CN116633542B - Data encryption method and system - Google Patents
Data encryption method and system Download PDFInfo
- Publication number
- CN116633542B CN116633542B CN202310889709.0A CN202310889709A CN116633542B CN 116633542 B CN116633542 B CN 116633542B CN 202310889709 A CN202310889709 A CN 202310889709A CN 116633542 B CN116633542 B CN 116633542B
- Authority
- CN
- China
- Prior art keywords
- data
- target
- fragment
- authority
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 239000012634 fragment Substances 0.000 claims abstract description 153
- 238000007499 fusion processing Methods 0.000 claims abstract description 6
- 230000004927 fusion Effects 0.000 claims description 7
- 230000002194 synthesizing effect Effects 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 8
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000005192 partition Methods 0.000 description 2
- 238000000638 solvent extraction Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Abstract
The embodiment of the application relates to the technical field of data encryption, and particularly discloses a data encryption method and system. According to the embodiment of the application, the target data authority is determined by receiving the target processing data; dividing the target processing data into a plurality of target fragment data; performing fragment distribution analysis to generate fragment distribution results; encrypting through a plurality of corresponding department authority keys to obtain a plurality of encrypted fragment data; and fusing the plurality of encrypted fragment data, and performing data general encryption to generate target encrypted data. The method and the device can determine the target data authority of target processing data, divide a plurality of target fragment data, perform fragment distribution and corresponding department authority key encryption to obtain a plurality of encrypted fragment data, and then perform fusion processing and general encryption to generate target encrypted data, so that fragment department authority encryption and general encryption can be performed on the data, external personnel can be prevented from stealing enterprise data, and personnel can be prevented from stealing internal data and revealing the internal data.
Description
Technical Field
The application belongs to the technical field of data encryption, and particularly relates to a data encryption method and system.
Background
The data encryption is to convert the readable data (i.e. plaintext) into an irregular character sequence (i.e. ciphertext) through a specific algorithm and a specific key, so that the safety of the data in the transmission process is ensured, and even if the data is intercepted, the true content of the data cannot be interpreted because the data does not have a correct key. In network security, data encryption employs many different types of encryption algorithms, such as symmetric encryption algorithms (e.g., AES, SM 4), asymmetric encryption algorithms (e.g., SM2 and SM9, RSA), hash functions (e.g., SHA, SM 3), and the like.
Various data can be generated in the running process of enterprises, and how to ensure the safety of the data is particularly important for the safety of the enterprises. In the prior art, data encryption is usually carried out only by utilizing a general key in an enterprise, and although the enterprise data can be prevented from being stolen by external personnel to a certain extent, the internal data cannot be prevented from being stolen and the internal data cannot be prevented from being leaked by the staff.
Disclosure of Invention
The embodiment of the application aims to provide a data encryption method and system, which aim to solve the problems in the background technology.
In order to achieve the above object, the embodiment of the present application provides the following technical solutions:
a method of encrypting data, the method comprising the steps of:
receiving target processing data, performing authority analysis, and determining target data authority;
determining a dividing number according to the target data authority, and dividing the target processing data into a plurality of target fragment data according to the dividing number;
according to the target data authority, performing fragment distribution analysis to generate a fragment distribution result;
encrypting a plurality of target fragment data through a plurality of corresponding department authority keys according to the fragment distribution result to obtain a plurality of encrypted fragment data;
and fusing the plurality of encrypted fragment data, and performing data general encryption to generate target encrypted data.
As a further limitation of the technical solution of the embodiment of the present application, the receiving the target processing data, performing authority analysis, and determining the target data authority specifically includes the following steps:
receiving target processing data to be encrypted;
performing type analysis on the target processing data to acquire a target data type;
acquiring a source address of the target processing data;
and integrating the target data type and the source address to determine the target data authority.
As a further limitation of the technical solution of the embodiment of the present application, the determining the dividing number according to the target data authority, and dividing the target processing data into a plurality of target fragment data according to the dividing number specifically includes the following steps:
determining the dividing number according to the target data authority;
determining a dividing boundary according to the dividing number;
and dividing the target processing data into a plurality of target fragment data according to the dividing boundary.
As a further limitation of the technical solution of the embodiment of the present application, the performing the segment allocation analysis according to the target data authority, and generating the segment allocation result specifically includes the following steps:
determining a plurality of authority responsibility departments according to the target data authority;
performing authority arrangement on a plurality of authority responsibility departments to generate department arrangement information;
dividing and arranging a plurality of target fragment data to generate fragment arrangement information;
and according to the department arrangement information and the fragment arrangement information, arranging and distributing the target fragment data to generate a fragment distribution result.
As a further limitation of the technical solution of the embodiment of the present application, encrypting the plurality of target fragment data by a plurality of corresponding department authority keys according to the fragment distribution result, to obtain a plurality of encrypted fragment data specifically includes the following steps:
acquiring department authority keys corresponding to a plurality of authority responsibility departments;
generating an encryption allocation instruction according to the fragment allocation result;
and encrypting the corresponding target fragment data through a plurality of department authority keys according to the encryption distribution instruction to obtain a plurality of encrypted fragment data.
As a further limitation of the technical solution of the embodiment of the present application, the merging processing of the plurality of encrypted fragment data and the general encryption of the data, the generating of the target encrypted data specifically includes the following steps:
fusing the plurality of encrypted fragment data to generate encrypted fused data;
acquiring a preset universal encryption key;
generating a general encryption instruction;
and carrying out data general encryption on the encrypted fusion data through the general encryption key according to the general encryption instruction to generate target encrypted data.
A data encryption system, the system comprising a data rights analysis unit, a data partitioning processing unit, a fragment allocation analysis unit, a fragment data encryption unit, and a data general encryption unit, wherein:
the data authority analysis unit is used for receiving the target processing data, performing authority analysis and determining the target data authority;
the data dividing processing unit is used for determining dividing quantity according to the target data authority and dividing the target processing data into a plurality of target fragment data according to the dividing quantity;
the fragment distribution analysis unit is used for carrying out fragment distribution analysis according to the target data authority to generate a fragment distribution result;
the fragment data encryption unit is used for encrypting a plurality of target fragment data through a plurality of corresponding department authority keys according to the fragment distribution result to obtain a plurality of encrypted fragment data;
and the data general encryption unit is used for fusing the plurality of encrypted fragment data and carrying out general encryption on the data to generate target encrypted data.
As a further limitation of the technical solution of the embodiment of the present application, the data authority analysis unit specifically includes:
the data receiving module is used for receiving target processing data to be encrypted;
the type analysis module is used for carrying out type analysis on the target processing data to acquire a target data type;
the source address acquisition module is used for acquiring a source address of the target processing data;
and the permission determining module is used for integrating the target data type and the source address and determining the target data permission.
As a further limitation of the technical solution of the embodiment of the present application, the data dividing and processing unit specifically includes:
the quantity determining module is used for determining the dividing quantity according to the target data authority;
the boundary determining module is used for determining a dividing boundary according to the dividing quantity;
and the segment dividing module is used for dividing the target processing data into a plurality of target segment data according to the dividing boundary.
As a further limitation of the technical solution of the embodiment of the present application, the fragment data encryption unit specifically includes:
the key acquisition module is used for acquiring department authority keys corresponding to a plurality of authority responsibility departments;
the instruction generation module is used for generating an encryption distribution instruction according to the fragment distribution result;
and the permission encryption module is used for encrypting the corresponding target fragment data through a plurality of department permission keys according to the distribution encryption instruction to obtain a plurality of encrypted fragment data.
Compared with the prior art, the application has the beneficial effects that:
according to the embodiment of the application, the target data authority is determined by receiving the target processing data; dividing the target processing data into a plurality of target fragment data; performing fragment distribution analysis to generate fragment distribution results; encrypting through a plurality of corresponding department authority keys to obtain a plurality of encrypted fragment data; and fusing the plurality of encrypted fragment data, and performing data general encryption to generate target encrypted data. The method and the device can determine the target data authority of target processing data, divide a plurality of target fragment data, perform fragment distribution and corresponding department authority key encryption to obtain a plurality of encrypted fragment data, and then perform fusion processing and general encryption to generate target encrypted data, so that fragment department authority encryption and general encryption can be performed on the data, external personnel can be prevented from stealing enterprise data, and personnel can be prevented from stealing internal data and revealing the internal data.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the following description will briefly introduce the drawings that are needed in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are only some embodiments of the present application.
Fig. 1 shows a flowchart of a method provided by an embodiment of the present application.
Fig. 2 shows a flowchart of determining a target data right in the method according to the embodiment of the present application.
Fig. 3 shows a flowchart of target processing data partitioning in the method according to the embodiment of the present application.
Fig. 4 shows a flowchart of a fragment allocation analysis performed in the method according to the embodiment of the present application.
Fig. 5 shows a flowchart of encrypting a department right key in the method provided by the embodiment of the application.
Fig. 6 shows a flowchart of data general encryption in the method provided by the embodiment of the application.
Fig. 7 shows an application architecture diagram of a system provided by an embodiment of the present application.
Fig. 8 shows a block diagram of a data authority analysis unit in the system according to an embodiment of the present application.
Fig. 9 is a block diagram illustrating a structure of a data dividing processing unit in the system according to an embodiment of the present application.
Fig. 10 is a block diagram showing a structure of a fragment data encryption unit in the system according to the embodiment of the present application.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
It will be appreciated that various data may be generated during the operation of the enterprise, and how to secure such data is particularly important for enterprise security. In the prior art, data encryption is usually carried out only by utilizing a general key in an enterprise, and although the enterprise data can be prevented from being stolen by external personnel to a certain extent, the internal data cannot be prevented from being stolen and the internal data cannot be prevented from being leaked by the staff.
In order to solve the above problems, the embodiment of the present application determines the target data authority by receiving the target processing data; dividing the target processing data into a plurality of target fragment data; performing fragment distribution analysis to generate fragment distribution results; encrypting through a plurality of corresponding department authority keys to obtain a plurality of encrypted fragment data; and fusing the plurality of encrypted fragment data, and performing data general encryption to generate target encrypted data. The method and the device can determine the target data authority of target processing data, divide a plurality of target fragment data, perform fragment distribution and corresponding department authority key encryption to obtain a plurality of encrypted fragment data, and then perform fusion processing and general encryption to generate target encrypted data, so that fragment department authority encryption and general encryption can be performed on the data, external personnel can be prevented from stealing enterprise data, and personnel can be prevented from stealing internal data and revealing the internal data.
Fig. 1 shows a flowchart of a method provided by an embodiment of the present application.
Specifically, a data encryption method specifically comprises the following steps:
step S100, receiving target processing data, performing authority analysis, and determining target data authority.
In the embodiment of the application, when data encryption is required, a data encryption task is automatically created, target processing data to be encrypted is received, the target data type of the target processing data is obtained by carrying out type analysis on the target processing data, the source address of the target processing data is obtained, corresponding weighting coefficients are matched according to the target data type and the source address of the target processing data, the weighting coefficients corresponding to the target data type and the source address are synthesized, the comprehensive coefficients of the target processing data are obtained, and the target data authority of the target processing data is matched in a preset coefficient authority corresponding table according to the comprehensive coefficients.
Specifically, fig. 2 shows a flowchart of determining a target data right in the method provided by the embodiment of the application.
In the preferred embodiment of the present application, the receiving the target processing data, performing authority analysis, and determining the target data authority specifically includes the following steps:
step S101, receiving target processing data to be encrypted.
And step S102, performing type analysis on the target processing data to acquire a target data type.
Step S103, acquiring a source address of the target processing data.
And step S104, integrating the target data type and the source address to determine the target data authority.
Further, the data encryption method further comprises the following steps:
step S200, determining the dividing number according to the target data authority, and dividing the target processing data into a plurality of target fragment data according to the dividing number.
In the embodiment of the application, the corresponding division number is determined according to the target data authority, wherein the higher the target data authority is, the more the division number is; the lower the target data authority is, the less the dividing number is, the dividing and pre-analyzing are carried out on the target processing data according to the dividing number, the dividing boundary of the target processing data is determined, and then the dividing processing is carried out on the target processing data according to the dividing boundary, so that a plurality of target fragment data are obtained. For example: when the target processing data is the image data of the PCB, the dividing boundary of the corresponding PCB image can be determined, the PCB image is divided into a plurality of PCB plate segment images, wherein the dividing boundary needs to ensure that the PCB image is divided completely, and the data cannot be cracked.
Specifically, fig. 3 shows a flowchart of target processing data division in the method provided by the embodiment of the application.
In a preferred embodiment of the present application, the determining the dividing number according to the target data authority, and dividing the target processing data into a plurality of target fragment data according to the dividing number specifically includes the following steps:
step S201, determining the dividing number according to the target data authority.
Step S202, determining a division boundary according to the division number.
And step S203, dividing the target processing data into a plurality of target fragment data according to the dividing boundary.
Further, the data encryption method further comprises the following steps:
and step S300, performing fragment distribution analysis according to the target data authority to generate a fragment distribution result.
In the embodiment of the application, a plurality of corresponding authority responsibility departments are determined according to the authority of the target data, the authority importance indexes of the authority responsibility departments are acquired according to the preset authority index information of the departments, the authority responsibility departments are arranged according to the size of the authority importance indexes to generate department arrangement information, meanwhile, the target fragment data can be divided and arranged from large to small according to the size of the target fragment data to generate fragment arrangement information, and the target fragment data are arranged and distributed according to the corresponding relation between the department arrangement information and the fragment arrangement information to generate a fragment distribution result.
Specifically, fig. 4 shows a flowchart of a fragment allocation analysis performed in the method provided by the embodiment of the present application.
In the preferred embodiment of the present application, the step of performing a segment allocation analysis according to the target data authority, and the step of generating a segment allocation result specifically includes the following steps:
step S301, determining a plurality of authority responsibility departments according to the target data authority.
Step S302, performing authority arrangement on a plurality of authority responsibility departments to generate department arrangement information.
Step S303, dividing and arranging the plurality of target fragment data to generate fragment arrangement information.
Step S304, according to the department arrangement information and the fragment arrangement information, arranging and distributing the plurality of target fragment data to generate a fragment distribution result.
Further, the data encryption method further comprises the following steps:
and step S400, encrypting a plurality of target fragment data through a plurality of corresponding department authority keys according to the fragment distribution result to obtain a plurality of encrypted fragment data.
In the embodiment of the application, the corresponding division authority keys of a plurality of authority responsibility departments are obtained, the corresponding distribution encryption instruction is generated according to the fragment distribution result, the encryption corresponding relation between a plurality of target fragment data and the plurality of division authority keys is determined according to the distribution encryption instruction, and then the corresponding target fragment data is encrypted through the plurality of division authority keys according to the encryption corresponding relation, so that a plurality of encrypted fragment data are obtained.
Specifically, fig. 5 shows a flowchart of encrypting a department authority key in the method provided by the embodiment of the application.
In a preferred embodiment of the present application, according to the segment allocation result, encrypting the plurality of target segment data by a plurality of corresponding department authority keys to obtain a plurality of encrypted segment data specifically includes the following steps:
step S401, obtaining department authority keys corresponding to a plurality of authority responsibility departments.
Step S402, generating an encryption allocation instruction according to the fragment allocation result.
Step S403, according to the encryption allocation instruction, encrypting the corresponding target fragment data by using a plurality of department authority keys to obtain a plurality of encrypted fragment data.
Further, the data encryption method further comprises the following steps:
and S500, merging the plurality of encrypted fragment data, and performing data general encryption to generate target encrypted data.
In the embodiment of the application, after encryption of a plurality of target fragment data is completed, according to the position relation of the plurality of target fragment data in target processing data, the plurality of encrypted fragment data are subjected to fusion processing to generate encrypted fusion data, a preset general encryption key is acquired, a general encryption instruction is generated, and then the encrypted fusion data is subjected to data general encryption through the general encryption key according to the general encryption instruction, so that the target encryption data are generated.
Specifically, fig. 6 shows a flowchart of data general encryption in the method provided by the embodiment of the present application.
In a preferred embodiment of the present application, the merging processing of the encrypted fragment data and the general encryption of the data, the generating of the target encrypted data specifically includes the following steps:
step S501, merging the plurality of encrypted fragment data to generate encrypted merged data.
Step S502, a preset general encryption key is obtained.
Step S503, generating a general encryption instruction.
Step S504, according to the general encryption instruction, carrying out data general encryption on the encrypted fusion data through the general encryption key to generate target encrypted data.
Further, fig. 7 shows an application architecture diagram of the system provided by the embodiment of the present application.
In another preferred embodiment of the present application, a data encryption system specifically includes:
the data authority analysis unit 100 is configured to receive the target processing data, perform authority analysis, and determine the target data authority.
In the embodiment of the present application, when there is a data encryption requirement, the data authority analysis unit 100 automatically creates a data encryption task, receives target processing data to be encrypted, obtains a target data type of the target processing data by performing type analysis on the target processing data, obtains a source address of the target processing data, matches a corresponding weighting coefficient according to the target data type and the source address of the target processing data, synthesizes the weighting coefficient corresponding to the target data type and the source address, obtains a comprehensive coefficient of the target processing data, and matches the target data authority of the target processing data in a preset coefficient authority corresponding table according to the comprehensive coefficient.
Specifically, fig. 8 shows a block diagram of a data authority analysis unit 100 in the system according to an embodiment of the present application.
In a preferred embodiment of the present application, the data authority analysis unit 100 specifically includes:
the data receiving module 101 is configured to receive target processing data to be encrypted.
And the type analysis module 102 is used for carrying out type analysis on the target processing data to acquire a target data type.
A source address obtaining module 103, configured to obtain a source address of the target processing data.
And the permission determination module 104 is configured to integrate the target data type and the source address to determine a target data permission.
Further, the data encryption system further includes:
the data dividing processing unit 200 is configured to determine a dividing number according to the target data authority, and divide the target processing data into a plurality of target fragment data according to the dividing number.
In the embodiment of the present application, the data dividing processing unit 200 determines the corresponding dividing number according to the target data authority, wherein the higher the target data authority is, the more the dividing number is; the lower the target data authority is, the less the dividing number is, the dividing and pre-analyzing are carried out on the target processing data according to the dividing number, the dividing boundary of the target processing data is determined, and then the dividing processing is carried out on the target processing data according to the dividing boundary, so that a plurality of target fragment data are obtained. For example: when the target processing data is the image data of the PCB, the dividing boundary of the corresponding PCB image can be determined, the PCB image is divided into a plurality of PCB plate segment images, wherein the dividing boundary needs to ensure that the PCB image is divided completely, and the data cannot be cracked.
Specifically, fig. 9 shows a block diagram of a data dividing processing unit 200 in the system according to the embodiment of the present application.
In a preferred embodiment of the present application, the data dividing processing unit 200 specifically includes:
the number determining module 201 is configured to determine the number of divisions according to the target data authority.
The boundary determining module 202 is configured to determine a partition boundary according to the partition number.
And the segment dividing module 203 is configured to divide the target processing data into a plurality of target segment data according to the division boundary.
Further, the data encryption system further includes:
and the fragment distribution analysis unit 300 is used for performing fragment distribution analysis according to the target data authority to generate a fragment distribution result.
In the embodiment of the present application, the segment allocation analysis unit 300 determines a plurality of corresponding authority responsibility departments according to the authority of the target data, obtains the authority importance indexes of the plurality of authority responsibility departments according to the preset authority index information of the departments, performs authority arrangement on the plurality of authority responsibility departments according to the size of the authority importance indexes to generate the division arrangement information, and meanwhile, can divide and arrange the plurality of target segment data from large to small according to the size of the plurality of target segment data to generate the segment arrangement information, and performs arrangement allocation on the plurality of target segment data according to the correspondence between the division arrangement information and the segment arrangement information to generate the segment allocation result.
And the fragment data encryption unit 400 is configured to encrypt the plurality of target fragment data according to the fragment distribution result by using a plurality of corresponding department authority keys, so as to obtain a plurality of encrypted fragment data.
In the embodiment of the present application, the segment data encryption unit 400 obtains the department authority keys corresponding to the multiple authority responsible departments, generates the corresponding allocation encryption instruction according to the segment allocation result, determines the encryption correspondence between the multiple target segment data and the multiple department authority keys according to the allocation encryption instruction, and encrypts the corresponding target segment data according to the encryption correspondence through the multiple department authority keys to obtain multiple encrypted segment data.
Specifically, fig. 10 shows a block diagram of a fragment data encryption unit 400 in the system according to the embodiment of the present application.
In a preferred embodiment of the present application, the fragment data encryption unit 400 specifically includes:
the key obtaining module 401 is configured to obtain department authority keys corresponding to the authority responsibility departments.
The instruction generating module 402 is configured to generate an allocation encryption instruction according to the fragment allocation result.
And the permission encryption module 403 is configured to encrypt, according to the allocation encryption instruction, the corresponding target fragment data by using a plurality of department permission keys, so as to obtain a plurality of encrypted fragment data.
Further, the data encryption system further includes:
and the data general encryption unit 500 is configured to fuse the plurality of encrypted fragment data, perform data general encryption, and generate target encrypted data.
In the embodiment of the present application, after encrypting a plurality of target fragment data, the data general encryption unit 500 performs fusion processing on a plurality of encrypted fragment data according to the positional relationship of the plurality of target fragment data in the target processing data, generates encrypted fusion data, acquires a preset general encryption key, generates a general encryption instruction, and further performs data general encryption on the encrypted fusion data according to the general encryption instruction by using the general encryption key, thereby generating target encrypted data.
It should be understood that, although the steps in the flowcharts of the embodiments of the present application are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in various embodiments may include multiple sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor do the order in which the sub-steps or stages are performed necessarily performed in sequence, but may be performed alternately or alternately with at least a portion of the sub-steps or stages of other steps or other steps.
Those skilled in the art will appreciate that all or part of the processes in the methods of the above embodiments may be implemented by a computer program for instructing relevant hardware, where the program may be stored in a non-volatile computer readable storage medium, and where the program, when executed, may include processes in the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
The technical features of the above-described embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above-described embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.
The foregoing description of the preferred embodiments of the application is not intended to be limiting, but rather is intended to cover all modifications, equivalents, and alternatives falling within the spirit and principles of the application.
Claims (6)
1. A data encryption method, characterized in that the method comprises the following steps:
receiving target processing data, performing authority analysis, and determining target data authority;
determining a dividing number according to the target data authority, and dividing the target processing data into a plurality of target fragment data according to the dividing number;
according to the target data authority, performing fragment distribution analysis to generate a fragment distribution result;
encrypting a plurality of target fragment data through a plurality of corresponding department authority keys according to the fragment distribution result to obtain a plurality of encrypted fragment data;
the encrypted fragment data are subjected to fusion processing, and data general encryption is carried out to generate target encrypted data;
the receiving of the target processing data, the permission analysis, and the determination of the target data permission specifically comprise the following steps:
receiving target processing data to be encrypted;
performing type analysis on the target processing data to acquire a target data type;
acquiring a source address of the target processing data;
synthesizing the target data type and the source address to determine target data authority;
the method specifically comprises the following steps of:
determining the dividing number according to the target data authority;
determining a dividing boundary according to the dividing number;
and dividing the target processing data into a plurality of target fragment data according to the dividing boundary.
2. The data encryption method according to claim 1, wherein the step of performing a segment allocation analysis according to the target data authority to generate a segment allocation result specifically includes the steps of:
determining a plurality of authority responsibility departments according to the target data authority;
performing authority arrangement on a plurality of authority responsibility departments to generate department arrangement information;
dividing and arranging a plurality of target fragment data to generate fragment arrangement information;
and according to the department arrangement information and the fragment arrangement information, arranging and distributing the target fragment data to generate a fragment distribution result.
3. The data encryption method according to claim 2, wherein encrypting the plurality of target fragment data by a plurality of corresponding department authority keys according to the fragment distribution result to obtain a plurality of encrypted fragment data specifically comprises the steps of:
acquiring department authority keys corresponding to a plurality of authority responsibility departments;
generating an encryption allocation instruction according to the fragment allocation result;
and encrypting the corresponding target fragment data through a plurality of department authority keys according to the encryption distribution instruction to obtain a plurality of encrypted fragment data.
4. The data encryption method according to claim 1, wherein the merging processing of the plurality of encrypted piece data and performing data general encryption, generating the target encrypted data specifically includes the steps of:
fusing the plurality of encrypted fragment data to generate encrypted fused data;
acquiring a preset universal encryption key;
generating a general encryption instruction;
and carrying out data general encryption on the encrypted fusion data through the general encryption key according to the general encryption instruction to generate target encrypted data.
5. A data encryption system, comprising a data authority analysis unit, a data division processing unit, a fragment distribution analysis unit, a fragment data encryption unit, and a data general encryption unit, wherein:
the data authority analysis unit is used for receiving the target processing data, performing authority analysis and determining the target data authority;
the data dividing processing unit is used for determining dividing quantity according to the target data authority and dividing the target processing data into a plurality of target fragment data according to the dividing quantity;
the fragment distribution analysis unit is used for carrying out fragment distribution analysis according to the target data authority to generate a fragment distribution result;
the fragment data encryption unit is used for encrypting a plurality of target fragment data through a plurality of corresponding department authority keys according to the fragment distribution result to obtain a plurality of encrypted fragment data;
the data general encryption unit is used for fusing the plurality of encrypted fragment data and carrying out general encryption on the data to generate target encrypted data;
the data authority analysis unit specifically comprises:
the data receiving module is used for receiving target processing data to be encrypted;
the type analysis module is used for carrying out type analysis on the target processing data to acquire a target data type;
the source address acquisition module is used for acquiring a source address of the target processing data;
the permission determining module is used for integrating the target data type and the source address and determining target data permission;
the data dividing and processing unit specifically comprises:
the quantity determining module is used for determining the dividing quantity according to the target data authority;
the boundary determining module is used for determining a dividing boundary according to the dividing quantity;
and the segment dividing module is used for dividing the target processing data into a plurality of target segment data according to the dividing boundary.
6. The data encryption system according to claim 5, wherein the fragment data encryption unit specifically includes:
the key acquisition module is used for acquiring department authority keys corresponding to a plurality of authority responsibility departments;
the instruction generation module is used for generating an encryption distribution instruction according to the fragment distribution result;
and the permission encryption module is used for encrypting the corresponding target fragment data through a plurality of department permission keys according to the distribution encryption instruction to obtain a plurality of encrypted fragment data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310889709.0A CN116633542B (en) | 2023-07-20 | 2023-07-20 | Data encryption method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310889709.0A CN116633542B (en) | 2023-07-20 | 2023-07-20 | Data encryption method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116633542A CN116633542A (en) | 2023-08-22 |
| CN116633542B true CN116633542B (en) | 2023-10-27 |
Family
ID=87597563
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310889709.0A Active CN116633542B (en) | 2023-07-20 | 2023-07-20 | Data encryption method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116633542B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102160355A (en) * | 2008-07-24 | 2011-08-17 | 耶德托公司 | Peer-to-peer content distribution |
| CN103248474A (en) * | 2012-02-01 | 2013-08-14 | 华为技术有限公司 | Encryption and decryption method and device for streaming media |
| CN108683747A (en) * | 2018-06-11 | 2018-10-19 | 华为技术有限公司 | Resource acquisition, distribution, method for down loading, device, equipment and storage medium |
| CN113039746A (en) * | 2018-06-29 | 2021-06-25 | 云实体公司 | Data stream identity |
| CN114640517A (en) * | 2022-03-11 | 2022-06-17 | 上海天擎天拓信息技术股份有限公司 | Key authorization use method and system |
| CN115473722A (en) * | 2022-09-07 | 2022-12-13 | 湖北亿纬动力有限公司 | Data encryption method and device, electronic equipment and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113762971A (en) * | 2021-05-17 | 2021-12-07 | 腾讯科技(深圳)有限公司 | Data encryption method and device, computer equipment and storage medium |
-
2023
- 2023-07-20 CN CN202310889709.0A patent/CN116633542B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102160355A (en) * | 2008-07-24 | 2011-08-17 | 耶德托公司 | Peer-to-peer content distribution |
| CN103248474A (en) * | 2012-02-01 | 2013-08-14 | 华为技术有限公司 | Encryption and decryption method and device for streaming media |
| CN108683747A (en) * | 2018-06-11 | 2018-10-19 | 华为技术有限公司 | Resource acquisition, distribution, method for down loading, device, equipment and storage medium |
| CN113039746A (en) * | 2018-06-29 | 2021-06-25 | 云实体公司 | Data stream identity |
| CN114640517A (en) * | 2022-03-11 | 2022-06-17 | 上海天擎天拓信息技术股份有限公司 | Key authorization use method and system |
| CN115473722A (en) * | 2022-09-07 | 2022-12-13 | 湖北亿纬动力有限公司 | Data encryption method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116633542A (en) | 2023-08-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11038689B2 (en) | Efficient block chain generation | |
| CN110457945B (en) | List query method, query party device, service party device and storage medium | |
| US20080025503A1 (en) | Security method using self-generated encryption key, and security apparatus using the same | |
| CN112632581A (en) | User data processing method and device, computer equipment and storage medium | |
| CN112507365B (en) | Data matching method, terminal and storage medium | |
| CN112953974B (en) | Data collision method, device, equipment and computer readable storage medium | |
| CN111404892B (en) | Data supervision method and device and server | |
| CN110912892B (en) | Certificate management method and device, electronic equipment and storage medium | |
| CN110011959B (en) | Data storage method, data query method and system | |
| CN110942382A (en) | Electronic contract generating method and device, computer equipment and storage medium | |
| CN104281415A (en) | Data processing method and device for air conditioner | |
| CN116633542B (en) | Data encryption method and system | |
| CN111917711A (en) | Data access method and device, computer equipment and storage medium | |
| CN111666558A (en) | Key alternation method, key alternation device, computer equipment and storage medium | |
| CN114124469B (en) | Data processing method, device and equipment | |
| CN107124261B (en) | Method and device for protecting program code security based on homomorphic encryption algorithm | |
| CN113434890B (en) | Data query method and system and readable storage medium | |
| CN114448999A (en) | Data storage method, device, system, electronic device and storage medium | |
| CN111385266B (en) | Data sharing method and device, computer equipment and storage medium | |
| CN108933950B (en) | Terminal identification determining method and device, computer equipment and storage medium | |
| CN115396241B (en) | Data encryption method and data encryption system | |
| US20030200449A1 (en) | Method of accessing a shared subroutine of computer system | |
| CN114221791B (en) | Data processing method, device, equipment and storage medium | |
| US20190068357A1 (en) | Floating point cohort based encryption | |
| CN114338152B (en) | Data processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |