,其中,本例中优选采用以下方式进行加密数据变换,选取外勤生日的列进行标记处理,具体的处理方式是将原有数据最后一位替换为0至9之间的随机数,例如:1990-02-12 00:00:00.0数值增加后更新的数据为1990-02-12 00:00:00.8。In one of the embodiments, in this example, the encrypted data conversion is preferably carried out in the following manner, selecting the column of the birthday of the field staff for marking processing, and the specific processing method is to replace the last digit of the original data with a value between 0 and 9. Random number, for example: 1990-02-12 00:00:00.0 The updated data after the value is increased is 1990-02-12 00:00:00.8.

在其中一个实施例中,选取员工手机号的列进行标记处理,具体可以为在员工手机号的前面加“86”,例如将原始数据列中的手机号18588996329修改为8618588996329。In one embodiment, the column of employee mobile phone numbers is selected for marking processing. Specifically, "86" may be added in front of the employee mobile phone number, for example, the mobile phone number 18588996329 in the original data column is modified to 8618588996329.

进一步地,涉及的不改变数据信息表达的数据变换方式包括并不限于:Further, the involved data transformation methods that do not change the expression of data information include but are not limited to:

(1)数值型数据精度的变换例如:1.00=1.0;(1) Conversion of numerical data precision, for example: 1.00=1.0;

(2)字符型缩写变换例如:Road=Rd;(2) Character type abbreviation conversion, for example: Road=Rd;

(3)字符型数据标点替换例如:Jr.=Jr;(3) Character data punctuation replacement such as: Jr.=Jr;

(4)字符型字体格式替换例如:The Load of King=The Road ofKing。(4) Character font format replacement For example: The Load of King=The Road of King.

本实施例提出的数据的加密方法首先获取接收加密数据的用户的身份标识,对该用户的身份标识进行转换,得到携带有加密位置信息的索引,从待加密的原始数据中选取其中一列原始数据;对选取的该其中一列原始数据进行分类,使得分类后的该原始数据的种类与该索引的总位数相同,以适用数据量大的原始数据,然后根据该携带有加密位置信息的索引,将分类后的该原始数据中与该索引定位的加密位置的原始数据确定为待加密数据,对该待加密数据进行预设形式的加密处理,使得加密处理的数据的位置可以体现出泄漏源的身份标识,当加密处理后的数据泄露时,能够根据加密数据的加密位置反推出泄漏源的身份标识,从而在第一时间内找到泄漏源。The data encryption method proposed in this embodiment first obtains the identity of the user who receives the encrypted data, converts the identity of the user to obtain an index carrying the encrypted location information, and selects one column of the original data from the original data to be encrypted ; Classify the selected one of the original data, so that the type of the classified original data is the same as the total number of digits of the index, so as to apply the original data with a large amount of data, and then according to the index that carries the encrypted position information, Determine the original data of the encrypted position located with the index in the classified raw data as the data to be encrypted, and perform encryption processing in a preset form on the data to be encrypted, so that the position of the encrypted data can reflect the leakage source. Identity identifier, when the encrypted data is leaked, the identity identifier of the leakage source can be deduced according to the encrypted location of the encrypted data, so as to find the leakage source in the first time.

在其中一个实施例中,该数据的加密方法还包括以下步骤:In one of the embodiments, the data encryption method further includes the following steps:

获取已获得授权的接收该加密数据的用户信息。当确定数据接收者后,需要获取数据接收者的信息,例如,数据接收者是王某,则需要获取数据接收者的姓名、性别、身份证号等;上述数据接收者信息是为了能够唯一确定数据接受者,因此,数据接收者信息中必须包括能够唯一确定数据接收者身份的信息,其中,数据接收者信息并不一定为上述举例中的姓名、性别、身份证号等信息,假设数据接收者有与其身份唯一对应的工号,那么数据接收者信息可以只包括数据接收者工号;Get the information of users who are authorized to receive the encrypted data. After the data recipient is determined, the information of the data recipient needs to be obtained. For example, if the data recipient is Wang, then the name, gender, ID number, etc. of the data recipient need to be obtained; the above data recipient information is to be able to uniquely determine Data recipient. Therefore, the data recipient information must include information that can uniquely determine the identity of the data recipient. The data recipient information is not necessarily the name, gender, ID number and other information in the above example. If the recipient has a job number uniquely corresponding to its identity, the data recipient information can only include the data recipient job number;

对该用户信息对应的用户分配该身份标识。分配给数据接收者预先设定的待加密位置的id为唯一id,数据进行相应的加密后,后续发现数据泄露后,能通过数据中的相应信息反向破译出该泄露数据对应的id,然后由于id唯一,进而能够唯一的确定数据泄露的相关责任人,从而使得数据属主在面对核心数据泄露所带来的经济损失时,能够准确定位相应责任方。The identity identifier is allocated to the user corresponding to the user information. The id assigned to the pre-set location to be encrypted by the data receiver is the unique id. After the data is encrypted accordingly, after the subsequent discovery of data leakage, the id corresponding to the leaked data can be reversely deciphered through the corresponding information in the data, and then Because the id is unique, the relevant responsible person of the data leakage can be uniquely determined, so that the data owner can accurately locate the corresponding responsible party when facing the economic loss caused by the core data leakage.

进一步的,在对该用户信息对应的用户分配该身份标识的步骤之后还包括:Further, after the step of allocating the identity to the user corresponding to the user information, it also includes:

将所述身份标识与接收加密数据的所述用户的信息进行关联;associating the identity with the information of the user receiving encrypted data;

将所述身份标识与所述数据接收者信息关联后的信息存储至数据库中。The information associated with the identity identifier and the data recipient information is stored in a database.

将id与数据接收者信息关联起来并存储在相应的数据库中后,当从泄露文件中还原出泄露文件中的id,根据id在数据库中检索出与该id相关联的数据接收者信息,从而定位到泄露该加密数据的人。After the id is associated with the data receiver information and stored in the corresponding database, when the id in the leaked file is restored from the leaked file, the data receiver information associated with the id is retrieved from the database according to the id, thereby Locate the person who leaked the encrypted data.

图3是本发明另一实施例中数据的加密方法的一流程图,如图3所示,该步骤S103中对选取的该其中一列原始数据进行分类的步骤进一步包括以下步骤S301至S303。FIG. 3 is a flowchart of a data encryption method according to another embodiment of the present invention. As shown in FIG. 3 , the step of classifying one of the selected rows of raw data in step S103 further includes the following steps S301 to S303 .

S301、获取根据该身份标识转换得到的该索引的总位数。S301. Obtain the total number of digits of the index converted according to the identity identifier.

在其中一实施例中,当将该身份标识转换为二进制时,该索引的总位数即转换得到的二进制数的总位数。In one embodiment, when the identification is converted into binary, the total number of digits of the index is the total number of digits of the converted binary number.

S302、计算该其中一列原始数据中各行的行数与该总位数相除得到的余数。S302. Calculate the remainder obtained by dividing the row number of each row in the one column of original data by the total number of digits.

其中,索引列中的数据为数值型数据,可以选取索引列中的数据前几位或后几位的数字,获取选取数字与特征数据的余数。Among them, the data in the index column is numeric data, you can select the first or last digits of the data in the index column to obtain the remainder of the selected number and the characteristic data.

通过上述方法计算出来的余数数量的总数必然与所述索引的位数相同,从而实现对所述原始数据进行分类,若所述预设数值为14,则通过上述方法计算出来的余数必然为0到13中的某个值,从而存在14个余数,则表示将所述原始数据分为14类。The total number of remainders calculated by the above method must be the same as the number of digits of the index, so as to realize the classification of the original data. If the preset value is 14, the remainder calculated by the above method must be 0. to a certain value in 13, so that there are 14 remainders, it means that the original data is divided into 14 categories.

S303、将余数相同的行数对应的原始数据确定为同一类。S303: Determine the original data corresponding to the number of rows with the same remainder as the same type.

在其中一个实施例中,该步骤S101中对该用户的身份标识进行转换的步骤包括:In one embodiment, the step of converting the identity of the user in step S101 includes:

将该用户的身份标识转换为二进制数,将该二进制数的位数确定为该索引的位数。Convert the user's identity to a binary number, and determine the number of bits of the binary number as the number of bits of the index.

将id转换为二进制数值后,转换后的二进制数值与id紧密关联,由该二进制数值能得出身份标识id,而且二进制数据数值只包括1和0,1和0可以用于表示数据的两种状态,例如,可以用1表示需要对所述原始数据进行加密,可以用0表示不需要对所述原始数据进行加密。例如,设定数据授权人id为10361,将授权人id转换为二进制格式为10100001111001。After the id is converted into a binary value, the converted binary value is closely related to the id, and the identity id can be obtained from the binary value, and the binary data value only includes 1 and 0, and 1 and 0 can be used to represent two types of data. The status, for example, may be 1 to indicate that the original data needs to be encrypted, and 0 to indicate that the original data does not need to be encrypted. For example, set the data authorizer id to 10361, and convert the authorizer id to binary format as 10100001111001.

图4是本发明又一实施例中数据的加密方法的一流程图,如图4所示,该步骤S104中将分类后的该原始数据中与该索引定位的加密位置的原始数据确定为待加密数据的步骤进一步包括:FIG. 4 is a flow chart of a method for encrypting data in another embodiment of the present invention. As shown in FIG. 4 , in step S104 , in the classified original data, the original data of the encrypted position located with the index is determined as to be The step of encrypting the data further includes:

S401、获取该二进制数中相同数值的数所在的位数,进一步地,获取的二进制数中相同数值的数表示预设的与“加密”相对应的数,例如,若预先设定“1”表示需要加密的行,则获取该二进制数中所有的“1”所在的位数,位数的最小值为0;S401. Obtain the number of digits of the same value in the binary number. Further, the obtained binary number with the same value represents a preset number corresponding to "encryption". For example, if "1" is preset Indicates the line that needs to be encrypted, then obtains the digit of all "1" in the binary number, and the minimum value of the digit is 0;

S402、获取该余数为该位数的该原始数据所在的行数;S402, obtaining the row number where the original data whose remainder is the number of digits is located;

S403、将获取的该行数中的该原始数据确定为该待加密数据。S403. Determine the raw data in the obtained row number as the data to be encrypted.

根据本实施例的一个使用场景例如:根据所述身份标识转换成的二进制数为“10100001111001”,对照其中一列原始数据与14相除得到的余数分别为0~13,根据本实施例的一个使用场景参见如下表(1):According to a usage scenario of this embodiment, for example: the binary number converted from the identity identifier is "10100001111001", and the remainders obtained by dividing one column of original data by 14 are 0 to 13, respectively. According to a usage scenario of this embodiment See the following table (1) for the scenarios:

11 00 11 00 00 00 00 11 11 11 11 00 00 11 00 11 22 33 44 55 66 77 88 99 1010 1111 1212 1313 Yes no Yes no no no no Yes Yes Yes Yes no no Yes

表(1)Table 1)

参照上述表1,若预先设定的是否加密与二进制数中相同数值对应关系为1表示加密、0表示不加密,应理解为选取的其中一列原始数据中与14的相处得到余数为0、2、7、8、9、10和13的行中的数据为所述标记的待加密数据。Referring to the above table 1, if the preset corresponding relationship between encryption and the same value in the binary number is 1 means encryption, 0 means no encryption, it should be understood that one of the selected raw data gets along with 14 and the remainder is 0, 2 The data in the rows of , 7, 8, 9, 10 and 13 are the marked data to be encrypted.

根据本实施例的一个使用场景如下:A usage scenario according to this embodiment is as follows:

选取外勤工号列作为从待加密的原始数据中选取的其中一列原始数据,工号是10进制数值,假设存在工号a:12345,工号b:45678,工号c:56789。The field worker number column is selected as one of the original data columns selected from the raw data to be encrypted. The worker number is a decimal value. Suppose there are worker number a: 12345, worker number b: 45678, and worker number c: 56789.

所以工号a的后4位除14的余数是7,工号b的后四位除14的余数是8,工号c的后四位除14的余数是13。由于7和13对应标识数据中的数字为1,所以工号a,工号c所在的数据行对应位置的数据会被进行加密数据变换。Therefore, the remainder when the last four digits of job number a are divided by 14 is 7, the remainder when the last four digits of job number b are divided by 14 is 8, and the remainder when the last four digits of job number c are divided by 14 is 13. Since the numbers in the identification data corresponding to 7 and 13 are 1, the data at the corresponding positions of the data lines where the job number a and the job number c are located will be converted into encrypted data.

在其中一个实施例中,当加密处理后的数据泄露时,根据加密数据的加密位置反推出泄漏源的身份标识的步骤包括:In one of the embodiments, when the encrypted data is leaked, the step of deriving the identity of the leak source according to the encrypted location of the encrypted data includes:

获取经加密处理后的一个周期内的数据,所述数据包括一个周期内加密行的数据和非加密行的数据,其中,一个周期内的数据的总行数即对所述原始数据进行分类的类数;Obtain the data in one cycle after encryption processing, the data includes the data of encrypted rows and the data of non-encrypted rows in one cycle, wherein, the total number of rows of data in one cycle is the class for classifying the original data. number;

对所述一个周期内的数据按照预先设定的是否加密与二进制数中相同数值对应关系进行解码,得到解码结果。例如若预先设定数值“1”表示加密、数值“0”表示不加密,则可以根据一个周期内的数据是否加密解码出一串二进制数值;The data in the one cycle is decoded according to the preset corresponding relationship between whether to encrypt or not and the same value in the binary number to obtain a decoding result. For example, if the preset value "1" means encryption and the value "0" means no encryption, then a string of binary values can be decoded according to whether the data in a cycle is encrypted or not;

将所述解码结果编译为十进制数,得到所述用户的身份标识。The decoding result is compiled into a decimal number to obtain the identity of the user.

在其中一个实施例中,从上到下判断索引列数据所在行对应位置的数据是否需要进行加密,并从上到下逐行对索引列数据所在行对应位置的数据进行数据加密。In one embodiment, it is judged from top to bottom whether the data in the row corresponding to the index column data needs to be encrypted, and the data in the row corresponding to the row where the index column data is located is encrypted row by row from top to bottom.

本申请提供一种数据加密方法,首先,需要获取待加密文档加盐关键词索引,确定索引列,然后获取分配给数据接收者的唯一id,之后再根据预设算法对相关位置的数据进行数据加密,其中,所述数据加密为不影响待加密数据信息完整度的一种数据变换方式,加密后的文件通过加密位置能够逆向追溯出唯一id,从而能够在获取到泄露数据后,能够唯一的确定数据泄露的相关责任人,本方案在保障原有数据信息的完整性与准确性的同时,通过一系列的数据变换方式,嵌入了数据授权使用人的信息,且在后续的追溯中,能够快速定位到数据泄露源。The present application provides a data encryption method. First, it is necessary to obtain the salted keyword index of the document to be encrypted, determine the index column, and then obtain the unique id assigned to the data recipient, and then perform data processing on the data in the relevant position according to a preset algorithm. Encryption, wherein the data encryption is a data transformation method that does not affect the integrity of the data to be encrypted. The encrypted file can be reversely traced through the encrypted location to obtain a unique id, so that after the leaked data is obtained, it can be unique. Determine the relevant responsible person for data leakage. While ensuring the integrity and accuracy of the original data information, this solution embeds the information of the authorized user of the data through a series of data transformation methods, and in the subsequent traceability, can Quickly locate the source of data breaches.

应理解,上述实施例中各步骤的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本发明实施例的实施过程构成任何限定。It should be understood that the size of the sequence numbers of the steps in the above embodiments does not mean the sequence of execution, and the execution sequence of each process should be determined by its functions and internal logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.

在一实施例中,提供一种数据的加密装置,该数据的加密装置与上述实施例中数据的加密方法一一对应。如图5所示,该数据的加密装置100包括索引转换模块11、数据选取模块12、分类模块13、位置确定模块14和加密模块15。各功能模块详细说明如下:In an embodiment, a data encryption device is provided, and the data encryption device corresponds to the data encryption method in the above-mentioned embodiment one-to-one. As shown in FIG. 5 , the data encryption device 100 includes an index conversion module 11 , a data selection module 12 , a classification module 13 , a position determination module 14 and an encryption module 15 . The detailed description of each functional module is as follows:

索引转换模块11,用于获取接收加密数据的用户的身份标识,对该用户的身份标识进行转换,得到携带有加密位置信息的索引;The index conversion module 11 is used to obtain the identity of the user who receives the encrypted data, convert the identity of the user, and obtain an index that carries the encrypted location information;

数据选取模块12,用于从待加密的原始数据中选取其中一列原始数据;The data selection module 12 is used to select one row of original data from the original data to be encrypted;

分类模块13,用于对选取的该其中一列原始数据进行分类,使得分类后的该原始数据的种类与该索引的总位数相同;The classification module 13 is used to classify the selected one of the original data, so that the type of the classified original data is the same as the total number of digits of the index;

位置确定模块14,用于根据该携带有加密位置信息的索引,将分类后的该原始数据中与该索引定位的加密位置的原始数据确定为待加密数据;The location determination module 14 is used to determine the original data of the encrypted location located with the index in the classified original data as the data to be encrypted according to the index carrying the encrypted location information;

加密模块15,用于对该待加密数据进行预设形式的加密处理。The encryption module 15 is configured to perform encryption processing in a preset form on the data to be encrypted.

在其中一个实施例中,该数据的加密装置100还包括:In one of the embodiments, the data encryption apparatus 100 further includes:

用户信息获取单元,用于获取已获得授权的接收该加密数据的用户信息;a user information acquisition unit, configured to acquire authorized user information for receiving the encrypted data;

身份标识分配单元,用于对该用户信息对应的用户分配该身份标识。The identity identifier allocation unit is used for allocating the identity identifier to the user corresponding to the user information.

在其中一个实施例中,该分类模块13进一步包括:In one embodiment, the classification module 13 further includes:

总位数获取单元,用于获取根据该身份标识转换得到的该索引的总位数;a unit for obtaining the total number of digits, which is used to obtain the total number of digits of the index converted according to the identity identifier;

计算单元,用于计算该其中一列原始数据中各行的行数与该总位数相除得到的余数;a calculation unit, used to calculate the remainder obtained by dividing the number of rows in each row of the original data in one of the columns by the total number of digits;

同类确定单元,用于将余数相同的行数对应的原始数据确定为同一类。The same type determination unit is used to determine the original data corresponding to the number of rows with the same remainder as the same type.

在其中一个实施例中,该索引转换模块11具体用于将该用户的身份标识转换为二进制数,将该二进制数的位数确定为该索引的位数。In one embodiment, the index conversion module 11 is specifically configured to convert the identity of the user into a binary number, and determine the number of digits of the binary number as the number of digits of the index.

在其中一个实施例中,该位置确定模块14进一步包括:In one embodiment, the location determination module 14 further includes:

位数获取单元,用于获取该二进制数中相同数值的数所在的位数,进一步地,获取的二进制数中相同数值的数表示预设的与“加密”相对应的数,例如,若预先设定“1”表示需要加密的行,则获取该二进制数中所有的“1”所在的位数,位数的最小值为0;A digit obtaining unit is used to obtain the digit of the number of the same value in the binary number. Further, the obtained number of the same value in the binary number represents a preset number corresponding to "encryption". If "1" is set to indicate the line that needs to be encrypted, then the digits of all "1" in the binary number are obtained, and the minimum number of digits is 0;

行数获取单元,用于获取该余数为该位数的该原始数据所在的行数;The row number obtaining unit is used to obtain the row number of the original data whose remainder is the number of digits;

加密确定单元,用于将获取的该行数中的该原始数据确定为该待加密数据。An encryption determination unit, configured to determine the obtained raw data in the row number as the data to be encrypted.

在其中一个实施例中,该加密模块15具体包括:In one embodiment, the encryption module 15 specifically includes:

类型获取单元,用于获取该待加密数据中数据类型为字符型的原始数据;a type acquisition unit, used to acquire the original data whose data type is character type in the data to be encrypted;

标记单元,用于对获取的该字符型的原始数据进行显示标记。The marking unit is used to display and mark the acquired raw data of the character type.

在其中一个实施例中,该类型获取单元还用于获取该待加密数据中数据类型为数值类型的原始数据;In one embodiment, the type acquiring unit is further configured to acquire the original data whose data type is a numerical type in the data to be encrypted;

其中,该数据的加密方法还包括数值增加单元,用于对获取的该数值类型的原始数据进行预设位置的数值增加。Wherein, the data encryption method further includes a numerical value increasing unit, which is used for increasing the numerical value at a preset position for the obtained raw data of the numerical value type.

在其中一个实施例中,当加密处理后的数据泄露时,本实施例提出一种用户的解码装置,用于根据加密数据的加密位置反推出泄漏源的身份标识,该用户的解码装置包括:In one of the embodiments, when the encrypted data is leaked, this embodiment provides a decoding device for a user, which is used to reversely deduce the identity of the leakage source according to the encrypted location of the encrypted data, and the decoding device for the user includes:

数据获取模块,用于获取经加密处理后的一个周期内的数据,所述数据包括一个周期内加密行的数据和非加密行的数据,其中,一个周期内的数据的总行数即对所述原始数据进行分类的类数;The data acquisition module is used to acquire the data in one cycle after encryption processing, the data includes the data of encrypted rows and the data of non-encrypted rows in one cycle, wherein, the total number of rows of data in one cycle is equal to the The number of classes to classify the original data;

解码模块,用于对所述一个周期内的数据按照预先设定的是否加密与二进制数中相同数值对应关系进行解码,得到解码结果。例如若预先设定数值“1”表示加密、数值“0”表示不加密,则可以根据一个周期内的数据是否加密解码出一串二进制数值;The decoding module is used for decoding the data in the one cycle according to the preset corresponding relationship between encryption and the same value in the binary number to obtain a decoding result. For example, if the preset value "1" means encryption and the value "0" means no encryption, then a string of binary values can be decoded according to whether the data in a cycle is encrypted or not;

编译模块,用于将所述解码结果编译为十进制数,得到所述用户的身份标识。The compiling module is used for compiling the decoding result into a decimal number to obtain the identity of the user.

在其中一个实施例中,从上到下判断索引列数据所在行对应位置的数据是否需要进行加密,并从上到下逐行对索引列数据所在行对应位置的数据进行数据加密。In one embodiment, it is judged from top to bottom whether the data in the row corresponding to the index column data needs to be encrypted, and the data in the row corresponding to the row where the index column data is located is encrypted row by row from top to bottom.

本实施例提出的数据的加密装置首先获取接收加密数据的用户的身份标识,对该用户的身份标识进行转换,得到携带有加密位置信息的索引,从待加密的原始数据中选取其中一列原始数据;对选取的该其中一列原始数据进行分类,使得分类后的该原始数据的种类与该索引的总位数相同,以适用数据量大的原始数据,然后根据该携带有加密位置信息的索引,将分类后的该原始数据中与该索引定位的加密位置的原始数据确定为待加密数据,对该待加密数据进行预设形式的加密处理,使得加密处理的数据的位置可以体现出泄漏源的身份标识,当加密处理后的数据泄露时,能够根据加密数据的加密位置反推出泄漏源的身份标识,从而在第一时间内找到泄漏源。The device for encrypting data proposed in this embodiment first obtains the identity of the user who receives the encrypted data, converts the identity of the user to obtain an index carrying the encrypted location information, and selects one column of the original data from the original data to be encrypted ; Classify the selected one of the original data, so that the type of the classified original data is the same as the total number of digits of the index, so as to apply the original data with a large amount of data, and then according to the index that carries the encrypted position information, Determine the original data of the encrypted position located with the index in the classified raw data as the data to be encrypted, and perform encryption processing in a preset form on the data to be encrypted, so that the position of the encrypted data can reflect the leakage source. Identity identifier, when the encrypted data is leaked, the identity identifier of the leakage source can be deduced according to the encrypted location of the encrypted data, so as to find the leakage source in the first time.

其中,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或模块的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或模块,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或模块,本申请中所出现的模块的划分,仅仅是一种逻辑上的划分,实际应用中实现时可以有另外的划分方式。Wherein, the terms "comprising" and "having" and any variations thereof, are intended to cover non-exclusive inclusion, for example, a process, method, system, product or device comprising a series of steps or modules is not necessarily limited to those expressly listed Those steps or modules, but may include other steps or modules not explicitly listed or inherent to these processes, methods, products or devices, the division of modules appearing in this application is only a logical division , and there may be other division methods when implementing in practical applications.

关于数据的加密装置的具体限定可以参见上文中对于数据的加密方法的限定,在此不再赘述。上述数据的加密装置中的各个模块可全部或部分通过软件、硬件及其组合来实现。上述各模块可以硬件形式内嵌于或独立于计算机设备中的处理器中,也可以以软件形式存储于计算机设备中的存储器中,以便于处理器调用执行以上各个模块对应的操作。For the specific limitation of the data encryption apparatus, reference may be made to the limitation of the data encryption method above, which will not be repeated here. Each module in the above-mentioned data encryption device may be implemented in whole or in part by software, hardware and combinations thereof. The above modules can be embedded in or independent of the processor in the computer device in the form of hardware, or stored in the memory in the computer device in the form of software, so that the processor can call and execute the operations corresponding to the above modules.

在一个实施例中,提供了一种计算机设备,该计算机设备可以是终端,其内部结构图可以如图6所示。该计算机设备包括通过系统总线连接的处理器、存储器、网络接口、显示屏和输入装置。其中,该计算机设备的处理器用于提供计算和控制能力。该计算机设备的存储器包括非易失性存储介质、内存储器。该非易失性存储介质存储有操作系统和计算机程序。该内存储器为非易失性存储介质中的操作系统和计算机程序的运行提供环境。该计算机设备的网络接口用于与外部服务器通过网络连接通信。该计算机程序被处理器执行时以实现一种数据的加密方法。In one embodiment, a computer device is provided, and the computer device may be a terminal, and its internal structure diagram may be as shown in FIG. 6 . The computer equipment includes a processor, memory, a network interface, a display screen, and an input device connected by a system bus. Among them, the processor of the computer device is used to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium, an internal memory. The nonvolatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the execution of the operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used to communicate with an external server over a network connection. The computer program when executed by a processor implements a method of encrypting data.

在一个实施例中,提供了一种计算机设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,处理器执行计算机程序时实现上述实施例中数据的加密方法的步骤,例如图2所示的步骤101至步骤105及该方法的其它扩展和相关步骤的延伸。或者,处理器执行计算机程序时实现上述实施例中数据的加密装置的各模块/单元的功能,例如图5所示模块11至模块15的功能。为避免重复,这里不再赘述。In one embodiment, a computer device is provided, including a memory, a processor, and a computer program stored in the memory and running on the processor, and the processor implements the encryption method of the data in the above embodiment when the computer program is executed. steps, such as steps 101 to 105 shown in FIG. 2 and other extensions of the method and extensions of related steps. Alternatively, when the processor executes the computer program, the functions of each module/unit of the data encryption apparatus in the above-mentioned embodiment are implemented, for example, the functions of modules 11 to 15 shown in FIG. 5 . In order to avoid repetition, details are not repeated here.

所述处理器可以是中央处理单元(Central Processing Unit,CPU),还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等,所述处理器是所述计算机装置的控制中心,利用各种接口和线路连接整个计算机装置的各个部分。The processor may be a central processing unit (Central Processing Unit, CPU), other general-purpose processors, a digital signal processor (Digital Signal Processor, DSP), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), an off-the-shelf processor Programmable Gate Array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The general-purpose processor can be a microprocessor or the processor can also be any conventional processor, etc. The processor is the control center of the computer device, and uses various interfaces and lines to connect various parts of the entire computer device.

所述存储器可用于存储所述计算机程序和/或模块,所述处理器通过运行或执行存储在所述存储器内的计算机程序和/或模块,以及调用存储在存储器内的数据,实现所述计算机装置的各种功能。所述存储器可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序(比如声音播放功能、图像播放功能等)等;存储数据区可存储根据手机的使用所创建的数据(比如音频数据、视频数据等)等。The memory can be used to store the computer program and/or module, and the processor implements the computer by running or executing the computer program and/or module stored in the memory and calling the data stored in the memory various functions of the device. The memory may mainly include a stored program area and a stored data area, wherein the stored program area may store an operating system, an application program required for at least one function (such as a sound playback function, an image playback function, etc.), etc.; the storage data area may store Data (such as audio data, video data, etc.) created according to the usage of the mobile phone, etc.

所述存储器可以集成在所述处理器中,也可以与所述处理器分开设置。The memory may be integrated in the processor, or may be provided separately from the processor.

在一个实施例中,提供了一种计算机可读存储介质,其上存储有计算机程序,计算机程序被处理器执行时实现上述实施例中数据的加密方法的步骤,例如图2所示的步骤101至步骤105及该方法的其它扩展和相关步骤的延伸。或者,计算机程序被处理器执行时实现上述实施例中数据的加密装置的各模块/单元的功能,例如图5所示模块11至模块15的功能。为避免重复,这里不再赘述。In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored. When the computer program is executed by a processor, the steps of the data encryption method in the foregoing embodiment are implemented, for example, step 101 shown in FIG. 2 . To step 105 and other extensions of the method and extensions of related steps. Alternatively, when the computer program is executed by the processor, the functions of each module/unit of the data encryption apparatus in the above-mentioned embodiment are realized, for example, the functions of modules 11 to 15 shown in FIG. 5 . In order to avoid repetition, details are not repeated here.

本实施例提出的数据的加密方法、装置、计算机设备及存储介质,首先获取接收加密数据的用户的身份标识,对该用户的身份标识进行转换,得到携带有加密位置信息的索引,从待加密的原始数据中选取其中一列原始数据;对选取的该其中一列原始数据进行分类,使得分类后的该原始数据的种类与该索引的总位数相同,以适用数据量大的原始数据,然后根据该携带有加密位置信息的索引,将分类后的该原始数据中与该索引定位的加密位置的原始数据确定为待加密数据,对该待加密数据进行预设形式的加密处理,使得加密处理的数据的位置可以体现出泄漏源的身份标识,当加密处理后的数据泄露时,能够根据加密数据的加密位置反推出泄漏源的身份标识,从而在第一时间内找到泄漏源。The data encryption method, device, computer equipment and storage medium proposed in this embodiment first obtain the identity of the user who receives the encrypted data, convert the user's identity, and obtain an index that carries encrypted location information. Select one column of original data from the original data of For the index carrying the encrypted location information, the original data of the classified original data at the encrypted location located with the index is determined as the data to be encrypted, and the data to be encrypted is encrypted in a preset form, so that the encrypted data is encrypted. The location of the data can reflect the identity of the leak source. When the encrypted data is leaked, the identity of the leak source can be deduced according to the encrypted location of the encrypted data, so as to find the leak source in the first time.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一非易失性计算机可读取存储介质中,该计算机程序在执行时,可包括如上述各方法的实施例的流程。其中,本申请所提供的各实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM以多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink)DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented by instructing relevant hardware through a computer program, and the computer program can be stored in a non-volatile computer-readable storage In the medium, when the computer program is executed, it may include the processes of the above-mentioned method embodiments. Wherein, any reference to memory, storage, database or other medium used in the various embodiments provided in this application may include non-volatile and/or volatile memory. Nonvolatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory may include random access memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in various forms such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Road (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.

所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,仅以上述各功能单元、模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元、模块完成,即将所述装置的内部结构划分成不同的功能单元或模块,以完成以上描述的全部或者部分功能。Those skilled in the art can clearly understand that, for the convenience and simplicity of description, only the division of the above-mentioned functional units and modules is used as an example. Module completion, that is, dividing the internal structure of the device into different functional units or modules to complete all or part of the functions described above.

以上所述实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围,均应包含在本发明的保护范围之内。The above-mentioned embodiments are only used to illustrate the technical solutions of the present invention, but not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: it is still possible to implement the foregoing implementations. The technical solutions described in the examples are modified, or some technical features thereof are equivalently replaced; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of the embodiments of the present invention, and should be included in the within the protection scope of the present invention.

Claims (10)

1.一种数据的加密方法,其特征在于,所述方法包括:1. a data encryption method, is characterized in that, described method comprises: 获取接收加密数据的用户的身份标识,对所述用户的身份标识进行转换,得到携带有加密位置信息的索引;Obtaining the identity of the user who receives the encrypted data, and converting the identity of the user to obtain an index carrying the encrypted location information; 从待加密的原始数据中选取其中一列原始数据;Select one column of raw data from the raw data to be encrypted; 对选取的所述其中一列原始数据进行分类,使得分类后的所述原始数据的种类与所述索引的总位数相同;Classify one of the selected original data, so that the type of the classified original data is the same as the total number of digits of the index; 根据所述携带有加密位置信息的索引,将分类后的所述原始数据中与所述索引定位的加密位置的原始数据确定为待加密数据;According to the index carrying the encrypted location information, the original data of the encrypted location located with the index in the classified original data is determined as the data to be encrypted; 对所述待加密数据进行预设形式的加密处理。Encryption processing in a preset form is performed on the data to be encrypted. 2.根据权利要求1所述的数据的加密方法,其特征在于,所述方法还包括:2. The data encryption method according to claim 1, wherein the method further comprises: 获取已获得授权的接收所述加密数据的用户信息;Obtain the information of users who have been authorized to receive the encrypted data; 对所述用户信息对应的用户分配所述身份标识。The identity identifier is allocated to the user corresponding to the user information. 3.根据权利要求1所述的数据的加密方法,其特征在于,所述对选取的所述其中一列原始数据进行分类的步骤进一步包括:3. The data encryption method according to claim 1, wherein the step of classifying the selected one column of raw data further comprises: 获取根据所述身份标识转换得到的所述索引的总位数;Obtain the total number of digits of the index converted according to the identity identifier; 计算所述其中一列原始数据中各行的行数与所述总位数相除得到的余数;calculating the remainder obtained by dividing the row number of each row in the one column of original data by the total number of digits; 将余数相同的行数对应的原始数据确定为同一类。The original data corresponding to the number of rows with the same remainder are determined as the same class. 4.根据权利要求3所述的数据的加密方法,其特征在于,所述对所述用户的身份标识进行转换的步骤包括:4. the encryption method of data according to claim 3, is characterized in that, the described step of converting the identity of described user comprises: 将所述用户的身份标识转换为二进制数,将所述二进制数的位数确定为所述索引的位数。Converting the identity of the user into a binary number, and determining the number of digits of the binary number as the number of digits of the index. 5.根据权利要求4所述的数据的加密方法,其特征在于,所述将分类后的所述原始数据中与所述索引定位的加密位置的原始数据确定为待加密数据的步骤进一步包括:5. The encryption method of data according to claim 4, wherein the step of determining the original data of the encrypted position positioned with the index in the classified original data as the data to be encrypted further comprises: 获取所述二进制数中相同数值的数所在的位数;Obtain the digit of the number of the same value in the binary number; 获取所述余数为所述位数的所述原始数据所在的行数;obtaining the number of rows where the original data whose remainder is the number of digits is located; 将获取的所述行数中的所述原始数据确定为所述待加密数据。The raw data in the acquired number of rows is determined as the data to be encrypted. 6.根据权利要求1至5任一项所述的数据的加密方法,其特征在于,所述对所述待加密数据进行预设形式的加密处理的步骤包括:6. The data encryption method according to any one of claims 1 to 5, wherein the step of performing a preset form of encryption processing on the to-be-encrypted data comprises: 获取所述待加密数据中数据类型为字符型的原始数据;Obtain the original data whose data type is character type in the data to be encrypted; 对获取的所述字符型的原始数据进行显示标记。The acquired raw data of the character type is marked for display. 7.根据权利要求1至5任一项所述的数据的加密方法,其特征在于,所述对所述待加密数据进行预设形式的加密处理的步骤包括:7. The data encryption method according to any one of claims 1 to 5, wherein the step of performing a preset form of encryption processing on the to-be-encrypted data comprises: 获取所述待加密数据中数据类型为数值类型的原始数据;Obtain the original data whose data type is numeric type in the data to be encrypted; 对获取的所述数值类型的原始数据进行预设位置的数值增加。A numerical value increase at a preset position is performed on the acquired raw data of the numerical value type. 8.一种数据的加密装置,其特征在于,所述装置包括:8. A data encryption device, wherein the device comprises: 索引转换模块,用于获取接收加密数据的用户的身份标识,对所述用户的身份标识进行转换,得到携带有加密位置信息的索引;an index conversion module, configured to obtain the identity of the user who receives the encrypted data, convert the identity of the user, and obtain an index that carries the encrypted location information; 数据选取模块,用于从待加密的原始数据中选取其中一列原始数据;The data selection module is used to select one column of original data from the original data to be encrypted; 分类模块,用于对选取的所述其中一列原始数据进行分类,使得分类后的所述原始数据的种类与所述索引的总位数相同;A classification module, configured to classify one of the selected original data, so that the type of the classified original data is the same as the total number of digits of the index; 位置确定模块,用于根据所述携带有加密位置信息的索引,将分类后的所述原始数据中与所述索引定位的加密位置的原始数据确定为待加密数据;a position determination module, configured to determine, according to the index carrying the encrypted position information, the original data of the encrypted position located with the index in the classified original data as the data to be encrypted; 加密模块,用于对所述待加密数据进行预设形式的加密处理。An encryption module, configured to perform encryption processing in a preset form on the data to be encrypted. 9.一种计算机设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现如权利要求1至7中任一项所述数据的加密方法的步骤。9. A computer device comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the computer program as claimed in the claims Steps of the data encryption method described in any one of 1 to 7. 10.一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现如权利要求1至7中任一项所述数据的加密方法的步骤。10. A computer-readable storage medium storing a computer program, characterized in that, when the computer program is executed by a processor, the data as claimed in any one of claims 1 to 7 is implemented. The steps of the encryption method.
CN202010587452.XA 2020-06-24 2020-06-24 Data encryption method, device, computer equipment and storage medium Pending CN111737745A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010587452.XA CN111737745A (en) 2020-06-24 2020-06-24 Data encryption method, device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010587452.XA CN111737745A (en) 2020-06-24 2020-06-24 Data encryption method, device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN111737745A true CN111737745A (en) 2020-10-02

Family

ID=72652041

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010587452.XA Pending CN111737745A (en) 2020-06-24 2020-06-24 Data encryption method, device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111737745A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115412293A (en) * 2022-07-19 2022-11-29 网易(杭州)网络有限公司 Data processing method, device, server and storage medium
CN115442800A (en) * 2021-06-04 2022-12-06 中移动信息技术有限公司 Method, device and equipment for processing number portability data and readable storage medium
CN115987682A (en) * 2023-02-02 2023-04-18 浙江网商银行股份有限公司 Data processing method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107154939A (en) * 2017-05-10 2017-09-12 深信服科技股份有限公司 A kind of method and system of data tracing
CN110321675A (en) * 2018-03-29 2019-10-11 中移(苏州)软件技术有限公司 Generation, source tracing method and device based on webpage watermark

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107154939A (en) * 2017-05-10 2017-09-12 深信服科技股份有限公司 A kind of method and system of data tracing
CN110321675A (en) * 2018-03-29 2019-10-11 中移(苏州)软件技术有限公司 Generation, source tracing method and device based on webpage watermark

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115442800A (en) * 2021-06-04 2022-12-06 中移动信息技术有限公司 Method, device and equipment for processing number portability data and readable storage medium
CN115412293A (en) * 2022-07-19 2022-11-29 网易(杭州)网络有限公司 Data processing method, device, server and storage medium
CN115987682A (en) * 2023-02-02 2023-04-18 浙江网商银行股份有限公司 Data processing method
CN115987682B (en) * 2023-02-02 2025-01-03 浙江网商银行股份有限公司 Data processing method

Similar Documents

Publication Publication Date Title
US11902601B2 (en) System and techniques for digital data lineage verification
CN109525608B (en) Log reporting method and device, log management method and device and terminal equipment
WO2020186786A1 (en) File processing method and apparatus, computer device and storage medium
CN111737745A (en) Data encryption method, device, computer equipment and storage medium
WO2020232884A1 (en) Data table migration method, apparatus, computer device and storage medium
CN110245505B (en) Data table access method, device, computer equipment and storage medium
US11587150B1 (en) Systems and methods for eligibility verification
EP3961458B1 (en) Blockchain-based service processing methods, apparatuses, devices, and storage media
US20190138749A1 (en) Total periodic de-identification management apparatus and method
WO2017157104A1 (en) Information copying system, method and electronic device, and machine-readable storage medium
CN113094756B (en) Data encryption method and computing device
CN114818000B (en) Privacy protection set confusion intersection method, system and related equipment
CN115033577B (en) Storage method, query method and device for equipment order data
WO2019184741A1 (en) Application program information storing method and apparatus, and application program information processing method and apparatus
CN110738395A (en) service data processing method and device
CN115098877A (en) File encryption and decryption method and device, electronic equipment and medium
EP3973429A1 (en) Compatible anonymization of data sets of different sources
CN110827959B (en) Medical image processing method, device and storage medium
CN110990846B (en) Information storage method, device and computer readable storage medium
CN113434122A (en) Multi-role page creation method and device, server and readable storage medium
CN111966352A (en) Form generation method, device, storage medium and electronic device
CN112733510A (en) Financial certificate generation method, device, equipment and computer readable storage medium
US20100058071A1 (en) System and method for encrypting an electronic file in a mobile electronic device
CN117034345A (en) Data desensitization method, device, computer equipment and storage medium
CN116702103A (en) Database watermark processing method, database watermark tracing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination