CN116743470A - Service data encryption processing method and device - Google Patents

Service data encryption processing method and device Download PDF

Info

Publication number
CN116743470A
CN116743470A CN202310764698.3A CN202310764698A CN116743470A CN 116743470 A CN116743470 A CN 116743470A CN 202310764698 A CN202310764698 A CN 202310764698A CN 116743470 A CN116743470 A CN 116743470A
Authority
CN
China
Prior art keywords
service data
login password
encryption
verification
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310764698.3A
Other languages
Chinese (zh)
Inventor
张中华
张海滨
安雷军
曾逸城
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
CCB Finetech Co Ltd
Original Assignee
China Construction Bank Corp
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp, CCB Finetech Co Ltd filed Critical China Construction Bank Corp
Priority to CN202310764698.3A priority Critical patent/CN116743470A/en
Publication of CN116743470A publication Critical patent/CN116743470A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

The application provides a business data encryption processing method and a device, which relate to the technical field of data processing, and the method comprises the following steps: acquiring service data; inputting the service data into an encryption grade analysis model, and outputting the encryption grade of the service data; the encryption grade analysis model is obtained by training a machine learning model according to the historical service data and the corresponding historical encryption grade; requesting a back-end server to generate a secret key according to the encryption grade of the service data; requesting a public key from a backend server; receiving a login password input by a user; setting check protection for the service data by using the login password, and encrypting the login password by using the public key; the service data and the encrypted login password are sent to a back-end server, so that the back-end server can decrypt the login password by using a private key, and if decryption is successful, the login password is checked; and if the login password passes verification, processing the service data.

Description

Service data encryption processing method and device
Technical Field
The present application relates to the field of data processing technologies, and in particular, to a method and an apparatus for encrypting service data.
Background
This section is intended to provide a background or context to the embodiments of the application that are recited in the claims. The description herein is not admitted to be prior art by inclusion in this section.
During network transmission and storage, traffic data may be stolen, tampered with or destroyed by hackers, viruses or other malicious attackers, which can lead to serious security risks and economic losses if the traffic data information contains sensitive personal or confidential traffic information; taking bank remittance service data as an example, personal or company information of both remittance parties and transfer amount are included, if the remittance service data is stolen by a malicious attacker, economic loss can be caused to both remittance parties, and the personal or company information of both remittance parties can be revealed, so that safety risks are caused; in the prior art, a login password is generally adopted to verify and protect service data, but for an http protocol, the login password is easily intercepted maliciously due to plaintext transmission, so that the security of the service data is poor. Therefore, the security of the service data transmission needs to be effectively protected by encrypting the service data, however, the existing service data encryption method needs to consume a large amount of computing resources, resulting in low service data processing efficiency.
Disclosure of Invention
The embodiment of the application provides a service data encryption processing method, which is used for improving the security of service data transmission, improving encryption and decryption efficiency, saving computing resources and improving data processing efficiency, and comprises the following steps:
acquiring service data;
inputting the service data into an encryption grade analysis model, and outputting the encryption grade of the service data; the encryption grade analysis model is obtained by training a machine learning model according to the historical service data and the corresponding historical encryption grade;
requesting a back-end server to generate a secret key according to the encryption grade of the service data; the keys comprise a public key and a private key, and each encryption level corresponds to keys with different lengths;
requesting a public key from a backend server;
receiving a login password input by a user;
setting check protection for the service data by using the login password, and encrypting the login password by using the public key;
the service data and the encrypted login password are sent to a back-end server, so that the back-end server can decrypt the login password by using a private key, and if decryption is successful, the login password is checked;
and if the login password passes verification, processing the service data.
The embodiment of the application provides a service data encryption processing device, which is used for improving the security of service data transmission, improving encryption and decryption efficiency, saving computing resources and improving data processing efficiency, and comprises the following steps:
the data acquisition module is used for acquiring service data;
the grade determining module is used for inputting the service data into the encryption grade analysis model and outputting the encryption grade of the service data; the encryption grade analysis model is obtained by training a machine learning model according to the historical service data and the corresponding historical encryption grade;
the key generation module is used for requesting the back-end server to generate a key according to the encryption grade of the service data; the keys comprise a public key and a private key, and each encryption level corresponds to keys with different lengths;
the public key request module is used for requesting a public key from the back-end server;
the password receiving module is used for receiving a login password input by a user;
the data encryption module is used for setting check protection for the business data by using the login password and encrypting the login password by using the public key;
the data decryption module is used for sending the service data and the encrypted login password to the back-end server so that the back-end server can decrypt the login password by using the private key, and if the decryption is successful, the login password is checked;
and the data processing module is used for processing the service data if the login password passes verification.
The embodiment of the application provides a computer device which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes a business data encryption processing method when executing the computer program.
In an embodiment of the present application, a computer-readable storage medium is provided, in which a computer program is stored, which when executed by a processor, implements a service data encryption processing method.
In an embodiment of the application, a computer program product is provided, which comprises a computer program, and the computer program realizes a service data encryption processing method when being executed by a processor.
The embodiment of the application can solve the problems of poor safety of service data transmission, high consumption of computing resources and low service data processing efficiency in the prior art; the embodiment of the application obtains the service data; inputting the service data into an encryption grade analysis model, and outputting the encryption grade of the service data; the encryption grade analysis model is obtained by training a machine learning model according to the historical service data and the corresponding historical encryption grade; requesting a back-end server to generate a secret key according to the encryption grade of the service data; the keys comprise a public key and a private key, and each encryption level corresponds to keys with different lengths; requesting a public key from a backend server; receiving a login password input by a user; setting check protection for the service data by using the login password, and encrypting the login password by using the public key; the service data and the encrypted login password are sent to a back-end server, so that the back-end server can decrypt the login password by using a private key, and if decryption is successful, the login password is checked; and if the login password passes verification, processing the service data. According to the embodiment of the application, the login password is used for setting verification protection on the service data, and the public key is used for encrypting the login password, so that the security of service data transmission is improved; the encryption and decryption efficiency can be improved by setting the keys with different lengths for the service data with different encryption levels, the computing resources are saved, and the service data processing efficiency is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a business data encryption processing method in an embodiment of the application;
FIG. 2 is a diagram showing a specific example of a service data encryption processing method according to an embodiment of the present application;
FIG. 3 is a diagram showing a specific example of a service data encryption processing method according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a service data encryption processing device according to an embodiment of the present application;
FIG. 5 is a diagram showing a specific example of a service data encryption processing apparatus according to an embodiment of the present application;
FIG. 6 is a schematic diagram of a computer device in an embodiment of the application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the embodiments of the present application will be described in further detail with reference to the accompanying drawings. The exemplary embodiments of the present application and their descriptions herein are for the purpose of explaining the present application, but are not to be construed as limiting the application.
The term "and/or" is used herein to describe only one relationship, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist together, and B exists alone. In addition, the term "at least one" herein means any one of a plurality or any combination of at least two of a plurality, for example, including at least one of A, B, C, and may mean including any one or more elements selected from the group consisting of A, B and C.
In the description of the present specification, the terms "comprising," "including," "having," "containing," and the like are open-ended terms, meaning including, but not limited to. The description of the reference terms "one embodiment," "a particular embodiment," "some embodiments," "for example," etc., means that a particular feature, structure, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. The order of steps involved in the embodiments is illustrative of the practice of the application, and is not limited and may be suitably modified as desired.
The principles and spirit of the present application are explained in detail below with reference to several representative embodiments thereof.
Fig. 1 is a flow chart of a service data encryption processing method according to an embodiment of the present application. As shown in fig. 1, the method includes:
step 101, obtaining service data;
102, inputting the service data into an encryption grade analysis model, and outputting the encryption grade of the service data; the encryption grade analysis model is obtained by training a machine learning model according to the historical service data and the corresponding historical encryption grade;
step 103, requesting the back-end server to generate a secret key according to the encryption grade of the service data; the keys comprise a public key and a private key, and each encryption level corresponds to keys with different lengths;
step 104, requesting the public key from the back-end server;
step 105, receiving a login password input by a user;
step 106, setting check protection for the business data by using the login password, and encrypting the login password by using the public key;
step 107, the service data and the encrypted login password are sent to the back-end server, so that the back-end server can decrypt the login password by using the private key, and if decryption is successful, the login password is checked;
and step 108, if the login password passes verification, processing the service data.
As can be seen from the flow shown in fig. 1, the embodiment of the present application obtains service data; inputting the service data into an encryption grade analysis model, and outputting the encryption grade of the service data; the encryption grade analysis model is obtained by training a machine learning model according to the historical service data and the corresponding historical encryption grade; requesting a back-end server to generate a secret key according to the encryption grade of the service data; the keys comprise a public key and a private key, and each encryption level corresponds to keys with different lengths; requesting a public key from a backend server; receiving a login password input by a user; setting check protection for the service data by using the login password, and encrypting the login password by using the public key; the service data and the encrypted login password are sent to a back-end server, so that the back-end server can decrypt the login password by using a private key, and if decryption is successful, the login password is checked; and if the login password passes verification, processing the service data. According to the embodiment of the application, the login password is used for setting verification protection on the service data, and the public key is used for encrypting the login password, so that the security of service data transmission is improved; the encryption and decryption efficiency can be improved by setting the keys with different lengths for the service data with different encryption levels, the computing resources are saved, and the service data processing efficiency is improved.
In order to more clearly explain the above-mentioned service data encryption processing method, each step is described in detail below.
In an embodiment of the application, after obtaining the service data, inputting the service data into an encryption grade analysis model, and outputting the encryption grade of the service data; the encryption grade analysis model is obtained by training the machine learning model according to the historical encryption grade corresponding to the historical service data.
In specific implementation, for step 102, the encryption levels of the service data may be classified into three classes, namely class a, class B and class C; wherein, the A level indicates that the encryption level of the service data is highest, and the A level service data needs to be encrypted at the highest level; the C level represents the lowest encryption level of the service data, and the minimum encryption level of the C level service data can meet the requirement; the encryption strength of the B level is between the A level and the C level; and training the machine learning model according to the historical service data and the three encryption levels of A level, B level and C level corresponding to the historical service data to obtain an encryption level analysis model. Specifically, the machine learning model comprises an RNN neural network and a Softmax classifier, the RNN neural network is adopted to extract the characteristics of the service data, and the extracted characteristic data Softmax classifier of the service data is adopted to obtain the encryption grade of the service data.
In one embodiment of the present application, for step 103, a key is generated at the backend server according to the encryption level of the service data; the keys comprise a public key and a private key, and each encryption level corresponds to keys with different lengths.
In the implementation, the key is generated at the back-end server according to the encryption level of the service data, and each encryption level corresponds to keys with different lengths. For example: the encryption grade of the service data is A grade, and a 2048-bit secret key is generated at a back-end server; the encryption grade of the service data is B grade, and a 1024-bit secret key is generated at a back-end server; the encryption grade of the service data is C grade, and a 512-bit secret key is generated at a back-end server; wherein the longer the length the higher the security of the key, the longer the time required for encryption and decryption, whereas the shorter the length the lower the security of the key, the more easily broken, but the shorter the time required for encryption and decryption. The service data is divided into different encryption grades according to the importance of the service data, keys with different lengths are generated at the back-end server, the service data with different encryption grades are encrypted by adopting keys with different intensities, the service data can be effectively encrypted, and the computing resources for encryption and decryption are saved. Specifically, according to different encryption levels of service data, the OpenSSL (open secure socket layer protocol) is utilized to generate keys with different lengths, and the keys are stored in a back-end server folder.
In an embodiment of the present application, before the setting of the verification protection on the service data by using the login password, the method further includes: the picture verification code and the picture verification code number are requested to a back-end server, and the picture verification code is displayed to a user; and receiving verification characters input by the user according to the picture verification code. The embodiment of the application utilizes the characteristics of the public key in the asymmetric encryption, avoids the problem of distribution of the secret key in the encryption process, and does not need to adopt a preset secret key to encrypt and protect the public key because the asymmetric encryption public key allows plaintext transmission in a network; among them, the asymmetric encryption algorithm is an encryption algorithm that uses different keys for encryption and decryption.
In the implementation, the public key, the picture verification code and the picture verification code number are requested from the back-end server, and the public key, the picture verification code and the picture verification code number are returned to the client. The embodiment of the application solves the replay prevention problem of the login process under the non-secure protocol, ensures the uniqueness of the data message processed in each login process by utilizing the characteristic that the picture verification code is discarded after being used, and prevents the illegal authorization problem caused by the replay attack on the message when a malicious user intercepts the related transaction message; wherein the non-secure protocol is any data transmission protocol that transmits data in plain text form; the replay attack sends a packet received by a target host to an attacker so as to achieve the aim of spoofing the system; the picture verification code is a series of random numbers and symbols generated according to a certain random number generation algorithm, and a plurality of interference pixels are added to finally generate a picture which needs to be identified manually.
In one embodiment of the application, a login password and a verification character entered by a user are received. Specifically, a user inputs a login password and a verification character at a client; the login password is used as an important credential of a user, the login password is not allowed to be transmitted in a clear text in a network link according to the principle of security design, but the intranet systems of most enterprises are isolated from the outside due to the fact that the operation environment is high in default security level, so that the intranet systems are allowed to be used for opening services in an http protocol, the http protocol is used for transmitting clear text, encryption protection is not carried out on transmission service data, the risk that the login password is intercepted by a malicious user (network sniffing or network middleware recording) exists, and therefore an asymmetric algorithm is needed to encrypt the login password, and the malicious user is prevented from further acquiring service data by acquiring the login password.
Fig. 2 is a diagram showing a specific example of a service data encryption processing method according to an embodiment of the present application. For step 106, referring to fig. 2, the detailed flow of setting check protection on the service data by using the login password and encrypting the login password by using the public key is as follows:
step 201, splicing a login password, a verification character and a picture verification code number input by a user to obtain a verification character string;
and 202, setting check protection for the service data by using the check character string, and encrypting the check character string by using the public key.
In the specific implementation, the login password, the verification character and the picture verification code number input by the user are spliced to obtain a verification character string; and setting check protection for the service data by using the check character string, and encrypting the check character string by using the public key. The embodiment of the application solves the problem of protecting the login password under the unsafe protocol, realizes the encryption protection of the login password by using an asymmetric encryption algorithm, ensures the confidentiality of service data even if a third party intercepts a message, and ensures that only a holder of a private key can unlock the plaintext of the service data by utilizing the asymmetric encryption principle. The embodiment of the application also solves the problem of anti-riot cracking of the login password, under the condition of the prior art, the characteristic of low success rate of identifying the picture verification code by a machine is utilized, the login password is encrypted and protected, and malicious users are prevented from violently cracking the login password through means such as traversal, guessing and the like by an automatic means.
In an embodiment of the present application, sending service data and an encrypted login password to a back-end server for the back-end server to decrypt the login password by using a private key, and if decryption is successful, verifying the login password includes:
the service data and the encrypted check character string are sent to a back-end server, the private key is utilized to decrypt the check character string, and if decryption is successful, the login password, the verification character and the picture verification code number are verified; if the decryption fails, sending a message which cannot be processed by the service data to the client.
In an embodiment of the present application, if the login password passes the verification, processing the service data includes:
if the login password, the verification character and the picture verification code number pass verification, processing the service data, and returning a processing result of the service data to the client; if the login password, the verification character and the picture verification code number fail to verify, sending a message which cannot be processed by the service data to the client.
In the specific implementation, the service data and the encrypted check character string are sent to a back-end server, the back-end server decrypts the check character string by using a private key, and if decryption is successful, the login password and the verification character are checked; if the decryption fails, sending a message which cannot be processed by the service data to the client; and checking the verification character according to the picture verification code number, checking the login password at the same time, and if the login password and the verification character pass the verification, processing the service data and returning a processing result of the service data to the client.
Fig. 3 is a diagram illustrating a specific example of a service data encryption processing method according to an embodiment of the present application.
In an embodiment of the present application, referring to fig. 3, a user requests a public key Pu from a back-end server at a client, the back-end server returns the public key Pu to the client, the user requests a picture verification code from the back-end server at the client, and the back-end server numbers the picture verification code and the picture verification code with codeID; at the client, the user inputs a login password passwd and a verification character code, the login password passwd, the verification character code and a picture verification code number codeID are spliced to obtain a verification character string Dc, then the verification character string Dc is encrypted by using a public key Pu to obtain an encrypted verification character string De, the De and service data are sent to a back-end server, the back-end server decrypts the encrypted verification character string De by using a private key Pr to obtain the verification character string Dc, then the verification character code and the login password passwd are verified according to the picture verification code number codeID, if verification is passed, the service data are processed at the back-end server, and the processing result is returned to the client.
It should be noted that although the operations of the method of the present application are described in a particular order in the above embodiments and the accompanying drawings, this does not require or imply that the operations must be performed in the particular order or that all of the illustrated operations be performed in order to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform.
The implementation of the data encryption processing device can be referred to the implementation of the method, and the repetition is not repeated. The term "module" or "unit" as used below may be a combination of software and/or hardware that implements the intended function. While the means described in the following embodiments are preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
Based on the same inventive concept, the application also provides a service data encryption processing device, as shown in fig. 4, comprising:
a data acquisition module 401, configured to acquire service data;
the level determining module 402 is configured to input the service data into the encryption level analysis model, and output an encryption level of the service data; the encryption grade analysis model is obtained by training a machine learning model according to the historical service data and the corresponding historical encryption grade;
a key generation module 403, configured to request, according to the encryption level of the service data, the backend server to generate a key; the keys comprise a public key and a private key, and each encryption level corresponds to keys with different lengths;
a public key request module 404, configured to request a public key from a backend server;
a password receiving module 405, configured to receive a login password input by a user;
the data encryption module 406 is configured to set a check protection for the service data by using the login password, and encrypt the login password by using the public key;
the data decryption module 407 is configured to send the service data and the encrypted login password to the back-end server, so that the back-end server decrypts the login password by using the private key, and if decryption is successful, verifies the login password;
the data processing module 408 is configured to process the service data if the login password passes the verification.
Fig. 5 is a diagram showing a specific example of a service data encryption processing apparatus according to an embodiment of the present application. As shown in fig. 5, in an embodiment of the present application, the service data encryption processing apparatus shown in fig. 4 further includes:
the picture verification code request module 501 is configured to request a picture verification code and a picture verification code number from a back-end server, and display the picture verification code to a user;
the verification character receiving module 502 is configured to receive a verification character input by a user according to the picture verification code;
the data encryption module 406 is specifically configured to:
splicing the login password, the verification character and the picture verification code number input by the user to obtain a verification character string;
setting check protection for the service data by using the check character string, and encrypting the check character string by using the public key;
the data decryption module 407 is specifically configured to:
the service data and the encrypted check character string are sent to a back-end server, the private key is utilized to decrypt the check character string, and if decryption is successful, the login password, the verification character and the picture verification code number are verified;
the data processing module 408 is specifically configured to:
and if the login password, the verification character and the picture verification code number pass verification, processing the service data, and returning a processing result of the service data to the client.
In an embodiment of the present application, the data decryption module 407 is further configured to:
if the decryption fails, sending a message which cannot be processed by the service data to the client.
In one embodiment of the present application, the data processing module 408 is further configured to:
if the login password, the verification character and the picture verification code number fail to verify, sending a message which cannot be processed by the service data to the client.
It should be noted that although several modules of the traffic data encryption processing apparatus are mentioned in the above detailed description, such a division is merely exemplary and not mandatory. Indeed, the features and functions of two or more modules described above may be embodied in one module in accordance with embodiments of the present application. Conversely, the features and functions of one module described above may be further divided into a plurality of modules to be embodied.
Based on the foregoing inventive concept, as shown in fig. 6, the present application further proposes a computer device 600, including a memory 601, a processor 602, and a computer program 603 stored in the memory 601 and executable on the processor 602, where the processor 602 implements the foregoing service data encryption processing method when executing the computer program 603.
Based on the foregoing inventive concept, the present application proposes a computer-readable storage medium storing a computer program which, when executed by a processor, implements the foregoing service data encryption processing method.
Based on the foregoing inventive concept, the present application proposes a computer program product comprising a computer program which, when executed by a processor, implements a traffic data encryption processing method.
The embodiment of the application can solve the problems of poor safety of service data transmission, high consumption of computing resources and low service data processing efficiency in the prior art; the embodiment of the application obtains the service data; inputting the service data into an encryption grade analysis model, and outputting the encryption grade of the service data; the encryption grade analysis model is obtained by training a machine learning model according to the historical service data and the corresponding historical encryption grade; requesting a back-end server to generate a secret key according to the encryption grade of the service data; the keys comprise a public key and a private key, and each encryption level corresponds to keys with different lengths; requesting a public key from a backend server; receiving a login password input by a user; setting check protection for the service data by using the login password, and encrypting the login password by using the public key; the service data and the encrypted login password are sent to a back-end server, so that the back-end server can decrypt the login password by using a private key, and if decryption is successful, the login password is checked; and if the login password passes verification, processing the service data. According to the embodiment of the application, the login password is used for setting verification protection on the service data, and the public key is used for encrypting the login password, so that the security of service data transmission is improved; the encryption and decryption efficiency can be improved by setting the keys with different lengths for the service data with different encryption levels, the computing resources are saved, and the service data processing efficiency is improved.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing description of the embodiments has been provided for the purpose of illustrating the general principles of the application, and is not meant to limit the scope of the application, but to limit the application to the particular embodiments, and any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the application are intended to be included within the scope of the application.

Claims (11)

1. A method for encrypting service data, comprising:
acquiring service data;
inputting the service data into an encryption grade analysis model, and outputting the encryption grade of the service data; the encryption grade analysis model is obtained by training a machine learning model according to the historical service data and the corresponding historical encryption grade;
requesting a back-end server to generate a secret key according to the encryption grade of the service data; the keys comprise a public key and a private key, and each encryption level corresponds to keys with different lengths;
requesting a public key from a backend server;
receiving a login password input by a user;
setting check protection for the service data by using the login password, and encrypting the login password by using the public key;
the service data and the encrypted login password are sent to a back-end server, so that the back-end server can decrypt the login password by using a private key, and if decryption is successful, the login password is checked;
and if the login password passes verification, processing the service data.
2. The method of claim 1, further comprising, prior to setting the check protection for the service data using the login password:
the picture verification code and the picture verification code number are requested to a back-end server, and the picture verification code is displayed to a user;
receiving verification characters input by a user according to the picture verification code;
setting check protection for the service data by using the login password, and encrypting the login password by using the public key comprises the following steps:
splicing the login password, the verification character and the picture verification code number input by the user to obtain a verification character string;
setting check protection for the service data by using the check character string, and encrypting the check character string by using the public key;
transmitting the service data and the encrypted login password to the back-end server for the back-end server to decrypt the login password by using the private key, and if the decryption is successful, checking the login password, including:
the service data and the encrypted check character string are sent to a back-end server, the private key is utilized to decrypt the check character string, and if decryption is successful, the login password, the verification character and the picture verification code number are verified;
if the login password passes the verification, processing the service data, including:
and if the login password, the verification character and the picture verification code number pass verification, processing the service data, and returning a processing result of the service data to the client.
3. The method of claim 2, wherein the service data and the encrypted check string are sent to a backend server, the check string is decrypted using a private key, and if the decrypting is successful, the login password, the validation character, and the picture validation code number are checked, further comprising:
if the decryption fails, sending a message which cannot be processed by the service data to the client.
4. The method of claim 2, wherein if the login password, the authentication character, and the picture authentication code number pass the verification, processing the service data, and returning a processing result of the service data to the client, further comprising:
if the login password, the verification character and the picture verification code number fail to verify, sending a message which cannot be processed by the service data to the client.
5. A data encryption processing apparatus, comprising:
the data acquisition module is used for acquiring service data;
the grade determining module is used for inputting the service data into the encryption grade analysis model and outputting the encryption grade of the service data; the encryption grade analysis model is obtained by training a machine learning model according to the historical service data and the corresponding historical encryption grade;
the key generation module is used for requesting the back-end server to generate a key according to the encryption grade of the service data; the keys comprise a public key and a private key, and each encryption level corresponds to keys with different lengths;
the public key request module is used for requesting a public key from the back-end server;
the password receiving module is used for receiving a login password input by a user;
the data encryption module is used for setting check protection for the business data by using the login password and encrypting the login password by using the public key;
the data decryption module is used for sending the service data and the encrypted login password to the back-end server so that the back-end server can decrypt the login password by using the private key, and if the decryption is successful, the login password is checked;
and the data processing module is used for processing the service data if the login password passes verification.
6. The apparatus as recited in claim 5, further comprising:
the picture verification code request module is used for requesting a picture verification code and a picture verification code number from the back-end server and displaying the picture verification code to a user;
the verification character receiving module is used for receiving verification characters input by a user according to the picture verification code;
the data encryption module is specifically used for:
splicing the login password, the verification character and the picture verification code number input by the user to obtain a verification character string;
setting check protection for the service data by using the check character string, and encrypting the check character string by using the public key;
the data decryption module is specifically used for:
the service data and the encrypted check character string are sent to a back-end server, the private key is utilized to decrypt the check character string, and if decryption is successful, the login password, the verification character and the picture verification code number are verified;
the data processing module is specifically used for:
and if the login password, the verification character and the picture verification code number pass verification, processing the service data, and returning a processing result of the service data to the client.
7. The apparatus of claim 6, wherein the data decryption module is further configured to:
if the decryption fails, sending a message which cannot be processed by the service data to the client.
8. The apparatus of claim 6, wherein the data processing module is further configured to:
if the login password, the verification character and the picture verification code number fail to verify, sending a message which cannot be processed by the service data to the client.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of claims 1 to 4 when executing the computer program.
10. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program which, when executed by a processor, implements the method of any of claims 1 to 4.
11. A computer program product, characterized in that it comprises a computer program which, when executed by a processor, implements the method of any of claims 1 to 4.
CN202310764698.3A 2023-06-27 2023-06-27 Service data encryption processing method and device Pending CN116743470A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310764698.3A CN116743470A (en) 2023-06-27 2023-06-27 Service data encryption processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310764698.3A CN116743470A (en) 2023-06-27 2023-06-27 Service data encryption processing method and device

Publications (1)

Publication Number Publication Date
CN116743470A true CN116743470A (en) 2023-09-12

Family

ID=87900929

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310764698.3A Pending CN116743470A (en) 2023-06-27 2023-06-27 Service data encryption processing method and device

Country Status (1)

Country Link
CN (1) CN116743470A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117220973A (en) * 2023-09-22 2023-12-12 淮北师范大学 Data security exchange method and system based on public key encryption

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117220973A (en) * 2023-09-22 2023-12-12 淮北师范大学 Data security exchange method and system based on public key encryption

Similar Documents

Publication Publication Date Title
CN109309565B (en) Security authentication method and device
KR100811419B1 (en) Countermeasure Against Denial-of-Service Attack in Authentication Protocols Using Public-Key Encryption
US9294281B2 (en) Utilization of a protected module to prevent offline dictionary attacks
US7231526B2 (en) System and method for validating a network session
US8185942B2 (en) Client-server opaque token passing apparatus and method
CN111740844A (en) SSL communication method and device based on hardware cryptographic algorithm
CN109361668A (en) A kind of data trusted transmission method
US20080276309A1 (en) System and Method for Securing Software Applications
CN103001976A (en) Safe network information transmission method
US20080022085A1 (en) Server-client computer network system for carrying out cryptographic operations, and method of carrying out cryptographic operations in such a computer network system
CN112671779B (en) DoH server-based domain name query method, device, equipment and medium
CN104243494B (en) A kind of data processing method
CN102164033A (en) Method, device and system for preventing services from being attacked
CN113806772A (en) Information encryption transmission method and device based on block chain
CN110505055B (en) External network access identity authentication method and system based on asymmetric key pool pair and key fob
CN108768613A (en) A kind of ciphertext password method of calibration based on multiple encryption algorithms
WO2018030289A1 (en) Ssl communication system, client, server, ssl communication method, and computer program
US8393001B1 (en) Secure signature server system and associated method
CN106657002A (en) Novel crash-proof base correlation time multi-password identity authentication method
CN111464532A (en) Information encryption method and system
CN116743470A (en) Service data encryption processing method and device
US20060053288A1 (en) Interface method and device for the on-line exchange of content data in a secure manner
CN110572392A (en) Identity authentication method based on HyperLegger network
CN110519222A (en) Outer net access identity authentication method and system based on disposable asymmetric key pair and key card
CN116633530A (en) Quantum key transmission method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination