CN114567476A - Data security protection method and device, electronic equipment and medium - Google Patents

Data security protection method and device, electronic equipment and medium Download PDF

Info

Publication number
CN114567476A
CN114567476A CN202210169525.2A CN202210169525A CN114567476A CN 114567476 A CN114567476 A CN 114567476A CN 202210169525 A CN202210169525 A CN 202210169525A CN 114567476 A CN114567476 A CN 114567476A
Authority
CN
China
Prior art keywords
key
data
interface
encrypted data
calling code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210169525.2A
Other languages
Chinese (zh)
Other versions
CN114567476B (en
Inventor
陈武
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Lian Intellectual Property Service Center
Tianyi Safety Technology Co Ltd
Original Assignee
Ping An Puhui Enterprise Management Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Puhui Enterprise Management Co Ltd filed Critical Ping An Puhui Enterprise Management Co Ltd
Priority to CN202210169525.2A priority Critical patent/CN114567476B/en
Publication of CN114567476A publication Critical patent/CN114567476A/en
Application granted granted Critical
Publication of CN114567476B publication Critical patent/CN114567476B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application discloses a data security protection method, a data security protection device, electronic equipment and a medium, which can be applied to the field of security protection. The method comprises the following steps: when a data downloading instruction aiming at first data sent by a first client is received, a first key aiming at the first data and a key interface address of the first key are obtained from a key system; encrypting the first data through a first key to obtain first encrypted data; generating a corresponding first interface calling code according to the key interface address of the first key; and combining the first encrypted data with the first interface calling code to obtain first target encrypted data, and sending the first target encrypted data to the first client. By adopting the embodiment of the application, the data security can be improved. The embodiment of the present application can also be applied in the field of blockchain technology, such as storing the first key and the unique data identifier association of the first data into the blockchain.

Description

Data security protection method and device, electronic equipment and medium
Technical Field
The application is applied to the field of safety protection, and particularly relates to a data safety protection method, a data safety protection device, electronic equipment and a medium.
Background
At present, data in each service system is uploaded or downloaded in a plaintext form such as word, excel, txt and the like, and if a user downloads data from the system and then views the data through other unknown software or systems, data leakage is easily caused, so that how to improve data security is an urgent problem to be solved.
Disclosure of Invention
The embodiment of the application provides a data security protection method, a data security protection device, electronic equipment and a medium, and data security can be improved.
On one hand, the embodiment of the application discloses a data security protection method, which comprises the following steps:
when a data downloading instruction aiming at first data sent by a first client is received, acquiring a first key aiming at the first data and a key interface address of the first key from a key system;
encrypting the first data through the first key to obtain first encrypted data;
generating a corresponding first interface calling code according to the key interface address of the first key, wherein the first interface calling code is used for calling a corresponding key interface according to the key interface address of the first key to acquire the first key when the first encrypted data is decrypted;
and combining the first encrypted data with the first interface calling code to obtain first target encrypted data, and sending the first target encrypted data to the first client.
On the other hand, the embodiment of the application discloses a data safety protection device, the device includes:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring a first key aiming at first data and a key interface address of the first key from a key system when receiving a data downloading instruction aiming at the first data sent by a first client;
the processing unit is used for encrypting the first data through the first secret key to obtain first encrypted data;
the processing unit is further configured to generate a corresponding first interface calling code according to the key interface address of the first key, where the first interface calling code is used to call a corresponding key interface according to the key interface address of the first key to obtain the first key when the first encrypted data is decrypted;
the processing unit is further configured to obtain first target encrypted data according to the combination of the first encrypted data and the first interface call code, and send the first target encrypted data to the first client.
In yet another aspect, an embodiment of the present application provides an electronic device, which includes a processor and a memory, where the memory is used to store a computer program, and the computer program includes program instructions, and the processor is configured to perform the following steps:
when a data downloading instruction aiming at first data sent by a first client is received, acquiring a first key aiming at the first data and a key interface address of the first key from a key system;
encrypting the first data through the first key to obtain first encrypted data;
generating a corresponding first interface calling code according to the key interface address of the first key, wherein the first interface calling code is used for calling a corresponding key interface according to the key interface address of the first key to acquire the first key when the first encrypted data is decrypted;
and combining the first encrypted data with the first interface calling code to obtain first target encrypted data, and sending the first target encrypted data to the first client.
In another aspect, an embodiment of the present application provides a computer-readable storage medium, in which computer program instructions are stored, and when executed by a processor, the computer program instructions are configured to perform the following steps:
when a data downloading instruction aiming at first data sent by a first client is received, acquiring a first key aiming at the first data and a key interface address of the first key from a key system;
encrypting the first data through the first key to obtain first encrypted data;
generating a corresponding first interface calling code according to the key interface address of the first key, wherein the first interface calling code is used for calling a corresponding key interface according to the key interface address of the first key to acquire the first key when the first encrypted data is decrypted;
and combining the first encrypted data with the first interface calling code to obtain first target encrypted data, and sending the first target encrypted data to the first client.
In yet another aspect, embodiments of the present application disclose a computer program product or a computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer readable storage medium, and executes the computer instructions, so that the computer device executes the data security protection method.
According to the embodiment of the application, when a data downloading instruction is received, a first key aiming at first data and a key interface address of the first key are obtained from a key system, the first data are encrypted through the first key to obtain first encrypted data, and a corresponding first interface calling code is generated according to the key interface address of the first key, so that the first key can be obtained according to the first interface calling code in the subsequent decryption process, and then the first target encrypted data are obtained according to the combination of the first encrypted data and the first interface calling code. Therefore, the first data can be encrypted, so that the data downloaded by the user is encrypted, the user is prevented from checking through other unknown software or systems, the encrypted data is stored in the key system, a key interface is required to be called to acquire the encrypted data when decryption is performed, the risk of key leakage is reduced, and the data security is facilitated to be improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a data security protection system provided in an embodiment of the present application;
fig. 2 is a schematic flowchart of a data security protection method according to an embodiment of the present application;
fig. 3 is a schematic flowchart of a data security protection method according to an embodiment of the present application;
FIG. 4 is a schematic structural diagram of a data security device according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
The embodiment of the application provides a data security protection scheme, which can acquire a first key for first data and a key interface address of the first key from a key system when a data downloading instruction is received, further encrypt the first data through the first key to obtain first encrypted data, and generate a corresponding first interface calling code according to the key interface address of the first key, so that the first key is acquired according to the first interface calling code in the subsequent decryption process, and further the first target encrypted data is obtained according to the combination of the first encrypted data and the first interface calling code. Therefore, the first data can be encrypted, so that the data downloaded by the user is encrypted, the user is prevented from checking through other unknown software or systems, the encrypted data is stored in the key system, a key interface is required to be called to acquire the encrypted data when decryption is performed, the risk of key leakage is reduced, and the data security is facilitated to be improved.
In a possible implementation manner, an embodiment of the present application provides a data security protection system, please refer to fig. 1, where fig. 1 is a schematic structural diagram of a data security protection system provided in an embodiment of the present application, and the data security protection system may include a client, a server, and a key system. Wherein the server may be configured with the above-described security protection scheme. Moreover, the server may be provided with a corresponding business system, such as a collaborative office system, a financial system, and other application systems, and the like, which is not limited herein. The client may be a client provided by the service system, and an account authorized by the service system is logged in the client. When a user processes a service based on a service system, the user can send an instruction to a corresponding server through a client provided by the service system to realize a corresponding function. For example, a user sends a data downloading instruction to a server based on a client provided by a service system, where the data downloading instruction is used to instruct to download data from the service system, and the server encrypts the data according to the data security protection scheme provided by the application, and then returns the encrypted data to the client, so that the data finally downloaded by the user is the encrypted data. For another example, the client sends a data obtaining instruction (also referred to as a data viewing instruction) for data encrypted by the data security protection method to the server, where the data obtaining instruction is used to instruct to obtain plaintext data of the data for display, and then the server may decrypt the data encrypted by the data security protection method, so that the user can view the plaintext data through the client of the service system.
The key system may be a system for generating and managing keys. The key system can be used for receiving a request sent by the server and executing corresponding response processing on the request sent by the server so as to return a corresponding request result. For example, when the key system receives a key generation instruction sent by a server, the key system generates a corresponding key and returns the key to the server. For another example, when the key system receives a key acquisition request sent by a server, the key system may verify information such as the authority of the server initiating the key acquisition request, the valid duration of the key requested to be acquired, and the like according to the key acquisition request, if the verification passes, the key may be returned to the server, and if the verification fails, the key may not be returned to the server, so that the security of the key used for encrypting data may be improved, and the security of the data may be further improved.
It should be noted that, in the embodiments of the present application, except for the specific description, related data such as user information is referred to, when the embodiments of the present application are applied to specific products or technologies, user permission or consent needs to be obtained, and the collection, use and processing of the related data need to comply with the relevant laws and regulations and standards of the relevant countries and regions.
The technical scheme of the application can be applied to electronic equipment, the electronic equipment can be a terminal, a server or other equipment for data security protection, and the application is not limited. And (4) optional. The server can be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, and can also be a cloud server for providing basic cloud computing services such as cloud service, a cloud database, cloud computing, cloud storage, network service, middleware service, big data and artificial intelligence platforms and the like. The terminal may be, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, and the like.
Based on the above description, an embodiment of the present application provides a data security protection method. Referring to fig. 2, fig. 2 is a schematic flowchart of a data security protection method according to an embodiment of the present disclosure. The method may be performed by the above mentioned electronic device. The data security protection method may include the following steps.
S201, when a data downloading instruction aiming at first data sent by a first client is received, a first key aiming at the first data and a key interface address of the first key are obtained from a key system.
As described above, the data download instruction for the first data is used to instruct to download the first data from the service system. The first data may be any plaintext data that needs to be downloaded, for example, the first data may be file data in a format of word, excel, txt, or the like. The first client may be any client. In one possible scenario, a user may click a control in the first client for instructing downloading of the first data, and the first client may send a data downloading instruction for the first data to an electronic device (e.g., a server).
In a possible implementation manner, after receiving a data download instruction for first data, an electronic device may obtain a first key for the first data and a key interface address of the first key from a key system, specifically including the following steps: sending a key generation instruction to a key system. Receiving a first key and a key interface address of the first key, which are returned by the key system and aim at the first data; the key interface address of the first key comprises a unique data identifier of the first data, and the unique data identifier is generated by the key system.
Wherein the key generation instruction is used for instructing the key system to generate a corresponding key. It is understood that the key system may randomly generate a key with a target number of bits upon receiving the key generation instruction, for example, may generate a 64-bit key as the first key. And, the key system may also generate a unique data identification for the first data, which may be a unique identification of the data, which may be a character string of a target length, which may be composed of one or more of letters, numbers, or visible characters, which are used to indicate characters that may be directly entered through the keyboard, such as the characters "_", etc. For example, the key system may generate a string "58E 15f61R4DR7S78TWR 8271" as the unique data identification of the first data. It is understood that the key system may generate a character string with the same length as a unique data identifier of corresponding data in the key generation instruction for each different data. The unique data identification may also be referred to as a data ID, a file ID, or the like. The key system can store the generated key and the unique data identifier of the data in a storage area in an associated manner, so that the corresponding key can be acquired according to the unique data identifier.
In a possible implementation manner, when the key system generates the unique data identifier, a group of character strings can be randomly generated to serve as the unique data identifier; the corresponding unique data identifier may also be generated according to the receiving time sequence of the key generation instruction, for example, the last 5-bit character of the unique data identifier may be the sequence of the received key generation instruction, and if the key system receives the key generation instruction for 2000 times, the last 5-bit character may be 02000; the corresponding unique data identifier can be generated according to the data format of the data corresponding to the key generation instruction, if the data format of the data is word, the character of the target position in the unique data identifier can be a character string corresponding to the word format, and similarly, the character of the target position in the unique data identifier of the data in the formats of excel, txt, ppt and the like can be a corresponding character string; alternatively, the key system may generate the unique data identifier of the data according to other ways, which are not done here.
The key system may further issue a key interface of the first key, and generate a key interface address of the first key, where the key interface may be an interface for obtaining a corresponding key when the encrypted data is subsequently decrypted, and the key interface address is a (uniform resource locator address) URL address corresponding to the key interface, and may be used to call the key interface through the key interface address to obtain the corresponding key when the encrypted data is subsequently decrypted.
In a possible implementation manner, the key interface address of the first key generated by the key system may be generated according to the unique data identifier of the first data, and the key interface address of the first key may include the unique data identifier of the first data, so that the key interface address of the key of each data is associated with the unique data identifier of the data, and further the key interface addresses of different data are different, which is helpful for protecting the key and improving the security of the key. For example https:// ph-xxx. com. cn/getSecKeyFor58E15f61R4DR7S78TWR8271.do, where the suffix 58E15f61R4DR7S78TWR8271 is the unique data identifier for the first data. And after the key system generates the first key and the key interface address of the first key, the key system returns the first key and the key interface address of the first key to the electronic equipment which sends the key generation command.
In a possible implementation manner, the interface logic of the key interface of the first key issued by the key system may verify the source, the domain name, the validity duration of the key, and the like of the interface caller, so that when the subsequent key interface is called, the key interface performs the related verification on the interface caller. Wherein the source of the interface caller may be used to indicate the device identification of the electronic device that obtained the key, and so on. The domain name is used for indicating domain name information of a service system corresponding to the electronic equipment for acquiring the key. It can be understood that information such as a source and a domain name of an interface call which can be verified to pass can be configured in an interface logic of a released key interface, which is equivalent to configuring an interface caller with authorization, so that the interface can be prevented from being successfully called by an unauthorized interface caller, and the key can be prevented from being acquired after a certain valid period is exceeded through verification of the valid duration of the key, thereby ensuring the security of the key and further improving the security of data.
The key system may further record the generation time of the first key when generating the first key, and determine the validity duration of the first key. The generation time of the first key may be a time when the key system generates the first key. The validity duration of the first key may be used to indicate the duration of the validity of the first key. Therefore, when the key interface is called, the key interface can compare the time difference between the generation time of the first key and the calling time of the key interface with the effective duration of the first key to verify the effective duration of the first key. For example, the generation time of the first key is t1, and the validity duration of the first key may be 3 days (i.e. 72 hours), when the interface caller calls the key interface of the first key at t2, if t2-t1 is less than or equal to 72 hours, the validity duration of the key is verified, and if t2-t1 is greater than 72 hours, the validity duration of the key is not verified.
S202, the first data are encrypted through the first secret key to obtain first encrypted data.
The first encrypted data is data obtained by encrypting the first data. The encryption processing of the first data may be performed by the encryption processing of the first key. In one possible embodiment, the encryption of the first data by the first key may be performed by using a symmetric encryption algorithm, such as an AES encryption algorithm. It will be appreciated that the encryption algorithm using symmetric encryption uses the same key to encrypt data as is used to decrypt the encrypted data.
S203, generating a corresponding first interface calling code according to the key interface address of the first key.
The first interface calling code is used for calling a corresponding key interface according to a key interface address of the first key to acquire the first key when the first encrypted data is decrypted. The first interface calling code may include interface calling logic to call a key interface indicated by a parameter value of an interface parameter, the parameter value of the interface parameter in the first interface calling code being a first key interface address.
In one possible implementation, the generating of the first interface call code may be performed by adjusting a parameter in the initial interface call code to automatically generate the first interface call code. The method specifically comprises the following steps: obtaining an initial interface calling code. The initial interface calling code comprises interface calling logic, and the interface calling logic is used for calling the key interface indicated by the parameter value of the interface parameter. In one possible embodiment, the code type of the calling code at the initial interface may be java, python, etc., without limitation. Updating the parameter value of the interface parameter according to the key interface address of the first key, and determining the updated initial interface calling code as the first interface calling code. The parameter value of the interface parameter in the initial interface calling code may be null or an initial value, which is not limited herein. And then, the parameter value of the interface parameter can be replaced by the key interface address of the first key, and then, when data is decrypted subsequently, the key interface corresponding to the first key interface address can be called through the interface calling logic included in the first interface calling code.
S204, obtaining first target encrypted data according to the first encrypted data and the first interface calling code combination, and sending the first target encrypted data to the first client.
The first target encrypted data may be data finally downloaded by a user. The first target encrypted data is obtained by combining the first encrypted data and the first interface calling code, and the first interface calling code may be added to the first encrypted data. For example, the first encrypted data is: xxxxxxxxxxxxxx, the first interface call code may be: ttttttttt, the first interface call code may be added to the first encrypted data, and the first target encrypted data may be obtained as follows: xxxxxxxtttttttttxxxxxxx. Therefore, the interface calling codes and the encrypted data can be fused to obtain the finally downloaded data, so that the interface calling codes in the downloaded data can be analyzed when the downloaded data is decrypted subsequently, and a key required by decryption is further obtained.
In a possible implementation manner, when the first target encrypted data is obtained by combination, the encrypted data and the interface calling code can be distinguished by adding a key identifier pair, so that the interface calling code can be quickly identified when the interface calling code is subsequently analyzed.
Optionally, obtaining the first target encrypted data according to the combination of the first encrypted data and the first interface call code may include the following steps: adding key identification pairs before and after the first interface calling code, wherein the key identification pairs are used for identifying the position of the first interface calling code. The key identifier pair may be a pair of specific identifiers, which may be one symbol or multiple symbols, such as "@ mi", "my", and so on. The two special identifiers in the key identifier pair may be the same or different, and are not limited herein. For example, the first interface call code may be: ttttttttt, if the special identification symbol added before the first interface calling code is 'rajmi' and the special identification symbol added after the first interface calling code is 'rajmin', the first interface calling code after the key identification pair is added is: the @ density ttttttttttttt @; if the special identifier added before the first interface calling code is 'rajjmi' and the special identifier added after the first interface calling code is also 'rajmi', the first interface calling code added with the key identifier pair is: the @ password ttttttttttt @ password. And secondly, adding the first interface calling code added with the key identification pair into the first encrypted data to obtain first target encrypted data. For example, the first encrypted data is: xxxxxxxxxxxxxx, the first interface call code may be: ttttttttt, the first interface call code after the key identifier pair is added to the first encrypted data, and the first target encrypted data can be obtained by: xxxxxxx @ mutttttttttttttttt @ xxxxx.
Optionally, the combining the first encrypted data and the first interface calling code to obtain the first target encrypted data may further include the following steps: adding key identification pairs before and after the first interface calling code, wherein the key identification pairs are used for identifying the position of the first interface calling code. And secondly, encrypting the first interface calling code after the key identification is added to obtain an encrypted calling code. The first interface calling code after the key identifier is added is encrypted, and the encryption can be performed in an encryption mode without a key, such as encryption by using algorithms such as Base64 and Base 32. It can be understood that, although the first interface calling code after the key identifier is added is encrypted, and the first interface calling code is encrypted in an encryption mode without a key, by adding an encryption means, an unauthorized service system or software can determine an encryption method used for encrypting the first interface calling code after the key identifier is added by continuously trying, so that the difficulty of maliciously acquiring data by the unauthorized service system or software is improved, and the security of the data is further improved. And thirdly, adding the encryption calling code into the first encrypted data to obtain first target encrypted data. The manner of adding the encrypted call code to the first encrypted data is the same as the manner of adding the first interface call code to which the key identifier pair is added to the first encrypted data, and details are not repeated here. For example, the first encrypted data is: xxxxxxxxxxxxxx, the first interface call code may be: ttttttttt, the first interface calling code after the key identifier pair is added is: the @ password ttttttttttt @ password is used for further carrying out Base64 encryption on the first interface calling code added with the key identification pair to obtain an encrypted calling code as follows: 77+ lQOWvhnR0dHR0dHR0dO +/pUDLr4Y, and the first target encrypted data obtained by adding the encryption calling code to the first encrypted data may be: xxxxxxx77+ lQOWvhnR0dHR0dHR0dO +/pUDLR4Y ═ xxxxxxx.
Optionally, the first target encrypted data is obtained according to the combination of the first encrypted data and the first interface call code, the first call code may also be encrypted first, and then a key identifier pair is added before and after the encrypted first call code, so that the encrypted first call code to which the key identifier pair is added to the first encrypted data.
According to the embodiment of the application, when a data downloading instruction is received, a first key aiming at first data and a key interface address of the first key are obtained from a key system, the first data are encrypted through the first key to obtain first encrypted data, and a corresponding first interface calling code is generated according to the key interface address of the first key, so that the first key can be obtained according to the first interface calling code in the subsequent decryption process, and then the first target encrypted data are obtained according to the combination of the first encrypted data and the first interface calling code. Therefore, the first data can be encrypted, so that the data downloaded by the user is encrypted, the user is prevented from checking through other unknown software or systems, the encrypted data is stored in the key system, a key interface is required to be called to acquire the encrypted data when decryption is performed, the risk of key leakage is reduced, and the data security is facilitated to be improved.
Referring to fig. 3, fig. 3 is a schematic flow chart of a data security protection method according to an embodiment of the present application. The method may be performed by the electronic device described above. The data security protection method specifically comprises the following steps.
S301, when a data acquisition instruction for the second data is detected, acquiring second target encrypted data corresponding to the second data.
And the second target encrypted data is obtained by combining the second encrypted data and the second interface calling code. The second target encrypted data corresponds to data obtained by processing the second data by the method of the embodiment shown in fig. 2. It is to be understood that the second data may or may not be the first data, and is not limited herein. The second encrypted data may be data obtained by encrypting the second data with a second key, and the second interface calling code may be used to obtain the second key required for decrypting the second data when decrypting the second encrypted data. It is to be understood that the electronic device that generates the second target encrypted data corresponding to the second data may be the electronic device (or the service system) that receives the data obtaining instruction, or may not be the electronic device (or the service system) that receives the data obtaining instruction, and is not limited herein.
The data obtaining instruction may be sent by a second client, where the second client may be any client, and the second client may be the same as or different from the first client, and is not limited herein. For example, a user a needs to upload and view second target encrypted data through a client of the service system a, and when the user a uploads the second target encrypted data based on the client and clicks a control indicating to view plaintext data (i.e., second data) corresponding to the second target encrypted data, the client corresponding to the user a sends a data acquisition instruction for the second data to the electronic device provided with the service system a, where the client corresponding to the user a is the second client. For another example, the user a uploads the second target encrypted data through the client of the service system a, if the user B needs to check the plaintext data of the second target encrypted data uploaded by the user a, and when the user B clicks a control indicating to check the plaintext data (i.e., the second data) corresponding to the second target encrypted data, the client corresponding to the user B sends a data acquisition instruction for the second data to the electronic device provided with the service system a, where the client corresponding to the user B is the above-mentioned second client, that is, the second client may be a client that uploads the second target data corresponding to the second data, or may not be a client that uploads the second target data corresponding to the second data, and this is not limited here.
In a possible scenario, when a user downloads data in a service system configured with the data security protection method, target encrypted data corresponding to the data may be obtained by the method in the embodiment shown in fig. 2, and if the user needs to check the target encrypted data, the target encrypted data may be uploaded to the service system through a client, so that an electronic device provided with the service system decrypts the target encrypted data to obtain plaintext data of the target encrypted data, and then the electronic device returns the plaintext data of the target encrypted data to the client for display. Therefore, the user can only view the data encrypted by the service system (or other service systems mutually communicating with the service system) through the service system, and the data security is improved.
S302, a second interface calling code is obtained from the second target encrypted data.
The second interface calling code is used for calling a corresponding key interface to obtain a second key required for decrypting the second data, namely the second key when encrypting the second data.
In a possible implementation manner, the second interface calling code is obtained from the second target encrypted data, and the position of the second interface calling code can be determined in a manner of determining a key identifier pair in the second target encrypted data, so that the second interface calling code is obtained quickly. This is because, when the second target encrypted data is generated, a key identifier pair is added before and after the second interface calling code, where the relevant description for the key identifier pair may refer to the relevant description of S204, and is not limited herein.
Optionally, if, when generating the second target encrypted data, the key identifier pair is added before and after the second interface calling code, and the second interface calling code to which the key identifier pair is added to the second encrypted data to obtain the second target encrypted data, the step of obtaining the second interface calling code from the second target encrypted data may include the following steps: and determining key identification pairs in the second target encrypted data, and determining data between the key identification pairs as a second interface calling code. For example, the second target encrypted data is: xxxxxxx @ tttttttttttty @ xxxxxxx, if both two special identifier symbols in the key identifier pair are 'outer @ secret', determining data between the two 'outer @ secrets' as a second interface calling code, that is, the second interface calling code is: ttttttttttt.
Optionally, when generating the second target encrypted data, after adding the key identifier pair before and after the second interface calling code, encrypting the second interface calling code after adding the key identifier pair to obtain a corresponding encrypted calling code, and further adding the encrypted calling code to the first encrypted data to obtain the first target encrypted data, obtaining the second interface calling code from the second target encrypted data, which may further include the following steps: and decrypting the second target encrypted data, determining a key identifier pair according to the decrypted second target encrypted data, and determining data between the key identifier pair in the decrypted second target encrypted data as a second interface calling code. It can be understood that the decryption method used for decrypting the second target encrypted data corresponds to the encryption method used for encrypting the second interface call code after the key identifier pair is added. For example, the second target encrypted data is: xxxxxxx77+ lQOWvhnR0dHR0dHR0dO +/pUDLr4Y ═ xxxxxxx, and if both the two special identification symbols in the key identification pair are 'rah @ secret', decrypting the second target encrypted data, and if the decrypted second target encrypted data obtained by adopting the Base64 decryption process comprises data: the @ password ttttttttttttt @ password determines data between the two @ passwords as a second interface calling code, namely the second interface calling code is as follows: ttttttttt.
Optionally, if the second target encrypted data is obtained according to the combination of the second encrypted data and the second interface call code, the second call code is encrypted first, and then a key identifier pair is added before and after the encrypted second call code, so that the encrypted second call code to which the key identifier pair is added to the second encrypted data to obtain the second target encrypted data, and then the second interface call code is obtained from the second target encrypted data, which may further include the following steps: and determining key identification pairs in the second target encrypted data, and decrypting data between the key identification pairs to obtain a second interface calling code.
And S303, calling the corresponding key interface according to the key interface address in the second interface calling code to obtain a second key required for decrypting the second encrypted data.
The second key may be a key required to decrypt the second encrypted data, and the parameter value of the interface parameter in the second interface call code may indicate a key interface address where the second key is obtained.
In a possible implementation, step S303 may include the following steps: firstly, a key acquisition request is sent to a corresponding key interface according to a key interface address in a second interface calling code; receiving a second key required by decryption processing of second encrypted data returned by the key system; the second key is returned by the key system after the valid duration of the second key is verified by the key interface, and the key interface compares the valid duration of the second key with the valid duration of the second key according to the time difference between the generation time of the second key and the time when the key interface is called, so as to verify the valid duration of the second key.
Wherein the key acquisition request is used for instructing acquisition of a second key required for decryption processing of the second encrypted data. It can be understood that, after the key interface verifies the key obtaining request, the key system may obtain the corresponding key from the storage area according to the unique data identifier included in the key interface address, that is, obtain the second key, and return the second key to the electronic device.
Specifically, the specific description of the validation of the valid duration of the second key by the key interface may refer to the related description in step S201, which is not described herein again. It can be understood that, if the valid duration of the second key is verified by the key interface, the key system may obtain the second key and return the second key to the electronic device; if the validity duration of the second key is not verified by the key interface, a prompt message may be returned to the electronic device to prompt the electronic device that the key indicated by the address of the key interface exceeds the validity duration, so that the electronic device returns the prompt message to the client to prompt the user that the second key exceeds the validity duration.
In a possible implementation manner, as described above, the key interface may also verify the source, domain name, and the like of the electronic device (i.e., the interface caller) that sent the key acquisition request, and if the verification is passed, the key system acquires the corresponding key from the storage area; if the verification fails, it indicates that the electronic device does not have the authority to decrypt the second encrypted data, and the key system does not acquire the corresponding key from the storage area, so that the electronic device cannot receive the second key required by decrypting the second encrypted data, which is returned by the key system, thereby facilitating the security of the key, avoiding that any software or service system can acquire the key required by decrypting the encrypted data at will, and improving the security of the data.
S304, second encrypted data is obtained from the second target encrypted data.
The obtaining of the second encrypted data from the second target encrypted data may be deleting the second interface call code to which the key identifier pair is added from the second target encrypted data, or deleting the encrypted call code to which the second interface call code to which the key identifier pair is added, so that the second encrypted data may be obtained.
S305, the second encrypted data is decrypted according to the second key to obtain second data, and the second data is sent to the second client.
The decryption method used for decrypting the second encrypted data according to the second key corresponds to the encryption algorithm used for encrypting the second data, and as the encryption algorithm used for encrypting the second data is the AES algorithm, the AES algorithm may also be used for decrypting the second encrypted data according to the second key, which is not described herein. The second client may receive the returned second data and display the acquired second data so that the user may view the second data through the client.
In a possible scenario, the embodiment of the present application may be applied to a plurality of mutually trusted service systems. The mutually trusted service system is used for indicating the service system which can pass the verification of domain names, sources and the like when the key system verifies the interface caller. For example, the user 1 needs to download the data M from the service system a, and then send the data M to the user 2, when the user 1 downloads the data M from the service system a, the target encrypted data corresponding to the data M can be obtained by the method of the embodiment shown in fig. 2, and further, since the data M is already encrypted, the security of the data can be ensured in the whole process of sending the target encrypted data corresponding to the data M to the user 2 by the user 1, when the user 2 views the data M, the user 2 can only view the data by the service system a or other systems mutually trusted with the service system, for example, when the user 2 uploads the data to the service system B mutually trusted with the service system a, and views the data M by the service system B, the service system B can obtain the corresponding key by the method shown in fig. 3 to decrypt the target encrypted data corresponding to the data M, and the key interface can verify the equipment identifier, the domain name information and the like of the service system B when the key is obtained, if the verification is passed, the service system B and the service system A are mutually trusted, the target encrypted data corresponding to the data M can be decrypted, and then the user 2 can check the data M through the service system B. It can be understood that, when the user 2 uploads the target encrypted data of the data M to the service system C that is not mutually trusted with the service system a to view the data M, because the service system C is not mutually trusted with the service system a, when the electronic device corresponding to the service system calls the key interface, the key interface does not verify the interface caller, and thus the data M cannot be viewed, thereby greatly improving the security of the data. It can be understood that different file data can be authorized to decrypt the corresponding service systems, and the same file can decrypt different service systems, so that the mutual trust of files of each service system and the isolation of the files are enhanced, the data trust between the service systems can be refined to the file dimension, the security between the systems can be enhanced, and the barriers between the systems can be avoided.
According to the embodiment of the application, when a data acquisition instruction for second data is detected, second target encrypted data corresponding to the second data is acquired, a second interface calling code is further acquired from the second target encrypted data, a corresponding key interface is called according to a key interface address in the second interface calling code, a second key required for decryption processing of the second encrypted data is acquired, and then the second encrypted data is decrypted according to the second key to acquire the second data. Therefore, the encrypted data obtained by downloading can be uploaded to a service system for checking by the user through decryption processing of the target encrypted data of the second data, checking by the user through other unknown software or systems is avoided, and the encrypted data is stored in the key system and needs to be acquired by calling a key interface when decryption processing is performed, so that the risk of key leakage is reduced, and the data security is facilitated to be improved.
Referring to fig. 4, fig. 4 is a schematic structural diagram of a data security device according to an embodiment of the present disclosure. Optionally, the data security device may be disposed in the electronic device. As shown in fig. 4, the data security device described in this embodiment may include:
an obtaining unit 401, configured to obtain, when receiving a data download instruction for first data sent by a first client, a first key for the first data and a key interface address of the first key from a key system;
a processing unit 402, configured to perform encryption processing on the first data through the first key to obtain first encrypted data;
the processing unit 402 is further configured to generate a corresponding first interface calling code according to the key interface address of the first key, where the first interface calling code is configured to call a corresponding key interface according to the key interface address of the first key to obtain the first key when performing decryption processing on the first encrypted data;
the processing unit 402 is further configured to obtain first target encrypted data according to the combination of the first encrypted data and the first interface call code, and send the first target encrypted data to the first client.
In one implementation, the processing unit 402 is further configured to:
when a data acquisition instruction for second data is detected, acquiring second target encrypted data corresponding to the second data; the data acquisition instruction is sent by a second client, and the second target encrypted data is obtained according to second encrypted data and a second interface calling code combination;
acquiring a second interface calling code from the second target encrypted data;
calling a corresponding key interface according to the key interface address in the second interface calling code to obtain a second key required for decrypting the second encrypted data;
acquiring second encrypted data from the second target encrypted data;
and decrypting the second encrypted data according to the second key to obtain the second data, and sending the second data to the second client.
In an implementation manner, the processing unit 402 is specifically configured to:
sending a key acquisition request to a corresponding key interface according to the key interface address in the second interface calling code;
receiving a second key required for decrypting the second encrypted data, which is returned by the key system; the second key is returned by the key system after the valid duration of the second key is verified by the key interface, and the key interface verifies the valid duration of the second key by comparing the time difference between the generation time of the second key and the time when the key interface is called with the valid duration of the second key.
In an implementation manner, the processing unit 402 is specifically configured to:
adding key identification pairs before and after the first interface calling code, wherein the key identification pairs are used for identifying the position of the first interface calling code;
and adding the first interface calling code added with the key identification pair into the first encrypted data to obtain first target encrypted data.
In an implementation manner, the processing unit 402 is specifically configured to:
adding key identification pairs before and after the first interface calling code, wherein the key identification pairs are used for identifying the position of the first interface calling code;
encrypting the first interface calling code added with the key identification pair to obtain an encrypted calling code;
and adding the encrypted calling code to the first encrypted data to obtain first target encrypted data.
In an implementation manner, the processing unit 402 is specifically configured to:
acquiring an initial interface calling code, wherein the initial interface calling code comprises interface calling logic, and the interface calling logic is used for calling a key interface indicated by a parameter value of an interface parameter;
and updating the parameter value of the interface parameter according to the key interface address of the first key, and determining the updated initial interface calling code as a first interface calling code.
In an implementation manner, the processing unit 402 is specifically configured to:
sending a key generation instruction to the key system;
receiving a first key for the first data and a key interface address of the first key returned by the key system; the key interface address of the first key comprises a unique data identifier of the first data, and the unique data identifier is generated by the key system.
Referring to fig. 5, fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure. The electronic device described in this embodiment includes: a processor 501 and a memory 502. Optionally, the electronic device may further include a network interface or a power supply module. The processor 501 and the memory 502 can exchange data with each other.
The Processor 501 may be a Central Processing Unit (CPU), and may also be other general purpose processors, Digital Signal Processors (DSP), Application Specific Integrated Circuits (ASIC), Field-Programmable Gate arrays (FPGA) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, and so on. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The network interface may include an input device, such as a control panel, a microphone, a receiver, etc., and/or an output device, such as a display screen, a transmitter, etc., to name but a few. For example, in an application embodiment, the network interface may include a receiver and a transmitter.
The memory 502 may include both read-only memory and random access memory, and provides program instructions and data to the processor 501. A portion of the memory 502 may also include non-volatile random access memory. Wherein, the processor 501, when calling the program instruction, is configured to perform:
when a data downloading instruction aiming at first data sent by a first client is received, acquiring a first key aiming at the first data and a key interface address of the first key from a key system;
encrypting the first data through the first key to obtain first encrypted data;
generating a corresponding first interface calling code according to the key interface address of the first key, wherein the first interface calling code is used for calling a corresponding key interface according to the key interface address of the first key to acquire the first key when the first encrypted data is decrypted;
and combining the first encrypted data with the first interface calling code to obtain first target encrypted data, and sending the first target encrypted data to the first client.
In one implementation, the processor 501 is further configured to:
when a data acquisition instruction for second data is detected, acquiring second target encrypted data corresponding to the second data; the data acquisition instruction is sent by a second client, and the second target encrypted data is obtained according to second encrypted data and a second interface calling code combination;
acquiring a second interface calling code from the second target encrypted data;
calling a corresponding key interface according to the key interface address in the second interface calling code to obtain a second key required for decrypting the second encrypted data;
acquiring second encrypted data from the second target encrypted data;
and decrypting the second encrypted data according to the second key to obtain the second data, and sending the second data to the second client.
In one implementation, the processor 501 is specifically configured to:
sending a key acquisition request to a corresponding key interface according to the key interface address in the second interface calling code;
receiving a second key required for decrypting the second encrypted data, which is returned by the key system; the second key is returned by the key system after the valid duration of the second key is verified by the key interface, and the key interface verifies the valid duration of the second key by comparing the time difference between the generation time of the second key and the time when the key interface is called with the valid duration of the second key.
In one implementation, the processor 501 is specifically configured to:
adding key identification pairs before and after the first interface calling code, wherein the key identification pairs are used for identifying the position of the first interface calling code;
and adding the first interface calling code added with the key identification pair into the first encrypted data to obtain first target encrypted data.
In one implementation, the processor 501 is specifically configured to:
adding key identification pairs before and after the first interface calling code, wherein the key identification pairs are used for identifying the position of the first interface calling code;
encrypting the first interface calling code added with the key identification to obtain an encrypted calling code;
and adding the encrypted calling code to the first encrypted data to obtain first target encrypted data.
In one implementation, the processor 501 is specifically configured to:
acquiring an initial interface calling code, wherein the initial interface calling code comprises an interface calling logic, and the interface calling logic is used for calling a key interface indicated by a parameter value of an interface parameter;
and updating the parameter value of the interface parameter according to the key interface address of the first key, and determining the updated initial interface calling code as a first interface calling code.
In one implementation, the processor 501 is specifically configured to:
sending a key generation instruction to the key system;
receiving a first key for the first data and a key interface address of the first key returned by the key system; the key interface address of the first key comprises a unique data identifier of the first data, and the unique data identifier is generated by the key system.
Optionally, the program instructions may also implement other steps of the method in the above embodiments when executed by the processor, and details are not described here.
The present application further provides a computer-readable storage medium, in which a computer program is stored, the computer program comprising program instructions, which, when executed by a processor, cause the processor to perform the above method, such as performing the above method performed by an electronic device, which is not described herein in detail.
Optionally, the storage medium, such as a computer-readable storage medium, referred to herein may be non-volatile or volatile.
Alternatively, the computer-readable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the blockchain node, and the like. The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
It should be noted that, for simplicity of description, the above-mentioned embodiments of the method are described as a series of acts or combinations, but those skilled in the art should understand that the present application is not limited by the order of acts described, as some steps may be performed in other orders or simultaneously according to the present application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required in this application.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by associated hardware instructed by a program, which may be stored in a computer-readable storage medium, and the storage medium may include: flash disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
Embodiments of the present application also provide a computer program product or computer program comprising computer instructions stored in a computer-readable storage medium. The computer instructions are read by a processor of the computer device from a computer-readable storage medium, and the computer instructions are executed by the processor to cause the computer device to perform the steps performed in the embodiments of the methods described above. For example, the computer device may be a terminal, or may be a server.
The data security protection method, the data security protection device, the electronic device, and the storage medium provided in the embodiments of the present application are described in detail above, and a specific example is applied in the description to explain the principle and the implementation of the present application, and the description of the embodiments above is only used to help understand the method and the core idea of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.

Claims (10)

1. A data security protection method is characterized by comprising the following steps:
when a data downloading instruction aiming at first data sent by a first client is received, acquiring a first key aiming at the first data and a key interface address of the first key from a key system;
encrypting the first data through the first key to obtain first encrypted data;
generating a corresponding first interface calling code according to the key interface address of the first key, wherein the first interface calling code is used for calling a corresponding key interface according to the key interface address of the first key to acquire the first key when the first encrypted data is decrypted;
and combining the first encrypted data with the first interface calling code to obtain first target encrypted data, and sending the first target encrypted data to the first client.
2. The method of claim 1, further comprising:
when a data acquisition instruction for second data is detected, acquiring second target encrypted data corresponding to the second data; the data acquisition instruction is sent by a second client, and the second target encrypted data is obtained according to second encrypted data and a second interface calling code combination;
acquiring a second interface calling code from the second target encrypted data;
calling a corresponding key interface according to the key interface address in the second interface calling code to obtain a second key required for decrypting the second encrypted data;
acquiring second encrypted data from the second target encrypted data;
and decrypting the second encrypted data according to the second key to obtain the second data, and sending the second data to the second client.
3. The method according to claim 2, wherein the calling the corresponding key interface according to the key interface address in the second interface calling code to obtain the second key required for decrypting the second encrypted data includes:
sending a key acquisition request to a corresponding key interface according to the key interface address in the second interface calling code;
receiving a second key required for decrypting the second encrypted data, which is returned by the key system; the second key is returned by the key system after the validity duration of the second key is verified by the key interface, and the key interface compares the validity duration of the second key with the validity duration of the second key according to the time difference between the generation time of the second key and the time when the key interface is called.
4. The method according to claim 1, wherein the combining the first encrypted data and the first interface calling code to obtain first target encrypted data comprises:
adding key identification pairs before and after the first interface calling code, wherein the key identification pairs are used for identifying the position of the first interface calling code;
and adding the first interface calling code added with the key identification pair into the first encrypted data to obtain first target encrypted data.
5. The method according to claim 1, wherein the combining the first encrypted data and the first interface calling code to obtain first target encrypted data comprises:
adding key identification pairs before and after the first interface calling code, wherein the key identification pairs are used for identifying the position of the first interface calling code;
encrypting the first interface calling code added with the key identification to obtain an encrypted calling code;
and adding the encrypted calling code to the first encrypted data to obtain first target encrypted data.
6. The method of claim 1, wherein generating the corresponding first interface call code according to the key interface address of the first key comprises:
acquiring an initial interface calling code, wherein the initial interface calling code comprises an interface calling logic, and the interface calling logic is used for calling a key interface indicated by a parameter value of an interface parameter;
and updating the parameter value of the interface parameter according to the key interface address of the first key, and determining the updated initial interface calling code as a first interface calling code.
7. The method of claim 1, wherein obtaining a first key for the first data and a key interface address of the first key from a key system comprises:
sending a key generation instruction to the key system;
receiving a first key aiming at the first data and a key interface address of the first key returned by the key system; the key interface address of the first key comprises a unique data identifier of the first data, and the unique data identifier is generated by the key system.
8. A data security apparatus, the apparatus comprising:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring a first key aiming at first data and a key interface address of the first key from a key system when receiving a data downloading instruction aiming at the first data sent by a first client;
the processing unit is used for encrypting the first data through the first secret key to obtain first encrypted data;
the processing unit is further configured to generate a corresponding first interface calling code according to the key interface address of the first key, where the first interface calling code is used to call a corresponding key interface according to the key interface address of the first key to obtain the first key when the first encrypted data is decrypted;
the processing unit is further configured to obtain first target encrypted data according to the combination of the first encrypted data and the first interface call code, and send the first target encrypted data to the first client.
9. An electronic device comprising a processor, a memory, wherein the memory is configured to store a computer program comprising program instructions, and wherein the processor is configured to invoke the program instructions to perform the method of any of claims 1-7.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program comprising program instructions that, when executed by a processor, cause the processor to carry out the method according to any one of claims 1-7.
CN202210169525.2A 2022-02-23 2022-02-23 Data security protection method and device, electronic equipment and medium Active CN114567476B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210169525.2A CN114567476B (en) 2022-02-23 2022-02-23 Data security protection method and device, electronic equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210169525.2A CN114567476B (en) 2022-02-23 2022-02-23 Data security protection method and device, electronic equipment and medium

Publications (2)

Publication Number Publication Date
CN114567476A true CN114567476A (en) 2022-05-31
CN114567476B CN114567476B (en) 2024-02-13

Family

ID=81713230

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210169525.2A Active CN114567476B (en) 2022-02-23 2022-02-23 Data security protection method and device, electronic equipment and medium

Country Status (1)

Country Link
CN (1) CN114567476B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102143129A (en) * 2010-05-26 2011-08-03 华为软件技术有限公司 Method and system for realizing service protection in hyper text transmission protocol (HTTP) streaming transmission
CN102594557A (en) * 2012-01-10 2012-07-18 深圳市汉普电子技术开发有限公司 Method and device for encrypting uniform resource locator (URL) and method and device for authenticating URL
CN108111876A (en) * 2017-12-21 2018-06-01 北京四达时代软件技术股份有限公司 A kind of LAN video contents of streaming media method for security protection, terminal and server
CN109889333A (en) * 2019-01-24 2019-06-14 深圳忆联信息系统有限公司 Firmware data encryption method, device, computer equipment and storage medium
CN111428254A (en) * 2020-03-24 2020-07-17 财付通支付科技有限公司 Key storage method, device, equipment and storage medium
US20210021992A1 (en) * 2019-07-19 2021-01-21 Rosemount Aerospace Inc. Wireless baseband signal transmission with dynamic control logic to improve security robustness
US20210119978A1 (en) * 2019-10-21 2021-04-22 Rosemount Aerospace Inc. Dynamic security approach for waic baseband signal transmission and reception

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102143129A (en) * 2010-05-26 2011-08-03 华为软件技术有限公司 Method and system for realizing service protection in hyper text transmission protocol (HTTP) streaming transmission
CN102594557A (en) * 2012-01-10 2012-07-18 深圳市汉普电子技术开发有限公司 Method and device for encrypting uniform resource locator (URL) and method and device for authenticating URL
CN108111876A (en) * 2017-12-21 2018-06-01 北京四达时代软件技术股份有限公司 A kind of LAN video contents of streaming media method for security protection, terminal and server
CN109889333A (en) * 2019-01-24 2019-06-14 深圳忆联信息系统有限公司 Firmware data encryption method, device, computer equipment and storage medium
US20210021992A1 (en) * 2019-07-19 2021-01-21 Rosemount Aerospace Inc. Wireless baseband signal transmission with dynamic control logic to improve security robustness
US20210119978A1 (en) * 2019-10-21 2021-04-22 Rosemount Aerospace Inc. Dynamic security approach for waic baseband signal transmission and reception
CN111428254A (en) * 2020-03-24 2020-07-17 财付通支付科技有限公司 Key storage method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN114567476B (en) 2024-02-13

Similar Documents

Publication Publication Date Title
US20220116226A1 (en) Digital Transaction Signing for Multiple Client Devices Using Secured Encrypted Private Keys
US11757641B2 (en) Decentralized data authentication
CN111783075B (en) Authority management method, device and medium based on secret key and electronic equipment
US10313136B2 (en) Method and a system for verifying the authenticity of a certificate in a web browser using the SSL/TLS protocol in an encrypted internet connection to an HTTPS website
CN111355726B (en) Identity authorization login method and device, electronic equipment and storage medium
US20090240936A1 (en) System and method for storing client-side certificate credentials
KR100702499B1 (en) System and method for guaranteeing software integrity
US11463431B2 (en) System and method for public API authentication
KR101648364B1 (en) Method for improving encryption/decryption speed by complexly applying for symmetric key encryption and asymmetric key double encryption
CN112422287B (en) Multi-level role authority control method and device based on cryptography
CN111538977B (en) Cloud API key management method, cloud platform access method, cloud API key management device, cloud platform access device and server
CN110708162B (en) Resource acquisition method and device, computer readable medium and electronic equipment
CN112668031A (en) Coding and decoding method and device for network file protection
KR102421567B1 (en) Internet access management service server capable of providing internet access management service based on terminal grouping and operating method thereof
Chidambaram et al. Enhancing the security of customer data in cloud environments using a novel digital fingerprinting technique
CN111259428B (en) Block chain-based data processing method and device, node equipment and storage medium
CN101057447B (en) Method and device for re-dispatching specifically coded access objects from a server to a mobile terminal device
US20230179404A1 (en) Hybrid cloud-based security service method and apparatus for security of confidential data
CN113342802A (en) Method and device for storing block chain data
CN114244616B (en) Login verification method, login verification system, electronic device and storage medium
CN110807210A (en) Information processing method, platform, system and computer storage medium
CN113824713B (en) Key generation method, system and storage medium
CN114567476B (en) Data security protection method and device, electronic equipment and medium
KR102357595B1 (en) Blockchain-based authentication system and method for preventing interception hacking attacks
CN114553557A (en) Key calling method, key calling device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20240115

Address after: Chinatelecom tower, No. 19, Chaoyangmen North Street, Dongcheng District, Beijing 100010

Applicant after: Tianyi Safety Technology Co.,Ltd.

Address before: Room 202, Block B, Aerospace Micromotor Building, No. 7 Langshan 2nd Road, Xili Street, Nanshan District, Shenzhen City, Guangdong Province, 518057

Applicant before: Shenzhen LIAN intellectual property service center

Effective date of registration: 20240115

Address after: Room 202, Block B, Aerospace Micromotor Building, No. 7 Langshan 2nd Road, Xili Street, Nanshan District, Shenzhen City, Guangdong Province, 518057

Applicant after: Shenzhen LIAN intellectual property service center

Address before: 518000 Room 201, building A, 1 front Bay Road, Shenzhen Qianhai cooperation zone, Shenzhen, Guangdong

Applicant before: PING AN PUHUI ENTERPRISE MANAGEMENT Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant