CN116305277A - Data processing method, device, medium and electronic equipment - Google Patents

Data processing method, device, medium and electronic equipment Download PDF

Info

Publication number
CN116305277A
CN116305277A CN202310280296.6A CN202310280296A CN116305277A CN 116305277 A CN116305277 A CN 116305277A CN 202310280296 A CN202310280296 A CN 202310280296A CN 116305277 A CN116305277 A CN 116305277A
Authority
CN
China
Prior art keywords
data
target
determining
processed
query result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310280296.6A
Other languages
Chinese (zh)
Inventor
杜文娟
邵瑜
位永康
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Agricultural Bank of China
Original Assignee
Agricultural Bank of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Agricultural Bank of China filed Critical Agricultural Bank of China
Priority to CN202310280296.6A priority Critical patent/CN116305277A/en
Publication of CN116305277A publication Critical patent/CN116305277A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application discloses a data processing method, a data processing device, a medium and electronic equipment. The method comprises the following steps: determining data to be processed and data confidentiality attributes of the data to be processed according to the intercepted data processing request; determining a target query mode matched with the data to be processed based on the data confidentiality attribute, and querying the data to be processed from a target stock system by using the target query mode to obtain a data query result; and processing the data query result according to the data processing request. The technical scheme is suitable for the condition of encrypting and reforming the stock system, can ensure the availability of the stock system, and is favorable for ensuring user experience.

Description

Data processing method, device, medium and electronic equipment
Technical Field
The present disclosure relates to the field of computer applications, and in particular, to a data processing method, apparatus, medium, and electronic device, which are suitable for encrypting and transforming an inventory system.
Background
With rapid development of internet technology, security of stock systems such as databases is also becoming more and more important.
Storing the data in a readable plaintext form in a database clearly does not meet the security requirements. The data is encrypted, and the data is stored in the database in an unreadable ciphertext form, so that the encrypted data becomes the necessary choice of the stock system.
Many stock systems have not previously been encryption processed and require encryption modification. Because the data magnitude related to the stock system can reach tens of millions, the feasibility of directly encrypting and reforming the stock system is not high. That is, during the encryption retrofit process, these stock systems may store data in plaintext form and data in ciphertext form simultaneously. The availability of the stock system is ensured in the encryption transformation process, and the method has important significance for ensuring user experience.
Disclosure of Invention
The application provides a data processing method, a device, a medium and electronic equipment, which are suitable for the condition of encrypting and reforming an inventory system and can ensure the availability and user experience of the inventory system.
According to a first aspect of the present application, there is provided a data processing method, the method comprising:
determining data to be processed and data confidentiality attributes of the data to be processed according to the intercepted data processing request;
Determining a target query mode matched with the data to be processed based on the data confidentiality attribute, and querying the data to be processed from a target stock system by using the target query mode to obtain a data query result;
and processing the data query result according to the data processing request.
According to a second aspect of the present application there is provided a data processing apparatus, the apparatus comprising:
the data confidentiality attribute determining module is used for determining data to be processed according to the intercepted data processing request and the data confidentiality attribute of the data to be processed;
the query mode determining module is used for determining a target query mode matched with the data to be processed based on the data confidentiality attribute, and querying the data to be processed from a target stock system by utilizing the target query mode to obtain a data query result;
and the query result processing module is used for processing the data query result according to the data processing request.
According to a third aspect of the present invention, embodiments of the present application provide a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements a data processing method as described in embodiments of the present application.
According to a fourth aspect of the present invention, an embodiment of the present application provides an electronic device, including a memory, a processor and a computer program stored on the memory and executable by the processor, where the processor executes the computer program to implement a data processing method according to an embodiment of the present application.
According to the technical scheme, data to be processed and data confidentiality attributes of the data to be processed are determined according to the intercepted data processing request; determining a target query mode matched with the data to be processed based on the data confidentiality attribute, and querying the data to be processed from a target stock system by using the target query mode to obtain a data query result; and processing the data query result according to the data processing request. The technical scheme is suitable for the condition of encrypting and reforming the stock system, can ensure the availability of the stock system, and is favorable for ensuring user experience.
It should be understood that the description of this section is not intended to identify key or critical features of the embodiments of the application or to delineate the scope of the application. Other features of the present application will become apparent from the description that follows.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a data processing method provided according to a first embodiment;
FIG. 2 is a flow chart of a data processing method provided according to a second embodiment;
FIG. 3 is a schematic diagram of a data processing apparatus according to a third embodiment of the present application;
fig. 4 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present application.
Detailed Description
In order to make the present application solution better understood by those skilled in the art, the following description will be made in detail and with reference to the accompanying drawings in the embodiments of the present application, it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," "target," and "candidate" in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that embodiments of the present application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
Fig. 1 is a flowchart of a data processing method according to a first embodiment, which is applicable to the case of encrypting an inventory system, and the method may be performed by a data processing apparatus, which may be implemented in hardware and/or software, and may be integrated into an electronic device running the system.
As shown in fig. 1, the method includes:
s110, determining data to be processed according to the intercepted data processing request and data confidentiality attribute of the data to be processed.
Wherein the data processing request is used for requesting the data to be processed from the target stock system. The data to be processed is stored in the target stock system, and the data confidentiality attribute of the data to be processed is used for determining the expected storage form of the data to be processed in the target stock system. The target stock system refers to a stock system which needs to be subjected to encryption transformation. By way of example, the target inventory system may be an enterprise financial services system.
Optionally, the data security attributes include the need for encryption and the need for encryption. The data confidentiality attribute is data to be processed which is not required to be encrypted, and the data is stored in a plaintext form in a target stock system; the data confidentiality attribute is the data to be processed which needs to be encrypted, and the data to be processed is stored in a ciphertext form in the target stock system.
However, the target stock system is a stock system requiring encryption transformation, that is, the data security attribute is to be encrypted, and the data to be processed which should be stored in the ciphertext form may still be stored in the plaintext form in the target stock system. In other words, for the data security attribute to be the data to be processed that needs to be encrypted, the actual storage form in the target stock system may not be the only one that is stored in the plaintext form or the ciphertext form.
The readability of the plaintext form is higher than the ciphertext form, which is safer than the plaintext form. The data to be processed with different storage forms also have differences in the corresponding data query modes. Based on the data confidentiality attribute of the data to be processed, the data query mode of the data to be processed can be further determined.
Optionally, the data processing request is intercepted by an interceptor in the Mybatis framework. Mybatis is an open-source and lightweight data persistence framework, JDBC (Java Database Connectivity, java database connection) is encapsulated inside, complex processes of loading a driver, creating connection and the like are simplified, customized SQL (Structured Query Language ), storage engineering and high-level mapping are supported, and mapping relation can be established between entity class and SQL statement.
In an alternative embodiment, determining the data security attribute of the data to be processed according to the intercepted data processing request comprises: analyzing the intercepted data processing request, and extracting data description information from the data processing request; and matching the data description information with a preset encryption field, and determining the data confidentiality attribute of the data to be processed according to the obtained matching result.
The data description information is used for describing a field to which the data to be processed belongs. The data processing request may be a data query request or a data modification request. Wherein the data query request is generated based on the data query condition; the data modification request is generated based on the data modification condition. The data description information may be determined based on the data query condition or the data modification condition.
The preset encryption field is a field with higher data security level and needs encryption protection; the preset encryption field is predetermined according to the service requirement, and is not limited herein.
And matching the data description information with a preset encryption field, and determining the data confidentiality attribute of the data to be processed according to the obtained matching result. The matching result comprises matching success and matching failure. Optionally, if the matching result is that the matching is successful, determining that the data confidentiality attribute of the data to be processed is that encryption is required; if the matching result is that the matching fails, determining that the data confidentiality attribute of the data to be processed is not needed to be encrypted.
The technical scheme provides a feasible data confidentiality attribute determining method and provides data support for determining the data confidentiality attribute of the data to be processed.
S120, determining a target query mode matched with the data to be processed based on the data confidentiality attribute, and querying the data to be processed from a target stock system by using the target query mode to obtain a data query result.
The data stored in the target stock system has different security attributes, that is, there is a difference in storage forms corresponding to the data stored in the target stock system. Specifically, not only are data with different security attributes stored in different forms in the target stock system; the storage form of data having the same security attributes in the target stock system may also be different. Illustratively, the data that does not require encryption is stored in plaintext form in the target stock system; data to be encrypted in a target stock system requiring encryption modification may be stored in a plaintext form or may be stored in a ciphertext form.
Based on the data security attributes, the expected storage form of the data to be processed in the target stock system may be determined. The target query pattern matching the data to be processed is determined, and in fact, the data query pattern matching the expected storage pattern is determined. The target query mode is a data query mode matched with an expected storage mode of the data to be processed in the target stock system.
And inquiring the data to be processed from the target stock system by utilizing a target inquiry mode to obtain a data inquiry result.
In an alternative embodiment, determining a target query pattern matching the data to be processed based on the data security attribute includes: under the condition that the data confidentiality attribute is to be encrypted, determining a compatible query mode as a target query mode matched with the data to be processed; under the condition that the data confidentiality attribute is that encryption is not needed, determining a plaintext inquiry mode as a target inquiry mode matched with the data to be processed; the compatible inquiry mode supports plaintext inquiry and ciphertext inquiry at the same time.
In the case that the data security attribute is that encryption is required, the data to be processed may be stored in a ciphertext form or a plaintext form in the target stock system. And taking a compatible query mode which supports both plaintext query and ciphertext query as a target query mode. The compatible inquiry mode can inquire the data to be inquired in a plaintext form and the data to be inquired in a ciphertext form from the target stock system. Illustratively, an IN query may be used as a compatible query.
In the case that the data confidentiality attribute is that encryption is not needed, the data to be processed is stored in a plaintext form in the target stock system. And taking the plaintext query mode supporting the plaintext query as a target query mode. The plaintext inquiry mode only supports the inquiry of the data to be inquired in the plaintext form from the target stock system.
The technical scheme provides a feasible data query mode determining method and provides data support for determining the data query mode of the data to be processed.
S130, processing the data query result according to the data processing request.
The data processing requests are different, and the processing modes of the data query results are different. Illustratively, the data processing request includes a data query request and a data modification request. And under the condition that the data processing request is a data query request, directly taking the data query result as feedback of the data query request.
And under the condition that the data processing request is a data modification request, modifying the data query result, and taking the obtained data modification result as feedback of the data modification request.
According to the technical scheme, data to be processed and data confidentiality attributes of the data to be processed are determined according to the intercepted data processing request; determining a target query mode matched with the data to be processed based on the data confidentiality attribute, and querying the data to be processed from a target stock system by using the target query mode to obtain a data query result; and processing the data query result according to the data processing request. The technical scheme is suitable for the condition of encrypting and reforming the stock system, can ensure the availability of the stock system, and is favorable for ensuring user experience.
In an alternative embodiment, the method further comprises: extracting data description information from a data insertion request in response to intercepting the data insertion request; matching the data description information with a preset encryption field, and determining the data confidentiality attribute of the data to be inserted according to a field matching result; under the condition that the data confidentiality attribute of the data to be inserted is that encryption is needed, selecting a target encryption algorithm for the data to be inserted from candidate encryption algorithms; encrypting the data to be inserted by using the target encryption algorithm; and associating the encryption algorithm identification with the encrypted data to be inserted, and storing the encrypted data to be inserted into the target stock system.
Wherein the data insertion request is for inserting data into the target stock system. The data to be inserted into the target stock system is data to be inserted. The data insertion request is generated based on data insertion conditions, which may be used to determine data description information of the data to be inserted. Optionally, the data insertion request is intercepted by an interceptor in the Mybatis framework.
The extraction of data description information from the data insertion request is actually determining the field to which the data to be inserted belongs. And matching the data description information with a preset encryption field, and determining the data confidentiality attribute of the data to be inserted according to the field matching result.
The matching result comprises matching success and matching failure. Optionally, if the matching result is that the matching is successful, determining that the data confidentiality attribute of the data to be inserted is that encryption is required; if the matching result is that the matching fails, determining that the data security attribute of the data to be inserted is not needed to be encrypted.
The candidate encryption algorithm includes at least two types, and the specific type of the candidate encryption algorithm can be determined according to actual service requirements, which is not limited herein. By way of example, candidate encryption algorithms may include the BLOWFISH algorithm, the SM4 algorithm, and the like.
And under the condition that the data confidentiality attribute of the data to be inserted is that encryption is needed, selecting a target encryption algorithm from candidate encryption algorithms to determine the data to be inserted and determining an encryption algorithm identification. The target encryption algorithm can also be selected according to actual service requirements, for example, a BLOWFISH algorithm is selected as the target encryption algorithm for the data to be inserted with low service security requirements; and selecting an SM4 algorithm as a target encryption algorithm for data to be inserted with high service security requirements.
The target encryption algorithm is used for encrypting the data to be inserted. The encryption algorithm identification is used to distinguish a target encryption algorithm from candidate encryption algorithms. Optionally, under the condition that the data security attribute of the data to be inserted is that encryption is required, determining a target encryption algorithm for the data to be inserted through a type converter in the Mybatis framework, and calling the target encryption algorithm to encrypt the data to be inserted. The type converter in the Mybatis framework is used for realizing the interconversion of Java type and JDBC type, and is configured with data encryption and decryption logic, and can adaptively modify SQL MAPPER in DAO (Data Access Object Pattern, data access object mode). The type converter inherits the MyBatis built-in type converter (typeHandler), which can be called by the CryptStringType class. Optionally, the alias of the CryptStringType class is set to cryptString.
The Mybatis framework is used for encrypting and reforming the target stock system, so that the service code change amount and the service code change repetition rate can be reduced, the invasiveness to the service code can be reduced, and the running risk of the target stock system can be reduced.
And associating the encryption algorithm identification with the data to be inserted, optionally setting an encryption identification bit in the data to be inserted, writing the encryption algorithm identification into a preset encryption identification bit in the data to be inserted so as to establish association between the encryption algorithm identification and the data to be inserted, and storing the data to be inserted, which is associated with the encryption algorithm identification, into a target stock system.
According to the technical scheme, in the process of inserting data into the target stock system, the data confidentiality attribute of the data to be inserted is determined, and under the condition that the data confidentiality attribute of the data to be inserted is that encryption is needed, the data to be inserted is encrypted by utilizing the target encryption algorithm, and the encryption algorithm identification is associated to the data to be inserted. And then, storing the data to be inserted, which is associated with the encryption algorithm identification, into the target stock system. Based on the technical scheme, the data to be inserted is stored into the target stock system, so that the data query result obtained by querying in the target stock system is conveniently decrypted in the process of processing the data query request or the data modification request, and the target stock system can be compatible with various encryption modes. The technical scheme disclosed by the invention is used for encrypting and reforming the target stock system, so that the encryption and reforming cost can be effectively reduced.
Example two
Fig. 2 is a flowchart of a data processing method according to a second embodiment. The embodiment further optimizes on the basis of the embodiment, specifically, determines the data confidentiality attribute of the data query result by adding an operation after the operation of querying the data to be processed from the target stock system by using the target query mode to obtain the data query result; if the data confidentiality attribute of the data query result is that confidentiality is required, determining a target encryption algorithm associated with the data query result; determining a target decryption algorithm matched with the data query result from candidate decryption algorithms based on the target encryption algorithm; and decrypting the data query result by using the target decryption algorithm, and updating the data query result based on the obtained decryption result.
As shown in fig. 2, the method includes:
s210, determining data to be processed and data confidentiality attributes of the data to be processed according to the intercepted data processing request.
S220, determining a target query mode matched with the data to be processed based on the data confidentiality attribute, and querying the data to be processed from a target stock system by using the target query mode to obtain a data query result.
S230, determining the data confidentiality attribute of the data query result.
Optionally, the data security attribute of the data query result is determined based on the field to which the data query result belongs and a preset encryption field. Specifically, a field to which the data query result belongs is matched with a preset encryption field, and the data confidentiality attribute of the data query result is determined according to the field matching result.
If the field matching is successful, the data confidentiality attribute of the data query result is that confidentiality is needed; if the field matching fails, the data confidentiality attribute of the data query result is no confidentiality.
S240, if the data confidentiality attribute of the data query result is that confidentiality is needed, determining a target encryption algorithm associated with the data query result.
If the data confidentiality attribute of the data query result is that confidentiality is required, the data query result is in an encrypted state, and an encryption algorithm adopted by the data query result needs to be further determined.
And the target encryption algorithm related to the data query result is the encryption algorithm adopted by the data query result.
In an alternative embodiment, determining a target encryption algorithm associated with the data query result includes: extracting an encryption algorithm identifier from an encryption identifier bit preset in a data query result; and determining a target encryption algorithm associated with the data query result from the candidate encryption algorithms according to the encryption algorithm identification.
The preset encryption identification bit can be arranged at any position in the data query result, and the preset encryption identification bit is used for storing the encryption algorithm identification. That is, the encryption algorithm identification may be either a prefix or a suffix of the data query result. Extracting an encryption algorithm identifier from an encryption identifier bit preset in a data query result; and determining a target encryption algorithm associated with the data query result from the candidate encryption algorithms according to the encryption algorithm identification. The technical scheme provides technical support for the target stock system to be compatible with various encryption modes.
S250, determining a target decryption algorithm matched with the data query result from candidate decryption algorithms based on the target encryption algorithm.
The encryption and decryption are the inverse of each other, and in the case that the target encryption algorithm is known, the target decryption algorithm may be determined from the candidate decryption algorithms based on the target encryption algorithm.
The target decryption algorithm corresponds to the target encryption algorithm, and the data query result encrypted by the target encryption algorithm needs to be decrypted by the target decryption algorithm.
S260, decrypting the data query result by using the target decryption algorithm, and updating the data query result based on the obtained decryption result.
The data query result encrypted by the target decryption algorithm is in a ciphertext form, and the target decryption algorithm is used for decrypting the data query result, so that the data query result in the ciphertext form can be converted into a plaintext form. Based on the obtained decryption result, the data query result is updated, and the data query result can be updated from a ciphertext form to a plaintext form.
Optionally, if the preset encryption identification bit in the data query result includes the encryption algorithm identification, the encryption algorithm identification in the data query result is removed, and then the data query result is decrypted by using the target decryption algorithm.
S270, processing the data query result according to the data processing request.
And processing the data query result in the plaintext form according to the data processing request.
According to the technical scheme, after the data to be processed is queried from the target stock system by utilizing the target query mode to obtain a data query result, the data confidentiality attribute of the data query result is determined; if the data confidentiality attribute of the data query result is that confidentiality is required, determining a target encryption algorithm associated with the data query result; determining a target decryption algorithm matched with the data query result from candidate decryption algorithms based on the target encryption algorithm; and decrypting the data query result by using the target decryption algorithm, and updating the data query result based on the obtained decryption result. The target stock system in the technical scheme can be compatible with various encryption modes, and the types of encryption algorithms are continuously changed along with the improvement of security requirements, so that the technical scheme provided by the application can well meet business requirements.
In an alternative implementation, processing the data query result according to the data processing request includes: if the data processing request is a data modification request, extracting data to be modified and new data content from the data modification request; modifying the data to be modified in the data query result based on the new data content to obtain a data modification result; under the condition that the data confidentiality attribute of the data query result is that encryption is needed, encrypting the data modification result based on a target encryption algorithm associated with the data query result; and updating the target stock system based on the encrypted data modification result.
The data modification request is for modifying data in the target inventory system. Under the condition that the data to be processed is queried from the target stock system to obtain a data query result. And processing the data query request according to the data modification request. The data to be modified and the new data content are extracted from the data modification request. And modifying the data to be modified in the data query result based on the new data content to obtain a data modification result, and particularly, updating the original data content of the data to be modified by using the new data content. And under the condition that the data confidentiality attribute of the data query result is that encryption is needed, the data modification result is encrypted based on the target encryption algorithm related to the data query result. And updating the target stock system based on the encrypted data modification result so as to achieve the aim of modifying the data in the target stock system. The technical scheme supports modification of the data in the target stock system, can be used for encryption transformation of the target stock system, and can effectively reduce the transformation cost of the system.
Example III
Fig. 3 is a schematic structural diagram of a data processing apparatus according to a third embodiment of the present application, where the present embodiment is applicable to the case of performing encryption modification on an inventory system. The apparatus may be implemented in software and/or hardware and may be integrated in an electronic device such as a smart terminal.
As shown in fig. 3, the apparatus may include: a data security attribute determination module 310, a query pattern determination module 320, and a query result processing module 330.
A data security attribute determining module 310, configured to determine data to be processed according to the intercepted data processing request, and a data security attribute of the data to be processed;
a query mode determining module 320, configured to determine a target query mode that matches the data to be processed based on the data security attribute, and query the data to be processed from a target stock system by using the target query mode, so as to obtain a data query result;
and the query result processing module 330 is configured to process the data query result according to the data processing request.
According to the technical scheme, data to be processed and data confidentiality attributes of the data to be processed are determined according to the intercepted data processing request; determining a target query mode matched with the data to be processed based on the data confidentiality attribute, and querying the data to be processed from a target stock system by using the target query mode to obtain a data query result; and processing the data query result according to the data processing request. The technical scheme is suitable for the condition of encrypting and reforming the stock system, can ensure the availability of the stock system, and is favorable for ensuring user experience.
Optionally, the data security attribute determination module 310 includes: the data description information extraction sub-module is used for analyzing the intercepted data processing request and extracting data description information from the data processing request; and the data confidentiality attribute determining sub-module is used for matching the data description information with a preset encryption field and determining the data confidentiality attribute of the data to be processed according to the obtained matching result.
Optionally, the query mode determining module 320 includes: the first query mode determining submodule is used for determining a compatible query mode as a target query mode matched with the data to be processed under the condition that the data confidentiality attribute is that encryption is needed; the second query mode determining submodule is used for determining a plaintext query mode as a target query mode matched with the data to be processed under the condition that the data confidentiality attribute is not needed to be encrypted; the compatible inquiry mode supports plaintext inquiry and ciphertext inquiry at the same time.
Optionally, the method further comprises: the result confidentiality attribute determining module is used for determining the data confidentiality attribute of the data query result after querying the data to be processed from the target stock system by utilizing the target query mode to obtain the data query result; the encryption algorithm determining module is used for determining a target encryption algorithm related to the data query result if the data confidentiality attribute of the data query result is that confidentiality is needed; the decryption algorithm determining module is used for determining a target decryption algorithm matched with the data query result from candidate decryption algorithms based on the target encryption algorithm; and the query result updating module is used for decrypting the data query result by utilizing the target decryption algorithm and updating the data query result based on the obtained decryption result.
Optionally, the encryption algorithm determining module includes: the algorithm identification extraction submodule is used for extracting an encryption algorithm identification from encryption identification bits preset in the data query result; and the encryption algorithm determining submodule is used for determining a target encryption algorithm related to the data query result from the candidate encryption algorithms according to the encryption algorithm identification.
Optionally, the query result processing module 330 includes: the data extraction sub-module is used for extracting data to be modified and new data content from the data modification request if the data processing request is a data modification request; the data modification sub-module is used for modifying the data to be modified in the data query result based on the new data content to obtain a data modification result; the encryption processing sub-module is used for carrying out encryption processing on the data modification result based on a target encryption algorithm associated with the data query result under the condition that the data confidentiality attribute of the data query result is that encryption is needed; and the data updating sub-module is used for updating the target stock system based on the encrypted data modification result.
Optionally, the apparatus further includes: the description information extraction module is used for responding to the interception of the data insertion request and extracting data description information from the data insertion request; the field matching module is used for matching the data description information with a preset encryption field and determining the data confidentiality attribute of the data to be inserted according to a field matching result; the encryption algorithm determining module is used for selecting a target encryption algorithm for the data to be inserted from candidate encryption algorithms under the condition that the data confidentiality attribute of the data to be inserted is that encryption is needed; the data encryption module is used for encrypting the data to be inserted by utilizing the target encryption algorithm; and the data storage module is used for associating the encryption algorithm identification with the encrypted data to be inserted and storing the encrypted data to be inserted into the target stock system.
The data processing device provided by the embodiment of the invention can execute the data processing method provided by any embodiment of the application, and has the corresponding performance module and beneficial effects of executing the data processing method.
In the technical scheme of the disclosure, the related user data are collected, stored, used, processed, transmitted, provided, disclosed and the like, all conform to the regulations of related laws and regulations and do not violate the popular regulations of the public order.
Example IV
Fig. 4 illustrates a schematic diagram of an electronic device 410 that may be used to implement an embodiment. The electronic device 410 comprises at least one processor 411, and a memory communicatively coupled to the at least one processor 411, such as a Read Only Memory (ROM) 412, a Random Access Memory (RAM) 413, etc., wherein the memory stores computer programs executable by the at least one processor, and the processor 411 may perform various suitable actions and processes in accordance with the computer programs stored in the Read Only Memory (ROM) 412 or the computer programs loaded from the storage unit 418 into the Random Access Memory (RAM) 413. In the RAM 413, various programs and data required for the operation of the electronic device 410 may also be stored. The processor 411, the ROM 412, and the RAM 413 are connected to each other through a bus 414. An input/output (I/O) interface 415 is also connected to bus 414.
Various components in the electronic device 410 are connected to the I/O interface 415, including: an input unit 416 such as a keyboard, a mouse, etc.; an output unit 417 such as various types of displays, speakers, and the like; a storage unit 418, such as a magnetic disk, optical disk, or the like; and a communication unit 419 such as a network card, modem, wireless communication transceiver, etc. The communication unit 419 allows the electronic device 410 to exchange information/data with other devices through a computer network such as the internet and/or various telecommunication networks.
The processor 411 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 411 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, digital Signal Processors (DSPs), and any suitable processor, controller, microcontroller, etc. The processor 411 performs the various methods and processes described above, such as data processing methods.
In some embodiments, the data processing method may be implemented as a computer program tangibly embodied on a computer-readable storage medium, such as storage unit 418. In some embodiments, some or all of the computer program may be loaded and/or installed onto the electronic device 410 via the ROM 412 and/or the communication unit 419. When a computer program is loaded into RAM 413 and executed by processor 411, one or more steps of the data processing method described above may be performed. Alternatively, in other embodiments, the processor 411 may be configured to perform the data processing method in any other suitable manner (e.g., by means of firmware).
Various implementations of the systems and techniques described here above can be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), complex Programmable Logic Devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for carrying out the methods of the present application may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be implemented. The computer program may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this application, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) through which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data processing server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical hosts and VPS service are overcome.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present application may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solutions of the present application are achieved, and the present application is not limited herein.
The above embodiments do not limit the scope of the application. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present application are intended to be included within the scope of the present application.

Claims (10)

1. A method of data processing, the method comprising:
determining data to be processed and data confidentiality attributes of the data to be processed according to the intercepted data processing request;
determining a target query mode matched with the data to be processed based on the data confidentiality attribute, and querying the data to be processed from a target stock system by using the target query mode to obtain a data query result;
And processing the data query result according to the data processing request.
2. The method of claim 1, wherein determining the data security attribute of the data to be processed based on the intercepted data processing request comprises:
analyzing the intercepted data processing request, and extracting data description information from the data processing request;
and matching the data description information with a preset encryption field, and determining the data confidentiality attribute of the data to be processed according to the obtained matching result.
3. The method of claim 1, wherein determining a target query pattern that matches the data to be processed based on the data security attribute comprises:
under the condition that the data confidentiality attribute is to be encrypted, determining a compatible query mode as a target query mode matched with the data to be processed;
under the condition that the data confidentiality attribute is that encryption is not needed, determining a plaintext inquiry mode as a target inquiry mode matched with the data to be processed;
the compatible inquiry mode supports plaintext inquiry and ciphertext inquiry at the same time.
4. The method of claim 1, wherein after querying the data to be processed from a target stock system using the target query means to obtain a data query result, the method further comprises:
Determining the data confidentiality attribute of the data query result;
if the data confidentiality attribute of the data query result is that confidentiality is required, determining a target encryption algorithm associated with the data query result;
determining a target decryption algorithm matched with the data query result from candidate decryption algorithms based on the target encryption algorithm;
and decrypting the data query result by using the target decryption algorithm, and updating the data query result based on the obtained decryption result.
5. The method of claim 4, wherein the determining the target encryption algorithm associated with the data query result comprises:
extracting an encryption algorithm identifier from an encryption identifier bit preset in a data query result;
and determining a target encryption algorithm associated with the data query result from the candidate encryption algorithms according to the encryption algorithm identification.
6. The method of claim 4, wherein processing the data query results in accordance with the data processing request comprises:
if the data processing request is a data modification request, extracting data to be modified and new data content from the data modification request;
Modifying the data to be modified in the data query result based on the new data content to obtain a data modification result;
under the condition that the data confidentiality attribute of the data query result is that encryption is needed, encrypting the data modification result based on a target encryption algorithm associated with the data query result;
and updating the target stock system based on the encrypted data modification result.
7. The method according to claim 1, wherein the method further comprises:
extracting data description information from a data insertion request in response to intercepting the data insertion request;
matching the data description information with a preset encryption field, and determining the data confidentiality attribute of the data to be inserted according to a field matching result;
under the condition that the data confidentiality attribute of the data to be inserted is that encryption is needed, selecting a target encryption algorithm for the data to be inserted from candidate encryption algorithms;
encrypting the data to be inserted by using the target encryption algorithm;
and associating the encryption algorithm identification with the encrypted data to be inserted, and storing the encrypted data to be inserted into the target stock system.
8. A data processing apparatus, the apparatus comprising:
the data confidentiality attribute determining module is used for determining data to be processed according to the intercepted data processing request and the data confidentiality attribute of the data to be processed;
the query mode determining module is used for determining a target query mode matched with the data to be processed based on the data confidentiality attribute, and querying the data to be processed from a target stock system by utilizing the target query mode to obtain a data query result;
and the query result processing module is used for processing the data query result according to the data processing request.
9. A computer-readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements a data processing method according to any one of claims 1-7.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the data processing method according to any of claims 1-7 when executing the computer program.
CN202310280296.6A 2023-03-21 2023-03-21 Data processing method, device, medium and electronic equipment Pending CN116305277A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310280296.6A CN116305277A (en) 2023-03-21 2023-03-21 Data processing method, device, medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310280296.6A CN116305277A (en) 2023-03-21 2023-03-21 Data processing method, device, medium and electronic equipment

Publications (1)

Publication Number Publication Date
CN116305277A true CN116305277A (en) 2023-06-23

Family

ID=86786749

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310280296.6A Pending CN116305277A (en) 2023-03-21 2023-03-21 Data processing method, device, medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN116305277A (en)

Similar Documents

Publication Publication Date Title
CN111612388A (en) Method and device for merging target orders
CN110909022A (en) Data query method and device
CN111737564A (en) Information query method, device, equipment and medium
CN114595481A (en) Method, device, equipment and storage medium for processing response data
CN111881329A (en) Account balance management method and system
CN118312076A (en) Map icon processing method and device, electronic equipment and computer readable medium
CN116781425B (en) Service data acquisition method, device, equipment and storage medium
CN117633835A (en) Data processing method, device, equipment and storage medium
CN116501997B (en) Short link generation method, device, electronic equipment and storage medium
CN117195263A (en) Database encryption method and device
CN116775167A (en) Service processing method, device, electronic equipment and computer readable medium
CN113761565A (en) Data desensitization method and apparatus
CN112948138A (en) Method and device for processing message
CN116305277A (en) Data processing method, device, medium and electronic equipment
CN116244682A (en) Database access method, device, equipment and storage medium
CN111752964A (en) Data processing method and device based on data interface
US8281000B1 (en) Variable-length nonce generation
CN113609156A (en) Data query and write-in method and device, electronic equipment and readable storage medium
CN113868687A (en) Task processing progress management method and device
US8719822B2 (en) Method and system for storing and referencing partial complex resources using object identifiers in a printing system
CN113726885A (en) Method and device for adjusting flow quota
CN110866002A (en) Method and device for processing sub-table data
CN117033445A (en) Full-secret database cost transfer method, device, equipment and storage medium
CN112948458B (en) Block chain-based query method and device
US20240220648A1 (en) Order-preserving encryption method and apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination