CN115114653A - Data processing method and device, electronic equipment and storage medium - Google Patents

Data processing method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN115114653A
CN115114653A CN202210670199.3A CN202210670199A CN115114653A CN 115114653 A CN115114653 A CN 115114653A CN 202210670199 A CN202210670199 A CN 202210670199A CN 115114653 A CN115114653 A CN 115114653A
Authority
CN
China
Prior art keywords
data
desensitization
identification information
query
processed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210670199.3A
Other languages
Chinese (zh)
Inventor
郭琦
肖梁
刘斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Unionpay Co Ltd
Original Assignee
China Unionpay Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Unionpay Co Ltd filed Critical China Unionpay Co Ltd
Priority to CN202210670199.3A priority Critical patent/CN115114653A/en
Publication of CN115114653A publication Critical patent/CN115114653A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/242Query formulation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/25Integrating or interfacing systems involving database management systems
    • G06F16/252Integrating or interfacing systems involving database management systems between a Database Management System and a front-end application
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Abstract

The invention discloses a data processing method, a data processing device, electronic equipment and a storage medium, which aim at data to be processed in each system, respectively carry out desensitization processing and encryption processing on the data to be processed to obtain desensitization data and encryption data, and establish corresponding relations among identification information of the data to be processed, the desensitization data and the encryption data. The same desensitization algorithm is adopted during desensitization processing, so that desensitization data corresponding to the same plaintext data in each system are the same, and matching and interaction of the plaintext data among different systems can be realized based on the desensitization data. According to the corresponding relation, the encrypted data corresponding to the desensitized data can be obtained, so that data restoration is realized, and the use scene of plaintext data is met. In addition, different encryption algorithms or encryption keys are adopted to encrypt the data to be processed in each system during encryption processing, and even if a certain key is leaked, the data of other systems are still safe.

Description

Data processing method and device, electronic equipment and storage medium
Technical Field
The present invention relates to the field of data security technologies, and in particular, to a data processing method and apparatus, an electronic device, and a storage medium.
Background
In the field of data security technology, there are business scenarios that require plaintext data to be used, for example, in order to meet regulatory requirements, plaintext data needs to be provided to relevant units. There are also scenarios where privacy protection of the data is required, i.e. to hide the true value of the data. The data processing generally comprises data desensitization processing and data encryption processing, and data after desensitization processing cannot be restored, so that the method is suitable for scenes needing privacy protection on the data; the data after the encryption processing can be decrypted and restored, and the method is suitable for scenes needing plaintext data.
The related technology has the problems that on one hand, data after desensitization processing cannot be restored and cannot meet the use scene of plaintext data; on the other hand, matching and interaction of plaintext data exist among different systems, and in order to avoid the problem that operations such as increasing, deleting, modifying, checking and the like fail due to information difference because of inconsistency of encrypted fields among different systems, different systems encrypt the data by adopting the same key. Once the key is compromised, there is a risk of exposure to the data of each system.
Disclosure of Invention
The embodiment of the invention provides a data processing method, a data processing device, electronic equipment and a storage medium, which are used for providing a data processing scheme capable of supporting the requirement of corresponding plaintext data in necessary scenes and reducing the risk of exposing the data of each system.
The embodiment of the invention provides a data processing method, which comprises the following steps:
acquiring data to be processed in each system;
desensitization processing is carried out on the data to be processed in each system by adopting the same desensitization algorithm, and encryption processing is carried out on the data to be processed in each system by adopting different encryption algorithms or encryption keys to obtain desensitization data and encryption data corresponding to the data to be processed; establishing a corresponding relation among the identification information of the data to be processed, the desensitization data and the encrypted data;
and when a data query instruction is received, performing data query according to the established corresponding relation in each system.
Further, when receiving a data query instruction, the performing data query according to the established correspondence in each system includes:
aiming at each system, when a desensitization data query instruction of the system is received, according to first identification information of data to be queried, which is carried in the desensitization data query instruction, desensitization data corresponding to the first identification information is queried in the system.
Further, when receiving a data query instruction, the performing data query according to the established correspondence in each system includes:
and aiming at each system, when an encrypted data query instruction of the system is received, querying the encrypted data corresponding to the second identification information in the system according to the second identification information of the data to be queried carried in the encrypted data query instruction.
Further, when receiving a data query instruction, the performing data query according to the established correspondence in each system includes:
when a cross-system association query instruction is received, according to third identification information of data to be queried carried in the cross-system association instruction, desensitization data corresponding to the third identification information is queried in a related system, and corresponding encrypted data is queried by taking the desensitization data as a main key.
Further, the method further comprises:
and after the encrypted data are inquired, decrypting the encrypted data according to the pre-stored encryption key and decryption key corresponding to each system to obtain plaintext data corresponding to the encrypted data.
In another aspect, an embodiment of the present invention provides a data processing apparatus, where the apparatus includes:
the acquisition module is used for acquiring data to be processed in each system;
the data processing module is used for carrying out desensitization processing on the data to be processed in each system by adopting the same desensitization algorithm and carrying out encryption processing on the data to be processed in each system by adopting different encryption algorithms or encryption keys to obtain desensitization data and encrypted data corresponding to the data to be processed; establishing a corresponding relation among the identification information of the data to be processed, the desensitization data and the encrypted data;
and the query module is used for querying data according to the established corresponding relation in each system when receiving the data query instruction.
Further, the query module is specifically configured to, for each system, when a desensitization data query instruction of the system is received, query, according to first identification information of data to be queried, carried in the desensitization data query instruction, desensitization data corresponding to the first identification information in the system.
Further, the query module is specifically configured to, for each system, when receiving an encrypted data query instruction of the system, query, according to second identification information of data to be queried, which is carried in the encrypted data query instruction, encrypted data corresponding to the second identification information in the system.
Further, the query module is specifically configured to, when a cross-system association query instruction is received, query desensitization data corresponding to third identification information in a related system according to the third identification information of the data to be queried carried in the cross-system association instruction, and query corresponding encrypted data by using the desensitization data as a primary key.
Further, the apparatus further comprises:
and the decryption module is used for decrypting the encrypted data according to the pre-stored encryption key and decryption key corresponding to each system after the encrypted data is inquired, so as to obtain plaintext data corresponding to the encrypted data.
In another aspect, an embodiment of the present invention provides an electronic device, including a processor, a communication interface, a memory, and a communication bus, where the processor, the communication interface, and the memory complete mutual communication through the communication bus;
a memory for storing a computer program;
a processor for implementing any of the above method steps when executing a program stored in the memory.
In yet another aspect, an embodiment of the present invention provides a computer-readable storage medium, in which a computer program is stored, and the computer program, when executed by a processor, implements the method steps described in any one of the above.
The embodiment of the invention provides a data processing method, a data processing device, electronic equipment and a storage medium, wherein the method comprises the following steps: acquiring data to be processed in each system; carrying out desensitization processing on the data to be processed in each system by adopting the same desensitization algorithm, and carrying out encryption processing on the data to be processed in each system by adopting different encryption algorithms or encryption keys to obtain desensitization data and encrypted data corresponding to the data to be processed; establishing a corresponding relation among the identification information of the data to be processed, the desensitization data and the encrypted data; and when a data query instruction is received, performing data query according to the established corresponding relation in each system.
The technical scheme has the following advantages or beneficial effects:
in the embodiment of the invention, desensitization processing and encryption processing are respectively carried out on data to be processed in each system to obtain desensitization data and encrypted data, and the corresponding relation among the identification information of the data to be processed, the desensitization data and the encrypted data is established. The same desensitization algorithm is adopted during desensitization processing, so that desensitization data corresponding to the same plaintext data in each system are the same, and matching and interaction of the plaintext data among different systems can be realized based on the desensitization data. According to the corresponding relation, the encrypted data corresponding to the desensitized data can be obtained, so that data restoration is realized, and the use scene of plaintext data is met. In addition, different encryption algorithms or encryption keys are adopted to encrypt the data to be processed in each system during encryption processing, and even if a certain key is leaked, the data of other systems are still safe, so that the data exposure risk is reduced to the minimum.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic diagram of a data processing process according to an embodiment of the present invention;
FIG. 2 is a diagram of a data processing architecture according to an embodiment of the present invention;
FIG. 3 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the attached drawings, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
Fig. 1 is a schematic diagram of a data processing process provided in an embodiment of the present invention, where the process includes the following steps:
s101: and acquiring data to be processed in each system.
S102: desensitization processing is carried out on the data to be processed in each system by adopting the same desensitization algorithm, and encryption processing is carried out on the data to be processed in each system by adopting different encryption algorithms or encryption keys to obtain desensitization data and encryption data corresponding to the data to be processed; and establishing a corresponding relation among the identification information of the data to be processed, the desensitization data and the encrypted data.
S103: and when a data query instruction is received, performing data query according to the established corresponding relation in each system.
The data processing method provided by the embodiment of the invention is applied to electronic equipment, and the electronic equipment can be equipment such as a PC (personal computer), a tablet personal computer and the like, and can also be a server.
The server first obtains data to be processed in each system. The data to be processed may be the bank card number, the identification number, the mobile phone number, the balance of the bank card, etc. of the customer. After the electronic equipment acquires the data to be processed, desensitization processing and encryption processing are respectively carried out on the data to be processed. Specifically, the same desensitization algorithm is adopted to perform desensitization processing on the data to be processed in each system, so that the desensitization data corresponding to the same data to be processed in each system are the same. The desensitization algorithm may be an alternative: the truth is replaced by fictional data. For example, a larger virtual value data table is established, a random seed is generated for each real value record, and the original data content is subjected to hash mapping replacement. The invalidation method comprises the following steps: replace a true value or a portion of a true value with NULL or NUX, such as the last 12 digits of the credit card number. Scrambling method: and carrying out random redistribution on the values of the data to be processed. An offset method: the digital data is changed by random shift, so that the aim of data desensitization is fulfilled. It should be noted that the desensitization algorithm is only an example, and the desensitization algorithm provided by the embodiment of the present invention includes, but is not limited to, performing desensitization processing by using the above-mentioned exemplary algorithm french secret SM 3. Preferably, in order to perform privacy protection on the data, desensitization processing may be performed on the data to be processed in each system by using a desensitization algorithm that is difficult to restore, so as to obtain desensitization data corresponding to the data to be processed, for example, by using. The desensitization algorithm adopted for desensitization processing on the data to be processed in each system is the same.
In order to avoid the problem that the key is leaked and the data of each system has an exposure risk, in the embodiment of the invention, different encryption algorithms or encryption keys are adopted to encrypt the data to be processed in each system. Thus there is a separate encryption algorithm or encryption/decryption key pair for each system. Even if the key of a certain system is leaked, the data of other systems cannot be decrypted, and the security of the data of other systems is ensured. The encryption algorithm may be the symmetric encryption algorithm AES. The AES key has short establishing time, good sensitivity and low memory requirement, and in practical use, the working mode is CTR, and the IV parameter (16-bit byte array) needs to be introduced into the working mode. Key length 128/192/256, where 192 and 256 require configuration of a policy-free rights file (JDK 6). The two most common modes of stuffing are PKCS5Padding and PKCS7 Padding. The encryption algorithm may also be an asymmetric encryption algorithm, such as the DH algorithm, RSA algorithm, DSA algorithm, elliptic curve algorithm (EC), and the like. The embodiment of the invention does not limit the encryption algorithm, as long as the encryption algorithms adopted by different systems are different or the adopted encryption keys are different.
Desensitization processing and encryption processing are respectively carried out on the data to be processed in each system, and after desensitization data and encrypted data corresponding to the data to be processed are obtained, corresponding relations among identification information of the data to be processed, the desensitization data and the encrypted data are established. It should be noted that, for each system, a corresponding relationship among the identification information of the data to be processed, the desensitized data, and the encrypted data in the system is established. The data to be processed is, for example, the data of the customer's bank card number, identification number, mobile phone number, bank card balance, etc., and the identification information of the data to be processed is, for example, the name information of the customer.
After the corresponding relation is established for each system, when a data query instruction is received, data query is carried out according to the established corresponding relation in each system. The process of data query is explained in detail below.
I, desensitization data query in a single system.
When receiving a data query instruction, the data query according to the established corresponding relationship in each system comprises:
and for each system, when a desensitization data query instruction of the system is received, querying desensitization data corresponding to first identification information in the system according to the first identification information of the data to be queried carried in the desensitization data query instruction.
In the embodiment of the invention, the electronic equipment can provide desensitization data query windows or desensitization data query API interfaces for each system. And receiving a desensitization data query instruction through a desensitization data query window or a desensitization data query API interface, wherein the desensitization data query instruction carries first identification information of data to be queried. After receiving the desensitization data query instruction, the electronic equipment acquires first identification information carrying to-be-queried data in the desensitization data query instruction, and queries desensitization data corresponding to the first identification information according to the corresponding relation between the identification information of the to-be-processed data and the desensitization data.
Desensitization data queries within a single system are described below by way of an example.
Taking the system a as an example, the correspondence relationship between the identification information of the data to be processed, the desensitization data, and the encrypted data, which is established in the system a, is shown in table 1 below:
identification information of data to be processed Desensitization data Encrypting data
Zhang San Desensitization data A Encrypted data A
Li Si Desensitization data B Encrypted data B
Wang Wu Desensitization data C Encrypted data C
TABLE 1
When the electronic device receives a desensitization data query instruction of the system a, acquiring first identification information of data to be queried, which is carried in the desensitization data query instruction, of zhang, and querying desensitization data corresponding to zhang in the above table 1 of the system a as desensitization data a.
And secondly, encrypting data query in the single system.
When receiving a data query instruction, the data query according to the established corresponding relationship in each system comprises:
and aiming at each system, when an encrypted data query instruction of the system is received, querying the encrypted data corresponding to the second identification information in the system according to the second identification information of the data to be queried carried in the encrypted data query instruction.
In the embodiment of the present invention, the electronic device may provide an encrypted data query window or an encrypted data query API interface for each system. And receiving an encrypted data query instruction through an encrypted data query window or an encrypted data query API (application program interface), wherein the encrypted data query instruction carries second identification information of the data to be queried. After receiving the encrypted data query instruction, the electronic device obtains second identification information carrying the data to be queried in the encrypted data query instruction, and then queries encrypted data corresponding to the second identification information according to the corresponding relation between the identification information of the data to be processed and the encrypted data.
The encrypted data query in a single system is also illustrated by taking table 1 as an example.
When the electronic device receives an encrypted data query instruction of the system a, the second identification information of the to-be-queried data carried in the encrypted data query instruction is found to be lie four, and the encrypted data corresponding to lie four is queried in the table 1 above of the system a to be encrypted data B.
And thirdly, cross-system association query.
When receiving a data query instruction, the data query according to the established corresponding relationship in each system comprises:
when a cross-system association query instruction is received, according to third identification information of data to be queried carried in the cross-system association instruction, desensitization data corresponding to the third identification information is queried in a related system, and corresponding encrypted data is queried by taking the desensitization data as a main key.
In the embodiment of the invention, the electronic equipment can provide an associated query window or an associated query API interface for each system. And receiving a cross-system association query instruction through an association query window or an association query API (application program interface), wherein the cross-system association query instruction carries third identification information of the data to be queried and identification information of the system. After receiving the cross-system association query instruction, the electronic device acquires third identification information carrying data to be queried and identification information of the system in the cross-system association query instruction, and then queries desensitization data corresponding to the third identification information through the cross-system according to the corresponding relation between the identification information of the data to be processed and the desensitization data and the encrypted data. And then cross-system inquiry of corresponding encrypted data is carried out by taking desensitized data as a main key.
Cross-system association queries are described below by way of an example.
The electronic equipment receives the cross-system correlation query instruction, if the identification information of the system carried in the cross-system correlation query instruction is the identification information of the system A and the identification information of the system B, it indicates that correlation query is performed between the system A and the system B, and the third identification information of the data to be queried carried in the cross-system correlation query instruction is Wangwen.
The correspondence relationship between the identification information of the to-be-processed data, the desensitization data, and the encryption data established in the system a is shown in table 1 above.
The correspondence among the identification information of the to-be-processed data, the desensitization data, and the encrypted data established in system B is shown in table 2 below:
identification information of data to be processed Desensitization data Encrypting data
Zhang San Desensitization data A Encrypted data M
Li Si Desensitization data B Encrypted data N
Wang Wu Desensitization data C Encrypted data Q
TABLE 2
And inquiring desensitization data corresponding to the third identification information in the system A and the system B as desensitization data C according to the fifth third identification information of the data to be inquired carried in the cross-system association instruction. And inquiring corresponding encrypted data respectively as encrypted data C and encrypted data Q by taking the desensitized data C as a main key.
And after the encrypted data are inquired, decrypting the encrypted data according to the pre-stored encryption key and decryption key corresponding to each system to obtain plaintext data corresponding to the encrypted data.
In order to avoid the problem that the key is leaked and the data of each system is exposed, in the embodiment of the present invention, different encryption algorithms or encryption keys are adopted to encrypt the data to be processed in each system. For each system, after the data to be processed in the system is encrypted by adopting a corresponding encryption algorithm or encryption key, a decryption key corresponding to the system is stored. Thus there is a separate encryption and decryption key pair for each system. And after the encrypted data in the system is inquired, decrypting the encrypted data by using a decryption key stored in the system to obtain plaintext data corresponding to the encrypted data. And then the subsequent plaintext data utilization process is carried out.
According to the data processing scheme provided by the embodiment of the invention, desensitization and encryption technologies are combined, the system simultaneously stores desensitization data and encryption data, the desensitization data can meet the requirement that a service operation scene preferentially uses the desensitization data, a plaintext data room is required to be used, the plaintext data can be obtained by decrypting the encryption data, the unified desensitization algorithm can ensure the consistency of the desensitization data of each system, and the desensitization data obtained by the desensitization algorithm can be used for query and associated retrieval; the differentiated encryption algorithm can meet the requirements of daily business on plaintext data while effectively ensuring data security (even if a secret key is leaked, the influence can be controlled within a certain range), and user requests of the plaintext data are all recorded, so that data security monitoring is facilitated.
On one hand, if a plurality of systems in the entity or a plurality of systems of different entities need to communicate sensitive data, desensitization is carried out on the same sensitive data or desensitization encryption data needing desensitization by adopting the same desensitization algorithm to obtain desensitization data as an operation main construction, and the desensitization algorithm can add salt or not add salt if the national secret SM3 algorithm is used uniformly, so that the salt can be added for the safe sake. At the moment, the related desensitization data of the system in the same entity are the same desensitization algorithm, so the data have the same value, can be communicated inside and outside, and cannot generate information difference, unified search fields can be used in the situation that query, association search or desensitization data can meet the viewing requirements, and meanwhile, because the irreversible desensitization data are used, privacy information can be effectively protected in the communication process, so the problem of inconsistent desensitization data in a plurality of systems can be solved; on the other hand, in the daily business process, the use requirement of the plaintext data exists, if the data is desensitized data, a bank has no way to locate a specific card number and is associated with a specific person, so the plaintext data needs to be used, at the moment, because the unified desensitized data exists, each system can adopt different encryption algorithms or keys to perform personalized encryption and provide a corresponding plaintext data access API (application programming interface), the API receives the desensitized data, the background associates the encrypted data and returns the plaintext data after decryption, so the requirement on the plaintext data in a necessary business scene can be supported, the related requests all record user request information, and the systems adopt the differentiated encryption algorithms or keys, so that the risk of large-area data leakage possibly caused after the keys are leaked can be effectively avoided.
Fig. 2 is a diagram of a data processing architecture according to an embodiment of the present invention, and fig. 2 illustrates a data processing process by taking a system 1 and a system 2 as examples. As shown in fig. 2, firstly, sensitive plaintext data is stored in a system 1 and a system 2, the system 1 and the system 2 perform desensitization processing on the plaintext data by using the same desensitization algorithm, and simultaneously the system 1 and the system 2 perform encryption processing on the plaintext data by using different encryption algorithms to obtain desensitized data and encrypted data, respectively. The same plaintext data stores two field values, desensitized data and encrypted data, respectively. When each system needs to use the plaintext data, desensitization data can be used as an inquiry main key in each system, and the decryption key of the system can be used for decrypting the encrypted data stored in the system to obtain the plaintext data; when cross-system query is needed, stored desensitization data can be used as a main key to perform correlation query among systems, so that plaintext data can be avoided to ensure data security.
Fig. 3 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present invention, where the apparatus includes:
an obtaining module 31, configured to obtain data to be processed in each system;
the data processing module 32 is configured to perform desensitization processing on the data to be processed in each system by using the same desensitization algorithm, and perform encryption processing on the data to be processed in each system by using different encryption algorithms or encryption keys to obtain desensitization data and encrypted data corresponding to the data to be processed; establishing a corresponding relation among the identification information of the data to be processed, the desensitization data and the encrypted data;
and the query module 33 is configured to perform data query according to the established corresponding relationship in each system when receiving the data query instruction.
The query module 33 is specifically configured to, for each system, when receiving a desensitization data query instruction of the system, query desensitization data corresponding to first identification information in the desensitization data query instruction according to the first identification information of the data to be queried carried in the desensitization data query instruction.
The query module 33 is specifically configured to, for each system, when receiving an encrypted data query instruction of the system, query, according to second identification information of data to be queried, which is carried in the encrypted data query instruction, encrypted data corresponding to the second identification information in the system.
The query module 33 is specifically configured to, when a cross-system correlation query instruction is received, query desensitization data corresponding to third identification information in a related system according to the third identification information of data to be queried carried in the cross-system correlation instruction, and query corresponding encrypted data by using the desensitization data as a primary key.
The device further comprises:
and the decryption module 34 is configured to, after the encrypted data is queried, decrypt the encrypted data according to the pre-stored encryption key and decryption key corresponding to each system to obtain plaintext data corresponding to the encrypted data.
An embodiment of the present invention further provides an electronic device, as shown in fig. 4, including: the system comprises a processor 301, a communication interface 302, a memory 303 and a communication bus 304, wherein the processor 301, the communication interface 302 and the memory 303 complete mutual communication through the communication bus 304;
the memory 303 has stored therein a computer program which, when executed by the processor 301, causes the processor 301 to perform the steps of:
acquiring data to be processed in each system;
desensitization processing is carried out on the data to be processed in each system by adopting the same desensitization algorithm, and encryption processing is carried out on the data to be processed in each system by adopting different encryption algorithms or encryption keys to obtain desensitization data and encryption data corresponding to the data to be processed; establishing a corresponding relation among the identification information of the data to be processed, the desensitization data and the encrypted data;
and when a data query instruction is received, performing data query according to the established corresponding relation in each system.
Based on the same inventive concept, the embodiment of the present invention further provides an electronic device, and because the principle of solving the problem of the electronic device is similar to that of the data processing method, the implementation of the electronic device may refer to the implementation of the method, and repeated details are not repeated.
The electronic device provided by the embodiment of the invention can be a desktop computer, a portable computer, a smart phone, a tablet computer, a Personal Digital Assistant (PDA), a network side device and the like.
The communication bus mentioned in the electronic device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface 302 is used for communication between the above-described electronic apparatus and other apparatuses.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Alternatively, the memory may be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a central processing unit, a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an application specific integrated circuit, a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or the like.
An embodiment of the present invention further provides a computer storage readable storage medium, in which a computer program executable by an electronic device is stored, and when the program runs on the electronic device, the electronic device is caused to execute the following steps:
acquiring data to be processed in each system;
desensitization processing is carried out on the data to be processed in each system by adopting the same desensitization algorithm, and encryption processing is carried out on the data to be processed in each system by adopting different encryption algorithms or encryption keys to obtain desensitization data and encryption data corresponding to the data to be processed; establishing a corresponding relation among the identification information of the data to be processed, the desensitization data and the encrypted data;
and when a data query instruction is received, performing data query according to the established corresponding relation in each system.
Based on the same inventive concept, embodiments of the present invention further provide a computer-readable storage medium, and since a principle of solving a problem when a processor executes a computer program stored in the computer-readable storage medium is similar to a data processing method, implementation of the computer program stored in the computer-readable storage medium by the processor may refer to implementation of the method, and repeated details are omitted.
The computer readable storage medium may be any available medium or data storage device that can be accessed by a processor in an electronic device, including but not limited to magnetic memory such as floppy disks, hard disks, magnetic tape, magneto-optical disks (MOs), etc., optical memory such as CDs, DVDs, BDs, HVDs, etc., and semiconductor memory such as ROMs, EPROMs, EEPROMs, non-volatile memory (NAND FLASH), Solid State Disks (SSDs), etc.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (12)

1. A method of data processing, the method comprising:
acquiring data to be processed in each system;
carrying out desensitization processing on the data to be processed in each system by adopting the same desensitization algorithm, and carrying out encryption processing on the data to be processed in each system by adopting different encryption algorithms or encryption keys to obtain desensitization data and encrypted data corresponding to the data to be processed; establishing a corresponding relation among the identification information of the data to be processed, the desensitization data and the encrypted data;
and when a data query instruction is received, performing data query according to the established corresponding relation in each system.
2. The method of claim 1, wherein, when receiving a data query instruction, performing data query according to the established correspondence in each system comprises:
aiming at each system, when a desensitization data query instruction of the system is received, according to first identification information of data to be queried, which is carried in the desensitization data query instruction, desensitization data corresponding to the first identification information is queried in the system.
3. The method of claim 1, wherein, when receiving a data query instruction, performing data query according to the established correspondence in each system comprises:
and aiming at each system, when an encrypted data query instruction of the system is received, querying the encrypted data corresponding to the second identification information in the system according to the second identification information of the data to be queried carried in the encrypted data query instruction.
4. The method of claim 1, wherein, when receiving a data query instruction, performing data query according to the established correspondence in each system comprises:
when a cross-system association query instruction is received, according to third identification information of data to be queried carried in the cross-system association instruction, desensitization data corresponding to the third identification information is queried in a related system, and corresponding encrypted data is queried by taking the desensitization data as a main key.
5. The method of claim 3 or 4, further comprising:
and after the encrypted data are inquired, decrypting the encrypted data according to the pre-stored encryption key and decryption key corresponding to each system to obtain plaintext data corresponding to the encrypted data.
6. A data processing apparatus, characterized in that the apparatus comprises:
the acquisition module is used for acquiring data to be processed in each system;
the data processing module is used for carrying out desensitization processing on the data to be processed in each system by adopting the same desensitization algorithm and carrying out encryption processing on the data to be processed in each system by adopting different encryption algorithms or encryption keys to obtain desensitization data and encryption data corresponding to the data to be processed; establishing a corresponding relation among the identification information of the data to be processed, the desensitization data and the encrypted data;
and the query module is used for querying data according to the established corresponding relation in each system when receiving the data query instruction.
7. The apparatus according to claim 6, wherein the query module is specifically configured to, for each system, when a desensitization data query instruction of the system is received, query, according to first identification information of data to be queried, carried in the desensitization data query instruction, desensitization data corresponding to the first identification information in the system.
8. The apparatus according to claim 6, wherein the query module is specifically configured to, for each system, query, when receiving an encrypted data query instruction of the system, encrypted data corresponding to second identification information in the system according to the second identification information of data to be queried, where the second identification information is carried in the encrypted data query instruction.
9. The apparatus according to claim 6, wherein the query module is specifically configured to, when a cross-system association query instruction is received, query desensitization data corresponding to third identification information in the related system according to the third identification information of the data to be queried carried in the cross-system association instruction, and query corresponding encrypted data with the desensitization data as a primary key.
10. The apparatus of claim 8 or 9, wherein the apparatus further comprises:
and the decryption module is used for decrypting the encrypted data according to the pre-stored encryption key and decryption key corresponding to each system after the encrypted data is inquired, so as to obtain plaintext data corresponding to the encrypted data.
11. An electronic device is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface are used for realizing mutual communication by the memory through the communication bus;
a memory for storing a computer program;
a processor for implementing the method steps of any one of claims 1 to 5 when executing a program stored in the memory.
12. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, which computer program, when being executed by a processor, carries out the method steps of any one of claims 1-5.
CN202210670199.3A 2022-06-14 2022-06-14 Data processing method and device, electronic equipment and storage medium Pending CN115114653A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210670199.3A CN115114653A (en) 2022-06-14 2022-06-14 Data processing method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210670199.3A CN115114653A (en) 2022-06-14 2022-06-14 Data processing method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN115114653A true CN115114653A (en) 2022-09-27

Family

ID=83329135

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210670199.3A Pending CN115114653A (en) 2022-06-14 2022-06-14 Data processing method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115114653A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116992487A (en) * 2023-09-25 2023-11-03 北京众图识人科技有限公司 Desensitization data restoring method, device, terminal equipment and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116992487A (en) * 2023-09-25 2023-11-03 北京众图识人科技有限公司 Desensitization data restoring method, device, terminal equipment and storage medium

Similar Documents

Publication Publication Date Title
CN108364223B (en) Data auditing method and device
US11194921B2 (en) Data masking
CN110457945B (en) List query method, query party device, service party device and storage medium
US9569633B2 (en) Device, system, and method for processor-based data protection
EP3320478B1 (en) Secure handling of memory caches and cached software module identities for a method to isolate software modules by means of controlled encryption key management
EP3625720B1 (en) Reducing compromise of sensitive data in virtual machine
WO2022028289A1 (en) Data encryption method and apparatus, data decryption method and apparatus, terminal, and storage medium
EP2795828A1 (en) System and method for key management for issuer security domain using global platform specifications
US20210142319A1 (en) Systems and methods for distributed data mapping
CN114428784A (en) Data access method and device, computer equipment and storage medium
CN115114653A (en) Data processing method and device, electronic equipment and storage medium
CN112528268B (en) Cross-channel applet login management method and device and related equipment
CN113343309A (en) Natural person database privacy security protection method and device and terminal equipment
US9306745B2 (en) Secure key management
KR20140089703A (en) Method and apparatus for security of mobile data
US20220092221A1 (en) Systems and methods for real-time encryption of sensitive data
CN114896611A (en) Data processing method, processor and machine readable storage medium
CN108521419A (en) Access processing method, device and the computer equipment of observation system file
CN109711207B (en) Data encryption method and device
US11646885B2 (en) Safe token storage
CN113312650B (en) Transaction log privacy protection method and device
CN115694921A (en) Data storage method, device and medium
CN117390675A (en) Data query method, electronic device, and readable storage medium
TW202415032A (en) A data sharing system, method, device, equipment and medium
CN115442115A (en) Risk data pushing method, system, server and trusted unit

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination