CN115296885A - Data encryption method and device, electronic equipment and computer storage medium - Google Patents
Data encryption method and device, electronic equipment and computer storage medium Download PDFInfo
- Publication number
- CN115296885A CN115296885A CN202210918053.6A CN202210918053A CN115296885A CN 115296885 A CN115296885 A CN 115296885A CN 202210918053 A CN202210918053 A CN 202210918053A CN 115296885 A CN115296885 A CN 115296885A
- Authority
- CN
- China
- Prior art keywords
- encryption
- sensitive information
- type
- client
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000004590 computer program Methods 0.000 claims description 13
- 230000008569 process Effects 0.000 claims description 13
- 238000004458 analytical method Methods 0.000 claims description 5
- 230000009466 transformation Effects 0.000 abstract description 5
- 230000006870 function Effects 0.000 description 12
- 230000003287 optical effect Effects 0.000 description 6
- 238000012545 processing Methods 0.000 description 6
- 230000004048 modification Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000012423 maintenance Methods 0.000 description 3
- 239000013589 supplement Substances 0.000 description 3
- 239000002699 waste material Substances 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004061 bleaching Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 239000000047 product Substances 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 230000026676 system process Effects 0.000 description 1
- 238000011144 upstream manufacturing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Abstract
The application provides a data encryption method, a data encryption device, electronic equipment and a computer storage medium, which can be applied to the financial field or other fields, wherein the data encryption method comprises the following steps: after receiving the service request; analyzing the service request to obtain client sensitive information; secondly, encrypting the client sensitive information by using an encryption and decryption component according to the parameterized configuration of an encryption attribute parameter and an encryption field corresponding to the type of the client sensitive information to obtain encrypted data; the types of the customer sensitive information are classified into a customer name, a certificate number, a birth date, an age, an annual income, an address and a nationality; the encryption and decryption component is configured with a cipher text default length, a cipher text sender, 64-system characters, plaintext encryption and cipher text encryption. Therefore, not only a whole set of service system does not need to be re-deployed in the local area, but also the large-scale matching transformation of the existing service system is not needed, and the problems of supervision and cost are ingeniously solved.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for encrypting data, an electronic device, and a computer storage medium.
Background
At present, more and more national regulatory agencies require that plaintext data of domestic customers can only be stored locally and cannot be transmitted out; for a multinational group, most of the business systems are intensively deployed in the country of the headquarters of the group. If a whole set of service system servers are deployed in each country, not only is more waste caused in a resource layer, but also maintenance and labor costs are higher and higher; in addition, centralized modeling and integrated management of data of the whole group are not facilitated, and further internationalization of the group is not facilitated. In addition, although the mainstream encryption algorithm can encrypt plaintext, ciphertext after encryption is long, most service systems input and store service data in fields, for example, the name of a client supports at most 200 characters, the certificate number of the client supports at most 20 characters, and the like, so that the mainstream encryption algorithm is only suitable for encrypted transmission of a whole message and is not suitable for encryption processing of a single field.
In the prior art, a solution to the above problem is generally to deploy a set of service systems locally, or to modify the existing service systems by using a mainstream encryption algorithm. The first method not only causes resource waste, but also causes high maintenance cost. Although the modification scheme of the second method is simple, the related system has a very wide modification range, and is strongly coupled with the selected encryption algorithm, so that the second method has poor practicability.
Disclosure of Invention
In view of this, the present application provides a data encryption method, apparatus, electronic device and computer storage medium, which do not need to re-deploy a whole set of service system locally, or to perform a large-scale matching transformation on the existing service system, and thus skillfully solve the problems of supervision and cost.
A first aspect of the present application provides a method for encrypting data, including:
receiving a service request;
analyzing the service request to obtain client sensitive information;
encrypting the client sensitive information by using an encryption and decryption component according to the parameterized configuration of the encryption attribute parameters and the encryption fields corresponding to the type of the client sensitive information to obtain encrypted data; the types of the customer sensitive information are classified into a customer name, a certificate number, a birth date, an age, an annual income, an address and a nationality; the encryption attribute parameters include: encryption field type, encryption type, ciphertext uniqueness mark and supplement function type; the parameterized configuration of the encryption field comprises: configuring file type, parameter record type and parameter record; the encryption and decryption component is configured with a cipher text default length, a cipher text sender, 64-system characters, plaintext encryption and cipher text encryption.
Optionally, the analyzing the service request to obtain the client sensitive information includes:
and analyzing the data in the service request according to a preset sensitive information field to obtain the client sensitive information.
Optionally, after encrypting the sensitive information of the client to obtain encrypted data, the method further includes:
and uploading the encrypted data to a core system.
Optionally, after encrypting the sensitive information of the client to obtain encrypted data, the method further includes:
and storing the generated encryption attribute parameters in the encryption process.
A second aspect of the present application provides an apparatus for encrypting data, including:
a receiving unit, configured to receive a service request;
the analysis unit is used for analyzing the service request to obtain the customer sensitive information;
the encryption unit is used for encrypting the client sensitive information by using the encryption and decryption component according to the encryption attribute parameter corresponding to the type of the client sensitive information and the parameterized configuration of the encryption field to obtain encrypted data; the types of the customer sensitive information are classified into a customer name, a certificate number, a birth date, an age, an annual income, an address and a nationality; the encryption attribute parameters include: encryption field type, encryption type, ciphertext uniqueness identification and supplementary function type; the parameterized configuration of the encryption field comprises: the type of the configuration file, the type of the parameter record and the parameter record; the encryption and decryption component is configured with a cipher text default length, a cipher text sender, 64-system characters, plaintext encryption and cipher text encryption.
Optionally, the parsing unit includes:
and the analysis subunit is used for analyzing the data in the service request according to the preset sensitive information field to obtain the customer sensitive information.
Optionally, the data encryption apparatus further includes:
and the uploading unit is used for uploading the encrypted data to the core system.
Optionally, the data encryption apparatus further includes:
and the storage unit is used for storing the generated encryption attribute parameters in the encryption process.
A third aspect of the present application provides an electronic device comprising:
one or more processors;
a storage device having one or more programs stored thereon;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement a method of encrypting data as described in any one of the first aspects.
A fourth aspect of the present application provides a computer storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements a method of encrypting data as set forth in any one of the first aspects.
As can be seen from the above aspects, the present application provides a data encryption method, an apparatus, an electronic device, and a computer storage medium, where the data encryption method includes: after receiving the service request; analyzing the service request to obtain client sensitive information; secondly, encrypting the client sensitive information by using an encryption and decryption component according to the parameterized configuration of an encryption attribute parameter and an encryption field corresponding to the type of the client sensitive information to obtain encrypted data; the types of the customer sensitive information are classified into a customer name, a certificate number, a birth date, an age, a yearly income, an address and a nationality; the encryption attribute parameters include: encryption field type, encryption type, ciphertext uniqueness identification and supplementary function type; the parameterized configuration of the encryption field comprises: configuring file type, parameter record type and parameter record; the encryption and decryption component is configured with a cipher text default length, a cipher text sender, 64-system characters, plaintext encryption and cipher text encryption. Therefore, a whole set of service system does not need to be re-deployed locally, and the large-scale matching transformation of the existing service system is not needed, so that the problems of supervision and cost are solved skillfully.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a detailed flowchart of a data encryption method according to an embodiment of the present application;
fig. 2 is a detailed flowchart of a data encryption method according to another embodiment of the present application;
fig. 3 is a detailed flowchart of a method for encrypting data according to another embodiment of the present application;
fig. 4 is a schematic diagram of an apparatus for encrypting data according to another embodiment of the present application;
fig. 5 is a schematic diagram of an apparatus for encrypting data according to another embodiment of the present application;
fig. 6 is a schematic diagram of an electronic device implementing a data encryption method according to another embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making any creative effort belong to the protection scope of the present application.
The term "including" and variations thereof as used herein is intended to be open-ended, i.e., "including but not limited to". The term "based on" is "based, at least in part, on". The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments". Relevant definitions for other terms will be given in the following description.
It should be noted that the terms "first", "second", and the like in the present application are only used for distinguishing different devices, modules or units, and are not used for limiting the order or interdependence relationship of the functions performed by the devices, modules or units.
It is noted that references to "a" or "an" modification in this application are intended to be illustrative rather than limiting, and those skilled in the art will appreciate that references to "one or more" are intended to be exemplary unless the context clearly indicates otherwise.
At present, the cipher text returned by the mainstream encryption algorithm has the minimum length of 64 bits, and cannot be guaranteed to be pure numbers, and even cannot return legal values similar to country codes. For the length problem, if the length of the field related to encryption of the existing system is extended, the length problem can be solved, but from the modification of the core system, other matched upstream and downstream systems are modified according to the rule, and the related system modification range is very wide.
In addition, for symmetric and asymmetric encryption algorithms, keys in the system are replaced periodically, client information stored in the core needs to be stored permanently, once the keys are replaced by the system, all related ciphertext data in the system need to be replaced by the existing ciphertext after being re-encrypted by using a new key, and for a table with mass data, the re-encryption time is very long, which causes the normal business processing and the reporting processing related to supervision of the system to be affected significantly or even processed in error.
Therefore, an embodiment of the present application provides a data encryption method, as shown in fig. 1, which specifically includes the following steps:
s101, receiving a service request.
And S102, analyzing the service request to obtain the client sensitive information.
Optionally, in another embodiment of the present application, an implementation manner of step S102 specifically includes:
and analyzing the data in the service request according to the pre-configured sensitive information field to obtain the client sensitive information.
S103, encrypting the client sensitive information by using the encryption and decryption component according to the encryption attribute parameter corresponding to the type of the client sensitive information and the parameterized configuration of the encryption field to obtain encrypted data.
The types of the sensitive information of the clients are divided into client names, certificate numbers, birth dates, ages, annual incomes, addresses and nationalities; the encryption attribute parameters include: encryption field type, encryption type, ciphertext uniqueness identification and supplementary function type; the parameterized configuration of the encryption field includes: configuring file type, parameter record type and parameter record; the encryption and decryption component is configured with a cipher text default length, a cipher text sender, 64-system characters, plaintext encryption and cipher text encryption.
It should be noted that, the rule parameters in the encryption and decryption components may be defined by the encryption attribute parameters, the parameterized configuration of the encryption field is suitable for implementing a bridge between the message and the encryption and decryption components to accomplish the purpose of encryption and decryption, and the encryption and decryption components encrypt and decrypt the specific message field following the encryption attribute parameters. Therefore, resource waste and maintenance cost increase caused by locally deploying a whole set of service system are avoided; strong coupling with a mainstream encryption algorithm is avoided; the dynamic cipher text parameter configuration can be realized, the large-scale reconstruction of the existing business system is avoided, the management of the secret key is avoided, and the transmission data can still not be decrypted after being intercepted. Meanwhile, different types of fields can be parameterized to select different encryption rules.
For example: the name of the client: the parameter is configured to be character type, the encryption type is encryption, and the length of the ciphertext is 8, so that the encryption component processes the plaintext into 8-bit ciphertext according to the rule. If the cipher text length is consistent with the original message length, the mark is Y, characters are filled behind the cipher text to ensure that the whole cipher text is consistent with the original message length (whether the original message is smaller than 8 bits or returns according to 8 bits); otherwise, 8-bit ciphertext is returned. When decrypting, the system will retrieve the plaintext according to the ciphertext.
Annual income: the parameter is configured to be the amount type, and the encryption type is bleaching, then the encryption component will directly return the bleaching value (such as 6 digits in the middle of the customer number) set by the parameter; and when decrypting, retrieving the original value according to the field name.
Date of birth: the parameter is configured as a date type, and the encryption type is a fixed value, then the encryption component will directly return the fixed value set by the parameter (e.g. 19000101); and when decrypting, retrieving the original value according to the field name.
Nationality: setting an enumeration value list when the parameters are configured into an enumeration type, and then taking an enumeration value of a corresponding position from the enumeration type according to the random number by the encryption component during encryption (if the taken value is consistent with a plaintext, taking out the corresponding enumeration value after the random number-1); and when decrypting, retrieving the original value according to the field name. Since the country code is legally verified, it is suitable for selection from a legal value.
Age: if the parameter is configured to be the amount type and the encryption type is a random value, firstly setting a random value range, and then generating a random number in the range by the encryption component during encryption and returning (if the generated random number is consistent with a plaintext, then-1); and when decrypting, retrieving the original value according to the field name.
Optionally, in another embodiment of the present application, an implementation manner of the data encryption method, as shown in fig. 2, further includes:
s201, receiving a service request.
S202, analyzing the service request to obtain the client sensitive information.
S203, encrypting the client sensitive information by using the encryption and decryption component according to the encryption attribute parameter and the parameterized configuration of the encryption field corresponding to the type of the client sensitive information to obtain encrypted data.
The types of the sensitive information of the clients are divided into client names, certificate numbers, birth dates, ages, annual incomes, addresses and nationalities; the encryption attribute parameters include: encryption field type, encryption type, ciphertext uniqueness mark and supplement function type; the parameterized configuration of the encryption field includes: configuring file type, parameter record type and parameter record; the encryption and decryption component is configured with a cipher text default length, a cipher text sender, 64-ary characters, plaintext encryption and cipher text encryption.
It should be noted that, for the specific implementation of steps S201 to S203, refer to steps S101 to S103, which are not described herein again.
And S204, uploading the encrypted data to a core system.
S205, storing the generated encryption attribute parameters in the encryption process.
Specifically, as shown in fig. 3, a specific flowchart of an encryption method of data and a corresponding decryption method is shown. And submitting a service request in a front-end system, analyzing the service request to obtain client sensitive information through the application, encrypting the client sensitive information, returning the encrypted client sensitive information to the front-end system, and storing the generated encryption attribute parameters in the encryption process in a dependent manner. And after receiving the returned encrypted client sensitive information, the front-end system uploads the encrypted client sensitive information to the core system. The core system processes the service data and returns a processing result, wherein the core stores the ciphertext, and the front-end system displays the processing result of the core system back, so that the encryption is finished.
The corresponding decryption process comprises the steps that the front-end system requests background data, the core system returns the requested data obtained by query to the front-end system after query, the returned data are ciphertext, the local front-end decrypts the ciphertext data returned by the core system, the local front-end system returns to the front-end system after analyzing the ciphertext data through the application, and the front-end system displays the plaintext data back, so that decryption is finished.
As can be seen from the above solutions, the present application provides a data encryption method: after receiving the service request; analyzing the service request to obtain client sensitive information; secondly, encrypting the client sensitive information by using an encryption and decryption component according to the parameterized configuration of an encryption attribute parameter and an encryption field corresponding to the type of the client sensitive information to obtain encrypted data; the types of the sensitive information of the clients are divided into client names, certificate numbers, birth dates, ages, annual incomes, addresses and nationalities; the encryption attribute parameters include: encryption field type, encryption type, ciphertext uniqueness mark and supplement function type; the parameterized configuration of the encryption field includes: configuring file type, parameter record type and parameter record; the encryption and decryption component is configured with a cipher text default length, a cipher text sender, 64-system characters, plaintext encryption and cipher text encryption. Therefore, not only a whole set of service system does not need to be re-deployed in the local area, but also the large-scale matching transformation of the existing service system is not needed, and the problems of supervision and cost are ingeniously solved.
The invention name provided by the invention can be used in the financial field or other fields, for example, the invention name can be used in a plaintext data non-exitance scene. The other fields are arbitrary fields other than the financial field, for example, the field of data encryption. The above description is only an example, and does not limit the application field of the name of the invention provided by the present invention.
Another embodiment of the present application provides an apparatus for encrypting data, as shown in fig. 4, specifically including:
a receiving unit 401, configured to receive a service request.
And an analyzing unit 402, configured to analyze the service request to obtain the client sensitive information.
Optionally, in another embodiment of the present application, an implementation manner of the parsing unit 402 includes:
and the analysis subunit is used for analyzing the data in the service request according to the preset sensitive information field to obtain the client sensitive information.
For the specific working processes of the units disclosed in the above embodiments of the present application, reference may be made to the contents of the corresponding method embodiments, which are not described herein again.
And an encrypting unit 403, configured to encrypt the client sensitive information by using the encrypting and decrypting component according to the parameterized configuration of the encryption attribute parameter and the encryption field corresponding to the type of the client sensitive information, to obtain encrypted data.
The types of the sensitive information of the clients are divided into client names, certificate numbers, birth dates, ages, annual incomes, addresses and nationalities; the encryption attribute parameters include: encryption field type, encryption type, ciphertext uniqueness identification and supplementary function type; the parameterized configuration of the encryption field includes: configuring file type, parameter record type and parameter record; the encryption and decryption component is configured with a cipher text default length, a cipher text sender, 64-system characters, plaintext encryption and cipher text encryption.
For a specific working process of the unit disclosed in the above embodiment of the present application, reference may be made to the content of the corresponding method embodiment, as shown in fig. 1, which is not described herein again.
Optionally, in another embodiment of the present application, an implementation manner of the data encryption apparatus, as shown in fig. 5, includes:
a receiving unit 501, configured to receive a service request.
The parsing unit 502 is configured to parse the service request to obtain the client sensitive information.
The encrypting unit 503 is configured to encrypt the client sensitive information by using the encrypting and decrypting component according to the parameterized configuration of the encryption attribute parameter and the encryption field corresponding to the type of the client sensitive information, so as to obtain encrypted data.
An uploading unit 504, configured to upload the encrypted data to the core system.
A saving unit 505, configured to save the generated encryption attribute parameter in the encryption process.
For a specific working process of the unit disclosed in the above embodiment of the present application, reference may be made to the content of the corresponding method embodiment, as shown in fig. 2, which is not described herein again.
As can be seen from the above, the present application provides an apparatus for encrypting data: after receiving the service request, the receiving unit 401; the analyzing unit 402 analyzes the service request to obtain the client sensitive information; then, the encryption unit 403 encrypts the client sensitive information by using the encryption and decryption component according to the parameterized configuration of the encryption attribute parameter and the encryption field corresponding to the type of the client sensitive information to obtain encrypted data; the types of the sensitive information of the clients are divided into client names, certificate numbers, birth dates, ages, annual incomes, addresses and nationalities; the encryption attribute parameters include: encryption field type, encryption type, ciphertext uniqueness identification and supplementary function type; the parameterized configuration of the encryption field includes: the type of the configuration file, the type of the parameter record and the parameter record; the encryption and decryption component is configured with a cipher text default length, a cipher text sender, 64-system characters, plaintext encryption and cipher text encryption. Therefore, a whole set of service system does not need to be re-deployed locally, and the large-scale matching transformation of the existing service system is not needed, so that the problems of supervision and cost are solved skillfully.
The functions described herein above may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems on a chip (SOCs), complex Programmable Logic Devices (CPLDs), and the like.
Another embodiment of the present application provides an electronic device, as shown in fig. 6, including:
one or more processors 601.
A storage device 602 having one or more programs stored thereon.
The one or more programs, when executed by the one or more processors 601, cause the one or more processors 601 to implement a method of encrypting data as described in any of the embodiments above.
Another embodiment of the present application provides a computer storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the method of encrypting data as described in any of the above embodiments.
In the context of this application, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
It should be noted that the computer readable medium mentioned above in the present application may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.
Another embodiment of the application provides a computer program product for performing a method of encrypting data of any one of the above when the computer program product is executed.
In particular, according to embodiments of the application, the processes described above with reference to the flow diagrams may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program carried on a non-transitory computer readable medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication means, or installed from a storage means, or installed from a ROM. The computer program, when executed by a processing device, performs the above-described functions defined in the methods of embodiments of the present application.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.
While several specific implementation details are included in the above discussion, these should not be construed as limiting the scope of the application. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination.
The above description is only a preferred embodiment of the application and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the application referred to in the present application is not limited to the embodiments in which the above-mentioned features are combined in particular, and also encompasses other embodiments in which the above-mentioned features or their equivalents are combined arbitrarily without departing from the concept of the application. For example, the above features may be replaced with (but not limited to) features having similar functions as those described in this application.
Claims (10)
1. A method for encrypting data, comprising:
receiving a service request;
analyzing the service request to obtain client sensitive information;
encrypting the client sensitive information by using an encryption and decryption component according to the parameterized configuration of the encryption attribute parameter and the encryption field corresponding to the type of the client sensitive information to obtain encrypted data; the types of the customer sensitive information are classified into a customer name, a certificate number, a birth date, an age, a yearly income, an address and a nationality; the encryption attribute parameters include: encryption field type, encryption type, ciphertext uniqueness identification and supplementary function type; the parameterized configuration of the encryption field comprises: configuring file type, parameter record type and parameter record; the encryption and decryption component is configured with a cipher text default length, a cipher text sender, 64-system characters, plaintext encryption and cipher text encryption.
2. The encryption method of claim 1, wherein said parsing said service request to obtain client sensitive information comprises:
and analyzing the data in the service request according to a preset sensitive information field to obtain the client sensitive information.
3. The encryption method according to claim 1, after encrypting the sensitive information of the client to obtain encrypted data, further comprising:
and uploading the encrypted data to a core system.
4. The encryption method according to claim 1, wherein after encrypting the sensitive information of the client to obtain the encrypted data, further comprising:
and storing the generated encryption attribute parameters in the encryption process.
5. An apparatus for encrypting data, comprising:
a receiving unit, configured to receive a service request;
the analysis unit is used for analyzing the service request to obtain the client sensitive information;
the encryption unit is used for encrypting the client sensitive information by using the encryption and decryption component according to the encryption attribute parameter corresponding to the type of the client sensitive information and the parameterized configuration of the encryption field to obtain encrypted data; the types of the customer sensitive information are classified into a customer name, a certificate number, a birth date, an age, a yearly income, an address and a nationality; the encryption attribute parameters include: encryption field type, encryption type, ciphertext uniqueness identification and supplementary function type; the parameterized configuration of the encryption field comprises: the type of the configuration file, the type of the parameter record and the parameter record; the encryption and decryption component is configured with a cipher text default length, a cipher text sender, 64-system characters, plaintext encryption and cipher text encryption.
6. The encryption device according to claim 5, wherein the parsing unit includes:
and the analysis subunit is used for analyzing the data in the service request according to the preset sensitive information field to obtain the customer sensitive information.
7. The encryption device of claim 5, further comprising:
and the uploading unit is used for uploading the encrypted data to the core system.
8. The encryption device of claim 5, further comprising:
and the storage unit is used for storing the generated encryption attribute parameters in the encryption process.
9. An electronic device, comprising:
one or more processors;
a storage device having one or more programs stored thereon;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement a method of encrypting data as recited in any one of claims 1 to 4.
10. A computer storage medium, having stored thereon a computer program, wherein the computer program, when executed by a processor, implements a method of encrypting data as claimed in any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210918053.6A CN115296885A (en) | 2022-08-01 | 2022-08-01 | Data encryption method and device, electronic equipment and computer storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210918053.6A CN115296885A (en) | 2022-08-01 | 2022-08-01 | Data encryption method and device, electronic equipment and computer storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115296885A true CN115296885A (en) | 2022-11-04 |
Family
ID=83825619
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210918053.6A Pending CN115296885A (en) | 2022-08-01 | 2022-08-01 | Data encryption method and device, electronic equipment and computer storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115296885A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106295367A (en) * | 2016-08-15 | 2017-01-04 | 北京奇虎科技有限公司 | Data ciphering method and device |
| CN106649587A (en) * | 2016-11-17 | 2017-05-10 | 国家电网公司 | High-security desensitization method based on big data information system |
| US10699023B1 (en) * | 2017-11-20 | 2020-06-30 | Amazon Technologies, Inc. | Encryption profiles for encrypting user-submitted data |
| CN111740826A (en) * | 2020-07-20 | 2020-10-02 | 腾讯科技(深圳)有限公司 | Encryption method, decryption method, device and equipment based on encryption proxy gateway |
-
2022
- 2022-08-01 CN CN202210918053.6A patent/CN115296885A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106295367A (en) * | 2016-08-15 | 2017-01-04 | 北京奇虎科技有限公司 | Data ciphering method and device |
| CN106649587A (en) * | 2016-11-17 | 2017-05-10 | 国家电网公司 | High-security desensitization method based on big data information system |
| US10699023B1 (en) * | 2017-11-20 | 2020-06-30 | Amazon Technologies, Inc. | Encryption profiles for encrypting user-submitted data |
| CN111740826A (en) * | 2020-07-20 | 2020-10-02 | 腾讯科技(深圳)有限公司 | Encryption method, decryption method, device and equipment based on encryption proxy gateway |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10977269B1 (en) | Selective structure preserving obfuscation | |
| US9646088B1 (en) | Data collection and transmission | |
| CN108520183B (en) | Data storage method and device | |
| US11507683B2 (en) | Query processing with adaptive risk decisioning | |
| CN110598442A (en) | Sensitive data self-adaptive desensitization method and system | |
| CN112929172A (en) | System, method and device for dynamically encrypting data based on key bank | |
| US10169600B2 (en) | Encryption policies for various nodes of a file | |
| CN109271798A (en) | Sensitive data processing method and system | |
| CN114826733B (en) | File transmission method, device, system, equipment, medium and program product | |
| CN111858769B (en) | Data use method, device, node equipment and storage medium | |
| CN110048830B (en) | Data encryption and decryption method and encryption and decryption device | |
| US10536276B2 (en) | Associating identical fields encrypted with different keys | |
| US10826693B2 (en) | Scalable hardware encryption | |
| CN112783847A (en) | Data sharing method and device | |
| US11101987B2 (en) | Adaptive encryption for entity resolution | |
| US11133926B2 (en) | Attribute-based key management system | |
| US11139969B2 (en) | Centralized system for a hardware security module for access to encryption keys | |
| CN107707528B (en) | Method and device for isolating user information | |
| CN115296885A (en) | Data encryption method and device, electronic equipment and computer storage medium | |
| CN115758432A (en) | Omnibearing data encryption method and system based on machine learning algorithm | |
| Hasimi | Cost-effective solutions in cloud computing security | |
| CN111030930B (en) | Decentralized network data fragment transmission method, device, equipment and medium | |
| US20210097195A1 (en) | Privacy-Preserving Log Analysis | |
| CN113906405A (en) | Modifying data items | |
| CN109828908A (en) | Interface testing parameter encryption method, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |