CN114666135A

CN114666135A - Data encryption method and device, electronic equipment and storage medium

Info

Publication number: CN114666135A
Application number: CN202210294151.7A
Authority: CN
Inventors: 张钊; 张垚; 张帅; 伊帅
Original assignee: Chengdu Sensetime Technology Co Ltd
Current assignee: Chengdu Sensetime Technology Co Ltd
Priority date: 2022-03-23
Filing date: 2022-03-23
Publication date: 2022-06-24

Abstract

The present disclosure relates to a data encryption method and apparatus, an electronic device, and a storage medium, the method including: determining at least one encryption mode and a first security level of each encryption mode according to the acquired service scene information, performing grading processing on payment information corresponding to the service scene information and comprising at least one payment data, determining a second security level of the payment data in the payment information, then determining a target encryption mode matched with each payment data according to the first security level of each encryption mode and the second security level of each payment data, encrypting the payment data according to the target encryption mode matched with each payment data, and transmitting the encrypted payment data to a server. The embodiment of the disclosure can improve the communication security between the payment terminal and the server in the payment process and reduce the risks of communication theft and forgery attack.

Description

Data encryption method and device, electronic equipment and storage medium

Technical Field

The present disclosure relates to the field of computer technologies, and in particular, to a data encryption method and apparatus, an electronic device, and a storage medium.

Background

In order to improve payment convenience, face brushing payment is released in consuming places such as supermarkets, hospitals, subways, markets, restaurants and the like, face brushing equipment can be used for collecting face images, payment account numbers are determined by recognizing the face images, and deduction is carried out from the payment account numbers, so that payment can be completed. By the payment method, the user can complete payment by standing in the payment area without providing a bank card or an identity card or inputting a password, so that the convenience of payment is greatly improved.

In the face-brushing payment process, the payment data is transmitted through a network, for example, after the payment terminal identifies the user data, the user data is transmitted to the background service through the network, and payment is performed through the user account stored in the background. However, in public network transmission, the payment data is directly exposed, the security is lacked, and the communication between the payment terminal and the server risks theft and forgery attacks.

Disclosure of Invention

The present disclosure provides a data encryption technical scheme.

According to an aspect of the present disclosure, there is provided a data encryption method including: acquiring service scene information; determining at least one encryption mode and a first security level of each encryption mode according to the service scene information; carrying out grading processing on payment information corresponding to the service scene information, and determining a second security level of payment data in the payment information, wherein the payment information comprises at least one payment data; determining a target encryption mode matched with each payment data according to the first security level of each encryption mode and the second security level of each payment data; and encrypting the payment data according to the target encryption mode matched with each payment data, and transmitting the encrypted payment data to a server.

By the method, different encryption modes can be adopted according to different importance degrees corresponding to different payment data, and different payment data of the transaction can be encrypted by a plurality of encryption modes in one transaction, so that the communication safety between the payment terminal and the server in the payment process is improved, and the risks of communication theft and forgery attack are reduced.

In a possible implementation manner, the acquiring the service context information includes: responding to the input operation of a user on an interactive interface of a payment terminal and/or a personal terminal, and acquiring the service scene information; or acquiring the service scene information according to the historical payment information of the user; wherein the service scenario information includes: at least one of payment amount interval, payment frequency, payment success rate, payment network and payment industry.

By the method, the service scene information can be flexibly acquired, and the subsequent determination of the encryption mode according to the service scene information is facilitated.

In a possible implementation manner, the encrypting the payment data according to the target encryption manner matched with each piece of payment data includes: generating a random character string of each target encryption mode according to the target encryption mode matched with each payment data; and encrypting the payment data respectively through the target encryption mode of each payment data and the random character string corresponding to the target encryption mode.

By the method, the payment data can be encrypted through the target encryption mode and the random character string, the communication safety between the payment terminal and the server is improved, and the risks of communication stealing and forgery attacks are reduced.

In a possible implementation manner, the encrypting the payment data respectively by the target encryption manner of each piece of the payment data and the random character string corresponding to the target encryption manner includes: connecting the payment data with the random character string to obtain connection data; performing hash processing on the connection data to obtain hash data, and performing encryption processing on the connection data according to the target encryption mode to obtain encrypted data;

the transmitting the encrypted payment data to a server includes: and sending the hash data and the encrypted data to the server, wherein the server is used for verifying the payment data based on the received comparison result of the hash data and the encrypted data.

By the method, in the communication process of the payment terminal and the server, the payment data is subjected to tamper-proof and encryption setting, so that the probability of tampering the payment data is reduced, and the safety of the payment data is improved.

In a possible implementation manner, the performing hierarchical processing on the payment information corresponding to the service scenario information to determine a second security level of the payment data in the payment information includes: determining the priority order of the payment data in the payment information according to the importance degree of the payment data in the payment information; and determining the second security level of the payment data in the payment information according to the priority order of the payment data in the payment information.

By the method, the second security level of the payment data in the payment information can be determined quickly and efficiently, and the subsequent matching of the payment data with the target encryption mode is facilitated.

In a possible implementation manner, after determining at least one encryption manner according to the service scenario information, the method further includes: determining the encryption speed grade of each encryption mode according to the service scene information;

the determining a target encryption mode matched with each payment data according to the first security level of each encryption mode and the second security level of each payment data comprises: and determining the target encryption mode matched with each payment data according to the first security level and the encryption speed level of each encryption mode and the second security level of each payment data.

By the method, the security and the encryption efficiency of the encryption mode are comprehensively considered, different encryption modes are adopted for the payment data with different second security levels, and the encryption effect of the payment data is further improved.

In a possible implementation manner, before transmitting the encrypted payment data to the server, the method further includes: judging the free storage space of the payment terminal, and deleting the historical payment information under the condition that the free storage space of the payment terminal is less than or equal to a first threshold value; or deleting the historical payment information under the condition that the retention time of the payment information in the storage space of the payment terminal is greater than the first time period.

By the method, errors and omissions of payment data in the payment information caused by insufficient storage space can be reduced, and the reliability of the encryption method is improved.

In a possible implementation manner, the data encryption method is used for transmitting payment data in a face-brushing payment process, where the payment data includes: at least one of user identity identification, user account, user mobile phone number, payment amount, payment channel and timestamp.

Through this kind of mode, can carry out data encryption to the payment data of brushing face payment in-process, improve payment data's security.

According to an aspect of the present disclosure, there is provided a data encryption apparatus including: the acquisition module is used for acquiring service scene information; a first determining module, configured to determine at least one encryption manner and a first security level of each encryption manner according to the service scenario information; the second determining module is used for performing grading processing on payment information corresponding to the service scene information and determining a second security level of payment data in the payment information, wherein the payment information comprises at least one payment data; a third determining module, configured to determine, according to the first security level of each encryption manner and the second security level of each payment data, a target encryption manner matched with each payment data; and the encryption transmission module is used for encrypting the payment data according to the target encryption mode matched with each payment data and transmitting the encrypted payment data to a server.

In one possible implementation manner, the obtaining module is configured to: responding to the input operation of a user on an interactive interface of a payment terminal and/or a personal terminal, and acquiring the service scene information; or acquiring the service scene information according to the historical payment information of the user; wherein the service scenario information includes: at least one of payment amount interval, payment frequency, payment success rate, payment network and payment industry.

In one possible implementation manner, the encryption transmission module is configured to: generating a random character string of each target encryption mode according to the target encryption mode matched with each payment data; and encrypting the payment data respectively through the target encryption mode of each payment data and the random character string corresponding to the target encryption mode.

In one possible implementation manner, the encryption transmission module is configured to: connecting the payment data with the random character string to obtain connection data; performing hash processing on the connection data to obtain hash data, and performing encryption processing on the connection data according to the target encryption mode to obtain encrypted data; and sending the hash data and the encrypted data to the server, wherein the server is used for verifying the payment data based on the comparison result of the received hash data and the encrypted data.

In one possible implementation manner, the second determining module is configured to: determining the priority order of the payment data in the payment information according to the importance degree of the payment data in the payment information; and determining a second security level of the payment data in the payment information according to the priority order of the payment data in the payment information.

In one possible implementation manner, the first determining module is further configured to: determining the encryption speed grade of each encryption mode according to the service scene information; the third determining module is to: and determining the target encryption mode matched with each payment data according to the first security level and the encryption speed level of each encryption mode and the second security level of each payment data.

In a possible implementation manner, the apparatus further includes a determining module, configured to: before the encrypted payment data are transmitted to a server, judging the free storage space of a payment terminal, and deleting historical payment information under the condition that the free storage space of the payment terminal is smaller than or equal to a first threshold value; or deleting the historical payment information under the condition that the retention time of the payment information in the storage space of the payment terminal is greater than the first time period.

In a possible implementation manner, the data encryption method is used for transmitting payment data in a face-brushing payment process, where the payment data includes: at least one of the user identity identification, the user account, the user mobile phone number, the payment amount, the payment channel and the timestamp.

According to an aspect of the present disclosure, there is provided an electronic device including: a processor; a memory for storing processor-executable instructions; wherein the processor is configured to invoke the memory-stored instructions to perform the above-described method.

According to an aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the above-described method.

In the embodiment of the disclosure, at least one encryption mode and a first security level of each encryption mode can be determined according to the acquired service scene information, the payment information corresponding to the service scene information and including at least one payment data is subjected to hierarchical processing, a second security level of the payment data in the payment information is determined, then, a target encryption mode matched with each payment data is determined according to the first security level of each encryption mode and the second security level of each payment data, the payment data is encrypted respectively according to the target encryption mode matched with each payment data, and the encrypted payment data is transmitted to the server. By the method, different encryption modes can be adopted according to different importance degrees corresponding to different payment data, and different payment data of the transaction can be encrypted by a plurality of encryption modes in one transaction, so that the communication safety between the payment terminal and the server in the payment process is improved, and the risks of communication theft and forgery attack are reduced.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure. Other features and aspects of the present disclosure will become apparent from the following detailed description of exemplary embodiments, which proceeds with reference to the accompanying drawings.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and, together with the description, serve to explain the principles of the disclosure.

Fig. 1 shows a flow diagram of a data encryption method according to an embodiment of the present disclosure.

Fig. 2 shows a schematic diagram of a payment terminal interacting with a server according to an embodiment of the present disclosure.

Fig. 3 shows a block diagram of a data encryption apparatus according to an embodiment of the present disclosure.

Fig. 4 shows a block diagram of an electronic device in accordance with an embodiment of the disclosure.

Fig. 5 shows a block diagram of another electronic device in accordance with an embodiment of the disclosure.

Detailed Description

Various exemplary embodiments, features and aspects of the present disclosure will be described in detail below with reference to the accompanying drawings. In the drawings, like reference numbers can indicate functionally identical or similar elements. While the various aspects of the embodiments are presented in drawings, the drawings are not necessarily drawn to scale unless specifically indicated.

The word "exemplary" is used exclusively herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.

The term "and/or" herein is merely an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the term "at least one" herein means any one of a plurality or any combination of at least two of a plurality, for example, including at least one of A, B, C, and may mean including any one or more elements selected from the group consisting of A, B and C.

Furthermore, in the following detailed description, numerous specific details are set forth in order to provide a better understanding of the present disclosure. It will be understood by those skilled in the art that the present disclosure may be practiced without some of these specific details. In some instances, methods, means, elements and circuits that are well known to those skilled in the art have not been described in detail so as not to obscure the present disclosure.

Fig. 1 shows a flowchart of a data encryption method according to an embodiment of the present disclosure, which may be performed by an electronic device such as a terminal device or a server, where the terminal device may be a User Equipment (UE), a mobile device, a User terminal, a cellular phone, a cordless phone, a Personal Digital Assistant (PDA), a handheld device, a computing device, a vehicle-mounted device, a wearable device, or the like, and the terminal device may be a payment terminal, such as any form of payment terminal applied in a market, a supermarket, a hotel, or the like, and capable of being used for payment. The method may be implemented by a processor invoking computer readable instructions stored in a memory. Alternatively, the method may be performed by a server.

As shown in fig. 1, the data encryption method includes:

in S1, acquiring service scenario information;

at S2, determining at least one encryption manner and a first security level of each encryption manner according to the service scenario information;

in S3, performing hierarchical processing on payment information corresponding to the service scenario information, and determining a second security level of payment data in the payment information, where the payment information includes at least one payment data;

determining a target encryption mode matched with each payment data according to the first security level of each encryption mode and the second security level of each payment data in S4;

in S5, the payment data are encrypted according to the target encryption method matched with each piece of payment data, and the encrypted payment data are transmitted to a server.

In a possible implementation manner, the encryption method of the embodiment of the present disclosure may be used to transmit payment data in a face-brushing payment process, and in order to better understand the encryption method of the embodiment of the present disclosure, a simple description is first performed on the face-brushing payment process.

After the payment terminal (for example, a local face-brushing payment device) collects the face image information, the face image information (or the face features determined based on the face image information) can be sent to the server, and after the server receives the face image information (or the face features determined based on the face image information), the database is retrieved to perform face recognition. And when the face recognition is successful, the recognition result is sent to the payment terminal. And after receiving the identification result, the payment terminal displays the identification result on a display screen and inquires whether the user pays. After the user clicks the payment confirmation button, the payment terminal sends the deduction information to the server at the cloud end, and the server determines the deduction account and finishes deduction. And then sending the information of payment completion to the payment terminal, displaying the information on a display screen, and informing a user that the payment is completed.

In the above-mentioned face-brushing payment process, in order to reduce direct exposure of payment data (for example, important data such as a user account number and a mobile phone number) in the payment process and improve the security of communication, the data encryption method of the embodiment of the present disclosure may be used to transmit the payment data in the face-brushing payment process.

Wherein the payment data may include: at least one of a user identity (user _ id), a user account (user _ account), a user phone number (phone), a payment amount (user _ account), a payment channel (pay _ type), and a timestamp (timestamp). It should be understood that, in order to adapt to payment scenarios of various industries, specific contents included in the payment data may be different for different payment terminals, and the disclosure does not limit this.

In one possible implementation manner, in S1, service scenario information of a user may be obtained, where the user may be a user in various industries such as business department, hospital, bank, and the like, the service scenario information may be based on a combination of events and factors constituting a current status of a service, and may be information related to a service scenario for face-brushing payment, such as a predicted event that may occur in a service environment, and the service scenario information may include: at least one of payment amount interval, payment frequency, payment success rate, payment network and payment industry.

For example, for a certain community convenience store, a community resident can purchase daily articles from the convenience store through face-brushing payment, and the service scene information of the community resident can be that the payment amount interval is 1-1000 yuan/time, the payment frequency is 50-80 people/day, the payment Network is a Wide Area Network (WAN), and the payment industry is business over type; for another example, for a certain clinic, the patient can pay the medical advice by brushing his face, the service scenario information of the clinic can be that the payment amount interval is 1-100000 yuan/time, the payment frequency is 10-50 people/day, the payment success rate is 100%, the payment network is a local area network (intranet of the clinic), and the payment industry is medical. It should be understood that the above-mentioned service scenario information is only an example, and the present disclosure does not limit the specific content of the service scenario information.

Acquiring the service scenario information of the user at S1, and determining at least one encryption manner and a first security level of each encryption manner according to the service scenario information at S2;

in order to improve the security of the payment data in the face-brushing payment process, various different encryption modes can be used for encrypting the payment data, so that the payment data which is originally in a plain text is processed according to a certain algorithm to be an unreadable section of code, which can be called as a ciphertext. The original content can be decrypted only under the condition that the ciphertext is matched with the corresponding secret key, and the purposes of protecting payment data from being illegally stolen and read are achieved through the mode.

The Encryption method may include a Triple Data Encryption Standard (3 DES), an Advanced Encryption Standard (AES), an RSA Encryption method, a Message Digest Encryption method (MD 5), an Encryption method developed by a user, and the like, and the type of the Encryption method is not limited in the present disclosure.

Considering that the payment information generated by one payment transaction can comprise a plurality of payment data, in order to perform optimized encryption processing on the payment information and improve the security of the payment information, different encryption modes can be matched with different payment data in the same payment information. For example, the payment data (e.g., a mobile phone number, a user account, etc.) that is important in the payment information (i.e., the data is seriously damaged after being leaked) may match different encryption methods with the payment data (e.g., a timestamp) that is less important in the payment information, and the security of the encryption method that matches the payment data (e.g., the mobile phone number, the user account, etc.) that is more important in the payment information may be better than the security of the encryption method that matches the payment data (e.g., the timestamp) that is less important in the payment information. In this case, at least one encryption manner for encrypting the payment information and a first security level of each encryption manner may be determined according to the service scenario information.

For example, for the service scenario information a, the service scenario information a may be input into a neural network model trained in advance, and an encryption manner corresponding to the scenario information a may be determined based on the neural network model. The training data of the neural network model may include a plurality of pieces of service scenario information, and the neural network model may have an ability to determine an encryption manner based on the service scenario information through learning of the training data. The network structure of the specific neural network model, and the specific training method are not limited by the present disclosure. Or, according to the service scenario information a, a software interface matched with the service scenario information a may be searched, an application program, a process, or a function having an encryption mode determining capability may be called through the software interface, and an encryption mode corresponding to the service scenario information a may be determined based on the software interface. The software interface may be a Java interface, a C # interface, a PHP interface, a vb.

Assuming that N (integer greater than 0) encryption modes, namely encryption modes 1 to N, are determined according to the service scene information a, values of security strengths of the N encryption modes can be determined by using methods such as impossible differential attack, zero correlation linear analysis, and middle encounter attack, and first security levels of the N encryption modes can be determined according to the security strengths respectively corresponding to the N encryption modes. For example, assuming that 3 encryption schemes are determined according to the service scenario information a, the security strength of the encryption scheme 1 is 1, the security strength of the encryption scheme 2 is 0.8, and the security strength of the encryption scheme 3 is 0.2, it is known that the security of the encryption scheme 1 is better than that of the encryption scheme 2 (the value of the security strength of the encryption scheme 1 is larger than that of the encryption scheme 2), and the security of the encryption scheme 2 is better than that of the encryption scheme 3 (the value of the security strength of the encryption scheme 2 is larger than that of the encryption scheme 3). The first security level of the encryption scheme 1 may be determined as one level, the first security level of the encryption scheme 2 may be determined as two levels, and the first security level of the encryption scheme 3 may be determined as three levels.

It should be understood that the present disclosure may be set such that different values of security intensity correspond to different first security levels; a plurality of encryption modes which are located in a common preset interval and have relatively close security strength values may also be set to correspond to one first security level.

Multiple encryption modes and a first security level of each encryption mode are determined at S2, and accordingly, at S3, payment information corresponding to service scenario information is processed in a hierarchical manner, and a second security level of payment data in the payment information is determined, where the payment information includes at least one payment data;

for example, the payment information may be all data generated in one transaction for making a payment, and the payment information may include a plurality of payment data, such as more important payment data (e.g., a cell phone number, a user account number, etc.), less important payment data (e.g., a time stamp), and the like. The payment data included in the payment information may be hierarchically processed to determine a second security level for the payment data in the payment information.

In one possible implementation, S3 may include: determining the priority order of the payment data in the payment information according to the importance degree of the payment data in the payment information; and determining the second security level of the payment data in the payment information according to the priority order of the payment data in the payment information.

For example, assuming that the payment information D includes the payment data D1 to the payment data D5, the degree of importance of the payment data D1 is 1, the degree of importance of the payment data D2 is 0.1, the degree of importance of the payment data D3 is 0.9, the degree of importance of the payment data D4 is 0.4, and the degree of importance of the payment data D5 is 0.5, the payment information may be subjected to a classification process according to the degree of importance of the payment data, the priority order of the payment data in the payment information may be determined, the priority order of the payment data D1 and the payment data D3 having a larger value of importance may be determined as the first order, the priority order of the payment data D4 and the payment data D5 having a middle value of importance may be determined as the second order, and the priority order of the payment data D2 having a smaller value of importance may be determined as the third order.

When the priority order of the payment data D1 to the payment data D5 is determined, the priority order may be determined as a second security level of the payment data, that is, the second security levels of the payment data D1 and the payment data D3 are determined as one level, the second security levels of the payment data D4 and the payment data D5 are determined as two levels, and the order of the second security levels of the data D2 is determined as three levels.

The importance degree can be used for evaluating the size of the hazard caused by data leakage, for example, the larger the value of the importance degree is, the larger the corresponding hazard caused by data leakage is. The importance degree of the payment data can be directly and manually set in an interactive mode, and the importance degree of the payment data can also be determined through a preset neural network model for determining the importance degree. The manner in which the importance is determined, as well as the specific ranking criteria and number of ranks, is not limited by this disclosure.

It should be understood that, the execution sequence of S2 and S3 is not sequential, the service scenario information is obtained in S1, S2 may be executed first to determine at least one encryption manner and a first security level of each encryption manner, and then S3 may be executed to determine a second security level of the payment data in the payment information; or the step of determining the second security level of the payment data in the payment information in S3, and then determining at least one encryption mode and the first security level of each encryption mode in S2; s2 and S3 may also be performed in synchronization, determining at least one encryption scheme, a first security level for each encryption scheme, and a second security level for payment data in the payment information in parallel. The present disclosure does not limit the sequential execution order of S2 and S3.

At least one encryption method and a first security level of each encryption method are determined at S2, a second security level of payment data in the payment information is determined at S3, and a target encryption method for each payment data match may be determined at S4 according to the first security level of each encryption method and the second security level of each payment data.

For example, assume that the encryption modes corresponding to the payment information of the service scenario information a are encryption modes 1-3, the first security level of the encryption mode 1 is one level, the first security level of the encryption mode 2 is two levels, and the first security level of the encryption mode 3 is three levels; the payment information to be encrypted includes payment data D1-payment data D5, the second security level of the payment data D1 and the payment data D3 is first level, the second security level of the payment data D4 and the payment data D5 is second level, and the second security level of the payment data D2 is third level.

The same level of payment data and encryption scheme may be matched, for example, encryption scheme 1 may be determined as a target encryption scheme for payment data D1 and payment data D3, encryption scheme 2 may be determined as a target encryption scheme for payment data D4 and payment data D5, and encryption scheme 3 may be determined as a target encryption scheme for payment data D2.

Alternatively, in a case where the first security level of the encryption scheme is better than or equal to the second security level of the payment data, any one of the plurality of encryption schemes better than or equal to the second security level may be used as the target encryption scheme for the payment data, for example, encryption scheme 1 may be determined as the target encryption scheme for the payment data D1 and the payment data D3, encryption scheme 1 or encryption scheme 2 may be determined as the target encryption scheme for the payment data D4 and the payment data D5, and any one of encryption schemes 1 to 3 may be determined as the target encryption scheme for the payment data D2. When the plurality of encryption modes can be used as the target encryption mode of the payment data, the encryption mode with the highest encryption efficiency can be selected from the plurality of encryption modes to be used as the target encryption mode of the payment data, so that the data encryption effect is improved.

It should be appreciated that the present disclosure is not limited to the method of determining a target encryption scheme for each payment data match based on the first security level for each encryption scheme and the second security level for each payment data.

The target encryption method matched with each payment data is determined at S4, and the payment data may be encrypted according to the target encryption method matched with each payment data, respectively, and the encrypted payment data may be transmitted to the server at S5.

For example, the payment data D1 and the payment data D3 may be encrypted according to a target encryption manner (e.g., encryption manner 1) in which the payment data D1 and the payment data D3 are matched, and the encrypted payment data D1 and the encrypted payment data D3 may be transmitted to the server; the payment data D4 and the payment data D5 may be encrypted according to a target encryption manner (e.g., encryption manner 2) in which the payment data D4 and the payment data D5 are matched, and the encrypted payment data D4 and the encrypted payment data D5 may be transmitted to the server; the payment data D3 may be encrypted according to a target encryption scheme (e.g., encryption scheme 3) matched with the payment data D2, and the encrypted payment data D2 may be transmitted to the server.

The payment data of each level can be sequentially encrypted according to the sequence of the second security level of the payment data, and the encrypted payment data are serially transmitted to the server; the payment data of each grade can be encrypted in parallel, and the encrypted payment data can be transmitted to the server in parallel. The transmission mode is not limited by the disclosure, and can be determined according to the transmission bandwidth of the payment terminal and the server.

Through S1-S5, different encryption modes can be adopted according to different importance degrees corresponding to different payment data, and in one transaction, a plurality of encryption modes can be adopted to encrypt different payment data of the transaction, so that the communication safety between the payment terminal and the server in the payment process is improved, and the risks of communication theft and forgery attack are reduced.

The following is a description of a data encryption method according to an embodiment of the present disclosure.

In one possible implementation, the service scenario information may be obtained in S1, and S1 may include: responding to the input operation of a user on an interactive interface of a payment terminal and/or a personal terminal, and acquiring the service scene information; or acquiring the service scene information according to the historical payment information of the user.

For example, the business scenario information may be directly input on an interface of a terminal device (e.g., a personal terminal including a payment terminal, a business party, etc.) by a user (e.g., a business party providing business services to a consumer); the service scene information of the user can also be obtained by analyzing the historical data (such as the historical consumption data of the consumer) of the user in a preset time period; the embodiment of the present disclosure may acquire the service scenario information of the user in various ways, and the present disclosure does not limit the specific way of acquiring the service characteristics of the user.

For example, for the shopping mall type (e.g., shopping mall, supermarket, convenience store, etc.) face-brushing payment, a method such as sending an online questionnaire, an applet, an e-mail, an H5(HTML5, hypertext 5.0) page link, APP (Application) push, etc. to a user (e.g., manager of shopping mall) can be used, so that the user inputs service scenario information on a personal terminal (or payment terminal) in a man-machine interaction manner;

alternatively, historical payment information such as customer data, transaction data, and commodity data of historical payment that is surpassed by the merchant within a preset time period (for example, within one year) may be collected, and service scenario information may be obtained based on analysis of the historical payment information, for example, service scenario information such as a payment amount interval, a payment frequency, and a payment success rate may be analyzed based on the transaction data in the historical payment information.

After the service context information of the user is acquired at S1, at least one encryption method and a first security level of each encryption method may be determined according to the service context information at S2.

In actual face-brushing payment applications, in services with high security requirements (such as financial services), the security of each encryption mode can be mainly considered. However, in some services with frequent transaction (such as business over-class services), a faster transaction efficiency is required to increase the turnover, and in a similar scenario, the security and the encryption efficiency of the encryption mode need to be considered comprehensively. The encryption method and the encryption device can determine at least one encryption mode and the first security level of each encryption mode according to the service scene information, and can also determine the encryption speed level of each encryption mode according to the service scene information.

For example, the encryption scheme determined by the service context information a is a 3DES encryption scheme, an AES encryption scheme, or an RSA encryption scheme. In the 3DES encryption scheme, 3 different keys can be used to encrypt the same packet data block 3 times. The AES encryption is a block encryption standard, the block length of AES is 128 bits, and the key length may be 128, 192 or 256 bits. The RSA encryption method is an asymmetric encryption method, and can encrypt by using a product generated by multiplying two large prime numbers, and this pair of prime numbers is called a key pair. It should be understood that the method for determining the encryption manner according to the traffic scenario information may refer to step S2 above, and will not be described herein in detail.

The 3 encryption modes are determined according to the service scene information, the encryption speed and the security strength of each encryption mode can be respectively determined, the encryption speed grade can be determined according to the encryption speed of each encryption mode, and the first encryption grade is determined according to the security strength of each encryption mode.

For example, according to the encryption speeds of the N encryption methods, the encryption speeds of the N encryption methods can be mapped into P levels, wherein, the level P corresponding to the ith (i ∈ N) encryption method is assumed_i(P_i∈P)，P_iThe larger the level is, the slower the encryption speed of the corresponding encryption mode is, and P_iThe smaller the level, the faster the encryption speed of the corresponding encryption method.

For another example, the security strength of N encryption schemes can be mapped to Q levels according to the security strength of N encryption schemes, wherein, the level Q corresponding to the ith (i ∈ N) encryption scheme is assumed_i(Q_i∈Q)，Q_iThe larger the level is, the lower the security of the corresponding encryption mode is, Q_iThe smaller the level, the higher the security of the corresponding encryption scheme.

In the process of determining the encryption speed of each encryption mode, the encryption speed of each encryption mode can be determined according to a preset time complexity function; alternatively, a predetermined data block may be run by each encryption method, and the encryption speed of each encryption method may be determined by analyzing the running time of each encryption method. In the process of determining the security strength of each encryption mode, the value of the security strength of each encryption mode can be determined by methods such as impossible differential attack, zero correlation linear analysis, intermediate encounter attack and the like. The method for determining the encryption speed and the security strength of the encryption mode is not limited by the disclosure.

Furthermore, the embodiment of the disclosure may further determine the encryption speed and the security strength corresponding to the encryption modes respectively without accurately determining the encryption speed and the security strength, and may qualitatively determine the encryption speed and the security strength of the encryption modes, that is, the encryption speed and the security strength of the encryption modes in N may be distinguished, so as to meet the requirements of the embodiment of the disclosure, and determine the first security level and the encryption speed level of each encryption mode according to qualitative analysis.

For example, qualitative analysis of the 3DES encryption scheme, the AES encryption scheme, and the RSA encryption scheme is shown in table 1.

TABLE 1

Encryption method	Advantages of the invention	Disadvantages of
			3DES	The encryption speed is fastest	General safety intensity
AES	The encryption speed is high	High safety strength
			RSA	The encryption speed is slow	The highest safety strength

As can be seen from table 1, the encryption speed and security of each encryption method are inversely related.

From the perspective of the security strength of the encryption mode, the security strength of the RSA encryption mode is superior to that of the AES encryption mode, and the security strength of the AES encryption mode is superior to that of the 3DES encryption mode. The first security level of the RSA encryption scheme may be determined as one level, the first security level of the AES encryption scheme may be determined as two levels, and the first security level of the 3DES encryption scheme may be determined as three levels.

From the perspective of the encryption speed of the encryption method, the encryption speed of the 3DES encryption method is superior to the AES encryption method, and the encryption speed of the AES encryption method is superior to the RSA encryption method. The encryption speed level of the 3DES encryption mode can be determined as one level, the encryption speed level of the AES encryption mode can be determined as two levels, and the encryption speed level of the RSA encryption mode can be determined as three levels.

By the method, the first security level and the encryption speed level can be determined more efficiently, and the corresponding performance of each encryption mode and the performance difference between the encryption modes can be determined more intuitively.

After the first security level and the encryption speed level of each encryption method are determined, in step S3, the payment information corresponding to the service scenario information may be processed in a hierarchical manner, and a second security level of the payment data in the payment information may be determined. Reference may be made specifically to S3 above, which is not described again in detail here.

After determining the first security level, the encryption speed level, and the second security level of the encryption scheme, the target encryption scheme matching each of the payment data may be determined according to the first security level and the encryption speed level of each of the encryption schemes and the second security level of each of the payment data in S4.

Assume that the determined encryption mode is: encryption modes 1-3, wherein the first security level of the encryption mode 1 is one level, and the encryption speed level is three levels; the first security level of the encryption mode 2 is two levels, and the encryption speed level is two levels; the first security level of the encryption mode 3 is three levels, and the encryption speed level is one level; the payment information to be encrypted comprises payment data D1-D5, the second security level of the payment data D1 and the payment data D3 is first level, the second security level of the payment data D4 and the payment data D5 is second level, and the second security level of the payment data D2 is third level.

The first security level of the encryption scheme may be matched first and then the encryption speed level of the encryption scheme.

For example, for the payment data D1 and the payment data D3, the corresponding second security level is one level, and an encryption manner with the highest security is required, and only the first security level of the encryption manner 1 is one level, the encryption manner 1 may be determined as a target encryption manner of the payment data D1 and the payment data D3;

for the payment data D4 and the payment data D5, the corresponding second security level is two levels, and the encryption methods (encryption method 1 and encryption method 2) with the first security level superior to the second level can be used as the target encryption methods of the payment data D4 and the payment data D5, and in order to further improve the encryption efficiency of data encryption, the encryption method with the better encryption speed level, that is, the encryption method 2 can be selected from a plurality of encryption methods as the target encryption method of the payment data D4 and the payment data D5;

for the payment data D2, the corresponding second security level is three levels, and all encryption methods (encryption method 1, encryption method 2, and encryption method 3) with the first security level superior to three levels can be used as the target encryption method for the payment data D2, and in order to further improve the encryption efficiency of data encryption, an encryption method with the optimal encryption speed level, that is, the encryption method 3, can be selected from a plurality of encryption methods as the target encryption method for the payment data D2.

It should be understood that the present disclosure may also use a preset function, and input the first security level of each encryption manner, the encryption speed level, and the second security level of each payment data into the preset function, and determine the target encryption manner respectively matched with each payment data according to the preset function, and the present disclosure does not limit the method for determining the target encryption manner.

The target encryption method matched with each payment data is determined at S4, and the payment data may be encrypted according to the target encryption method respectively matched with each payment data at S5, and the encrypted payment data may be transmitted to the server.

In one possible implementation, S5 may include:

in S51, generating a random character string for each target encryption method according to the target encryption method matched with each payment data;

the payment terminal can automatically generate a random character string for each target encryption mode. The random string may include letters, numbers, operands, punctuation marks and other symbols, as well as some functional symbols, and the number of bits of the random string may be one or more.

The method for generating the random character string is not limited in the present disclosure, and any method capable of generating the random character string may be used, for example: the time of selecting the target encryption mode can be used as a seed to call a random character string generation function to generate a random character string, the random character string is generated by randomly arranging preset character strings in a full mode, the random character string is generated by character set de-duplication, and the like.

At S52, the payment data is encrypted by the target encryption method of each payment data and the random string corresponding to the target encryption method, respectively.

For example, assume that the target encryption mode of the payment data D1 and payment data D3 is encryption mode 1, and its corresponding random string is key 1; the target encryption mode of the payment data D4 and the payment data D5 is an encryption mode 2, and the corresponding random character strings are key 2; the target encryption mode of the payment data D2 is encryption mode 3, and the corresponding random string is key 3.

The payment data D1, the payment data D3, and the random character string as key1 may be connected (i.e., the payment data D1 and the payment data D3 are salted), so as to obtain the original signature string 1. The original signature string 1 can be encrypted in the encryption mode 1, and the encrypted payment data D1 and payment data D3 can be transmitted to the server.

Similarly, the payment data D4, the payment data D5, and the random string key2 may be concatenated to obtain the signature original string 2. The original signature string 2 can be encrypted by the encryption method 2, and the encrypted payment data D4 and payment data D5 can be transmitted to the server. The payment data D2 and the random string key3 may be concatenated to obtain the original signature string 3. The original signature string 3 can be encrypted by the encryption method 3, and the encrypted payment data D2 can be transmitted to the server.

By the method, encrypted communication can be carried out between the server and the target encryption mode and the random character string, the communication safety between the payment terminal and the server is improved, and the risks of communication stealing and forgery attacks are reduced.

In one possible implementation, S52 may include: connecting the payment data with the random character string to obtain connection data; performing hash processing on the connection data to obtain hash data, and performing encryption processing on the connection data according to the target encryption mode to obtain encrypted data; and sending the hash data and the encrypted data to a server, wherein the server is used for verifying the payment data based on the comparison result of the received hash data and the encrypted data.

Fig. 2 shows a schematic diagram of interaction between a payment terminal and a server in the embodiment of the disclosure, as shown in fig. 2, it is assumed that payment data included in payment information, for example, user identification user _ id, user account user _ account, user phone number phone, payment amount user _ account, payment channel path _ type, and timestamp, have the same second security level, and may match the same target encryption manner a, where a random string corresponding to the encryption manner is key, and these payment data may be connected to the random string to obtain connection data origin _ sign, that is, origin _ sign is user _ id + user _ account + phone _ account + user _ account + pad _ type + timestamp + key.

The hash processing (for example, sha256 processing) is performed on the connection data origin _ sign, so as to obtain hash data sign. In parallel, the connection data origin _ sign may also be encrypted by using the target encryption method a to obtain the encrypted data. The hash data sign and the encrypted data may be wrapped in some protocol (e.g., xml or json) and sent to the server.

The server receives the hash data sign and the encrypted data, can perform anti-hash processing on the hash data sign to obtain anti-hash data sign ', and performs decryption processing on the encrypted data to obtain decrypted data'. Then, the server can compare the anti-hash data sign 'with the decryption data'. And under the condition that the payment data included in the anti-hash data sign 'is consistent with the payment data included in the decryption data', the comparison result is that the payment data passes verification, and the server can pay according to the payment data. Otherwise, under the condition that the payment data included in the anti-hash data sign 'is inconsistent with the payment data included in the decryption data', the verification of the payment data is failed as a comparison result, and the fact that the payment data is tampered and payment cannot be carried out in the payment process is indicated. In this case, the server may wait until the hash data sign and the encrypted data sent by the payment terminal next time, until the comparison result of the hash data sign and the encrypted data by the server is the payment data verification pass.

It should be appreciated that reference may be made to the above for the encryption method of payment data corresponding to the other second security level in the payment information, which is not further detailed herein by the present disclosure.

In view of the fact that the storage space of data on the payment terminal is relatively limited, in order to improve the reliability of the encryption method and reduce the omission of the payment data caused by insufficient storage space, some process optimization can be performed on the aspect of storage of the payment terminal.

In one possible implementation, before transmitting the encrypted payment data to the server (before S5): judging the free storage space of the payment terminal, and deleting the historical payment information under the condition that the free storage space of the payment terminal is less than or equal to a first threshold value; or deleting the historical payment information under the condition that the retention time of the payment information in the storage space of the payment terminal is greater than the first time period.

For example, in a case that the transaction amount of the payment terminal is large, which results in insufficient disk capacity of the payment terminal, the free storage space of the payment terminal is less than or equal to the first threshold (e.g., 5%), so as to ensure that the payment software function of the payment terminal operates smoothly. The payment terminal can connect the transaction data to the line, the local payment terminal can not store the transaction data, and if the user needs to check the historical data at the payment terminal, the payment terminal can obtain the historical data from the server in real time. Meanwhile, the payment terminal can prompt the user that the disk is insufficient and needs to be cleaned in time. And when the capacity of the disk is more than 5%, restoring the disk to the local storage.

Or, in the case that the historical payment data on the payment terminal is more, the payment data before half a year (i.e. the first time period) can be deleted locally, and if the user needs to view the data, the payment terminal can obtain the data from the server in real time. The function may be set on a setup page of the payment terminal.

It should be understood that, in the process of data transmission between the payment terminal and the server, the encrypted transmission may be performed by using the methods from S1 to S5.

Therefore, the embodiment of the disclosure may determine at least one encryption manner, a first security level and an encryption speed level of each encryption manner according to the acquired service scenario information, perform hierarchical processing on payment information including at least one payment data corresponding to the service scenario information, determine a second security level of the payment data in the payment information, then determine a target encryption manner matched with each payment data according to the first security level and the encryption speed level of each encryption manner and the second security level of each payment data, encrypt the payment data according to the target encryption manner matched with each payment data, and transmit the encrypted payment data to the server. By the method, different encryption modes can be adopted according to different importance degrees corresponding to different payment data, and in one transaction, a plurality of encryption modes can be adopted to encrypt different payment data of the transaction, so that the communication safety between the payment terminal and the server in the payment process is improved, and the risks of communication theft and forgery attack are reduced. Moreover, the security and the encryption efficiency of the encryption mode can be comprehensively considered, and the encryption effect of data encryption is further improved.

It is understood that the above-mentioned method embodiments of the present disclosure can be combined with each other to form a combined embodiment without departing from the logic of the principle, which is limited by the space, and the detailed description of the present disclosure is omitted. Those skilled in the art will appreciate that in the above methods of the specific embodiments, the specific order of execution of the steps should be determined by their function and possibly their inherent logic.

In addition, the present disclosure also provides a data encryption device, an electronic device, a computer-readable storage medium, and a program, which can be used to implement any data encryption method provided by the present disclosure, and the corresponding technical solutions and descriptions and corresponding descriptions in the methods section are not repeated.

Fig. 3 shows a block diagram of a data encryption apparatus according to an embodiment of the present disclosure, as shown in fig. 3, the apparatus including:

an obtaining module 31, configured to obtain service scenario information;

a first determining module 32, configured to determine at least one encryption manner and a first security level of each encryption manner according to the service scenario information;

a second determining module 33, configured to perform hierarchical processing on payment information corresponding to the service scenario information, and determine a second security level of payment data in the payment information, where the payment information includes at least one payment data;

a third determining module 34, configured to determine a target encryption manner matched to each payment data according to the first security level of each encryption manner and the second security level of each payment data;

and the encryption transmission module 35 is configured to encrypt the payment data according to the target encryption mode matched with each piece of payment data, and transmit the encrypted payment data to a server.

It should be understood that the obtaining module 31, the first determining module 32, the second determining module 33, the third determining module, and the encryption transmission module 35 may be applied to any processor, and the embodiment of the disclosure is not limited.

By the method, different encryption modes can be adopted according to different importance degrees corresponding to different payment data, and in one transaction, a plurality of encryption modes can be adopted to encrypt different payment data of the transaction, so that the communication safety between the payment terminal and the server in the payment process is improved, and the risks of communication theft and forgery attack are reduced.

In a possible implementation manner, the obtaining module 31 is configured to: responding to the input operation of a user on an interactive interface of a payment terminal and/or a personal terminal, and acquiring the service scene information; or acquiring the service scene information according to the historical payment information of the user; wherein the service scenario information includes: at least one of payment amount interval, payment frequency, payment success rate, payment network and payment industry.

In a possible implementation manner, the encryption transmission module 35 is configured to: generating a random character string of each target encryption mode according to the target encryption mode matched with each payment data; and encrypting the payment data respectively through the target encryption mode of each payment data and the random character string corresponding to the target encryption mode.

In a possible implementation manner, the encryption transmission module 35 is configured to: connecting the payment data with the random character string to obtain connection data; performing hash processing on the connection data to obtain hash data, and performing encryption processing on the connection data according to the target encryption mode to obtain encrypted data; and sending the hash data and the encrypted data to a server, wherein the server is used for verifying the payment data based on the comparison result of the received hash data and the encrypted data.

In a possible implementation manner, the second determining module 33 is configured to: determining the priority order of the payment data in the payment information according to the importance degree of the payment data in the payment information; and determining a second security level of the payment data in the payment information according to the priority order of the payment data in the payment information.

In a possible implementation manner, the first determining module 32 is further configured to: determining the encryption speed grade of each encryption mode according to the service scene information; the third determining module is to: and determining the target encryption mode matched with each payment data according to the first security level and the encryption speed level of each encryption mode and the second security level of each payment data.

The method has specific technical relevance with the internal structure of the computer system, and can solve the technical problems of how to improve the hardware operation efficiency or the execution effect (including reducing data storage capacity, reducing data transmission capacity, improving hardware processing speed and the like), thereby obtaining the technical effect of improving the internal performance of the computer system according with the natural law.

In some embodiments, functions of or modules included in the apparatus provided in the embodiments of the present disclosure may be used to execute the method described in the above method embodiments, and specific implementation thereof may refer to the description of the above method embodiments, and for brevity, will not be described again here.

Embodiments of the present disclosure also provide a computer-readable storage medium having stored thereon computer program instructions, which when executed by a processor, implement the above-mentioned method. The computer readable storage medium may be a volatile or non-volatile computer readable storage medium.

An embodiment of the present disclosure further provides an electronic device, including: a processor; a memory for storing processor-executable instructions; wherein the processor is configured to invoke the memory-stored instructions to perform the above-described method.

Embodiments of the present disclosure also provide a computer program product, which includes computer readable code or a non-volatile computer readable storage medium carrying computer readable code, when the computer readable code runs in a processor of an electronic device, the processor in the electronic device executes the above method.

The electronic device may be provided as a terminal, server, or other form of device.

Fig. 4 illustrates a block diagram of an electronic device 800 in accordance with an embodiment of the disclosure. For example, the electronic device 800 may be a User Equipment (UE), a mobile device, a User terminal, a cellular phone, a cordless phone, a Personal Digital Assistant (PDA), a handheld device, a computing device, a vehicle-mounted device, a wearable device, or other terminal device.

Referring to fig. 4, electronic device 800 may include one or more of the following components: a processing component 802, a memory 804, a power component 806, a multimedia component 808, an audio component 810, an input/output (I/O) interface 812, a sensor component 814, and a communication component 816.

The processing component 802 generally controls overall operation of the electronic device 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing components 802 may include one or more processors 820 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interaction between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.

The memory 804 is configured to store various types of data to support operations at the electronic device 800. Examples of such data include instructions for any application or method operating on the electronic device 800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile and non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.

The power supply component 806 provides power to the various components of the electronic device 800. The power components 806 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the electronic device 800.

The multimedia component 808 includes a screen that provides an output interface between the electronic device 800 and a user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front facing camera and/or a rear facing camera. The front camera and/or the rear camera may receive external multimedia data when the electronic device 800 is in an operation mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.

The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the electronic device 800 is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may further be stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 also includes a speaker for outputting audio signals.

The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.

The sensor assembly 814 includes one or more sensors for providing various aspects of state assessment for the electronic device 800. For example, the sensor assembly 814 may detect an open/closed state of the electronic device 800, the relative positioning of components, such as a display and keypad of the electronic device 800, the sensor assembly 814 may also detect a change in the position of the electronic device 800 or a component of the electronic device 800, the presence or absence of user contact with the electronic device 800, orientation or acceleration/deceleration of the electronic device 800, and a change in the temperature of the electronic device 800. Sensor assembly 814 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact. The sensor assembly 814 may also include a light sensor, such as a Complementary Metal Oxide Semiconductor (CMOS) or Charge Coupled Device (CCD) image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.

The communication component 816 is configured to facilitate wired or wireless communication between the electronic device 800 and other devices. The electronic device 800 may access a wireless network based on a communication standard, such as a wireless network (Wi-Fi), a second generation mobile communication technology (2G), a third generation mobile communication technology (3G), a fourth generation mobile communication technology (4G), a long term evolution of universal mobile communication technology (LTE), a fifth generation mobile communication technology (5G), or a combination thereof. In an exemplary embodiment, the communication component 816 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.

In an exemplary embodiment, the electronic device 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.

In an exemplary embodiment, a non-transitory computer-readable storage medium, such as the memory 804, is also provided that includes computer program instructions executable by the processor 820 of the electronic device 800 to perform the above-described methods.

Fig. 5 illustrates a block diagram of an electronic device 1900 in accordance with an embodiment of the disclosure. For example, the electronic device 1900 may be provided as a server or terminal device. Referring to fig. 5, electronic device 1900 includes a processing component 1922 further including one or more processors and memory resources, represented by memory 1932, for storing instructions, e.g., applications, that are executable by processing component 1922. The application programs stored in memory 1932 may include one or more modules that each correspond to a set of instructions. Further, the processing component 1922 is configured to execute instructions to perform the above-described method.

The electronic device 1900 may also include a power component 1926 configured to perform power management of the electronic device 1900, a wired or wireless network interface 1950 configured to connect the electronic device 1900 to a network, and an input/output (I/O) interface 1958. The electronic device 1900 may operate based on an operating system, such as the Microsoft Server operating system (Windows Server), stored in the memory 1932^TM) Apple Inc. of the present application based on the graphic user interface operating System (Mac OS X)^TM) Multi-user, multi-process computer operating system (Unix)^TM) Free and open native code Unix-like operating System (Linux)^TM) Open native code Unix-like operating System (FreeBSD)^TM) Or the like.

In an exemplary embodiment, a non-transitory computer readable storage medium, such as the memory 1932, is also provided that includes computer program instructions executable by the processing component 1922 of the electronic device 1900 to perform the above-described methods.

The present disclosure may be systems, methods, and/or computer program products. The computer program product may include a computer-readable storage medium having computer-readable program instructions embodied thereon for causing a processor to implement various aspects of the present disclosure.

The computer readable storage medium may be a tangible device that can hold and store the instructions for use by the instruction execution device. The computer readable storage medium may be, for example, but is not limited to, an electronic memory device, a magnetic memory device, an optical memory device, an electromagnetic memory device, a semiconductor memory device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a Static Random Access Memory (SRAM), a portable compact disc read-only memory (CD-ROM), a Digital Versatile Disc (DVD), a memory stick, a floppy disk, a mechanical coding device, such as punch cards or in-groove projection structures having instructions stored thereon, and any suitable combination of the foregoing. Computer-readable storage media as used herein is not to be construed as transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission medium (e.g., optical pulses through a fiber optic cable), or electrical signals transmitted through electrical wires.

The computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to a respective computing/processing device, or to an external computer or external storage device via a network, such as the internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers. The network adapter card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in a computer-readable storage medium in the respective computing/processing device.

The computer program instructions for carrying out operations of the present disclosure may be assembler instructions, Instruction Set Architecture (ISA) instructions, machine-related instructions, microcode, firmware instructions, state setting data, or source or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer-readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider). In some embodiments, the electronic circuitry that can execute the computer-readable program instructions implements aspects of the present disclosure by utilizing the state information of the computer-readable program instructions to personalize the electronic circuitry, such as a programmable logic circuit, a Field Programmable Gate Array (FPGA), or a Programmable Logic Array (PLA).

Various aspects of the present disclosure are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.

These computer-readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer-readable program instructions may also be stored in a computer-readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer-readable medium storing the instructions comprises an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.

The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.

The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The computer program product may be embodied in hardware, software or a combination thereof. In an alternative embodiment, the computer program product is embodied in a computer storage medium, and in another alternative embodiment, the computer program product is embodied in a Software product, such as a Software Development Kit (SDK), or the like.

The foregoing description of the various embodiments is intended to highlight various differences between the embodiments, and the same or similar parts may be referred to each other, and for brevity, will not be described again herein.

It will be understood by those skilled in the art that in the method of the present invention, the order of writing the steps does not imply a strict order of execution and any limitations on the implementation, and the specific order of execution of the steps should be determined by their function and possible inherent logic.

If the technical scheme of the application relates to personal information, a product applying the technical scheme of the application clearly informs personal information processing rules before processing the personal information, and obtains personal independent consent. If the technical scheme of the application relates to important personal information, before the important personal information is processed, a product applying the technical scheme of the application obtains individual consent, and simultaneously meets the requirement of 'explicit consent'. For example, at a personal information collection device such as a camera, a clear and significant identifier is set to inform that the personal information collection range is entered, the personal information is collected, and if the person voluntarily enters the collection range, the person is considered as agreeing to collect the personal information; or on the device for processing the personal information, under the condition of informing the personal information processing rule by using obvious identification/information, obtaining personal authorization in the modes of pop-up window information or asking the person to upload personal information thereof and the like; the personal information processing rule may include information such as a personal information processor, a personal information processing purpose, a processing method, and a type of personal information to be processed.

Having described embodiments of the present disclosure, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the disclosed embodiments. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen in order to best explain the principles of the embodiments, the practical application, or improvements made to the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

Claims

1. A method for data encryption, the method comprising:

acquiring service scene information;

determining at least one encryption mode and a first security level of each encryption mode according to the service scene information;

carrying out grading processing on payment information corresponding to the service scene information, and determining a second security level of payment data in the payment information, wherein the payment information comprises at least one payment data;

determining a target encryption mode matched with each payment data according to the first security level of each encryption mode and the second security level of each payment data;

and encrypting the payment data according to the target encryption mode matched with each payment data, and transmitting the encrypted payment data to a server.

2. The method of claim 1, wherein the obtaining the service scenario information comprises:

responding to the input operation of a user on an interactive interface of a payment terminal and/or a personal terminal, and acquiring the service scene information;

or acquiring the service scene information according to the historical payment information of the user;

wherein the service scenario information includes: at least one of payment amount interval, payment frequency, payment success rate, payment network and payment industry.

3. The method according to claim 1 or 2, wherein the encrypting the payment data according to the target encryption mode matched with each payment data comprises:

generating a random character string of each target encryption mode according to the target encryption mode matched with each payment data;

and encrypting the payment data respectively through the target encryption mode of each payment data and the random character string corresponding to the target encryption mode.

4. The method according to claim 3, wherein the encrypting the payment data respectively by the target encryption mode of each payment data and a random string corresponding to the target encryption mode comprises:

connecting the payment data with the random character string to obtain connection data;

performing hash processing on the connection data to obtain hash data, and performing encryption processing on the connection data according to the target encryption mode to obtain encrypted data;

the transmitting the encrypted payment data to a server includes:

and sending the hash data and the encrypted data to the server, wherein the server is used for verifying the payment data based on the received comparison result of the hash data and the encrypted data.

5. The method according to claim 1, wherein the performing the hierarchical processing on the payment information corresponding to the service scenario information to determine the second security level of the payment data in the payment information includes:

determining the priority order of the payment data in the payment information according to the importance degree of the payment data in the payment information;

and determining the second security level of the payment data in the payment information according to the priority order of the payment data in the payment information.

6. The method according to claim 1, wherein after determining at least one encryption scheme according to the service context information, further comprising:

determining the encryption speed grade of each encryption mode according to the service scene information;

the determining a target encryption mode matched with each payment data according to the first security level of each encryption mode and the second security level of each payment data comprises:

and determining the target encryption mode matched with each payment data according to the first security level and the encryption speed level of each encryption mode and the second security level of each payment data.

7. The method according to any of claims 1-6, wherein prior to transmitting the encrypted payment data to a server, the method further comprises:

judging the free storage space of the payment terminal, and deleting the historical payment information under the condition that the free storage space of the payment terminal is less than or equal to a first threshold value;

or deleting the historical payment information under the condition that the retention time of the payment information in the storage space of the payment terminal is greater than the first time period.

8. The method according to any one of claims 1-7, wherein the data encryption method is used for transmitting payment data in a face-brushing payment process, the payment data comprising: at least one of user identity identification, user account, user mobile phone number, payment amount, payment channel and timestamp.

9. A data encryption apparatus, comprising:

the acquisition module is used for acquiring service scene information;

a first determining module, configured to determine at least one encryption manner and a first security level of each encryption manner according to the service scenario information;

the second determining module is used for carrying out grading processing on payment information corresponding to the service scene information and determining a second security level of payment data in the payment information, wherein the payment information comprises at least one payment data;

a third determining module, configured to determine, according to the first security level of each encryption manner and the second security level of each payment data, a target encryption manner that matches each payment data;

and the encryption transmission module is used for encrypting the payment data according to the target encryption mode matched with each payment data and transmitting the encrypted payment data to a server.

10. An electronic device, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to invoke the memory-stored instructions to perform the method of any one of claims 1 to 8.

11. A computer readable storage medium having computer program instructions stored thereon, which when executed by a processor implement the method of any one of claims 1 to 8.