CN112287376A

CN112287376A - Method and device for processing private data

Info

Publication number: CN112287376A
Application number: CN202011314935.9A
Authority: CN
Inventors: 赵豪
Original assignee: Alipay Hangzhou Information Technology Co Ltd
Current assignee: Alipay Hangzhou Information Technology Co Ltd
Priority date: 2020-11-20
Filing date: 2020-11-20
Publication date: 2021-01-29
Anticipated expiration: 2040-11-20
Also published as: CN112287376B; CN118350027A

Abstract

One or more embodiments of the present specification provide a method and an apparatus for processing private data, where the method includes: determining user privacy data to be uploaded by a target application; acquiring running environment related information of the target application; the running environment related information corresponds to the user terminal equipment currently running the target application; based on the acquired relevant information of the operating environment, encrypting the user privacy data to obtain encrypted user privacy data; and sending the encrypted user privacy data to an application server corresponding to the target application.

Description

Method and device for processing private data

Technical Field

The present disclosure relates to the field of internet technologies, and in particular, to a method and an apparatus for processing private data.

Background

At present, with the coming of the internet era, the internet is widely applied to daily study, work and life of people. Various daily transactions can be processed and presented through the internet. Meanwhile, with the rapid development of the mobile internet, each internet service provider provides corresponding business services for users by developing respective application programs, and the users can install corresponding application programs, such as game applications, video applications, chat applications, shopping applications, payment applications and the like, in the smart phones according to respective actual requirements.

In the process of running an application program on a client, in order to provide a personalized service for a user, user privacy data, such as user account information, address book information, geographical location information, and the like of a target user, generally needs to be acquired; however, the acquired user privacy data is not only used locally at the client, but also needs to be uploaded to the application server, so that the risk of leakage of the user privacy data may exist, certain potential safety hazards exist, and unnecessary troubles are brought to the user.

Disclosure of Invention

An object of one or more embodiments of the present specification is to provide a method of processing private data. The processing method of the privacy data comprises the following steps:

determining user privacy data to be uploaded by a target application; and the number of the first and second groups,

acquiring running environment related information of the target application; the running environment related information corresponds to the user terminal equipment currently running the target application;

based on the relevant information of the operating environment, encrypting the user privacy data to obtain encrypted user privacy data;

and sending the encrypted user privacy data to an application server corresponding to the target application.

An object of one or more embodiments of the present specification is to provide a processing apparatus of private data. The processing device of the privacy data comprises:

the privacy data determining module is used for determining user privacy data to be uploaded by the target application;

the running environment information acquisition module is used for acquiring running environment related information of the target application; the running environment related information corresponds to the user terminal equipment currently running the target application;

the private data encryption module is used for encrypting the user private data based on the relevant information of the operating environment to obtain encrypted user private data;

and the private data sending module is used for sending the encrypted user private data to an application server corresponding to the target application.

An object of one or more embodiments of the present specification is to provide a processing device of private data, including: a processor; and a memory arranged to store computer executable instructions.

The computer-executable instructions, when executed, cause the processor to determine user privacy data to be uploaded by a target application; and the number of the first and second groups,

It is an object of one or more embodiments of the present specification to provide a storage medium for storing computer-executable instructions. The executable instructions, when executed by the processor, determine user privacy data to be uploaded by the target application; and the number of the first and second groups,

Drawings

In order to more clearly illustrate one or more embodiments or prior art solutions of the present specification, the drawings that are needed in the description of the embodiments or prior art will be briefly described below, it is obvious that the drawings in the following description are only some of the embodiments described in one or more of the specification, and that other drawings can be obtained by those skilled in the art without inventive exercise.

Fig. 1 is a schematic application scenario diagram of a system for processing private data according to one or more embodiments of the present disclosure;

fig. 2 is a first flowchart of a processing method of privacy data according to one or more embodiments of the present disclosure;

fig. 3 is a second flowchart of a processing method of privacy data according to one or more embodiments of the present disclosure;

fig. 4 is a schematic flow chart of a processing method of privacy data according to one or more embodiments of the present disclosure;

fig. 5 is a schematic diagram illustrating an implementation principle of a processing method of privacy data according to one or more embodiments of the present specification;

fig. 6 is a schematic block diagram of a device for processing private data according to one or more embodiments of the present disclosure;

fig. 7 is a schematic structural diagram of a device for processing private data according to one or more embodiments of the present specification.

Detailed Description

In order to make the technical solutions in one or more embodiments of the present disclosure better understood, the technical solutions in one or more embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings in one or more embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of one or more embodiments of the present disclosure, but not all embodiments. All other embodiments that can be derived by a person skilled in the art from the embodiments given in one or more of the present specification without inventive step shall fall within the scope of protection of this document.

It should be noted that one or more embodiments and features of the embodiments in the present description may be combined with each other without conflict. Reference will now be made in detail to one or more embodiments of the disclosure, examples of which are illustrated in the accompanying drawings.

One or more embodiments of the present disclosure provide a method and an apparatus for processing private data, where before a target application uploads user private data to a corresponding application server, a user terminal side obtains operating environment related information of the target application, and then automatically encrypts the user private data based on the operating environment related information to send the encrypted user private data to the application server, so that since an encryption key used for encrypting the user private data corresponds to a user terminal device currently running the target application, and the obtained operating environment related information changes with the user terminal device, a decryption key for the encrypted user private data cannot be accurately obtained after the encrypted user private data leaves the user terminal device where the data is encrypted, therefore, the clear user privacy data can not be obtained through decryption, the situation that the user privacy data are abused because the user privacy data are uploaded to the application server by a malicious application program is avoided, and the safety of the user privacy data is improved.

Fig. 1 is a schematic application scenario of a system for processing private data according to one or more embodiments of the present specification, as shown in fig. 1, the system includes: the application server comprises an application server, a first terminal device and a second terminal device, wherein the first terminal device and the second terminal device can be mobile terminals such as a smart phone and a tablet computer, and can also be terminal devices such as a personal computer, the application server can be a business server for providing business services corresponding to target applications for user terminal devices, the application server can be an independent server, and can also be a server cluster consisting of a plurality of servers.

The specific process of processing the private data is as follows:

the first terminal equipment determines user privacy data to be uploaded by a target application; wherein the user privacy data comprises: at least one item of private data of a first user, which is locally acquired by a target application from a user terminal, private data of the first user, which is generated by the target application in a service processing process, and private data of the first user, which is acquired by the target application from other applications;

the first terminal equipment acquires first running environment related information of the target application; the first operation environment related information corresponds to the first terminal device, namely the operation environment related information obtained by aiming at different user terminal devices is different;

the first terminal equipment encrypts the user privacy data to be uploaded based on the acquired first operation environment related information to obtain encrypted user privacy data;

the first terminal equipment sends the encrypted user privacy data to an application server corresponding to the target application;

the application server receives the encrypted user privacy data uploaded by the first terminal equipment; the application server cannot acquire the running environment related information of the first terminal device, so that the encrypted user privacy data cannot be successfully decrypted, and the first user privacy data in a plaintext form cannot be acquired;

the application server sends the encrypted user privacy data to the second terminal equipment; the second terminal device may be a terminal device running other applications, or a terminal device running a target application;

the second terminal equipment acquires second operation environment related information corresponding to the second terminal equipment after receiving the encrypted user privacy data;

the second terminal equipment obtains a data decryption key aiming at the encrypted user privacy data based on the second operation environment related information;

and the second terminal equipment decrypts the encrypted user privacy data by using the data decryption key to obtain a corresponding data decryption result, wherein the data decryption result is data decryption failure, and the data decryption key is different from the data encryption key used for encrypting the user privacy data because the second operation environment related information is different from the first operation environment related information, so that the user privacy data in a plaintext form cannot be decrypted by using the data decryption key obtained based on the second operation environment related information.

In the application scenario, before the target application uploads the user privacy data to the corresponding application server, the user terminal side acquires the running environment related information of the target application, and then automatically encrypts the user privacy data based on the running environment related information to send the encrypted user privacy data to the application server, so that the encrypted key used for encrypting the user privacy data corresponds to the user terminal equipment currently running the target application, and the acquired running environment related information changes along with the change of the user terminal equipment, therefore, after the encrypted user privacy data is separated from the user terminal equipment where the data is encrypted, the decryption key for the encrypted user privacy data cannot be accurately acquired, and the clear user privacy data cannot be decrypted, therefore, the situation that the user privacy data are abused because the user privacy data are uploaded to the application server by the malicious application program is avoided, and the safety of the user privacy data is improved.

Fig. 2 is a first flowchart of a processing method of private data according to one or more embodiments of the present specification, where the method in fig. 2 can be executed by the user terminal device in fig. 1, and as shown in fig. 2, the method includes at least the following steps:

s202, determining user privacy data to be uploaded by a target application; the target application can be an independently installed application program, or an applet or Html5 webpage accessed to a specified host application;

the user privacy data may be user privacy data locally obtained by the target application from the user terminal, for example, address book information of the target user; user privacy data generated by the target application in the service processing process, such as transaction data and order data of the target user; the user privacy data obtained by the target application from other applications with authorization relationship may also be, for example, current location information of the target user, purchased ticket information.

Specifically, after monitoring that the target application needs to upload user privacy data to the application server, the user terminal device first calls the privacy data shell adding module to encrypt the user privacy data to be uploaded, and transmits the encrypted user privacy data to the target application, so that the user privacy data finally uploaded to the application server is ciphertext-form user privacy data.

S204, acquiring the running environment related information of the target application; the running environment related information corresponds to the user terminal equipment currently running the target application;

wherein the operation environment related information includes: installing hardware information and operating system information of user terminal equipment of the target application, and at least one of an application uniqueness identifier, an application developer identifier and a login account identifier of the target application; specifically, the operating environment-related information corresponds to the user terminal device, so that the encrypted user privacy data can be used only on the terminal device used for encryption.

S206, based on the obtained relevant information of the operating environment, encrypting the user privacy data to obtain the encrypted user privacy data;

specifically, the character string corresponding to the information related to the operating environment may be directly determined as the data encryption key, or the information related to the operating environment may be obfuscated first, the obtained character string is determined as the data encryption key, and the obtained data encryption key is used to encrypt the user privacy data, so as to obtain the user privacy data in the form of the ciphertext.

S208, sending the encrypted user privacy data to an application server corresponding to the target application; since the encryption key used for encrypting the user privacy data is related to the running environment related information of the target application, the correct decryption key cannot be obtained along with the change of the running environment related information, so that the user privacy data in a corresponding plaintext form cannot be obtained through decryption.

In one or more embodiments of the present disclosure, before the target application uploads the user privacy data to the corresponding application server, the user terminal side obtains the operating environment related information of the target application, and then automatically encrypts the user privacy data based on the operating environment related information to send the encrypted user privacy data to the application server, so that since the encryption key used for encrypting the user privacy data corresponds to the user terminal device currently operating the target application, the obtained operating environment related information changes with the change of the user terminal device, and after the encrypted user privacy data is separated from the user terminal device where the data is encrypted, the decryption key for the encrypted user privacy data cannot be accurately obtained, and thus the plaintext user privacy data cannot be decrypted, therefore, the situation that the user privacy data are abused because the user privacy data are uploaded to the application server by the malicious application program is avoided, and the safety of the user privacy data is improved.

As shown in fig. 3, for the process of acquiring the relevant information of the operating environment, in step S204, acquiring the relevant information of the operating environment of the target application specifically includes:

s2042, collecting device fingerprint information of a user terminal device running a target application, where the device fingerprint information includes: hardware information and/or operating system information;

the system comprises a target application, a user terminal device and a server, wherein the target application is used for identifying the running environment of the target application, and not only can acquire hardware information of the user terminal device, but also can acquire operating system information of the user terminal device, and can also acquire the hardware information and the operating system information at the same time; the hardware information may include at least one of a unique serial number and a production ID of the user terminal device; the operating system information may include at least one of an operating system authorization code, an activation code, and a serial number;

s2044, determining running environment related information of the target application based on the acquired equipment fingerprint information;

the information related to the operating environment may include multiple items of operating environment information acquired in real time, each item of operating environment information is used as a data encryption factor, a corresponding data encryption key is generated based on the multiple items of data encryption factors, and the data encryption key is used for encrypting the user privacy data to be uploaded.

In order to avoid the situation that the user privacy data is abused among different application programs on the same user terminal, when the user privacy data is encrypted, not only the device fingerprint information but also the application running parameter information is introduced, so that under the situation that the user privacy data is not authorized to other applications by the user, even if the application server sends the encrypted user privacy data to other applications on the same user terminal, the encrypted user privacy data cannot be successfully decrypted due to different application running parameter information, based on this, as shown in fig. 4, the above S2044 determines the running environment related information of the target application based on the collected device fingerprint information, and specifically includes:

s20442, obtaining application operation parameter information of the target application, where the application operation parameter information includes: at least one of an application uniqueness identifier, an application developer identifier and a login account identifier; the application uniqueness identifier can be a version serial number of the target application, and the version serial numbers of different target applications are different;

s20444, determining running environment related information of the target application based on the acquired device fingerprint information and the application running parameter information; if the relevant information of the operating environment only comprises the equipment fingerprint information, the relevant information of the operating environment and the user terminal equipment currently operating the target application are in a one-to-one correspondence relationship; and if the relevant information of the running environment comprises the equipment fingerprint information and the application running parameter information, the user terminal equipment currently running the target application and the relevant information of the running environment are in one-to-many corresponding relation.

For example, in order to avoid the situation that the user privacy data is abused between the application 1 and the application 2 on the same user terminal, the user privacy data used or generated by the application 1 is acquired through a data interface provided by the application 1, so that the user privacy data to be uploaded by the application 1 is obtained, the user privacy data is encrypted based on the operation environment related information 1 through a preset data security shell layer, the encrypted user privacy data is obtained and returned to the application 1, the application 1 uploads the encrypted user privacy data to a corresponding application server, then the application server sends the encrypted user privacy data to the application 2, the application 2 decrypts the encrypted user privacy data based on the operation environment related information 2 after receiving the encrypted user privacy data, wherein although the device fingerprint information contained in the operation environment related information 1 and the operation environment related information 2 is the same, however, since the operation environment related information 1 includes the application operation parameter information of the application 1 and the operation environment related information 2 includes the application operation parameter information of the application 2, which are different from each other, so that the operation environment related information 1 is different from the operation environment related information 2, the encrypted user privacy data is decrypted based on the operation environment related information 2, and the user privacy data in a plaintext form cannot be obtained through decryption.

For the process of encrypting the user privacy data based on the operating environment related information, in step S206, based on the obtained operating environment related information, the user privacy data is encrypted to obtain encrypted user privacy data, and the method specifically includes:

determining a data encryption key for user private data to be uploaded based on acquired running environment related information;

and secondly, encrypting the user privacy data by using the determined data encryption key to obtain the encrypted user privacy data. Specifically, a preset encryption algorithm is adopted to encrypt the user privacy data based on the determined data encryption key, wherein the preset encryption algorithm can be an AEC encryption algorithm, an encrypt encryption algorithm or other encryption algorithms.

Specifically, a data encryption key is generated based on the relevant information of the operating environment, and then the data encryption key is used for encrypting the user privacy data; the method includes the steps of obtaining a data encryption key, and encrypting user privacy data by using the obtained data encryption key to obtain the user privacy data in a ciphertext form.

Wherein the operation environment related information includes: a plurality of items of operating environment related information; correspondingly, for the process of generating the data encryption key based on multiple items of operating environment related information, in order to further improve the security and the difficulty of decryption of the encrypted user privacy data, preferably, the operating environment related information is fused first, and the obtained character string is determined as the data encryption key, based on which, the first step determines the data encryption key for the user privacy data to be uploaded based on the obtained operating environment related information, and specifically includes:

performing fusion processing on the collected multiple items of operation environment related information to obtain a data encryption key for the user privacy data to be uploaded; the merging process may include a string splicing process and/or a string obfuscation process.

Specifically, for the process of generating the data encryption key, the process may be that a plurality of items of operating environment information are fused first, and then a corresponding information digest is generated as the data encryption key, based on which the collected plurality of items of operating environment related information are fused to obtain the data encryption key for the user privacy data to be uploaded, and the process specifically includes:

determining character string information corresponding to the collected relevant information of each operation environment; specifically, the string conversion is performed on each item of the operating environment-related information to obtain corresponding string information, for example, the operating environment-related information includes: the method comprises the steps that hardware information, operating system information, application developer identification and login account identification of target application of user terminal equipment are converted into character strings respectively, and corresponding character string information is obtained.

Carrying out fusion processing on the character string information of the relevant information of each operating environment to obtain fused character string information; the fusion processing can be character string splicing processing or character string confusion processing;

and determining the running environment information abstract of the fused character string information by adopting a preset information abstract algorithm, and determining the running environment information abstract as a data encryption key. The preset message digest algorithm may be an MD5 digest algorithm, or other message digest algorithms.

Specifically, for the process of generating the data encryption key, it may also be that an information digest of each item of operating environment information is determined first, and then a plurality of information digests are fused to obtain the data encryption key, based on which, the above-mentioned fusion processing is performed on the collected related information of a plurality of operating environments to obtain the data encryption key for the user privacy data to be uploaded, which specifically includes:

determining the operating environment information abstract of the relevant information of each operating environment by adopting a preset information abstract algorithm; the preset information summarization algorithm may be an MD5 summarization algorithm, or other information summarization algorithms;

performing fusion processing on the operating environment information abstracts of the relevant information of each operating environment to obtain a data encryption key; the merging process may be a string splicing process or a string obfuscation process.

Further, considering that there may be an illegal molecule and a malicious code is implanted, so that the target application automatically carries the relevant information of the operating environment by sending the encrypted user privacy data to the application server, in order to avoid a situation that the encrypted user privacy data is cracked and abused due to interception and malicious uploading of the relevant information of the operating environment used for encrypting the user privacy data, based on this, the relevant information of the operating environment includes: a plurality of items of operating environment related information; in step S204, after the obtaining of the information related to the running environment of the target application, the method further includes:

marking at least one item of acquired operation environment related information as a shielding parameter; for example, at least one item of the acquired operating environment-related information may be marked with a specific identification code;

correspondingly, in step S208, sending the encrypted user privacy data to the application server corresponding to the target application includes:

judging whether the encrypted user privacy data contains target information marked as shielding parameters;

and if not, sending the encrypted user privacy data to an application server corresponding to the target application.

Specifically, before sending the encrypted user privacy data to the application server, the service data to be uploaded to the application server is monitored, and whether the shielding information is included is automatically identified, so that the situation that the user privacy content is revealed due to the fact that the data encryption key is uploaded to the server by all the information related to the operating environment is avoided.

Further, not only the encrypted user privacy data uploaded to the application server by the target application cannot be decrypted by other applications or other terminal devices to obtain plaintext data, but also for the encrypted user privacy data sent from other terminal devices or other applications to the target application by the application server, the terminal device running the target application cannot decrypt the user privacy data encrypted by other terminal devices or other applications, and after the encrypted user privacy data is sent to the application server corresponding to the target application in the above S208, the method further includes:

receiving encrypted user privacy data sent by an application server; the encrypted user privacy data can be first privacy data which are uploaded by a target application and encrypted at current user terminal equipment, and can also be second privacy data which are uploaded by other applications or encrypted at other terminal equipment; specifically, the second private data is sent to the application server by a target application running on other terminal equipment, or sent to the application server by other applications on the current user terminal equipment, or sent to the application server by other applications running on other terminal equipment;

determining a data decryption key for the received encrypted user privacy data based on current operating environment related information of the target application;

and decrypting the received encrypted user privacy data by using the data decryption key to obtain a corresponding data decryption result.

Wherein, the data decryption result comprises: the data decryption is successful and the corresponding user privacy data in a plaintext form or the data decryption is failed; specifically, if the received encrypted user privacy data is the first privacy data, the data decryption key is the same as the data encryption key used for the encrypted user privacy data, so that the encrypted user privacy data can be successfully decrypted to obtain the user privacy data in a plaintext form; if the received encrypted user privacy data is the second privacy data, the data decryption key is different from the data encryption key used for the encrypted user privacy data, and therefore, the encrypted user privacy data cannot be decrypted to obtain the user privacy data in a plaintext form.

Wherein, for the above target application is a hosted application hosted by a specified host application, the hosted application is an applet or Html5 webpage accessing the specified host application; one of the characteristics of the hosted application being a lightweight application program is that data is stored in an application server, and a user terminal stores a small amount of data locally or does not store data after exiting locally, so that the user privacy data uploaded to the application server by the hosted application is prevented from being widely spread and abused, and therefore, before the hosted application uploads the user privacy data to the application server, the user privacy data is encrypted based on the current operating environment related information of the target application to obtain the encrypted user privacy data, and then the encrypted user privacy data is uploaded to the application server, so that the user privacy data is prevented from being abused among other terminal devices or other applications.

Further, considering that the application server may have a need for normally using the user private data, the user terminal device further uploads the acquired operating environment related information to a designated trusted server or a blockchain system, the designated trusted server or the blockchain system stores a corresponding relationship between the operating environment related information and the data identifier of the encrypted user private data, the designated trusted server or the blockchain system responds to an information acquisition request of the application server based on the corresponding relationship, returns corresponding operating environment related information to the application server, and stores an operating environment information request record of the application server, so that the acquisition situation of the operating environment related information of the application server is traced based on the operating environment information request record in the following.

The specified trusted server may be a server corresponding to the specified hosted application, and the service corresponding to the specified hosted application monitors the use condition of the user privacy data of the server corresponding to the hosted application by the server corresponding to the specified hosted application after responding to the request for obtaining the relevant information of the operating environment of the server corresponding to the hosted application.

In a specific embodiment, as shown in fig. 5, taking an example that a target application is a first applet, where the first applet operates on a first user terminal, and a second applet is installed on a second terminal device, where if the first applet is different from the second applet, the first terminal device and the second terminal device may be the same or different, and correspondingly, a specific process of the method for processing the private data is as follows:

s501, a first terminal device obtains user privacy data to be uploaded of a first applet; wherein the user privacy data comprises: the method comprises the steps that a first applet locally acquires privacy data of a first user from a user terminal or generates the privacy data of the first user in a service processing process; specifically, a preset data security shell adding layer in first terminal equipment acquires user privacy data to be uploaded from a first small program through a first preset interface;

s502, the first terminal equipment acquires the first running environment related information of the first applet; wherein the first operating environment-related information corresponds to a first terminal device, and the first operating environment-related information includes: hardware information and operating system information of the first terminal device, and an application uniqueness identifier and a login account identifier of the first applet; specifically, a preset data security shell adding layer in first terminal equipment acquires first operation environment related information through a second preset interface;

s503, the first terminal device generates a data encryption key for the user privacy data to be uploaded based on the acquired first operation environment related information;

s504, the first terminal device encrypts the user privacy data to be uploaded by using the data encryption key to obtain encrypted user privacy data; specifically, a preset data security shell layer in first terminal equipment generates a data encryption key based on first operating environment related information, and then encrypts user privacy data by using the data encryption key;

s505, the first terminal device sends the encrypted user privacy data to an application server corresponding to the first applet; specifically, a preset data security shell layer in the first terminal device returns the obtained encrypted user privacy data to the first applet, and the first applet uploads the encrypted user privacy data to the application server;

s506, the application server receives the encrypted user privacy data uploaded by the first terminal device; the application server cannot acquire the running environment related information of the first terminal device, so that the encrypted user privacy data cannot be successfully decrypted, and the first user privacy data in a plaintext form cannot be acquired;

s507, the application server side sends the encrypted user privacy data to the second terminal device; the second terminal equipment is the terminal equipment for operating the second small program;

s508, the second terminal equipment receives the encrypted user privacy data and obtains second running environment related information of the second applet; specifically, a preset data security shell layer in the second terminal device acquires the relevant information of the second operating environment through a corresponding second preset interface;

s509, the second terminal device generates a data decryption key for the encrypted user privacy data based on the acquired second operating environment related information; specifically, a preset data security encryption layer in the second terminal device generates a data decryption key based on the second operating environment related information, and then decrypts the user privacy data by using the data decryption key;

s510, the second terminal equipment decrypts the encrypted user privacy data by using the data decryption key to obtain a corresponding data decryption result; the data decryption result is data decryption failure, and the data decryption key is different from the data encryption key used for encrypting the user privacy data due to the fact that the second operation environment related information is different from the first operation environment related information, so that the data decryption key obtained based on the second operation environment related information cannot be used for decrypting to obtain the user privacy data in a plaintext form.

In the processing method of the private data in one or more embodiments of the present specification, user private data to be uploaded by a target application is determined; acquiring running environment related information of the target application; the running environment related information corresponds to the user terminal equipment currently running the target application; based on the acquired relevant information of the operating environment, encrypting the user privacy data to obtain encrypted user privacy data; and sending the encrypted user privacy data to an application server corresponding to the target application. The method comprises the steps that before a target application uploads user privacy data to a corresponding application server, a user terminal side acquires operation environment related information of the target application, and then automatically encrypts the user privacy data based on the operation environment related information to send the encrypted user privacy data to the application server, so that an encryption key used for encrypting the user privacy data corresponds to user terminal equipment currently operating the target application, and the acquired operation environment related information changes along with the change of the user terminal equipment, therefore, after the encrypted user privacy data is separated from the user terminal equipment where the data is encrypted, a decryption key for the encrypted user privacy data cannot be accurately acquired, the plaintext user privacy data cannot be decrypted, and the situation that the user privacy data is abused due to the fact that the user privacy data is uploaded to the application server by a malicious application program is avoided, the security of the user privacy data is improved.

On the basis of the same technical concept, corresponding to the processing method of the private data described in fig. 2 to 5, one or more embodiments of the present specification further provide a processing apparatus of the private data, and fig. 6 is a schematic block diagram illustrating a processing apparatus of the private data provided in one or more embodiments of the present specification, the apparatus being configured to perform the processing method of the private data described in fig. 2 to 5, and as shown in fig. 6, the apparatus includes:

a privacy data determination module 602, which determines user privacy data to be uploaded by a target application;

a running environment information obtaining module 604, which obtains the running environment related information of the target application; the running environment related information corresponds to the user terminal equipment currently running the target application;

a private data encryption module 606, configured to encrypt the user private data based on the information related to the operating environment, so as to obtain encrypted user private data;

a private data sending module 608, configured to send the encrypted user private data to an application server corresponding to the target application.

Optionally, the operation environment information obtaining module 604 is configured to:

acquiring device fingerprint information of user terminal equipment running the target application, wherein the device fingerprint information comprises: hardware information and/or operating system information;

and determining the running environment related information of the target application based on the device fingerprint information.

acquiring application running parameter information of the target application, wherein the application running parameter information comprises: at least one of an application uniqueness identifier, an application developer identifier and a login account identifier;

and determining the running environment related information of the target application based on the device fingerprint information and the application running parameter information.

Optionally, the private data encryption module 606:

determining a data encryption key for the user privacy data based on the operating environment-related information;

and encrypting the user privacy data by using the data encryption key to obtain the encrypted user privacy data.

Optionally, the operation environment related information includes: a plurality of items of operating environment related information;

the private data encryption module 606, which:

and performing fusion processing on the multiple items of operation environment related information to obtain a data encryption key for the user privacy data.

Optionally, the private data encryption module 606:

determining character string information corresponding to the relevant information of each running environment;

performing fusion processing on the character string information of the relevant information of each operating environment to obtain fused character string information;

and determining the running environment information abstract of the fused character string information by adopting a preset information abstract algorithm, and determining the running environment information abstract as a data encryption key.

Optionally, the private data encryption module 606:

determining the operating environment information abstract of the operating environment related information by adopting a preset information abstract algorithm;

and fusing the operating environment information abstracts of the operating environment related information to obtain a data encryption key.

Optionally, the operation environment related information includes: a plurality of items of operating environment related information; the device further comprises: an operating environment information shielding module that:

marking at least one item of the operation environment related information as a shielding parameter;

the private data sending module 608, which:

Optionally, the apparatus further comprises: a private data decryption module that:

receiving encrypted user privacy data sent by the application server;

determining a data decryption key for the encrypted user privacy data based on current operating environment related information of the target application;

and decrypting the encrypted user privacy data by using the data decryption key to obtain a corresponding data decryption result.

Optionally, the target application includes: access the applet or Html5 web page of the specified host application.

The privacy data processing device in one or more embodiments of the present specification determines user privacy data to be uploaded by a target application; acquiring running environment related information of the target application; the running environment related information corresponds to the user terminal equipment currently running the target application; based on the acquired relevant information of the operating environment, encrypting the user privacy data to obtain encrypted user privacy data; and sending the encrypted user privacy data to an application server corresponding to the target application. The method comprises the steps that before a target application uploads user privacy data to a corresponding application server, a user terminal side acquires operation environment related information of the target application, and then automatically encrypts the user privacy data based on the operation environment related information to send the encrypted user privacy data to the application server, so that an encryption key used for encrypting the user privacy data corresponds to user terminal equipment currently operating the target application, and the acquired operation environment related information changes along with the change of the user terminal equipment, therefore, after the encrypted user privacy data is separated from the user terminal equipment where the data is encrypted, a decryption key for the encrypted user privacy data cannot be accurately acquired, the plaintext user privacy data cannot be decrypted, and the situation that the user privacy data is abused due to the fact that the user privacy data is uploaded to the application server by a malicious application program is avoided, the security of the user privacy data is improved.

It should be noted that, the embodiment of the processing apparatus for privacy data in this specification and the embodiment of the processing method for privacy data in this specification are based on the same inventive concept, and therefore, for specific implementation of this embodiment, reference may be made to implementation of the foregoing corresponding processing method for privacy data, and repeated details are not repeated.

Further, corresponding to the methods shown in fig. 2 to fig. 5, based on the same technical concept, one or more embodiments of the present specification further provide a device for processing the private data, where the device is configured to perform the method for processing the private data, as shown in fig. 7.

The processing device for privacy data may have a large difference due to different configurations or performances, and may include one or more processors 701 and a memory 702, where the memory 702 may store one or more stored applications or data. Memory 702 may be, among other things, transient storage or persistent storage. The application program stored in memory 702 may include one or more modules (not shown), each of which may include a series of computer-executable instructions in a processing device for private data. Still further, the processor 701 may be arranged to communicate with the memory 702, executing a series of computer executable instructions in the memory 702 on a processing device for privacy data. The processing apparatus of privacy data may also include one or more power supplies 703, one or more wired or wireless network interfaces 704, one or more input-output interfaces 705, one or more keyboards 706, and the like.

In a particular embodiment, a processing device for private data includes a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs may include one or more modules, and each module may include a series of computer-executable instructions in the processing device for private data, and configured for execution by the one or more processors the one or more programs including computer-executable instructions for:

In one or more embodiments of the present description, a device for processing privacy data determines user privacy data to be uploaded by a target application; acquiring running environment related information of the target application; the running environment related information corresponds to the user terminal equipment currently running the target application; based on the acquired relevant information of the operating environment, encrypting the user privacy data to obtain encrypted user privacy data; and sending the encrypted user privacy data to an application server corresponding to the target application. The method comprises the steps that before a target application uploads user privacy data to a corresponding application server, a user terminal side acquires operation environment related information of the target application, and then automatically encrypts the user privacy data based on the operation environment related information to send the encrypted user privacy data to the application server, so that an encryption key used for encrypting the user privacy data corresponds to user terminal equipment currently operating the target application, and the acquired operation environment related information changes along with the change of the user terminal equipment, therefore, after the encrypted user privacy data is separated from the user terminal equipment where the data is encrypted, a decryption key for the encrypted user privacy data cannot be accurately acquired, the plaintext user privacy data cannot be decrypted, and the situation that the user privacy data is abused due to the fact that the user privacy data is uploaded to the application server by a malicious application program is avoided, the security of the user privacy data is improved.

It should be noted that, the embodiment of the processing device for the private data in this specification and the embodiment of the processing method for the private data in this specification are based on the same inventive concept, and therefore, for specific implementation of this embodiment, reference may be made to implementation of the foregoing corresponding processing method for the private data, and repeated details are not repeated.

Further, based on the same technical concept, corresponding to the methods shown in fig. 2 to fig. 5, one or more embodiments of the present specification further provide a storage medium for storing computer-executable instructions, where in a specific embodiment, the storage medium may be a usb disk, an optical disk, a hard disk, and the like, and the storage medium stores computer-executable instructions that, when executed by a processor, implement the following processes:

The storage medium in one or more embodiments of the present specification stores computer-executable instructions that, when executed by the processor, determine user privacy data to be uploaded by the target application; acquiring running environment related information of the target application; the running environment related information corresponds to the user terminal equipment currently running the target application; based on the acquired relevant information of the operating environment, encrypting the user privacy data to obtain encrypted user privacy data; and sending the encrypted user privacy data to an application server corresponding to the target application. The method comprises the steps that before a target application uploads user privacy data to a corresponding application server, a user terminal side acquires operation environment related information of the target application, and then automatically encrypts the user privacy data based on the operation environment related information to send the encrypted user privacy data to the application server, so that an encryption key used for encrypting the user privacy data corresponds to user terminal equipment currently operating the target application, and the acquired operation environment related information changes along with the change of the user terminal equipment, therefore, after the encrypted user privacy data is separated from the user terminal equipment where the data is encrypted, a decryption key for the encrypted user privacy data cannot be accurately acquired, the plaintext user privacy data cannot be decrypted, and the situation that the user privacy data is abused due to the fact that the user privacy data is uploaded to the application server by a malicious application program is avoided, the security of the user privacy data is improved.

It should be noted that, the embodiment of the storage medium in this specification and the embodiment of the processing method of the private data in this specification are based on the same inventive concept, and therefore, for specific implementation of this embodiment, reference may be made to implementation of the foregoing corresponding processing method of the private data, and repeated details are not described again.

The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually making an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Hardware Description Language), traffic, pl (core universal Programming Language), HDCal (jhdware Description Language), lang, Lola, HDL, laspam, hardward Description Language (vhr Description Language), vhal (Hardware Description Language), and vhigh-Language, which are currently used in most common. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.

The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.

The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.

For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the various elements may be implemented in the same one or more software and/or hardware implementations of one or more of the present descriptions.

As will be appreciated by one skilled in the art, one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied in the medium.

One or more of the present specification has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to one or more embodiments of the specification. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

One or more of the present specification can be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more of the present specification can also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.

The above description is merely illustrative of one or more embodiments of the present disclosure and is not intended to limit one or more embodiments of the present disclosure. Various modifications and alterations to one or more of the present descriptions will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of one or more of the present specification should be included in the scope of one or more claims of the present specification.

Claims

1. A method of processing private data, comprising:

2. The method of claim 1, wherein the obtaining of the running environment related information of the target application comprises:

3. The method of claim 2, wherein the determining the operating environment related information of the target application based on the device fingerprint information comprises:

4. The method of claim 1, wherein the encrypting the user privacy data based on the operating environment-related information to obtain encrypted user privacy data comprises:

5. The method of claim 4, wherein the runtime environment-related information comprises: a plurality of items of operating environment related information;

the determining a data encryption key for the user privacy data based on the operating environment-related information includes:

6. The method according to claim 5, wherein the fusing the plurality of items of runtime environment-related information to obtain a data encryption key for the user privacy data includes:

7. The method according to claim 5, wherein the fusing the plurality of items of runtime environment-related information to obtain a data encryption key for the user privacy data includes:

8. The method of claim 1, wherein the runtime environment-related information comprises: a plurality of items of operating environment related information;

after obtaining the running environment related information of the target application, the method further comprises the following steps:

the sending the encrypted user privacy data to the application server corresponding to the target application includes:

9. The method of claim 1, wherein after sending the encrypted user privacy data to an application server corresponding to the target application, the method further comprises:

receiving encrypted user privacy data sent by the application server;

10. The method of any of claims 1 to 9, wherein the target application comprises: access the applet or Html5 web page of the specified host application.

11. An apparatus for processing private data, comprising:

12. The apparatus of claim 11, wherein the runtime environment information acquisition module is to:

13. The apparatus of claim 12, wherein the runtime environment information acquisition module is to:

14. The apparatus of claim 11, wherein the private data encryption module is to:

15. The apparatus of claim 14, wherein the operating environment-related information comprises: a plurality of items of operating environment related information; the private data encryption module, which:

16. The apparatus of claim 15, wherein the private data encryption module is to:

17. The apparatus of claim 15, wherein the private data encryption module is to:

18. The apparatus of claim 11, wherein the operating environment-related information comprises: a plurality of items of operating environment related information; the device further comprises: an operating environment information shielding module that:

the private data sending module:

19. The apparatus of claim 11, wherein the apparatus further comprises: a private data decryption module that:

receiving encrypted user privacy data sent by the application server;

20. The apparatus of any of claims 11 to 19, wherein the target application comprises: access the applet or Html5 web page of the specified host application.

21. A device for processing private data, comprising:

a processor; and

a memory arranged to store computer executable instructions that, when executed, cause the processor to:

22. A storage medium storing computer-executable instructions that, when executed by a processor, implement a method of: