CN114760063A - Home decoration data processing method, system, storage medium and equipment - Google Patents

Home decoration data processing method, system, storage medium and equipment Download PDF

Info

Publication number
CN114760063A
CN114760063A CN202210267568.4A CN202210267568A CN114760063A CN 114760063 A CN114760063 A CN 114760063A CN 202210267568 A CN202210267568 A CN 202210267568A CN 114760063 A CN114760063 A CN 114760063A
Authority
CN
China
Prior art keywords
key
information
database
funding
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210267568.4A
Other languages
Chinese (zh)
Inventor
涂子辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Baianju Information Technology Shanghai Co ltd
Original Assignee
Baianju Information Technology Shanghai Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Baianju Information Technology Shanghai Co ltd filed Critical Baianju Information Technology Shanghai Co ltd
Priority to CN202210267568.4A priority Critical patent/CN114760063A/en
Publication of CN114760063A publication Critical patent/CN114760063A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a home decoration data processing method, a home decoration data processing system, a storage medium and home decoration data processing equipment. The method comprises the following steps: acquiring client funding information acquired by a third party funding platform through https funding api; sending a key acquisition request to a key database through a key query api to the information leaving the resources according to the sensitive data type; receiving a key returned by the key database and calling an encryption algorithm to generate a ciphertext for the information left; and storing the ciphertext to a resource reservation database. The method and the system reduce the database leakage risk in the plaintext storage data of the sensitive data at the system level, and reduce the legal risk of a decoration company caused by leakage of user information and huge economic benefit loss caused by the legal risk.

Description

家装留资数据处理方法、系统、存储介质及设备Data processing method, system, storage medium and device for home improvement retained funds

技术领域technical field

本发明涉及数据处理领域,特别是涉及一种家装留资数据处理方法、系统、存储介质及设备。The present invention relates to the field of data processing, in particular to a method, system, storage medium and device for processing home improvement retained capital data.

背景技术Background technique

目前市场上大多数装修公司在第三方平台投放装修服务,客户会将敏感数据信息(包括手机号,姓名,地址,装修时间,计划装修费用等)通过授权推送给装修公司,装修工时后端系统默认会明文显示这些信息。由于装修场景的复杂,往往在一个客户装修意愿需要有多个设计师,多个施工经理跟进,在这个沟通过程中存在敏感数据泄漏风险,另外系统层面敏感数据明文存储数据中也存在数据库泄漏风险最终会导致装修公司造成巨大经济利益损失及法律风险,因此家装行业对于客户敏感信息保护尤为重要。At present, most decoration companies in the market offer decoration services on third-party platforms, and customers will push sensitive data information (including mobile phone number, name, address, decoration time, planned decoration cost, etc.) to the decoration company through authorization, and the back-end system of decoration hours This information is displayed in clear text by default. Due to the complexity of the decoration scene, it is often necessary to have multiple designers and multiple construction managers to follow up on a customer's decoration wishes. In this communication process, there is a risk of sensitive data leakage. In addition, there is also a database leakage in the clear text storage of sensitive data at the system level. Risks will eventually lead to huge loss of economic benefits and legal risks for decoration companies. Therefore, the home improvement industry is particularly important for the protection of sensitive customer information.

发明内容SUMMARY OF THE INVENTION

鉴于以上所述现有技术的缺点,本发明的目的在于提供一种家装留资数据处理方法、系统、存储介质及设备,用于解决现有技术中的以上问题。In view of the above-mentioned shortcomings of the prior art, the purpose of the present invention is to provide a method, system, storage medium and device for processing home improvement retention data, which are used to solve the above problems in the prior art.

为实现上述目的及其他相关目的,本发明提供一种家装留资数据处理方法,所述方法包括:通过https留资api获取第三方留资平台获取的客户留资信息;对所述留资信息按照敏感数据类型通过密钥查询api向密钥数据库发送密钥获取请求;接收密钥数据库返回的密钥并调用加密算法对所述留资信息生成密文;将所述密文保存到留资数据库。In order to achieve the above-mentioned purpose and other related purposes, the present invention provides a method for processing home improvement retention data. Send a key acquisition request to the key database through the key query api according to the sensitive data type; receive the key returned by the key database and call the encryption algorithm to generate the ciphertext for the reserved information; save the ciphertext to the reserved information database.

于本发明一实施例中,所述方法还包括:所述客户留资信息包括:姓名、手机号、装修风格、总体预算;对所述留资信息按照业务类型定义敏感数据类型注册密钥并获取密钥;对所述客户留资信息按照敏感数据类型生成对应密钥;将所述密钥在所述密钥数据库作分布式存储。In an embodiment of the present invention, the method further includes: the customer retention information includes: name, mobile phone number, decoration style, and overall budget; defining a sensitive data type registration key for the retention information according to the business type and Obtaining a key; generating a corresponding key according to the sensitive data type for the customer retention information; storing the key in a distributed manner in the key database.

于本发明一实施例中,所述方法还包括:将所述留资信息转化为十六进制数值;根据生成密钥的长度调用对应AES对称加密算法方案对所述留资信息生成密文。In an embodiment of the present invention, the method further includes: converting the capital reservation information into a hexadecimal value; calling a corresponding AES symmetric encryption algorithm scheme according to the length of the generated key to generate a ciphertext for the capital reservation information .

于本发明一实施例中,所述方法还包括:以服务器IP、数据库名、表名、字段名、随机数为参数通过MD5算法生成所述密钥,其中随机数位数不能低于N。In an embodiment of the present invention, the method further includes: generating the key by using the server IP, database name, table name, field name, and random number as parameters through the MD5 algorithm, wherein the number of digits of the random number cannot be less than N.

于本发明一实施例中,所述方法中还包括:接收业务人员查看所述留资信息明文请求;验证所述业务人员身份、权限及查看数量信息;根据所述留资信息的敏感数据类型向密钥管理模块发送所述密钥获取请求;接收所述密钥后提取所述留资数据库中密文;通过密钥调用AES对称解密算法将转化为明文;记录所述业务人员查看所述留资信息明文记录为log。In an embodiment of the present invention, the method further includes: receiving a plaintext request from a business person to view the retained capital information; verifying the identity, authority, and viewing quantity information of the business personnel; according to the sensitive data type of the reserved capital information Send the key acquisition request to the key management module; extract the ciphertext in the retention database after receiving the key; call the AES symmetric decryption algorithm through the key to convert it into plaintext; record the business personnel to view the Reservation information is recorded in plaintext as log.

于本发明一实施例中,所述方法还包括:还包括发送所述密钥获取请求前:建立服务器ip互访白名单;在所述密钥请求信息数据header部位添加认证参数,所述认证参数包括请求id、业务串号、时间戳;对所述时间戳设定有效时长k min;过滤参数类型为字节型、参数值为空的认证参数,按照认证参数的自然顺序进行排序;将所述认证参数及其对应参数值连接以组合生成第一字符串;采用MD5算法将所述第一字符串生成认证签名。In an embodiment of the present invention, the method further includes: before sending the key acquisition request: establishing a server ip mutual access whitelist; adding an authentication parameter to the header of the key request information data, the authentication The parameters include request id, service serial number, and timestamp; set the valid duration k min for the timestamp; filter authentication parameters whose parameter type is byte type and whose parameter value is empty, and sort them according to the natural order of authentication parameters; The authentication parameters and their corresponding parameter values are concatenated to generate a first character string in combination; an authentication signature is generated from the first character string using the MD5 algorithm.

于本发明一实施例中,所述方法还包括密钥管理模块在接收到所述密钥获取请求后验证所述请求信息合法性:判断所述密钥获取请求信息发送ip是否在白名单内;验证所述认证参数排序及签名方法;根据所述时间戳判断接收时间是否在有效时长内。In an embodiment of the present invention, the method further includes the key management module verifying the validity of the request information after receiving the key acquisition request: judging whether the sending ip of the key acquisition request information is in a whitelist ; verify the authentication parameter ordering and the signature method; determine whether the receiving time is within the valid duration according to the timestamp.

为实现上述目的及其他相关目的,本发明提供家装留资数据处理系统,所述系统包括:数据获取模块,用于通过https留资api获取第三方留资平台获取的客户留资信息、按照敏感数据类型对所述留资信息获取密钥;密钥管理模块,用于生成所述密钥及管理所述密钥;数据处理模块,用于接收密钥数据库返回的密钥并调用加密算法对所述留资信息生成密文;存储数据库模块,用于存储所述密钥、密文。In order to achieve the above-mentioned purpose and other related purposes, the present invention provides a home improvement data processing system, the system includes: a data acquisition module, used to obtain the customer's capital-reservation information obtained by a third-party capital-retention platform through the https capital-reservation api, according to the sensitive information. The data type obtains the key for the retention information; the key management module is used to generate the key and manage the key; the data processing module is used to receive the key returned by the key database and call the encryption algorithm pair. The reserved capital information generates ciphertext; the storage database module is used to store the key and ciphertext.

为实现上述目的及其他相关目的,本发明提供一种计算机可读存储介质,其中存储有计算机程序,所述计算机程序被处理器加载执行时,实现所述的家装留资数据处理方法。In order to achieve the above object and other related objects, the present invention provides a computer-readable storage medium, which stores a computer program, and when the computer program is loaded and executed by a processor, realizes the method for processing the data of home improvement retained funds.

为实现上述目的及其他相关目的,本发明提供一种电子设备,包括:处理器、存储器及通信接口;其中,所述存储器用于存储计算机程序;所述处理器用于加载执行所述计算机程序,以使所述电子设备执行所述的家装留资数据处理方法;所述通信接口用于实现访问装置与其他设备之间的通信。In order to achieve the above object and other related objects, the present invention provides an electronic device, comprising: a processor, a memory and a communication interface; wherein, the memory is used to store a computer program; the processor is used to load and execute the computer program, so that the electronic device executes the method for processing the data of home improvement retention; the communication interface is used to realize the communication between the access device and other devices.

如上所述,本发明提供的一种家装留资数据处理方法、系统、存储介质及设备,针对因明文对客户留资信息存储造成的数据泄露问题通过对其进行高精度的加密,并由分布式系统保存密钥,避免了相关查验留资信息的人员避免获得应用内的敏感信息,实现了具有较高的安全性能,且易于实现。As described above, the present invention provides a method, system, storage medium and device for processing home improvement capital retention data, which is aimed at the problem of data leakage caused by the storage of customer capital retention information in plain text by encrypting it with high precision, and by distributing it. The key is stored in the system, which avoids the personnel who check the retained information from avoiding obtaining sensitive information in the application, and achieves high security performance and is easy to implement.

附图说明Description of drawings

图1显示为本发明一实施例中的家装留资数据处理方法的流程示意图。FIG. 1 is a schematic flowchart of a method for processing home improvement retained capital data according to an embodiment of the present invention.

图2显示为本发明一实施例中的家装留资数据处理系统的模块示意图。FIG. 2 is a schematic block diagram of a system for processing home improvement retention data according to an embodiment of the present invention.

图3显示为本发明一实施例中的电子设备的结构示意图。FIG. 3 is a schematic structural diagram of an electronic device in an embodiment of the present invention.

具体实施方式Detailed ways

以下通过特定的具体实例说明本发明的实施方式,本领域技术人员可由本说明书所揭露的内容轻易地了解本发明的其他优点与功效。本发明还可以通过另外不同的具体实施方式加以实施或应用,本说明书中的各项细节也可以基于不同观点与应用,在没有背离本发明的精神下进行各种修饰或改变。需说明的是,在不冲突的情况下,以下实施例及实施例中的特征可以相互组合。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动的前提下所获得的所有其他实施例,都属于本发明保护的范围。The embodiments of the present invention are described below through specific specific examples, and those skilled in the art can easily understand other advantages and effects of the present invention from the contents disclosed in this specification. The present invention can also be implemented or applied through other different specific embodiments, and various details in this specification can also be modified or changed based on different viewpoints and applications without departing from the spirit of the present invention. It should be noted that the following embodiments and features in the embodiments may be combined with each other under the condition of no conflict. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative work fall within the protection scope of the present invention.

需要说明的是,以下实施例中所提供的图示仅以示意方式说明本发明的基本构想,遂图式中仅显示与本发明中有关的组件而非按照实际实施时的组件数目、形状及尺寸绘制,其实际实施时各组件的型态、数量及比例可为一种随意的改变,且其组件布局型态也可能更为复杂。It should be noted that the drawings provided in the following embodiments are only used to illustrate the basic concept of the present invention in a schematic way, so the drawings only show the components related to the present invention rather than the number, shape and number of components in actual implementation. For dimension drawing, the type, quantity and proportion of each component can be changed at will in actual implementation, and the component layout may also be more complicated.

为了解决现有技术中因大量客户留资数据以明文形式存储于家装系统的数据库和文件中会存在由于不可控原因造成数据库数据泄露的问题,本发明提供一种家装留资数据处理方法、系统、存储介质及设备。In order to solve the problem of database data leakage due to uncontrollable reasons in the prior art because a large number of customer retention data are stored in plaintext in the database and files of the home improvement system, the present invention provides a home improvement retention data processing method and system. , storage media and equipment.

如图1所示,本实施例提供一种家装留资数据处理方法,该方法包括如下步骤:As shown in FIG. 1 , the present embodiment provides a method for processing data on retained funds for home improvement, and the method includes the following steps:

S11:通过https留资api获取第三方留资平台获取的客户留资信息。S11: Obtain the customer retention information obtained by the third-party retention platform through the https retention API.

具体地,通过https留资api获取用户在装企平台官网、抖音、快手、微博等第三方平台预留的姓名、手机号、装修风格、总体预算等个人信息。Specifically, the user's name, mobile phone number, decoration style, overall budget and other personal information reserved on third-party platforms such as the official website of the installation enterprise platform, Douyin, Kuaishou, Weibo, etc. are obtained through the https retention api.

S12:对所述留资信息按照敏感数据类型通过密钥查询api向密钥数据库发送密钥获取请求。S12: Send a key acquisition request to the key database through the key query api according to the sensitive data type for the reserved capital information.

具体地,首先预先对留资信息按照业务类型定义敏感数据类型,然后向密钥管理模块申请注册密钥。Specifically, firstly define the sensitive data type for the reserved information according to the business type in advance, and then apply to the key management module for a registration key.

进一步地,按照客户留资信息的敏感数据类型生成对应密钥。详细来说以服务器IP(Host)、数据库名(schema)、表名(table)、字段名(column)、随机数为参数通过MD5算法生成所密钥,其中随机数位数不能低于N,例如:所述密钥生成规则为String keyStr=Host+schema+table+column+随机数(uuid 64位),Key=md5(keyStr)。Further, a corresponding key is generated according to the sensitive data type of the customer retention information. In detail, use the server IP (Host), database name (schema), table name (table), field name (column), and random number as parameters to generate the key through the MD5 algorithm, where the number of random numbers cannot be lower than N, for example : The key generation rule is String keyStr=Host+schema+table+column+random number (uuid 64 bits), Key=md5 (keyStr).

进一步地,将密钥在密钥数据库中作分布式存储。Further, the key is distributed and stored in the key database.

优选的,对该密钥进行持久化保存且记录创建时间以及是否变更的标识。Preferably, the key is persistently stored, and the creation time and the identification of whether it has been changed are recorded.

其次,通过留资信息的敏感数据类型向密钥管理模块提供的查询api发送密钥获取请求。其中,在发送获取请求前,对原请求信息数据进行处理:首先在密钥请求信息数据header部位添加认证参数,认证参数包括请求id、业务串号、时间戳以及其他必要参数,然后对时间戳设定有效时长k min,例如,对时间戳设定有效时长3分钟。Secondly, send a key acquisition request to the query api provided by the key management module through the sensitive data type of the retention information. Among them, before sending the acquisition request, the original request information data is processed: first, add authentication parameters to the header of the key request information data. The authentication parameters include request id, service serial number, timestamp and other necessary parameters, and then the timestamp Set the valid duration k min, for example, set the valid duration to 3 minutes for the timestamp.

进一步地,过滤参数类型为字节型、参数值为空的认证参数,这类参数不添加进请求信息header部位不向网关传递。然后按照认证参数的自然顺序进行排序,将认证参数及其对应参数值连接以组合生成第一字符串,例如:将排序后的参数与其对应值,组合成“参数=参数值”的格式,并且把这些参数用&字符连接起来,此时生成的字符串为待签名字符串。Further, the authentication parameters whose parameter type is byte type and whose parameter value is empty are filtered. Such parameters are not added to the header part of the request information and are not passed to the gateway. Then sort according to the natural order of the authentication parameters, connect the authentication parameters and their corresponding parameter values to combine to generate a first string, for example: combine the sorted parameters and their corresponding values into a format of "parameter=parameter value", and Connect these parameters with the & character, and the generated string is the string to be signed.

进一步地,采用MD5算法将第一字符串生成认证签名。Further, the MD5 algorithm is used to generate an authentication signature for the first character string.

优选地,密钥管理模块在接收到所述密钥获取请求后验证所述请求信息合法性:预先对请求方和被请求方建立服务器ip互访白名单,在接收到密钥请求信息后,首先判断请求信息来源ip是否在白名单内,若是,则验证请求信息中的认证参数,若否,则返回请求失败。Preferably, the key management module verifies the validity of the request information after receiving the key acquisition request: establishes a server ip mutual access whitelist for the requesting party and the requested party in advance, and after receiving the key request information, First, determine whether the source IP of the request information is in the whitelist. If so, verify the authentication parameters in the request information. If not, return the request failure.

进一步地,首先接收到密钥请求后,对请求信息中的认证参数按照上述排序顺序以及签名方法进行验证,若认证参数排序顺序或签名方法与约定不同,则验证失败。Further, after first receiving the key request, verify the authentication parameters in the request information according to the above sorting order and signature method. If the sorting order of the authentication parameters or the signature method is different from the agreement, the verification fails.

较佳地,在认证参数及签名验证成功后,判断接收时间是否在添加请求参数是调用的时间戳预设有效时长内,若是,则验证成功,若否,则验证失败。Preferably, after the verification of the authentication parameters and the signature is successful, it is determined whether the receiving time is within the preset valid time period of the timestamp invoked by adding the request parameter, and if so, the verification is successful, and if not, the verification fails.

S13:接收密钥数据库返回的密钥并调用加密算法对所述留资信息生成密文。S13: Receive the key returned by the key database and invoke an encryption algorithm to generate a ciphertext for the reserved capital information.

具体地,将获取的客户留资信息转化为十六进制数值,然后根据生成密钥的长度调用对应AES对称加密算法方案对所述留资信息生成密文。例如:密钥长度为16位,则采用兼顾性能和安全属性的16位AES-128对十六进制数值的留资明文数据进行加密,通过字节代替,行移位,列混淆或者轮密钥等算法进行加密。Specifically, the obtained customer reservation information is converted into a hexadecimal value, and then the corresponding AES symmetric encryption algorithm scheme is invoked according to the length of the generated key to generate a ciphertext for the reservation information. For example, if the key length is 16 bits, the 16-bit AES-128 with both performance and security attributes is used to encrypt the reserved plaintext data of the hexadecimal value by byte substitution, row shift, column obfuscation or round cipher. key and other algorithms for encryption.

S14:将所述密文保存到留资数据库。S14: Save the ciphertext to the reserve database.

具体地,将加密后的留资信息保存到留资数据库。Specifically, the encrypted retained capital information is stored in the retained capital database.

进一步地,在业务有需求需要查看留资信息明文时,接收其发送的查看留资信息明文请求。再接收到请求后,首先验证业务人员身份、权限及查看数量信息。Further, when the business needs to view the plaintext of the capital reservation information, a request for viewing the plaintext of the capital reservation information sent by it is received. After receiving the request, first verify the identity, authority and view quantity information of the business personnel.

进一步地,当用户身份、权限以及请求查看留资信息数量都符合请求时,然后根据请求查看的留资信息的敏感数据类型获取密钥,密钥获取请求数据处理同步骤S12中相同,在密钥管理模块验证密钥获取请求无误后,从密钥数据库中提取密钥并返回。Further, when the user's identity, authority and the amount of information requested to view the retained information all meet the request, then the key is obtained according to the sensitive data type of the retained information requested to be viewed. After the key management module verifies that the key acquisition request is correct, it extracts the key from the key database and returns it.

进一步地,接收密钥后提取留资数据库中存储的密文信息,然后通过密钥调用解密接口采用AES对称解密算法将转化为明文。Further, after receiving the key, extract the ciphertext information stored in the reserved capital database, and then use the AES symmetric decryption algorithm to convert it into plaintext by calling the decryption interface through the key.

优选地,记录所述业务人员查看所述留资信息明文记录为log,以便有问题产生时,方便寻源。Preferably, it is recorded that the business personnel view the resource reservation information as a log, so that when a problem occurs, it is convenient to find the source.

实现上述各方法实施例的全部或部分步骤可以通过计算机程序相关的硬件来完成。基于这样的理解,本发明还提供一种计算机程序产品,包括一个或多个计算机指令。所述计算机指令可以存储在计算机可读存储介质中。所述计算机可读存储介质可以是计算机能够存储的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。All or part of the steps for implementing the above method embodiments may be completed by hardware related to computer programs. Based on this understanding, the present invention also provides a computer program product comprising one or more computer instructions. The computer instructions may be stored in a computer-readable storage medium. The computer-readable storage medium may be any available medium that can be stored by a computer, or a data storage device such as a server, data center, etc., which includes one or more available media integrated.

参阅图2,本实施例提供一种家装留资数据处理系统20,作为一款软件搭载于电子设备中,以在运行时执行前述方法实施例所述的家装留资数据处理方法。由于本系统实施例的技术原理与前述方法实施例的技术原理相似,因而不再对同样的技术细节做重复性赘述。Referring to FIG. 2 , this embodiment provides a home improvement retention data processing system 20 , which is installed in an electronic device as a piece of software to execute the home improvement retention data processing method described in the foregoing method embodiments at runtime. Since the technical principles of the present system embodiments are similar to those of the foregoing method embodiments, the same technical details will not be repeated.

本实施例的家装留资数据处理系统20具体包括:数据获取模块21、密钥管理模块22、数据处理模块23、存储数据库模块24。数据获取模块21用于通过https留资api获取第三方留资平台获取的客户留资信息、对所述留资信息按照敏感数据类型获取密钥;密钥管理模块22用于生成所述密钥及管理所述密钥,其中,管理所述密钥包括验证密钥请求认证参数、验证成功后返回密钥;数据处理模块23用于接收密钥数据库返回的密钥并调用加密算法对所述留资信息生成密文,还包括对密钥获取请求信息进行添加认证参数数据处理及生成签名;存储数据库模块24用于存储所述密钥、密文,特别是对密钥进行分布式存储。The home improvement capital retention data processing system 20 in this embodiment specifically includes: a data acquisition module 21 , a key management module 22 , a data processing module 23 , and a storage database module 24 . The data acquisition module 21 is used to obtain the customer retention information obtained by the third-party retention platform through the https retention api, and obtain the key according to the sensitive data type for the retention information; the key management module 22 is used to generate the key. and managing the key, wherein, managing the key includes verifying the key to request authentication parameters, and returning the key after the verification is successful; the data processing module 23 is used to receive the key returned by the key database and call an encryption algorithm to The ciphertext generated from the reserved capital information also includes adding authentication parameter data processing to the key acquisition request information and generating a signature; the storage database module 24 is used for storing the key and ciphertext, especially for distributed storage of the key.

本领域技术人员应当理解,图2实施例中的各个模块的划分仅仅是一种逻辑功能的划分,实际实现时可以全部或部分集成到一个或多个物理实体上。且这些模块可以全部以软件通过处理元件调用的形式实现,也可以全部以硬件的形式实现,还可以部分模块通过处理元件调用软件的形式实现,部分模块通过硬件的形式实现。例如,数据处理模块23可以为单独设立的处理元件,也可以集成在某一个芯片中实现,此外,也可以以程序代码的形式存储于存储器中,由某一个处理元件调用并执行数据处理模块23的功能。其它模块的实现与之类似。这里所述的处理元件可以是一种集成电路,具有信号的处理能力。在实现过程中,上述方法的各步骤或以上各个模块可以通过处理器元件中的硬件的集成逻辑电路或者软件形式的指令完成。Those skilled in the art should understand that the division of each module in the embodiment of FIG. 2 is only a division of logical functions, and may be fully or partially integrated into one or more physical entities in actual implementation. And these modules can all be implemented in the form of software calling through processing elements, or all of them can be implemented in hardware, and some modules can be implemented in the form of calling software through processing elements, and some modules can be implemented in hardware. For example, the data processing module 23 can be a separately established processing element, or can be integrated in a certain chip to realize, in addition, it can also be stored in the memory in the form of program code, and the data processing module 23 can be called and executed by a certain processing element. function. The implementation of other modules is similar. The processing element described here may be an integrated circuit with signal processing capability. In the implementation process, each step of the above-mentioned method or each of the above-mentioned modules can be completed by an integrated logic circuit of hardware in the processor element or an instruction in the form of software.

参阅图3,本实施例提供一种电子设备,电子设备可以是便携式电脑、智能手机、平板电脑等设备。详细的,电子设备至少包括通过总线31连接的:存储器32、处理器33,通信接口34,其中,通信接口34用于用于实现数据访问装置与其他设备之间的通信其中,存储器32用于存储计算机程序,处理器33用于执行存储器32存储的计算机程序,以执行前述方法实施例中的全部或部分步骤。Referring to FIG. 3 , this embodiment provides an electronic device, and the electronic device may be a portable computer, a smart phone, a tablet computer, or the like. In detail, the electronic device includes at least: a memory 32, a processor 33, and a communication interface 34 connected through the bus 31, wherein the communication interface 34 is used for realizing communication between the data access device and other devices, wherein the memory 32 is used for A computer program is stored, and the processor 33 is configured to execute the computer program stored in the memory 32 to perform all or part of the steps in the foregoing method embodiments.

上述提到的系统总线可以是外设部件互连标准(Peripheral PomponentInterconnect,简称PCI)总线或扩展工业标准结构(Extended Industry StandardArchitecture,简称EISA)总线等。该系统总线可以分为地址总线、数据总线、控制总线等。为便于表示,图中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。通信接口用于实现数据库访问装置与其他设备(例如客户端、读写库和只读库)之间的通信。存储器可能包含随机存取存储器(Random Access Memory,简称RAM),也可能还包括非易失性存储器(non-volatile memory),例如至少一个磁盘存储器。The system bus mentioned above may be a Peripheral Pomponent Interconnect (PCI for short) bus or an Extended Industry Standard Architecture (EISA for short) bus or the like. The system bus can be divided into address bus, data bus, control bus and so on. For ease of presentation, only one thick line is used in the figure, but it does not mean that there is only one bus or one type of bus. The communication interface is used to realize the communication between the database access device and other devices (eg client, read-write library and read-only library). The memory may include random access memory (Random Access Memory, RAM for short), and may also include non-volatile memory (non-volatile memory), such as at least one disk storage.

上述的处理器可以是通用处理器,包括中央处理器(Central Processing Unit,简称CPU)、网络处理器(Network Processor,简称NP)等;还可以是数字信号处理器(Digital Signal Processing,简称DSP)、专用集成电路(Application SpecificIntegrated Circuit,简称ASIC)、现场可编程门阵列(Field-Programmable Gate Array,简称FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。The above-mentioned processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, referred to as CPU), a network processor (Network Processor, referred to as NP), etc.; may also be a digital signal processor (Digital Signal Processing, referred to as DSP) , Application Specific Integrated Circuit (ASIC for short), Field-Programmable Gate Array (FPGA for short) or other programmable logic devices, discrete gate or transistor logic devices, and discrete hardware components.

综上所述,本发明提供的一种家装留资数据处理方法、系统、存储介质及设备,针对因明文对客户留资信息存储造成的数据泄露问题,通过对客户留资信息通过加密存储,且其提取明文信息进行限制审核,并将密钥进行分布式存储,避免用户信息被随意提取查看和转发,实现了具有较高的安全性能,且易于实现,本发明降低了系统层面对敏感数据明文存储数据中存在的数据库泄漏风险降低装修公司因为泄露用户信息而导致的法律风险以及因此造成的巨大经济利益损失。所以,本发明有效克服了现有技术中的种种缺点而具高度产业利用价值。To sum up, the present invention provides a method, system, storage medium and device for processing home improvement capital retention data, aiming at the problem of data leakage caused by the storage of customer capital retention information in plain text, by encrypting and storing the customer capital retention information, In addition, it extracts plaintext information for restricted auditing, and stores the keys in a distributed manner to avoid user information being arbitrarily extracted, viewed and forwarded, achieving high security performance and being easy to implement, and the present invention reduces system-level sensitivity to sensitive data. The risk of database leakage in plaintext stored data reduces the legal risk caused by the decoration company due to leakage of user information and the huge loss of economic benefits caused thereby. Therefore, the present invention effectively overcomes various shortcomings in the prior art and has high industrial utilization value.

上述实施例仅例示性说明本发明的原理及其功效,而非用于限制本发明。任何熟悉此技术的人士皆可在不违背本发明的精神及范畴下,对上述实施例进行修饰或改变。因此,举凡所属技术领域中具有通常知识者在未脱离本发明所揭示的精神与技术思想下所完成的一切等效修饰或改变,仍应由本发明的权利要求所涵盖。The above-mentioned embodiments merely illustrate the principles and effects of the present invention, but are not intended to limit the present invention. Anyone skilled in the art can modify or change the above embodiments without departing from the spirit and scope of the present invention. Therefore, all equivalent modifications or changes made by those with ordinary knowledge in the technical field without departing from the spirit and technical idea disclosed in the present invention should still be covered by the claims of the present invention.

Claims (10)

1. A home decoration refund data processing method is characterized by comprising the following steps:
acquiring client funding information acquired by a third party funding platform through an https funding api;
sending a key acquisition request to a key database through a key query api according to the sensitive data type for the information leaving the resources;
receiving a key returned by the key database and calling an encryption algorithm to generate a ciphertext for the information leaving the data;
and storing the ciphertext to a funding database.
2. The method of claim 1, further comprising:
the client information comprises: name, mobile phone number, decoration style and overall budget;
defining a sensitive data type registration key for the information to be reserved according to the service type;
generating a corresponding key according to the sensitive data type of the client funding information;
and storing the key in the key database in a distributed mode.
3. The method of claim 2, further comprising:
converting the information of the reserved data into a hexadecimal numerical value;
and calling a corresponding AES symmetric encryption algorithm scheme according to the length of the generated key to generate a ciphertext for the information.
4. The method of claim 2, further comprising:
And generating the key by using the MD5 algorithm by taking the server IP, the database name, the table name, the field name and the random number as parameters, wherein the number of the random number cannot be lower than N.
5. The method of claim 1, further comprising:
receiving a request for business personnel to check the plaintext of the information left;
verifying the identity, the authority and the checking quantity information of the service personnel;
sending the key acquisition request to a key management module according to the sensitive data type of the funding information;
after receiving the key, extracting a ciphertext in the resource reserving database;
an AES symmetric decryption algorithm is called through a secret key to be converted into a plaintext;
and recording the plaintext record of the information left by the service personnel as log.
6. The method of claim 5, further comprising, prior to sending the key acquisition request:
establishing a server ip mutual access white list;
adding authentication parameters to the head part of the key request information data, wherein the authentication parameters comprise a request id, a service serial number and a time stamp;
setting an effective time length k min for the timestamp;
filtering the authentication parameters with byte type and empty parameter values, and sequencing according to the natural sequence of the authentication parameters;
Connecting the authentication parameters and the corresponding parameter values thereof to combine to generate a first character string;
the first string is generated into an authentication signature using the MD5 algorithm.
7. The method of claim 6, further comprising a key management module verifying the validity of the requested information after receiving the key acquisition request:
judging whether the key acquisition request information sending ip is in a white list or not;
verifying the authentication parameter sequencing and signature method;
and judging whether the receiving time is within the effective duration according to the timestamp.
8. A home improvement data processing system, said system comprising:
the data acquisition module is used for acquiring the client funding information acquired by the third-party funding platform through the https funding api and acquiring a key for the funding information according to the type of sensitive data;
a key management module for generating the key and managing the key;
the data processing module is used for receiving the key returned by the key database and calling an encryption algorithm to generate a ciphertext for the information left;
and the storage database module is used for storing the secret key and the ciphertext.
9. A computer-readable storage medium, in which a computer program is stored, which, when loaded and executed by a processor, carries out a method of processing homedress funding data according to any one of claims 1 to 7.
10. An electronic device, comprising: a processor, a memory, and a communication interface; wherein,
the memory is used for storing a computer program;
the processor is used for loading and executing the computer program to enable the electronic equipment to execute the home decoration funding data processing method according to any one of claims 1 to 7;
the communication interface is used for realizing communication between the access device and other equipment.
CN202210267568.4A 2022-03-18 2022-03-18 Home decoration data processing method, system, storage medium and equipment Pending CN114760063A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210267568.4A CN114760063A (en) 2022-03-18 2022-03-18 Home decoration data processing method, system, storage medium and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210267568.4A CN114760063A (en) 2022-03-18 2022-03-18 Home decoration data processing method, system, storage medium and equipment

Publications (1)

Publication Number Publication Date
CN114760063A true CN114760063A (en) 2022-07-15

Family

ID=82326505

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210267568.4A Pending CN114760063A (en) 2022-03-18 2022-03-18 Home decoration data processing method, system, storage medium and equipment

Country Status (1)

Country Link
CN (1) CN114760063A (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106934299A (en) * 2015-12-29 2017-07-07 北京明朝万达科技股份有限公司 A kind of Database Encrypt System and method
US20190147170A1 (en) * 2017-11-16 2019-05-16 Intuit Inc. Processing data queries in a logically sharded data store
CN110839004A (en) * 2018-08-16 2020-02-25 北京京东尚科信息技术有限公司 Method and device for access authentication
CN111935094A (en) * 2020-07-14 2020-11-13 北京金山云网络技术有限公司 Database access method, device, system and computer readable storage medium
US20200394317A1 (en) * 2019-06-14 2020-12-17 Kenneth White Systems and methods for client-side and field-level encryption with dynamic schema databases
CN112685755A (en) * 2020-12-30 2021-04-20 石化盈科信息技术有限责任公司 Database encryption and decryption method and device, storage medium and electronic equipment
CN112988888A (en) * 2021-02-19 2021-06-18 平安科技(深圳)有限公司 Key management method, key management device, electronic equipment and storage medium
US11212264B1 (en) * 2019-05-30 2021-12-28 Wells Fargo Bank, N.A. Systems and methods for third party data protection
CN113886418A (en) * 2021-09-28 2022-01-04 支付宝(杭州)信息技术有限公司 Data processing method and device, electronic equipment and machine-readable storage medium
WO2022052665A1 (en) * 2020-09-14 2022-03-17 中兴通讯股份有限公司 Wireless terminal and interface access authentication method for wireless terminal in uboot mode

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106934299A (en) * 2015-12-29 2017-07-07 北京明朝万达科技股份有限公司 A kind of Database Encrypt System and method
US20190147170A1 (en) * 2017-11-16 2019-05-16 Intuit Inc. Processing data queries in a logically sharded data store
CN110839004A (en) * 2018-08-16 2020-02-25 北京京东尚科信息技术有限公司 Method and device for access authentication
US11212264B1 (en) * 2019-05-30 2021-12-28 Wells Fargo Bank, N.A. Systems and methods for third party data protection
US20200394317A1 (en) * 2019-06-14 2020-12-17 Kenneth White Systems and methods for client-side and field-level encryption with dynamic schema databases
CN111935094A (en) * 2020-07-14 2020-11-13 北京金山云网络技术有限公司 Database access method, device, system and computer readable storage medium
WO2022052665A1 (en) * 2020-09-14 2022-03-17 中兴通讯股份有限公司 Wireless terminal and interface access authentication method for wireless terminal in uboot mode
CN112685755A (en) * 2020-12-30 2021-04-20 石化盈科信息技术有限责任公司 Database encryption and decryption method and device, storage medium and electronic equipment
CN112988888A (en) * 2021-02-19 2021-06-18 平安科技(深圳)有限公司 Key management method, key management device, electronic equipment and storage medium
CN113886418A (en) * 2021-09-28 2022-01-04 支付宝(杭州)信息技术有限公司 Data processing method and device, electronic equipment and machine-readable storage medium

Similar Documents

Publication Publication Date Title
TWI714843B (en) Methods for access control of contract data in a distributed system with distributed consensus and contract generator and validation server thereof
US9213867B2 (en) Secure cloud database platform with encrypted database queries
CN115811412B (en) Communication method and device, SIM card, electronic equipment and terminal equipment
WO2023030450A1 (en) Data sharing method and electronic device
US20200042721A1 (en) System for providing access to data stored in a distributed trust computing network
US20140208409A1 (en) Access to data stored in a cloud
US12028458B2 (en) Systems and methods for user identity
CN112560072B (en) Key management method, device, medium and equipment based on block chain
CN110213250A (en) Data processing method and terminal device
CN111460400A (en) Data processing method and device and computer readable storage medium
CN110266653B (en) Authentication method, system and terminal equipment
CN114528571A (en) Method, apparatus, electronic device and medium for resource access and data processing
CN114265577A (en) Service data processing method and device, computer equipment and storage medium
TW202022669A (en) Method, device and electronic equipment for preventing misuse of identity data
CN111817859A (en) Data sharing method, device, device and storage medium based on zero-knowledge proof
CN111681141A (en) File authentication method, file authentication device and terminal equipment
KR102666687B1 (en) Operating server for providing a safe phone service using qr code without exposing personal information by granting a communication authority level according to nickname and its operation method
Chauhan et al. Iot network identity management using smart contract and blockchain technology
CN113129008A (en) Data processing method and device, computer readable medium and electronic equipment
KR102517001B1 (en) System and method for processing digital signature on a blockchain network
CN114760063A (en) Home decoration data processing method, system, storage medium and equipment
CN116192373A (en) Service license processing method and device
CN112837043A (en) Data processing method and device based on block chain and electronic equipment
CN110941745A (en) Electronic contract management method and device, storage medium and electronic equipment
KR102493093B1 (en) Apparatus and method for serving email service based on blockchain network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20220715