CN115442090A - Sensitive information acquisition method and device applied to script - Google Patents
Sensitive information acquisition method and device applied to script Download PDFInfo
- Publication number
- CN115442090A CN115442090A CN202211005956.1A CN202211005956A CN115442090A CN 115442090 A CN115442090 A CN 115442090A CN 202211005956 A CN202211005956 A CN 202211005956A CN 115442090 A CN115442090 A CN 115442090A
- Authority
- CN
- China
- Prior art keywords
- sensitive information
- script
- server
- ciphertext
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention relates to a sensitive information acquisition method and device applied to scripts. The method comprises the following steps: after the script is started, acquiring first information at a first position, and taking the first information as a secret key; acquiring second information at a second position, and taking the second information as a sensitive information ciphertext; the first position is a server for running the script, and the second position is the script, or the first position is the script and the second position is the server for running the script; and decrypting the sensitive information ciphertext by adopting the key to obtain a decryption result, and taking the decryption result as a sensitive information plaintext provided for the script to execute a preset function. If the script is acquired by other people and the script is operated in an illegal server of other people, the script can only acquire the first information or the second information from the script, but cannot acquire the other information from the server operating the script, so that a decryption result cannot be obtained, and a clear text of sensitive information cannot be obtained. Therefore, the safety of the plaintext of the sensitive information is ensured.
Description
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to a sensitive information acquisition method and device applied to scripts, computing equipment and a computer readable storage medium.
Background
In daily system operation and maintenance, a preset function is realized by using a script under many conditions, so that the operation and maintenance efficiency is improved. For example, a script is installed on each server, and the script runs on the server, so that functions of connecting a database to screen data, logging in a server in batches to inquire logs, packaging common operation steps and the like can be realized. The operation and maintenance efficiency is improved, and the labor cost and the time cost are saved.
Generally, to increase automation, sensitive information is often included in scripts. For example, a script for implementing the function of screening data of the connection database may include the password of the database to be connected; a script for realizing the function of inquiring the log of the server for batch login comprises the password of the server to be logged in. Then if the script is acquired by others, there is a risk of sensitive information leakage.
Disclosure of Invention
The embodiment of the invention provides a sensitive information acquisition method applied to a script, which is used for improving the safety of sensitive information.
In a first aspect, an embodiment of the present invention provides a sensitive information obtaining method applied to a script, including:
after a script is started, first information is obtained at a first position and is used as a secret key;
acquiring second information at a second position, and taking the second information as a sensitive information ciphertext; the first position is a server for running the script, and the second position is the script, or the first position is the script and the second position is the server for running the script;
and decrypting the sensitive information ciphertext by adopting the key to obtain a decryption result, and taking the decryption result as a sensitive information plaintext provided for the script to execute a preset function.
And after the script is started, acquiring first information and second information at different positions, taking the first information as a secret key and the second information as a sensitive information ciphertext, and decrypting the sensitive information ciphertext by using the obtained secret key to obtain a decryption result. The key and the sensitive information ciphertext are stored in different positions, the script only comprises one of the key or the sensitive information ciphertext, if the script runs in a legal server, the key and the sensitive information ciphertext can be respectively obtained from the first position and the second position after the script is started, the sensitive information plaintext is obtained after decryption, and the preset function can be executed through the sensitive information plaintext. If the script is acquired by other people and the script is operated in an illegal server of other people, the script can only acquire the first information or the second information from the script, but cannot acquire the other information from the server for operating the script, so that a decryption result cannot be obtained, and a clear text of sensitive information cannot be obtained. Therefore, the safety of the sensitive information plaintext is ensured.
In some embodiments, the sensitive information ciphertext is stored in the server;
the method further comprises the following steps:
receiving an updated sensitive information ciphertext, and replacing the initial sensitive information ciphertext with the updated sensitive information ciphertext to store in the server; and the updated sensitive information ciphertext is obtained by encrypting the updated sensitive information plaintext by adopting the key.
The sensitive information ciphertext is stored in the preset position of the server instead of the script, so that the updating process of the sensitive information ciphertext is simplified, and the updating speed of the sensitive information ciphertext is increased. The sensitive information plaintext is only required to be updated, the updated sensitive information plaintext is encrypted to obtain an updated sensitive information ciphertext, and the updated sensitive information ciphertext is sent to the server, so that the sensitive information ciphertext can be updated in the server. The script is not required to be reissued, the process is simpler, and the maintenance cost of the script is reduced.
In some embodiments, the sensitive information ciphertext is obtained by encrypting a sensitive information plaintext according to the secret key and a secret SM4 algorithm;
decrypting the sensitive information ciphertext by using the key to obtain a decryption result, wherein the decryption result comprises:
and decrypting the sensitive information ciphertext by adopting the secret key and the SM4 cryptographic algorithm to obtain a decryption result.
And the encryption and decryption are performed by adopting the SM4 cryptographic algorithm, so that the speed is high, and the confidentiality of the plaintext of the sensitive information can be ensured.
In a second aspect, an embodiment of the present invention further provides a sensitive information acquiring method applied to a script, including:
after the script is started, acquiring a first information component at a first position; obtaining a second information component at a second location; the first position is a server for running the script, and the second position is the script, or the first position is the script and the second position is the server for running the script;
using information obtained according to the first information component and the second information component as a secret key;
decrypting the sensitive information ciphertext by adopting the key to obtain a decryption result, and taking the decryption result as a sensitive information plaintext provided for the script to execute a preset function; the sensitive information ciphertext is information obtained from the first location or the second location.
And after the script is started, acquiring a first information component and a second information component at different positions, and decrypting the sensitive information ciphertext by using information acquired by the first information component and the second information component as a secret key to acquire a decryption result. Therefore, the script only contains the first information component, or the first information component and the sensitive information ciphertext, or the second information component and the sensitive information ciphertext, and if the script is illegally acquired by others, the sensitive information plaintext cannot be acquired by adopting any of the above information. Therefore, the safety of the sensitive information plaintext is ensured.
In some embodiments, the sensitive information ciphertext is stored in a preset position of the server;
the method further comprises the following steps:
receiving an updated sensitive information ciphertext, and replacing the initial sensitive information ciphertext with the updated sensitive information ciphertext to store in the server; and the updated sensitive information ciphertext is obtained by encrypting the updated sensitive information plaintext by adopting the key.
In some embodiments, the sensitive information ciphertext is obtained by encrypting a sensitive information plaintext according to the secret key and a secret SM4 algorithm;
decrypting the sensitive information ciphertext by using the key to obtain a sensitive information plaintext, comprising:
and decrypting the sensitive information ciphertext by adopting the secret key and the SM4 algorithm to obtain the sensitive information plaintext.
In a third aspect, an embodiment of the present invention further provides a sensitive information acquiring apparatus applied to a script, including:
a first acquisition unit configured to:
after a script is started, first information is obtained at a first position and is used as a secret key;
acquiring second information at a second position, and taking the second information as a sensitive information ciphertext; the first position is a server for running the script, and the second position is the script, or the first position is the script and the second position is the server for running the script;
a first processing unit to:
and decrypting the sensitive information ciphertext by adopting the key to obtain a decryption result, and taking the decryption result as a sensitive information plaintext provided for the script to execute a preset function.
In some embodiments, the sensitive information ciphertext is stored in the server;
the first processing unit is further configured to:
receiving an updated sensitive information ciphertext, and replacing the initial sensitive information ciphertext with the updated sensitive information ciphertext to store in the server; and the updated sensitive information ciphertext is obtained by encrypting the updated sensitive information plaintext by using the key.
In some embodiments, the sensitive information ciphertext is obtained by encrypting a sensitive information plaintext according to the secret key and a secret SM4 algorithm;
the first processing unit is specifically configured to:
and decrypting the sensitive information ciphertext by adopting the secret key and the SM4 cryptographic algorithm to obtain a decryption result.
In a fourth aspect, an embodiment of the present invention further provides a sensitive information obtaining apparatus applied to a script, where the apparatus includes:
a second acquisition unit configured to:
after the script is started, acquiring a first information component at a first position; obtaining a second information component at a second location; the first position is a server for running the script, and the second position is the script, or the first position is the script and the second position is the server for running the script;
a second processing unit to:
using information obtained according to the first information component and the second information component as a secret key;
decrypting the sensitive information ciphertext by adopting the key to obtain a decryption result, and taking the decryption result as a sensitive information plaintext provided for the script to execute a preset function; the sensitive information ciphertext is information obtained from the first location or the second location.
In some embodiments, the sensitive information ciphertext is stored in a preset position of the server;
the second processing unit is further configured to:
receiving an updated sensitive information ciphertext, and replacing the initial sensitive information ciphertext with the updated sensitive information ciphertext to store in the server; and the updated sensitive information ciphertext is obtained by encrypting the updated sensitive information plaintext by using the key.
In some embodiments, the sensitive information ciphertext is obtained by encrypting a sensitive information plaintext according to the secret key and a secret SM4 algorithm;
the second processing unit is specifically configured to:
and decrypting the sensitive information ciphertext by adopting the secret key and the SM4 algorithm to obtain the sensitive information plaintext.
In a fifth aspect, an embodiment of the present invention further provides a computing device, including:
a memory for storing a computer program;
and the processor is used for calling the computer program stored in the memory and executing the sensitive information acquisition method applied to the script in any mode according to the obtained program.
In a sixth aspect, an embodiment of the present invention further provides a computer-readable storage medium, where a computer-executable program is stored, where the computer-executable program is configured to enable a computer to execute the sensitive information acquisition method applied to a script, which is listed in any one of the above manners.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings required to be used in the description of the embodiments will be briefly introduced below, and it is apparent that the drawings in the description below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings may be obtained based on these drawings without creative efforts.
FIG. 1 is a diagram illustrating a system architecture according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a sensitive information obtaining method applied to a script according to an embodiment of the present invention;
fig. 3 is a schematic diagram of an execution flow of a storage key and a sensitive information ciphertext according to an embodiment of the present invention;
fig. 4 is a schematic diagram of an execution flow of a storage key and a sensitive information ciphertext according to an embodiment of the present invention;
fig. 5 is a schematic flowchart of a sensitive information obtaining method applied to a script according to an embodiment of the present invention;
fig. 6 is a schematic diagram of an execution flow of a storage key and a sensitive information ciphertext according to an embodiment of the present invention;
fig. 7 is a schematic diagram of an execution flow of a storage key and a sensitive information ciphertext according to an embodiment of the present invention;
fig. 8 is a schematic diagram illustrating an execution flow after a script is started according to an embodiment of the present invention;
fig. 9 is a schematic flowchart of a process for updating a sensitive information ciphertext according to an embodiment of the present invention;
FIG. 10 is a diagram illustrating a sensitive information obtaining apparatus applied to a script according to an embodiment of the present invention;
fig. 11 is a schematic diagram of a sensitive information acquiring apparatus applied to a script according to an embodiment of the present invention;
fig. 12 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
Detailed Description
To make the objects, embodiments and advantages of the present application clearer, the following description of exemplary embodiments of the present application will clearly and completely describe the exemplary embodiments of the present application with reference to the accompanying drawings in the exemplary embodiments of the present application, and it is to be understood that the described exemplary embodiments are only a part of the embodiments of the present application, and not all of the embodiments.
All other embodiments, which can be derived by a person skilled in the art from the exemplary embodiments described herein without inventive step, are intended to be within the scope of the claims appended hereto. In addition, while the disclosure herein has been presented in terms of one or more exemplary examples, it should be appreciated that aspects of the disclosure may be implemented solely as a complete embodiment.
It should be noted that the brief descriptions of the terms in the present application are only for the convenience of understanding the embodiments described below, and are not intended to limit the embodiments of the present application. These terms should be understood in their ordinary and customary meaning unless otherwise indicated.
The terms "first," "second," "third," and the like in the description and claims of this application and in the above-described drawings are used for distinguishing between similar or analogous objects or entities and are not necessarily intended to limit the order or sequence of any particular one, unless otherwise indicated. It is to be understood that the terms so used are interchangeable under appropriate circumstances such that the embodiments of the application are, for example, capable of operation in sequences other than those illustrated or otherwise described herein.
Furthermore, the terms "comprises" and "comprising," as well as any variations thereof, are intended to cover a non-exclusive inclusion, such that a product or device that comprises a list of elements is not necessarily limited to those elements explicitly listed, but may include other elements not expressly listed or inherent to such product or device.
In order to reduce the risk of sensitive information leakage in the script, the embodiment of the present invention provides the following two ways. In the first mode, a special password management module is adopted to manage the password. Fig. 1 shows a possible system architecture, in which the password management module is divided into a server and a client, the server is installed in a server or a server cluster responsible for managing all passwords, and the client is installed in each server running a script. When the password needs to be updated, all the passwords are updated at the server. When any script needs to execute a preset function, a client of the same server is called first, and a request is sent to a server through the client; after receiving the request of the client, the server identifies the client, and returns the cipher plaintext to the client after the identification is passed; the client sends the password plaintext to the script, so that the script can execute a preset function based on the password plaintext. The script does not store the password and only obtains the password through the client in the password management module when the password is needed, so that the security of the password is ensured.
In the second mode, a secret key, a decryption algorithm and a sensitive information ciphertext are stored in the script; when the script needs to execute the preset function, the sensitive information ciphertext is decrypted by adopting the secret key and the decryption algorithm, and the sensitive information plaintext is obtained after decryption, so that the script can execute the preset function based on the sensitive information plaintext. Therefore, the sensitive information plaintext does not directly appear in the script, so that the safety of the sensitive information is ensured.
There are some disadvantages to the above approach. In the first mode, a password management module needs to be additionally arranged, so that the cost is increased in terms of hardware and software. Secondly, since the password management module manages all the passwords, once the leakage causes higher security risk, the security level requirement on the calling party is very high. The script is low in security level and is easy to tamper, so that great security risks also exist when the script is adopted to call the password management module. Moreover, the password management module is usually only used to manage the password, and does not store other sensitive information, such as an Internet Protocol (IP) address, a port, a user name, and the like of the server, so that the sensitive information is still stored in the script, and there is still a risk of leakage. In the second mode, although the script does not directly contain the sensitive information plaintext, the script contains the sensitive information ciphertext, the key and the decryption algorithm, if the script is acquired by others, the sensitive information ciphertext can be easily decrypted to acquire the sensitive information plaintext, and the sensitive information leakage risk still exists. In addition, in the actual operation and maintenance process, as the sensitive information ciphertext is stored in the script, if the sensitive information needs to be updated, the script needs to be updated for each server, so that the script issuing process needs to be executed again, the involved steps are complex, the consumed time is long, and the maintenance cost of the script is undoubtedly increased.
An embodiment of the present invention provides another sensitive information obtaining method applied to a script, as shown in fig. 2, including:
step 201, after the script is started, first information is obtained at a first position, and the first information is used as a secret key.
Step 202, acquiring second information at a second position, and using the second information as a sensitive information ciphertext; the first location is a server running the script, and the second location is the script, or the first location is the script and the second location is the server running the script.
And 203, decrypting the sensitive information ciphertext by using the key to obtain a decryption result, and using the decryption result as a sensitive information plaintext provided for the script to execute a preset function.
If the script runs on a legal server, which is a server storing the key or the sensitive information ciphertext, the script can acquire the key or the sensitive information ciphertext from the legal server.
If the script is acquired by others and the script is run on an illegal server, the illegal server refers to a server which does not store the secret key and the sensitive information ciphertext, and the script cannot acquire the secret key or the sensitive information ciphertext on the illegal server. The script can be obtained by others in many ways, for example, the script is uploaded to the internet by developers, and the script is downloaded by others on the internet. For example, another person obtained the script by way of stealing, etc.
The following describes the scenario in which the script runs on a legitimate server in detail by way of the first embodiment and the second embodiment.
Example one
And the password administrator generates a secret key, and encrypts the sensitive information plaintext by adopting the secret key to obtain a sensitive information ciphertext. The password manager gives the secret key to the secret key maintenance personnel, and the sensitive information ciphertext is given to the script development personnel. The key maintainer adds the key to any legitimate server, for example to an environment variable or file for that server. And the script developer encodes the sensitive information ciphertext into the script, the script is issued after test acceptance, and the script maintainer deploys the script in the server in which the secret key is stored. Thus, a secret key is stored in the legitimate server; sensitive information ciphertext is stored in a script running in the legal server. Fig. 3 shows a schematic execution flow of the above embodiment.
In the above embodiment, a password administrator, a key maintainer, a script developer and a script maintainer appear, each handling one of four tasks. It will be appreciated that four tasks may also be handled by the same person, or that any two or three tasks may be handled by the same person. Those skilled in the art can freely set them as needed. For the security of the plaintext of sensitive information, the tasks are performed by different persons.
The sensitive information plaintext may include at least one of: the IP address of the server, the login account of the server, the login password of the server, the name of the database, the login account of the database and the login password of the database. The embodiments of the present invention are not limited in this regard. The script obtains the sensitive information plaintext, and the preset function can be executed based on the sensitive information plaintext. For example, the script obtains the login account and the login password of the database to be connected, so that the database can be connected, and various functions such as data screening can be realized. For example, the script acquires a login account and a login password of a server to be logged in, and can log in the server to realize various functions such as query logs. The above are merely examples.
And after the script is started, acquiring the key from the currently running server and acquiring the sensitive information ciphertext from the script. And decrypting the sensitive information ciphertext by adopting the key to obtain a sensitive information plaintext, and executing a preset function based on the sensitive information plaintext.
Because the key and the sensitive information ciphertext are stored in different positions, if the script is acquired by other people, only the information stored in the script can be acquired, and the information stored in the server cannot be acquired. Therefore, the security of the plaintext of the sensitive information is ensured.
In order to improve the security of the plaintext of the sensitive information, generally, the plaintext of the sensitive information is set to be updated at certain time intervals. For example, the login password of the database is updated every three months. If the sensitive information plaintext is updated, the sensitive information ciphertext is also updated accordingly. In the embodiment of the invention, the sensitive information ciphertext is stored in the script, so that when the sensitive information plaintext needs to be updated, the script issuing process needs to be executed again to update the sensitive information ciphertext. Specifically, the password administrator encrypts the updated sensitive information plaintext by using the key to obtain the updated sensitive information ciphertext. And the password manager gives the updated sensitive information ciphertext to the script developer, the script developer encodes the updated sensitive information ciphertext into the script to obtain an updated script, the updated script is issued after test acceptance, and the script maintainer deploys the updated script in the server in which the secret key is stored.
In the embodiment of the invention, the sensitive information ciphertext is stored in the script, so the process of updating the sensitive information ciphertext is very complicated and time-consuming, and the issuing process of the script needs to be executed again.
Example two
And the password administrator generates a secret key, and encrypts the sensitive information plaintext by adopting the secret key to obtain a sensitive information ciphertext. The password manager sends the sensitive information ciphertext to the key maintenance personnel, and sends the key to the script development personnel. The key maintenance personnel add the sensitive information ciphertext to any legal server, such as an environment variable or a file of the server. And the script developer encodes the secret key into the script, the script is issued after test acceptance, and the script maintainer deploys the script in the server in which the sensitive information ciphertext is stored. Thus, the sensitive information ciphertext is stored in the legal server; the script running on the legitimate server stores a key. Fig. 4 shows a schematic flow chart of the implementation of the above embodiment.
The sensitive information may include at least one of: the IP address of the server, the login account of the server, the login password of the server, the name of the database, the login account of the database and the login password of the database. The embodiments of the present invention are not limited in this respect. The script obtains the sensitive information plaintext, and the preset function can be executed based on the sensitive information plaintext. For example, the script acquires the login account and the login password of the database to be connected, so that the database can be connected to realize various functions such as data screening. For example, the script acquires a login account and a login password of a server to be logged in, and can log in the server to realize various functions such as query logs. The above are merely examples.
And after the script is started, acquiring the sensitive information ciphertext from the currently running server, and acquiring the key in the script. And decrypting the sensitive information ciphertext by adopting the key to obtain a sensitive information plaintext, and executing a preset function based on the sensitive information plaintext.
Because the key and the sensitive information ciphertext are stored in different positions, if the script is acquired by other people, only the information stored in the script can be acquired, and the information stored in the server cannot be acquired. Therefore, the safety of the plaintext of the sensitive information is ensured.
In order to improve the security of the plaintext of the sensitive information, the plaintext of the sensitive information is generally set to be updated at certain time intervals. For example, the login password of the database is updated every three months. If the sensitive information plaintext is updated, the sensitive information ciphertext is also updated accordingly. In the embodiment of the invention, the sensitive information ciphertext is stored in the server, so that the value of the storage position of the sensitive information ciphertext of the server is only required to be updated. Specifically, the password administrator encrypts the updated sensitive information plaintext by using the key to obtain the updated sensitive information ciphertext. And (3) the password manager delivers the updated sensitive information ciphertext to the key maintainer, the key maintainer logs in the server and updates the stored values of the environment variables or the files of the server into the updated sensitive information ciphertext, or the key maintainer sends the updated sensitive information ciphertext of each server to each server in batch, and for any server, the server receives the updated sensitive information ciphertext and automatically replaces the initial sensitive information ciphertext with the updated sensitive information ciphertext.
The method simplifies the process of updating the sensitive information ciphertext and improves the speed of updating the sensitive information ciphertext. The updating of the sensitive information ciphertext in the server can be completed only by updating the sensitive information plaintext, encrypting the updated sensitive information plaintext to obtain an updated sensitive information ciphertext and sending the updated sensitive information ciphertext to the server. The script issuing process does not need to be executed again, the process is simpler, and the maintenance cost of the script is reduced.
The following describes in detail the case where the script runs on an illegal server by way of the third and fourth embodiments.
EXAMPLE III
Others acquire the script through an illegal way and run the script on an illegal server. After the script is started, first information is obtained from an illegal server running the script, and the first information is used as a secret key; and acquiring second information in the script, using the second information as a sensitive information ciphertext, and decrypting the sensitive information ciphertext by adopting a key to obtain a decryption result. Since the first information is obtained on the illegal server, the first information is not a key, so that the second information cannot be decrypted to obtain a decryption result, or the decryption result can be obtained but the obtained decryption result is not the sensitive information plaintext, thereby ensuring the security of the sensitive information plaintext.
Of course, there are other possible situations, for example, if the first information cannot be obtained in an illegal server running the script, for example, if the value of the environment variable in the illegal server is null, the subsequent steps cannot be performed.
Example four
Others obtain the script through an illegal way and run the script on an illegal server. After the script is started, first information is obtained from the script and is used as a secret key; and acquiring second information from the illegal server running the script, taking the second information as a sensitive information ciphertext, and decrypting the sensitive information ciphertext by adopting a key to obtain a decryption result. Since the second information is obtained from the illegal server, the second information is not the sensitive information ciphertext, so that the second information cannot be decrypted to obtain the decryption result, or the decryption result can be obtained but the obtained decryption result is not the sensitive information plaintext, so that the security of the sensitive information plaintext is ensured.
Of course, there are other possible situations, for example, if the second information cannot be obtained in an illegal server running the script, for example, if the environment variable does not exist in the illegal server, the subsequent steps cannot be performed.
In some embodiments, when encrypting the plaintext of the sensitive information, the algorithm used may be various, for example, the secret key and the secret SM4 algorithm are used to encrypt the plaintext of the sensitive information. And then, during decryption, decrypting the sensitive information ciphertext by adopting the secret key and the SM4 algorithm to obtain a decryption result.
An embodiment of the present invention further provides another sensitive information obtaining method applied to a script, as shown in fig. 5, including:
step 501, after a script is started, acquiring a first information component at a first position; obtaining a second information component at a second location; the first location is a server running the script, and the second location is the script, or the first location is the script and the second location is the server running the script.
Step 502, using the information obtained according to the first information component and the second information component as a key.
Step 503, decrypting the sensitive information ciphertext by using the key to obtain a decryption result, and using the decryption result as a sensitive information plaintext provided for the script to execute a preset function; the sensitive information ciphertext is information obtained from the first location or the second location.
If the script runs on a legitimate server, the script can obtain the first information component or the second information component on the legitimate server. And the other information component forms a key to decrypt the sensitive information ciphertext.
If the script is acquired by other people and the script is run on an illegal server, the script cannot acquire the first information component or the second information component on the illegal server. And the key cannot be formed with another information component obtained from the script, and the sensitive information ciphertext cannot be decrypted. The script can be obtained by others in many ways, for example, the script is uploaded to the internet by developers and downloaded by others on the internet. For example, another person obtained the script by way of stealing, etc.
The case where the script runs on a legitimate server is explained in detail by the fifth embodiment and the sixth embodiment.
EXAMPLE five
The password administrator generates a first key component SK1 and a second key component SK2, and obtains the key SK after the first key component SK1 and the second key component are subjected to XOR. And the password administrator encrypts the sensitive information plaintext by adopting the key SK to obtain a sensitive information ciphertext CT. The password administrator gives the first key component SK1 to the key maintenance personnel, and gives the second key component SK2 and the sensitive information ciphertext CT to the script developer. The key maintenance person adds the first key component SK1 to any legitimate server, such as to an environment variable or file of that server, e.g., adds an environment variable ENVSK1 of value SK1 on that server. And the script developer encodes the second key component SK2 and the sensitive information ciphertext CT into the script, the script is issued after test acceptance, and the script maintainer deploys the script in the server in which the first key component SK1 is stored. In this way, a first key component SK1 is stored in the legitimate server; the second key component SK2 and the sensitive information ciphertext CT are stored in a script running in the legitimate server. Fig. 6 shows a schematic flow chart of the implementation of the above embodiment.
In the above embodiment, a password administrator, a key maintainer, a script developer, and a script maintainer appear, each handling one of four tasks. It will be appreciated that four tasks may also be handled by the same person, or that any two or three tasks may be handled by the same person. Those skilled in the art can freely set up as needed. For the security of the plaintext of sensitive information, the tasks are performed by different persons.
The sensitive information may include at least one of: the IP address of the server, the login account of the server, the login password of the server, the name of the database, the login account of the database and the login password of the database. The embodiments of the present invention are not limited in this respect. The script obtains the sensitive information plaintext, and then the preset function can be executed based on the sensitive information plaintext. For example, the script acquires the login account and the login password of the database to be connected, so that the database can be connected to realize various functions such as data screening. For example, the script acquires a login account and a login password of a server to be logged in, and can log in the server to realize various functions such as query logs. The above are examples only.
After the script is started, acquiring a first key component SK1 from a currently running server, for example, reading a value SK1 of an environment variable ENVSK 1; the second key component SK2 and the sensitive information ciphertext CT are obtained in the script. And XOR is carried out on SK1 and SK2 to obtain a secret key SK. And decrypting the sensitive information ciphertext CT by adopting the key SK to obtain a sensitive information plaintext, and executing a preset function based on the sensitive information plaintext.
Because the first key component and the second key component are stored in different positions, if the script is acquired by others and runs on an illegal server, the other key component stored on the legal server cannot be acquired, and the key cannot be acquired. Even if the sensitive information ciphertext is obtained through the script, the sensitive information ciphertext cannot be decrypted to obtain the sensitive information plaintext. Therefore, the safety of the plaintext of the sensitive information is ensured.
In order to improve the security of the plaintext of the sensitive information, generally, the plaintext of the sensitive information is set to be updated at certain time intervals. For example, the login password of the database is updated every three months. If the sensitive information plaintext is updated, the sensitive information ciphertext is also updated accordingly. In the embodiment of the invention, the sensitive information ciphertext CT is stored in the script, so that when the sensitive information plaintext is required to be updated, the script issuing process is required to be executed again to update the sensitive information ciphertext. Specifically, the password administrator encrypts the updated sensitive information plaintext by using a key composed of the first key component and the second key component to obtain an updated sensitive information ciphertext. And the password manager gives the updated sensitive information ciphertext to the script developer, the script developer encodes the updated sensitive information ciphertext into the script to obtain an updated script, the updated script is issued after test acceptance, and the script maintainer deploys the updated script in the server in which the second key component is stored.
In the embodiment of the invention, the sensitive information ciphertext is stored in the script, so the process of updating the sensitive information ciphertext is very complicated and time-consuming, and the issuing process of the script needs to be executed again.
EXAMPLE six
The password administrator generates a first key component SK1 and a second key component SK2, and the first key component SK1 and the second key component are subjected to XOR to obtain a key SK. And the password administrator encrypts the sensitive information plaintext by adopting the key SK to obtain a sensitive information ciphertext CT. The password administrator gives the first key component SK1 and the sensitive information ciphertext CT to the key maintenance personnel, and gives the second key component SK2 to the script developer. The key maintenance person adds the first key component SK1 and the sensitive information ciphertext CT to any legitimate server, such as to an environment variable or file of the server, for example, an environment variable ENVSK1 with a value SK1 and an environment variable ENVCT with a value CT are added to the server. And the script developer encodes the second key component SK2 into the script, the script is issued after test acceptance, and the script maintainer deploys the script in the server in which the first key component SK1 and the sensitive information ciphertext CT are stored. Thus, the legal server stores the first key component SK1 and the sensitive information ciphertext CT; a second key component SK2 is stored in a script running in the legitimate server. Fig. 7 shows a schematic flow chart of the implementation of the above embodiment.
The sensitive information may include at least one of: the IP address of the server, the login account of the server, the login password of the server, the name of the database, the login account of the database and the login password of the database. The embodiments of the present invention are not limited in this regard. The script obtains the sensitive information plaintext, and then the preset function can be executed based on the sensitive information plaintext. For example, the script acquires the login account and the login password of the database to be connected, so that the database can be connected to realize various functions such as data screening. For example, the script acquires a login account and a login password of a server to be logged in, and can log in the server to realize various functions such as query logs. The above are merely examples.
After the script is started, acquiring a first key component SK1 and a sensitive information ciphertext CT in a currently running server, for example, reading a value SK1 of an environment variable ENVSK1 and a value of an environment variable ENVCT as CT; the second key component SK2 is retrieved in the script. And obtaining the key SK after XOR of SK1 and SK2. And decrypting the sensitive information ciphertext CT by using the key SK to obtain a sensitive information plaintext, and executing a preset function based on the sensitive information plaintext. FIG. 8 is a flow diagram illustrating execution of a script after it has been launched.
Since the first key component and the second key component are stored in different positions, if the script is acquired by others and runs on an illegal server, another key component stored on the legal server cannot be acquired, and the key cannot be acquired. And because the sensitive information ciphertext CT is also on a legal server, the script cannot obtain the sensitive information ciphertext CT, and the sensitive information plaintext cannot be obtained. Therefore, the security of the plaintext of the sensitive information is ensured.
In order to improve the security of the plaintext of the sensitive information, the plaintext of the sensitive information is generally set to be updated at certain time intervals. For example, the login password of the database is updated every three months. If the sensitive information plaintext is updated, the sensitive information ciphertext is also updated accordingly. In the embodiment of the invention, the sensitive information ciphertext is stored in the server, so that the value of the storage position of the sensitive information ciphertext of the server is only required to be updated. Specifically, the password administrator encrypts the updated sensitive information plaintext by using the key composed of the first key component SK1 and the second key component SK2 to obtain the updated sensitive information ciphertext. And (3) the password manager delivers the updated sensitive information ciphertext to the key maintainer, the key maintainer logs in the server and updates the stored values of the environment variables or the files of the server into the updated sensitive information ciphertext, or the key maintainer sends the updated sensitive information ciphertext of each server to each server in batch, and for any server, the server receives the updated sensitive information ciphertext and automatically replaces the initial sensitive information ciphertext with the updated sensitive information ciphertext. For example, the value of the environment variable ENVCT in the server may be updated to NEWCT. Fig. 9 shows a flow chart of updating sensitive information ciphertext.
The method simplifies the process of updating the sensitive information ciphertext and improves the speed of updating the sensitive information ciphertext. The sensitive information plaintext is only required to be updated, the updated sensitive information plaintext is encrypted to obtain an updated sensitive information ciphertext, and the updated sensitive information ciphertext is sent to the server, so that the sensitive information ciphertext can be updated in the server. The script issuing process does not need to be executed again, the process is simpler, and the maintenance cost of the script is reduced.
The following describes in detail the case where the script runs on an illegal server by using the seventh embodiment and the eighth embodiment.
EXAMPLE seven
Others obtain the script through an illegal way and run the script on an illegal server. After the script is started, acquiring a first information component from an illegal server running the script, and taking the first information component as a first key component; acquiring a second information component and a sensitive information ciphertext from the script, and taking the second information component as a second key component; and using the information composed of the first information component and the second information component as a key, and decrypting the sensitive information ciphertext by using the key. Since the first information component is obtained on an illegitimate server, the first information component is not the first key component, and therefore the composed key cannot decrypt the sensitive information ciphertext. I.e. no clear text of sensitive information is available. Therefore, the safety of the sensitive information plaintext is ensured.
Of course, there are other possible situations, for example, if the first information component cannot be obtained in an illegal server running the script, for example, if the environment variable ENVSK1 does not exist in the illegal server, the subsequent steps cannot be performed.
Example eight
Others obtain the script through an illegal way and run the script on an illegal server. After the script is started, acquiring a first information component and a sensitive information ciphertext from an illegal server running the script, and taking the first information component as a first key component; acquiring a second information component in the script, and taking the second information component as a second key component; and using the information composed of the first information component and the second information component as a key, and decrypting the sensitive information ciphertext by using the key. Since the first information component and the sensitive information ciphertext are obtained from the illegal server, the first information component is not the first key component, and the sensitive information ciphertext is not the real sensitive information ciphertext, so that the composed key cannot decrypt the sensitive information ciphertext. I.e. no clear text of sensitive information is available. Therefore, the safety of the plaintext of the sensitive information is ensured.
Of course, there are other possible situations, for example, if the first information component and the sensitive information ciphertext cannot be obtained in an illegal server running the script, for example, if the environment variable ENVSK1 and the environment variable ENVCT do not exist in the illegal server, the subsequent steps cannot be performed.
Based on the same technical concept, fig. 10 exemplarily shows a structure of a sensitive information acquiring apparatus applied to a script, which can execute a flow of sensitive information acquisition applied to the script according to an embodiment of the present invention.
As shown in fig. 10, the apparatus specifically includes:
a first obtaining unit 1001 configured to:
after a script is started, first information is obtained at a first position and is used as a secret key;
acquiring second information at a second position, and taking the second information as a sensitive information ciphertext; the first position is a server for running the script, and the second position is the script, or the first position is the script and the second position is the server for running the script;
a first processing unit 1002 for:
and decrypting the sensitive information ciphertext by adopting the key to obtain a decryption result, and taking the decryption result as a sensitive information plaintext provided for the script to execute a preset function.
In some embodiments, the sensitive information ciphertext is stored in the server;
the first processing unit 1002 is further configured to:
receiving an updated sensitive information ciphertext, and replacing the initial sensitive information ciphertext with the updated sensitive information ciphertext to store in the server; and the updated sensitive information ciphertext is obtained by encrypting the updated sensitive information plaintext by adopting the key.
In some embodiments, the sensitive information ciphertext is obtained by encrypting a sensitive information plaintext according to the secret key and a secret SM4 algorithm;
the first processing unit 1002 is specifically configured to:
and decrypting the sensitive information ciphertext by adopting the secret key and the SM4 cryptographic algorithm to obtain a decryption result.
Based on the same technical concept, fig. 11 exemplarily shows a structure of a sensitive information acquiring apparatus applied to a script, which can execute a flow of sensitive information acquisition applied to the script according to an embodiment of the present invention.
As shown in fig. 11, the apparatus specifically includes:
a second obtaining unit 1101, configured to:
after the script is started, acquiring a first information component at a first position; obtaining a second information component at a second location; the first position is a server for running the script, and the second position is the script, or the first position is the script and the second position is the server for running the script;
a second processing unit 1102 configured to:
using information obtained according to the first information component and the second information component as a secret key;
decrypting the sensitive information ciphertext by adopting the key to obtain a decryption result, and taking the decryption result as a sensitive information plaintext provided for the script to execute a preset function; the sensitive information ciphertext is information obtained from the first location or the second location.
In some embodiments, the sensitive information ciphertext is stored in a preset position of the server;
the second processing unit 1102 is further configured to:
receiving an updated sensitive information ciphertext, and replacing the initial sensitive information ciphertext with the updated sensitive information ciphertext to store in the server; and the updated sensitive information ciphertext is obtained by encrypting the updated sensitive information plaintext by adopting the key.
In some embodiments, the sensitive information ciphertext is obtained by encrypting a sensitive information plaintext according to the secret key and a secret SM4 algorithm;
the second processing unit 1102 is specifically configured to:
and decrypting the sensitive information ciphertext by adopting the secret key and the SM4 algorithm to obtain the sensitive information plaintext.
Based on the same technical concept, the embodiment of the present application provides a computer device, as shown in fig. 12, including at least one processor 1201 and a memory 1202 connected to the at least one processor, where a specific connection medium between the processor 1201 and the memory 1202 is not limited in the embodiment of the present application, and the processor 1201 and the memory 1202 in fig. 12 are connected through a bus as an example. The bus may be divided into an address bus, a data bus, a control bus, etc.
In this embodiment, the memory 1202 stores instructions executable by the at least one processor 1201, and the at least one processor 1201 may execute the steps of the sensitive information acquisition method applied to the script by executing the instructions stored in the memory 1202.
The processor 1201 is a control center of the computer device, and may connect various parts of the computer device by using various interfaces and lines, and perform sensitive information acquisition applied to the script by executing or executing instructions stored in the memory 1202 and calling data stored in the memory 1202. In some embodiments, the processor 1201 may include one or more processing units, and the processor 1201 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, and the like, and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 1201. In some embodiments, the processor 1201 and the memory 1202 may be implemented on the same chip, or in some embodiments, they may be implemented separately on separate chips.
The processor 1201 may be a general-purpose processor, such as a Central Processing Unit (CPU), a digital signal processor, an Application Specific Integrated Circuit (ASIC), a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or the like, that implements or performs the methods, steps, and logic blocks disclosed in embodiments of the present Application. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or implemented by a combination of hardware and software modules in a processor.
Based on the same technical concept, embodiments of the present invention further provide a computer-readable storage medium, where a computer-executable program is stored, and the computer-executable program is used to enable a computer to perform the method for sensitive information acquisition applied to a script listed in any of the above manners.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.
Claims (10)
1. A sensitive information acquisition method applied to scripts is characterized by comprising the following steps:
after a script is started, first information is obtained at a first position and is used as a secret key;
acquiring second information at a second position, and taking the second information as a sensitive information ciphertext; the first position is a server for running the script, and the second position is the script, or the first position is the script and the second position is the server for running the script;
and decrypting the sensitive information ciphertext by adopting the key to obtain a decryption result, and taking the decryption result as a sensitive information plaintext provided for the script to execute a preset function.
2. The method of claim 1, wherein the sensitive information ciphertext is stored in the server;
the method further comprises the following steps:
receiving an updated sensitive information ciphertext, and replacing the initial sensitive information ciphertext with the updated sensitive information ciphertext to store in the server; and the updated sensitive information ciphertext is obtained by encrypting the updated sensitive information plaintext by using the key.
3. The method of claim 1, wherein the sensitive information ciphertext is obtained by encrypting a sensitive information plaintext according to the secret key and a secret SM4 algorithm;
decrypting the sensitive information ciphertext by using the key to obtain a decryption result, wherein the decryption result comprises:
and decrypting the sensitive information ciphertext by adopting the secret key and the SM4 cryptographic algorithm to obtain a decryption result.
4. A sensitive information acquisition method applied to scripts is characterized by comprising the following steps:
after the script is started, acquiring a first information component at a first position; obtaining a second information component at a second location; the first position is a server for running the script, and the second position is the script, or the first position is the script and the second position is the server for running the script;
using information obtained according to the first information component and the second information component as a secret key;
decrypting the sensitive information ciphertext by adopting the key to obtain a decryption result, and taking the decryption result as a sensitive information plaintext provided for the script to execute a preset function; the sensitive information ciphertext is information obtained from the first location or the second location.
5. The method of claim 4, wherein the sensitive information ciphertext is stored in a predetermined location of the server;
the method further comprises the following steps:
receiving an updated sensitive information ciphertext, and replacing the initial sensitive information ciphertext with the updated sensitive information ciphertext to store in the server; and the updated sensitive information ciphertext is obtained by encrypting the updated sensitive information plaintext by adopting the key.
6. The method of claim 4, wherein the sensitive information ciphertext is obtained by encrypting a sensitive information plaintext according to the secret key and a SM4 algorithm;
decrypting the sensitive information ciphertext by adopting the key to obtain a sensitive information plaintext, wherein the decrypting comprises the following steps:
and decrypting the sensitive information ciphertext by adopting the secret key and the SM4 algorithm to obtain the sensitive information plaintext.
7. A sensitive information acquiring apparatus applied to a script, comprising:
a first acquisition unit configured to:
after a script is started, first information is obtained at a first position and is used as a secret key;
acquiring second information at a second position, and taking the second information as a sensitive information ciphertext; the first position is a server for running the script, and the second position is the script, or the first position is the script and the second position is the server for running the script;
a first processing unit to:
and decrypting the sensitive information ciphertext by adopting the key to obtain a decryption result, and taking the decryption result as a sensitive information plaintext provided for the script to execute a preset function.
8. A sensitive information acquisition apparatus applied to a script, comprising:
a second acquisition unit configured to:
after the script is started, acquiring a first information component at a first position; obtaining a second information component at a second location; the first position is a server for running the script, and the second position is the script, or the first position is the script and the second position is the server for running the script;
a second processing unit to:
using information obtained according to the first information component and the second information component as a secret key;
decrypting the sensitive information ciphertext by adopting the key to obtain a decryption result, and taking the decryption result as a sensitive information plaintext provided for the script to execute a preset function; the sensitive information ciphertext is information obtained from the first location or the second location.
9. A computing device, comprising:
a memory for storing a computer program;
a processor for calling a computer program stored in said memory, for executing the method of any one of claims 1 to 6 in accordance with the obtained program.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer-executable program for causing a computer to execute the method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211005956.1A CN115442090A (en) | 2022-08-22 | 2022-08-22 | Sensitive information acquisition method and device applied to script |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211005956.1A CN115442090A (en) | 2022-08-22 | 2022-08-22 | Sensitive information acquisition method and device applied to script |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115442090A true CN115442090A (en) | 2022-12-06 |
Family
ID=84244017
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211005956.1A Pending CN115442090A (en) | 2022-08-22 | 2022-08-22 | Sensitive information acquisition method and device applied to script |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115442090A (en) |
-
2022
- 2022-08-22 CN CN202211005956.1A patent/CN115442090A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110036613B (en) | System and method for providing identity authentication for decentralized applications | |
| CN109067528B (en) | Password operation method, work key creation method, password service platform and equipment | |
| JP4668619B2 (en) | Device key | |
| AU2012337403B2 (en) | Cryptographic system and methodology for securing software cryptography | |
| US20210209221A1 (en) | System for securing software containers with encryption and embedded agent | |
| US8495383B2 (en) | Method for the secure storing of program state data in an electronic device | |
| US11025415B2 (en) | Cryptographic operation method, method for creating working key, cryptographic service platform, and cryptographic service device | |
| CA2538087A1 (en) | System and method for remote device registration | |
| CN105408912A (en) | Process authentication and resource permissions | |
| US20170099144A1 (en) | Embedded encryption platform comprising an algorithmically flexible multiple parameter encryption system | |
| CN110891062A (en) | Password changing method, server and storage medium | |
| CN111628863B (en) | Data signature method and device, electronic equipment and storage medium | |
| GB2574458A (en) | Methods and Systems For Secure Data Transmission | |
| US20210248245A1 (en) | Calculation device, calculation method, calculation program and calculation system | |
| CN114448648B (en) | Sensitive credential management method and system based on RPA | |
| CN111008400A (en) | Data processing method, device and system | |
| EP2689367B1 (en) | Data protection using distributed security key | |
| CN116881936A (en) | Trusted computing method and related equipment | |
| CN116050537A (en) | Federal learning method and device, readable storage medium and electronic equipment | |
| CN115442090A (en) | Sensitive information acquisition method and device applied to script | |
| CN111542050B (en) | TEE-based method for guaranteeing remote initialization safety of virtual SIM card | |
| JP2003518283A (en) | Hardware token self-registration process | |
| US20230058046A1 (en) | Apparatus and Method for Protecting Shared Objects | |
| CN107682147B (en) | Security management method and system for smart card chip operating system file | |
| CN115361168B (en) | Data encryption method, device, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |