CN111814166A - Data encryption method and device and electronic equipment - Google Patents
Data encryption method and device and electronic equipment Download PDFInfo
- Publication number
- CN111814166A CN111814166A CN202010660624.1A CN202010660624A CN111814166A CN 111814166 A CN111814166 A CN 111814166A CN 202010660624 A CN202010660624 A CN 202010660624A CN 111814166 A CN111814166 A CN 111814166A
- Authority
- CN
- China
- Prior art keywords
- information
- key
- mapping
- value pair
- key name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 238000013507 mapping Methods 0.000 claims abstract description 187
- 238000012545 processing Methods 0.000 claims description 21
- 238000010586 diagram Methods 0.000 description 9
- 230000003993 interaction Effects 0.000 description 6
- 238000004590 computer program Methods 0.000 description 4
- 238000004422 calculation algorithm Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000006872 improvement Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Power Engineering (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the specification provides a data encryption method, which includes generating first information according to a login request of a terminal, encrypting key name mapping information mapped by a key name and a virtual key name by using the first information, providing the first information, the key name mapping encryption information and a mapping script for the terminal, acquiring key value pair information of data by the terminal, generating and storing the virtual key value pair information based on the first information, the key name mapping encryption information and the key value pair information by using the mapping script instead of directly storing the key value pair information during storage, and assigning values to memory variables based on the first information, the key name mapping encryption information and the virtual key value pair information by using the mapping script during subsequent use. Because the data in the stored key value pair information corresponds to the virtual key name, even if the data is leaked, a pirate can only obtain the virtual key name without actual meaning, and cannot know the specific meaning of the data, thereby improving the safety.
Description
Technical Field
The present application relates to the field of internet, and in particular, to a data encryption method and apparatus, and an electronic device.
Background
In order to improve the security of data, in a scene with data interaction, in the prior art, a data sending party often encrypts data, and sends a decryption rule and the encrypted data to a request side for storage.
However, for a data interaction mode, a requesting party sends variable information to a requested party, the requested party returns data corresponding to the variable information to the requested party in a key-value pair form, and the data is stored on a requesting side for subsequent use.
However, although this approach can improve the security of data to some extent, there is still room for improvement.
The analysis of the prior art shows that even if the data corresponding to the variables are encrypted, if the data are leaked, the pirates can still know the meaning of the encrypted data, and only do not know the body value, which still has a certain risk on the data security.
The above information disclosed in this background section is only for enhancement of understanding of the background of the disclosure and therefore it may contain information that does not constitute prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
The embodiment of the specification provides a data encryption method, a data encryption device and electronic equipment, which are used for improving the security of stored data.
An embodiment of the present specification provides a data encryption method, including:
generating first information according to a login request of a terminal;
encrypting key name mapping information by using the first information to generate key name mapping encryption information, and providing the first information, the key name mapping encryption information and a mapping script for a terminal, wherein the key name of a variable in the key name mapping information is mapped with a virtual key name;
acquiring key-value pair information of data, generating virtual key-value pair information based on the first information, key-name mapping encryption information and the key-value pair information by using the mapping script, and storing the virtual key-value pair information;
and assigning a value to the memory variable based on the first information, the key name mapping encryption information and the virtual key value pair information by using the mapping script.
Optionally, the generating, by using the mapping script, virtual key-value pair information based on the first information, key-name mapping encryption information, and the key-value pair information, and storing the virtual key-value pair information includes:
determining a key value corresponding to the key name of the memory variable in the key-value pair information;
decrypting the key name mapping encryption information using the first information;
executing the mapping script, and determining the virtual key name mapped by the key name of the memory variable in the key name mapping information;
and generating virtual key value pair information according to the virtual key name and the key value of the memory variable.
Optionally, the generating virtual key-value pair information according to the virtual key name and the key value of the memory variable further includes:
encrypting the key value of the memory variable by using the first information;
and generating virtual key value pair information according to the virtual key name and the encrypted key value of the memory variable.
Optionally, the assigning, by using the mapping script, a memory variable based on the first information, the key name mapping encryption information, and the virtual key value pair information includes:
decrypting the key name mapping encryption information using the first information;
executing the mapping script, and determining the encrypted key name mapped by the key name of the memory variable in the key name mapping file;
and assigning the key value corresponding to the encryption key name in the encryption key value pair information to the memory variable.
Optionally, the obtaining key-value pair information of the data includes:
and sending a data request to a server, wherein the data request carries the key name of the variable data to be acquired.
Optionally, the generating first information according to the login request of the terminal includes:
acquiring a login request carrying user information and equipment information sent by a terminal;
and generating authentication information according to the user information and the equipment information.
Optionally, the encrypting the key name mapping information by using the first information includes:
the proxy server acquires authentication information generated by the service server;
carrying out Hash processing and encryption processing on key names of variables to generate encrypted Hash key names, associating the key names with the encrypted Hash key names to generate key name mapping information, wherein the virtual key names are the encrypted Hash key names;
and encrypting the key name mapping information by using the authentication information.
Optionally, the providing the first information, the key name mapping encryption information, and the mapping script includes:
sending a mapping file with first information and key name mapping encryption information to a terminal;
the method further comprises the following steps:
and the terminal locally stores the mapping file and deletes the virtual key name in the key name mapping file after the first information is invalid.
An embodiment of the present specification further provides a data encryption apparatus, including:
the login request module generates first information according to a login request of a terminal;
the key name encryption module is used for encrypting key name mapping information by using the first information to generate key name mapping encryption information and providing the first information, the key name mapping encryption information and a mapping script for a terminal, wherein the key name of a variable in the key name mapping information is mapped with a virtual key name;
the key-value pair module is used for acquiring key-value pair information of data, generating virtual key-value pair information based on the first information, key name mapping encryption information and the key-value pair information by using the mapping script, and storing the virtual key-value pair information;
and the mapping assignment module assigns values to the memory variables based on the first information, the key name mapping encryption information and the virtual key value pair information by using the mapping script.
Optionally, the generating, by using the mapping script, virtual key-value pair information based on the first information, key-name mapping encryption information, and the key-value pair information, and storing the virtual key-value pair information includes:
determining a key value corresponding to the key name of the memory variable in the key-value pair information;
decrypting the key name mapping encryption information using the first information;
executing the mapping script, and determining the virtual key name mapped by the key name of the memory variable in the key name mapping information;
and generating virtual key value pair information according to the virtual key name and the key value of the memory variable.
Optionally, the key-value pair module is further configured to:
encrypting the key value of the memory variable by using the first information;
and generating virtual key value pair information according to the virtual key name and the encrypted key value of the memory variable.
Optionally, the assigning, by using the mapping script, a memory variable based on the first information, the key name mapping encryption information, and the virtual key value pair information includes:
decrypting the key name mapping encryption information using the first information;
executing the mapping script, and determining the encrypted key name mapped by the key name of the memory variable in the key name mapping file;
and assigning the key value corresponding to the encryption key name in the encryption key value pair information to the memory variable.
Optionally, the obtaining key-value pair information of the data includes:
and sending a data request to a server, wherein the data request carries the key name of the variable data to be acquired.
Optionally, the generating first information according to the login request of the terminal includes:
acquiring a login request carrying user information and equipment information sent by a terminal;
and generating authentication information according to the user information and the equipment information.
Optionally, the encrypting the key name mapping information by using the first information includes:
the proxy server acquires authentication information generated by the service server;
carrying out Hash processing and encryption processing on key names of variables to generate encrypted Hash key names, associating the key names with the encrypted Hash key names to generate key name mapping information, wherein the virtual key names are the encrypted Hash key names;
and encrypting the key name mapping information by using the authentication information.
Optionally, the providing the first information, the key name mapping encryption information, and the mapping script includes:
sending a mapping file with first information and key name mapping encryption information to a terminal;
the key-value pair module is further to:
and the terminal locally stores the mapping file and deletes the virtual key name in the key name mapping file after the first information is invalid.
An embodiment of the present specification further provides an electronic device, where the electronic device includes:
a processor; and the number of the first and second groups,
a memory storing computer-executable instructions that, when executed, cause the processor to perform any of the methods described above.
The present specification also provides a computer readable storage medium, wherein the computer readable storage medium stores one or more programs which, when executed by a processor, implement any of the above methods.
Various technical solutions provided in this specification generate first information according to a login request of a terminal, encrypt key name mapping information in which a key name and a virtual key name are mapped by using the first information, provide the first information, the key name mapping encryption information, and a mapping script for the terminal, the terminal obtains key value pair information of data, and when storing the key value pair information, the terminal does not directly store the key value pair information, but generates and stores the virtual key value pair information based on the first information, the key name mapping encryption information, and the key value pair information by using the mapping script, and assigns a value to a memory variable based on the first information, the key name mapping encryption information, and the virtual key value pair information when subsequently using the mapping script. Because the data in the stored key value pair information corresponds to the virtual key name, even if the data is leaked, a pirate can only obtain the virtual key name without actual meaning, and cannot know the specific meaning of the data, thereby improving the safety.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic diagram of a data encryption method provided in an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of a data encryption apparatus provided in an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an electronic device provided in an embodiment of the present disclosure;
fig. 4 is a schematic diagram of a computer-readable medium provided in an embodiment of the present specification.
Detailed Description
Exemplary embodiments of the present invention will now be described more fully with reference to the accompanying drawings. The exemplary embodiments, however, may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these exemplary embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the invention to those skilled in the art. The same reference numerals denote the same or similar elements, components, or parts in the drawings, and thus their repetitive description will be omitted.
Features, structures, characteristics or other details described in a particular embodiment do not preclude the fact that the features, structures, characteristics or other details may be combined in a suitable manner in one or more other embodiments in accordance with the technical idea of the invention.
In describing particular embodiments, the present invention has been described with reference to features, structures, characteristics or other details that are within the purview of one skilled in the art to provide a thorough understanding of the embodiments. One skilled in the relevant art will recognize, however, that the invention may be practiced without one or more of the specific features, structures, characteristics, or other details.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The term "and/or" and/or "includes all combinations of any one or more of the associated listed items.
Fig. 1 is a schematic diagram of a data encryption method provided in an embodiment of the present disclosure, where the method may include:
s101: and generating first information according to the login request of the terminal.
Wherein the first information may be authentication information, such as an authentication code.
Since the authentication code is information returned by the server to the terminal for subsequent login verification, only one variable executed internally is not exposed, and therefore, if the authentication information can be used as a secret key, the secret key can be hidden, and a stealer often misses the authentication code when searching for the secret key from redundant data, thereby further improving the security.
In this embodiment of the present specification, the generating of the first information according to the login request of the terminal may include:
acquiring a login request carrying user information and equipment information sent by a terminal;
and generating authentication information according to the user information and the equipment information.
In practical application, the service server may generate the first information according to a login request of the terminal.
Specifically, the method may further include:
the terminal sends a login request to the proxy server, and the proxy server requests the service server to acquire authentication information for verifying the terminal;
the service server responds to the request of the proxy server, generates authentication information and returns the authentication information to the proxy server;
and the proxy server sends the authentication information to the terminal.
Therefore, the terminal can directly log in by using the authentication information for data interaction subsequently.
The login request may carry an equipment identifier and a user identifier of the terminal, and may also carry a user password.
The first information generated may be the first information updated by the service server when the terminal logs in each time. Thereby a dynamic first information can be formed.
S102: and encrypting key name mapping information by using the first information to generate key name mapping encryption information, and providing the first information, the key name mapping encryption information and a mapping script to a terminal, wherein the key name of a variable in the key name mapping information is mapped with a virtual key name.
The mapping script can map the execution rule for mapping under the preset condition.
After the terminal logs in newly each time, the first information, the key name mapping encryption information and the mapping script can be stored in the local terminal, so that the subsequent processing can be performed during the interaction of the service data.
The business data includes a key name and a key value, and a variable representing a business and a value of the variable.
Wherein the key name mapping information is encrypted using the first information. It may be encrypted by the service server.
Specifically, the proxy server may obtain the key name mapping information, and encrypt the key name mapping information by using the first information after receiving the first information returned by the service server.
The method may further comprise:
and processing the key name information of each variable in the service to generate an encrypted key name, and generating key name mapping information by using the key name and the corresponding virtual key name.
Wherein, each variable in the service may be a variable of the data interface.
Specifically, the virtual key name may be generated using at least one of a hash process and an encryption algorithm.
In an embodiment of the present specification, the encrypting key name mapping information by using the first information may include:
the proxy server acquires authentication information generated by the service server;
carrying out Hash processing and encryption processing on key names of variables to generate encrypted Hash key names, associating the key names with the encrypted Hash key names to generate key name mapping information, wherein the virtual key names are the encrypted Hash key names;
and encrypting the key name mapping information by using the authentication information.
Of course, the encryption may be performed by combining with an algorithm of hexadecimal escape replacement, specifically, the transcoding method may be performed by converting data into a character string to replace non-ASCII letters or numbers with hexadecimal escape, and then the first 9-bit authentication code is spliced before transcoding to perform algorithm transcoding compilation.
In an embodiment of the present specification, the providing the first information, the key name mapping encryption information, and the mapping script may include:
sending a mapping file with first information and key name mapping encryption information to a terminal;
the method may further comprise:
and the terminal locally stores the mapping file and deletes the virtual key name in the key name mapping file after the first information is invalid.
This avoids the program from occupying the cache repeatedly.
S103: acquiring key-value pair information of data, generating virtual key-value pair information based on the first information, key-name mapping encryption information and the key-value pair information by using the mapping script, and storing the virtual key-value pair information.
When the terminal performs the interaction of the service data, a data request carrying the key name and the first information can be sent to the service server, the service server directly verifies the first information, and after the verification is passed, the service data is returned to the terminal by using the data interface corresponding to the key name.
Therefore, in this embodiment of the present specification, the obtaining key-value pair information of data may include:
and sending a data request to a server, wherein the data request carries the key name of the variable data to be acquired.
By using the mapping script, virtual key-value pair information is generated based on the first information, key-name mapping encryption information, and the key-value pair information, and the virtual key-value pair information is stored, so that the key-value pair stored in the terminal is actually a key (key name, also referred to as key) value (key value, also referred to as value) pair having no actual meaning, and thus data decryption is performed using the stored data.
The storing of the virtual key-value pair information may be caching the virtual key-value pair information.
Specifically, the generating, by using the mapping script, virtual key-value pair information based on the first information, key-name mapping encryption information, and the key-value pair information, and storing the virtual key-value pair information may include:
determining a key value corresponding to the key name of the memory variable in the key-value pair information;
decrypting the key name mapping encryption information using the first information;
executing the mapping script, and determining the virtual key name mapped by the key name of the memory variable in the key name mapping information;
and generating virtual key value pair information according to the virtual key name and the key value of the memory variable.
In addition, in order to further improve the security of data, a key value corresponding to a key name may be encrypted.
In this embodiment of the present specification, the generating virtual key-value pair information according to the virtual key name and the key value of the memory variable may further include:
encrypting the key value of the memory variable by using the first information;
and generating virtual key value pair information according to the virtual key name and the encrypted key value of the memory variable.
Thus, when the execution script is generated subsequently, decryption is carried out and the value is assigned to the memory variable.
S104: and assigning a value to the memory variable based on the first information, the key name mapping encryption information and the virtual key value pair information by using the mapping script.
The method comprises the steps of generating first information according to a login request of a terminal, encrypting key name mapping information of key names and virtual key names by utilizing the first information, providing the first information, the key name mapping encryption information and a mapping script for the terminal, obtaining key value pair information of data by the terminal, generating and storing the virtual key value pair information based on the first information, the key name mapping encryption information and the key value pair information by utilizing the mapping script instead of directly storing the key value pair information during storage, and assigning values for memory variables based on the first information, the key name mapping encryption information and the virtual key value pair information by utilizing the mapping script during subsequent use. Because the data in the stored key value pair information corresponds to the virtual key name, even if the data is leaked, a pirate can only obtain the virtual key name without actual meaning, and cannot know the specific meaning of the data, thereby improving the safety.
In an embodiment of the present specification, the assigning, by using the mapping script, a memory variable based on the first information, the key name mapping encryption information, and the virtual key value pair information may include:
decrypting the key name mapping encryption information using the first information;
executing the mapping script, and determining the encrypted key name mapped by the key name of the memory variable in the key name mapping file;
and assigning the key value corresponding to the encryption key name in the encryption key value pair information to the memory variable.
In an application scenario, the service data stored in the terminal is data with a virtual key name, the specific meaning of the service data cannot be known, and the corresponding relation between the key value and the key name with the actual meaning can be embodied only in the process of assigning a value to the memory variable, so that the safety is improved.
To facilitate understanding of its effect, we provide an example:
firstly, a client initiates a login request, and a proxy server according to a variable key name required to be used in interaction: bizData generates its corresponding virtual key name: ZpD7r954qMTLH, generates key name mapping encryption information "bizData: ZpD7r954qMTLH ".
The terminal sends a request of service data to the server, the request carries a key name ' bizData ', and the service server returns key value pair information ' bizData: 378". "378" indicates the value of the service data requested back.
The terminal pair encrypts 378 to "pg 9 MqiML".
Determining a virtual key name (ZpD7r954qMTLH) corresponding to bizData by using the mapping relation in the key name mapping encryption information, and generating a virtual key value pair "ZpD 7r954 qMTLH" by combining the encrypted key value (pg9 MqiML): pg9MqiML ".
The specific form of the virtual key value pair information may be a map file.
When an execution script needs to be generated, firstly, the authentication code is used for decrypting the pg9MqiML to obtain ' 378 ', and the ZpD7r954qMTLH ' is decrypted and mapped to obtain a real key name ' bizData ', so that the ' 378 ' can be assigned to a variable represented by the ' bizData ' in the memory.
Fig. 2 is a schematic structural diagram of a data encryption apparatus provided in an embodiment of the present specification, where the apparatus may include:
a login request module 201, which generates first information according to a login request of a terminal;
a key name encryption module 202, configured to encrypt key name mapping information using the first information, generate key name mapping encryption information, and provide the first information, the key name mapping encryption information, and a mapping script to a terminal, where a key name of a variable in the key name mapping information is mapped to a virtual key name;
the key-value pair module 203 is used for acquiring key-value pair information of data, generating virtual key-value pair information based on the first information, key-name mapping encryption information and the key-value pair information by using the mapping script, and storing the virtual key-value pair information;
and the mapping assignment module 204 assigns a value to the memory variable based on the first information, the key name mapping encryption information and the virtual key value pair information by using the mapping script.
In an embodiment of the present specification, the generating, by using the mapping script, virtual key-value pair information based on the first information, key-name mapping encryption information, and the key-value pair information, and storing the virtual key-value pair information may include:
determining a key value corresponding to the key name of the memory variable in the key-value pair information;
decrypting the key name mapping encryption information using the first information;
executing the mapping script, and determining the virtual key name mapped by the key name of the memory variable in the key name mapping information;
and generating virtual key value pair information according to the virtual key name and the key value of the memory variable.
In an embodiment of this specification, the key-value pair module may be further configured to:
encrypting the key value of the memory variable by using the first information;
and generating virtual key value pair information according to the virtual key name and the encrypted key value of the memory variable.
In an embodiment of the present specification, the assigning, by using the mapping script, a memory variable based on the first information, the key name mapping encryption information, and the virtual key value pair information may include:
decrypting the key name mapping encryption information using the first information;
executing the mapping script, and determining the encrypted key name mapped by the key name of the memory variable in the key name mapping file;
and assigning the key value corresponding to the encryption key name in the encryption key value pair information to the memory variable.
In an embodiment of this specification, the obtaining key-value pair information of the data may include:
and sending a data request to a server, wherein the data request carries the key name of the variable data to be acquired.
In this embodiment of the present specification, the generating of the first information according to the login request of the terminal may include:
acquiring a login request carrying user information and equipment information sent by a terminal;
and generating authentication information according to the user information and the equipment information.
In an embodiment of the present specification, the encrypting key name mapping information by using the first information may include:
the proxy server acquires authentication information generated by the service server;
carrying out Hash processing and encryption processing on key names of variables to generate encrypted Hash key names, associating the key names with the encrypted Hash key names to generate key name mapping information, wherein the virtual key names are the encrypted Hash key names;
and encrypting the key name mapping information by using the authentication information.
In an embodiment of the present specification, the providing the first information, the key name mapping encryption information, and the mapping script may include:
sending a mapping file with first information and key name mapping encryption information to a terminal;
the key-value pair module may be further to:
and the terminal locally stores the mapping file and deletes the virtual key name in the key name mapping file after the first information is invalid.
The device generates first information according to a login request of a terminal, encrypts key name mapping information of which the key name is mapped with a virtual key name by using the first information, provides the first information, the key name mapping encryption information and a mapping script for the terminal, acquires key value pair information of data, generates and stores the virtual key value pair information based on the first information, the key name mapping encryption information and the key value pair information by using the mapping script instead of directly storing the key value pair information during storage, and assigns values to memory variables based on the first information, the key name mapping encryption information and the virtual key value pair information by using the mapping script during subsequent use. Because the data in the stored key value pair information corresponds to the virtual key name, even if the data is leaked, a pirate can only obtain the virtual key name without actual meaning, and cannot know the specific meaning of the data, thereby improving the safety.
Based on the same inventive concept, the embodiment of the specification further provides the electronic equipment.
In the following, embodiments of the electronic device of the present invention are described, which may be regarded as specific physical implementations for the above-described embodiments of the method and apparatus of the present invention. Details described in the embodiments of the electronic device of the invention should be considered supplementary to the embodiments of the method or apparatus described above; for details which are not disclosed in embodiments of the electronic device of the invention, reference may be made to the above-described embodiments of the method or the apparatus.
Fig. 3 is a schematic structural diagram of an electronic device provided in an embodiment of the present disclosure. An electronic device 300 according to this embodiment of the invention is described below with reference to fig. 3. The electronic device 300 shown in fig. 3 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 3, electronic device 300 is embodied in the form of a general purpose computing device. The components of electronic device 300 may include, but are not limited to: at least one processing unit 310, at least one memory unit 320, a bus 330 connecting the various system components (including the memory unit 320 and the processing unit 310), a display unit 340, and the like.
Wherein the storage unit stores program code executable by the processing unit 310 to cause the processing unit 310 to perform the steps according to various exemplary embodiments of the present invention described in the above-mentioned processing method section of the present specification. For example, the processing unit 310 may perform the steps as shown in fig. 1.
The storage unit 320 may include readable media in the form of volatile storage units, such as a random access memory unit (RAM)3201 and/or a cache storage unit 3202, and may further include a read only memory unit (ROM) 3203.
The storage unit 320 may also include a program/utility 3204 having a set (at least one) of program modules 3205, such program modules 3205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The electronic device 300 may also communicate with one or more external devices 400 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 300, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 300 to communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 350. Also, the electronic device 300 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via the network adapter 360. Network adapter 360 may communicate with other modules of electronic device 300 via bus 330. It should be appreciated that although not shown in FIG. 3, other hardware and/or software modules may be used in conjunction with electronic device 300, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments of the present invention described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiment of the present invention can be embodied in the form of a software product, which can be stored in a computer-readable storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to make a computing device (which can be a personal computer, a server, or a network device, etc.) execute the above-mentioned method according to the present invention. The computer program, when executed by a data processing apparatus, enables the computer readable medium to implement the above-described method of the invention, namely: such as the method shown in fig. 1.
Fig. 4 is a schematic diagram of a computer-readable medium provided in an embodiment of the present specification.
A computer program implementing the method shown in fig. 1 may be stored on one or more computer readable media. The computer readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
In summary, the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that some or all of the functionality of some or all of the components in embodiments in accordance with the invention may be implemented in practice using a general purpose data processing device such as a microprocessor or a Digital Signal Processor (DSP). The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
While the foregoing embodiments have described the objects, aspects and advantages of the present invention in further detail, it should be understood that the present invention is not inherently related to any particular computer, virtual machine or electronic device, and various general-purpose machines may be used to implement the present invention. The invention is not to be considered as limited to the specific embodiments thereof, but is to be understood as being modified in all respects, all changes and equivalents that come within the spirit and scope of the invention.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (10)
1. A method for data encryption, comprising:
generating first information according to a login request of a terminal;
encrypting key name mapping information by using the first information to generate key name mapping encryption information, and providing the first information, the key name mapping encryption information and a mapping script for a terminal, wherein the key name of a variable in the key name mapping information is mapped with a virtual key name;
acquiring key-value pair information of data, generating virtual key-value pair information based on the first information, key-name mapping encryption information and the key-value pair information by using the mapping script, and storing the virtual key-value pair information;
and assigning a value to the memory variable based on the first information, the key name mapping encryption information and the virtual key value pair information by using the mapping script.
2. The method of claim 1, wherein the generating, with the mapping script, virtual key-value pair information based on the first information, key-name mapping encryption information, and the key-value pair information, and storing the virtual key-value pair information comprises:
determining a key value corresponding to the key name of the memory variable in the key-value pair information;
decrypting the key name mapping encryption information using the first information;
executing the mapping script, and determining the virtual key name mapped by the key name of the memory variable in the key name mapping information;
and generating virtual key value pair information according to the virtual key name and the key value of the memory variable.
3. The method according to any one of claims 1-2, wherein generating virtual key-value pair information according to the virtual key name and the key value of the memory variable further comprises:
encrypting the key value of the memory variable by using the first information;
and generating virtual key value pair information according to the virtual key name and the encrypted key value of the memory variable.
4. The method according to any one of claims 1-3, wherein said assigning memory variables based on said first information, key name mapping encryption information, and said virtual key value pair information using said mapping script comprises:
decrypting the key name mapping encryption information using the first information;
executing the mapping script, and determining the encrypted key name mapped by the key name of the memory variable in the key name mapping file;
and assigning the key value corresponding to the encryption key name in the encryption key value pair information to the memory variable.
5. The method according to any one of claims 1-4, wherein the obtaining key-value pair information of data comprises:
and sending a data request to a server, wherein the data request carries the key name of the variable data to be acquired.
6. The method according to any one of claims 1 to 5, wherein the generating of the first information according to the login request of the terminal comprises:
acquiring a login request carrying user information and equipment information sent by a terminal;
and generating authentication information according to the user information and the equipment information.
7. The method according to any one of claims 1-6, wherein said encrypting key name mapping information using said first information comprises:
the proxy server acquires authentication information generated by the service server;
carrying out Hash processing and encryption processing on key names of variables to generate encrypted Hash key names, associating the key names with the encrypted Hash key names to generate key name mapping information, wherein the virtual key names are the encrypted Hash key names;
and encrypting the key name mapping information by using the authentication information.
8. A data encryption apparatus, comprising:
the login request module generates first information according to a login request of a terminal;
the key name encryption module is used for encrypting key name mapping information by using the first information to generate key name mapping encryption information and providing the first information, the key name mapping encryption information and a mapping script for a terminal, wherein the key name of a variable in the key name mapping information is mapped with a virtual key name;
the key-value pair module is used for acquiring key-value pair information of data, generating virtual key-value pair information based on the first information, key name mapping encryption information and the key-value pair information by using the mapping script, and storing the virtual key-value pair information;
and the mapping assignment module assigns values to the memory variables based on the first information, the key name mapping encryption information and the virtual key value pair information by using the mapping script.
9. An electronic device, wherein the electronic device comprises:
a processor; and the number of the first and second groups,
a memory storing computer-executable instructions that, when executed, cause the processor to perform the method of any of claims 1-7.
10. A computer readable storage medium, wherein the computer readable storage medium stores one or more programs which, when executed by a processor, implement the method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010660624.1A CN111814166B (en) | 2020-07-10 | 2020-07-10 | Data encryption method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010660624.1A CN111814166B (en) | 2020-07-10 | 2020-07-10 | Data encryption method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111814166A true CN111814166A (en) | 2020-10-23 |
| CN111814166B CN111814166B (en) | 2023-09-12 |
Family
ID=72841696
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010660624.1A Active CN111814166B (en) | 2020-07-10 | 2020-07-10 | Data encryption method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111814166B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112749412A (en) * | 2021-01-18 | 2021-05-04 | 中国民航信息网络股份有限公司 | Method, system, equipment and storage medium for processing passenger identity information |
| CN115001799A (en) * | 2022-05-30 | 2022-09-02 | 上海华客信息科技有限公司 | Page interaction method, system, equipment and storage medium based on check-in information |
| CN116684083A (en) * | 2023-06-02 | 2023-09-01 | 西南财经大学 | Inadvertent key value storage method based on two hash functions and one-way step thereof |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102236766A (en) * | 2011-05-10 | 2011-11-09 | 桂林电子科技大学 | Security data item level database encryption system |
| CN103186668A (en) * | 2013-03-11 | 2013-07-03 | 北京京东世纪贸易有限公司 | Method and device for processing data as well as data storage system based on key value data base |
| US20140270153A1 (en) * | 2013-03-13 | 2014-09-18 | Futurewei Technologies, Inc. | System and Method for Content Encryption in a Key/Value Store |
| CN104463040A (en) * | 2014-12-18 | 2015-03-25 | 恒宝股份有限公司 | Secure input method and system for password |
| US20170046520A1 (en) * | 2015-08-12 | 2017-02-16 | Microsoft Technology Licensing, Llc | Data center privacy |
| CN106951797A (en) * | 2016-01-07 | 2017-07-14 | 上海思立微电子科技有限公司 | file locking method, device and terminal |
| CN106997439A (en) * | 2017-04-01 | 2017-08-01 | 北京元心科技有限公司 | TrustZone-based data encryption and decryption method and device and terminal equipment |
| KR20170115470A (en) * | 2017-09-20 | 2017-10-17 | 주식회사 비즈모델라인 | Method for Processing Security Input by using Virtual Key |
| CN107632927A (en) * | 2017-07-28 | 2018-01-26 | 北京北信源软件股份有限公司 | A kind of method for testing pressure and device of the encryption of the analogue data in C/S frameworks |
| CN108880784A (en) * | 2018-05-28 | 2018-11-23 | 江苏众享金联科技有限公司 | User privacy information shared system under a kind of different trust domain of solution based on block chain |
| CN109474838A (en) * | 2018-11-01 | 2019-03-15 | 腾讯科技(深圳)有限公司 | A kind of data processing method, equipment, system and storage medium |
| CN110502602A (en) * | 2019-08-14 | 2019-11-26 | 平安科技(深圳)有限公司 | Date storage method, device, equipment and computer storage medium |
| CN111083108A (en) * | 2019-11-14 | 2020-04-28 | 北京字节跳动网络技术有限公司 | Data processing method, device, medium and electronic equipment |
| CN111935092A (en) * | 2020-07-10 | 2020-11-13 | 上海淇毓信息科技有限公司 | Information interaction method and device based on third-party application and electronic equipment |
-
2020
- 2020-07-10 CN CN202010660624.1A patent/CN111814166B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102236766A (en) * | 2011-05-10 | 2011-11-09 | 桂林电子科技大学 | Security data item level database encryption system |
| CN103186668A (en) * | 2013-03-11 | 2013-07-03 | 北京京东世纪贸易有限公司 | Method and device for processing data as well as data storage system based on key value data base |
| US20140270153A1 (en) * | 2013-03-13 | 2014-09-18 | Futurewei Technologies, Inc. | System and Method for Content Encryption in a Key/Value Store |
| CN104463040A (en) * | 2014-12-18 | 2015-03-25 | 恒宝股份有限公司 | Secure input method and system for password |
| US20170046520A1 (en) * | 2015-08-12 | 2017-02-16 | Microsoft Technology Licensing, Llc | Data center privacy |
| CN106951797A (en) * | 2016-01-07 | 2017-07-14 | 上海思立微电子科技有限公司 | file locking method, device and terminal |
| CN106997439A (en) * | 2017-04-01 | 2017-08-01 | 北京元心科技有限公司 | TrustZone-based data encryption and decryption method and device and terminal equipment |
| CN107632927A (en) * | 2017-07-28 | 2018-01-26 | 北京北信源软件股份有限公司 | A kind of method for testing pressure and device of the encryption of the analogue data in C/S frameworks |
| KR20170115470A (en) * | 2017-09-20 | 2017-10-17 | 주식회사 비즈모델라인 | Method for Processing Security Input by using Virtual Key |
| CN108880784A (en) * | 2018-05-28 | 2018-11-23 | 江苏众享金联科技有限公司 | User privacy information shared system under a kind of different trust domain of solution based on block chain |
| CN109474838A (en) * | 2018-11-01 | 2019-03-15 | 腾讯科技(深圳)有限公司 | A kind of data processing method, equipment, system and storage medium |
| CN110502602A (en) * | 2019-08-14 | 2019-11-26 | 平安科技(深圳)有限公司 | Date storage method, device, equipment and computer storage medium |
| CN111083108A (en) * | 2019-11-14 | 2020-04-28 | 北京字节跳动网络技术有限公司 | Data processing method, device, medium and electronic equipment |
| CN111935092A (en) * | 2020-07-10 | 2020-11-13 | 上海淇毓信息科技有限公司 | Information interaction method and device based on third-party application and electronic equipment |
Non-Patent Citations (3)
| Title |
|---|
| ELIJAH MARTINEZ: "Working with Encrypted Key Value Maps using SAP Cloud Platform API Management UI", pages 1 - 24, Retrieved from the Internet <URL:https://blogs.sap.com/2019/04/05/working-with-encrypted-key-value-maps-using-sap-cloud-platform-api-management-ui/> * |
| 宋志毅: "面向云平台的数据库安全防护技术研究及实现", 中国优秀硕士学位论文全文数据库 信息科技辑, no. 4, pages 138 - 1965 * |
| 宋志毅等: "基于保序加密的MongoDB数据加密技术研究与实现", 第十届中国通信学会学术年会论文集, pages 285 - 291 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112749412A (en) * | 2021-01-18 | 2021-05-04 | 中国民航信息网络股份有限公司 | Method, system, equipment and storage medium for processing passenger identity information |
| CN112749412B (en) * | 2021-01-18 | 2024-01-23 | 中国民航信息网络股份有限公司 | Processing method, system, equipment and storage medium for passenger identity information |
| CN115001799A (en) * | 2022-05-30 | 2022-09-02 | 上海华客信息科技有限公司 | Page interaction method, system, equipment and storage medium based on check-in information |
| CN116684083A (en) * | 2023-06-02 | 2023-09-01 | 西南财经大学 | Inadvertent key value storage method based on two hash functions and one-way step thereof |
| CN116684083B (en) * | 2023-06-02 | 2024-05-28 | 西南财经大学 | Inadvertent key value storage method based on two hash functions and one-way step thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111814166B (en) | 2023-09-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111814166B (en) | Data encryption method and device and electronic equipment | |
| CN106991298B (en) | Access method of application program to interface, authorization request method and device | |
| CN107528865B (en) | File downloading method and system | |
| US9749130B2 (en) | Distributing keys for decrypting client data | |
| KR20170087663A (en) | Apparatus for performing on behalf an electronic signature for client terminal and operating method thereof | |
| CN111538977B (en) | Cloud API key management method, cloud platform access method, cloud API key management device, cloud platform access device and server | |
| JP6697478B2 (en) | Method and computer program for runtime instantiation of a broadcast cipher | |
| WO2023029447A1 (en) | Model protection method, device, apparatus, system and storage medium | |
| CN111200593A (en) | Application login method and device and electronic equipment | |
| CN114207615A (en) | System and method for maintaining an immutable data access log with privacy | |
| CN116383867A (en) | Data query method, device, electronic equipment and computer readable medium | |
| JP6671701B1 (en) | Arithmetic device, arithmetic method, arithmetic program, and arithmetic system | |
| CN112016104A (en) | Encryption method, device and system for financial sensitive data | |
| CN109711178B (en) | Key value pair storage method, device, equipment and storage medium | |
| CN109543366B (en) | Source code encryption method, device and system | |
| CN112115430A (en) | Apk reinforcement method, electronic equipment and storage medium | |
| US20230179404A1 (en) | Hybrid cloud-based security service method and apparatus for security of confidential data | |
| US10621319B2 (en) | Digital certificate containing multimedia content | |
| CN109995534B (en) | Method and device for carrying out security authentication on application program | |
| CN114615087B (en) | Data sharing method, device, equipment and medium | |
| CN116132041A (en) | Key processing method and device, storage medium and electronic equipment | |
| CN111831978A (en) | Method and device for protecting configuration file | |
| CN105978849A (en) | Client updating method and system, client and server | |
| Ali et al. | Architectural Design for Data Security in Cloud-based Big Data Systems | |
| CN114329535A (en) | File encryption method and device, electronic equipment and computer readable medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |