CN112632581A - User data processing method and device, computer equipment and storage medium - Google Patents

User data processing method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN112632581A
CN112632581A CN202011586148.XA CN202011586148A CN112632581A CN 112632581 A CN112632581 A CN 112632581A CN 202011586148 A CN202011586148 A CN 202011586148A CN 112632581 A CN112632581 A CN 112632581A
Authority
CN
China
Prior art keywords
user
data
information
key
key information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011586148.XA
Other languages
Chinese (zh)
Inventor
郑如刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
OneConnect Smart Technology Co Ltd
OneConnect Financial Technology Co Ltd Shanghai
Original Assignee
OneConnect Financial Technology Co Ltd Shanghai
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by OneConnect Financial Technology Co Ltd Shanghai filed Critical OneConnect Financial Technology Co Ltd Shanghai
Priority to CN202011586148.XA priority Critical patent/CN112632581A/en
Publication of CN112632581A publication Critical patent/CN112632581A/en
Priority to PCT/CN2021/125569 priority patent/WO2022142629A1/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2457Query processing with adaptation to user needs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a user data processing method, a device, computer equipment and a storage medium, wherein the method comprises the following steps: acquiring user original data, wherein the user original data comprises a user account; processing the user original data to obtain user key information and user non-key information; sending the user key information to a service layer, and encrypting the user key information to obtain target ciphertext data and a user private key; and storing the user account, the user private key and the target ciphertext data in a business layer in an associated manner, and storing the user account and the user non-key information in a database in an associated manner. The method provided by the embodiment can store the user key information and the user non-key information separately, and encrypt the user key information, thereby effectively protecting the safety of the user key information.

Description

User data processing method and device, computer equipment and storage medium
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a user data processing method and apparatus, a computer device, and a storage medium.
Background
At present, when a user registers a service application program, a server often stores all information of the user in a data table of a database, but the inventor finds that the storage method has a large potential safety hazard for the following reasons: 1. when the data is called, the risk of illegal acquisition exists, and when the key user information in the data table of the calling database returns to the service layer, a hacker can remotely acquire and modify data, counterfeit data and the like, so that the potential safety hazard of user key information leakage exists; 2. all data are stored in the database, encryption of the key information of the user is not supported, and the key information of the user in the data cannot be effectively guaranteed.
Disclosure of Invention
The embodiment of the invention provides a user data processing method and device, computer equipment and a storage medium, and aims to solve the problem of great potential safety hazard in the existing mode of storing user data.
A user data processing method, comprising:
acquiring user original data, wherein the user original data comprises a user account;
processing the user original data to obtain user key information and user non-key information;
sending the user key information to a service layer, and encrypting the user key information to obtain target ciphertext data and a user private key;
and storing the user account, the user private key and the target ciphertext data in a business layer in an associated manner, and storing the user account and the user non-key information in a database in an associated manner.
A user data processing apparatus comprising:
the system comprises a user original data acquisition module, a data processing module and a data processing module, wherein the user original data acquisition module is used for acquiring user original data which comprises a user account;
the splitting processing acquisition module is used for processing the original user data to obtain user key information and user non-key information;
the encryption processing module is used for sending the user key information to a service layer, encrypting the user key information and acquiring target ciphertext data and a user private key;
and the storage module is used for storing the user account, the user private key and the target ciphertext data in a business layer in an associated manner, and storing the user account and the user non-key information in a database in an associated manner.
A computer device comprising a memory, a processor and a computer program stored in said memory and executable on said processor, said processor implementing the steps of the above-mentioned user data processing method when executing said computer program.
A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned user data processing method.
According to the user data processing method and device, the computer equipment and the storage medium, user original data are obtained, wherein the user original data comprise a user account; and processing the user original data to obtain user key information and user non-key information, and providing technical support for subsequent separate storage of the user key information and the user non-key information. And sending the user key information to a service layer, encrypting the user key information, and acquiring target ciphertext data and a user private key, so that the user key information can be effectively protected, and the user key information is prevented from being leaked. And the user account, the user private key and the target ciphertext data are stored in a business layer in an associated manner, the user account and the user non-key information are stored in a database in an associated manner, and the user data are stored separately, so that the safety of the user data can be effectively ensured.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
FIG. 1 is a diagram of an application environment of a method for processing user data according to an embodiment of the present invention;
FIG. 2 is a flow chart of a method of processing user data according to an embodiment of the present invention;
FIG. 3 is another flow chart of a method of user data processing in an embodiment of the present invention;
FIG. 4 is another flow chart of a method of user data processing in an embodiment of the present invention;
FIG. 5 is another flow chart of a method of user data processing in an embodiment of the present invention;
FIG. 6 is another flow chart of a method of user data processing in an embodiment of the present invention;
FIG. 7 is another flow chart of a method of user data processing in an embodiment of the present invention;
FIG. 8 is another flow chart of a method of user data processing in an embodiment of the present invention;
FIG. 9 is a functional block diagram of a user data processing apparatus according to an embodiment of the present invention;
FIG. 10 is a schematic diagram of a computer device according to an embodiment of the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The user data processing method provided by the embodiment of the invention can be applied to the application environment shown in fig. 1. Specifically, the user data processing method is applied to a user data processing system, the user data processing system comprises a client and a server shown in fig. 1, the client and the server are communicated through a network and are used for processing user original data and storing user key information and user non-key information separately, and the security of the user key information is effectively protected. The client is also called a user side, and refers to a program corresponding to the server and providing local services for the client. The client may be installed on, but is not limited to, various personal computers, laptops, smartphones, tablets, and portable wearable devices. The server may be implemented as a stand-alone server or as a server cluster consisting of a plurality of servers.
In an embodiment, as shown in fig. 2, a user data processing method is provided, which is described by taking the server in fig. 1 as an example, and includes the following steps:
s201: and acquiring user original data, wherein the user original data comprises a user account.
The user raw data is data sent by the user to the server through the application, for example, the user raw data may be user data filled by a user registration application or data submitted by the user to the server for authentication, which is not limited herein.
The user account is an account of the user logging in the application program, and for example, the user account may be a user name or the like.
Specifically, the user starts an application program at the client, fills in user original data on the application program, and clicks a confirmation submission button, so that the server acquires the user original data.
S202: and processing the original data of the user to obtain key information and non-key information of the user.
In this embodiment, the user key information includes, but is not limited to, user jobs and a user identity, where the user identity is an identity used for uniquely identifying a user, and for example, the user identity may be a user identification card. It can be understood that the user key information is generally data with a small data volume and high privacy.
The user non-critical information is information other than the user critical information, for example, the user non-critical information may be a user address, a user video, a user photo, and the like. The user video and the user photo can be stored on the server by the user so as to release the storage space of the client; or the user video and the user photo are used for ensuring that the user is registered to operate by the user, and the user photo is required to be submitted by the user at a photo collecting interface of the application program; or submitting the user video at a video acquisition interface of the application program to ensure that the user is registered with the application program, so as to ensure that the user is registered truly and effectively and avoid the situations of counterfeiting the user and the like. It can be understood that the user non-critical information is generally data with a large amount of data and low privacy.
Specifically, after the server acquires the user original data, the server processes the user original data to split the user original data to obtain user key information and user non-key information, so that the user key information and the user non-key information are separated understandably, and technical support is provided for subsequent separate storage of the user key information and the user non-key information; the key information of the user and the non-key information of the user are separated, and a lawless person usually only attacks the database under normal conditions, so that the lawless person cannot obtain complete data even if the lawless person attacks the database, the complete information of the user cannot be obtained, and the safety of the key information of the user is guaranteed.
S203: and sending the key information of the user to a service layer, encrypting the key information of the user, and acquiring target ciphertext data and a user private key.
The target ciphertext data is data obtained by encrypting the key information of the user. The business layer is a layer formed by writing logic codes according to actual business requirements. The server usually stores all received data in the database, but the data of the same user in the database is very complete, and if the data is illegally broken by the database, the data of the user is leaked.
In this embodiment, the user original data is split to obtain the user key information, and the user key information is encrypted by using the user public key to obtain the target ciphertext data, so that the security of the user key information is favorably ensured, and the problems that in the prior art, the user original data cannot be directly stored in a database, the user original data cannot be encrypted, and the user original data cannot be effectively ensured are solved.
In this embodiment, an encryption algorithm is used in the service layer to encrypt the user key information to obtain target ciphertext data, so that the user key information can be effectively protected, and the user key information is prevented from being leaked.
S204: and storing the user account, the user private key and the target ciphertext data in a business layer in an associated manner, and storing the user account and the user non-key information in a database in an associated manner.
In this embodiment, the user account and the target ciphertext data are stored in the service layer in an associated manner, and subsequently, the user key information in the service layer can be found according to the user account; since the non-key information of the user is stored in the database in a correlated manner, a hacker cannot obtain complete user data if the non-key information of the user is illegally broken by the database, and the safety of the user data can be effectively ensured.
The user data processing method provided by the embodiment acquires user original data, wherein the user original data comprises a user account; and processing the original user data to obtain user key information and user non-key information, and providing technical support for subsequent separate storage of the user key information and the user non-key information. The user key information is sent to the service layer, the user key information is encrypted, the target ciphertext data and the user private key are obtained, the user key information can be effectively protected, and the user key information is prevented from being leaked. The user account, the user private key and the target ciphertext data are stored in a business layer in an associated mode, the user account and the user non-key information are stored in a database in an associated mode, and the user data are stored separately, so that the user data safety can be effectively guaranteed.
In one embodiment, as shown in FIG. 3, user raw data includes an original field and a field value corresponding to the original field; step S202, processing the user raw data to obtain user key information and user non-key information, including:
s301: inquiring an information classification table based on user original data, wherein the information classification table comprises key fields;
the original field is a field indicating the attribute of the data, and for example, the original field may be the attribute of the user such as name, age, job title, and authority. The field value is the value corresponding to the original field, for example, if the original field is age, the field value is xx years old; when the original field is the authority, the field value is authority 1 or authority 2, etc.;
the information classification table is configured in advance and is used for processing the user original data to obtain a table of user key information and user non-key information, and the user original data is subjected to standardized processing. The critical field refers to the more critical field. For example, the key fields may be user permissions, user roles, and the like. Wherein, the user roles can be administrator and visitor; or general staff and managers, etc. The user right is a right for limiting the user to access the information item on the application program, for example, the user 1 may submit a user contract, the user 2 may access the user contract and check the user contract and the like, and the user 3 may examine and approve the bill, etc., that is, submitting the user contract and checking the user contract and the check the user contract and the like are the user right. In this embodiment, the preset information classification table may provide technical support for splitting the subsequent user key information and the user non-key information, and ensure the specification of the processing procedure.
S302: and extracting the field value of the original field matched with the key field from the original data of the user to acquire the key information of the user.
S303: and extracting field values of original fields which do not match with the key fields from the original data of the user to acquire non-key information of the user.
In the embodiment, the field value of the original field matched with the key field is determined as the key information of the user, and the key information of the user is extracted from the original data of the user; the field value of the original field which is not matched with the key field is determined as the non-key information of the user, the non-key information of the user is extracted from the original data of the user, the key information of the user and the non-key information of the user are separated, the key information of the user and the non-key information of the user can be stored separately in the follow-up process, and the safety of the data of the user is effectively ensured.
The user data processing method provided by this embodiment queries the information classification table based on the user raw data, and implements normalized processing on the user raw data. Extracting field values of original fields matched with the key fields from the original data of the user to acquire key information of the user; the field value of the original field which is not matched with the key field is extracted from the original data of the user to obtain the non-key information of the user, so that the key information and the non-key information of the user can be separately stored subsequently, and the safety of the data of the user is effectively ensured.
In an embodiment, as shown in fig. 4, step S203 is to perform encryption processing on the user key information to obtain target ciphertext data and a user private key, and includes:
s401: and when the key information of the user is obtained, generating a user public key and a user private key corresponding to the user public key by adopting an encryption algorithm.
The encryption algorithm is an asymmetric encryption algorithm, the asymmetric encryption algorithm is an algorithm which is used for encryption and decryption and is not the same key, two keys, namely a user public key and a user private key, are usually provided, and the two keys need to be paired for use, otherwise, encrypted data cannot be opened. The user public key refers to a key which can be published externally and used for encrypting key information of the user. The user private key is a key for decrypting the encrypted user key information (i.e., the target ciphertext data), and is known only by a holder. It can be understood that the asymmetric encryption method has two keys, and the user public key can be disclosed, so that it is not known by others that the decryption can be performed only by using the matched user private key, thereby well avoiding the problem of the transmission security of the keys.
In this embodiment, after the user key information is sent to the service layer, in order to further improve the security guarantee of the user key data, a user private key and a user public key are generated, so as to provide technical support for encrypting the user key information.
S402: and encrypting the key information of the user by adopting the user public key to obtain target ciphertext data.
In the implementation, the user public key is adopted to encrypt the user key information to obtain the target ciphertext data, and the target ciphertext data, the user account and the user private key are stored in the service layer in an associated manner, so that the protection of the user key information can be realized.
In the user data processing method provided by this embodiment, when the user key information is obtained, the encryption algorithm is used to generate the user public key and the user private key corresponding to the user public key, so as to provide technical support for encrypting the user key information. The user public key is adopted to encrypt the user key information to obtain target ciphertext data, so that the protection of the user key information can be realized.
In an embodiment, as shown in fig. 5, the target ciphertext data carries the user authority identifier; after step S204, that is, after storing the user account, the user private key, and the target ciphertext data in association in the service layer, and storing the user account and the user non-key information in association in the database, the method further includes:
s501: and acquiring a user access request, wherein the user access request comprises a user account and a target access object.
Wherein the user access request is a request that the user wants to access a function module on the application. The target access object refers to a functional module that the user wishes to access, for example, the target access object may be a contract check, a payment approval, or a payment approval.
Specifically, a user clicks a target access object on the navigation bar to send a user access request to the server, and determines whether the user is allowed to access the target access object, and when the server receives the user access request, a user account and the target access object are obtained according to the user access request, so that whether the user has the right to access the target access object is determined according to the user account.
S502: and determining target authority information and a query identifier corresponding to the target authority information based on the target access object.
The target access object is set according to the target access object, and the target authority information is used for determining whether the user can access the information required by the target access object, namely, the user can access the target access object only by having the target authority information. The query identifier is an identifier indicating whether to query the service layer or the database, and it can be understood that whether the user can access and use the query identifier is determined according to the user original information of the user.
As an example, when the target access object of the user is contract verification, the corresponding target authority information is internal employees, employment in contract departments, and the like; when the target access object of the user is signed by a contract, the corresponding target authority information is that the user is a company client, a user picture and the like.
S503: and if the query identifier is a service layer, acquiring a matched private key corresponding to the user account.
The matching private key is a key corresponding to the user account so as to be matched with the user private key corresponding to the user account in the following process, and whether the user is a legal user is judged.
In this embodiment, when the target permission information is required to be key information of the user, the server obtains a pre-generated matching private key so as to be matched with the private key of the user subsequently, and verify whether the user is legal.
S504: and if the user private key is matched with the matched private key, acquiring a user authority identifier fed back by the service layer according to the target authority information, and processing the user access request based on the user authority identifier and the target authority information.
The user authority identifier is an identifier used for representing user authority, and the user authority identifier is an identifier obtained in advance according to user key information.
In the embodiment, the user private key and the matching private key are obtained according to an encryption algorithm, and the security is high, and the user private key is matched with the matching private key, so that the user is a legal user, and therefore, the information matched with the user private key and the matching private key is sent to the service layer, so that the service layer feeds back the user authority identification to the server based on the information matched with the user private key and the matching private key, so that the server processes the user access request according to the user authority identification, and when the user authority is determined, the key information of the user stored in the service layer is not required to be decrypted, and the time for determining the user authority is favorably shortened; meanwhile, when the user key information is called, the user authority identification is obtained through the calling of the service layer, and the problem that a hacker remotely obtains the user key information in the prior art by feeding data back to the service layer through the data access layer can be solved.
Processing a user access request based on a user authority identifier, specifically judging whether the user authority identifier comprises target authority information, and responding to the user access request if the user authority identifier comprises the target authority information; and if the user authority identifier does not comprise the target authority information, not responding to the user access request and displaying the information that the user does not meet the access authority.
The user data processing method provided by this embodiment determines the target authority information based on the target access object, so as to provide technical support for subsequently determining whether the user can access the target access object. And if the target authority information is the key information of the user, acquiring a matched private key corresponding to the user account so as to be matched with the private key of the user subsequently and verify whether the user is legal or not. If the user private key is matched with the matched private key, the user authority identification fed back by the service layer is obtained according to the target authority information, and the user access request is processed based on the user authority identification and the target authority information, so that target ciphertext data does not need to be decrypted, and the target ciphertext data is protected; the user authority identification is obtained through self calling of the service layer, so that the problem that key information of a hacker is remotely obtained by feeding data back to the service layer through the data access layer in the prior art can be solved.
In an embodiment, as shown in fig. 6, after step S502, i.e. after determining the target right information based on the target access object, the method further comprises:
s601: and if the query identifier is a data layer, querying the database according to the target authority information to obtain a query result.
And the query result is obtained by querying the user non-key information in the database according to the target authority information. It can be understood that the query result includes that the target authority information exists in the user non-key information, or the target authority information does not exist in the user non-key information.
In this embodiment, when the query identifier is a data layer, the database is queried according to the target permission information to determine whether the non-key information of the user has the target permission information, so as to provide technical support for subsequently processing the user access request.
S602: and processing the user access request based on the query result.
Specifically, if the query result includes the target authority information, responding to the user access request; and if the query result does not comprise the target authority information, not responding to the user access request, and displaying the information that the user does not meet the access authority so as to process the user access request according to the actual situation.
In the user data processing method provided by this embodiment, if the target permission information is calling user non-key information, the database is queried to obtain a query result, so as to provide technical support for subsequently processing the user access request.
In an embodiment, as shown in fig. 7, after step S502, i.e. after determining the target right information based on the target access object, the method further comprises:
s701: if the query identifier is the service layer and the database, acquiring a matched private key corresponding to the user account;
in this embodiment, when the query identifier is the service layer and the database, the service layer and the database are queried respectively, so as to process the user access request in the following. When the service layer is inquired, the server acquires a pre-generated matching private key so as to be matched with the private key of the user subsequently and verify whether the user is legal or not.
S702: if the user private key is matched with the matched private key, acquiring a user authority identifier fed back by the service layer according to the target authority information; and querying the database according to the target authority information to obtain a query result.
The specific implementation process in this embodiment is the same as steps S502 and S601, and is not described herein again.
S703: and processing the user access request based on the user authority identification, the query result and the target authority information.
In the embodiment, when the set of the user authority identifier and the query result comprises the target authority information, the user access request is responded; and if the set of the user authority identification and the query result comprises the target authority information, not responding to the user access request, and displaying the information that the user does not meet the access authority so as to process the user access request according to the actual situation. For example, if the target privilege information includes privilege 1 and privilege 2; the user authority identifier comprises authority 1, the inquiry result is that the user number has authority 2, and the set of the user authority identifier and the inquiry result comprises target authority information and responds to the user access request.
In the user data processing method provided in this embodiment, if the query identifier is the service layer and the database, the matching private key corresponding to the user account is obtained, so that the matching with the user private key is performed subsequently, and whether the user is legal or not is verified. If the user private key is matched with the matched private key, acquiring a user authority identifier fed back by the service layer according to the target authority information; inquiring a database according to the target authority information to obtain an inquiry result; and processing the user access request based on the user authority identification, the query result and the target authority information so as to process the user access request according to the actual situation.
In an embodiment, as shown in fig. 8, before step S501, before acquiring the user access request, the method further includes:
s801: and acquiring a user login request, wherein the user login request comprises a user account and a user password.
Wherein the user login request is a request for the user to login to the application program.
Specifically, a user clicks a login button on an application program to send a user login request to a server, and when the server receives the user login request, the user login request is analyzed to obtain a user account and a user password, so that the user account and the user password can be verified in the following process, and whether the user is a legal user or not is judged.
S802: and verifying the user account and the user password to obtain an identity verification result.
The identity authentication result refers to a result of authenticating the user account and the user password. Understandably, if the user account and the user password are accurate, the authentication result is that the authentication is passed; and if one of the user account and the user password is wrong, the authentication result is that the authentication is not passed.
Specifically, the server creates a registration information table in the service layer in advance, where the registration information table is used to record a user account and a user password submitted during user registration, and it is noted that when a user modifies the user account and the user password, the registration information table is updated synchronously, and when the server obtains the user account and the user password, the registration information table is queried to verify the user account and the user password.
S803: if the identity verification result is that the verification is passed, generating a matched private key corresponding to the user account; and jumping to a data access interface to obtain a user access request.
In this embodiment, when the identity verification result is that the verification is passed, it is verified that the user is a valid user, and at this time, a matching private key corresponding to the user account is generated, so as to provide technical support for subsequent user access, and a data access interface is skipped, so that the user can access the data.
The user data processing method provided by the embodiment obtains a user login request, verifies a user account and a user password, and obtains an identity verification result; and if the identity authentication result is that the authentication is passed, generating a matched private key corresponding to the user account according to the user account and the user password, providing technical support for subsequent user access, jumping to a data access interface, and acquiring a user access request so as to facilitate the user to access.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
In one embodiment, a user data processing apparatus is provided, and the user data processing apparatus corresponds to the user data processing method in the above embodiment one to one. As shown in fig. 9, the user data processing apparatus includes a user raw data acquisition module 901, a splitting processing acquisition module 902, an encryption processing module 903, and a storage module 904. The functional modules are explained in detail as follows:
a user raw data obtaining module 901, configured to obtain user raw data, where the user raw data includes a user account;
a splitting processing obtaining module 902, configured to process user original data to obtain user key information and user non-key information;
an encryption processing module 903, configured to send the user key information to the service layer, encrypt the user key information, and obtain target ciphertext data and a user private key;
the storage module 904 is configured to store the user account, the user private key, and the target ciphertext data in a service layer in an associated manner, and store the user account and the user non-key information in a database in an associated manner.
Preferably, the user original data includes an original field and a field value corresponding to the original field; the splitting process obtaining module 902 includes: the system comprises an information classification table query unit, a user key information acquisition unit and a user non-key information acquisition unit.
The information classification table query unit is used for querying an information classification table based on user original data, and the information classification table comprises key fields;
the user key information acquisition unit is used for extracting the field value of the original field matched with the key field from the user original data and acquiring the user key information;
and the user non-key information acquisition unit is used for extracting the field value of the original field which is not matched with the key field from the user original data and acquiring the user non-key information.
Preferably, the encryption processing module 903 includes: a key generation unit and an encryption unit.
The key generation unit is used for generating a user public key and a user private key corresponding to the user public key by adopting an encryption algorithm when the key information of the user is acquired;
and the encryption unit is used for encrypting the key information of the user by adopting the user public key to obtain target ciphertext data.
Preferably, the target ciphertext data carries the user authority identifier; after the storage module 904, the apparatus further comprises: the device comprises a user access request acquisition module, a query identifier determination module, a matching private key acquisition module and a first processing module.
The system comprises a user access request acquisition module, a target access object acquisition module and a user access request acquisition module, wherein the user access request acquisition module is used for acquiring a user access request which comprises a user account and a target access object;
the query identifier determining module is used for determining target authority information and a query identifier corresponding to the target authority information based on the target access object;
the matching private key acquisition module is used for acquiring a matching private key corresponding to the user account if the query identifier is a service layer;
and the first processing module is used for acquiring the user authority identification fed back by the service layer according to the target authority information and processing the user access request based on the user authority identification and the target authority information if the user private key is matched with the matched private key.
Preferably, after querying the identity determination module, the apparatus further comprises: a query result acquisition module and a second processing module.
The query result acquisition module is used for querying the database according to the target authority information to acquire a query result if the query identifier is the database;
and the second processing module is used for processing the user access request based on the query result.
Preferably, after querying the identity determination module, the apparatus further comprises: the system comprises a matching private key acquisition module, a user authority identification and query result module and a third processing module.
The matching private key acquisition module is used for acquiring a matching private key corresponding to the user account if the query identifier is the service layer and the database;
the user authority identification and query result module is used for acquiring the user authority identification fed back by the service layer according to the target authority information if the user private key is matched with the matched private key; inquiring a database according to the target authority information to obtain an inquiry result;
and the third processing module is used for processing the user access request based on the user authority identification, the query result and the target authority information.
Preferably, before the user accesses the request obtaining module, the apparatus further includes:
the system comprises a user login request acquisition module, a user login request acquisition module and a user password acquisition module, wherein the user login request acquisition module is used for acquiring a user login request which comprises a user account and a user password;
the verification module is used for verifying the user account and the user password to obtain an identity verification result;
the skip module is used for generating a matching private key corresponding to the user account according to the user account and the user password if the identity authentication result is that the authentication is passed; and jumping to a data access interface to obtain a user access request.
For specific limitations of the user data processing apparatus, reference may be made to the above limitations of the user data processing method, which are not described herein again. The respective modules in the user data processing apparatus described above may be implemented in whole or in part by software, hardware, and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 10. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing user raw data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a user data processing method.
In an embodiment, a computer device is provided, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the steps of the user data processing method in the foregoing embodiments are implemented, for example, steps S201 to S204 shown in fig. 2 or steps shown in fig. 3 to fig. 8, which are not repeated herein to avoid repetition. Alternatively, when executing the computer program, the processor implements functions of each module/unit in the embodiment of the user data processing apparatus, for example, functions of the user raw data obtaining module 901, the splitting processing obtaining module 902, the encryption processing module 903, and the storage module 904 shown in fig. 9, and are not described here again to avoid repetition.
In an embodiment, a computer-readable storage medium is provided, where a computer program is stored on the computer-readable storage medium, and when executed by a processor, the computer program implements the steps of the user data processing method in the foregoing embodiment, for example, steps S201 to S204 shown in fig. 2 or steps shown in fig. 3 to fig. 8, which are not repeated herein to avoid repetition. Alternatively, when executing the computer program, the processor implements functions of each module/unit in the embodiment of the user data processing apparatus, for example, functions of the user raw data obtaining module 901, the splitting processing obtaining module 902, the encryption processing module 903, and the storage module 904 shown in fig. 9, and are not described here again to avoid repetition.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.

Claims (10)

1. A method for processing user data, comprising:
acquiring user original data, wherein the user original data comprises a user account;
processing the user original data to obtain user key information and user non-key information;
sending the user key information to a service layer, and encrypting the user key information to obtain target ciphertext data and a user private key;
and storing the user account, the user private key and the target ciphertext data in a business layer in an associated manner, and storing the user account and the user non-key information in a database in an associated manner.
2. The user data processing method of claim 1, wherein the user original data includes an original field and a field value corresponding to the original field; the processing the user original data to obtain user key information and user non-key information includes:
querying an information classification table based on the user raw data, the information classification table comprising key fields;
extracting the field value of the original field matched with the key field from the original data of the user to acquire key information of the user;
and extracting field values of original fields which are not matched with the key fields from the original data of the user to acquire non-key information of the user.
3. The user data processing method according to claim 1, wherein the encrypting the user key information to obtain target ciphertext data and a user private key comprises:
when the key information of the user is obtained, generating a user public key and a user private key corresponding to the user public key by adopting an encryption algorithm;
and encrypting the key information of the user by adopting the user public key to obtain target ciphertext data.
4. The user data processing method according to claim 1, wherein the target ciphertext data carries a user permission identifier; after the associating and storing the user account, the user private key and the target ciphertext data in a service layer and the associating and storing the user account and the user non-key information in a database, the method further comprises:
acquiring a user access request, wherein the user access request comprises a user account and a target access object;
determining target authority information and a query identifier corresponding to the target authority information based on the target access object;
if the query identifier is a service layer, acquiring a matched private key corresponding to the user account;
and if the user private key is matched with the matched private key, acquiring a user authority identifier fed back by a service layer according to target authority information, and processing the user access request based on the user authority identifier and the target authority information.
5. The user data processing method of claim 4, after said determining target rights information based on said target access object, comprising:
if the query identifier is a database, querying the database according to the target authority information to obtain a query result;
and processing the user access request based on the query result.
6. The user data processing method of claim 4, after said determining target rights information based on said target access object, comprising:
if the query identifier is a service layer and a database, acquiring a matched private key corresponding to the user account;
if the user private key is matched with the matched private key, acquiring a user authority identifier fed back by a service layer according to target authority information; inquiring a database according to the target authority information to obtain an inquiry result;
and processing the user access request based on the user authority identification, the query result and the target authority information.
7. The user data processing method of claim 4, wherein prior to said obtaining a user access request, the method further comprises:
acquiring a user login request, wherein the user login request comprises the user account and the user password;
verifying the user account and the user password to obtain an identity verification result;
if the identity verification result is that the verification is passed, generating a matched private key corresponding to the user account according to the user account and the user password; and jumping to a data access interface to obtain the access request of the user.
8. A user data processing apparatus, comprising:
the system comprises a user original data acquisition module, a data processing module and a data processing module, wherein the user original data acquisition module is used for acquiring user original data which comprises a user account;
the splitting processing acquisition module is used for processing the original user data to obtain user key information and user non-key information;
the encryption processing module is used for sending the user key information to a service layer, encrypting the user key information and acquiring target ciphertext data and a user private key;
and the storage module is used for storing the user account, the user private key and the target ciphertext data in a business layer in an associated manner, and storing the user account and the user non-key information in a database in an associated manner.
9. Computer arrangement comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor realizes the steps of the user data processing method according to any of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the user data processing method according to any one of claims 1 to 7.
CN202011586148.XA 2020-12-28 2020-12-28 User data processing method and device, computer equipment and storage medium Pending CN112632581A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202011586148.XA CN112632581A (en) 2020-12-28 2020-12-28 User data processing method and device, computer equipment and storage medium
PCT/CN2021/125569 WO2022142629A1 (en) 2020-12-28 2021-10-22 User data processing method and apparatus, computer device, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011586148.XA CN112632581A (en) 2020-12-28 2020-12-28 User data processing method and device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN112632581A true CN112632581A (en) 2021-04-09

Family

ID=75286183

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011586148.XA Pending CN112632581A (en) 2020-12-28 2020-12-28 User data processing method and device, computer equipment and storage medium

Country Status (2)

Country Link
CN (1) CN112632581A (en)
WO (1) WO2022142629A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113177216A (en) * 2021-04-30 2021-07-27 北京市商汤科技开发有限公司 Data transmission method and device, computer equipment and storage medium
CN114372249A (en) * 2022-03-21 2022-04-19 北京纷扬科技有限责任公司 Data authority control method and device based on authority codes
WO2022142629A1 (en) * 2020-12-28 2022-07-07 深圳壹账通智能科技有限公司 User data processing method and apparatus, computer device, and storage medium
CN116094838A (en) * 2023-04-06 2023-05-09 苏州浪潮智能科技有限公司 Data encryption method and related components

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115102795B (en) * 2022-08-26 2022-11-18 北京盈泽世纪科技发展有限公司 Communication security verification method and system
CN115495783B (en) * 2022-09-20 2023-05-23 北京三维天地科技股份有限公司 Method and system for solving configuration type data service exposure
CN115801317A (en) * 2022-10-14 2023-03-14 支付宝(杭州)信息技术有限公司 Service providing method, system, device, storage medium and electronic equipment
CN116566737B (en) * 2023-06-27 2023-09-26 云账户技术(天津)有限公司 Permission configuration method and device based on SaaS platform and related equipment
CN117010024B (en) * 2023-10-07 2024-04-16 国网山东省电力公司滨州市滨城区供电公司 Photovoltaic power generation settlement method, system, terminal and storage medium

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106022159B (en) * 2016-05-13 2018-11-02 上海说道文化传播有限公司 ERP data processing methods based on cloud computing
CN106022584A (en) * 2016-05-13 2016-10-12 成都镜杰科技有限责任公司 Resource management method for small enterprises
GB2580184A (en) * 2018-12-24 2020-07-15 Quantum Card Services Ltd A method of generating and displaying an avatar
US11532054B2 (en) * 2019-02-21 2022-12-20 Agora AltX Path of funds blockchain system
CN111865582B (en) * 2020-07-20 2023-05-09 陕西合友网络科技有限公司 Private key offline storage method, system and storage medium based on zero knowledge proof
CN112632581A (en) * 2020-12-28 2021-04-09 深圳壹账通智能科技有限公司 User data processing method and device, computer equipment and storage medium

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022142629A1 (en) * 2020-12-28 2022-07-07 深圳壹账通智能科技有限公司 User data processing method and apparatus, computer device, and storage medium
CN113177216A (en) * 2021-04-30 2021-07-27 北京市商汤科技开发有限公司 Data transmission method and device, computer equipment and storage medium
CN113177216B (en) * 2021-04-30 2023-03-14 北京市商汤科技开发有限公司 Data transmission method and device, computer equipment and storage medium
CN114372249A (en) * 2022-03-21 2022-04-19 北京纷扬科技有限责任公司 Data authority control method and device based on authority codes
CN116094838A (en) * 2023-04-06 2023-05-09 苏州浪潮智能科技有限公司 Data encryption method and related components

Also Published As

Publication number Publication date
WO2022142629A1 (en) 2022-07-07

Similar Documents

Publication Publication Date Title
CN112632581A (en) User data processing method and device, computer equipment and storage medium
US11558381B2 (en) Out-of-band authentication based on secure channel to trusted execution environment on client device
CN110365670B (en) Blacklist sharing method and device, computer equipment and storage medium
CN109325342B (en) Identity information management method, device, computer equipment and storage medium
US10534920B2 (en) Distributed data storage by means of authorisation token
CN112597481A (en) Sensitive data access method and device, computer equipment and storage medium
CN110581860A (en) identity authentication method, device, storage medium and equipment based on block chain
US11546321B2 (en) Non-custodial tool for building decentralized computer applications
CN109600377B (en) Method and device for preventing unauthorized use computer device and storage medium
CN110942382B (en) Electronic contract generation method and device, computer equipment and storage medium
CN111107073B (en) Application automatic login method and device, computer equipment and storage medium
US9038159B2 (en) Authentication system
CN113221128B (en) Account and password storage method and registration management system
CN111538977B (en) Cloud API key management method, cloud platform access method, cloud API key management device, cloud platform access device and server
CN109560934B (en) Data tamper-proof method and device, computer equipment and storage medium
CN110177111B (en) Information verification method, system and device
CN111917540A (en) Data encryption and decryption method and device, mobile terminal and storage medium
CN111917711B (en) Data access method and device, computer equipment and storage medium
CN110224974B (en) Interface authentication method based on third party access and related equipment
CN112836206A (en) Login method, device, storage medium and computer equipment
CN116136911A (en) Data access method and device
CN111259363B (en) Service access information processing method, system, device, equipment and storage medium
US11502840B2 (en) Password management system and method
CN111385266B (en) Data sharing method and device, computer equipment and storage medium
CN114238916A (en) Communication method, communication apparatus, computer device, and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40049895

Country of ref document: HK

SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination