CN116186740A - Data encryption method, device, equipment and storage medium - Google Patents

Data encryption method, device, equipment and storage medium Download PDF

Info

Publication number
CN116186740A
CN116186740A CN202310237070.8A CN202310237070A CN116186740A CN 116186740 A CN116186740 A CN 116186740A CN 202310237070 A CN202310237070 A CN 202310237070A CN 116186740 A CN116186740 A CN 116186740A
Authority
CN
China
Prior art keywords
encrypted
target
information
key
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310237070.8A
Other languages
Chinese (zh)
Inventor
周云
刘兵
贺志强
黄志洪
黄峻华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kingdee Software China Co Ltd
Original Assignee
Kingdee Software China Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kingdee Software China Co Ltd filed Critical Kingdee Software China Co Ltd
Priority to CN202310237070.8A priority Critical patent/CN116186740A/en
Publication of CN116186740A publication Critical patent/CN116186740A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a data encryption method, a device, equipment and a storage medium, which relate to the technical field of data security and are used for solving the defects of large workload and difficult maintenance at present and comprise the following steps: acquiring a service field to be encrypted, and determining target key information based on the service field to be encrypted and a preset key selection method; acquiring target fields from all the service fields to be encrypted in a preset information acquisition mode; encrypting the target field by using the target key information to obtain encrypted information. According to the method and the device, the corresponding target key information is matched for the service field to be encrypted, the target field is encrypted by utilizing the target key information, and different keys are set for different service fields to be encrypted, so that the data security is improved, the dynamic data encryption requirement of enterprises is met, the development complexity is reduced, and the quick encryption is realized.

Description

Data encryption method, device, equipment and storage medium
Technical Field
The present invention relates to the field of data security technologies, and in particular, to a data encryption method, device, apparatus, and storage medium.
Background
An enterprise application system, due to the complexity of ERP (Enterprise Resource Planning ) business, can have a variety of field data, such as text, numbers, etc., and due to the security level requirements, needs to be able to encrypt and store certain data; from the prior art implementation scheme, the following steps are generally required, firstly, a developer is required to determine an encryption algorithm for subsequent encryption, the fields in the service table are designed to be encrypted field storage, then in the code implementation, the data transmitted from the field is required to be encrypted, and meanwhile, when the data is read, the field is required to be decrypted. However, the above scheme needs to design the encryption field before the product is on line, and the code and the encryption algorithm need to be designed at the beginning, but often the encryption requirement of the enterprise is a requirement derived in the growth process of the enterprise, at this time, the conventional scheme becomes quite complex, and huge workload is brought to the developer, and meanwhile, as the requirement of the encryption field increases, the subsequent maintenance becomes more difficult.
Disclosure of Invention
Accordingly, the present invention aims to provide a data encryption method, device, equipment and storage medium, which can improve the security of data, meet the dynamic data encryption requirement of enterprises, reduce the development complexity and realize the quick encryption. The specific scheme is as follows:
in a first aspect, the present application discloses a data encryption method, including:
acquiring a service field to be encrypted, and determining target key information based on the service field to be encrypted and a preset key selection method;
acquiring target fields from all the service fields to be encrypted in a preset information acquisition mode;
encrypting the target field by using the target key information to obtain encrypted information.
Optionally, after determining the target key information based on the service field to be encrypted and the preset key selection method, the method further includes:
determining a mapping scheme corresponding to the service field to be encrypted;
and adding the service field to be encrypted into a corresponding original association table based on the mapping scheme, and generating corresponding log information.
Optionally, after encrypting the target field with the target key information to obtain encrypted information, the method further includes:
and filling the encrypted information into an encrypted information area corresponding to the service field to be encrypted in the original association table to obtain an encryption table.
Optionally, after encrypting the target field with the target key information to obtain encrypted information, the method further includes:
when a data query request is received, judging whether the corresponding mapping scheme exists or not based on the data query request;
if the corresponding mapping scheme does not exist, acquiring target query information from the original association table based on the data query request;
if the corresponding mapping scheme exists, acquiring the target query information from the encryption table based on the data query request;
and decrypting the target query information based on a preset information decryption mode to obtain decrypted information.
Optionally, the determining the target key information based on the service field to be encrypted and a preset key selection method includes:
and determining a data key for encrypting the service field to be encrypted, a root key for encrypting the data key and a target encryption algorithm determined from an encryption algorithm set from a preset management area based on the service field to be encrypted and a preset key selection method.
Optionally, encrypting the target field with the target key information to obtain encrypted information includes:
encrypting the target field with the data key to obtain an encrypted field;
encrypting the data key by using the root key to obtain an encrypted key;
and determining the encrypted field and the encrypted key as the encrypted information.
Optionally, before determining the target key information based on the service field to be encrypted and the preset key selection method, the method further includes:
refreshing the root key periodically to obtain target root key information;
dividing the target root key information into first target root key information and second target root key information;
dividing the data key into a first data key and a second data key;
storing the first target root key information and the first data key to a server, and storing the second target root key information and the second data key to a database;
and acquiring a preset standard encryption algorithm and a custom encryption and decryption algorithm received through a two-way interface to obtain the encryption algorithm set, and storing the encryption algorithm set, the data key and the target root key information into the preset management area.
In a second aspect, the present application discloses a data encryption apparatus comprising:
the field acquisition module is used for acquiring the service field to be encrypted;
the key information determining module is used for determining target key information based on the service field to be encrypted and a preset key selection method;
the field acquisition module is used for acquiring target fields from all the service fields to be encrypted in a preset information acquisition mode;
and the information encryption module is used for encrypting the target field by utilizing the target key information so as to obtain encrypted information.
In a third aspect, the present application discloses an electronic device comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the steps of the data encryption method as disclosed above.
In a fourth aspect, the present application discloses a computer-readable storage medium for storing a computer program; wherein the computer program, when executed by a processor, implements a data encryption method as previously disclosed.
In a fifth aspect, the present application discloses a computer program product comprising a computer program, wherein the computer program, when executed by a processor, implements a data encryption method as previously disclosed.
It can be seen that the present application provides a data encryption method, including: acquiring a service field to be encrypted, and determining target key information based on the service field to be encrypted and a preset key selection method; acquiring target fields from all the service fields to be encrypted in a preset information acquisition mode; encrypting the target field by using the target key information to obtain encrypted information. Therefore, the method and the device improve the security of data by matching the corresponding target key information for the service field to be encrypted and encrypting the target field by utilizing the target key information and setting different keys for different service fields to be encrypted, meet the dynamic data encryption requirement of enterprises, reduce the development complexity and realize quick encryption.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a data encryption method disclosed in the present application;
FIG. 2 is a flowchart of a specific data encryption method disclosed in the present application;
FIG. 3 is a schematic diagram of a data encryption method disclosed in the present application;
fig. 4 is a schematic structural diagram of a data encryption device provided in the present application;
fig. 5 is a block diagram of an electronic device provided in the present application.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
At present, a developer is required to determine an encryption algorithm for subsequent encryption, design a field in a service table into an encrypted field for storage, and then in code implementation, the data transmitted from the field is required to be encrypted, and meanwhile, the field is required to be decrypted when the data is read. However, the above scheme needs to design the encryption field before the product is on line, and the code and the encryption algorithm need to be designed at the beginning, but often the encryption requirement of the enterprise is a requirement derived in the growth process of the enterprise, at this time, the conventional scheme becomes quite complex, and huge workload is brought to the developer, and meanwhile, as the requirement of the encryption field increases, the subsequent maintenance becomes more difficult. Therefore, the data encryption method can improve the safety of data, meet the dynamic data encryption requirement of enterprises, reduce development complexity and realize quick encryption.
The embodiment of the invention discloses a data encryption method, which is shown in fig. 1, and comprises the following steps:
step S11: and acquiring a service field to be encrypted, and determining target key information based on the service field to be encrypted and a preset key selection method.
In this embodiment, a service field to be encrypted is obtained, and target key information is determined based on the service field to be encrypted and a preset key selection method. Specifically, a data key for encrypting the service field to be encrypted, a root key for encrypting the data key and a target encryption algorithm determined from an encryption algorithm set are determined from a preset management area based on the service field to be encrypted and a preset key selection method. After the target key information is determined, determining a mapping scheme corresponding to the service field to be encrypted; and adding the service field to be encrypted into a corresponding original association table based on the mapping scheme, and generating corresponding log information. It should be noted that, the mapping scheme corresponding to the service field to be encrypted is a mapping relationship between the service field to be encrypted and the key used.
At present, a traditional data field encryption realization mode is adopted, encryption requirements of users are obtained, an encryption algorithm is designed based on the encryption requirements, encryption fields are designed, service codes are adjusted to realize encryption logic, and the service codes are adjusted to realize decryption logic. The conventional scheme becomes quite complex, brings great workload to the developer, and makes subsequent maintenance more difficult as the need for encryption fields increases. Different from the traditional mode, the scheme is realized through codes at one time, and data encryption can be realized rapidly through an encryption configuration device.
Step S12: and acquiring target fields from all the service fields to be encrypted in a preset information acquisition mode.
In this embodiment, after determining the target key information based on the service field to be encrypted and the preset key selection method, the target field is obtained from all the service fields to be encrypted in a preset information obtaining manner. It can be understood that the security of the data is improved by setting different keys for different data by the key management device, that is, when the encryption of the historical data is started, the encryption field mapped with the historical data can be automatically created by starting the encryption device to configure the relevant field, so that the encryption conversion of the historical data is completed. The number of the service fields to be encrypted may be plural, so that the target fields are sequentially determined for encryption operation by a preset information acquisition mode during encryption.
Step S13: encrypting the target field by using the target key information to obtain encrypted information.
In this embodiment, after a target field is obtained from all the service fields to be encrypted by a preset information obtaining manner, the target field is encrypted by using the target key information, so as to obtain encrypted information. Specifically, encrypting the target field by using the data key to obtain an encrypted field; encrypting the data key by using the root key to obtain an encrypted key; and determining the encrypted field and the encrypted key as the encrypted information. And after the encrypted information is obtained, filling the encrypted information into an encrypted information area corresponding to the service field to be encrypted in the original association table to obtain an encryption table. It can be understood that after the target key information is determined, the corresponding mapping scheme is obtained and stored based on the target key information, and the encryption field association table is dynamically generated, and at this time, the encryption field association table is dynamically generated as an empty table with a preset table structure, so that after the final encryption is completed, the encrypted information needs to be filled in the corresponding position in the empty table, that is, the corresponding encrypted information is filled in the empty table, and a complete encryption table is obtained.
It can be seen that the present application provides a data encryption method, including: acquiring a service field to be encrypted, and determining target key information based on the service field to be encrypted and a preset key selection method; acquiring target fields from all the service fields to be encrypted in a preset information acquisition mode; encrypting the target field by using the target key information to obtain encrypted information. Therefore, the method and the device improve the security of data by matching the corresponding target key information for the service field to be encrypted and encrypting the target field by utilizing the target key information and setting different keys for different service fields to be encrypted, meet the dynamic data encryption requirement of enterprises, reduce the development complexity and realize quick encryption.
Referring to fig. 2, an embodiment of the present invention discloses a data encryption method, and compared with the previous embodiment, the present embodiment further describes and optimizes a technical scheme.
Step S21: and acquiring a service field to be encrypted, and determining target key information based on the service field to be encrypted and a preset key selection method.
In this embodiment, a service field to be encrypted is obtained, and target key information is determined based on the service field to be encrypted and a preset key selection method. Before acquiring a service field to be encrypted, periodically refreshing the root key to obtain target root key information; dividing the target root key information into first target root key information and second target root key information; dividing the data key into a first data key and a second data key; storing the first target root key information and the first data key to a server, and storing the second target root key information and the second data key to a database; and acquiring a preset standard encryption algorithm and a custom encryption and decryption algorithm received through a two-way interface to obtain the encryption algorithm set, and storing the encryption algorithm set, the data key and the target root key information into the preset management area. The preset key selection method is to select corresponding key information (including a root key and a data key) and an encryption method according to different user definitions of the fields, and determine the relationship between the key information and the encryption method and the service field to be encrypted as a mapping scheme of the service field to be encrypted. It can be understood that the security of the key can be improved by regularly refreshing the root key and storing the key information in a segmented manner, and the security of the data can be improved by adopting the two key information of the data key and the root key to carry out secondary upgrade encryption processing.
It can be understood that, as shown in fig. 3, key information required when data encryption is set in the key management device, specifically including a root key and a data key; the root key is refreshed periodically, thereby improving the security of the data key. The key management device provides standard algorithm selection (such as AES256, etc.), and simultaneously combines the segmented storage key device to store partial key information in the server and the database respectively, and simultaneously provides a two-way interface, so that a developer can realize customized encryption and decryption algorithms.
For example, a user selects a data field in the ERP entity through an interface and selects a corresponding key, so that encryption operation can be started, the encryption process can automatically upgrade historical data, and the data encryption process is performed by utilizing data key information in a key device and a corresponding encryption algorithm; and carrying out secondary upgrading encryption processing on the externally imported data through an upgrading encryption device.
Step S22: and acquiring target fields from all the service fields to be encrypted in a preset information acquisition mode.
In this embodiment, a service field to be encrypted (i.e., a data field) is obtained, and after target key information is determined based on the service field to be encrypted and a preset key selection method, the target field is obtained from all the service fields to be encrypted in a preset information obtaining manner. It may be understood that, as shown in fig. 3, before the target field is obtained from all the service fields to be encrypted by the preset information obtaining manner, that is, after the target key information is determined, the corresponding mapping scheme is obtained and stored based on the target key information, the encryption field association table is dynamically generated, and at this time, the encryption field association table is dynamically generated as an empty table with a preset table structure, and then the original table data is obtained from the original table in batches, so as to obtain the target field. It can be understood that the original table stores unencrypted data, namely all the service fields to be encrypted, and the batch acquisition of the original table data is to acquire target fields from all the service fields to be encrypted, so as to obtain the original table data of different batches for encryption; and the encryption field association table stores ciphertext information obtained by encrypting the target field by using the secret key.
Step S23: encrypting the target field by using the target key information to obtain encrypted information.
In this embodiment, after a target field is obtained from all the service fields to be encrypted by a preset information obtaining manner, the target field is encrypted by using the target key information, so as to obtain encrypted information. It can be understood that the encrypted information is ciphertext information, the ciphertext information is filled into a corresponding area in the encryption field association table, and a corresponding target field in the emptying original table is deleted. In addition, corresponding relevant logs are generated in the process of encrypting the fields, and the relevant logs contain information such as decryption results, encryption progress and the like.
Step S24: when a data query request is received, judging whether the corresponding mapping scheme exists or not based on the data query request.
Step S25: and determining a target table for acquiring the target query information based on the judging result.
In this embodiment, when a data query request is received, after whether a corresponding mapping scheme exists is determined based on the data query request, a target table for acquiring the target query information is determined based on a determination result. Specifically, if the corresponding mapping scheme does not exist, acquiring target query information from the original association table based on the data query request; if the mapping scheme exists, acquiring the target query information from the encryption table based on the data query request,
step S26: and decrypting the target query information based on a preset information decryption mode to obtain decrypted information.
In this embodiment, after determining to obtain the target table of the target query information based on the determination result, the target query information is decrypted based on a preset information decryption manner, so as to obtain decrypted information. It will be appreciated that the information is encrypted and decrypted by the ORM engine encryption and decryption device as described above with reference to fig. 3. Specifically, when the data is updated, triggering the ORM engine to judge whether the updated data has encryption mapping, if the updated data does not have the encryption mapping, directly storing the updated data in an original table, if the updated data has the encryption mapping, dynamically constructing an encryption SQL sentence, encrypting the updated data, and storing the encrypted updated data in an encryption table. When inquiring data, firstly judging whether the data has encryption mapping, if so, acquiring corresponding encrypted data from the encryption table, executing decryption operation on the encrypted data, and returning the decrypted data; if the encryption mapping does not exist, the corresponding data is directly obtained from the original table and returned. It should be noted that the ORM engine encryption and decryption means provides decryption and encryption interfaces for invocation in the Orm framework and automatic encryption and decryption of data. The ORM device can automatically decrypt the encrypted data and display the decrypted information to the client with authority to view; meanwhile, when the data is not required to be encrypted, the data restoration device can automatically restore the data by one key, thereby meeting the dynamic data encryption requirement of enterprises, reducing the development complexity and realizing quick encryption and decryption.
For the specific content of the above step S24, reference may be made to the corresponding content disclosed in the foregoing embodiment, and no detailed description is given here.
As can be seen, in the embodiment of the present application, the target key information is determined by acquiring the service field to be encrypted, and based on the service field to be encrypted and a preset key selection method; acquiring target fields from all the service fields to be encrypted in a preset information acquisition mode; encrypting the target field by using the target key information to obtain encrypted information; when a data query request is received, judging whether the corresponding mapping scheme exists or not based on the data query request; determining a target table for acquiring the target query information based on the judgment result; and decrypting the target query information based on a preset information decryption mode to obtain decrypted information, so that the safety of data is improved, the dynamic data encryption requirement of enterprises is met, the development complexity is reduced, and quick encryption and decryption are realized.
Referring to fig. 4, the embodiment of the application further correspondingly discloses a data encryption device, which includes:
a field acquisition module 11, configured to acquire a service field to be encrypted;
a key information determining module 12, configured to determine target key information based on the service field to be encrypted and a preset key selection method;
the field acquisition module 13 is configured to acquire a target field from all the service fields to be encrypted in a preset information acquisition manner;
an information encrypting module 14 for encrypting the target field with the target key information to obtain encrypted information.
As can be seen, the present application includes: acquiring a service field to be encrypted, and determining target key information based on the service field to be encrypted and a preset key selection method; acquiring target fields from all the service fields to be encrypted in a preset information acquisition mode; encrypting the target field by using the target key information to obtain encrypted information. Therefore, the method and the device improve the security of data by matching the corresponding target key information for the service field to be encrypted and encrypting the target field by utilizing the target key information and setting different keys for different service fields to be encrypted, meet the dynamic data encryption requirement of enterprises, reduce the development complexity and realize quick encryption.
In some specific embodiments, the field obtaining module 11 specifically includes:
the field acquisition unit is used for acquiring the service field to be encrypted.
In some specific embodiments, the key information determining module 12 specifically includes:
a root key refreshing unit, configured to periodically refresh the root key to obtain target root key information;
a target root key information dividing unit configured to divide the target root key information into first target root key information and second target root key information;
a data key dividing unit for dividing the data key into a first data key and a second data key;
a first storage unit configured to store the first target root key information and the first data key to a server, and store the second target root key information and the second data key to a database;
the encryption algorithm set acquisition unit is used for acquiring a preset standard encryption algorithm and a custom encryption and decryption algorithm received through a two-port interface so as to obtain the encryption algorithm set;
the second storage unit is used for storing the encryption algorithm set, the data key and the target root key information into the preset management area;
a key information determining unit configured to determine, from a preset management area, a data key for encrypting the service field to be encrypted, a root key for encrypting the data key, and a target encryption algorithm determined from an encryption algorithm set, based on the service field to be encrypted and a preset key selection method;
a mapping scheme determining unit, configured to determine a mapping scheme corresponding to the service field to be encrypted;
an information adding unit, configured to add the service field to be encrypted to a corresponding original association table based on the mapping scheme;
and the log generating unit is used for generating corresponding log information.
In some specific embodiments, the field obtaining module 13 specifically includes:
and the target field acquisition unit is used for acquiring target fields from all the service fields to be encrypted in a preset information acquisition mode.
In some embodiments, the information encryption module 14 specifically includes:
a target field encrypting unit, configured to encrypt the target field with the data key to obtain an encrypted field;
a data key encryption unit for encrypting the data key by using the root key to obtain an encrypted key;
an encrypted information determining unit configured to determine the encrypted field and the encrypted key as the encrypted information;
the encryption table acquisition unit is used for filling the encrypted information into an encryption information area corresponding to the service field to be encrypted in the original association table so as to obtain an encryption table;
a mapping scheme judging unit, configured to judge whether a corresponding mapping scheme exists based on a data query request when the data query request is received;
the first target query information acquisition unit is used for acquiring target query information from the original association table based on the data query request if the corresponding mapping scheme does not exist;
the second target query information acquisition unit is used for acquiring the target query information from the encryption table based on the data query request if the corresponding mapping scheme exists;
and the decryption unit is used for decrypting the target inquiry information based on a preset information decryption mode so as to obtain decrypted information.
Further, the embodiment of the application also provides electronic equipment. Fig. 5 is a block diagram of an electronic device 20, according to an exemplary embodiment, and the contents of the diagram should not be construed as limiting the scope of use of the present application in any way.
Fig. 5 is a schematic structural diagram of an electronic device 20 according to an embodiment of the present application. The electronic device 20 may specifically include: at least one processor 21, at least one memory 22, a power supply 23, a communication interface 24, an input output interface 25, and a communication bus 26. Wherein the memory 22 is configured to store a computer program that is loaded and executed by the processor 21 to implement the relevant steps of the data encryption method disclosed in any of the foregoing embodiments. In addition, the electronic device 20 in the present embodiment may be specifically an electronic computer.
In this embodiment, the power supply 23 is configured to provide an operating voltage for each hardware device on the electronic device 20; the communication interface 24 can create a data transmission channel between the electronic device 20 and an external device, and the communication protocol to be followed is any communication protocol applicable to the technical solution of the present application, which is not specifically limited herein; the input/output interface 25 is used for acquiring external input data or outputting external output data, and the specific interface type thereof may be selected according to the specific application requirement, which is not limited herein.
The memory 22 may be a carrier for storing resources, such as a read-only memory, a random access memory, a magnetic disk, or an optical disk, and the resources stored thereon may include an operating system 221, a computer program 222, and the like, and the storage may be temporary storage or permanent storage.
The operating system 221 is used for managing and controlling various hardware devices on the electronic device 20 and computer programs 222, which may be Windows Server, netware, unix, linux, etc. The computer program 222 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the data encryption method performed by the electronic device 20 disclosed in any of the previous embodiments.
Further, the embodiment of the application also discloses a storage medium, wherein the storage medium stores a computer program, and when the computer program is loaded and executed by a processor, the steps of the data encryption method disclosed in any one of the previous embodiments are realized.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, so that the same or similar parts between the embodiments are referred to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing has described in detail a data encryption method, apparatus, device and storage medium provided by the present invention, and specific examples have been applied herein to illustrate the principles and embodiments of the present invention, and the above examples are only for aiding in the understanding of the method and core idea of the present invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.

Claims (10)

1. A data encryption method, comprising:
acquiring a service field to be encrypted, and determining target key information based on the service field to be encrypted and a preset key selection method;
acquiring target fields from all the service fields to be encrypted in a preset information acquisition mode;
encrypting the target field by using the target key information to obtain encrypted information.
2. The data encryption method according to claim 1, wherein after the target key information is determined based on the service field to be encrypted and a preset key selection method, further comprising:
determining a mapping scheme corresponding to the service field to be encrypted;
and adding the service field to be encrypted into a corresponding original association table based on the mapping scheme, and generating corresponding log information.
3. The data encryption method according to claim 2, wherein after encrypting the target field with the target key information to obtain encrypted information, further comprising:
and filling the encrypted information into an encrypted information area corresponding to the service field to be encrypted in the original association table to obtain an encryption table.
4. The data encryption method according to claim 3, wherein after encrypting the target field with the target key information to obtain the encrypted information, further comprising:
when a data query request is received, judging whether the corresponding mapping scheme exists or not based on the data query request;
if the corresponding mapping scheme does not exist, acquiring target query information from the original association table based on the data query request;
if the corresponding mapping scheme exists, acquiring the target query information from the encryption table based on the data query request;
and decrypting the target query information based on a preset information decryption mode to obtain decrypted information.
5. The data encryption method according to any one of claims 1 to 4, wherein the determining the target key information based on the service field to be encrypted and a preset key selection method includes:
and determining a data key for encrypting the service field to be encrypted, a root key for encrypting the data key and a target encryption algorithm determined from an encryption algorithm set from a preset management area based on the service field to be encrypted and a preset key selection method.
6. The data encryption method according to claim 5, wherein encrypting the target field with the target key information to obtain encrypted information includes:
encrypting the target field with the data key to obtain an encrypted field;
encrypting the data key by using the root key to obtain an encrypted key;
and determining the encrypted field and the encrypted key as the encrypted information.
7. The data encryption method according to claim 5, wherein before determining the target key information based on the service field to be encrypted and a preset key selection method, further comprising:
refreshing the root key periodically to obtain target root key information;
dividing the target root key information into first target root key information and second target root key information;
dividing the data key into a first data key and a second data key;
storing the first target root key information and the first data key to a server, and storing the second target root key information and the second data key to a database;
and acquiring a preset standard encryption algorithm and a custom encryption and decryption algorithm received through a two-way interface to obtain the encryption algorithm set, and storing the encryption algorithm set, the data key and the target root key information into the preset management area.
8. A data encryption apparatus, comprising:
the field acquisition module is used for acquiring the service field to be encrypted;
the key information determining module is used for determining target key information based on the service field to be encrypted and a preset key selection method;
the field acquisition module is used for acquiring target fields from all the service fields to be encrypted in a preset information acquisition mode;
and the information encryption module is used for encrypting the target field by utilizing the target key information so as to obtain encrypted information.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the steps of the data encryption method according to any one of claims 1 to 7.
10. A computer-readable storage medium storing a computer program; wherein the computer program when executed by a processor implements the data encryption method according to any one of claims 1 to 7.
CN202310237070.8A 2023-03-02 2023-03-02 Data encryption method, device, equipment and storage medium Pending CN116186740A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310237070.8A CN116186740A (en) 2023-03-02 2023-03-02 Data encryption method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310237070.8A CN116186740A (en) 2023-03-02 2023-03-02 Data encryption method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116186740A true CN116186740A (en) 2023-05-30

Family

ID=86448777

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310237070.8A Pending CN116186740A (en) 2023-03-02 2023-03-02 Data encryption method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116186740A (en)

Similar Documents

Publication Publication Date Title
EP3916604B1 (en) Method and apparatus for processing privacy data of block chain, device, storage medium and computer program product
US8484480B2 (en) Transmitting information using virtual input layout
CN110417781A (en) File encryption management method, client and server based on block chain
US20090164795A1 (en) System and method for providing program credentials
US20180249329A1 (en) Wireless application protocol gateway for providing application service
US10831754B2 (en) Using metadata to take action on an SMS message on a proprietary system
CN110134930A (en) Electronic contract management method, device, computer equipment and storage medium
CN108449187B (en) Token refreshing method and device
CN111460503A (en) Data sharing method, device, equipment and storage medium
CN115085975B (en) Data privatization deployment method, device, equipment and medium in SaaS service scene
US11909861B2 (en) Privately querying a database with private set membership using succinct filters
US20040193885A1 (en) Vault controller context manager and methods of operation for securely maintaining state information between successive browser connections in an electronic business system
CN113094334A (en) Digital service method, device, equipment and storage medium based on distributed storage
US7707504B2 (en) Offline configuration tool for secure store administration
CN112016104A (en) Encryption method, device and system for financial sensitive data
CN111339177A (en) SAP platform-based data export method and system
CN114780982A (en) Flow business circulation method, device and system
US20170200020A1 (en) Data management system, program recording medium, communication terminal, and data management server
US20180227297A1 (en) Enterprise key and password management system
CN111651425B (en) Data extraction method, device, terminal and storage medium of data mart
CN116186740A (en) Data encryption method, device, equipment and storage medium
CN111262911A (en) Projector control method, device, equipment and storage medium
CN116244682A (en) Database access method, device, equipment and storage medium
KR101979320B1 (en) System and Method for automatic generation and execution of encryption SQL statements using meta-information and enterprise framework
CN111199596A (en) Intelligent door lock control method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination